manualshive.com logo in svg

SMC Networks 8724M INT - annexe 1, Management Manual

The SMC Networks 8724M INT - annexe 1 is a versatile and high-performance product. Our website offers the Installation Manual for this device, available for free download. With this comprehensive manual, you can easily install and set up the product to enjoy its full potential. Download it now from manualshive.com.

Share
Download
background image

C

OMMAND

 L

INE

 I

NTERFACE

4-120

Command Usage

• New rules are appended to the end of the list.
• Address bitmasks are similar to a subnet mask, containing four 

integers from 0 to 255, each separated by a period. The binary mask 
uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The 
bitmask is bitwise ANDed with the specified source IP address, and 
then compared with the address for each IP packet entering the port(s) 
to which this ACL has been assigned.

Example 

This example configures one permit rule for the specific address 10.1.1.21 
and another rule for the address range 168.92.16.x – 168.92.31.x using a 
bitmask.

Related Commands

access-list ip (4-118)

permit

,

 deny 

(Extended ACL)

 

This command adds a rule to an Extended IP ACL. The rule sets a filter 
condition for packets with specific source or destination IP addresses, 
protocol types, source or destination protocol ports, or TCP control codes. 
Use the 

no

 form to remove a rule.

Syntax

[

no

] {

permit | deny

}

 

[

protocol

-

number | 

udp

{

any 

|

 

source address-bitmask | 

host

 

source

{

any

 | 

destination address-bitmask | 

host 

destination

}

[

precedence

 

precedence

] [

tos

 

tos

] [

dscp

 

dscp

]

[

source-port

 

sport 

[

end

]] [

destination-port

 

dport 

[

end

]]

[

no

] {

permit | deny

}

 tcp

 

{

any 

|

 

source address-bitmask | 

host

 

source

{

any

 | 

destination address-bitmask | 

host 

destination

}

Console(config-std-acl)#permit host 10.1.1.21
Console(config-std-acl)#permit 168.92.16.0 255.255.240.0
Console(config-std-acl)#

Summary of Contents for 8724M INT - annexe 1

Page 1: ... in standalone mode Stacks up to 8 units SMC6224M Stacks up to 4 units SMC6248M Non blocking switching architecture Spanning Tree Protocol and Rapid STP Up to four LACP or static 8 port trunks RADIUS and TACACS authentication Rate limiting for bandwidth management CoS support for four level priority Full support for VLANs with GVRP IP Multicasting with IGMP Snooping Manageable via console Web SNMP...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerStack 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions January 2005 Pub 149100005900 ...

Page 4: ...e is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...CIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTIO...

Page 7: ...face for Management Access 2 6 Basic Configuration 2 7 Console Connection 2 7 Setting Passwords 2 8 Setting an IP Address 2 9 Manual Configuration 2 9 Dynamic Configuration 2 10 Enabling SNMP Management Access 2 11 Community Strings 2 12 Trap Receivers 2 13 Saving Configuration Settings 2 13 Managing System Files 2 14 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Brow...

Page 8: ...r Protocol Alerts 3 39 Resetting the System 3 41 Setting the System Clock 3 42 Configuring SNTP 3 42 Setting the Time Zone 3 44 Simple Network Management Protocol 3 45 Setting Community Access Strings 3 45 Specifying Trap Managers and Trap Types 3 46 User Authentication 3 48 Configuring User Accounts 3 48 Configuring Local Remote Logon Authentication 3 50 Configuring HTTPS 3 54 Replacing the Defau...

Page 9: ...CP Port Counters 3 103 Displaying LACP Settings and Status for the Local Side 3 104 Displaying LACP Settings and Status for the Remote Side 3 107 Setting Broadcast Storm Thresholds 3 109 Configuring Port Mirroring 3 111 Configuring Rate Limits 3 113 Rate Limit Granularity 3 113 Rate Limit Configuration 3 114 Showing Port Statistics 3 115 Address Table Settings 3 122 Setting Static Addresses 3 122 ...

Page 10: ...o Egress Queues 3 171 Selecting the Queue Mode 3 173 Setting the Service Weight for Traffic Classes 3 174 Layer 3 4 Priority Settings 3 175 Mapping Layer 3 4 Priorities to CoS Values 3 175 Selecting IP Precedence DSCP Priority 3 176 Mapping IP Precedence 3 176 Mapping DSCP Priority 3 178 Mapping IP Port Priority 3 180 Mapping CoS Values to ACLs 3 182 Multicast Filtering 3 184 Layer 2 IGMP Snooping...

Page 11: ...ory 4 7 Understanding Command Modes 4 8 Exec Commands 4 8 Configuration Commands 4 9 Command Line Processing 4 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 timeout login response 4 18 exec timeout 4 19 password thresh 4 20 silent time 4 21 databits 4 22 parity 4 23 speed 4 23 stopbits 4 24 disconnect 4 25 show line 4 25 General Commands 4 26 enable 4 27 disable 4 28...

Page 12: ...ver 4 42 ip http secure port 4 43 Telnet Server Commands 4 44 ip telnet port 4 44 ip telnet server 4 45 Secure Shell Commands 4 46 ip ssh server 4 49 ip ssh timeout 4 50 ip ssh authentication retries 4 51 ip ssh server key size 4 51 delete public key 4 52 ip ssh crypto host key generate 4 52 ip ssh crypto zeroize 4 53 ip ssh save host key 4 54 show ip ssh 4 55 show ssh 4 55 show public key 4 56 Ev...

Page 13: ...nt 4 72 sntp server 4 73 sntp poll 4 74 show sntp 4 74 clock timezone 4 75 calendar set 4 76 show calendar 4 77 System Status Commands 4 77 light unit 4 78 show startup config 4 78 show running config 4 80 show system 4 82 show users 4 83 show version 4 83 Frame Size Commands 4 84 jumbo frame 4 84 Flash File Commands 4 85 copy 4 86 delete 4 89 dir 4 90 whichboot 4 91 boot system 4 92 Authenticatio...

Page 14: ...ication 4 106 dot1x system auth control 4 107 dot1x default 4 107 dot1x max req 4 107 dot1x port control 4 108 dot1x operation mode 4 109 dot1x re authenticate 4 110 dot1x re authentication 4 110 dot1x timeout quiet period 4 111 dot1x timeout re authperiod 4 111 dot1x timeout tx period 4 112 show dot1x 4 112 Access Control List Commands 4 116 IP ACLs 4 117 access list ip 4 118 permit deny Standard...

Page 15: ...t 4 136 snmp server location 4 137 snmp server host 4 138 snmp server enable traps 4 139 show snmp 4 140 Interface Commands 4 142 interface 4 143 description 4 143 speed duplex 4 144 negotiation 4 145 capabilities 4 146 flowcontrol 4 147 shutdown 4 148 switchport broadcast packet rate 4 149 clear counters 4 150 show interfaces status 4 151 show interfaces counters 4 152 show interfaces switchport ...

Page 16: ... table aging time 4 179 Spanning Tree Commands 4 180 spanning tree 4 181 spanning tree mode 4 182 spanning tree forward time 4 183 spanning tree hello time 4 183 spanning tree max age 4 184 spanning tree priority 4 185 spanning tree pathcost method 4 186 spanning tree transmission limit 4 186 spanning tree spanning disabled 4 187 spanning tree cost 4 188 spanning tree port priority 4 189 spanning ...

Page 17: ...2 switchport private vlan isolated 4 212 switchport private vlan mapping 4 213 show vlan private vlan 4 214 GVRP and Bridge Extension Commands 4 215 bridge ext gvrp 4 215 show bridge ext 4 216 switchport gvrp 4 217 show gvrp configuration 4 217 garp timer 4 218 show garp timer 4 219 Priority Commands 4 220 Priority Commands Layer 2 4 220 queue mode 4 221 switchport priority default 4 222 queue ban...

Page 18: ... 238 show ip igmp snooping 4 239 show mac address table multicast 4 239 IGMP Query Commands Layer 2 4 240 ip igmp snooping querier 4 241 ip igmp snooping query count 4 241 ip igmp snooping query interval 4 242 ip igmp snooping query max response time 4 243 ip igmp snooping router port expire time 4 244 Static Multicast Routing Commands 4 245 ip igmp snooping vlan mrouter 4 245 show ip igmp snoopin...

Page 19: ...Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 3 Management Information Bases A 4 B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3 Glossary Index ...

Page 20: ...CONTENTS xvi ...

Page 21: ... Egress Queue Priority Mapping 3 182 Table 4 1 Command Modes 4 8 Table 4 2 Configuration Modes 4 10 Table 4 3 Command Line Processing 4 11 Table 4 4 Command Groups 4 12 Table 4 5 Line Commands 4 14 Table 4 6 General Commands 4 26 Table 4 7 System Management Commands 4 32 Table 4 8 Device Designation Commands 4 33 Table 4 9 User Access Commands 4 34 Table 4 10 Default Login Settings 4 35 Table 4 11...

Page 22: ...ng 4 132 Table 4 38 ACL Information 4 133 Table 4 39 SNMP Commands 4 135 Table 4 40 Interface Commands 4 142 Table 4 41 Interfaces Switchport Statistics 4 155 Table 4 42 Mirror Port Commands 4 156 Table 4 43 Rate Limit Commands 4 158 Table 4 44 Link Aggregation Commands 4 162 Table 4 45 show lacp counters display description 4 171 Table 4 46 show lacp internal display description 4 172 Table 4 47 ...

Page 23: ...227 Table 4 61 Mapping IP Precedence Values 4 230 Table 4 62 IP DSCP to CoS Values 4 232 Table 4 63 Multicast Filtering Commands 4 236 Table 4 64 IGMP Snooping Commands 4 236 Table 4 65 IGMP Query Commands Layer 2 4 240 Table 4 66 Static Multicast Routing Commands 4 245 Table 4 67 IP Interface Commands 4 247 Table B 1 Troubleshooting Chart B 1 ...

Page 24: ...TABLES xx ...

Page 25: ...Figure 3 17 Displaying Logs 3 38 Figure 3 18 Enabling and Configuring SMTP Alerts 3 40 Figure 3 19 Resetting the System 3 41 Figure 3 20 SNTP Configuration 3 43 Figure 3 21 Setting the System Clock 3 44 Figure 3 22 Configuring SNMP Community Strings 3 46 Figure 3 23 Configuring IP Trap Managers 3 47 Figure 3 24 Access Levels 3 49 Figure 3 25 Authentication Settings 3 53 Figure 3 26 HTTPS Settings ...

