manualshive.com logo in svg

SMC Networks 8724ML3 - annexe 1, Management Manual

The SMC Networks 8724ML3 - annexe 1 is a versatile and high-performance networking device. With its comprehensive Management Manual, users can easily navigate the product's features and functionalities. This manual is available for free download at manualshive.com, allowing users to efficiently set up and optimize their networking experience.

Share
Download
background image

C

OMMAND

 L

INE

 I

NTERFACE

4-358

ip ospf message-digest-key

This command enables message-digest (MD5) authentication on the 
specified interface and to assign a key-id and key to be used by neighboring 
routers. Use the 

no

 form to remove an existing key.

Syntax 

ip ospf message-digest-key

 

key-id

 

md5

 

key

no ip ospf message-digest-key

 

key-id

key-id

 - Index number of an MD5 key. (Range: 1-255)

key

 - Alphanumeric password used to generate a 128 bit message 

digest or “fingerprint.” (Range: 1-16 characters)

Command Mode 

Interface Configuration (VLAN)

Default Setting 

MD5 authentication is disabled.

Command Usage 

• Normally, only one key is used per interface to generate authentication 

information for outbound packets and to authenticate incoming packets. 
Neighbor routers must use the same key identifier and key value.

• When changing to a new key, the router will send multiple copies of all 

protocol messages, one with the old key and another with the new key. 
Once all the neighboring routers start sending protocol messages back to 
this router with the new key, the router will stop using the old key. This 
rollover process gives the network administrator time to update all the 
routers on the network without affecting the network connectivity. Once 
all the network routers have been updated with the new key, the old key 
should be removed for security reasons.

Example

This example sets a message-digest key identifier and password.

Console(config)#interface vlan 1
Console(config-if)#ip ospf message-digest-key 1 md5 aiebel
Console(config-if)#

Summary of Contents for 8724ML3 - annexe 1

Page 1: ...g Tree Protocol RSTP and MSTP Up to 32 LACP or static 8 port trunks Layer 2 3 4 CoS support through eight priority queues Layer 3 4 traffic priority with IP Precedence and IP DSCP Full support for VLANs with GVRP IGMP multicast filtering and snooping Support for jumbo frames up to 9 KB Manageable via console Web SNMP RMON Security features ACL RADIUS 802 1x Routing features IP RIP routing OSPF VRR...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerStack 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions June 2005 Pub 149100023600A ...

Page 4: ...ted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...IRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS...

Page 7: ...around Topologies 2 7 Resilient IP Interface for Management Access 2 7 Resilient Configuration 2 8 Renumbering the Stack 2 8 Basic Configuration 2 8 Console Connection 2 8 Setting Passwords 2 9 Setting an IP Address 2 10 Manual Configuration 2 10 Dynamic Configuration 2 11 Enabling SNMP Management Access 2 12 Community Strings for SNMP version 1 and 2c clients 2 13 Trap Receivers 2 14 Configuring ...

Page 8: ...rom a Server 3 32 Console Port Settings 3 34 Telnet Settings 3 36 Configuring Event Logging 3 38 System Log Configuration 3 38 Remote Log Configuration 3 41 Displaying Log Messages 3 43 Sending Simple Mail Transfer Protocol Alerts 3 44 Renumbering the Stack 3 46 Resetting the System 3 47 Setting the System Clock 3 48 Configuring SNTP 3 48 Setting the Time Zone 3 49 Simple Network Management Protoc...

Page 9: ...nagement Access 3 101 Access Control Lists 3 103 Configuring Access Control Lists 3 103 Setting the ACL Name and Type 3 104 Configuring a Standard IP ACL 3 105 Configuring an Extended IP ACL 3 106 Configuring a MAC ACL 3 109 Configuring ACL Masks 3 111 Specifying the Mask Type 3 112 Configuring an IP ACL Mask 3 113 Configuring a MAC ACL Mask 3 115 Binding a Port to an Access Control List 3 117 Por...

Page 10: ... 3 179 VLAN Configuration 3 181 IEEE 802 1Q VLANs 3 181 Enabling or Disabling GVRP Global Setting 3 185 Displaying Basic VLAN Information 3 186 Displaying Current VLANs 3 187 Creating VLANs 3 188 Adding Static Members to VLANs VLAN Index 3 190 Adding Static Members to VLANs Port Index 3 193 Configuring VLAN Behavior for Interfaces 3 194 Configuring Private VLANs 3 197 Enabling Private VLANs 3 197 ...

Page 11: ...fying Static Interfaces for a Multicast Router 3 231 Displaying Port Members of Multicast Services 3 232 Assigning Ports to Multicast Services 3 233 Configuring Domain Name Service 3 235 Configuring General DNS Server Parameters 3 235 Configuring Static DNS Host to Address Entries 3 238 Displaying the DNS Cache 3 240 Dynamic Host Configuration Protocol 3 242 Configuring DHCP Relay Service 3 242 Co...

Page 12: ...tic Routes 3 289 Displaying the Routing Table 3 290 Configuring the Routing Information Protocol 3 292 Configuring General Protocol Settings 3 293 Specifying Network Interfaces for RIP 3 295 Configuring Network Interfaces for RIP 3 296 Displaying RIP Information and Statistics 3 300 Configuring the Open Shortest Path First Protocol 3 303 Configuring General Protocol Settings 3 305 Configuring OSPF...

Page 13: ...ation 4 4 Command Completion 4 4 Getting Help on Commands 4 4 Showing Commands 4 4 Partial Keyword Lookup 4 6 Negating the Effect of Commands 4 6 Using Command History 4 6 Understanding Command Modes 4 7 Exec Commands 4 7 Configuration Commands 4 8 Command Line Processing 4 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 timeout login response 4 18 exec timeout 4 19 pa...

Page 14: ...le password 4 37 IP Filter Commands 4 38 management 4 38 show management 4 39 Web Server Commands 4 40 ip http port 4 41 ip http server 4 41 ip http secure server 4 42 ip http secure port 4 43 Telnet Server Commands 4 44 ip telnet server 4 44 Secure Shell Commands 4 45 ip ssh server 4 48 ip ssh timeout 4 49 ip ssh authentication retries 4 50 ip ssh server key size 4 51 delete public key 4 51 ip ss...

Page 15: ...l level 4 66 logging sendmail source email 4 67 logging sendmail destination email 4 68 logging sendmail 4 68 show logging sendmail 4 69 Time Commands 4 69 sntp client 4 70 sntp server 4 71 sntp poll 4 72 show sntp 4 73 clock timezone 4 73 calendar set 4 74 show calendar 4 75 System Status Commands 4 75 show startup config 4 76 show running config 4 78 show system 4 80 show users 4 81 show version...

Page 16: ...s server host 4 99 tacacs server port 4 100 tacacs server key 4 100 show tacacs server 4 101 Port Security Commands 4 101 port security 4 102 802 1X Port Authentication 4 104 dot1x system auth control 4 105 dot1x default 4 105 dot1x max req 4 105 dot1x port control 4 106 dot1x operation mode 4 107 dot1x re authenticate 4 108 dot1x re authentication 4 108 dot1x timeout quiet period 4 109 dot1x time...

Page 17: ...ask MAC ACL 4 133 show access list mac mask precedence 4 135 mac access group 4 136 show mac access group 4 137 ACL Information 4 137 show access list 4 137 show access group 4 138 SNMP Commands 4 139 snmp server 4 140 show snmp 4 140 snmp server community 4 141 snmp server contact 4 142 snmp server location 4 143 snmp server host 4 143 snmp server enable traps 4 146 snmp server engine id 4 147 sh...

Page 18: ...twork 4 164 default router 4 165 domain name 4 166 dns server 4 167 next server 4 167 bootfile 4 168 netbios name server 4 169 netbios node type 4 170 lease 4 171 host 4 172 client identifier 4 173 hardware address 4 174 clear ip dhcp binding 4 175 show ip dhcp binding 4 176 DNS Commands 4 177 ip host 4 178 clear host 4 179 ip domain name 4 179 ip domain list 4 180 ip name server 4 181 ip domain l...

Page 19: ...02 Rate Limit Commands 4 203 rate limit 4 203 Link Aggregation Commands 4 204 channel group 4 206 lacp 4 206 lacp system priority 4 208 lacp admin key Ethernet Interface 4 209 lacp admin key Port Channel 4 210 lacp port priority 4 211 show lacp 4 212 Address Table Commands 4 216 mac address table static 4 217 clear mac address table dynamic 4 218 show mac address table 4 219 mac address table agin...

Page 20: ...38 spanning tree link type 4 239 spanning tree mst cost 4 240 spanning tree mst port priority 4 241 spanning tree protocol migration 4 242 show spanning tree 4 243 show spanning tree mst configuration 4 245 VLAN Commands 4 245 Editing VLAN Groups 4 246 vlan database 4 246 vlan 4 247 Configuring VLAN Interfaces 4 248 interface vlan 4 249 switchport mode 4 250 switchport acceptable frame types 4 251...

Page 21: ...mmands 4 269 Priority Commands Layer 2 4 269 queue mode 4 270 switchport priority default 4 271 queue bandwidth 4 272 queue cos map 4 273 show queue mode 4 274 show queue bandwidth 4 275 show queue cos map 4 275 Priority Commands Layer 3 and 4 4 276 map ip port Global Configuration 4 276 map ip port Interface Configuration 4 277 map ip precedence Global Configuration 4 278 map ip precedence Interf...

Page 22: ...300 ip igmp snooping querier 4 301 ip igmp snooping query count 4 301 ip igmp snooping query interval 4 302 ip igmp snooping query max response time 4 303 ip igmp snooping router port expire time 4 304 Static Multicast Routing Commands 4 305 ip igmp snooping vlan mrouter 4 305 show ip igmp snooping mrouter 4 306 IP Interface Commands 4 307 Basic IP Configuration 4 307 ip address 4 308 ip default g...

Page 23: ...e version 4 330 ip rip send version 4 331 ip split horizon 4 332 ip rip authentication key 4 333 ip rip authentication mode 4 334 show rip globals 4 335 show ip rip 4 336 Open Shortest Path First OSPF 4 338 router ospf 4 340 router id 4 340 compatible rfc1583 4 341 default information originate 4 342 timers spf 4 343 area range 4 344 area default cost 4 345 summary address 4 346 redistribute 4 347...

