manualshive.com logo in svg

SMC Networks 8708L2, Management Manual

The SMC Networks 8708L2 is a cutting-edge networking device that delivers seamless connectivity. To ensure an effortless installation process, make use of the comprehensive Installation Manual available for free download on our website. Gain full control and unleash the potential of your network with this exceptional product.

Share
Download
background image

U

SER

 A

UTHENTICATION

3-77

Remote Authentication 
Dial-in User Service 
(RADIUS) and Terminal 
Access Controller Access 
Control System Plus 
() are logon 
authentication protocols 
that use software running 
on a central server to 
control access to RADIUS-aware or TACACS- aware devices on the 
network. An authentication server contains a database of multiple user 
name/password pairs with associated privilege levels for each user that 
requires management access to the switch.

RADIUS uses UDP while  uses TCP. UDP only offers best 
effort delivery, while TCP offers a connection-oriented transport. Also, 
note that RADIUS encrypts only the password in the access-request 
packet from the client to the server, while  encrypts the entire 
body of the packet.

Command Usage

By default, management access is always checked against the 
authentication database stored on the local switch. If a remote 
authentication server is used, you must specify the authentication 
sequence and the corresponding parameters for the remote 
authentication protocol. Local and remote logon authentication 
control management access via the console port, web browser, or 
Telnet.

RADIUS and logon authentication assign a specific 
privilege level for each user name/password pair. The user name, 
password, and privilege level must be configured on the authentication 
server.

Web
Telnet

RADIUS/

server

console

1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.

Summary of Contents for 8708L2

Page 1: ...e Protocol RSTP and MSTP Up to 4 LACP or static 8 port trunks Layer 2 3 4 CoS support through eight priority queues Layer 3 4 traffic priority with IP Precedence and IP DSCP Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web SNMP RMON Management Guide SMC8708L2 ...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10G Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions May 2005 Pub 149100024300A ...

Page 4: ...ed by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any replaced or repaired product carries either a 30 day limited warranty or the remainder of the initial warranty whichever is longer SMC is not responsible for any custom software or firmware configuration information or memory data of Customer contained in stored on...

Page 6: ...SS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS SO THE ABOVE LI...

Page 7: ... 7 Enabling SNMP Management Access 2 9 Community Strings for SNMP version 1 and 2c clients 2 10 Trap Receivers 2 11 Configuring Access for SNMP Version 3 Clients 2 11 Saving Configuration Settings 2 12 Managing System Files 2 13 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 3 Home Page 3 3 Configuration Options 3 4 Panel Display 3 5 Main Menu 3 6 B...

Page 8: ...g the System Clock 3 47 Configuring SNTP 3 47 Setting the Time Zone 3 49 Simple Network Management Protocol 3 50 Enabling the SNMP Agent 3 53 Setting Community Access Strings 3 53 Specifying Trap Managers and Trap Types 3 55 Configuring SNMPv3 Management Access 3 58 Setting a Local Engine ID 3 59 Specifying a Remote Engine ID 3 60 Configuring SNMPv3 Users 3 61 Configuring Remote SNMPv3 Users 3 63 ...

Page 9: ...Configuring an IP ACL Mask 3 114 Configuring a MAC ACL Mask 3 117 Binding a Port to an Access Control List 3 119 Port Configuration 3 121 Displaying Connection Status 3 121 Configuring Interface Connections 3 125 Creating Trunk Groups 3 127 Statically Configuring a Trunk 3 128 Enabling LACP on Selected Ports 3 130 Configuring LACP Parameters 3 132 Displaying LACP Port Counters 3 135 Displaying LAC...

Page 10: ...g Static Members to VLANs VLAN Index 3 194 Adding Static Members to VLANs Port Index 3 196 Configuring VLAN Behavior for Interfaces 3 197 Configuring Private VLANs 3 200 Enabling Private VLANs 3 200 Configuring Uplink and Downlink Ports 3 201 Configuring Protocol Based VLANs 3 202 Configuring Protocol Groups 3 203 Mapping Protocols to VLANs 3 204 Class of Service Configuration 3 206 Layer 2 Queue ...

Page 11: ... DNS Service Parameters 3 231 Configuring Static DNS Host to Address Entries 3 234 Displaying the DNS Cache 3 236 4 Command Line Interface 4 1 Using the Command Line Interface 4 1 Accessing the CLI 4 1 Console Connection 4 1 Telnet Connection 4 2 Entering Commands 4 4 Keywords and Arguments 4 4 Minimum Abbreviation 4 4 Command Completion 4 5 Getting Help on Commands 4 5 Showing Commands 4 6 Partia...

Page 12: ...re 4 29 show history 4 29 reload 4 30 end 4 31 exit 4 31 quit 4 32 System Management Commands 4 33 Device Designation Commands 4 33 prompt 4 34 hostname 4 34 User Access Commands 4 35 username 4 36 enable password 4 37 IP Filter Commands 4 38 management 4 39 show management 4 40 Web Server Commands 4 41 ip http port 4 42 ip http server 4 42 ip http secure server 4 43 ip http secure port 4 44 Telne...

Page 13: ...57 Event Logging Commands 4 59 logging on 4 59 logging history 4 60 logging host 4 61 logging facility 4 62 logging trap 4 63 clear log 4 64 show logging 4 64 show log 4 66 SMTP Alert Commands 4 67 logging sendmail host 4 68 logging sendmail level 4 69 logging sendmail source email 4 69 logging sendmail destination email 4 70 logging sendmail 4 71 show logging sendmail 4 71 Time Commands 4 72 sntp...

Page 14: ...ce 4 94 authentication login 4 95 authentication enable 4 96 RADIUS Client 4 97 radius server host 4 98 radius server port 4 99 radius server key 4 99 radius server retransmit 4 100 radius server timeout 4 100 show radius server 4 101 TACACS Client 4 102 tacacs server host 4 102 tacacs server port 4 103 tacacs server key 4 103 show tacacs server 4 104 Port Security Commands 4 104 port security 4 1...

Page 15: ...4 126 access list ip mask precedence 4 126 mask IP ACL 4 128 show access list ip mask precedence 4 131 ip access group 4 132 show ip access group 4 133 map access list ip 4 133 show map access list ip 4 134 match access list ip 4 135 show marking 4 136 MAC ACLs 4 137 access list mac 4 138 permit deny MAC ACL 4 139 show mac access list 4 141 access list mac mask precedence 4 141 mask MAC ACL 4 142 ...

Page 16: ...rver group 4 163 show snmp group 4 164 snmp server user 4 166 show snmp user 4 168 Interface Commands 4 169 interface 4 170 description 4 170 speed duplex 4 171 negotiation 4 172 capabilities 4 173 shutdown 4 174 switchport broadcast packet rate 4 175 clear counters 4 176 show interfaces status 4 177 show interfaces counters 4 178 show interfaces switchport 4 180 Mirror Port Commands 4 182 port mo...

Page 17: ... forward time 4 208 spanning tree hello time 4 209 spanning tree max age 4 209 spanning tree priority 4 210 spanning tree pathcost method 4 211 spanning tree transmission limit 4 212 spanning tree mst configuration 4 212 mst vlan 4 213 mst priority 4 214 name 4 215 revision 4 216 max hops 4 216 spanning tree spanning disabled 4 217 spanning tree cost 4 218 spanning tree port priority 4 219 spannin...

Page 18: ...240 show pvlan 4 241 Configuring Protocol based VLANs 4 242 protocol vlan protocol group Configuring Groups 4 243 protocol vlan protocol group Configuring Interfaces 4 244 show protocol vlan protocol group 4 245 show interfaces protocol vlan protocol group 4 246 GVRP and Bridge Extension Commands 4 247 bridge ext gvrp 4 247 show bridge ext 4 248 switchport gvrp 4 249 show gvrp configuration 4 249 ...

Page 19: ... ip igmp snooping 4 268 ip igmp snooping vlan static 4 269 ip igmp snooping version 4 269 show ip igmp snooping 4 270 show mac address table multicast 4 271 IGMP Query Commands Layer 2 4 272 ip igmp snooping querier 4 272 ip igmp snooping query count 4 273 ip igmp snooping query interval 4 274 ip igmp snooping query max response time 4 274 ip igmp snooping router port expire time 4 275 Static Mult...

Page 20: ...289 ip domain lookup 4 290 show hosts 4 291 show dns 4 292 show dns cache 4 292 clear dns cache 4 293 A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3 Glossary Index ...

Page 21: ...208 Table 3 13 CoS Priority Levels 3 208 Table 3 14 Mapping IP Precedence 3 214 Table 3 15 Mapping DSCP Priority 3 215 Table 3 16 Egress Queue Priority Mapping 3 219 Table 4 1 General Command Modes 4 8 Table 4 2 Configuration Command Modes 4 10 Table 4 3 Keystroke Commands 4 11 Table 4 4 Command Group Index 4 12 Table 4 5 Line Commands 4 14 Table 4 6 General Commands 4 26 Table 4 7 System Manageme...

Page 22: ...ble 4 34 IP ACL Commands 4 119 Table 4 35 Egress Queue Priority Mapping 4 134 Table 4 36 MAC ACL Commands 4 137 Table 4 37 Mapping CoS Values to MAC ACLs 4 146 Table 4 38 ACL Information Commands 4 149 Table 4 39 SNMP Commands 4 150 Table 4 40 show snmp engine id display description 4 161 Table 4 41 show snmp view display description 4 163 Table 4 42 show snmp group display description 4 165 Table...

Page 23: ...Table 4 63 Priority Commands Layer 2 4 252 Table 4 64 Default CoS Priority Levels 4 256 Table 4 65 Priority Commands Layer 3 and 4 4 259 Table 4 66 Mapping IP Precedence to CoS Values 4 262 Table 4 67 Mapping IP DSCP to CoS Values 4 263 Table 4 68 Multicast Filtering Commands 4 267 Table 4 69 IGMP Snooping Commands 4 268 Table 4 70 IGMP Query Commands Layer 2 4 272 Table 4 71 Static Multicast Rout...

Page 24: ...TABLES xxiv ...

Page 25: ...igure 3 16 System Logs 3 40 Figure 3 17 Remote Logs 3 42 Figure 3 18 Displaying Logs 3 43 Figure 3 19 Enabling and Configuring SMTP Alerts 3 45 Figure 3 20 Resetting the System 3 46 Figure 3 21 SNTP Configuration 3 48 Figure 3 22 Clock Time Zone 3 49 Figure 3 23 Enabling the SNMP Agent 3 53 Figure 3 24 Configuring SNMP Community Strings 3 54 Figure 3 25 Configuring SNMP Trap Managers 3 58 Figure 3...

Page 26: ...ation 3 129 Figure 3 54 LACP Trunk Configuration 3 131 Figure 3 55 LACP Aggregation Port 3 133 Figure 3 56 LACP Port Counters Information 3 135 Figure 3 57 LACP Port Internal Information 3 138 Figure 3 58 LACP Port Neighbors Information 3 140 Figure 3 59 Port Broadcast Control 3 142 Figure 3 60 Mirror Port Configuration 3 144 Figure 3 61 Rate Limit Configuration 3 145 Figure 3 62 Port Statistics 3...

Page 27: ...s 3 209 Figure 3 86 Queue Mode 3 210 Figure 3 87 Queue Scheduling 3 211 Figure 3 88 IP Precedence DSCP Priority Status 3 213 Figure 3 89 IP Precedence Priority 3 214 Figure 3 90 IP DSCP Priority 3 216 Figure 3 91 IP Port Priority Status 3 218 Figure 3 92 IP Port Priority 3 218 Figure 3 93 ACL CoS Priority 3 220 Figure 3 94 IGMP Configuration 3 225 Figure 3 95 Multicast Router Port Information 3 22...

Page 28: ...FIGURES xxviii ...

Page 29: ...ure to maximize the switch s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web SSL HTTPS Telnet SSH SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Port IEEE 802 1X MAC address filtering Access Contro...

Page 30: ...resses learning Store and Forwa rd Switching Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs Up to 255 using IEEE 802 1Q port based protocol based or private VLANs Traffic Prioritization Default port priority traffic class map queue scheduling IP Prece...

Page 31: ...on This switch authenticates management access via the console port Telnet or web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 ...

Page 32: ...set up or dynamically configured using IEEE 802 3 2002 formerly IEEE 802 3ad Link Aggregation Control Protocol LACP The additional ports dramatically increase the throughput across any connection and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 4 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelm...

Page 33: ... these spanning tree protocols Spanning Tree Protocol STP IEEE 802 1D This protocol provides loop detection and recovery by allowing two or more redundant connections to be created between a pair of LAN segments When there are multiple physical paths between segments this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the ...