Page 26: ...cs 3 120 Figure 3 53 Configuring a Static Address Table 3 123 Figure 3 54 Configuring a Dynamic Address Table 3 125 Figure 3 55 Setting the Address Aging Time 3 126 Figure 3 56 STA Information 3 130 Figure 3 57 STA Configuration 3 135 Figure 3 58 STA Port Information 3 139 Figure 3 59 STA Port Configuration 3 143 Figure 3 60 Enabling GVRP 3 148 Figure 3 61 VLAN Basic Information 3 149 Figure 3 62 ...

Page 27: ... 3 78 Mapping IP DSCP Priority Values 3 179 Figure 3 79 IP Port Priority Status 3 181 Figure 3 80 IP Port Priority 3 181 Figure 3 81 ACL CoS Priority 3 183 Figure 3 82 IGMP Configuration 3 187 Figure 3 83 Displaying Multicast Router Port Information 3 188 Figure 3 84 Static Multicast Router Port Configuration 3 190 Figure 3 85 IP Multicast Registration Table 3 191 Figure 3 86 IGMP Member Port Tabl...

Page 28: ...FIGURES xxiv ...

Page 29: ...performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP v1 2c Community strings Port IEEE 802 1X MAC address filtering Access Control Lists Supports up to 88 IP or MAC ACLs DHCP Client Supported Port ...

Page 30: ...ications Some of the management features are briefly described below Port Trunking Supports up to 4 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address Up to 8K MAC addresses in the forwarding table IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eli...

Page 31: ...gement access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering for IP frames based on address protocol TCP UDP port number or TCP control code or any frames based on MAC address or Ethernet type ACLs can be used to improve performance by blocking unnecessary ne...

Page 32: ...ing over the load if a port in the trunk should fail The switch supports up to four trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffic passing through the port is restricted If broadcast traffic rises above a pre defined threshold it will be throttled until the level falls back beneath ...

Page 33: ...s to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alternate path will be activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to 3 to 5 seconds compared to 30 seconds o...

Page 34: ... queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions can be used to provide independent priorities for delay sensitive data and best effort data This switch also supports several common methods of prioritizing layer 3 4 traffic to meet application requirements Traffic c...

Page 35: ...2 System Defaults Function Parameter Default Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Po...

Page 36: ... Status Enabled Auto negotiation Enabled Flow Control Disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Disabled all ports Broadcast Limit Rate 32 000 octets per second Spanning Tree Algorithm Status Enabled RSTP Defaults All values based on IEEE 802 1w Fast Forwarding Edge Port Disabled Address Table ...

Page 37: ...4 6 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 6 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled ...

Page 38: ...INTRODUCTION 1 10 ...

Page 39: ...witch s HTTP web agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 seri...

Page 40: ...Ns Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Configure up to 4 static or LACP trunks Enable port mirroring Set broadcast storm control on any port Display system information and stati...

Page 41: ...terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud rate to 9600 bps Set the data format to 8 data bits 1 stop bit and no parity Set flow control to none Set the emulation mode to VT100 When using HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make sure that you have...

Page 42: ...amic address assignment via DHCP or BOOTP see Setting an IP Address on page 2 9 Note This switch supports four concurrent Telnet SSH sessions After configuring the switch s IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can al...

Page 43: ... initially powered on the Master unit is designated as unit 1 in a ring topology In a line topology the stack is simply numbered from top to bottom with the first unit in the stack designated at unit 1 This unit identification number can be selected on the front panel graphic of the web interface or from the CLI To configure any unit in the stack first verify the unit number by counting down from ...

Page 44: ...nts of failure to break the stack apart The stack will merely reboot to detect the new stack s topology and then resume normal operation When a link or unit in the stack fails a trap message is sent and a failure event is logged The stack will be rebooted after any system failure or topology change It takes two to three minutes for the stack to reboot Also note that powering down a unit or inserti...

Page 45: ...ou can only access the console interface through the Master unit in the stack Access to both CLI levels are controlled by user names and passwords The switch has a default user name and password for each level To log into the CLI at the Privileged Exec level using the default user name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification p...

Page 46: ... and password admin to access the Privileged Exec level 2 Type configure and press Enter 3 Type username guest password 0 password for the Normal Exec level where password is your new password Press Enter 4 Type username admin password 0 password for the Privileged Exec level where password is your new password Press Enter Note 0 specifies the password in plain text 7 specifies the password in enc...

Page 47: ...he switch You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Note The IP address for this switch is obtained via DHCP by default Before you can assign an IP ad...

Page 48: ...restart command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can include the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service requests as soon as it is powered on To automatically conf...

Page 49: ...on changes by typing copy running config startup config Enter the startup file name and press Enter Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol SNMP applications such as SMC EliteView You can configure the switch to 1 respond to SNMP requests or 2 generate SNMP traps Console config interface vlan 1 Console confi...

Page 50: ...access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized management stations are able to both retrieve and modify MIB objects Note If you do not intend to utilize SNMP we recommend that you delete both of the default community strings If there are no community strings then SNMP m...

Page 51: ...tifications you must enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link up down Press Enter Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the runnin...

Page 52: ...t up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system See Saving or Restoring Configuration Settings on page 3 24 for more information Operation Code System software that is executed after boot up also known as run time code This code runs the switch operations and provides...

Page 53: ...of each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the setti...

Page 54: ...INITIAL CONFIGURATION 2 16 ...

Page 55: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 9 2 Set user names and password...

Page 56: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 57: ...nnects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Note The examples in this chapter are based on the SMC6224M Other than the number of ...

Page 58: ...sit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or wit...

Page 59: ...13 Bridge Extension Shows the bridge extension parameters 3 15 IP Configuration Sets the IP address for management access 3 17 File 3 21 Copy Allows the transfer and copying files 3 21 Delete Allows deletion of files from the flash memory 3 22 Set Startup Sets the startup file 3 22 Line 3 28 Console Sets console port connection parameters 3 28 Telnet Sets Telnet connection parameters 3 30 Log 3 33...

Page 60: ...ost Key Settings Generates the host key pair public and private 3 60 Settings Configures Secure Shell server settings 3 62 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 3 64 802 1X Port authentication 3 66 Information Displays global configuration settings 3 69 Configuration Configures the global configuration setting 3 6...

Page 61: ... 99 Port Counters Displays statistics for LACP protocol messages 3 103 Port Internal Information Displays settings and operational state for the local side 3 104 Port Neighbors Information Displays settings and operational state for the remote side 3 107 Port Broadcast Control Sets the broadcast storm threshold for each port 3 109 Trunk Broadcast Control Sets the broadcast storm threshold for each...

Page 62: ...ures global bridge settings for STA and RSTP 3 132 Port Information Displays individual port settings for STA 3 136 Trunk Information Displays individual trunk settings for STA 3 136 Port Configuration Configures individual port settings for STA 3 140 Trunk Configuration Configures individual trunk settings for STA 3 140 VLAN 3 143 802 1Q VLAN GVRP Status Enables GVRP VLAN registration protocol 3 ...

Page 63: ...r secondary VLANs 3 165 Port Configuration Sets the private VLAN interface type and associates the interfaces with a private VLAN 3 166 Trunk Information Shows VLAN port type and associated primary or secondary VLANs 3 165 Trunk Configuration Sets the private VLAN interface type and associates the interfaces with a private VLAN 3 166 Priority 3 169 Default Port Priority Sets the default priority f...

Page 64: ...and associated class of service value 3 180 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 182 IGMP Snooping 3 184 IGMP Configuration Enables multicast filtering configures parameters for multicast query 3 185 Multicast Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 3 188 Static ...

Page 65: ...m System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enabled Web secure server port Shows the T...

Page 66: ...stem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interface via Telnet Figure 3 3 System Information ...

Page 67: ...ver location WC 9 4 137 Console config snmp server contact Ted 4 136 Console config exit Console show system 4 82 System description 24 Port 10 100Mbps Stackable Managed Switch with 2 optional uplink modules System OID string 1 3 6 1 4 1 202 20 43 System information System Up time 0 days 2 hours 4 minutes and 7 13 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC address 00 30 ...

Page 68: ...ST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Combination RJ 45 SFP ports These additional parameters are displayed for the CLI Unit ID Unit number in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 3 4 Swit...

Page 69: ...lasses This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 3 169 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 122 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database ...

Page 70: ...VLAN Capable This switch does not support multiple local bridges outside of the scope of 802 1Q defined VLANs GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstations with multicast groups This switch does not support GMRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Configuration...

Page 71: ... 255 separated by periods Anything outside this format will not be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all ports on the switch are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whet...

Page 72: ... address bits used for routing to specific subnets Default 255 0 0 0 Gateway IP address IP address of the gateway router between this device and management stations that exist on other network segments Default 0 0 0 0 MAC Address The physical layer address for this switch Restart DHCP Requests a new IP address from the DHCP server Manual Configuration Web Click System IP Configuration Select the V...

Page 73: ...P Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to determine the new switch address Console config Console config interfa...

Page 74: ...quest to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Console config Console config interface vlan 1 4 143 Console config if ip a...

Page 75: ...to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify opcode operational code to copy firmware File Name The file name should not contain slashes or the leadi...

Page 76: ...up file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new operation...

Page 77: ...d click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 9 Select Start Up Operation File To delete a file select System File Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 10 Deleting Files ...

Page 78: ...he switch s settings Command Attributes File Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a file in the switch to the startup configuration file to tftp Copies a file from the switch t...

Page 79: ...Copies a file from a TFTP server to the startup config file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify config configuration to copy configuration settings File Name The file name should not contain slashes or the leading letter o...

Page 80: ...ion file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Copy Select tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then cl...

Page 81: ...ings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch To select another configuration file as the start up configuration use the boot system command and then restart the switch Console copy tftp startup config 4 86 TFTP server ip address 192 168 1 19 Source configuration file name config startup St...

Page 82: ...current session is terminated Range 0 65535 seconds Default 0 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Silent Tim...

Page 83: ... password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login1 Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name...