Page 24: ...f summary address 4 377 show ip ospf virtual links 4 378 Multicast Routing Commands 4 379 Static Multicast Routing Commands 4 379 ip igmp snooping vlan mrouter 4 379 show ip igmp snooping mrouter 4 380 Router Redundancy Commands 4 381 Virtual Router Redundancy Protocol Commands 4 381 vrrp ip 4 382 vrrp authentication 4 383 vrrp priority 4 384 vrrp timers advertise 4 385 vrrp preempt 4 386 show vrr...

Page 25: ...ES A Software Specifications A 1 Software Features A 1 Management Features A 3 Standards A 3 Management Information Bases A 4 B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3 Glossary Index ...

Page 26: ...TABLE OF CONTENTS xxvi ...

Page 27: ...Priority Levels 3 205 Table 3 14 Mapping IP Precedence 3 211 Table 3 15 Mapping DSCP Priority 3 213 Table 3 16 Address Resolution Protocol 3 273 Table 3 17 ARP Statistics 3 280 Table 3 18 IP Statistics 3 282 Table 3 19 ICMP Statistics 3 285 Table 3 20 USP Statistics 3 287 Table 3 21 TCP Statistics 3 288 Table 3 22 RIP Information and Statistics 3 301 Table 4 1 General Command Modes 4 7 Table 4 2 C...

Page 28: ...ble 4 29 RADIUS Client Commands 4 94 Table 4 30 TACACS Client Commands 4 99 Table 4 31 Port Security Commands 4 102 Table 4 32 802 1X Port Authentication Commands 4 104 Table 4 33 Access Control List Commands 4 116 Table 4 34 IP ACL Commands 4 116 Table 4 35 MAC ACL Commands 4 128 Table 4 36 ACL Information Commands 4 137 Table 4 37 SNMP Commands 4 139 Table 4 38 show snmp engine id display descri...

Page 29: ...ommands 4 269 Table 4 67 Priority Commands Layer 2 4 269 Table 4 68 Default CoS Priority Levels 4 273 Table 4 69 Priority Commands Layer 3 and 4 4 276 Table 4 70 Mapping IP Precedence to CoS Values 4 279 Table 4 71 Mapping IP DSCP to CoS Values 4 280 Table 4 72 Quality of Service Commands 4 284 Table 4 73 Multicast Filtering Commands 4 296 Table 4 74 IGMP Snooping Commands 4 296 Table 4 75 IGMP Qu...

Page 30: ...0 Table 4 94 show ip ospf network display description 4 371 Table 4 95 show ip ospf router display description 4 373 Table 4 96 show ip ospf summary display description 4 374 Table 4 97 show ip ospf interface display description 4 375 Table 4 98 show ip ospf neighbor display description 4 377 Table 4 99 show ip ospf virtual links display description 4 378 Table 4 100 Static Multicast Routing Comma...

Page 31: ... 3 35 Figure 3 16 Configuring the Telnet Interface 3 37 Figure 3 17 System Logs 3 40 Figure 3 18 Remote Logs 3 42 Figure 3 19 Displaying Logs 3 43 Figure 3 20 Enabling and Configuring SMTP Alerts 3 45 Figure 3 21 Renumbering the Stack 3 47 Figure 3 22 Resetting the System 3 47 Figure 3 23 SNTP Configuration 3 49 Figure 3 24 Clock Time Zone 3 50 Figure 3 25 Enabling the SNMP Agent 3 53 Figure 3 26 ...

Page 32: ... Figure 3 53 Port Port Information 3 120 Figure 3 54 Port Port Configuration 3 124 Figure 3 55 Static Trunk Configuration 3 127 Figure 3 56 LACP Trunk Configuration 3 129 Figure 3 57 LACP Aggregation Port 3 132 Figure 3 58 LACP Port Counters Information 3 134 Figure 3 59 LACP Port Internal Information 3 137 Figure 3 60 LACP Port Neighbors Information 3 139 Figure 3 61 Port Broadcast Control 3 141 ...

Page 33: ...CP Priority Status 3 210 Figure 3 91 IP Precedence Priority 3 211 Figure 3 92 IP DSCP Priority 3 213 Figure 3 93 IP Port Priority Status 3 215 Figure 3 94 IP Port Priority 3 215 Figure 3 95 Configuring Class Maps 3 220 Figure 3 96 Configuring Policy Maps 3 224 Figure 3 97 Service Policy Settings 3 226 Figure 3 98 IGMP Configuration 3 229 Figure 3 99 Multicast Router Port Information 3 231 Figure 3...

Page 34: ...atic Routes 3 290 Figure 3 128 IP Routing Table 3 291 Figure 3 129 RIP General Settings 3 294 Figure 3 130 RIP Network Addresses 3 296 Figure 3 131 RIP Interface Settings 3 300 Figure 3 132 RIP Statistics 3 302 Figure 3 133 OSPF General Configuration 3 308 Figure 3 134 OSPF Area Configuration 3 312 Figure 3 135 OSPF Range Configuration 3 314 Figure 3 136 OSPF Interface Configuration 3 319 Figure 3...

Page 35: ...witch s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web SSL HTTPS Telnet SSH SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Port IEEE 802 1X MAC address filtering Access Control Lists Supports up t...

Page 36: ...hm Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs Up to 255 using IEEE 802 1Q port based protocol based or private VLANs Traffic Prioritization Default port priority traffic class map queue scheduling IP Precedence or Differentiated Services Code Point DSCP and TCP UDP Port Qualify of Service Supports Differentiated Services DiffServ Router Re...

Page 37: ...access via the console port Telnet or web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between ...

Page 38: ...t of switch connections Rate Limiting This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Port Mirroring The switch can uno...

Page 39: ... to provide network security by restricting access for a known host to a specific port IEEE 802 1D Bridge The switch supports IEEE 802 1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses Store and Forward Switching The switch copies each frame int...

Page 40: ...1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP compliant mode if they detect STP protocol messages from attached devices Multiple Spanning Tree Protocol MSTP IEEE 802 1s This protocol is a direct extension of RSTP It can provide an independent spanning tree for differen...

Page 41: ...ioritization This switch prioritizes each packet based on the required level of service using eight priority queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions can be used to provide independent priorities for delay sensitive data and best effort data This switch also ...

Page 42: ...le backup routers The backups can be configured to take over the workload if the master fails or to load share the traffic The primary goal of this protocol is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down Address Resolution Protocol The switch uses ARP and Proxy ARP to convert between IP addresses and M...

Page 43: ... Filtering Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real time delivery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and Query at Layer 2 and IGMP at Layer 3 to manage multicast group registration System Defaults The switch s system defaults are provide...

Page 44: ...abled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Community Strings public read only private read write Traps Authentication traps enabled Link up down events enabled SNMP V3 View defaultview Group public read only private read write Port Configuration Admin Status...

Page 45: ...ng Edge Port Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port interface Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 IP Precedence Priority Disabl...

Page 46: ...r Redundancy VRRP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled IGMP Layer 3 Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled There are interoperability problems between Flow Control and Head of Line HOL blocki...

Page 47: ...s HTTP web agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial con...

Page 48: ...tering Filter packets using Access Control Lists ACLs Configure up to 255 IEEE 802 1Q VLANs Enable GVRP automatic VLAN registration Configure IP routing for unicast traffic Configure router redundancy Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service C...

Page 49: ...o connect a terminal to the console port complete the following steps 1 Connect the console cable to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate ...

Page 50: ...switch s onboard agent via a network connection you must first configure it with a valid IP address subnet mask and default gateway using a console connection DHCP or BOOTP protocol The IP address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignment via DHCP or BOOTP see Setting an IP Address on page 2 10 Notes 1 This switch suppor...

Page 51: ...he stack if the Master unit fails To configure any unit in the stack first verify the unit number from the front panel of the switch and then select the appropriate unit number from the web or console management interface Selecting the Stack Master Note the following points about unit numbering When the stack is initially powered on the Master unit is designated as unit 1 for a ring topology For a...

Page 52: ...all configuration information to the backup unit and continues to update the backup unit with information about any subsequent configuration changes made to any unit in the stack If the Master unit fails or is powered off the backup unit will take control of the stack without any loss of configuration settings The Slave unit with the lowest MAC address is selected as the Backup unit If you want to...

Page 53: ...if the Master button is not depressed on any unit The stack reboots and resumes operations However note that the IP address will be the same for any common VLANs with active port connections that appear in both of the new stack segments To resolve the conflicting IP addresses you should manually replace the failed link or unit as soon as possible If you are using a wrap around stack topology a sin...

Page 54: ...mbered sequentially after several topology changes or failures you can reset the unit numbers using the Renumbering command in the web interface or CLI Just remember to save the new configuration settings to a startup configuration file prior to powering off the stack Master Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec...

Page 55: ...ng the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the default user name and password admin to access the Privileged Exec level 2 Type configure and press Enter 3 Type username guest password 0 pass...

Page 56: ... and management stations that exist on another network segment if routing is not enabled on this switch Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Note The IP address for this switch is obtained via DHCP by default Before you can assign an IP address to the switch you must obtain the followin...

Page 57: ...e the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service requests as soon as it is powered on To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network complete the following steps 1 From the Global Configuration mode prompt type i...

Page 58: ...information or to set a parameter the switch provides the requested data or sets the specified parameter The switch can also be configured to send information to SNMP managers without being requested by the managers through trap messages which inform the manager that certain events have occurred The switch includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management a...

Page 59: ...access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized management stations are able to both retrieve and modify MIB objects To prevent unauthorized access to the switch from SNMP version 1 or 2c clients it is recommended that you change the default community strings To configure a community string complete the following steps 1 From th...

Page 60: ...eans that authentication no authentication or authentication and privacy is used for v3 clients Then press Enter For a more detailed description of these parameters see snmp server host on page 4 143 The following example creates a trap host for each type of SNMP client Configuring Access for SNMP Version 3 Clients To configure management access for SNMPv3 clients you need to first create a view t...

Page 61: ...ur configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the current configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Enter Console config snmp server view m...