Page 34: ... been assigned By segmenting your network into VLANs you can Eliminate broadcast storms which severely degrade performance in a flat network Simplify network management for node changes moves by remotely configuring VLAN membership for any port rather than having to manually change the network connection Provide data security by restricting all traffic to the originating VLAN Use private VLANs to ...

Page 35: ...ed to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real time delivery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and Query to manage multicast group registration System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch default...

Page 36: ...curity Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Community Strings public read only private read write Traps Authentication traps enabled Link up down events enabled SNMP V3 View defaultview Group public read only private read write Port Configuration Admin Status Enabled Flow...

Page 37: ...ss Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port interface Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 IP Precedence Priority Disabled IP DSCP Priority Disable...

Page 38: ...led Querier Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled There are interoperability problems between Flow Control and Head of Line HOL blocking for the switch ASIC Flow Control is therefore not supported for this switch Table 1 2 System Defaults...

Page 39: ...HTTP web agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial conso...

Page 40: ...and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 4 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and statistics Required Connections The switch provides an RS 232 serial port that enables a c...

Page 41: ...s 1 stop bit and no parity Set flow control to none Set the emulation mode to VT100 When using HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have Windows 2000 Service Pack 2 or later installed Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal s VT100 emulation See www mi...

Page 42: ...ws you to build a separate network for management tasks It acn also provide faster management access when the data ports are heavily loaded Note This switch supports four concurrent Telnet SSH sessions After configuring the switch s IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed using Telnet...

Page 43: ...ser name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification procedure starts 2 At the Username prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have access at the Privileged Exec level...

Page 44: ...also need to specify the default gateway router Dynamic The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Manual Configuration You can manually assign an IP address to the switch You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment Valid IP addresses consist ...

Page 45: ...ation mode prompt Press Enter 4 To set the IP address of the default gateway for the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Dynamic Configuration If you select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to use the ip...

Page 46: ...de prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To obtain IP settings via BOOTP type ip address bootp and press Enter 3 Type end to return to the Privileged Exec mode Press Enter 4 Type ip dhcp restart client to be...

Page 47: ...tain events have occurred The switch includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community stri...

Page 48: ...s recommended that you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note that the default mode is read only 2 To remove an existing string simpl...

Page 49: ... detailed description of these parameters see snmp server host on page 4 155 The following example creates a trap host for each type of SNMP client Configuring Access for SNMP Version 3 Clients To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write assign the view to a group and then assign the user to a ...

Page 50: ... your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Enter Console config snmp server vie...

Page 51: ...te a file named startup1 cfg that contains all system settings including information about the unit identifier and MAC address The configuration settings from the factory defaults configuration file are copied to this file which is then used to boot the switch See Saving or Restoring Configuration Settings on page 3 30 for more information See Saving or Restoring Configuration Settings on page 3 3...

Page 52: ...les set as the start up file are run and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 53: ...Command Line Interface Prior to accessing the switch from a web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 6 2 Set user names and passwords using an out of band serial connection Access to the web agent is...

Page 54: ...ge the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management commands issued through the web interface See Configuring Interface Sett...

Page 55: ...s and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and ...

Page 56: ... is configured as follows Under the menu Tools Internet Options General Temporary Internet Files Settings the setting for item Check for newer versions of stored pages should be Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Table 3 1 Web Page Configuration Buttons Bu...

Page 57: ...e ports including Active i e up or down Duplex i e half or full duplex or Flow Control1 Clicking on the image of a port opens the Port Configuration page as described on page 3 125 Figure 3 2 Panel Display 1 There are interoperability problems between Flow Control and Head of Line HOL blocking for the switch ASIC Flow Control is therefore not supported for this switch ...

Page 58: ...s and power status 3 16 Bridge Extension Shows the bridge extension parameters 3 18 IP Configuration Sets the IP address for management access 3 20 Jumbo Frames Enables support for jumbo frames 3 24 File Management 3 25 Copy Operation Allows the transfer and copying files 3 25 Delete Allows deletion of files from the flash memory 3 25 Set Startup Sets the startup file 3 25 Line 3 33 Console Sets c...

Page 59: ... 53 SNMPv3 3 58 Engine ID Sets the SNMP v3 engine ID 3 59 Remote Engine ID Sets the SNMP v3 engine ID on a remote device 3 60 Users Configures SNMP v3 users 3 61 Remote Users Configures SNMP v3 users on a remote device 3 63 Groups Configures SNMP v3 groups 3 66 Views Configures SNMP v3 views 3 72 Security 3 53 User Accounts Configures user names passwords and access levels 3 75 Authentication Sett...

Page 60: ...ics for the selected port 3 101 ACL 3 105 Configuration Configures packet filtering based on IP or MAC addresses 3 105 Mask Configuration Controls the order in which ACL rules are checked 3 113 Port Binding Binds a port to the specified ACL 3 119 IP Filter Configures IP addresses that are allowed management access 3 103 Port 3 121 Port Information Displays port connection status 3 121 Trunk Inform...

Page 61: ...roadcast Control Sets the broadcast storm threshold for each trunk 3 141 Mirror Port Configuration Sets the source and target ports for mirroring 3 143 Rate Limit 3 145 Input Port Configuration Sets the input rate limit for each port 3 145 Input Trunk Configuration Sets the input rate limit for each trunk 3 145 Output Port Configuration Sets the output rate limit for each port 3 145 Output Trunk C...

Page 62: ...VLAN Configuration Configures priority and VLANs for a spanning tree instance 3 176 Port Information Displays port settings for a specified MST instance 3 180 Trunk Information Displays trunk settings for a specified MST instance 3 180 Port Configuration Configures port settings for a specified MST instance 3 182 Trunk Configuration Configures trunk settings for a specified MST instance 3 182 VLAN...

Page 63: ...onfiguration Creates a protocol group specifying the supported protocols 3 203 Port Configuration Maps a protocol group to a VLAN 3 204 Priority 3 206 Default Port Priority Sets the default priority for each port 3 206 Default Trunk Priority Sets the default priority for each trunk 3 206 Traffic Classes Maps IEEE 802 1p priority tags to output queues 3 208 Traffic Classes Status Enables disables t...

Page 64: ...rresponding output queue for packets matching an ACL rule 3 219 IGMP Snooping 3 221 IGMP Configuration Enables multicast filtering configures parameters for multicast query 3 223 Multicast Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 3 226 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring m...

Page 65: ...main name and domain list and specifies IP address of name servers for dynamic lookup 3 231 Static Host Table Configures static entries for domain name to address mapping 3 234 Cache Displays cache entries discovered by designated name servers 3 236 Table 3 2 Main Menu Continued Menu Description Page ...

Page 66: ...hese additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if managem...

Page 67: ...em Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interface via Telnet Figure 3 3 System Information ...

Page 68: ... WC 9 4 154 Console config snmp server contact Ted 4 153 Console config exit Console show system 4 83 System Description 8 10GE L2 Switch System OID String 1 3 6 1 4 1 259 6 10 76 System Information System Up Time 0 days 4 hours 5 minutes and 56 31 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 0C DB 21 11 33 Web Server Enabled Web Server Port 80 Web Secure ...

Page 69: ...der code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master i e stand alone These additional parameters are displayed for the CLI Unit ID Unit number in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 3 4 S...

Page 70: ...tion Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 3 206 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 153 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its ...

Page 71: ...VLAN Capable This switch does not support multiple local bridges outside of the scope of 802 1Q defined VLANs GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Di...

Page 72: ...separated by periods Anything outside this format will not be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4093 This is the only VLAN through which you can gain management access to the switch By default all ports on the switch are members of VLAN 1 so a management station can be connected to any port on the switch However if other VLANs are configured...

Page 73: ...d default gateway IP Address Address of the VLAN to which the management station is attached Note you can manage the switch through any configured IP interface Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 0 0 0 0 Subnet Mask This mask identifies the host address bits used for routing to specific subnets Default 255 0 0 0 Gateway IP address IP address of the gate...

Page 74: ...ure 3 6 IP Interface Configuration Manual CLI Specify the management interface IP address and default gateway Using DHCP BOOTP If your network provides DHCP BOOTP services you can configure the switch to be dynamically configured by these services Console config Console config interface vlan 1 4 170 Console config if ip address 10 1 0 253 255 255 255 0 4 279 Console config if exit Console config i...

Page 75: ...Interface Configuration DHCP Note If you lose your management connection make a console connection to the switch and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart client command Console config Console config interface vlan 1 4 170 Console config if ip address dhcp 4 27...

Page 76: ...port for Jumbo Frames The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields Command Usage To use jumbo frames both the source and destination end nod...

Page 77: ...us version You must specify the method of file transfer along with the file type and file names as required Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to tftp Copies a file from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch fi...

Page 78: ...length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Source Destination Unit2 Stack unit Note Up to two copies of the system software i e the runtime firmware can be stored in the file directory on the switch The currently designated startup version of this file cannot be deleted ...

Page 79: ...thod enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new operation code reboot the system via the System Reset menu Figure 3 9 Copy Firmware If you download to a new...

Page 80: ...Startup Code To delete a file select System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 11 Deleting Files ...

Page 81: ...w file to start up the system and then restart the switch To start the new firmware enter the reload command or reboot the system Console copy tftp file 4 87 TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcode 1 2 2 Source file name V3002 bix Destination file name V3002 Write to FLASH Programming Write to FLASH finish Success Console config Console config boot system opcode V3002 4...

Page 82: ...he switch to the startup configuration file to tftp Copies a file from the switch to a TFTP server running config to file Copies the running configuration to a file running config to startup config Copies the running config to the startup config running config to tftp Copies the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch s...

Page 83: ...figuration settings File Name The configuration file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Source Destination Unit3 Stack unit Note The maximum number of user defined configuration files is limited...

Page 84: ...ement Copy Operation Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then click Apply Figure 3 12 Downloading Configuration Settings for Start Up If you download to a new file name using tftp to startup config or tftp to file the file is automat...

Page 85: ... program by attaching a VT100 compatible device to the switch s serial console port Management access through the console port is controlled by various parameters including a password timeouts and basic communication settings These parameters can be configured via the web or CLI interface Console copy tftp startup config 4 87 TFTP server ip address 192 168 1 19 Source configuration file name confi...

Page 86: ... logon attempt Range 0 120 Default 3 attempts Silent Time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the number of data bits per character that are interpreted and generated by the console port If parity is being generated specify 7 data bits per character If no parity is re...

Page 87: ... the system shows a prompt Default No password Login4 Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name accounts Default Local Web Click System Line Console Specify the console port connection parameters as required then click Apply Figure 3 14 Configuring the Console P...

Page 88: ...mber Sets the TCP port number for Telnet on the switch Default 23 Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 0 4 18 Console config line exec timeout...

Page 89: ... specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Password5 Specifies a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login5 Enables password checking at ...

Page 90: ...sh memory are permanently stored in the switch to assist in troubleshooting network problems Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event level...

Page 91: ...xample if level 7 is specified all messages from level 0 to level 7 will be logged to RAM Range 0 7 Default 7 Note The Flash Level must be equal to or less than the RAM Level Table 3 3 Logging Levels Level Level Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g return...

Page 92: ...of messages that are sent to syslog servers or other management stations You can also limit the event messages sent to only those messages at or above a specified level Command Attributes Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Disabled Logging Facility Sets the facility type for remote logging of syslog messages There are eig...

Page 93: ...sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be sent to the remote server Range 0 7 Default 7 Host IP List Displays the list of remote server IP addresses that will recei...

Page 94: ...System Logs Remote Logs To add an IP address to the Host IP List type the new IP address in the Host IP Address box and then click Add To delete an IP address click the entry in the Host IP List and then click Remove Figure 3 17 Remote Logs ...

Page 95: ...sh memory Web Click System Log Logs Figure 3 18 Displaying Logs Console config logging host 10 1 0 9 4 61 Console config logging facility 23 4 62 Console config logging trap 4 4 63 Console config logging trap Console config exit Console show logging trap 4 64 Syslog logging Enabled REMOTELOG status Disabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG serve...

Page 96: ...t identifies the switch or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 39 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 SMTP Server List Specifies a list of u...

Page 97: ...the list Web Click System Log SMTP Enable SMTP specify a source email address and select the minimum severity level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Specify up to five email addresses to receive the alert messages and click Apply Figure 3 19 En...

Page 98: ...eset button to restart the switch When prompted confirm that you want reset the switch Figure 3 20 Resetting the System Console config logging sendmail host 192 168 1 4 4 68 Console config logging sendmail level 3 4 69 Console config logging sendmail source email big wheels matel com 4 69 Console config logging sendmail destination email chris matel com 4 70 Console config logging sendmail 4 71 Co...