Page 84: ...ables Telnet access to the switch Default Enabled Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 0 4 18 Console config line exec timeout 0 4 19 Console config line password thresh 3 4 20 Console config line silent time 60 4 21 Console config line databits 8 4 22 Console config line parity n...

Page 85: ...hreshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Password2 Specifies a password for the line connection When a connection is started on a l...

Page 86: ...Console config line vty 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 300 4 18 Console config line exec timeout 600 4 19 Console config line password thresh 3 4 20 Console config line end Console show line 4 25 Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent...

Page 87: ...ms Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RAM Command Attributes Sy...

Page 88: ...3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Aler...

Page 89: ...of messages that are sent to syslog servers or other management stations You can also limit the error messages sent to only those messages below a specified level Command Attributes Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Enabled Logging Facility Sets the facility type for remote logging of syslog messages There are eight faci...

Page 90: ...s sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be sent to the remote server Range 0 7 Default 6 Host IP List Displays the list of remote server IP addresses that receive ...

Page 91: ...he facility type and set the logging trap Console config logging host 192 168 1 15 4 60 Console config logging facility 23 4 61 Console config logging trap 4 4 62 Console config end Console show logging trap 4 62 Syslog logging Enabled REMOTELOG status Enabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG server ip address 192 168 1 15 REMOTELOG server ip ad...

Page 92: ...memory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3 17 Displaying Logs CLI This example shows the event message stored in RAM Console show log ram 4 63 1 00 01 37 2001 01 01 DHCP request failed will retry later level 4 module 9 function 0 and event no 10 0 00 00 35 2001 01 01 System coldStart notification level 6 module 6 function 1 and...

Page 93: ... or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 34 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 SMTP Server List Specifies a list of up to three recipient SM...

Page 94: ...ty level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Specify up to five email addresses to receive the alert messages and click Apply Figure 3 18 Enabling and Configuring SMTP Alerts ...

Page 95: ...eset to reboot the switch When prompted confirm that you want reset the switch Figure 3 19 Resetting the System Console config logging sendmail host 192 168 1 200 4 67 Console config logging sendmail level 4 4 68 Console config logging sendmail source email john acme com 4 69 Console config logging sendmail destination email geoff acme com 4 69 Console config logging sendmail 4 70 Console config e...

Page 96: ...tch will only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization req...

Page 97: ...y Figure 3 20 SNTP Configuration CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp server 10 1 0 19 137 82 140 80 128 250 36 2 4 73 Console config sntp poll 60 4 74 Console config sntp client 4 72 Console config exit Console show sntp Current time Jan 6 14 56 05 2004 Poll interval 60 Current mode unicast ...

Page 98: ...ibutes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 3 21 Setting th...

Page 99: ...rights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for configuring community strings trap functions and restricting access to clients with specified IP addresses are described in the following sections Setting Community Access Strings You may configure up to ...

Page 100: ...ure 3 22 Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as SMC Elite...

Page 101: ...ons as SNMP v1 or v2c traps The default is version 1 Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP access authentication process Default Enabled Enable Link up and Link down Traps Issues a trap message whenever a port link is established or broken Default Enabled Web Click SNMP Configuration Fill in the IP address and community ...

Page 102: ... addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new ad...

Page 103: ... Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user name Add Remove Adds or removes an account from the list Web Click Security User Accounts To configure a new user account specify a user name select the user s access level then enter a password and confirm it Click Add to save the new user account and add it to th...

Page 104: ...ices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the switch RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet fro...

Page 105: ...on server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attri...

Page 106: ...n the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default...

Page 107: ...ation Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selected and click Apply Figure 3 25 Authentication Settings ...

Page 108: ... 4 98 Console config radius server key green 4 98 Console config radius server retransmit 5 4 99 Console config radius server timeout 10 4 99 Console config radius server 1 host 192 168 1 25 4 97 Console config end Console show radius server 4 100 Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Ser...

Page 109: ... 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 56 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP port number used for HTTPS connection to the switch s we...

Page 110: ... a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note For maximum security we re...

Page 111: ...ntended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfers passing betwe...

Page 112: ...enable the SSH server Authentication Settings To use the SSH server complete these steps 1 Generate a Host Key Pair On the SSH Host Key Settings page create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file ...

Page 113: ...229029789827213532671316294325328189150453 06393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Settings page enable the SSH server on the switch 6 Challenge Response Authentication When an SSH client attempts to conta...

Page 114: ...ications between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the proceeding section Command Usage Field Attributes Public Key of Host Key The public key for the host RSA Version 1 The first field indicates the size of the host key e g 1024 the second field is the enc...

Page 115: ...ir Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page Clear This button clears the host key from both volatile memory RAM and non volatile memory Flash Web Click Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the ...

Page 116: ...nsole ip ssh crypto host key generate 4 49 Console ip ssh save host key 4 49 Console show public key host 4 49 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 7...

Page 117: ...server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page before you can enable the SSH server Figure 3 28 SSH Server Sett...

Page 118: ...ntrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Tab...

Page 119: ...1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 91 Command Attributes Port Port number Name Descriptive text page 4 143 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap...

Page 120: ...work resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data The IEEE 802 1X dot1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for...

Page 121: ...ppropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an accept or reject packet If authentication is successful the switch allows the client to access the network Otherwise network access is denied and the port remains blocked The operation of 802 1X on the switch requires the following The switch must have an ...

Page 122: ...ient also have to support the same EAP authentication type MD5 Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1X protocol provides client authentication Command Attributes 802 1X System Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 3 30 802 1X Global Information ...

Page 123: ...ion Control Sets the global setting for 802 1X Default Disabled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 31 802 1X Configuration Console show dot1x 4 112 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Singl...

Page 124: ...ulti Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port ...

Page 125: ...ch a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Ind...

Page 126: ...rameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 26 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30...

Page 127: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most r...

Page 128: ...ying 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 112 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 129: ...ess respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a spe...

Page 130: ...e end address of a range Add Remove Filtering Entry Adds removes an IP address from the list Web Click Security IP Filter Enter the IP addresses or range of addresses that are allowed management access to an interface and click Add IP Filtering Entry to update the filter list Figure 3 34 Creating a Web IP Filter List ...

Page 131: ...ly to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is acce...

Page 132: ...ss ports 2 User defined rules in the Ingress IP ACL for ingress ports 3 Explicit default rule permit any any in the ingress IP ACL for ingress ports 4 Explicit default rule permit any any in the ingress MAC ACL for ingress ports 5 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL C...

Page 133: ...0 Web Click Security ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 35 Selecting ACL Type CLI This example creates a standard IP ACL named david Console config access list ip standard david 4 118 Console config std acl ...

Page 134: ... Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to indicate ignore The mask is bitwise ANDed with the specified source IP address and compared with the addr...

Page 135: ...ecific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address fiel...

Page 136: ...CP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bitmask Decimal number representing the code bits to match ...

Page 137: ...select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click Add Figure 3 37 ACL Configuration Extended IP CLI This example adds two rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e ...

Page 138: ...urce Destination MAC Address Source or destination MAC address Source Destination Bitmask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4094 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 0 65535 A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 I...

Page 139: ...ou select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID or Ethernet type Then click Add Figure 3 38 ACL Configuration MAC CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 4...

Page 140: ...ly assign one MAC access list to all the ports on the switch Command Usage This switch only supports ACLs for ingress filtering You can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering Command Attributes Port Fixed port or SFP module Range 1 26 50 IP Specifies the IP Access List to enable for a port MAC Specifies the MAC Access List to enable globally IN ACL for ingr...

Page 141: ...igure 3 39 Binding a Port to an ACL CLI This example assigns an IP and MAC access list to port 1 and an IP access list to port 3 Console config interface ethernet 1 1 4 143 Console config if ip access group david in 4 123 Console config if mac access group jerry in 4 130 Console config if exit Console config interface ethernet 1 3 Console config if ip access group david in Console config if ...

Page 142: ... T or SFP Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Trunk Member3 Shows if port is ...

Page 143: ...n the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring Interface Connections...

Page 144: ...control is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the response to take when a security violation is detected shutdown trap trap and shutdown or none Current Status Link Status Indicates if ...

Page 145: ...t after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Flow Control Allows automatic or manual selection of flow control Console show interfaces status ethernet 1 5 4 151 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 30 f1 47 58 4...

Page 146: ...rts symmetric pause frames FC Supports flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation Avoid using flow control on a port connected to a hub unless it is actually required to solve a proble...

Page 147: ...o four trunks at a time The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can Console config interface ethernet 1 13 4 143 Console config if description RD SW 13 4 143 Console config...

Page 148: ...efore making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop You can create up to four trunks on a switch or stack with up to eight ports per trun...

Page 149: ...g a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Range 1 4 Unit Stack unit Range SMC62...

Page 150: ... Trunk Membership Enter a trunk ID of 1 4 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 42 Static Trunk Configuration ...

Page 151: ... exit Console config interface ethernet 1 1 4 143 Console config if channel group 2 4 163 Console config if exit Console config interface ethernet 1 2 Console config if channel group 2 Console config if end Console show interfaces status port channel 2 4 151 Information of Trunk 2 Basic information Port type 100TX Mac address 00 00 E8 AA AA 01 Configuration Name Port admin Up Speed duplex Auto Cap...

Page 152: ...her by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 96 Command Attributes Member List Current Shows configured trunks Unit Port New Includes entry fields for creating new trunks Unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 Port Port identifier Range 1 26 50 Web Click Port...

Page 153: ... port to be allowed to join a channel group Console config interface ethernet 1 1 4 143 Console config if lacp 4 164 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 151 Information of Trunk 1 Basic information Port type 100TX Mac address 22 22 22 22 22 2d Configuration Name Port admin Up Speed...

Page 154: ...s must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a...

Page 155: ...u can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 44 LACP Aggregation Port ...

Page 156: ...stem priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 170 Port Channel System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 Console show lacp 1 internal 4 170 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Int...

Page 157: ...er of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do...

Page 158: ...arker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 3 7 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priority LACP s...

Page 159: ...abled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is cons...

Page 160: ...e LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 170 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 3 LACP Port Priority 128 Admin Key 120 Oper Key 120 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long ti...

Page 161: ...ue of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the pro...

Page 162: ...emote side of port channel 1 Console show lacp 1 neighbors 4 170 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 3 00 30 F1 CE 2A 20 Partner Admin Port Number 5 Partner Oper Port Number 3 Port Admin Priority 32768 Port Oper Priority 128 Admin Key 0 Oper Key 120 Admin State defaulted distributing collecting synchronization long timeout Oper St...