Page 62: ...at contains system settings for stack initialization including information about the unit identifier MAC address and installed module type for each unit the stack The configuration settings from the factory defaults configuration file are copied to this file which is then used to boot the stack See Saving or Restoring Configuration Settings on page 3 22 for more information See Saving or Restoring...

Page 63: ...les set as the start up file are run and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will have to be copied from the running config to a permanent file ...

Page 64: ...MANAGING SYSTEM FILES 2 18 ...

Page 65: ...ia Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 10 2 Set user names and passwor...

Page 66: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 67: ...ome Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Note The examples in this chapter are based on the S...

Page 68: ...anually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control1 Clicking on the image of a port opens the Port Configuration page as described on ...

Page 69: ... Extension Shows the bridge extension parameters 3 19 Jumbo Frames Enables support for jumbo frames 3 21 File Management 3 27 Copy Operation Allows the transfer and copying files 3 27 Delete Allows deletion of files from the flash memory 3 27 Set Startup Sets the startup file 3 27 Line 3 34 Console Sets console port connection parameters 3 34 Telnet Sets Telnet connection parameters 3 36 Log 3 38 ...

Page 70: ... 60 Remote Users Configures SNMP v3 users on a remote device 3 63 Groups Configures SNMP v3 groups 3 66 Views Configures SNMP v3 views 3 72 Security 3 53 User Accounts Configures user names passwords and access levels 3 75 Authentication Settings Configures authentication sequence RADIUS and TACACS 3 76 HTTPS Settings Configures secure HTTP settings 3 80 SSH 3 83 Settings Configures Secure Shell s...

Page 71: ...Configures IP addresses that are allowed management access 3 101 Port 3 119 Port Information Displays port connection status 3 119 Trunk Information Displays trunk connection status 3 119 Port Configuration Configures port connection settings 3 122 Trunk Configuration Configures trunk connection settings 3 122 Trunk Membership Specifies ports to group into static trunks 3 126 LACP 3 125 Configurat...

Page 72: ...utput rate limit for each port 3 144 Output Trunk Configuration Sets the output rate limit for each trunk 3 144 Port Statistics Lists Ethernet and RMON port statistics 3 145 Address Table 3 151 Static Addresses Displays entries for interface address or VLAN 3 151 Dynamic Addresses Displays or edits static entries in the Address Table 3 153 Address Aging Sets timeout for dynamically learned entries...

Page 73: ... for a specified MST instance 3 179 VLAN 3 181 802 1Q VLAN GVRP Status Enables GVRP VLAN registration protocol 3 185 Basic Information Displays information on the VLAN type supported by this switch 3 186 Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 3 187 Static List Used to create or remove VLAN groups 3 188 Static Table Modifies the s...

Page 74: ... priorities not implemented NA Queue Mode Sets queue mode to strict priority or Weighted Round Robin 3 207 Queue Scheduling Configures Weighted Round Robin queueing 3 208 IP Precedence DSCP Priority Status Globally selects IP Precedence or DSCP Priority or disables both 3 210 IP Precedence Priority Sets IP Type of Service priority mapping the precedence tag to a class of service value 3 210 IP DSC...

Page 75: ...er for each VLAN ID 3 230 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 3 231 IP Multicast Registration Table Displays all multicast groups active on this switch including multicast IP addresses and VLAN ID 3 232 IGMP Member Port Table Indicates multicast addresses associated with the selected VLAN 3 233 DNS 3 235 General Configuration...

Page 76: ...3 269 Global Settings Enables or disables routing specifies the default gateway 3 269 Routing Interface Configures the IP interface for the specified VLAN 3 271 ARP 3 273 General Sets the protocol timeout and enables or disables proxy ARP for the specified VLAN 3 274 Static Addresses Statically maps a physical address to an IP address 3 276 Dynamic Addresses Shows dynamically learned entries in th...

Page 77: ...ng the amount of traffic and TCP connection activity 3 288 Routing 3 266 Static Routes Configures and display static routing entries 3 289 Routing Table Shows all routing entries including local static and dynamic routes 3 290 VRRP 3 256 Group Configuration Configures VRRP groups including virtual interface address advertisement interval preemption priority and authentication 3 256 Global Statisti...

Page 78: ...he Router ID and various other global settings 3 305 Area Configuration Specifies rules for importing routes into each area 3 309 Area Range Configuration Configures route summaries to advertise at an area boundary 3 313 Interface Configuration Shows area ID and designated router also configures OSPF protocol settings and authentication for each interface 3 315 Virtual Link Configuration Configure...

Page 79: ...ss The physical layer address for this switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface NSSA Settings Configures settings for importing routes into or exporting routes out of not so stubby areas 3 329 Link State Database Information Shows information about different OSPF Link State Advertisements LSAs stored in thi...

Page 80: ...rt used by the Telnet interface Authentication login Shows the user login authentication sequence Jumbo Frame Shows if jumbo frames are enabled POST result Shows results of the power on self test Web Click System System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the...

Page 81: ...onfig snmp server contact Ted 4 142 Console config exit Console show system 4 80 System description SMC8724ML3 L3 GE Switch System OID string 1 3 6 1 4 1 202 20 45 System information System Up time 0 days 1 hours 28 minutes and 0 51 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC address unit1 00 30 F1 D4 73 A0 Web server enabled Web server port 80 Web secure server enabled W...

Page 82: ...f loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave These additional parameters are displayed for the CLI Unit ID Unit number in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 3 4 Swi...

Page 83: ...Refer to Class of Service Configuration on page 3 203 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 151 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ...

Page 84: ...he Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Displaying Bridge Extension Configuration CLI Enter the following command Console show bridge ext 4 265 Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tag...

Page 85: ...ch as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes Jumbo Packet Status Configures support for jumbo frames Default Disable...

Page 86: ... not be accepted by the CLI program Command Usage This section describes how to configure a single local interface for initial access to the stack To configure multiple IP interfaces on this stack you must set up an IP interface for each VLAN page 3 271 To enable routing between the different interfaces on this stack you must enable IP routing page 3 269 To enable routing between the interfaces de...

Page 87: ...te you can manage the stack through any configured IP interface Valid IP addresses consist of four numbers 0 to 255 separated by periods Default 0 0 0 0 Subnet Mask This mask identifies the host address bits used for routing to specific subnets Default 255 0 0 0 Default Gateway IP address of the gateway router between the stack and management stations that exist on other network segments Default 0...

Page 88: ...y the default gateway and click Apply Figure 3 8 Default Gateway CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 187 Console config if ip address 10 1 0 253 255 255 255 0 4 308 Console config if exit Console config ip default gateway 10 1 0 254 4 310 Console config ...

Page 89: ...tion is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the stack will also broadcast a request for IP configuration settings on each power reset Figure 3 9 IP Interface Configuration DHCP Note If you lose your management connection make a console connection to the Master unit and enter show i...

Page 90: ...f the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Console config Console config interface vlan 1 4 187 Console config if ip address dhcp 4 308 Console config if end Console...

Page 91: ...le from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify opcode operational code to copy firmware File Name The file name should not contain s...

Page 92: ... the startup file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new...

Page 93: ... click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 11 Setting the Startup Code To delete a file select System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 3 12 Deleting Files ...

Page 94: ... File Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a file in the switch to the startup configuration file to tftp Copies a file from the switch to a TFTP server running config to file ...

Page 95: ...ver to the startup config file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify config configuration to copy configuration settings File Name The configuration file name should not contain slashes or the leading letter of the file name...

Page 96: ... replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Management Copy Operation Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then c...

Page 97: ...n Settings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch To select another configuration file as the start up configuration use the boot system command and then restart the switch Console copy tftp startup config 4 84 TFTP server ip address 192 168 1 19 Source configuration file name config 1 St...

Page 98: ...ssword Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Silent Time Sets the amount of time the management console is inaccessible after t...

Page 99: ...e with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name accounts Default Local Web Click System Line Console Specify the consol...

Page 100: ...mber Sets the TCP port number for Telnet on the switch Default 23 Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 0 4 18 Console config line exec timeout...

Page 101: ...a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Password3 Specifies a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login Enables password checking at ...

Page 102: ...sh memory are permanently stored in the switch to assist in troubleshooting network problems Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event level...

Page 103: ...ample if level 7 is specified all messages from level 0 to level 7 will be logged to RAM Range 0 7 Default 7 Note The Flash Level must be equal to or less than the RAM Level Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning conditions e g retu...

Page 104: ...igure 3 17 System Logs CLI Enable system logging and then specify the level of messages to be logged to RAM and flash memory Use the show logging command to display the current settings Console config logging on 4 58 Console config logging history ram 0 4 58 Console config Console show logging ram 4 62 Syslog logging Disabled History logging in RAM level emergencies Console ...

Page 105: ... log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the...

Page 106: ...ty type and set the logging trap Console config logging host 10 1 0 9 4 60 Console config logging facility 23 4 60 Console config logging trap 4 4 61 Console config logging trap Console config exit Console show logging trap 4 62 Syslog logging Enabled REMOTELOG status Disabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG server ip address 10 1 0 9 REMOTELOG...

Page 107: ...mory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3 19 Displaying Logs CLI This example shows the event message stored in RAM Console show log ram 4 64 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and event no 1 0 00 01 30 2001 01 01 Unit 1 Port 1 link up notification level 6 module 5 function 1 and event ...

Page 108: ...h or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 39 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 SMTP Server List Specifies a list of up to three recipient S...

Page 109: ...y level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Specify up to five email addresses to receive the alert messages and click Apply Figure 3 20 Enabling and Configuring SMTP Alerts ...

Page 110: ... can reset the unit numbers using the Renumbering command Just remember to save the new configuration settings to a startup configuration file prior to powering off the stack Master Console config logging sendmail host 192 168 1 4 4 65 Console config logging sendmail level 3 4 66 Console config logging sendmail source email big wheels matel com 4 67 Console config logging sendmail destination emai...

Page 111: ...e top of the stack and is numbered as unit 1 and all other units are numbered sequentially down through the ring Web Click System Renumbering Figure 3 21 Renumbering the Stack CLI This example renumbers all units in the stack Resetting the System Web Click System Reset Click the Reset button to restart the switch When prompted confirm that you want reset the switch Figure 3 22 Resetting the System...