Page 99: ... from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command...

Page 100: ...pply Figure 3 21 SNTP Configuration CLI This example configures the switch to operate as an SNTP client and then displays the current time and settings Console config sntp client 4 72 Console config sntp poll 16 4 74 Console config sntp server 10 1 0 19 137 82 140 80 128 250 36 2 4 73 Console config exit Console show sntp 4 75 Current time Jan 6 14 56 05 2004 Poll interval 60 Current mode unicast ...

Page 101: ...ttributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 22 Clock T...

Page 102: ...ines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as SMC EliteView A...

Page 103: ...nd Levels Model Level Group Read View Write View Notify View Security v1 noAuthNoPriv public read only defaultview none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user defined user defined user defined user defined Community string only v2c noAuthNoPriv public read only defaultview none none Community string only...

Page 104: ... AuthNoPriv user defined user defined user defined user defined Provides user authentication via MD5 or SHA algorithms v3 AuthPriv user defined user defined user defined user defined Provides user authentication via MD5 or SHA algorithms and data privacy using DES 56 bit encryption Table 3 4 SNMPv3 Security Models and Levels Continued Model Level Group Read View Write View Notify View Security ...

Page 105: ...wing example enables SNMP on the switch Setting Community Access Strings You may configure up to five community strings authorized for management access by clients using SNMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports ...

Page 106: ...Authorized management stations are only able to retrieve MIB objects Read Write Authorized management stations are able to both retrieve and modify MIB objects Web Click SNMP Configuration Add new community strings as required select the access rights from the Access Mode drop down list then click Add Figure 3 24 Configuring SNMP Community Strings CLI The following example adds the string spiderma...

Page 107: ...for the host However if you specify a V3 host with the no authentication noAuth option an SNMP user account will be automatically generated and the switch will authorize SNMP access for the host Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are therefore not as reliable as inform messages which includ...

Page 108: ...mmunity string for the new trap manager entry Though you can set this string in the Trap Managers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Trap Ve...

Page 109: ...of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 Enable Authentication Traps6 Issues a notification message to specified IP trap managers whenever authentication of an SNMP request fails Default Enabled Enable Link up and Link down Traps6 Issues a notification message whenever a port link is established or broken Default Enabled 6 These are l...

Page 110: ...and Link up down traps and then click Apply Figure 3 25 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 If you want to change the default engine ID do so before configuring other SNMP parameters 2 Specify read and write access views for ...

Page 111: ...rds to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engineID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users A new engine ID can be specified by entering 10 to 64 hexadecimal character...

Page 112: ...o configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types on page 3 55 and Configuring Remote SNMPv3 Users on page 3 63 The engine ID can be specified by entering 10 to 64 hexadecimal characters If less than 26 characters are specified trailing zeroes are added to the value For example the value 1234 is equivalent ...

Page 113: ...on or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication Protocol The method used for user authentication Options MD5 SHA Defaul...

Page 114: ...k New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 28 Configuring SNMPv3 Users ...

Page 115: ...ify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host See Specifying Trap Managers and Trap Types on page 3 55 and Specifying a Remote Engine ID on page 3 60 Console config snmp server user chris r d v3 auth md5 greenpeace priv d...

Page 116: ...SNMP v1 v2c or v3 Default v1 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only availabl...

Page 117: ...ck New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete Figure 3 29 Configuring Remote SNMPv3 Users ...

Page 118: ...or the group noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters...

Page 119: ...hange Timer immediately subsequent to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state or from the Forwarding state to the Discarding state The trap is not sent if a newRoot trap is sent for the same transition SNMPv2 Traps coldStart 1 3 6 1 6 3 1 1 5 1 A coldStart t...

Page 120: ...itioned into some other state but not into the notPresent state This other state is indicated by the included value of ifOperStatus authenticationFailure 1 3 6 1 6 3 1 1 5 5 An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating th...

Page 121: ...the IP Filter swSmtpConnFailure Trap 1 3 6 1 4 1 259 6 10 76 2 1 0 41 This trap is triggered if the SMTP system cannot open a connection to the mail server successfully swMainBoardVer MismatchNotificaiton 1 3 6 1 4 1 259 6 10 76 2 1 0 56 This trap is sent when the slave board version is mismatched with the master board version This trap binds two objects the first object indicates the master versi...

Page 122: ... 1 3 6 1 4 1 259 6 10 76 2 1 0 60 This trap is sent when a module is inserted swModuleRemoval Notificaiton 1 3 6 1 4 1 259 6 10 76 2 1 0 61 This trap is sent when a module is removed These are legacy notifications and therefore must be enabled in conjunction with the corresponding traps on the SNMP Configuration menu page 3 58 Table 3 5 Supported Notification Messages Continued Object Label Object...

Page 123: ...new group In the New Group page define a name assign a security model and level and then select read write and notify views Click Add to save the new group and return to the Groups list To delete a group check the box next to the group name then click Delete Figure 3 30 Configuring SNMPv3 Groups ...

Page 124: ...gured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Console config snmp server group secu...

Page 125: ...tch MIB to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click on Edit OID Subtrees to make changes to the view settings To delete a view check the box next to the view name then click Delete Figure 3 31 Configuring SNMPv3 Views ...

Page 126: ...Provide a secure web connection SSH Settings Provide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 161 Console config exit Console show snmp view 4 162 View Name ifEntry a Subtree OID 1 3 6 1 ...

Page 127: ... guest name is guest with the password guest The default administrator name is admin with the password admin Command Attributes Account List Displays the current list of user accounts and associated access levels Defaults admin and guest New Account Displays configuration settings for a new account User Name The name of the user Maximum length 8 characters maximum number of users 16 Access Level S...

Page 128: ...ser Accounts CLI Assign a user name to access level 15 i e administrator then specify the password Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols ...

Page 129: ...ACACS encrypts the entire body of the packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the ...

Page 130: ...S server only TACACS User authentication is performed using a TACACS server only authentication sequence User authentication is performed by up to three authentication methods in the indicated sequence RADIUS Settings Global Provides globally applicable RADIUS settings ServerIndex Specifies one of five RADIUS servers that may be configured The switch attempts authentication using the listed sequen...

Page 131: ...1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13 Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to...

Page 132: ...ion Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selected and click Apply Figure 3 33 Authentication Server Settings ...

Page 133: ...ius server retransmit 5 4 100 Console config radius server timeout 10 4 100 Console config radius server 1 host 192 168 1 25 4 98 Console config exit Console show radius server 4 101 Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Server 1 Server IP address 192 168 1 25 Communication key with RADIU...

Page 134: ... Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 83 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP ...

Page 135: ...a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note For maximum security we rec...

Page 136: ...t applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfe...

Page 137: ...ally import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361...

Page 138: ... the public keys stored on the switch can access it The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt t...

Page 139: ...ndard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryptio...

Page 140: ...k Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 35 SSH Host Key Settings ...

Page 141: ... host key 4 55 Console show public key host 4 57 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 729290510813919642025190932104328579045764891 DSA ssh dss AAAAB...

Page 142: ...ies the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page b...

Page 143: ...usion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table ...

Page 144: ...4 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 125 Command Attributes Port Port number Range 1 8 Name Descriptive text page 4 170 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNM...

Page 145: ...owed on a port and click Apply Figure 3 37 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count and then enables port security for the port Console config interface ethernet 1 5 Console config if port security action trap and shutdown 4 105 Console config if port security max mac count 20 Console ...

Page 146: ... client i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the...

Page 147: ...ch port that will be used must be set to dot1x Auto mode Each client that needs to be authenticated must have dot1x client software installed and properly configured The RADIUS server and 802 1X client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type MD5 Some ...

Page 148: ...d Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 39 802 1X Global Configuration CLI This example enables 802 1X globally for the switch Console show dot1x 4 113 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Sing...

Page 149: ...e Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise This is the default setting Force Unaut...

Page 150: ...econds TX Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configu...

Page 151: ...ge 4 113 Console config interface ethernet 1 2 4 170 Console config if dot1x port control auto 4 108 Console config if dot1x re authentication 4 111 Console config if dot1x max req 5 4 108 Console config if dot1x timeout quiet period 40 4 112 Console config if dot1x timeout re authperiod 5 4 112 Console config if dot1x timeout tx period 40 4 113 Console config if end ...

Page 152: ...Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Disable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 7 Authenticator State Machine State Authenticated Reauth Count 0 Back...

Page 153: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most r...

Page 154: ... 802 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 113 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 155: ... access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a...

Page 156: ... Entry Figure 3 42 IP Filter CLI This example restricts management access for Telnet clients Console config management telnet client 192 168 1 19 4 39 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management all client 4 40 Management IP Filter HTTP Client Start IP address End IP address SNMP Client Start IP address End IP address TELNET Client ...

Page 157: ... matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule This is done by specifying masks that control the order in which ACL rules are checked The switch...

Page 158: ...P ACL for ingress ports 5 Explicit default rule permit any any in the ingress IP ACL for ingress ports 6 Explicit default rule permit any any in the ingress MAC ACL for ingress ports 7 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum...

Page 159: ...IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to indica...

Page 160: ...e address range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the...

Page 161: ...ult TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Source Destination Port Bit Mask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match T...

Page 162: ...ination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click Add Figure 3 45 ACL Configuration Extended IP CLI This example adds three rules 1 Accept any incoming packets if the source add...

Page 163: ...ault Any Source Destination MAC Address Source or destination MAC address Source Destination MAC Bit Mask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4094 VID Bit Mask VLAN bitmask Range 1 4094 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A f...

Page 164: ...C ACLs only work for destination mac known packets not for multicast broadcast or destination mac unknown packets Web Specify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or MAC If you select Host enter a specific address e g 11 22 33 44 55 66 If you select MAC enter a base address and a hexidecimal bitmask for an address range Set ...

Page 165: ...an be bound to up to four ACLs of the same type Command Usage Up to seven entries can be assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules are entered First create the required ACLs and the ingress or egress masks before m...

Page 166: ...e inbound packet Configuring an IP ACL Mask This mask defines the fields to check in the IP header Command Usage Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes Command Attributes Source Destination Address Type Specifies the source or destination IP address Use Any to match any address Hos...

Page 167: ... of rule must match this bitmask See the description for SubMask on page 3 107 Protocol Mask Check the protocol field Service Type Mask Check the rule for the specified priority type Options Precedence TOS DSCP Default TOS Source Destination Port Bit Mask Protocol port of rule must match this bitmask Range 0 65535 Control Code Bit Mask Control flags of rule must match this bitmask Range 0 63 ...

Page 168: ...k to check for any source or destination address a specific host address or an address range Include other criteria to search for in the rules such as a protocol type or one of the service types Or use a bitmask to search for specific protocol port s or TCP control code s Then click Add Figure 3 48 ACL Mask Configuration IP ...

Page 169: ... match any address Host to specify the host address for a single node or MAC to specify a range of addresses Options Any Host MAC Default Any Source Destination Bit Mask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bit Mask Ethernet type of rule must match this bitmask Packet Format Mask A packet format must be specified in the rule Cons...

Page 170: ...ingress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for specific VLAN ID s or Ethernet type s Or check for rules where a packet format was specified Then click Add Figure 3 49 ACL Mask Configuration MAC ...

Page 171: ...y port for egress filtering In other words only four ACLs can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL Console config access list mac M4 4 138 Console config mac acl permit any any 4 139 Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 4 139 Console config mac acl end Console show access list 4 141 MAC access list...

Page 172: ...ttempt to bind the ACL to an interface for egress checking the bind operation will fail Command Attributes Port Port number Range 1 8 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an ACL for...

Page 173: ...rrent speed and duplex mode 10Gfull Flow Control Status7 Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled for disabled This setting is fixed at Disabled for all 10G ports Trunk Member8 Shows if port is a trunk member Console config interface ethernet 1 1 4 170 Console config if ip access group david in 4 132 ...

Page 174: ...s CLI Basic information Port type Indicates the port type 10G or 100 TX MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 20 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice 9 Trunk Inform...

Page 175: ... Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm threshold 500 262143 packets per second LACP Shows if LACP is enabled or disabled Port security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the response to take when...

Page 176: ...tion Port Type 10G Mac Address 00 0C DB 21 11 38 Configuration Name Port Admin Up Speed duplex 10G full Capabilities Broadcast Storm Enabled Broadcast Storm Limit 1042 packets second LACP Disabled Port Security Disabled Max MAC Count 0 Port Security Action None Media Type None Current status Link Status Up Port Operation Status Up Operation Speed duplex 10G full Console ...