Page 163: ...dcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic The specified threshold applies to all ports on the switch Command Attributes Port5 Port number Trunk6 Trunk number Type Indicates the port type 100BASE TX 1000BASE T or SFP Threshold Threshold as percentage of port ...

Page 164: ...CONFIGURING THE SWITCH 3 110 Web Click Port Port Trunk Broadcast Control Set the threshold mark the Enabled field for the desired interface and click Apply Figure 3 48 Port Broadcast Control ...

Page 165: ...e destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Console config interface ethernet 1 1 4 143 Console config if no switchport broadcast 4 149 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast octet rate 600 4 149 Console config if end Console show interfaces switchport ethernet 1 2 4...

Page 166: ...you to select which traffic to mirror to the target port Rx receive or Tx transmit Default Rx Target Unit The unit whose port will duplicate or mirror the traffic on the source port Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 Target Port The port that will mirror the traffic on the source port Range 1 26 50 Web Click Port Mirror Port Configuration Specify the source port unit the traffic type ...

Page 167: ...ored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Granularity Rate limit granularity is an additional feature enabling the network manager greater control over traffic on the network The rate limit granularity is multiplied by the rate limit level page 3 114 to set the actual rate limit for an interface Granul...

Page 168: ...t and output rate limit can be enabled or disabled for individual interfaces Command Attributes Port Trunk Displays the port number Rate Limit Status Enables or disables the rate limit Default Disabled Rate Limit Level Sets the rate limit level Fast Ethernet Range 1 255 Default 255 Gigabit Ethernet Range 1 30 Default 30 Note Actual rate limit Rate Limit Level Granularity Console config rate limit ...

Page 169: ...d on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port All values dis...

Page 170: ... to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets The number of packets received via the interface which wer...

Page 171: ...f errors Etherlike Statistics Alignment Errors The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is detected later than 512 bit times into the transmission of a packet FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not include...

Page 172: ...count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of resources Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Received ...

Page 173: ...rwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames ...

Page 174: ...RING THE SWITCH 3 120 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 52 Port Statistics ...

Page 175: ...rors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 4422579 Packets 31552 Broadcast pkts 238 Multi cast pkts 17033 Undersize pkts 0 Oversize pkt...

Page 176: ...c address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attributes Static Address Counts7 The number of manually configured addresses Current Static Address Table Lists all the static ...

Page 177: ...AN then click Add Static Address Figure 3 53 Configuring a Static Address Table CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Console config mac address table static 00 e0 29 94 34 de interface ethernet 1 1 vlan 1 delete on reset 4 176 Console config ...

Page 178: ...ddress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of ...

Page 179: ... method of sorting the displayed addresses and then click Query Figure 3 54 Configuring a Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 177 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Delete on reset Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 180: ...ng Time CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route ...

Page 181: ...est cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hel...

Page 182: ... All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which inclu...

Page 183: ... tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Root Hello Time Interva...

Page 184: ...tion each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interval between the transmission of consecutive RSTP BPDUs Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can ...

Page 185: ...spanning tree 4 193 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enabled Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes tim...

Page 186: ...sumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Command Attributes Basic Configuration of Global Settings Spanning Tree State Enables disables STA on this switch Default Enabled Sp...

Page 187: ...hich the root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information pr...

Page 188: ...loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Configuration Settings for RSTP Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specif...

Page 189: ...n configures the STA and RSTP parameters Console config spanning tree 4 181 Console config spanning tree mode rstp 4 182 Console config spanning tree priority 45056 4 185 Console config spanning tree hello time 5 4 183 Console config spanning tree max age 38 4 184 Console config spanning tree forward time 20 4 183 Console config spanning tree pathcost method long 4 186 Console config spanning tree...

Page 190: ...es learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then som...

Page 191: ...tion on page 3 140 i e true or false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is an alternate or backup port that m...

Page 192: ...all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Designated root...

Page 193: ...ing required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Admin Link Type The link type attached to this interface Point to Point A connection to exactly one...

Page 194: ...e read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 3 136 for additional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving Console show span...

Page 195: ...lue will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Path Cost This parameter is used by the STP to determine the be...

Page 196: ...ass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also...

Page 197: ... group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment Console config int...

Page 198: ...icit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assi...

Page 199: ...w access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLA...

Page 200: ... network This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application software so that these VLANs can be propagated onto the network For both the edge switches attached directly to these hosts and core switches in ...

Page 201: ...n forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the ...

Page 202: ...tion and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 60 Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch Field Attributes VLAN Version Number9...

Page 203: ...e VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Console show bridge ext 4 216 Max support vlan numbers 255 Max support vlan ID 4094 Extended multica...

Page 204: ...Untagged Ports Shows the untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 62 Displaying Current VLANs Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 charac...

Page 205: ...be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enabled VLAN is operational Disabl...

Page 206: ...ctivate the VLAN and then click Add Figure 3 63 Configuring a VLAN Static List CLI This example creates a new VLAN Console config vlan database 4 195 Console config vlan vlan 2 name R D media ethernet state active 4 196 Console config vlan end Console show vlan 4 205 Vlan ID 1 Type Static Name DefaultVlan Status Active Ports Channel groups Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1...

Page 207: ...Static Membership by Port page to configure VLAN groups based on the port index page 3 156 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 157 Co...

Page 208: ...port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 146 None Interface is not a member of the VLAN Packets associated with this VLAN wi...

Page 209: ... Apply Figure 3 64 Configuring a VLAN Static Table CLI The following example adds tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 4 143 Console config if switchport allowed vlan add 2 tagged 4 203 Console config if exit Console config interface ethernet 1 2 Console config if switchport allowed vlan add 2 untagged Console config if exit Console config interface ethernet 1 ...

Page 210: ...Membership by Port Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 65 VLAN Static Membership by Port CLI This example adds Port 3 to VL...

Page 211: ...es should not be changed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be ...

Page 212: ...y GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer10 The interval between transmitting requests queries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer10 The interval a port waits before leaving a VLAN group This time should be set to more than twice the join tim...

Page 213: ...o the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Web Click VLAN 802 1Q VLAN Port Configuration or VLAN Trunk Configuration Fil...

Page 214: ... are designed to provide open access to an external network such as the Internet while the community or isolated ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN One or more isolated VLANs can also be configured Note that private VLANs and normal VLANs can exist simultaneousl...

Page 215: ...promiscuous port 2 Use the Private VLAN Port Configuration menu page 3 166 to set the port type to promiscuous i e the single channel to the external network or isolated i e having access only to the promiscuous port in its own VLAN Then assign the promiscuous port and all host ports to an isolated VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the ...

Page 216: ...figured with primary VLAN 5 and secondary VLAN 6 Port 3 has been configured as a promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console show vlan private vlan 4 214 Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 Console...

Page 217: ...nd to their promiscuous ports in the associated primary VLAN Isolated VLANs Conveys traffic only between the VLAN s isolated ports and the promiscuous port Traffic between isolated ports within the VLAN is blocked Current Displays a list of the currently configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To r...

Page 218: ...y VLANs not associated with the selected VLAN Web Click VLAN Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 69 Private VLAN Association Console config ...

Page 219: ...n only communicate with the lone promiscuous port within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A community VLAN conveys traffic between community ports and from comm...

Page 220: ...ted with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLAN Interfaces Use the Private VLAN Port Configuration and Private VLAN Trunk Configuration menus to set the private VLAN interface type and assign the interfaces to a private VLAN Command Attributes Port Trunk The switch interface PVLAN Port Type Sets the private VLAN port types Normal The p...

Page 221: ...rts and between promiscuous ports and community ports within the associated secondary VLANs If PVLAN type is Promiscuous then specify the associated primary VLAN Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Set PVLAN Port Type to Host and then specify the associated Community VLAN Isolated VLAN Conveys traffi...

Page 222: ...mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console config interface ethernet 1 3 Console config if switchport mode private vlan promiscuous 4 211 Console config if switchport private vlan mapping 5 4 213 Console config if exit Console config interface ethernet 1 4 Console...

Page 223: ... the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagge...

Page 224: ... to port 3 11 CLI displays this information as Priority for untagged traffic Console config interface ethernet 1 3 4 143 Console config if switchport priority default 5 4 222 Console config if end Console show interfaces switchport ethernet 1 3 4 154 Information of Eth 1 3 Broadcast threshold Disabled LACP status Disabled Ingress rate limit disable Level 30 Egress rate limit disable Level 30 VLAN ...

Page 225: ...y levels recommended in the IEEE 802 1p standard for various network applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Table 3 10 Mapping CoS Values to Egress Queues Queue 0 1 2 3 Priority 1 2 0 3 4 5 6 7 Table 3 11 CoS Priority Levels Priority Level Traffic Type 1 Ba...

Page 226: ...3 Traffic Classes CLI The following example shows how to change the CoS assignments Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch 12 CLI shows Queue ID Console config interface ethernet 1 1 4 143 Console config if queue cos map 0 0 4 224 Console config if queue cos map 1 1 Console ...

Page 227: ...queue This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 for queues 0 through 3 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing l...

Page 228: ...onding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table13 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class However note that Queue 0 is fix...

Page 229: ...ts for Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping ...

Page 230: ...om the scroll down menu then click Apply Figure 3 76 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic Th...

Page 231: ...represent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 77 Mapping IP Precedence Priority Values Table 3 12 Mapping IP Precedence Priority Level Traffic Type Priority Level Traffic Type 7 Network Control 3 Flash 6 Internetwork Control 2 Immediate 5 Critica...

Page 232: ...s so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Console config map ip precedence 4 228 Console config interface ethernet...

Page 233: ...nts low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 78 Mapping IP DSCP Priority Values 18 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56 7 Table 3 13 Mapping DSCP Priority Values Continued IP DSCP Value Co...

Page 234: ...ervice ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings ap...

Page 235: ... Set IP Port Priority Status to Enabled Figure 3 79 IP Port Priority Status Click Priority IP Port Priority Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box and then click Apply Figure 3 80 IP Port Priority ...

Page 236: ... the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 171 Command Attributes Port Port identifier Name14 Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 Console config map ip port 4 228 Console co...