Page 112: ...ime update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This requires at least one time server to be specifie...

Page 113: ...orresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Console config sntp client 4 70 Console config sntp poll 16 4 72 Console config sntp server 10 1 0 19 ...

Page 114: ...only managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A defined set of variables known as managed...

Page 115: ...n must first submit a valid community string for authentication Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having it s own security levels There are t...

Page 116: ... Communitystring only v1 noAuth NoPriv user defined user defined user defined user defined Communitystring only v2c noAuth NoPriv public read only defaultview none none Communitystring only v2c noAuth NoPriv private read write defaultview defaultview none Communitystring only v2c noAuth NoPriv user defined user defined user defined user defined Communitystring only v3 noAuth NoPriv user defined us...

Page 117: ...community strings authorized for management access by clients using SNMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Current Displays a list of the community strings currently configured Com...

Page 118: ...re 3 26 Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station using network management platforms such as SMC EliteV...

Page 119: ... request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to issue notifications as traps or informs To send an inform to a S...

Page 120: ...dicates if the user is running SNMP v1 v2c or v3 Default v1 Trap Security Level When trap version 3 is selected you must specify one of the following security levels Default noAuthNoPriv noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPr...

Page 121: ...port trap version trap security level for v3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 27 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps 4 These are legacy notifications and therefore when used fo...

Page 122: ...NMPv3 engine is an independent SNMP agent that resides on the switch This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If th...

Page 123: ...mpute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types...

Page 124: ...defined by a unique name Users must be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read and a write view Command Attributes User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model ...

Page 125: ... model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication Protocol The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy P...

Page 126: ...nd assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 30 Configuring SNMPv3 Users ...

Page 127: ... specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host See Specifying Trap Managers and Trap Types on page 3 54 and Specifying a Remote Engine ID on page 3 59 Console config snmp server user chris group r d v3 auth md5 greenp...

Page 128: ...SNMP v1 v2c or v3 Default v1 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only availabl...

Page 129: ...ck New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete Figure 3 31 Configuring Remote SNMPv3 Users ...

Page 130: ...ication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The configured view for write acc...

Page 131: ...to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state or from the Forwarding state to the Discarding state The trap is not sent if a newRoot trap is sent for the same transition SNMPv2 Traps coldStart 1 3 6 1 6 3 1 1 5 1 A coldStart trap signifies that the SNMPv2 entit...

Page 132: ...ed that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state but not into the notPresent state This other state is indicated by the included value of ifOperStatus authenticationFailure 1 3 6 1 6 3 1 1 5 5 An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is not...

Page 133: ... This trap is sent when the fan failure has recovered swIpFilterRejectTrap 1 3 6 1 4 1 202 6 10 65 2 1 0 40 This trap is sent when an incorrect IP address is rejected by the IP Filter swSmtpConnFailure Trap 1 3 6 1 4 1 202 6 10 65 2 1 0 41 This trap is triggered if the SMTP system cannot open a connection to the mail server successfully swMainBoardVer MismatchNotificaiton 1 3 6 1 4 1 202 6 10 65 2...

Page 134: ...ow the switchThermalActionFallingThre shold swModuleInsertion Notificaiton 1 3 6 1 4 1 202 6 10 65 2 1 0 60 This trap is sent when a module is inserted swModuleRemoval Notificaiton 1 3 6 1 4 1 202 6 10 65 2 1 0 61 This trap is sent when a module is removed These are legacy notifications and therefore must be enabled in conjunction with the corresponding traps on the SNMP Configuration menu page 3 ...

Page 135: ... a new group In the New Group page define a name assign a security model and level and then select read and write views Click Add to save the new group and return to the Groups list To delete a group check the box next to the group name then click Delete Figure 3 32 Configuring SNMPv3 Groups ...

Page 136: ...gured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Console config snmp server group secu...

Page 137: ...tch MIB to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click on Edit OID Subtrees to make changes to the view settings To delete a view check the box next to the view name then click Delete Figure 3 33 Configuring SNMPv3 Views ...

Page 138: ...Settings Provide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 150 Console config exit Console show snmp view 4 151 View...

Page 139: ...rd guest The default administrator name is admin with the password admin Command Attributes Account List Displays the current list of user accounts and associated access levels Defaults admin and guest New Account Displays configuration settings for a new account User Name The name of the user Maximum length 8 characters maximum number of users 16 Access Level Specifies the user level Options Norm...

Page 140: ...ser Accounts CLI Assign a user name to access level 15 i e administrator then specify the password Configuring Local Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols ...

Page 141: ...ation database stored on the local switch If a remote authentication server is used you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and TACACS logon authentication assign a specific privilege level for each user name ...

Page 142: ...erverIndex Specifies one of five RADIUS servers that may be configured The switch attempts authentication using the listed sequence of servers The process ends when a server either approves or denies access to a user Server IP Address Address of authentication server Default 10 1 0 1 Server Port Number Network UDP port of authentication server used for authentication messages Range 1 65535 Default...

Page 143: ...t Do not use blank spaces in the string Maximum length 20 characters Note The local switch user database has to be set up by manually entering user names and passwords using the CLI See username on page 4 35 Web Click Security Authentication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIU...

Page 144: ...ius server retransmit 5 4 97 Console config radius server timeout 10 4 97 Console config radius server 1 host 192 168 1 25 4 95 Console config exit Console show radius server 4 98 Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Server 1 Server IP address 192 168 1 25 Communication key with RADIUS s...

Page 145: ...nternet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 82 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP po...

Page 146: ... a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note For maximum security we re...

Page 147: ... applications intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switch generates a public key that the client uses along with a local user name and password for access authentication SSH also encrypts all data transfer...

Page 148: ...ically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 150202455931998685443583...

Page 149: ...the public keys stored on the switch can access it The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt th...

Page 150: ...andard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encrypti...

Page 151: ...Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 3 37 SSH Host Key Settings ...

Page 152: ...ation process Range 1 5 times Default 3 Console ip ssh crypto host key generate 4 48 Console ip ssh save host key 4 48 Console show public key host 4 48 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 414232759121276032591968369...

Page 153: ...r Settings CLI This example enables SSH sets the authentication parameters and displays the current configuration It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 48 Console config ip ssh timeout 100 4 49 Console config ip ssh authentication retries 5 4 50 Console config ip ssh server key size 512 4 51 Console config end...

Page 154: ... security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table page 3 151 When the port has reached the maximum number of MAC addresses the selected port will stop learning The MAC addresses ...

Page 155: ...en when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap message and disable the port Security Status Enables or disables port security on the port Default Disabled Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 m...

Page 156: ...lowed on a port and click Apply Figure 3 39 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count and then enables port security for the port Console config interface ethernet 1 5 Console config if port security action trap and shutdown 4 102 Console config if port security max mac count 20 Console...

Page 157: ...client i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the ...

Page 158: ...itch port that will be used must be set to dot1x Auto mode Each client that needs to be authenticated must have dot1x client software installed and properly configured The RADIUS server and 802 1X client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type MD5 Som...

Page 159: ... Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 41 802 1X Global Configuration CLI This example enables 802 1X globally for the switch Console show dot1x 4 110 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Singl...

Page 160: ...he Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise This is the default setting Force Unau...

Page 161: ...onds TX Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is authorized No Connected client is not authorized Blank Displays nothing when dot1x is disabled on a port Supplicant Indicates the MAC address of a connected client Trunk Indicates if the port is configure...

Page 162: ...10 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 23 disabled Single Host ForceAuthorized n a 1 24 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Disable rea...

Page 163: ...e is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have...

Page 164: ...been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Console show dot1x statistics interface ethernet 1 4 4 110 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP E...

Page 165: ...to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and ree...

Page 166: ...anagement access for Telnet clients Console config management telnet client 192 168 1 19 4 38 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management all client 4 39 Management IP Filter HTTP Client Start IP address End IP address SNMP Client Start IP address End IP address TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 ...

Page 167: ... matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule This is done by specifying masks that control the order in which ACL rules are checked The switch...

Page 168: ...P ACL for ingress ports 5 Explicit default rule permit any any in the ingress IP ACL for ingress ports 6 Explicit default rule permit any any in the ingress MAC ACL for ingress ports 7 If no explicit rule is matched the implicit default is permit all Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL Command Attributes Name Name of the ACL Maximum...

Page 169: ...IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match and 0 bits to indica...

Page 170: ...92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Opti...

Page 171: ...ng the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 m...

Page 172: ...riteria such as service type protocol type or TCP control code Then click Add Figure 3 47 ACL Configuration Extended IP CLI This example adds three rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from c...

Page 173: ...k VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet types Any Any Ethe...

Page 174: ...select Host enter a specific address e g 11 22 33 44 55 66 If you select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 48 ACL Configuration MAC CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0...

Page 175: ...ress IP ACL Ingress MAC ACL or Egress MAC ACL but a mask can be bound to up to four ACLs of the same type Command Usage Up to seven entries can be assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the order in which the ACL rules are entered First create ...

Page 176: ... to open the configuration page Figure 3 49 Selecting ACL Mask Types CLI This example creates an IP ingress mask and then adds two rules Each rule is checked in order of precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet Console config access list ip mask precedence in 4 122 Console config ip mask acl mask host any 4 123 Console confi...

Page 177: ...o match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Source or destination address of rule must match this bitmask See the description for SubMask on page 3 105 Protocol Mask Check the protocol field Service Type Mask Check the rule for the specified priority type Options Precedence TOS ...

Page 178: ...k to check for any source or destination address a specific host address or an address range Include other criteria to search for in the rules such as a protocol type or one of the service types Or use a bitmask to search for specific protocol port s or TCP control code s Then click Add Figure 3 50 ACL Mask Configuration IP ...

Page 179: ... match any address Host to specify the host address for a single node or MAC to specify a range of addresses Options Any Host MAC Default Any Source Destination Bit Mask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bit Mask Ethernet type of rule must match this bitmask Packet Format Mask A packet format must be specified in the rule Cons...

Page 180: ...ingress or egress ACLs Set the mask to check for any source or destination address a host address or an address range Use a bitmask to search for specific VLAN ID s or Ethernet type s Or check for rules where a packet format was specified Then click Add Figure 3 51 ACL Mask Configuration MAC ...