Page 177: ...reasons Speed Duplex10 Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled This is fixed at 10G full duplex for Ports 1 8 Autonegotiation10 Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you can force the settings for sp...

Page 178: ...k Configuration Modify the required interface settings and click Apply Figure 3 52 Port Port Configuration CLI Select the interface and then enter the required settings Console config interface ethernet 1 8 4 170 Console config if description RD SW 8 4 170 Console config if shutdown 4 174 Console config if no shutdown Console config if no negotiation 4 172 Console config if speed duplex 100half 4 ...

Page 179: ...igured as LACP the switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than four ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by...

Page 180: ... When configuring static trunks you may not be able to link switches of different types depending on the manufacturer s implementation However note that the static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a s...

Page 181: ... interface port channel 1 4 170 Console config if exit Console config interface ethernet 1 1 4 170 Console config if channel group 1 4 187 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 4 177 Information of Trunk 1 Basic information Port type 10G Mac address 00 30 F1 D4 73 A2 Configu...

Page 182: ...tomatically be assigned the next available trunk ID If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 128 Command Attributes Member List Curr...

Page 183: ...e config interface ethernet 1 1 4 170 Console config if lacp 4 170 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 177 Information of Trunk 1 Basic information Port type 10G Mac address 00 30 F1 D4 73 A2 Configuration Name Port admin Up Speed duplex 10G full Capabilities Port security Disabled...

Page 184: ...d by the interfaces that joined the group lacp admin key as described in this section and on page 4 191 Command Attributes Set Port Actor This menu sets the local side of an aggregate link i e the ports on this switch Port Port number Range 1 8 System Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG ne...

Page 185: ... its administrative state not its operational state and will only take effect the next time an aggregate link is established with the partner Web Click Port LACP Aggregation Port Set the System Priority Admin Key and Port Priority for the Port Actor You can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and ...

Page 186: ...Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 194 Channel Group System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 Console show lacp 1 internal 4 194 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPD...

Page 187: ...umber of valid LACPDUs received by this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but ...

Page 188: ... channel 1 Eth 1 2 LACPDUs Sent 19 LACPDUs Receive 10 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 3 9 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating ...

Page 189: ...lection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the i...

Page 190: ...e LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 194 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long ti...

Page 191: ...lue of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the pr...

Page 192: ...ote side of port channel 1 Console show lacp 1 neighbors 4 194 Port channel 1 neighbors Eth 1 2 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 78 AE C0 Partner Admin Port Number 2 Partner Oper Port Number 2 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 3 Admin State defaulted distributing collecting synchronization long timeout Oper ...

Page 193: ...etting a threshold for broadcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast control does not effect IP multicast traffic Command Attributes Port11 Port number Range 1 8 Trunk12 Trunk number Type Indicates the port type 10G Protect Status Shows whether or not broadcast storm control has been enabled Default Enabled Thre...

Page 194: ...170 Console config if no switchport broadcast 4 175 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 6000 4 175 Console config if end Console show interfaces switchport ethernet 1 2 4 180 Information of Eth 1 2 Broadcast Threshold Enabled 6000 packets second LACP Status Enabled Ingress Rate Limit Disabled 10000M bits per second Egress ...

Page 195: ...se traffic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 8 Type Allows you to select which traffic to mirror to t...

Page 196: ... Add Figure 3 60 Mirror Port Configuration CLI Use the interface command to select the monitor port then use the port monitor command to specify the source port Note that default mirroring under the CLI is for both received and transmitted packets Console config interface ethernet 1 7 4 170 Console config if port monitor ethernet 1 8 4 182 Console config if ...

Page 197: ...can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Command Attribute Rate Limit Sets the output rate limit for an interface Default Status Disabled Default Rate 10000 Mbps Range 1 10000 Mbps Web Cli...

Page 198: ...ast system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default Note RMON groups 2 3 and 9 can only be accessed using SNMP management software such as SMC EliteView Console config interface ethernet 1 1 4 170 Console config if rate limit input 6000 4 185 Console config if rate limit output 6000 Console config if Table 3 11 Port Statistics Parameter Descrip...

Page 199: ...ocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a multicast address at this sub layer including those that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher ...

Page 200: ...ransmitted frames for which transmission is inhibited by exactly one collision Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times...

Page 201: ...oadcast and multicast received Broadcast Frames The total number of good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors The number of CRC alignment errors FCS or alignment errors Undersize Frames The total number ...

Page 202: ...luding FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but including FCS octets Table 3 11 Port Statistics Continued Parameter Description ...

Page 203: ...CONFIGURATION 3 151 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 62 Port Statistics ...

Page 204: ...known protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too lo...

Page 205: ...n on another interface the address will be ignored and will not be written to the address table Command Attributes Static Address Counts13 The number of manually configured addresses Current Static Address Table Lists all the static addresses Interface Port or trunk associated with the device assigned a static address MAC Address Physical address of a device mapped to this interface VLAN ID of con...

Page 206: ...able The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk Console co...

Page 207: ...ynamic Address Table Lists all the dynamic addresses Web Click Address Table Dynamic Addresses Specify the search type i e mark the Interface MAC Address or VLAN checkbox select the method of sorting the displayed addresses and then click Query Figure 3 64 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 2...

Page 208: ...ing CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exis...

Page 209: ...devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Uni...

Page 210: ...s treated as an RSTP node in the Common Spanning Tree CST Displaying Global Settings You can display a summary of the current bridge STA information that applies to the entire switch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge pr...

Page 211: ...ng Tree that this switch has accepted as the root device Root Port The number of the port on this switch that is closest to the root This switch communicates with the root device through this port If there is no root port then this switch has been accepted as the root device of the Spanning Tree network Root Path Cost The path cost from the root port on this switch to the root device Configuration...

Page 212: ...ted from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward f...

Page 213: ...SPANNING TREE ALGORITHM CONFIGURATION 3 161 Web Click Spanning Tree STA Information Figure 3 66 STA Information ...

Page 214: ...d Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 13380 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role disable State discarding External admin path cost 1000 Internal admin cost 1000 External oper path cost 1000 Internal ...

Page 215: ...ype of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration...

Page 216: ...ity mode RSTP Rapid Spanning Tree IEEE 802 1w MSTP Multiple Spanning Tree IEEE 802 1s MSTP is the default Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower num...

Page 217: ... 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary dat...

Page 218: ...h can be assigned Default 65 Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision15 The revision for this MSTI Range 0 65535 Default 0 Region Name15 The name for this MSTI Maximum length 32 characters Max Hop Count The maximum number of hops allowed in the MST region before a BPDU i...

Page 219: ...SPANNING TREE ALGORITHM CONFIGURATION 3 167 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 67 STA Global Configuration ...

Page 220: ...eiving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding Console config spanning tree 4 205 Console config spanning tree mode mstp 4 206 Console config spanning ...

Page 221: ...ch this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type i...

Page 222: ...edia and higher values assigned to ports with slower media Path cost takes precedence over port priority Internal path cost The path cost for the MST See the preceding item Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as Alternate port rec...

Page 223: ...he end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does...

Page 224: ... indicate the preferred path link type to indicate a point to point connection or Console show spanning tree ethernet 1 5 4 226 Eth 1 5 information Admin status enabled Role disable State discarding External admin path cost 1000 Internal admin cost 1000 External oper path cost 1000 Internal oper path cost 1000 Priority 128 Designated cost 0 Designated port 128 5 Designated root 32768 0 0000E8AAAA0...

Page 225: ...iving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk16 Indicates if a port is a member of a trunk The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in the Span...

Page 226: ...0 Gigabit Ethernet 200 20 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duplex 10 000 trunk 5 000 10 Gigabit Ethernet Full duplex 1000 trunk 500 Admin Link Type The link type attached to this interface Point to Point A connection to exactly one other bridge Shared A connection ...

Page 227: ...omatically set the selected interface to forced STP compatible mode However you can also use the Protocol Migration button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Default Disabled Web Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply Figure 3 69 STA Port Configuration ...

Page 228: ...e same general area of your network However remember that you must configure all bridges within the same MSTI Region page 3 166 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MS...

Page 229: ...8672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 VLANs in MST Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094 The other global attributes are described under Displaying Global Settings page 3 158 The attributes displayed by the CLI for individual interfaces are d...

Page 230: ... MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 70 MSTP VLAN Configuration ...

Page 231: ...Designated Root 32768 1 0030F1D473A0 Current root port 0 Current root cost 0 Number of topology changes 2 Last topology changes time sec 85 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master State forwarding External admin path cost 1000 Internal admin path cost 1000 External oper path cost 1000 Internal oper path cost 1000 Priority 128 Designated cost ...

Page 232: ...utes MST Instance ID Instance identifier to configure Range 0 4094 Default 0 The other attributes are described under Displaying Interface Settings page 3 168 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 71 MSTP Port Information Console config spanning tree mst configuration 4 229 Console co...

Page 233: ...ot Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000E8AAAA00 Current root port 1 Current root cost 10000 Number of topology changes 12 Last topology changes time sec 303 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 Externa...

Page 234: ...ory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this por...

Page 235: ... path cost is 65 535 By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 10 Gigabit Ethernet 200 20 000 Default Ethernet Half duplex 2 000 000 full...

Page 236: ... a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though...

Page 237: ...it or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assign...

Page 238: ...low access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a V...

Page 239: ...etwork This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application software so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in th...

Page 240: ...hen forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto th...

Page 241: ...nd to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 3 73 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number17...

Page 242: ...rge VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Console show bridge ext 4 248 Max support VLAN numbers 256 Max support VLAN ID 4094 Extended multi...

Page 243: ...le Select any ID from the scroll down list Figure 3 75 VLAN Current Table Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters Status Shows if this VLAN is enabled or disabled Active VLAN is operational Suspend VLAN is...

Page 244: ... and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Activ...

Page 245: ...name mark the Enable checkbox to activate the VLAN and then click Add Figure 3 76 VLAN Static List Creating VLANs CLI This example creates a new VLAN Console config vlan database 4 230 Console config vlan vlan 2 name R D media ethernet state active 4 231 Console config vlan end Console show vlan 4 239 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3...

Page 246: ...d by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 197 Command Attributes VLAN ID of configured VLAN 1 4094 Name Name of the VLAN 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Range 1 8 Trunk Trunk identifier Membe...

Page 247: ...elect a VLAN ID from the scroll down list Modify the VLAN name and status if required Select the membership type by marking the appropriate radio button in the list of ports or trunks Click Apply Figure 3 77 VLAN Static Table Adding Static Members CLI The following example adds tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 4 170 Console config if switchport allowed vlan...

Page 248: ...hip by Port Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 78 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as...

Page 249: ...ed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untag...

Page 250: ...d on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer18 The interval between transmitting requests queries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer18 The interval a port waits before leaving a VLAN group This time should be set to more than twice the join time This ensures that af...

Page 251: ...g to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Web Click VLAN 802 1Q VLAN Port Configuration or Trunk Configuration Fill ...

Page 252: ...neously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Console config interface ethernet 1 3 4 170 Console config if switchport acceptable frame types tagged 4 234 Console config if switchport ingress filtering 4 235 Console config if switchport native vlan 3 4 236 Console config if switchport gvrp 4 249 Console config if ...

Page 253: ...to set ports as downlink or uplink ports Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports Uplink ports can communicate with any other ports on the switch and with any designated downlink ports Web Click VLAN Private VLAN Link Status Mark the ports that will serve as uplinks and downlinks for the private VLAN then click Apply Figu...

Page 254: ...a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 3 192 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add por...

Page 255: ...er frames types include IP ARP RARP Web Click VLAN Protocol VLAN Configuration Enter a protocol group ID frame type and protocol type then click Apply Figure 3 82 Protocol VLAN Configuration CLI The following creates protocol group 1 and then specifies Ethernet frames with IP and ARP protocol types 19 SNAP frame types are not supported by this switch due to hardware limitations Console config prot...

Page 256: ...e associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the fram...

Page 257: ...he corresponding VLAN ID and click Apply Figure 3 83 Protocol VLAN Port Configuration CLI The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 3 Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 3 4 243 Console config if ...

Page 258: ...ged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This ...

Page 259: ...sole config interface ethernet 1 3 4 170 Console config if switchport priority default 5 4 254 Console config if end Console show interfaces switchport ethernet 1 3 4 180 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership mode Hybrid Ingress rule ...

Page 260: ...lications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class21 Output queue buffer Range 0 7 where 7 is the highest CoS priority queue Table 3 12 Mapping CoS Values to Egress Queues Queue ...