Page 237: ...Enable mapping for any port select an ACL from the scroll down list then click Add Figure 3 81 ACL CoS Priority CLI This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 24 Console config interface ethernet 1 24 4 143 Console config if map access list ip bill cos 0 4 125 Console config if ...

Page 238: ...assed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It identifies the ports containing hosts requesting to join the service and sends data out to those ports only It then propagates the service request up to any neighboring multicast switch router to ensure ...

Page 239: ...that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 192 Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently Based on the IGMP query and report messages the switch forwards traffic only to the ports that request multicast traffic This prevents the switch fro...

Page 240: ...sking hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default 2 IGMP Query Interval Sets the frequency at which the switch sends IGMP host query messages Range 60 125 seconds Default 125 IGMP Report Delay...

Page 241: ...s the current status Console config ip igmp snooping 4 237 Console config ip igmp snooping querier 4 241 Console config ip igmp snooping query count 10 4 241 Console config ip igmp snooping query interval 100 4 242 Console config ip igmp snooping query max response time 20 4 243 Console config ip igmp snooping router port expire time 300 4 244 Console config ip igmp snooping version 2 4 238 Consol...

Page 242: ... the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping Mul...

Page 243: ...ally configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router...

Page 244: ... within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to p...

Page 245: ...this multicast service Figure 3 85 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corresponding services The Type field shows if this entry was learned dynamically or was statically configured Console show bridge 1 multicast vlan 1 4 239 VLAN M cast IP addr Member ports Type 1 224 1 1 12 Eth1 12 US...

Page 246: ...then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming ...

Page 247: ...dd After you have completed adding ports to the member list click Apply Figure 3 86 IGMP Member Port Table CLI This example assigns a multicast address to VLAN 1 and then displays all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 4 237 Console config exit Console show mac address table multicast vlan 1 4 239 VLAN M cast IP a...

Page 248: ...CONFIGURING THE SWITCH 3 194 ...

Page 249: ... switch s command line interface CLI is very similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays th...

Page 250: ...ortion 1 Note The IP address for this switch is obtained via DHCP by default To access the switch through a Telnet session you must first set the IP address for the Master unit and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a regi...

Page 251: ... show that you are using privileged access mode i e Privileged Exec or Vty n for the guest to show that you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Not...

Page 252: ...r a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator...

Page 253: ...ord up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief description of the help system by entering the help command You can also display command syntax by using the character to list keywords or parameters ...

Page 254: ...information lacp LACP statistic line TTY line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Configuration of the address table management Management IP filter map Maps priority port Port Characteristics public key Public Key information queue Priority queue information radius server RADIUS server information rate limit Configures ...

Page 255: ...g command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again...

Page 256: ...c Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new con...

Page 257: ...ng config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering Interface Configuration These commands modify the port configuration such as speed duple...

Page 258: ...lowing commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec mode Console configure Console config Table 4 2 Configuration Modes Mode Command Prompt Page Line line console vty Console config line 4 14 Access Control List access list ip standard access list ip...

Page 259: ...ne Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters ...

Page 260: ... also configures port security and IEEE 802 1X port access control 4 93 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 116 SNMP Activates authentication failure traps configures community access strings and trap managers also configures IP address filtering 4 135 Interfa...

Page 261: ... VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 195 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 215 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets pr...

Page 262: ...imeout Sets the interval that the command interpreter waits until user input is detected LC 4 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 20 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command LC 4 21 data...

Page 263: ...efault Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 25 show users 4 ...

Page 264: ...ified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respe...

Page 265: ...Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The ...

Page 266: ...onds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The ...

Page 267: ... specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the ...

Page 268: ...ld The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached fo...

Page 269: ... set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 20...

Page 270: ...bits per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related...

Page 271: ...ation protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bits per second Op...

Page 272: ...s if the speed you selected is not supported Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command Console config line spee...

Page 273: ... 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 55 show users 4 83 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows al...

Page 274: ...c console Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28 configure Activates global configuration mode PE 4 28 show history Shows the command history buffer NE PE 4 29 reload Restarts the system PE 4 30 end Returns to Privileged Exec mode any config mode 4 30 exit Returns to the previous con...

Page 275: ...0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 36 The character is appended to the end of the prompt to indicate that the system is in priv...

Page 276: ...and Usage The character is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 27 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Config...

Page 277: ... Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 278: ...ad This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end T...

Page 279: ...mmand returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Console config if end Console Console config exit Console exit Press ENTER...

Page 280: ...Verification Username Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 33 User Access Configures the basic user names and passwords for management access 4 34 IP Filter Configures IP addresses that are allowed management access 4 37 Web Server Enables management access via a web browser 4 40 Telnet Ser...

Page 281: ...Status Displays system configuration active managers and version information 4 77 Frame Size Enables support for jumbo frames 4 84 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 33 hostname Specifies the host name for the switch GC 4 34 snmp server contact Sets the system contact string GC 4 136 snmp server location Sets th...

Page 282: ... for management access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 14 user authentication via a remote authentication server page 4 93 and host access authentication for specific ports page 4 106 Console config hostname RD 1 Console config Table 4 9 User Access Commands Command Function Mode Page username Es...

Page 283: ...ve Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting T...

Page 284: ...ed Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password passwo...

Page 285: ...configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4 27 authentication enable 4 95 IP Filter Commands Console config enable password level 15 0 admin Console config Table 4 11 IP Filter Commands Command Function Mode Page management Configures IP add...

Page 286: ...range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include ...

Page 287: ...llowed management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Console config manag...

Page 288: ...8 1 25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 41 ip http server Allows the switch to be monitored or configured from a browser GC 4 41 ip http secure server Enables HTTPS for encryp...

Page 289: ...The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 41 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http ...

Page 290: ...sage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certi...

Page 291: ...ure port 4 43 copy tftp https certificate 4 86 ip http secure port This command specifies the UDP port number used for HTTPS connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Table 4 13 HTTPS System Support Web Browser Operating ...

Page 292: ...4 42 Telnet Server Commands ip telnet port This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax ip telnet port port number no ip telnet port port number The TCP port to be used by the browser interface Range 1 65535 Console config ip http secure port 1000 Console config Table 4 14 Telnet Server Commands Command Function Mode Page ip...

Page 293: ...rver This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuration Example Related Commands ip telnet port 4 44 Console config ip telnet port 123 Console config Console config ip telnet server Console config ...

Page 294: ... local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered This section describes the commands used to configure the SSH server However note that you also need to install a SSH client on the management station when using this pro...

Page 295: ...To use the SSH server complete these steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair delete public key Deletes the public key for the specified user PE 4 52 ip ssh crypto host key generate Generates the host key PE 4 52 ip ssh crypto zeroize Clear the host key from RAM PE 4 53 ip ssh save host key Saves the host key from RAM...

Page 296: ...witch via the User Accounts page as described on page 3 48 The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key 1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594083868631109291232226828519254374603100937187721...

Page 297: ...hentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax no ip ssh server Default Setting Disabled Command Mode Global Configuration ...

Page 298: ... 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 19 show ip ssh 4 55 Console ip ss...

Page 299: ...ion attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 55 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits Default Se...

Page 300: ... an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate This command generates the host key pair i e public and private Syntax ip ssh crypto host key generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both the ...

Page 301: ...t manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Related Commands ip ssh crypto zeroize 4 53 ip ssh save host key 4 54 ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key ty...

Page 302: ...ted Commands ip ssh crypto host key generate 4 52 ip ssh save host key 4 54 no ip ssh server 4 49 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 52 Console ip ssh crypt...

Page 303: ...ion 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 4 16 show ssh display description Field Description Session The session number Range 0 3 Version The Secure Shell version number State The authenticat...

Page 304: ...client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanced Encryption Standard 160 o...

Page 305: ...677505461732531367489083654725415020245593 1998685443583616519999233297817660658309586108259132128902337654680 1726272571413428762941301196195566782595664104869574278881462065194 1746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058176716709574804776117 DSA ssh dssAAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyVyrDbKStIlnzDDg0h2 HxcYV44sXZ2JXhamLK6P8bvuiyacWbUWa4PAtp1...

Page 306: ...that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 58 logging history Limits syslog messages saved to switch memory based on severity GC 4 59 logging host Adds a syslog server host IP address that will receive logging messages GC 4 60 logging facility Sets the facility type for remote logging of syslog messages GC 4 61 lo...

Page 307: ... on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g retu...

Page 308: ...erver host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration 1 alerts Immediate action needed 0 emergencies System unusable Console config logging history ram 0 Console config Table 4 18 Logging Levels Continued L...

Page 309: ...pe A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort ...

Page 310: ...logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 59 Default Setting Enabled Level 6 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enab...

Page 311: ...s show logging 4 63 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on ...

Page 312: ...level informational Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog logg...

Page 313: ...t Setting None Command Mode Privileged Exec Table 4 20 show logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility co...

Page 314: ...01 01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00 54 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 2 00 00 50 2001 01 01 STA topology change notification level 6 module 6 function 1 and event no 1 1 00 00 48 2001 01 01 VLAN 1 link up notification level 6 module 6 function 1 and event no 1 Console Table 4 21 SMTP Alert Command...

Page 315: ...h first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in the list and tries to send mail again If it still fails th...

Page 316: ...ult 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 4 through 0 Console config logging sendmail ...

Page 317: ...ation Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example This example will set the source email john acme com logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email addres...

Page 318: ...is command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configuration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Console config logging sendmail destination email ted this company com Console config Console config l...

Page 319: ...MTP minimum severity level 4 SMTP destination email addresses 1 geoff acme com SMTP source email address john acme com SMTP status Enabled Console Table 4 22 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 4 72 sntp server Specifies one or more time servers GC 4 73 sntp poll Sets the interval at which the client polls for time GC 4 74 show sntp Show...

Page 320: ...ords the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp server 4 73 sntp poll 4 74 show sntp 4 74 Console config sntp server 10 1 0 19 Console...

Page 321: ... 3 addresses Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Related Comman...

Page 322: ...ting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 4 72 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for sending time synchron...

Page 323: ...utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes you...

Page 324: ... day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 April 1st 2004 Console config clock ...

Page 325: ...D of a switch using its front panel LED indicators NE PE 4 78 show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 78 show running config Displays the configuration data currently in use PE 4 80 show system Displays system information NE PE 4 82 show users Shows all active console and Telnet sessions including user name...