Page 181: ...y port for egress filtering In other words only four ACLs can be bound to an interface Ingress IP ACL Egress IP ACL Ingress MAC ACL and Egress MAC ACL Console config access list mac M4 4 129 Console config mac acl permit any any 4 130 Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 4 130 Console config mac acl end Console show access list 4 137 MAC access list...

Page 182: ...to bind the ACL to an interface for egress checking the bind operation will fail Command Attributes Port Fixed port or SFP module Range 1 24 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port you want to bind to an ...

Page 183: ...ed choice Flow Control Status5 Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type6 Shows the forced preferred port type to use for combination ports 21 24 Copper Forced SFP Forced SFP Preferred Auto Trunk Member Shows if port is a trunk member Console config interface ethernet 1 1 4 187 C...

Page 184: ...P or 10GBASE LR MAC address The physical layer address for this port To access this item on the web see Setting the Switch s IP Address on page 3 22 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port du...

Page 185: ... is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the response to take when a security violation is detected shutdown trap trap and shutdown Media type Shows the forced preferred port type to use for combination ports 21 24 SMC8724ML3 or 45 48 SMC8748ML3 copper forced SFP forced SFP preferred auto...

Page 186: ...asons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need to specify the capabilities to be advertised When auto negotiation is disabled you Console show interfaces status ethernet 1 5 4 196 Information of Eth 1 13 Basic in...

Page 187: ...0half 100full 1000full SFP 1000BASE SX LX LH 1000full 10G Modules 10GBASE LR 10Gfull Media Type Shows the forced preferred port type to use for the combination ports SMC8724ML3 Ports 21 24 SMC8748ML3 Ports 45 48 Copper Forced Always uses the built in RJ 45 port SFP Forced Always uses the SFP port even if module is not installed SFP Preferred Auto Uses SFP port if both combination types are functio...

Page 188: ...rface ethernet 1 13 4 187 Console config if description RD SW 13 4 187 Console config if shutdown 4 193 Console config if no shutdown Console config if no negotiation 4 189 Console config if speed duplex 100half 4 188 Console config if negotiation Console config if capabilities 100half 4 190 Console config if capabilities 100full Console config if exit Console config interface ethernet 1 21 Consol...

Page 189: ... the other device will negotiate a trunk link between them If an LACP trunk consists of more than eight ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a p...

Page 190: ...ypes All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk Statically Configuring a Trunk Command Usage When configuring static trunks you may not be able to link switches of different types depending on the manufacturer s implementation However note that the static trunks on this swit...

Page 191: ...s Trunk Trunk identifier Range 1 32 Unit Stack unit Range 1 8 Port Port identifier Range 1 25 49 Web Click Port Trunk Membership Enter a trunk ID of 1 32 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 55 Static Trunk Configuration ...

Page 192: ...it Console config interface ethernet 1 9 4 187 Console config if channel group 1 4 206 Console config if exit Console config interface ethernet 1 10 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 4 196 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A2 Configuration Name Port admin Up Speed duplex Auto Capab...

Page 193: ...r full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 126 Command Attributes Member List Current Shows configured trunks Unit Port New Includes entry fields for creating new trunks Unit Stack unit Range 1 8 Port Port identifier Range 1 25 49 Web Click Port LACP Configuration ...

Page 194: ... admin key lacp admin key page 4 210 is not set through the CLI when a channel group is formed i e it has a null value Console config interface ethernet 1 1 4 187 Console config if lacp 4 206 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 4 196 Information of Trunk 1 Basic information Port type...

Page 195: ...stem priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a link goes down LACP port priority is used to select a backup link Range 0...

Page 196: ...You can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 57 LACP Aggregation Port ...

Page 197: ...Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 212 Channel Group System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 Console show lacp 1 internal 4 212 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPD...

Page 198: ... Number of valid LACPDUs received by this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address bu...

Page 199: ...hannel 1 Eth 1 2 LACPDUs Sent 19 LACPDUs Receive 10 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 3 9 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating re...

Page 200: ...ollection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the...

Page 201: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 212 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long time...

Page 202: ...value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the ...

Page 203: ...e side of port channel 1 Console show lacp 1 neighbors 4 212 Port channel 1 neighbors Eth 1 2 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 78 AE C0 Partner Admin Port Number 2 Partner Oper Port Number 2 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 3 Admin State defaulted distributing collecting synchronization long timeout Oper St...

Page 204: ...ed Command Usage Broadcast control does not effect IP multicast traffic The resolution for Gigabit ports is 1 packet per second pps i e any setting between 500 262143 is acceptable However the resolution for the 10 Gigabit port is in steps of 1041 pps Command Attributes Port9 Port number Trunk10 Trunk number Type Indicates the port type 1000BASE T SFP or 10GBASE LR Protect Status Shows whether or ...

Page 205: ...187 Console config if no switchport broadcast 4 194 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 4 194 Console config if end Console show interfaces switchport ethernet 1 2 4 199 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rat...

Page 206: ... same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Unit The unit whose port traffic will be monitored Range 1 8 Source Port The port whose traffic will be monitored Range 1 25 49 Type Allows you to select which traffic to mirror to the target por...

Page 207: ...d Figure 3 62 Mirror Port Configuration CLI Use the interface command to select the monitor port then use the port monitor command to specify the source port Note that default mirroring under the CLI is for both received and transmitted packets Console config interface ethernet 1 10 4 187 Console config if port monitor ethernet 1 13 4 201 Console config if ...

Page 208: ...at exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Command Attribute Rate Limit Sets the output rate limit for an interface Defau...

Page 209: ...es Group and Ethernet like MIBs as well as a detailed breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total co...

Page 210: ... this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets ...

Page 211: ...f errors Etherlike Statistics Alignment Errors The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is detected later than 512 bit times into the transmission of a packet FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not include...

Page 212: ...count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of resources Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Received ...

Page 213: ...rwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames ...

Page 214: ...RING THE SWITCH 3 150 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 64 Port Statistics ...

Page 215: ...s Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 17027 Broadcast input 231 Broadcast output 7 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test ...

Page 216: ... address of a device mapped to this interface VLAN ID of configured VLAN 1 4093 Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Figure 3 65 Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset 11 Web Only Console config mac address table static 00 e0 29 ...

Page 217: ...ddress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4093 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of ...

Page 218: ...x select the method of sorting the displayed addresses and then click Query Figure 3 66 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 4 219 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 219: ...ress Aging CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one rou...

Page 220: ...er determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bri...

Page 221: ...al Settings You can display a summary of the current bridge STA information that applies to the entire switch using the STA Information screen Field Attributes Spanning Tree State Shows if the switch is enabled to participate in an STA compliant network Bridge ID A unique identifier for this bridge consisting of the bridge priority the MST Instance ID 0 for the Common Spanning Tree when spanning t...

Page 222: ...tes with the root device through this port If there is no root port then this switch has been accepted as the root device of the Spanning Tree network Root Path Cost The path cost from the root port on this switch to the root device Configuration Changes The number of times the Spanning Tree has been reconfigured Last Topology Change Time since the Spanning Tree was last reconfigured These additio...

Page 223: ...ns interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it...

Page 224: ... MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4093 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes ...

Page 225: ...bled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Eth 1 1 information Admin status enabled Role disable State discarding External admin path cost 10000 Internal admin cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 300000 Designated port 128 1 Designated root 32768 0000...

Page 226: ...ree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tree instances A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops al...

Page 227: ...ower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LA...

Page 228: ...hat range from 1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Default 65 Configuration Digest An MD5 signature key that contains ...

Page 229: ...SPANNING TREE ALGORITHM CONFIGURATION 3 165 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 69 STA Global Configuration ...

Page 230: ...ctory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding Console config spanning tree 4 222 Console config spanning tree mode mstp 4 223 Console config spanning tree priority 4...

Page 231: ...root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 3 170 Op...

Page 232: ...ty Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned t...

Page 233: ...icker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ...

Page 234: ... attributes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 3 166 for additional information Discarding Port receives STA configuration messages but does not forward packets Console show spanning tree ethernet 1 5 4 243 Eth 1 5 information Admin status enabled Role disable State discarding External...

Page 235: ...n active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter is used by the STA to determine the best path between devic...

Page 236: ...ace is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild addr...

Page 237: ...gle instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MST Instance 0 that connects all bridges and LANs within the MST region This switch supports up to 65 instances You should try to group VLANs which cover the same general area of your network However remember that you must configure all br...

Page 238: ...TI maintains connectivity across the network you must configure a related set of bridges with the same MSTI settings Command Attributes MST Instance Instance identifier of this spanning tree Default 0 Priority The priority of a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 VLANs ...

Page 239: ...ng Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 72 MSTP VLAN Configuration ...

Page 240: ...oot 32768 1 0030F1D473A0 Current root port 7 Current root cost 10000 Number of topology changes 2 Last topology changes time sec 85 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 0 De...

Page 241: ...d Attributes MST Instance ID Instance identifier to configure Range 0 4094 Default 0 The other attributes are described under Displaying Interface Settings page 3 166 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 73 MSTP Port Information Console config spanning tree mst configuration 4 229 Co...

Page 242: ...Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000E8AAAA00 Current root port 1 Current root cost 10000 Number of topology changes 12 Last topology changes time sec 303 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper ...

Page 243: ...rmation Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the...

Page 244: ...ode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 10 Gigabit Ethernet 200 20 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 t...

Page 245: ...ey belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network ...

Page 246: ...nt it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the...

Page 247: ...rded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VLAN Registration GVRP GARP VLAN Registration Protocol defines a system whereby the switch can automatically learn the VLANs to which each end stat...

Page 248: ...e static or untagged VLANs for the switch ports connected to these devices as described in Adding Static Members to VLANs VLAN Index on page 3 190 But you can still enable GVRP on these edge switches as well as on the core switches in the network Forwarding Tagged Untagged Frames If you want to create a small port based VLAN for devices attached directly to a single switch you can assign ports to ...

Page 249: ...then inserts a VLAN tag reflecting the ingress port s default VID Enabling or Disabling GVRP Global Setting GARP VLAN Registration Protocol GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled...