Page 261: ...witch Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a Console config interface ethernet 1 1 4 170 Console config if queue cos map 0 0 4 256 Consol...

Page 262: ...ffic in the higher priority queues before servicing lower priority queues Web Click Priority Queue Mode Select Strict or WRR then click Apply Figure 3 86 Queue Mode CLI The following sets the queue mode to strict priority service mode Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority ...

Page 263: ...are applications assigned a specific priority value Command Attributes WRR Setting Table22 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class Range 1 15 Web Click Priority Queue Scheduling Select the interface highlight a traffic class i e output queue enter a weight then click Apply Figure 3 87 Queue Scheduling 22 CLI shows Que...

Page 264: ...ervices are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default...

Page 265: ...edence DSCP Priority Status Select Disabled IP Precedence or IP DSCP from the scroll down menu then click Apply Figure 3 88 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priorit...

Page 266: ...selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 89 IP Precedence Priority Table 3 14 Mapping IP Precedence Priority Level Traffic Type Priority Level Traffic Type 7 Network Cont...

Page 267: ...o that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Console config map ip precedence 4 261 Console config interface ethernet 1 ...

Page 268: ...Note that 0 represents low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 90 IP DSCP Priority 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56 7 Table 3 15 Mapping DSCP Priority IP DSCP Value CoS Value ...

Page 269: ...service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings a...

Page 270: ...ce box and then click Apply Figure 3 92 IP Port Priority CLI The following example globally enables IP Port Priority service on the switch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Console config map ip port 4 259 Console config interface ethernet 1 1 4 170 Console config if map ip port 80 cos 0 4 260 Console config if end Console show map ip port e...

Page 271: ...is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 208 Command Usage You must configure an ACL mask before you can map CoS values to the rule Command Attributes Port Port identifier Range 1 8 Name23 Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets match...

Page 272: ... rule specify a CoS priority then click Add Figure 3 93 ACL CoS Priority CLI This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 1 Console config interface ethernet 1 1 4 170 Console config if map access list ip bill cos 0 4 133 Console config if ...

Page 273: ...ssed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure t...

Page 274: ...determine which if any multicast traffic needs to be forwarded to each of its ports At Layer 3 multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet Note that IGMP neither alters nor routes IP multicast packets A multicast routing protocol must be used to deliver IP multicast packets across different subne...

Page 275: ...formance Command Usage IGMP Snooping This switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers switches and IP multicast host groups to identify the IP multicast group members It simply monitors the IGMP packets passing through it picks out the group registration information and configures the multicast filters accordingly IGMP Querier A router or mu...

Page 276: ...he frequency at which the switch sends IGMP host query messages Range 60 125 seconds Default 125 IGMP Report Delay Sets the time between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list Range 5 25 seconds Default 10 IGMP Query Timeout The time the switch waits after the previous querier stops b...

Page 277: ...oping 4 268 Console config ip igmp snooping querier 4 272 Console config ip igmp snooping query count 10 4 273 Console config ip igmp snooping query interval 100 4 274 Console config ip igmp snooping query max response time 20 4 274 Console config ip igmp snooping version 2 4 269 Console config exit Console show ip igmp snooping 4 270 Service status Enabled Querier status Enabled Query count 10 Qu...

Page 278: ...ce on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snoopin...

Page 279: ...runk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming fr...

Page 280: ...rt within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to ...

Page 281: ... this entry was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping and Query Parameters on page 3 223 For certain applications that require tighter control you may need to statically configure a multicast service on the switch F...

Page 282: ...affic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate the VLAN that will propagate the multicast service ...

Page 283: ...ses configure default domain names or specify one or more name servers to use for domain name to address translation Configuring General DNS Service Parameters Command Usage To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted notati...

Page 284: ... with no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enables DNS host name to address translation Default Domain Name24 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List24 Defines a list of domain names that can be appended to incomplete host names R...

Page 285: ...Web Select DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply Figure 3 99 DNS General Configuration ...

Page 286: ...dresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a host device that is mapped to one or more IP addresses Range 1 64 characters Console config ip domain name sample com 4 287 ...

Page 287: ...with a host name Range 1 8 addresses Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply Figure 3 100 DNS Static Host Table ...

Page 288: ...and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Console config ip host rd5 19...

Page 289: ...4 CNAME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POINTER TO 4 51 www microsoft com 6 4 CNAME 207 46 68 27 71964 msn com tw 7 4 ALIAS POINTER TO 6 71964 www msn com tw 8 4 CNAME 65 54 131 192 605 passportimages com 9 4 ALIAS POINTE...

Page 290: ...CONFIGURING THE SWITCH 3 238 ...

Page 291: ... on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec Bu...

Page 292: ...btained via DHCP by default To access the switch through a Telnet session you must first set the IP address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an is...

Page 293: ...w that you are using privileged access mode i e Privileged Exec or Vty n for the guest to show that you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note Yo...

Page 294: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 295: ...ord up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters ...

Page 296: ...IP information lacp LACP statistics line TTY line information log Login records logging Login setting mac MAC access list mac address table Configuration of the address table management Show management information map Maps priority marking Configuration for packet marking port Port characteristics protocol vlan Protocol VLAN information public key Public key information pvlan Private VLAN informat...

Page 297: ... messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and th...

Page 298: ...assword guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system will now display the Co...

Page 299: ... different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Interface Configuration These commands modify the port configuration such as speed duplex and negotiation Username admin Password admin login password CLI session wit...

Page 300: ...er the other modes at the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode Console configure Console config Table 4 2 Configuration Command Modes Mode Command Prompt Page Line line console vty Console config line 4 14 Access Control List access list ip standard access list ip extended access list ip mask precedence access lis...

Page 301: ... processing Console config interface ethernet 1 5 Console config if exit Console config Table 4 3 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Delet...

Page 302: ...t Controls system logs system passwords user name browser management options and a variety of other system information 4 33 Flash File Manages code image or switch configuration files 4 86 Authentication Configures logon access using local or remote authentication also configures port security and IEEE 802 1X port access control 4 94 Access Control List Provides filtering for IP frames based on ad...

Page 303: ... 204 VLANs Configures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs and protocol VLANs 4 229 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 247 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative wei...

Page 304: ... Page line Identifies a specific line for configuration and starts the line configuration mode GC 4 15 login Enables password checking at login LC 4 16 password Specifies a password on a line LC 4 17 timeout login response Sets the interval that the system waits for a login attempt LC 4 18 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 19 passwo...

Page 305: ... virtual terminal connection and will be shown as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections parity Defines the generation of a parity bit LC 4 23 speed Sets the terminal baud rate LC 4 23 stopbits Sets the number of the stop bits transmitted per byte LC 4 24 disconnect Terminates a line connection PE 4 25 sho...

Page 306: ...ocal Command Mode Line Configuration Command Usage There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the...

Page 307: ... the no form to remove the password Syntax password 0 7 password no password 0 7 0 means plain password 7 means encrypted password password Character string that specifies the line password Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password pro...

Page 308: ... password thresh 4 20 timeout login response This command sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default setting Syntax timeout login response seconds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line C...

Page 309: ...exec timeout seconds Integer that specifies the timeout interval Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Teln...

Page 310: ... value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and...

Page 311: ...hresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 20 Console config line s...

Page 312: ...bits per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related...

Page 313: ...n protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bits per second Option...

Page 314: ...ed is not supported If you select the auto option the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accordingly Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop bits Default ...

Page 315: ... Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 56 show users 4 84 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access...

Page 316: ...abled Silent time Disabled Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Console Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28 configure Activates global configuration mode PE 4 29 show history ...

Page 317: ...e device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec end Returns to Privileged Exec mode any config mode 4 31 exit Returns to the previous configuration mode or exits the CLI any 4 31 quit Exits a CLI session NE PE 4 32 help Shows how to use help any NA Shows options for command...

Page 318: ...disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Command Usage The character is appended to the end of the ...

Page 319: ...e Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes on page 4 8 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 31 show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is fixed at ...

Page 320: ...he 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Console show history Exec...

Page 321: ...erface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode exit This command returns to the previous configuration mode or exits the configuration program Default Setting None Command Mode Any Console reload System will be restarted continue y...

Page 322: ... configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console config exit Console exit Press ENTER to start session User Access Verification Username Console quit Press ENTER to start session User Access Verification Username ...

Page 323: ...at are allowed management access 4 38 Web Server Enables management access via a web browser 4 41 Telnet Server Enables management access via Telnet 4 45 Secure Shell Provides secure replacement for Telnet 4 46 Event Logging Controls logging of error messages 4 59 SMTP Alerts Configures SMTP email alerts 4 67 Time System Clock Sets the system clock automatically via NTP SNTP server or manually 4 7...

Page 324: ... Global Configuration Example hostname This command specifies or modifies the host name for this device Use the no form to restore the default host name Syntax hostname name no hostname name The name of this host Maximum length 255 characters snmp server contact Sets the system contact string GC 4 153 snmp server location Sets the system location string GC 4 154 Console config prompt RD2 RD2 confi...

Page 325: ...hecking via the console or a Telnet connection page 4 14 user authentication via a remote authentication server page 4 94 and host access authentication for specific ports page 4 107 Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Function Mode Page username Establishes a user name based authentication system at login GC 4 36 enable password Sets a password to co...

Page 326: ... Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The...

Page 327: ...leged Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password pas...

Page 328: ...nfiguration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4 27 authentication enable 4 96 IP Filter Commands Console config enable password level 15 0 admin Console config Table 4 11 IP Filter Commands Command Function Mode Page management Configures IP addre...

Page 329: ...a range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can includ...

Page 330: ...owed management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Console config managem...

Page 331: ... 25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 42 ip http server Allows the switch to be monitored or configured from a browser GC 4 42 ip http secure server Enables HTTPS HTTP SSL for ...

Page 332: ...e TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 42 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http po...

Page 333: ... Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital cer...

Page 334: ...http secure port 4 44 copy tftp https certificate 4 87 ip http secure port This command specifies the UDP port number used for HTTPS connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS Range 1 65535 Table 4 13 HTTPS System Support Web Browser Operating System Inter...

Page 335: ... to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip http secure server 4 43 Telnet Server Commands Console config ip http secure port 1000 Console config Table 4 14 Telnet Server Commands Command Function Mode Page ip telnet server Allows the switch to be monitored or configured from Telnet also specifies the port to be u...

Page 336: ...n Example Secure Shell Commands The Berkley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implemented for Microsoft Windows and other environments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications ...

Page 337: ... the SSH server on the switch GC 4 50 ip ssh timeout Specifies the authentication timeout for the SSH server GC 4 51 ip ssh authentication re tries Specifies the number of retries allowed by a client GC 4 52 ip ssh server key size Sets the SSH server key size GC 4 52 copy tftp public key Copies the user s public key from a TFTP server to the switch PE 4 87 delete public key Deletes the public key ...

Page 338: ...ic private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 ...

Page 339: ...0229029789827213532671316294325328189150 45306393916643 steve 192 168 1 19 4 Set the Optional Parameters Set other optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the ip ssh server command to enable the SSH server on the switch 6 Configure Challenge Response Authentication When an SSH client attempts to contact the swi...

Page 340: ...he client s keys ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax no ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions The SSH server uses DSA ...

Page 341: ... 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 19 show ip ssh 4 56 Console ip ...

Page 342: ...n attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 56 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits Default Sett...

Page 343: ...of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate This command generates the host key pair i e public and private Syntax ip ssh crypto host key generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both th...

Page 344: ...manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Related Commands ip ssh crypto zeroize 4 54 ip ssh save host key 4 55 ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type...

Page 345: ...ted Commands ip ssh crypto host key generate 4 53 ip ssh save host key 4 55 no ip ssh server 4 50 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 53 Console ip ssh c...

Page 346: ... SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 4 16 show ssh display description Field Description Session The session number Range 0 3 Version The Secure Shell version number State...

Page 347: ...e client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanced Encryption Standard 160...

Page 348: ...658254764031382795526536375927835525327972629521130241 0719421061655759424590939236096954050362775257556251003866130989393 8345231033280214988866192159556859887989191950588394018138744046890 8779160305837768185490002831341625008348718449522087429212255691665 6552963281635169640408315547660664151657116381 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2HxcYV44sXZ2JXhamLK6P...

Page 349: ...ges that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 59 logging history Limits syslog messages saved to switch memory based on severity GC 4 60 logging host Adds a syslog server host IP address that will receive logging messages GC 4 61 logging facility Sets the facility type for remote logging of syslog messages GC 4 6...

Page 350: ...stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 ...