Page 326: ...D indicators for ports 1 to 8 When the light unit command is entered the LED corresponding to the switch s ID will flash for about 15 seconds Example show startup config This command displays the configuration file stored in non volatile memory that is used to start up the system Default Setting None Command Mode Privileged Exec Command Usage Use this command in conjunction with the show running c...

Page 327: ...ree settings Any configured settings for the console port and Telnet Example Console show startup config building startup config please wait username admin access level 15 username admin password 0 admin username guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw logging history ram 6 logging histor...

Page 328: ... This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings Local time zone SNMP community strings Users names access levels and encrypted passwords Event log settings VLAN database VLA...

Page 329: ...MP server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca logging history ram 6 logging history flash 3 vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet ...

Page 330: ...Example Console show system System description 24 Port 10 100Mbps Stackable Managed Switch with 2 optional uplink modules System OID string 1 3 6 1 4 1 202 20 43 System information System Up time 4 hours 22 minutes and 7 18 seconds System Name NONE System Location NONE System Contact NONE MAC address 5A A5 AA 55 44 32 Web server enabled Web server port 80 Web secure server enabled Web secure serve...

Page 331: ... i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168...

Page 332: ...he no form to disable it Syntax no jumbo frame Default Setting Disabled Console show version Unit 1 Serial number S416000963 Service tag Hardware version R01 Module A type 1000BaseT Module B type 1000BaseT Number of ports 26 Main power status up Redundant power status not present Agent master Unit ID 1 Loader version 2 2 1 4 Boot ROM version 2 2 1 8 Operation code version 2 2 6 0 Console Table 4 2...

Page 333: ...es must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 4 149 The current setting for jumbo frames can be disabled with the show system command page 4...

Page 334: ...tp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate Copies an HTTPS certificate from an ...

Page 335: ...fault_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination Use the copy file unit command to copy a local file to another switch in the stack Use the copy unit file command to copy a file from another switch in the stack The Boot ROM and Loader cannot...

Page 336: ...e file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write t...

Page 337: ...mage name unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Console copy tftp public key TFTP server IP address 192 168 1 19 Choose public key type ...

Page 338: ...ile or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the configuration file or code image unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system disp...

Page 339: ...Default Setting None Command Mode Privileged Exec Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Console dir 1 Unit2 D2218 Boot Rom image Y 214000 V2260 S Operation Code Y 1748676 V2264 J Ope...

Page 340: ...m Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or code image unit Specifies the unit number Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified unit number and file type If the file contains an error it cannot be...

Page 341: ...mmand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 93 RADIUS Client Configures settings for authentication via a RADIUS server 4 96 TACACS Client Configures settings for authentication via a TACACS server 4 101 Port Security Configures secure addresses for a port 4 103 Port Authentication Configures host authentication on specific ports using 802...

Page 342: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command t...

Page 343: ...IUS server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body o...

Page 344: ...hentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands C...

Page 345: ...f server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticate ...

Page 346: ...65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode G...

Page 347: ... 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 6553...

Page 348: ...ileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Sever 1 Server IP address 192 168 1 1 Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Console ...

Page 349: ...rver host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 101 tacacs server port S...

Page 350: ...1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mo...

Page 351: ...ready stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabli...

Page 352: ...esponse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Table 4 31 Port ...

Page 353: ...set the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled usin...

Page 354: ...ntity packet to the client before it times out the authentication session IC 4 107 dot1x port control Sets dot1x mode for a port interface IC 4 108 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 109 dot1x re authenticate Forces re authentication on specific ports PE 4 110 dot1x re authentication Enables re authentication for all ports IC 4 110 dot1x timeout quiet period...

Page 355: ... dot1x global and port settings to their default values Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of request...

Page 356: ... authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example Console config interface eth 1 2 Console ...

Page 357: ... max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by the dot1x port control command page 4 108 In multi host mode only one host connected to a ...

Page 358: ...8M 1 4 mixed stack 1 4 port Port number Range 1 26 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example Console dot1x re authenticate Console Console config interface eth 1 2 Console config if dot1...

Page 359: ...od seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configura...

Page 360: ...fault 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 Conso...

Page 361: ...interface including the following items reauth enabled Periodic re authentication page 4 110 reauth period Time after which a connected client must be re authenticated page 4 111 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 111 tx period Time a port waits during authentication session before re transmitting EAP packet page 4 11...

Page 362: ...te including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier ...

Page 363: ...s disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 00 e8 49 5e dc Current Identifier 3 Authenticator State Machine State Authenticated Reauth Count 0 Backend State Machine Stat...

Page 364: ... or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as pro...

Page 365: ... ports 5 If no explicit rule is matched the implicit default is permit all IP ACLs Table 4 33 Access Control Lists Command Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP port number protocol type and TCP control code 4 117 MAC ACLs Configures ACLs based on hardware addresses packet format and Ethernet type 4 127 ACL Information Displays ACLs and associated rules shows A...

Page 366: ...on IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration show ip access list Displays the rules for configured IP ACLs PE 4 123 ip access group Adds a port to an IP ACL IC 4 123 show ip access group Shows port assignments for IP ACLs PE 4 123 mapaccess list ip Sets the CoS value and corresponding out...

Page 367: ... Example Related Commands permit deny 4 119 ip access group 4 123 show ip access list 4 123 permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal num...

Page 368: ... 168 92 31 x using a bitmask Related Commands access list ip 4 118 permit deny Extended ACL This command adds a rule to an Extended IP ACL The rule sets a filter condition for packets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no permit deny protocol number udp any source address ...

Page 369: ... Range 0 65535 control flags Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing the code bits to match Range 0 63 Default Setting None Command Mode Extended ACL Command Usage All new rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 t...

Page 370: ...d use control code 2 18 Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP ...

Page 371: ...imum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 119 ip access group 4 123 ip access group This command binds a port to an IP ACL Use the no form to remove the port Syntax no ip access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Console show ip access...

Page 372: ... one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show ip access list 4 123 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privileged Exec Example Related Commands ip access group 4 123 Console config int eth 1 25 Console config if ip access group david in Console config if Console show ip access group Inter...

Page 373: ...cters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map on page 4 224 Example Related Commands queue cos map 4 224 show map access list ip 4 1...

Page 374: ...s the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Command Mode Privileged Exec Example Related Commands map access list ip 4 125 Console show map access list ip Eth 1 25 access list ip bill cos 0 Console ...

Page 375: ... mac Creates a MAC ACL and enters configuration mode GC 4 127 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 128 show mac access list Displays the rules for configured MAC ACLs PE 4 130 mac access group Adds a port to a MAC ACL IC 4 130 show mac access group Shows port assignments for MAC ACLs PE 4 131 map access list mac S...

Page 376: ... 130 show mac access list 4 130 permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destination address i e physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination destination address bitmask vid vid vid end ethertype protocol...

Page 377: ... end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands...

Page 378: ...ermit deny 4 128 mac access group 4 130 mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Console show mac access list MAC access list jerry permit...

Page 379: ... access group 4 130 map access list mac This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value R...

Page 380: ...show map access list mac 4 132 show map access list mac This command shows the CoS value mapped to a MAC ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Table 4 37 Egress Queue Priority Mappi...

Page 381: ...Mode Privileged Exec Command Usage Once the ACL is bound to an interface i e the ACL is active the order in which the rules are displayed is determined by the associated mask Console show map access list mac Access list to COS of Eth 1 5 Access list M5 cos 0 Console Table 4 38 ACL Information Command Function Mode Page show access list Show all ACLs and associated rules PE 4 133 show access group ...

Page 382: ...ermit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any IP ingress mask ACL mask protocol any any control flag 2 Console Console show access group...

Page 383: ...the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects Table 4 39 SNMP Commands Command Function Mode Page snmp server community Sets up the community access string to permit access to SNMP commands GC 4 135 snmp server contact Sets the system contact string GC 4 13...

Page 384: ...s Command Mode Global Configuration Command Usage The first snmp server community command you enter enables SNMP The no snmp server community command disables SNMP Example snmp server contact This command sets the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contact string String that describes the system contact in...

Page 385: ... location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 4 136 Console config snmp server contact Paul Console config Console config snmp server location WC 19 Console config ...

Page 386: ...mp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP v1 or v2c traps Range 1 2c Default 1 Default Setting Host Address None SNMP Version 1 Command Mode Global Configuration Command Usage If you do not enter an snmp server host command no notifications are sent In order to configure the switch to...

Page 387: ...ecify the SNMP version the default is to send SNMP version 1 notifications Example Related Commands snmp server enable traps 4 139 snmp server enable traps This command enables this device to send Simple Network Management Protocol traps SNMP notifications Use the no form to disable SNMP notifications Syntax no snmp server enable traps authentication link up down authentication Keyword to issue au...

Page 388: ...nd is used in conjunction with the snmp server host command Use the snmp server host command to specify which host or hosts receive SNMP notifications In order to send notifications you must configure at least one snmp server host command Example Related Commands snmp server host 4 138 show snmp This command checks the status of SNMP communications Default Setting None Command Mode Normal Exec Pri...

Page 389: ...MP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP logging disabled Co...

Page 390: ...144 negotiation Enables autonegotiation of a given interface IC 4 145 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 146 flowcontrol Enables flow control on a given interface IC 4 147 shutdown Disables an interface IC 4 148 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 149 clear counters Clears statistics on an...

Page 391: ...ort Port number Range 1 26 50 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what...

Page 392: ...speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1...

Page 393: ... list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 4 145 capabilities 4 146 negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When aut...

Page 394: ...or the no form without parameters to restore the default values Syntax no capabilities 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Supports 1000 Mbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Su...

Page 395: ...is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands Example The following example configures Ethernet port 5 capabilities to 100half 100full and flow control Related Commands negotiation 4 145 speed duplex 4 144 flowcontrol 4 147 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default S...

Page 396: ...tiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub...

Page 397: ... 5 switchport broadcast packet rate This command configures broadcast storm control Use the no form to disable broadcast storm control Syntax switchport broadcast octet rate rate no switchport broadcast rate Threshold level as a rate i e octets per second Range 64 95232000 Default Setting Enabled for all ports Packet rate limit 32000 octets per second Command Mode Interface Configuration Ethernet ...