Page 250: ...s switch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this switch Web Click VLAN 802 1Q VLAN Basic Information Figure 3 76 VLAN Basic Information CLI Enter the following command 15 Web Only Console show bridge ext 4 265 Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLAN learning...

Page 251: ...LAN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4093 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port memb...

Page 252: ...e members CLI Current VLAN information can be displayed with the following command Creating VLANs Use the VLAN Static List to create or remove VLAN groups To propagate information about VLAN groups used on this switch to external network devices you must specify a VLAN ID for each of these groups Console show vlan id 1 4 256 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels ...

Page 253: ...b Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it wil...

Page 254: ...on page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 3 194 Console config vlan database 4 246 Console config vlan vlan 2 name R D media ethernet state active 4 247 Console config vlan en...

Page 255: ...arry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more informat...

Page 256: ...re 3 79 VLAN Static Table Adding Static Members CLI The following example adds tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 4 187 Console config if switchport allowed vlan add 2 tagged 4 254 Console config if exit Console config interface ethernet 1 2 Console config if switchport allowed vlan add 2 untagged Console config if exit Console config interface ethernet 1 13 ...

Page 257: ...by Port Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 80 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as a t...

Page 258: ...deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group Acceptable ...

Page 259: ... GARP Leave Timer The interval a port waits before leaving a VLAN group This time should be set to more than twice the join time This ensures that after a Leave or LeaveAll message has been issued the applicants can rejoin before the port actually leaves the group Range 60 3000 centiseconds Default 60 GARP LeaveAll Timer The interval between sending out a LeaveAll query message for VLAN group part...

Page 260: ...ration CLI This example sets port 3 to accept only tagged frames assigns PVID 3 as the native VLAN ID enables GVRP sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 4 187 Console config if switchport acceptable frame types tagged 4 251 Console config if switchport ingress filtering 4 252 Console config if switchport native vlan 3 4 253 Console c...

Page 261: ...LANs and normal VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 3 82 Private VLAN Status CLI This example enables private VLANs Console config pvlan 4 257 Console config Uplink Ports pro...

Page 262: ...designated downlink ports Web Click VLAN Private VLAN Link Status Mark the ports that will serve as uplinks and downlinks for the private VLAN then click Apply Figure 3 83 Private VLAN Link Status CLI This configures port 3 as an uplink and port 5 and 6 as downlinks Console config pvlan up link ethernet 1 3 down link ethernet 1 5 4 257 Console config pvlan up link ethernet 1 3 down link ethernet 1...

Page 263: ...ical network into logical VLAN groups for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 3 188 Although not mandatory we suggest configuring a separa...

Page 264: ...ther frames types include IP ARP RARP Web Click VLAN Protocol VLAN Configuration Enter a protocol group ID frame type and protocol type then click Apply Figure 3 84 Protocol VLAN Configuration CLI The following creates protocol group 1 and then specifies Ethernet frames with IP and ARP protocol types 17 SNAP frame types are not supported by this switch due to hardware limitations Console config pr...

Page 265: ...e associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the fram...

Page 266: ... the corresponding VLAN ID and click Apply Figure 3 85 Protocol VLAN Port Configuration CLI The following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 3 Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 3 4 261 Console config if ...

Page 267: ... tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames T...

Page 268: ... config interface ethernet 1 3 4 187 Console config if switchport priority default 5 4 271 Console config if end Console show interfaces switchport ethernet 1 5 4 199 Information of Eth 1 5 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disa...

Page 269: ... applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class19 Output queue buffer Range 0 7 where 7 is the highest CoS priority queue Table 3 12 Mapping CoS Values to Egress Queues Qu...

Page 270: ...S priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 187 Console config queue cos map 0 0 4 273 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map 4 275 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 0 1 2...

Page 271: ...s prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing...

Page 272: ... queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table20 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic clas...

Page 273: ...DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP ...

Page 274: ...om the scroll down menu then click Apply Figure 3 90 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic Th...

Page 275: ...y and 7 represent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 91 IP Precedence Priority Table 3 14 Mapping IP Precedence Priority Level Traffic Type Priority Level Traffic Type 7 Network Control 3 Flash 6 Internetwork Control 2 Immediate 5 Critical 1 Pri...

Page 276: ...patibility with the three precedence bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Console config map ip precedence...

Page 277: ...presents low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field then click Apply Figure 3 92 IP DSCP Priority Table 3 15 Mapping DSCP Priority IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56...

Page 278: ...ice ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply...

Page 279: ...IP Port Priority Status to Enabled Figure 3 93 IP Port Priority Status Click Priority IP Port Priority Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box and then click Apply Figure 3 94 IP Port Priority ...

Page 280: ... DSCP values or VLAN lists Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on configured network policies different kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same clas...

Page 281: ...Map to designate a class name for a specific category of traffic 2 Edit the rules for each class to specify a type of traffic based on an access list a DSCP or IP Precedence value or a VLAN 3 Set an ACL mask to enable filtering for the criteria specified in the Class Map See Configuring an IP ACL Mask on page 3 113 or Configuring a MAC ACL Mask on page 3 115 4 Use the Policy Map to designate a pol...

Page 282: ...the Class Map See Configuring an IP ACL Mask on page 3 113 or Configuring a MAC ACL Mask on page 3 115 for information on configuring an appropriate ACL mask The class map is used with a policy map page 3 221 to create a service policy page 3 225 for a specific interface that defines packet classification service tagging and bandwidth policing Note that one or more class maps can be assigned to a ...

Page 283: ...256 characters Add Adds the specified class Back Returns to previous page with making any changes Match Class Settings Class Name List of class maps ACL List Name of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 VLAN A VLAN Range 1 4093 ...

Page 284: ...CONFIGURING THE SWITCH 3 220 Web Click QoS DiffServ then click Add Class to create a new class or Edit Rules to change the rules of an existing class Figure 3 95 Configuring Class Maps ...

Page 285: ...he maximum throughput and burst rate in the Meter field and the action that results from a policy violation in the Exceed field Then finally click Add to register the new policy A policy map can contain multiple class statements that can be applied to the same interface with the Service Policy Settings page 3 225 You can configure up to 63 policers i e class maps for Fast Ethernet and Gigabit Ethe...

Page 286: ...ation page Enter a policy name and description on this page and click Add to open the Policy Rule Settings page Enter the criteria used to service ingress traffic on this page Remove Policy Deletes a specified policy Policy Configuration Policy Name Name of policy map Range 1 32 characters Description A brief description of a policy map Range 1 256 characters Add Adds the specified policy Back Ret...

Page 287: ...page 3 218 Range CoS 0 7 DSCP 0 63 IP Precedence 0 7 Meter Check this to define the maximum throughput burst rate and the action that results from a policy violation Rate kbps Rate in kilobits per second Range 1 100000 kbps or maximum port speed whichever is lower Burst byte Burst in bytes Range 64 1522 Exceed Specifies whether the traffic that exceeds the specified rate or burst will be dropped o...

Page 288: ...TCH 3 224 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 96 Configuring Policy Maps ...

Page 289: ...fine a policy map and finally bind the service policy to the required interface You can only bind one policy map to an interface The current firmware does not allow you to bind a policy map to an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy ...

Page 290: ...such as videoconferencing or streaming audio A multicast server does not have to establish a separate connection with each client It merely broadcasts its service to the network and any hosts that want to receive the multicast register with their local multicast switch router Although this approach reduces the network overhead required by a multicast server the broadcast traffic must be carefully ...

Page 291: ... switches instead of flooding traffic to all ports in the subnet VLAN Layer 2 IGMP Snooping and Query IGMP Snooping and Query If multicast routing is not supported on other switches in your network you can use IGMP Snooping and IGMP Query page 3 228 to monitor IGMP service requests passing between multicast clients and servers and dynamically configure the switch ports which need to forward multic...

Page 292: ...r A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will con...

Page 293: ...e entry from its list Range 5 25 seconds Default 10 IGMP Query Timeout The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 seconds Default 300 IGMP Version Sets the protocol version for compatibility with other devices on the network Range 1 2 Default 2 Notes 1 All syst...

Page 294: ...witch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Console config ip igmp snooping 4 297 Console config ip igmp snooping querier 4 301 Console config ip igmp snooping query count 10 4 301 Console config ip igmp snooping query...

Page 295: ... the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command ...

Page 296: ...ple configures port 11 as a multicast router port within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have...

Page 297: ...ntry was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in Configuring IGMP Snooping and Query Parameters on page 3 228 For certain applications that require tighter control you may need to statically configure a multicast service on the switch First ad...

Page 298: ...oming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Unit Stack unit Range 1 8 Port or Trunk Specifies the interface attached to a multicast router switch Web Click IGMP Snooping IGMP Member Port Table Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router indicate the VLAN that will propagate the...

Page 299: ...resses configure default domain names or specify one or more name servers to use for domain name to address translation Configuring General DNS Server Parameters Command Usage To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted nota...

Page 300: ... with no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enables DNS host name to address translation Default Domain Name21 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List Defines a list of domain names that can be appended to incomplete host names Ran...

Page 301: ...eb Select DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply Figure 3 103 DNS General Configuration ...

Page 302: ...ork devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Console config ip domain name sample com 4 179 Console config ip domain list sample com uk 4 18...

Page 303: ... 64 characters IP Address Internet address es associated with a host name Range 1 8 addresses Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply Figure 3 104 DNS Static Host Table ...

Page 304: ...che entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Console config ip h...

Page 305: ...4 CNAME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POINTER TO 4 51 www microsoft com 6 4 CNAME 207 46 68 27 71964 msn com tw 7 4 ALIAS POINTER TO 6 71964 www msn com tw 8 4 CNAME 65 54 131 192 605 passportimages com 9 4 ALIAS POINTE...

Page 306: ...information about the host s boot image including the TFTP server to access for download and the name of the boot file or boot information for NetBIOS Windows Internet Naming Service WINS Configuring DHCP Relay Service This switch supports DHCP relay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the reque...

Page 307: ...the switch s DHCP relay agent in order of preference Restart DHCP Relay Use this button to enable or re initialize DHCP relay service Web Click DHCP Relay Configuration Enter up to five IP addresses for any VLAN then click Restart DHCP Relay to start the relay service Figure 3 106 DHCP Relay Configuration CLI This example specifies one DHCP relay server for VLAN 1 and enables the relay service Con...