Page 351: ...to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server 4 warnings Warning conditions e g return false unexpected return 3 errors Error conditions e g invalid input default used 2 critical Critical conditions e g memory allocation or free memory error resource exhausted 1 alerts Immediate action needed 0 emergencies System unusable Co...

Page 352: ... logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by t...

Page 353: ... no logging trap level One of the syslog severity levels listed in the table on page 4 60 Messages sent include the selected level up through level 0 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enab...

Page 354: ...show log 4 66 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power ...

Page 355: ...RAM level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog logg...

Page 356: ...w logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sysl...

Page 357: ... Unit 1 Port 1 link up notification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page logging sendmail host SMTP servers to receive alert messages GC 4 68 logging sendmail level Severity threshold used to trigger alert messages GC 4 69 logging sendmail source email Email address used for From field of alert messages GC 4 69 logging sendmai...

Page 358: ...and to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in t...

Page 359: ...icates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 3 through 0 logging sendmail source email This command sets the email address used for the From field in alert messages Syntax logging sendmail s...

Page 360: ...emove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Example Console config logging sendmail sourc...

Page 361: ...ration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabl...

Page 362: ...ervers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 4 22 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 4 72 sntp server Specifies one or more time servers GC 4 73 sntp poll Sets the interval at which the client polls fo...

Page 363: ...Related Commands sntp server 4 73 sntp poll 4 74 show sntp 4 75 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Console config sntp server 10 1 0 ...

Page 364: ...nization requests based on the interval set via the sntp poll command Example Related Commands sntp client 4 72 sntp poll 4 74 show sntp 4 75 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds De...

Page 365: ...ed Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for sending time synchronization requests and the current SNTP mode i e unicast Example Console config sntp poll 60 Console config Console show sntp Current time Dec 23 05 13 28 2002 Poll interval 16 Current mode unicast SNTP status Enabled SNTP server 137 92 140 80 0 0 0 0 0 0 0...

Page 366: ...zone before east of UTC after utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the n...

Page 367: ...ange 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Defa...

Page 368: ... non volatile memory Console show calendar 15 12 34 February 1 2002 Console Table 4 23 System Status Commands Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 78 show running config Displays the configuration data currently in use PE 4 81 show system Displays system information NE PE 4 83 ...

Page 369: ...mmand displays the following information MAC address for the switch SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for management VLAN Layer 4 precedence settings Any configured settings for the console port and Te...

Page 370: ...97a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca VLAN database VLAN 1 media ethernet state active spanning tree MST configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface ethernet 1 9 switchport allowed vlan add 1 unta...

Page 371: ...displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for the switch SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spannin...

Page 372: ...password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca VLAN database VLAN 1 media ethernet state active spanning tree MST configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 interface ethernet 1 9 switchport allow...

Page 373: ... Console show system System description 8 10GE L2 Switch System OID string 1 3 6 1 4 1 202 20 47 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 30 F1 D4 73 A0 Web Server enable Web Server port 80 Web Secure server enable Web Secure Server Sort 443 Telnet Server enable Telnet Port 23 Jumbo ...

Page 374: ... e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168 1...

Page 375: ...s Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Command Mode Global Configuration Console show version Unit 1 Serial Number A000000022 Hardware Version R01 EPLD Version 1 00 Number of Ports 9 Main Power Status Up Redundant Power Status Not present Agent Master Unit ID 1 Loader Version 3 0 0 2 Boot ROM Version 3 0 0 6 Operation Code Version 3 0 0 4 Console Table 4 24 ...

Page 376: ... nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames The current setting for jumbo frames can be displayed with the show system command page 4 83 Example Flash File Commands These commands are used to manage the system code or configuration files Console config jumbo frame Console config Table 4...

Page 377: ...key file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH...

Page 378: ...mware or contact your distributor for help For information on specifying an https certificate see Replacing the Default Secure site Certificate on page 3 83 For information on configuring the switch to use HTTPS for a secure connection see ip http secure server on page 4 43 Example The following example shows how to upload the configuration settings to a file on the TFTP server The following examp...

Page 379: ... config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS certificate Source private file name SS private Private password Success Console reload System will be restarte...

Page 380: ...t Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg configuration file from flash memory Related Commands dir 4 91 delete public key 4 53 Console delete test2 cfg Console ...

Page 381: ... exists but contains errors information on this file cannot be shown Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files A colon is required after the specified unit number File information is shown below Table 4 26 File Directory Information Column Heading Description file name The name of the file file ...

Page 382: ...and for a description of the file information displayed by this command Console dir File name File type Startup Size byte Unit1 SMC8708L2_Diag_v3006 bix Boot Rom Image Y 1164420 SMC8708L2_Runtime_v3 0 0 4 bix Operation Code Y 3154548 Factory_Default_Config cfg Config File N 455 startup1 cfg Config File Y 1584 Total free space 29476544 Console whichboot File name File type Startup Size byte Unit1 S...

Page 383: ...nfig Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified unit number and file type If the file contains an error it cannot be set as the default file Example Related Commands dir 4 91 whichboot 4 92 Console config boot sy...

Page 384: ...logon authentication method and precedence 4 94 RADIUS Client Configures settings for authentication via a RADIUS server 4 97 TACACS Client Configures settings for authentication via a TACACS server 4 102 Port Security Configures secure addresses for a port 4 104 Port Authentication Configures host authentication on specific ports using 802 1X 4 107 Table 4 28 Authentication Sequence Commands Comm...

Page 385: ...pts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command ...

Page 386: ...US server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of...

Page 387: ...hentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands C...

Page 388: ... of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticat...

Page 389: ... 65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode ...

Page 390: ... 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 6553...

Page 391: ...ileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Server 1 Server IP address 192 168 1 1 Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Console ...

Page 392: ... host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Client Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 102 tacacs server por...

Page 393: ... 1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command M...

Page 394: ...eady stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disablin...

Page 395: ...when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Ports 1 8...

Page 396: ...et the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled using...

Page 397: ...t identity packet to the client before it times out the authentication session IC 4 108 dot1x port control Sets dot1x mode for a port interface IC 4 109 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 110 dot1x re authenticate Forces re authentication on specific ports PE 4 111 dot1x re authentication Enables re authentication for all ports IC 4 111 dot1x timeout quiet p...

Page 398: ...rable dot1x global and port settings to their default values Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of re...

Page 399: ... authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Example Console c...

Page 400: ...rd for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by the dot1x port control command page 4 105 In multi host mode only one host...

Page 401: ...ber Range 1 8 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication for a specified port Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Example Console dot1x re authenticate Console Console config interface eth 1 2 Console config if dot1x re au...

Page 402: ... Range 1 65535 Default 60 seconds Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configura...

Page 403: ...econds Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit This is unit 1 port Port number Range 1 8 Console config interface eth 1 ...

Page 404: ...tails Displays the port access control parameters for each interface including the following items reauth enabled Periodic re authentication page 4 111 reauth period Time after which a connected client must be re authenticated page 4 112 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 112 tx period Time a port waits during authent...

Page 405: ...ion Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Su...

Page 406: ...st Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 8 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Multi Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 3 Authenticator State Machine State Authenticated Reaut...

Page 407: ...opped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol ...

Page 408: ...nly work for destination mac known packets not for multicast broadcast or destination mac unknown packets The order in which active ACLs are checked is as follows 1 User defined rules in the Egress MAC ACL for egress ports 2 User defined rules in the Egress IP ACL for egress ports 3 User defined rules in the Ingress MAC ACL for ingress ports 4 User defined rules in the Ingress IP ACL for ingress p...

Page 409: ...Command Function Mode Page access list ip Creates an IP ACL and enters configuration mode for standard or extended IP ACLs GC 4 120 access list ip extended fragment auto m ask Automatically creates extra masks to support fragmented ACL entries GC 4 120 permit deny Filters packets matching a specified source IP address STD ACL 4 122 permit deny Filters packets meeting the specified criteria includi...

Page 410: ...None show access list ip mask precedence Shows the ingress or egress rule masks for IP ACLs PE 4 131 ip access group Adds a port to an IP ACL IC 4 132 show ip access group Shows port assignments for IP ACLs PE 4 132 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 133 show map access list ip Shows CoS value mapped to an access list for an i...

Page 411: ...e no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 122 ip access group 4 132 show ip access list 4 126 access list ip extended fragment auto mask This command automatically creates extra masks to support fragmented ACL entries Use the no form to disable this feature Syntax no access list...

Page 412: ... Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 b...

Page 413: ... destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask no permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags flag bitmask pro...

Page 414: ...ubnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedence and ToS in the same rule However if DSC...

Page 415: ...7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Related Commands access list ip 4 120 Console config ext acl permit 10 7...

Page 416: ...deny 4 122 ip access group 4 132 access list ip mask precedence This command changes to the IP Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified IP ACLs Command Mode...

Page 417: ...but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule Example Related Commands mask IP ACL 4 128 ip access group 4 132 Console config access list ip mask precedence in Console config ip ma...

Page 418: ...The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source port field destination port Check the protocol destination port field port bitmask...

Page 419: ...f precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the mask host ...

Page 420: ...sole config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list A3 ...

Page 421: ...fig access list ip extended 6 Switch config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch config ip mask...

Page 422: ...plies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Ports 1 8 Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it...

Page 423: ...ue is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list ip acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Ports 1 8 Console config int eth 1 2 Console config if...

Page 424: ...os map 4 256 show map access list ip 4 134 show map access list ip This command shows the CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Range 1 8 Command Mode Privileged Exec Table 4 35 Egress Queue Priorit...

Page 425: ...gth 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority tos_value IP Precedence value Range 0 7 dscp_value Differentiated Services Code Point value Range 0 63 Default Setting None Command Mode Interface Configuration Ethernet Ports 1 8 Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL ru...

Page 426: ...either the IP Precedence or DSCP priority type The precedence for priority mapping by this switch is IP Precedence or DSCP Priority and then 802 1p priority Example Related Commands show marking 4 136 show marking This command displays the current configuration for packet marking Command Mode Privileged Exec Example Related Commands match access list ip 4 135 Console config interface ethernet 1 12...

Page 427: ...ets a precedence mask for the ACL rules MAC Mask 4 142 show access list mac mask precedence Shows the ingress or egress rule masks for MAC ACLs PE 4 144 mac access group Adds a port to a MAC ACL IC 4 145 show mac access group Shows port assignments for MAC ACLs PE 4 145 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 146 show map access l...

Page 428: ... must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related ...

Page 429: ...vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit deny untagged 802 3 any host source source ad...

Page 430: ... the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access...

Page 431: ...sed to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified MAC ACLs Command Mode Global Configuration Command Usage You must configure a mask for an ACL rule before you can bind it to a...

Page 432: ...sk pktformat any host source bitmask any host destination bitmask vid vid bitmask ethertype ethertype bitmask pktformat Check the packet format field If this keyword must be used in the mask the packet format must be specified in ACL rule to match any Any address will be matched host The address must be for a single node source bitmask Source address of rule must match this bitmask destination bit...

Page 433: ...der of the rules have been changed by the mask Console config access list mac M4 Console config mac acl permit any any Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 Console config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 Console config access list mac mask precedence in Console c...

Page 434: ...ype 0806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console config access list mac mask precedence out Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 5 Console config if m...

Page 435: ...nd Mode Interface Configuration Ethernet Ports 1 8 Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show mac access list 4 141 show mac access group This command shows th...

Page 436: ...c acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Ports 1 8 Command Usage You must configure an ACL mask before you can map CoS values to the rule By default a packet matching a rule within the specified ACL is mapped to one of the output queues as shown below Console show ...

Page 437: ...nes the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is device 1 port Port number Range 1 8 Command Mode Privileged Exec Example Related Commands map access list mac 4 146 Console config int eth 1 5 Console config if map access list mac M5 cos 0 Console config if Console show map access list mac Access list to COS of...

Page 438: ...ccess list mac acl_name acl_name Name of the ACL Maximum length 16 characters priority Class of Service value in the IEEE 802 1p priority tag Range 0 7 7 is the highest priority Default Setting None Command Mode Interface Configuration Ethernet Ports 1 8 Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule Example Related Commands show marking 4 ...

Page 439: ... Commands Command Function Mode Page show access list Show all ACLs and associated rules PE 4 149 show access group Shows the ACLs assigned to each port PE 4 149 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 255 255 15 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 1...

Page 440: ...el i e SNMP v1 v2c or v3 and security level i e authentication and privacy and then assign SNMP users to these groups along with their specific authentication and privacy passwords Console show access group Interface ethernet 1 2 IP standard access list david MAC access list jerry Console Table 4 39 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 4 151 show snmp Disp...