Page 398: ...unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management inte...

Page 399: ...24M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on ...

Page 400: ...aces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast storm Enabled Broadcast storm limit 32000 octets second Flow control Disabled Lacp Disabled Port security Disabled Max MAC count 0 Port security action None Current status Link status ...

Page 401: ... Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets ...

Page 402: ...eged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Enabled 600 octets second LACP status Enabled Ingress rate limit disable Level 30 Egress rate limit disable Level 30 VLAN membership mode Hybrid Ingress rule Disabled Acc...

Page 403: ...ws if acceptable VLAN frames include all types or tagged frames only page 4 200 Native VLAN Indicates the default Port VLAN ID page 4 202 Priority for untagged traffic Indicates the default priority for untagged frames page 4 220 Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled page 4 217 Allowed Vlan Shows the VLANs this interface has joined where u indicates untagged a...

Page 404: ...nge 1 26 50 rx Mirror received packets tx Mirror transmitted packets Default Setting No mirror session is defined Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source por...

Page 405: ... port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 Default Setting Shows all sessions Command Mode Privileged Exec Command Usage This command displays the currently configured source port destination port an...

Page 406: ...re to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Note The rate limit granularity is multiplied by the rate limit page 4 159 to set the actual rate limit for an interface Granularity is a global setting that applies to Fast Ethernet or Gigabit Ethernet interfaces Console config interface ethernet 1 11 Console config if port monitor ethern...

Page 407: ...tax rate limit input output level rate no rate limit input output input Input rate output Output rate rate Maximum value Fast Ethernet Range 1 255 Gigabit Ethernet Range 1 30 Default Setting Fast Ethernet 255 Gigabit Ethernet 30 Command Mode Interface Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit level Granularity Example Console config interface ethernet 1 1 Conso...

Page 408: ...s rate limit granularity for the system For Fast Ethernet choose 8 Kbps 64 Kbps 512 Kbps 1 Mbps 2 Mbps or 3 3 Mbps For Gigabit Ethernet choose 32 Kbps 64 Kbps 512 Kbps 1 Mbps 2 Mbps 3 3 Mbps 10 Mbps or 33 3 Mbps Default Setting Fast Ethernet interface 3 3 Mbps Gigabit Ethernet interface 33 3 Mbps Command Mode Global Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit lev...

Page 409: ...mmands Ports can be statically grouped into an aggregate link i e trunk to increase the bandwidth of a network connection or to ensure fault recovery Or you can use the Link Aggregation Control Protocol LACP to automatically negotiate a trunk link between this switch and another network device For static trunks the switches have to comply with the Cisco EtherChannel standard For dynamic trunks the...

Page 410: ... Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 4 143 channel group Adds a port to a trunk IC Ethernet 4 163 Dynamic Configuration Command lacp Configures LACP for the current interface IC Ethernet 4 164 lacp system priority Configures a port s LACP system priority IC Ethernet 4 166 lacp admin key Configures a port s...

Page 411: ...rt Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key is set then the port admin key must be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port pri...

Page 412: ...e Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports...

Page 413: ...ole config if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 100TX Mac address 00 00 e8 00 00 0b Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Flow control status Disabl...

Page 414: ...de Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in us...

Page 415: ...ystem priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side of...

Page 416: ...rt Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Eth...

Page 417: ...cates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that sid...

Page 418: ...tifier for a link aggregation group Range 1 4 counters Statistics for LACP protocol messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sysid Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec ...

Page 419: ...DUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the S...

Page 420: ...onization aggregation long timeout LACP activity Table 4 46 show lacp internal display description Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priority LACP system priority assigned to ...

Page 421: ... enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is c...

Page 422: ...igned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partn...

Page 423: ...up configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID Table 4 49 Address Table Commands Command Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 4 176 clear mac address table dynamic Removes any l...

Page 424: ... on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the ...

Page 425: ...le show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bits to match in the address interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port...

Page 426: ...leted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx xx xx that is applied to the specified MAC address Enter hexadecimal numbers where an equivalent binary bit 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum ...

Page 427: ...0000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 ...

Page 428: ... age Configures the spanning tree bridge maximum age GC 4 184 spanning tree priority Configures the spanning tree bridge priority GC 4 185 spanning tree path cost method Configures the path cost method for RSTP GC 4 186 spanning tree transmission limit Configures the transmission limit for RSTP GC 4 186 spanning tree spanning disabled Disables spanning tree for an interface IC 4 187 spanning tree ...

Page 429: ...dging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree protocol migration Re checks the appropriate BPDU format PE 4...

Page 430: ...ts connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 ...

Page 431: ...states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding state otherwise temporary data loops might result Example spanning tree hello time This command configures the...

Page 432: ... 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should rece...

Page 433: ...1440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with ...

Page 434: ... The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 188 takes precedence over port priority page 4 189 Example spanning tree transmission limit This command configures the minimum interval between the transmission of conse...

Page 435: ...ble the spanning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command limits the maximum transmission rate for BPDUs Example This example disables the spanning tree algorithm for port 5 Console config spanning tree transmission limit 4 Console config Console...

Page 436: ...Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with ...

Page 437: ...or the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled Example Related Commands spanning tree cost 4 188 spanning t...

Page 438: ...of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device This command has the same effect as the spanning tree portfast Example R...

Page 439: ...fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for future software versions Example Related Commands spanning tree edge port 4 189 spanning tree link...

Page 440: ...ile a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is forbidden Example spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack uni...

Page 441: ...tree This command shows the configuration for the spanning tree Syntax show spanning tree interface interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Command Usage Use the show spanning tree command with no parameters to display the spanning ...

Page 442: ...y sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 50000 Number of topology changes 5 Last topology changes time sec 226 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding Path cost 100000 Priority 128 Designated cost 200000 Designated por...

Page 443: ...ly Default Setting None Table 4 51 VLANs Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 195 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 4 198 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 4 205 Configuring Priva...

Page 444: ...written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 205 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4094 n...

Page 445: ...tion Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs on the switch Example The following example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Related Commands show vlan 4 205 Console config vlan database Console config vla...

Page 446: ...de for a specified VLAN IC 4 198 switchport mode Configures VLAN membership mode for an interface IC 4 199 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 200 switchport ingress filtering Enables ingress filtering on an interface IC 4 201 switchport native vlan Configures the PVID native VLAN of an interface IC 4 202 switchportallowedvlan Configures the...

Page 447: ...rect link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames private vlan For an explanation of this command see switchport mode private vlan on page 4 21...

Page 448: ...pes all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tag...

Page 449: ...for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent...

Page 450: ...ace is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames enterin...

Page 451: ...ged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a...

Page 452: ...st of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VL...

Page 453: ...om 1 to 32 characters private vlan For an explanation of this command see show vlan private vlan on page 4 214 private vlan type Indicates the private vlan type Options Community Isolated Primary Default Setting Shows all VLANs Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 54 Show VLAN Commands Command Function Mode Page show vlan...

Page 454: ...d consist a single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports In all cases the promiscuous ports are designed to provide open access to an external network such as the Internet while the community or isolated ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be asso...

Page 455: ...an host association command to assign a port to a secondary VLAN Table 4 55 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private vlan Adds or deletes primary community or isolated VLANs VC 4 208 private vlan association Associates a community VLAN with a primary VLAN VC 4 210 Configure Private VLAN Interfaces switchport mode private vlan Sets an interface to host mode ...

Page 456: ...and to assign a port to an isolated VLAN 4 Use the show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary community or isolated private VLAN Use the no form to remove the specified private VLAN Syntax private vlan vlan id community primary isolated no private vlan vlan id vlan id ID of private VLAN Range 1 4094 no leading zeroes commu...

Page 457: ...associated primary VLAN that contains promiscuous ports When using an isolated VLAN it must be configured to contain a single promiscuous port Port membership for private VLANs is static Once a port has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked mode See switchport mode on page 4 199 Example Console config vla...

Page 458: ...rimary vlan id ID of primary VLAN Range 1 4094 no leading zeroes secondary vlan id ID of secondary i e community VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers con...

Page 459: ...the associated secondary VLANs Default Setting Normal VLAN Command Mode Interface Configuration Ethernet Port Channel Command Usage To assign a promiscuous port to a primary VLAN use the switchport private vlan mapping command To assign a host port to a community VLAN use the private vlan host association command To assign a promiscuous port or host port to an isolated VLAN use the switchport priv...

Page 460: ...rnet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via promiscuous ports in the associated primary VLAN Example switchport private vlan isolated Use this command to assign an interface to an isolated VLAN Use the no form to remove this assignment Syntax switchport priva...

Page 461: ...se the no form to remove this mapping Syntax switchport private vlan mapping primary vlan id no switchport private vlan mapping primary vlan id ID of primary VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage Promiscuous ports assigned to a primary VLAN can communicate with any other promiscuous ports in the same VLAN a...

Page 462: ...solated VLAN along with the assigned promiscuous interface and host interfaces The Primary and Secondary fields both display the isolated VLAN ID primary Displays all primary VLANs along with any assigned promiscuous interfaces Default Setting None Command Mode Privileged Executive Example Console config interface ethernet 1 2 Console config if switchport private vlan mapping 2 Console config if C...

Page 463: ...ally for the switch Use the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Table 4 56 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 215 show bridge ext Shows the global bridge extension configuration PE 4 216 switchport gvrp Enables GVRP for an interface IC 4 217 switchport forbidden vlan Configures...

Page 464: ...or bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 3 148 and Displaying Bridge Extension Capabilities on page 3 15 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filte...

Page 465: ... configuration This command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 ...

Page 466: ...econds leave 60 centiseconds leaveall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be cha...

Page 467: ...d Commands show garp timer 4 219 show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Console config inte...

Page 468: ...e switch s priority queues Priority Commands Layer 2 Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 100 centiseconds Leave timer 60 centiseconds Leaveall timer 1000 centiseconds Console Table 4 57 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware qu...

Page 469: ...using scheduling weights 1 2 4 6 for queues 0 3 respectively Default Setting Weighted Round Robin Command Mode Global Configuration queue bandwidth Assigns round robin weights to the priority queues GC 4 223 queue cos map Assigns class of service values to the priority queues IC 4 224 show queue mode Shows the current queue mode PE 4 225 show queue bandwidth Shows round robin weights assigned to t...