Page 308: ...hosts based on the client identifier code or MAC address Command Usage First configure any excluded addresses including the address for this switch Then configure address pools for the network interfaces You can configure up to 8 network address pools You can also manually bind an address to a specific client if required However any fixed addresses must fall within the range of an existing network...

Page 309: ... Excluded Addresses Specifies IP addresses that the DHCP server should not assign to DHCP clients You can specify a single address or an address range New Excluded Addresses New entries for excluded addresses can be specified as a single address or an address range Note Be sure you exclude the address for this switch and other key network devices Web Click DHCP Server General Enter a single addres...

Page 310: ...ver If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is found it assigns an address from the matching net...

Page 311: ...s pool Setting the Host Parameters IP The IP address of the DHCP address pool Subnet Mask Specifies the network mask of the client Hardware Address Specifies the MAC address and protocol used on the client Options Ethernet IEEE802 FDDI Default Ethernet Client Identifier A unique designation for the client device either a text string 1 15 characters or hexadecimal value Setting the Optional Paramet...

Page 312: ... Next Server Next Server The IP address of the next server in the boot process which is typically a Trivial File Transfer Protocol TFTP server Lease Time The duration that an IP address is assigned to a DHCP client Options fixed period Infinite Default 1 day Examples Creating a New Address Pool Web Click DHCP Server Pool Configuration Specify a pool name then click Add Figure 3 108 DHCP Server Poo...

Page 313: ...ver Pool Configuration Click the Configure button for any entry Click the radio button for Network Enter the IP address and subnet mask for the network pool Configure the optional parameters such as gateway server and DNS server Then click Apply Figure 3 109 DHCP Server Pool Network Configuration ...

Page 314: ...dhcp default router 10 1 0 253 4 165 Console config dhcp dns server 10 2 3 4 4 167 Console config dhcp netbios name server 10 1 0 33 4 169 Console config dhcp netbios node type hybrid 4 170 Console config dhcp domain name example com 4 166 Console config dhcp bootfile wme bat 4 168 Console config dhcp next server 10 1 0 21 4 167 Console config dhcp lease infinite 4 171 Console config dhcp ...

Page 315: ... Configuration Click the Configure button for any entry Click the radio button for Host Enter the IP address subnet mask and hardware address for the client device Configure the optional parameters such as gateway server and DNS server Then click Apply Figure 3 110 DHCP Server Pool Host Configuration ...

Page 316: ...en addresses by the switch Note More than one DHCP server may respond to a service request by a host In this case the host generally accepts the first address assigned by any DHCP server Console config ip dhcp pool mgr 4 163 Console config dhcp host 10 1 0 19 255 255 255 0 4 172 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 4 174 Console config dhcp client identifier text bear 4 ...

Page 317: ... address from the DHCP server s database Figure 3 111 DHCP Server IP Binding CLI This example displays the current binding and then clears all automatic binding Console show ip dhcp binding 4 176 IP MAC Lease Time Start 10 1 0 20 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console clear ip dhcp binding 4 175 Console ...

Page 318: ...n case the primary gateway goes down This switch supports the Virtual Router Redundancy Protocol VRRP This protocol requires you to specify the interface of one of the routers participating in the virtual group as the address for the master virtual router VRRP then selects the backup routers based on the specified virtual router priority Router redundancy can be set up in any of the following conf...

Page 319: ...1 3 VR Priority 255 Master Router VRID 25 IP R2 192 168 2 17 IP VR25 192 168 2 17 VR Priority 255 Backup Router VRID 23 IP R3 192 168 1 4 IP VR23 192 168 1 3 VR Priority 100 VRID 25 IP R3 192 168 2 18 IP VR23 192 168 2 17 VR Priority 100 Router 1 VRID 23 Master IP R1 192 168 1 3 IP VR23 192 168 1 3 VR Priority 255 VRID 25 Backup IP R1 192 168 1 3 IP VR25 192 168 1 5 VR Priority 100 Router 2 VRID 2...

Page 320: ...s assigned to the virtual router must already be configured on the router that will be the Owner In other words the IP address for the virtual router exists on one and only one router in the virtual router group and the network mask for the virtual router address is derived from the Owner The Owner will also assume the role of the Master virtual router in the group If you have multiple secondary a...

Page 321: ...e preempt function only allows a backup router to take over from another backup router that is temporarily acting as the group master If preemption is enabled and this router has a higher priority than the current acting master when it comes on line it will take over as the acting group master You can add a delay to the preempt function to give additional time to receive an advertisement message f...

Page 322: ...aster Range 1 255 seconds Default 1 second VRRP advertisements from the current master virtual router include information about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be processed by network devices that are not part of the designated VRRP group If the master ro...

Page 323: ... selected then you must also enter an authentication string All routers in the same VRRP group must be set to the same authentication mode and be configured with the same authentication string Plain text authentication does not provide any real security It is supported only to prevent a misconfigured router from participating in VRRP Authentication String Key used to authenticate VRRP packets rece...

Page 324: ...CONFIGURING THE SWITCH 3 260 Web Click IP VRRP Group Configuration Select the VLAN ID enter the VRID group number and click Add Figure 3 112 VRRP Group Configuration ...

Page 325: ... a real interface on this router to make it the master virtual router for the group Otherwise enter the virtual address for an existing group to make it a backup router Click Add IP to enter an IP address into the Associated IP Table Then set any of the other parameters as required and click Apply Figure 3 113 VRRP Group Configuration Detail ...

Page 326: ...an unknown or unsupported version number VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual router Console config interface vlan 1 4 249 Console config if vrrp 1 ip 192 168 1 6 4 382 Console config if vrrp 1 ip 192 168 2 6 secondary Console config if vrrp 1 timers advertise 5 4 385 Console config if vrrp 1 preempt delay 10 4 386 Console c...

Page 327: ... IP interface Range 1 4093 Default 1 VRID VRRP group identifier Range 1 255 Times Become Master Number of times this router has transitioned to master Received Packets Number of VRRP advertisements received by this router Error Interval Packets Number of VRRP advertisements received for which the advertisement interval is different from the one configured for the local virtual router Authenticatio...

Page 328: ...router with an invalid value in the type field Error Address List Packets Number of packets received for which the address list does not match the locally configured list for the virtual router Invalid Authentication Type Packets Number of packets received with an unknown authentication type Mismatch Authentication Type Packets Number of packets received with Auth Type not equal to the locally con...

Page 329: ...these VLANs page 3 190 and then assign an IP interface to each VLAN page 3 271 By separating the network into different VLANs it can be partitioned into subnetworks that are disconnected at Layer 2 Network traffic within the same subnet is still switched using Layer 2 switching And the VLANs can now be interconnected only as required with Layer 3 switching Console show vrrp 1 interface vlan 1 coun...

Page 330: ...s well as traditional routing These functions include Layer 2 forwarding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing Based on the Layer 3 destination address Replacing destination source MAC addresses for each hop Incrementing the hop count Decrementing the time to live Verifying and recalculating the Layer 3 checksum VLAN 1 VLAN 2 Inter subnet traffic Layer 3...

Page 331: ...destination node via the correct path The router can also use the ARP protocol to find out the MAC address of the destination node of the next router as necessary Note In order to perform IP switching the switch should be recognized by other network nodes as an IP router either by setting it as the default gateway or by redirection from another router via the ICMP process When the switch receives ...

Page 332: ...Management Routing Path Management involves the determination and updating of all the routing information required for packet forwarding including Handling routing protocols Updating the routing table Updating the Layer 3 switching database Routing Protocols The switch supports both static and dynamic routing Static routing requires routing information to be stored in the switch either manually or...

Page 333: ...switch supports IP routing only Non IP protocols such as IPX and Appletalk cannot be routed by this switch and will be confined within their local VLAN group unless bridged by an external router To coexist with a network built on multilayer switches the subnetworks for non IP protocols must follow the same logical boundary as that of the IP subnetworks A separate multi protocol router can then be ...

Page 334: ...IP protocols e g NetBuei NetWare or AppleTalk are switched based on MAC addresses If IP routing is disabled all packets are switched with filtering and forwarding decisions based strictly on MAC addresses Default Gateway The routing device to which the switch will pass packets for all unknown subnets i e packets that do not match any routing table entry Valid IP addresses consist of four numbers 0...

Page 335: ...is attached and the router s host number on that network In other words a router interface address defines the network and subnetwork numbers of the segment that is connected to that interface and allows you to send IP packets to or from the router Before you configure any network interfaces on this router you should first create a VLAN for each unique user group or for each network application an...

Page 336: ...ddress DHCP BOOTP values include the IP address and subnet mask IP Address Address of the VLAN interface Valid IP addresses consist of four numbers 0 to 255 separated by periods Subnet Mask This mask identifies the host address bits used for routing to specific subnets Web Click IP General Routing Interface Specify an IP interface for each VLAN that will support routing to other subnets First spec...

Page 337: ...ong the path to its final destination in this way with each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry for an IP address in the ARP cache the router will broadcast an ARP request packet to all devices on the network The ARP request contains the following fields...

Page 338: ...hen the router receives an ARP request for a remote network and Proxy ARP is enabled it determines if it has the best route to the remote network and then answers the ARP request by sending its own MAC address to the requesting node That node then sends traffic to the router which in turn uses its own routing table to forward the traffic to the remote destination Basic ARP Configuration You can us...

Page 339: ...ad to increased ARP traffic and increased search time for larger ARP address tables Command Attributes Timeout Sets the aging time for dynamic entries in the ARP cache Range 300 86400 seconds Default 1200 seconds or 20 minutes Proxy ARP Enables or disables Proxy ARP for specified VLAN interfaces Web Click IP ARP General Set the timeout to a suitable value for the ARP cache enable Proxy ARP for sub...

Page 340: ...tries in the ARP cache Static entries will not be aged out or deleted when power is reset You can only remove a static entry via the configuration interface Command Attributes IP Address IP address statically mapped to a physical MAC address Valid IP addresses consist of four numbers 0 to 255 separated by periods MAC Address MAC address statically mapped to the corresponding IP address Valid MAC a...