Page 441: ...ications GC 4 158 snmp server engine id Sets the SNMP engine ID GC 4 159 show snmp engine id Shows the SNMP engine ID PE 4 160 snmp server view Adds an SNMP view GC 4 161 show snmp view Shows the SNMP views PE 4 162 snmp server group Adds an SNMP group mapping users to views GC 4 163 show snmp group Shows the SNMP groups PE 4 164 snmp server user Adds a user to an SNMP group GC 4 166 show snmp use...

Page 442: ... Example Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 ...

Page 443: ...s rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Example snmp server contact This comma...

Page 444: ...ng Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 4 153 Console config snmp server contact Paul Console config Console config snmp server location WC 19 Console config...

Page 445: ...eipt Range 0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you define thi...

Page 446: ...s command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are therefore not as reliable as inform m...

Page 447: ...onfigure a remote user page 4 166 The switch can send SNMP Version 1 2c or 3 notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does not specify the SNMP version the default is to send SNMP version 1 notifications If you specify an SNMP Version 3 host then the community string is interpreted as an SNMP user name If ...

Page 448: ...figure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the snmp server host ...

Page 449: ...et address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters Default Setting A unique engine ID is automatically generated by the switch based on its MAC address Command Mode Global Configuration Command Usage An SNMP engine is an independent SNMP agent that resides either on this switch or on a remote device This engine protects against messag...

Page 450: ... value 1234 is equivalent to 1234 followed by 22 zeroes A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users page 4 166 Example Related Commands snmp server host 4 155 show snmp engine id This command shows the...

Page 451: ... view Default Setting defaultview includes access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Table 4 40 show snmp engine id display description Field Description Local SNMP engineID String id...

Page 452: ... SNMP views Command Mode Privileged Exec Example Console config snmp server view mib 2 1 3 6 1 2 1 included Console config Console config snmp server view ifEntry 2 1 3 6 1 2 1 2 2 1 2 included Console config Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanen...

Page 453: ...ormation about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters notifyview Defines the view for notifications 1 64 characters Default Setting Default groups public27 read only private28 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is def...

Page 454: ...tion on the notification messages supported by this switch see Supported Notification Messages on page 3 67 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command page 4 158 Example show snmp group Four default groups are provided SNMPv1 read only access and read write access and SNMPv...

Page 455: ...v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 4 42 sho...

Page 456: ...nternet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 wit...

Page 457: ...remote device where the user resides The remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You t...

Page 458: ... Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 43 show snmp user display description Field Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Stora...

Page 459: ...erface when autonegotiation is disabled IC 4 171 negotiation Enables autonegotiation of a given interface IC 4 172 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 173 shutdown Disables an interface IC 4 174 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 175 clear counters Clears statistics on an interface PE 4 17...

Page 460: ...ange 1 8 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 4 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this i...

Page 461: ...bps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is Fast Ethernet port 100full 100 Mbps full duplex 10 Gigabit Ethernet p...

Page 462: ...pecified in the capabilities list for an interface Example The following example configures port 9 to 100 Mbps full duplex operation Related Commands negotiation 4 172 capabilities 4 173 negotiation This command enables autonegotiation for a given interface30 Use the no form to disable autonegotiation Syntax no negotiation Default Setting Disabled for Ports 1 8 Enabled for Port 9 Command Mode Inte...

Page 463: ...eed duplex 4 171 capabilities This command advertises the port capabilities of a given interface during autonegotiation31 Use the no form with parameters to remove an advertised capability or the no form without parameters to restore the default values Syntax no capabilities 100full 100half 10full 10half flowcontrol symmetric 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbp...

Page 464: ... and 100full Related Commands negotiation 4 172 speed duplex 4 171 shutdown This command disables an interface To restart a disabled interface use the no form Syntax no shutdown Default Setting All interfaces are enabled Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and ...

Page 465: ...Setting Enabled Packet rate limit 1042 pps Command Mode Interface Configuration Ethernet Ports 1 8 Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped Broadcast control does not effect IP multicast traffic Example The following shows how to configure broadcast storm control at 600 packets per second Console config interface ethernet 1 5 Con...

Page 466: ...ne Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics ...

Page 467: ...s device 1 port Port number Range 1 8 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 121 ...

Page 468: ... Exec Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic Information Port Type 10G Mac Address 00 0C DB 21 11 3B Configuration Name Port Admin Up Speed duplex 10G full Capabilities Broadcast Storm Enabled Broadcast Storm Limit 1042 packets second LACP Disabled Port Security Disabled Max MAC Count 0 Port Security Action None Media Type None Current Status Link Status Up Port O...

Page 469: ...t 3384 Broadcast Input 55 Broadcast Output 6 Ether like Stats Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal Mac Transmit Errors 0 Internal Mac Receive Errors 0 Frames Too Long 0 Carrier Sense Errors 0 Symbol Errors 0 RMON Stats Drop Events 0 Octets 694392 Packets 692...

Page 470: ...ileged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 4 Console show interfaces switchport ethernet 1 4 Broadcast Threshold Enabled 1042 packets second LACP Status Disabled Ingress Rate Limit Disabled 10000M bits per second Egress Rate Limit Disabled 10000M bits per second VLAN Membership Mode...

Page 471: ...bership mode as Trunk or Hybrid page 4 233 Ingress rule Shows if ingress filtering is enabled or disabled page 4 235 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 234 Native VLAN Indicates the default Port VLAN ID page 4 236 Priority for untagged traffic Indicates the default priority for untagged frames page 4 252 GVRP status Shows if GARP VL...

Page 472: ...ort unit This is unit 1 port Port number Range 1 8 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet Ports 1 8 destination port Table 4 46 Mirror Port Commands Command Func...

Page 473: ...essions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 8 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit This is unit 1 port Por...

Page 474: ... of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Console config if end Cons...

Page 475: ...gregation Commands Ports can be statically grouped into an aggregate link i e trunk to increase the bandwidth of a network connection or to ensure fault recovery Or you can use the Link Aggregation Control Protocol LACP to automatically negotiate a trunk link between this switch and another network device For static trunks the switches have to comply with the Cisco EtherChannel standard For dynami...

Page 476: ...Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 4 170 channel group Adds a port to a trunk IC Ethernet 4 187 Dynamic Configuration Commands lacp Configures LACP for the current interface IC Ethernet 4 188 lacp system priority Configures a port s LACP system priority IC Ethernet 4 190 lacp ad...

Page 477: ...annel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key is set then the port admin key must be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority...

Page 478: ...figuration Ethernet Ports 1 8 Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ...

Page 479: ...f exit Console config interface ethernet 1 7 Console config if lacp Console config if exit Console config interface ethernet 1 8 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port Type 10G Mac Address 00 0C DB 21 11 34 Configuration Name Port admin Up Speed duplex 10G full Capabilities Port security Disabled Max ...

Page 480: ...terface Configuration Ethernet Ports 1 8 Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already ...

Page 481: ...ACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote si...

Page 482: ...Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Inter...

Page 483: ... indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on tha...

Page 484: ...essages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Port channel 1 Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker Re...

Page 485: ... Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp 1 internal Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation lon...

Page 486: ...ed protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated ...

Page 487: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol part...

Page 488: ...up configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID Table 4 53 Address Table Commands Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 4 199 clear mac address table dynamic Removes any l...

Page 489: ...ts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristic...

Page 490: ... This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privileged Exec Example Console config mac address table static 00 e0 29 94 34 de interface ethernet 1 1 vlan 1 delete on reset Console config Console clear mac address table dynamic Console ...

Page 491: ... interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic addr...

Page 492: ...191 Example mac address table aging time This command sets the aging time for entries in the address table Use the no form to restore the default aging time Syntax mac address table aging time seconds no mac address table aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to ag...

Page 493: ...3 show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console show mac address table aging time Aging time 300 sec Console ...

Page 494: ...x age Configures the spanning tree bridge maximum age GC 4 209 spanning treepriority Configures the spanning tree bridge priority GC 4 210 spanning tree path cost method Configures the path cost method for RSTP MSTP GC 4 211 spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC 4 212 spanning tree mst configuration Changes to MSTP configuration mode GC 4 212 mst vlan ...

Page 495: ... spanning tree portfast Sets an interface to fast forwarding IC 4 221 spanning tree link type Configures the link type for RSTP MSTP IC 4 222 spanning tree mst cost Configures the path cost of an instance in the MST IC 4 223 spanning tree mst port priority Configures the priority of an instance in the MST IC 4 224 spanning tree protocol migration Re checks the appropriate BPDU format PE 4 225 show...

Page 496: ...two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command selects the spanning tree mode for this switch Use the no form to restore the default Syntax spanning tree mode stp rstp mstp no spanning tree mode stp Spanning Tree Proto...

Page 497: ...ceives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple sp...

Page 498: ... 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting ...

Page 499: ...guration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimum...

Page 500: ...d port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 65535 Range 0 61440 ...

Page 501: ...e default Syntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be ass...

Page 502: ... Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mode Default Setting No VLANs are mapped to any MST instance The region name is set the switch s MAC address Command Mode Global Configuration Example Consol...

Page 503: ... instances MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all b...

Page 504: ...s 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the d...

Page 505: ...Command Mode MST Configuration Command Usage The MST region name and revision number page 4 216 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands revision 4 216 Console config mstp mst 1 priority 4096 Co...

Page 506: ...d revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands name 4 215 max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to rest...

Page 507: ...the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Default Setting Enabled Command Mode Interface Config...

Page 508: ... mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 10 Gigabit Ethernet full duplex 1000 trunk 500 Command Mode Interface Con...

Page 509: ...figuration Ethernet Ports 1 8 Port Channel Command Usage This command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric...

Page 510: ...ding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems Ho...

Page 511: ...sed through the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This comma...

Page 512: ... Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on...

Page 513: ...t 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 10 Gigabit Ethernet 200 20 000 Default Setting By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 50...

Page 514: ...e mst port priority 4 224 spanning tree mst port priority This command configures the interface priority on a spanning instance in the Multiple Spanning Tree Use the no form to restore the default Syntax spanning tree mst instance_id port priority priority no spanning tree mst instance_id port priority instance_id Instance identifier of the spanning tree Range 0 4094 no leading zeroes priority Pri...

Page 515: ...anning tree mst cost 4 223 spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs includin...

Page 516: ...et unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading zeroes Default Setting None Command Mode Privileged Exec Command Usage Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and ...

Page 517: ... tree configuration for an instance within the Multiple Spanning Tree MST For a description of the items displayed under Spanning tree information see Configuring Global Settings on page 3 163 For a description of the items displayed for specific interfaces see Displaying Interface Settings on page 3 168 ...

Page 518: ...port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External admin path cost 10000 Internal admin cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 3276...

Page 519: ...le show spanning tree mst configuration Mstp Configuration Information Configuration name R D Revision level 0 Instance Vlans 1 2 Console Table 4 55 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 230 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and...

Page 520: ...ring the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 239 Table 4 56 Editing VLAN Groups Command Function Mode Page vlan database Ent...

Page 521: ...llowed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to ...

Page 522: ... for a specified VLAN IC 4 232 switchport mode Configures VLAN membership mode for an interface IC 4 233 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 234 switchport ingress filtering Enables ingress filtering on an interface IC 4 235 switchport native vlan Configures the PVID native VLAN of an interface IC 4 236 switchport allowed vlan Configures the...

Page 523: ...port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid ...

Page 524: ...ll The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 t...

Page 525: ...gged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN depe...

Page 526: ...nterface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames en...

Page 527: ...ommand Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when add...

Page 528: ... VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage This command prevents...

Page 529: ...owed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 58 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 239 show interfaces status vlan Displays stat...

Page 530: ...LAN Syntax pvlan up link interface list down link interface list no pvlan up link Specifies an uplink interface down link Specifies a downlink interface Default Setting No private VLANs are defined Command Mode Global Configuration Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S ...

Page 531: ...s with the pvlan command before configuring port members as shown in the following example Entering no pvlan disables the private VLAN Example This example enables the private VLAN and then sets port 12 as the uplink and ports 5 8 as the downlinks show pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethe...

Page 532: ... use by the inbound packets To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 231 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the protoc...

Page 533: ...tocol group Range 1 2147483647 frame32 Frame type used by this protocol Options ethernet rfc_1042 llc_other protocol Protocol type The only option for the llc_other frame type is ipx_raw The options for all other frames types include ip arp rarp Default Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 and specifies Ethernet ...

Page 534: ...face Configuration Ethernet Ports 1 8 Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as vlan on page 4 231 these interfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in ...

Page 535: ...show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 Default Setting All protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 2 Console config if Console show protocol vlan proto...