Page 470: ... mode switchport priority default This command sets a priority for incoming untagged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority id The priority number for untagged ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority is not set a...

Page 471: ... of the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 queue bandwidth This command assigns weighted round robin WRR weights to the four class of service CoS priority queues Use the no form to restore the default we...

Page 472: ...he ID of the priority queue Ranges are 0 to 3 where 3 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin queuing for each port Eight separate tr...

Page 473: ...alues 6 and 7 to egress queue 3 Related Commands show queue cos map 4 226 show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if queue cos map 0 0 1 2 Console config if queue cos map 1 3 Console config if queue cos map 2 4 5 Console config if queue cos map 3 6 7 Console config if en...

Page 474: ...Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Console show queue bandwidth Queue ID Weight 0 1 1 2 2 4 3 6 Console ...

Page 475: ...s of service IC 4 230 map ip dscp Enables IP DSCP class of service mapping GC 4 231 map ip dscp Maps IP DSCP value to a class of service IC 4 231 map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 125 map access list mac Sets the CoS value and corresponding output queue for packets matching an ACL rule IC 4 131 show map ip port Shows the IP p...

Page 476: ...g is IP Port IP Precedence or IP DSCP and default switchport priority Example The following example shows how to enable TCP UDP port mapping globally map ip port Interface Configuration This command set IP port priority i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port numbe...

Page 477: ...P Type of Service Use the no form to disable IP precedence mapping Syntax no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type ...

Page 478: ... Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a one to one basis according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP Precedence for all interfaces Examp...

Page 479: ...itchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DSCP mapping globally map ip dscp Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip d...

Page 480: ...ty DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 Table 4 62 IP DSCP to CoS Values IP DSCP Value CoS Value 0 0 8 1 10 12 ...

Page 481: ...4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Commands map ip port Global Configuration 4 228 map ip port Interface Configuration 4 228 Console show map ip port TCP port mapping status enabled Port Port no COS Eth 1 5 80 0 Conso...

Page 482: ...1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip port Global Configuration 4 228 map ip precedence Interface Configuration 4 230 Console show map ip precedence ethernet 1 5 Precedence mapping status enabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5...

Page 483: ...tack 1 4 port Port number Range 1 26 50 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 231 map ip dscp Interface Configuration 4 231 Console show map ip dscp ethernet 1 1 DSCP mapping status enabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Con...

Page 484: ...icast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 236 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 240 Static Multicast Routing Configures static multicast router ports 4 245 Table 4 64 IGMP Snooping Commands Command Function Mode Page ip i...

Page 485: ... igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range SMC6224M 1 8 SMC6248M 1 4 mixed stack 1 4 port Port number Range 1 26 50 port channel channel id Range...

Page 486: ...ing IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures t...

Page 487: ...ration show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Console show ip igmp snooping Service status Enabled Querier status Enabled...

Page 488: ...ng VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 65 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 241 ip igmp snooping query count Configures the query count GC 4 241 ip igmp snooping query interval Configures the query interval GC 4 242 ip igmp snooping query max resp...

Page 489: ...le for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast g...

Page 490: ...ample The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 243 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Ra...

Page 491: ...command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the...

Page 492: ...er the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snoopin...

Page 493: ...1 4 Default Setting No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to ...

Page 494: ...ter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show ip igmp sno...

Page 495: ...ress Syntax ip address ip address netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Table 4 67 IP Interface Commands Command Function Mode Page ip address Sets the IP address for the current inte...

Page 496: ...st periodically by this device in an effort to learn its IP address BOOTP and DHCP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command or by rebooting the switch Note Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through...

Page 497: ...ault gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip redirects 4 251 ip dhcp restart This command submits a BOOTP or DHCP client request Default Setting None C...

Page 498: ... following example the device is reassigned the same address Related Commands ip address 4 247 show ip interface This command displays the settings of an IP interface Default Setting All interfaces Command Mode Privileged Exec Example Related Commands show ip redirects 4 251 Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart Console show...

Page 499: ...n the network Syntax ping host size size count count host IP address or IP alias of the host size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger than the size specified because the switch adds header information count Number of packets to send Range 1 16 default 5 Default Setting This command has no default for the host Command Mode Normal Exe...

Page 500: ... destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 4 143 Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time ...

Page 501: ...ll duplex 1000BASE T 10 100 Mbps at half full duplex 1000 Mbps at full duplex Flow Control Full Duplex IEEE 802 3 2002 Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring One source port one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks...

Page 502: ... VLAN tag or port Layer 3 4 priority mapping IP Port IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet Web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Managemen...

Page 503: ... IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet Full duplex flow control Link Aggregation Control Protocol IEEE 802 3ac VLAN tagging DHCP Client RFC 1541 HTTPS IGMP RFC 1112 IGMPv2 RFC 2236 RADIUS RFC 2618 RMON RFC 1757 groups 1 2 3 9 SNMP RFC 1157 SNMPv2 RFC 2571 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 ...

Page 504: ...up MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP Community MIB RFC 2576 SNMPv2 IP MIB RFC 2011 TACACS Authentication Client MI...

Page 505: ... the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate swit...

Page 506: ... SSH client Be sure you have set up an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 sto...

Page 507: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 508: ...TROUBLESHOOTING B 4 ...

Page 509: ...e appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services Code Point Service DSCP DSCP uses a six bit tag to provi...

Page 510: ...on Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership...

Page 511: ...dard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame start stop requests and timer...

Page 512: ...mbership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control pack...

Page 513: ...one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Network Time Protocol NTP NTP provides the mechani...

Page 514: ...s Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network Remote Monitoring RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including...

Page 515: ...icated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Controller Access Control System Plus TACACS TACACS is a logon authentication protocol that uses software running on a...

Page 516: ... targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same...

Page 517: ...onsole port required connections 2 2 CoS configuring 3 169 4 220 DSCP 3 178 3 182 4 231 IP precedence 3 176 4 228 4 229 layer 3 4 priorities 3 175 4 227 queue mapping 3 171 4 224 queue mode 3 173 4 221 traffic class weights 3 174 4 223 D default gateway configuration 3 18 4 249 default priority ingress port 3 169 4 222 default settings system 1 7 DHCP 3 19 4 247 client 3 17 dynamic configuration 2...

Page 518: ... 84 L LACP local parameters 4 170 partner parameters 4 170 protocol message statistics 4 170 link type STA 3 139 3 142 4 191 logging syslog traps 4 62 to syslog servers 4 60 log in Web interface 3 3 logon authentication 3 48 4 93 RADIUS client 4 96 RADIUS server 4 96 TACACS client 3 50 4 101 TACACS server 3 50 4 101 logon authentication sequence 3 51 4 94 4 95 M main menu 3 5 Management Informatio...

Page 519: ...uthentication 4 96 rate limits setting 3 113 4 158 remote logging 4 62 restarting the system 3 41 4 30 RSTP 3 126 4 182 global configuration 3 128 4 182 S secure shell 3 57 4 46 Secure Shell configuration 3 57 4 50 4 51 serial port configuring 4 14 Simple Network Management Protocol See SNMP SNMP 3 45 community string 3 45 4 135 enabling traps 3 46 4 139 filtering IP addresses 3 75 trap manager 3 ...

Page 520: ... 46 4 138 troubleshooting B 1 trunk configuration 3 93 4 161 LACP 3 97 4 164 static 3 95 4 163 U upgrading software 3 22 4 86 user password 3 48 4 35 4 36 V VLANs 3 143 3 169 4 195 4 215 adding static members 3 153 3 156 4 203 creating 3 151 4 196 description 3 143 3 169 displaying basic information 3 148 4 216 displaying port members 3 149 4 205 egress mode 3 159 4 199 interface configuration 3 1...

Page 521: ......

Page 522: ...30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Switzerland 41 0 1 9409971 Fax 41 0 1 9409972 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Northern Europe 44 0 118 974 8700 Fax 44 0 118 974 8701 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 27 11 314 1133 Fax 27 11 314 9133 North Africa 34 93 477 4920 Fax 34 93 477 3774 Russia 7 095 290 29 96 Fax 7 095 290 29 96 PRC 86 2...

Reviews:

No comments

Related manuals for 8724M INT - annexe 1

C&H Technologies M221 Specifications preview
M221
Brand: C&H Technologies Pages: 1
D-Box G3 Installation Manual preview
G3
Brand: D-Box Pages: 31
BABBITT LS8000 Owner'S Manual preview
LS8000
Brand: BABBITT Pages: 14
BABBITT LS6000 Owner'S Manual preview
LS6000
Brand: BABBITT Pages: 10
Eaton Pow-R-Line SPX0361126 Maintenance Manual preview
Pow-R-Line SPX0361126
Brand: Eaton Pages: 584
Bühler technologies Nivotemp NT-EL Installation And Operation Instructions Manual preview
Nivotemp NT-EL
Brand: Bühler technologies Pages: 20
Black Box LGB408A-R2 Manual preview
LGB408A-R2
Brand: Black Box Pages: 20
Xantech HD88C Installation Instructions Manual preview
HD88C
Brand: Xantech Pages: 12
Generac Power Systems TRANSFER SWITCH Warranty Information Booklet preview
TRANSFER SWITCH
Brand: Generac Power Systems Pages: 1
Eneo 230033 Quick Installation Manual preview
230033
Brand: Eneo Pages: 19
Eminent EM1019 Instruction Manual preview
EM1019
Brand: Eminent Pages: 6
A-Neuvideo ANI-44VGA Instruction Manual preview
ANI-44VGA
Brand: A-Neuvideo Pages: 9
Dusun DSW-080 User Manual preview
DSW-080
Brand: Dusun Pages: 18
Enable-IT 8808F Installation Manual Manual preview
8808F
Brand: Enable-IT Pages: 49
SOFLY HDSW4 User Manual preview
HDSW4
Brand: SOFLY Pages: 4
Avenview SW-HBT-C6POE-16X16E Manual preview
SW-HBT-C6POE-16X16E
Brand: Avenview Pages: 19
H3C S1850 Series Getting Started Manual preview
S1850 Series
Brand: H3C Pages: 19
CityGrow Systems CG800 Series User Manual preview
CG800 Series
Brand: CityGrow Systems Pages: 21

Brands by name

Popular brands

Load more brands