Page 536: ...terface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolGroup ID Vl...

Page 537: ...ch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Command Mode Global Configuration Table 4 61 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 247 show bridge ext Shows the global bridge extension configuration PE 4 248 switchport gvrp Enables GVRP for an interface IC 4 249 switchport forbidde...

Page 538: ...n commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 3 189 and Displaying Bridge Extension Capabilities on page 3 18 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4094 Extended multicast filtering services No S...

Page 539: ...command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Consol...

Page 540: ...face Configuration Ethernet Ports 1 8 Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP ...

Page 541: ... unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 250 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centisecond...

Page 542: ... Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 252 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4 259 Table 4 63 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round ...

Page 543: ...4 6 8 10 12 14 for queues 0 7 respectively Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR us...

Page 544: ...agged ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority is not set and the default value for untagged frames received on the interface is zero Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority The defa...

Page 545: ...are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 queue bandwidth This command assigns weighted round robin WRR weights to the eight class of service CoS priority queues Use the no form to restore the default weights Syntax queue bandwidth weight1 weight8 no queue bandwidth weight1 weight8 The ratio of weights for q...

Page 546: ...os1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned ac...

Page 547: ...to one mapping Related Commands show queue cos map 4 258 show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if end Console show queue cos map ethernet 1 1 Information of Eth ...

Page 548: ...mmand Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting None Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 ...

Page 549: ...0 1 3 4 5 6 7 Console Table 4 65 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of service mapping GC 4 259 map ip port Maps TCP UDP socket to a class of service IC 4 260 map ip precedence Enables IP precedence class of service mapping GC 4 261 map ip precedence Maps IP precedence value to a class of service IC 4 261 map ip dscp Enables IP DSCP class o...

Page 550: ...s value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Ports 1 8 Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority This command sets the IP port priority for all interfaces Exa...

Page 551: ... Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally map ip precedence Interface Configuration This command sets IP precedence priority i e IP Type of Service priority Use the no form to restore the default table Syntax map ip precedence ip prece...

Page 552: ...equently mapped to the eight hardware priority queues This command sets the IP Precedence for all interfaces Example The following example shows how to map IP precedence value 1 to CoS value 0 map ip dscp Global Configuration This command enables IP DSCP mapping i e Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Syntax no map ip dscp Default Setting Disabled ...

Page 553: ...sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to Co...

Page 554: ...hen subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip port This command shows the IP port priority map Syntax show map ip port interface interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1...

Page 555: ...iguration 4 260 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 0 Console ...

Page 556: ...ty map Syntax show map ip dscp interface interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 Cons...

Page 557: ...itch router to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Table 4 68 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignme...

Page 558: ...g Table 4 69 IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 4 268 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4 269 ip igmp snooping version Configures the IGMP version for snooping GC 4 269 show ip igmp snooping Shows the IGMP snooping and query configuration PE 4 270 show mac address table multicast Shows the IGM...

Page 559: ...nit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port ip igmp snooping version This command configures the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp snooping version 1 I...

Page 560: ...e Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping This command shows the IGMP snooping configuration Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Query Parameters on page 3 223 for a desc...

Page 561: ...GMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The following shows the multicast entries learned through IGMP snooping for VLAN 1 Console show ip igmp snooping Service status Enabled Querier status Disabled Query count 2 Query interval 125 sec Query max response time 10 sec Router port e...

Page 562: ... hosts if they want to receive multicast traffic Example Table 4 70 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 272 ip igmp snooping query count Configures the query count GC 4 273 ip igmp snooping query interval Configures the query interval GC 4 274 ip igmp snooping query max response ti me Config...

Page 563: ... Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not responded then that client...

Page 564: ...conds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This command configures the query report delay Use the no form to restore the default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Ra...

Page 565: ...roup Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 269 ip igmp snooping query max response time 4 274 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax ip igmp snooping router port expire time seconds no ip igmp snooping router port expir...

Page 566: ...to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is unit 1 port Port number Range 1 8 port channel channel id Range 1 4 Default Setting No static multicast router ports are configured Console config ip igmp snooping router port expire time 300 Console config Table 4 71 Static Multicast Routing ...

Page 567: ...he current multicast groups Example The following shows how to configure port 1 as a multicast router port within VLAN 1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configur...

Page 568: ...er devices that exist on another network segment Basic IP Configuration Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static Console Table 4 72 Basic IP Configuration Commands Command Function Mode Page ip address Sets the IP address for the current interface IC 4 279 ip default gateway Defines the default gateway through which an in band management station ...

Page 569: ...n IP address to this device to gain management access over the network You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but w...

Page 570: ...signed an address in VLAN 1 Related Commands ip dhcp restart 4 281 ip default gateway This command establishes a static route between this switch and devices that exist on another network segment Use the no form to remove the static route Syntax no ip default gateway gateway gateway IP address of the default gateway Default Setting No static route is established Command Mode Global Configuration C...

Page 571: ...d DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Console config ip default gateway 10 1 1 254 Console config Console config interface vlan 1...

Page 572: ...Commands show ip redirects 4 282 show ip redirects This command shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 4 280 Console show ip interface IP Address and Netmask 192 168 1 58 255 255 255 0 on VLAN 1 Address Mode DHCP Console Console show ip redirects ip default gateway 10 1 0 254 Console ...

Page 573: ...ting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in t...

Page 574: ...payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console Table 4 73 DNS Commands Command Function Mode Page ip host Creates a static host name to ad...

Page 575: ...evices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device ip domain lookup Enables DNS based host name to address translation GC 4 290 show hosts Displays the static host name to address mapping table PE 4 ...

Page 576: ...e Name of the host Range 1 64 characters Removes all entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table Console config ip host rd5 192 168 1 55 10 1 0 55 Console config end Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias Console Console config clear host Console config ...

Page 577: ...no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Example Related Commands ip domain list 4 288 ip name server 4 289 ip domain lookup 4 290 Console config ip domain name sample com Console config end Console show dns Domain Lookup Status DNS disabled D...

Page 578: ...e host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is received by the DNS service on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for...

Page 579: ...6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Console config ip domain list sample com jp Console config ip...

Page 580: ... Syntax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Console config ip domain server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain ...

Page 581: ...eged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console show hosts Hostname rd5 Inet addr...

Page 582: ...jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc accton com tw 1 4 CNAME 10 2 44 3 898 ahten accton com tw 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6...

Page 583: ... a cache entry and therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console clear ...

Page 584: ...COMMAND LINE INTERFACE 4 294 ...

Page 585: ...trol Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Protocol STP IEEE 802 1D Rapid Spanning Tree Protocol RSTP IEEE 802 1w Multiple Spann...

Page 586: ...lient SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading TFTP in band or XModem out of band SNMP Management access via MIB database Trap management to specif...

Page 587: ...RADIUS RFC 2618 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC DRAFT 3414 2570 2273 3411 3415 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 Management Information Bases Bridge MIB RFC 1493 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863...

Page 588: ...FC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMP Community MIB RFC 2576 TACACS Authentication Client MIB TCP MIB RFC 2013 Trap RFC 1215 UDP MIB RFC 2012 ...

Page 589: ... the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate swit...

Page 590: ... SSH client Be sure you have set up an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 sto...

Page 591: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 592: ...TROUBLESHOOTING B 4 ...

Page 593: ...efault the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services DiffServ DiffServ provides quality of service on large networks by employing a well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particular forw...

Page 594: ... Port Authentication standard GARP VLAN Registration Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to...

Page 595: ...IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IGMP Snooping Listening to IGMP Query and IGMP Report packets transfe...

Page 596: ...ining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The eight values are mapped one to one to the Class of Service categories by default but may be configured differently to suit the requirements for specific network applications Layer 2 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related...

Page 597: ...me servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio Out of Band Management Management of the network from a station not attached to the network Port Authentication See IEEE 802 1X Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting ...

Page 598: ... on a variety of traffic conditions including specific error types Rapid Spanning Tree Protocol RSTP RSTP reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Secure Shell SSH A secure replacement for remote access functions including Telnet SSH can authenticate users with a cryptographic key and encrypt data connections betwe...

Page 599: ... that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A TCP IP protocol commonly used for software downloads User Datagram Protocol UDP UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like services UDP packets are delivered just like IP pa...

Page 600: ...an be configured to take over the workload if the master fails or to load share the traffic The primary goal of VRRP is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down XModem A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected ...

Page 601: ...t priority 3 217 4 259 IP precedence 3 213 4 261 layer 3 4 priorities 3 212 4 259 queue mapping 3 208 4 256 queue mode 3 209 4 253 traffic class weights 3 210 4 255 D default gateway configuration 3 21 4 280 default priority ingress port 3 206 4 254 default settings system 1 7 DHCP 3 22 4 279 client 3 21 4 284 dynamic configuration 2 7 Differentiated Code Point Service See DSCP DNS default domain ...

Page 602: ...97 4 235 IP address BOOTP DHCP 3 22 4 279 setting 2 6 3 20 4 279 IP port priority enabling 3 217 4 259 mapping priorities 3 217 4 260 IP precedence enabling 3 213 4 261 mapping priorities 3 213 4 261 J jumbo frame 4 85 L LACP configuration 4 185 local parameters 3 136 4 194 partner parameters 3 139 4 194 protocol message statistics 4 194 protocol parameters 3 132 4 185 Link Aggregation Control Pro...

Page 603: ...rts configuring 3 121 4 169 ports mirroring 3 143 4 182 priority default port ingress 3 206 4 254 problems troubleshooting B 1 protocol migration 3 175 4 225 Q queue weights 3 210 4 255 R RADIUS logon authentication 3 76 4 97 rate limits setting 3 145 4 184 remote logging 4 63 restarting the system 3 46 4 30 RSTP 3 156 4 206 global configuration 3 158 4 206 S secure shell 3 84 4 46 Secure Shell co...

Page 604: ...ng 3 47 4 72 traffic class weights 3 210 4 255 trap manager 2 11 3 55 4 155 troubleshooting B 1 trunk configuration 3 127 4 185 LACP 3 130 4 185 4 188 static 3 128 4 187 U upgrading software 3 27 4 87 user account 3 75 user password 3 75 4 36 4 37 V VLANs 3 184 3 201 4 229 4 241 adding static members 3 194 3 196 4 237 creating 3 192 4 231 description 3 184 displaying basic information 3 189 4 248 ...

Page 605: ......

Page 606: ...ax 33 0 41 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10...

Reviews:

No comments

Related manuals for 8708L2

process-informatik CONNECT Series Operation Quick Start Manual preview
CONNECT Series
Brand: process-informatik Pages: 8
TP-Link VIGI NVR1008 Quick Installation Manual preview
VIGI NVR1008
Brand: TP-Link Pages: 2
US Robotics USR8700 Quick Installation Manual preview
USR8700
Brand: US Robotics Pages: 36
Multitech MultiConnect SE MTS2EA Quick Start Manual preview
MultiConnect SE MTS2EA
Brand: Multitech Pages: 8
Moxa Technologies PT-7710 Series Hardware Installation Manual preview
PT-7710 Series
Brand: Moxa Technologies Pages: 2
KYLAND Technology KIEN1009 Hardware Installation Manual preview
KIEN1009
Brand: KYLAND Technology Pages: 24
Modecom MC-421 Quick Installation Manual preview
MC-421
Brand: Modecom Pages: 16
Nexxt Amp300 Quick Installation Manual preview
Amp300
Brand: Nexxt Pages: 2
Gtran Wireless DotSurfer GPC-2100 User Manual preview
DotSurfer GPC-2100
Brand: Gtran Wireless Pages: 44
Net Optics Phantom HD Quick Install Manual preview
Phantom HD
Brand: Net Optics Pages: 2
Acard ARS-2212 User Manual preview
ARS-2212
Brand: Acard Pages: 43
Planet VR-300 Series User Manual preview
VR-300 Series
Brand: Planet Pages: 136
AMCI RBE2-8 User Manual preview
RBE2-8
Brand: AMCI Pages: 55
WAVESYS WSIL-1204-GT2-SFP2 Hardware User Manual preview
WSIL-1204-GT2-SFP2
Brand: WAVESYS Pages: 21
Devolo Kurulum Manual preview
Kurulum
Brand: Devolo Pages: 24
Quamtum HotSpot HS2 User Manual preview
HotSpot HS2
Brand: Quamtum Pages: 42
Billion BiPAC 8200AXL-1200 User Manual preview
BiPAC 8200AXL-1200
Brand: Billion Pages: 94
Billionton GMIWLGRL2 User Manual preview
GMIWLGRL2
Brand: Billionton Pages: 26

Brands by name

Popular brands

Load more brands