Page 341: ...eplies to broadcast messages You can display all of the dynamic entries in the ARP cache change specific dynamic entries into static entries or clear all dynamic entries from the cache Command Attributes IP Address IP address of a dynamic entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static22 ...

Page 342: ...esses CLI This example shows all entries in the ARP cache Console show arp 4 316 Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 Total entry 6 Console clear a...

Page 343: ...oadcast addresses Command Attributes IP Address IP address of a local entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Entry Count The number of local entries in the ARP cache Web Click IP ARP Other Addresses Figure 3 121 ARP Other Addresses ...

Page 344: ...ress Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 Total entry 6 Console Table 3 17 ARP Statistics Parameter Description Received Request Number of ARP Request packets received by the router Received Reply Numb...

Page 345: ...ed 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0...

Page 346: ...tion field was not a valid address for this entity Received Packets Discarded The number of input datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffer space Output Requests The total number of datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Output Packet No Route The...

Page 347: ...rted protocol Received Packets Delivered The total number of input datagrams successfully delivered to IP user protocols including ICMP Discarded Output Packets The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Fragments Created The number of datagram fragments that have be...

Page 348: ...packets ICMP is therefore an integral part of the Internet Protocol ICMP messages may be used to report various situations such as when a datagram cannot reach its destination when the gateway does not have the buffering capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitabl...

Page 349: ...t Parameter Problems The number of ICMP Parameter Problem messages received sent Source Quenches The number of ICMP Source Quench messages received sent Redirects The number of ICMP Redirect messages received sent Echos The number of ICMP Echo request messages received sent Echo Replies The number of ICMP Echo Reply messages received sent Timestamps The number of ICMP Timestamp request messages re...

Page 350: ...CONFIGURING THE SWITCH 3 286 Web Click IP Statistics ICMP Figure 3 124 ICMP Statistics CLI See the example on page 3 280 ...

Page 351: ...o slow or just unnecessary Web Click IP Statistics UDP Figure 3 125 UDP Statistics CLI See the example on page 3 280 Table 3 20 USP Statistics Parameter Description Datagrams Received The total number of UDP datagrams delivered to UDP users Datagrams Sent The total number of UDP datagrams sent from this entity Receive Errors The number of received UDP datagrams that could not be delivered for reas...

Page 352: ...led Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD state plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN RCVD state Current Connections The number of TCP connections for which the current state is either ESTABLISHED or CLOSE WAIT Receive ...

Page 353: ... using dynamic routing Static routes do not automatically change in response to changes in network topology so you should only configure a small number of stable routes to ensure network accessibility Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Netmask Network mask for the associated IP subnet This mask identifie...

Page 354: ...rk interfaces via static routes or via a dynamically learned route If route information is available through more than one of these methods the priority for route selection is local static and then dynamic Also note that the route for a local interface is not enabled i e listed in the routing table unless there is at least one active link connected to that interface Command Attributes Interface In...

Page 355: ...ateway in this route Protocol The protocol which generated this route information Options local static RIP OSPF Metric Cost for this interface Entry Count The number of table entries Web Click IP Routing Routing Table Figure 3 128 IP Routing Table CLI This example shows routes obtained from various methods Console show ip route 4 320 Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 ...

Page 356: ... that would cause endless retransmission of data traffic RIP utilizes the following three methods to prevent loops from occurring Split horizon Never propagate routes back to an interface port from which they have been acquired Poison reverse Propagate routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergenc...

Page 357: ...To communicate properly with other routers using RIP you need to specify the RIP version used globally by the router as well as the RIP send and receive versions used on specific interfaces page 3 296 Command Usage When you specify a Global RIP Version any VLAN interface not previously set to a specific Receive or Send Version page 3 296 is set to the following values RIP Version 1 configures prev...

Page 358: ...e been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable However packets are still forwarded on this route Default 180 seconds Garbage Collection After the timeout interval expires the router waits for an interval specified by the garbage collection timer before removing this entry from the routing table T...

Page 359: ...ddress In other words if a subnet address nnn xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address are used 192 223 is class C and the first three fields in the network address are used Console config router rip 4 325 Console config router version 2...

Page 360: ...ch interface that participates in the RIP routing process you must specify the protocol message type accepted i e RIP version and the message type sent i e RIP version or compatibility mode the method for preventing loopback of protocol messages and whether or not authentication is used i e authentication only applies if RIPv2 messages are being sent or received Console config router rip 4 325 Con...

Page 361: ...ll routers in the local network are based on RIPv1 or RIPv2 respectively Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the network using the RIPv2 advertisement list instead of multicasting as normally required by RIPv2 Using this mode allows RIPv1 routers to receive these protocol messages but still allows RIPv2 routers to receive the additional informati...

Page 362: ...ter by its neighbors Malicious or unwanted protocol messages can be easily propagated throughout the network if no authentication is required RIPv2 supports authentication via a simple password When a router is configured to exchange authentication messages it will insert the password into all transmitted protocol packets and check all received packets to ensure that they contain the authorized pa...

Page 363: ...y i e 16 before the route is deemed unreachable Split Horizon This method never propagates routes back to an interface from which they have been acquired Poision Reverse This method propagates routes back to an interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Authentication Type Specifies whether or not authenticatio...

Page 364: ... of preventing instability in the network topology to Split Horizon enables authentication via a simple password i e called text mode in the CLI Displaying RIP Information and Statistics You can display basic information about the current global configuration settings for RIP statistics about route changes and queries information about the interfaces on this router that are using RIP and informati...

Page 365: ... RIPv2 rip1Compatible ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1Orv2 InstabilityPreventing Shows if split horizon poison reverse or no instability prevention method is in use AuthType Shows if authentication is set to simple password or none RcvBadPackets Number of bad RIP packets received RcvBadRoutes Number of bad routes received SendUpdates Number of route changes...

Page 366: ...CONFIGURING THE SWITCH 3 302 Web Click Routing Protocol RIP Statistics Figure 3 132 RIP Statistics ...

Page 367: ...protocol implemented in this device is based on Version 2 RFC 2328 It also supports Version 1 RFC 1583 compatibility mode to ensure that the same method is used to calculate summary route costs throughout the network when older OSPF routers exist as well as the not so stubby area option RFC 1587 Console show rip globals 4 335 RIP Process Enabled Update Time in Seconds 30 Number of Route Change 4 N...

Page 368: ...g traffic and thus inherently provides another level of routing protection In addition all routing protocol exchanges can be authenticated Finally the OSPF algorithms have been tailored for efficient operation in TCP IP Internets OSPFv2 is a compatible upgrade to OSPF It involves enhancements to protocol message authentication and the addition of a point to multipoint interface which allows OSPF t...

Page 369: ...at covers a large number of subnetwork addresses This is an important technique for limiting the amount of traffic exchanged between Area Border Routers ABRs And finally you must specify a virtual link to any OSPF area that is not physically attached to the OSPF backbone Virtual links can also be used to provide a redundant link between contiguous areas to prevent areas from being partitioned or t...

Page 370: ...n learn about external routes from this device Default Disabled Rfc1583 Compatible If one or more routers in a routing domain are using OSPF Version 1 this router should use RFC 1583 OSPFv1 compatibility mode to ensure that all routers are using the same RFC for calculating summary route costs Enable this field to force the router to calculate summary route costs using RFC 1583 Default Disabled SP...

Page 371: ... external route does not actually exist NotAlways It can only advertise a default external route into the AS if it has been configured to import external routes via RIP or static configuration and such a route is known See Redistributing External Routes on page 3 327 External Metric Type The external link type used to advertise the default route Type 1 route advertisements add the internal cost to...

Page 372: ...onfiguration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf 4 340 Console config router router id 10 1 1 253 4 340 Console config router no compatible rfc1583 4 341 Console config router default information originate always metric 10 metric type 2 4 342 Console config router timers spf 10 4 343 Console c...

Page 373: ...reduce the amount of routing traffic required through the use of route summaries that aggregate a range of addresses into a single route The backbone or any normal area can pass traffic between other areas and are therefore known as transit areas Each router in an area has identical routing tables These tables may include area links summarized links or external links that depict the topology of th...

Page 374: ...e NSSA By default these routes are not flooded onto the backbone or into any other area by area border routers However the NSSA s ABRs will convert NSSA external LSAs Type 7 into external LSAs Type 5 which are propagated into other areas within the AS Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF the default route static routes r...

Page 375: ... area or not so stubby area NSSA Area ID 0 0 0 0 is set to the backbone by default Default Normal area Default Cost Cost for the default summary route sent into a stub from an area border router ABR Range 0 16777215 Default 1 Note that if you set the default cost to 0 the router will not advertise a default route into the attached stub Summary Makes an ABR send a Type 3 summary link advertisement ...

Page 376: ...es area 0 0 0 1 as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default route to 10 Console config router network 10 1 1 0 255 255 255 0 area 0 0 0 1 4 348 Console config router area 0 0 0 2 stub summary 4 350 Console config router area 0 0 0 2 default cost 10 4 345 Conso...

Page 377: ... an IP address and network mask You therefore need to structure each area with a contiguous set of addresses so that all routes in the area fall within an easily specified range This router also supports Variable Length Subnet Masks VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs imported into your autonomous system i e local rout...

Page 378: ...tising Indicates whether or not to advertise the summary route If the summary is not sent the routes remain hidden from the rest of the network Default Advertise Note This router supports up 64 summary routes for area ranges Web Click Routing Protocol OSPF Area Range Configuration Specify the area identifier the base address and network mask select whether or not to advertise the summary route to ...

Page 379: ...guration page to assign an interface address range to an OSPF area After assigning a routing interface to an OSPF area you need to use the OSPF Interface Configuration page to configure the interface specific parameters used by OSPF to select the designated router control the timing of link state advertisements set the cost used to select preferred paths and specify the method used to authenticate...

Page 380: ...iority The DR forms an active adjacency to all other routers in the area to exchange routing topology information If for any reason the DR fails the BDR takes over this role The router with the highest priority becomes the DR and the router with the next highest priority becomes the BDR If two or more routers are set to the same priority the router with the higher ID will be elected You can set th...

Page 381: ...s Set this interval to a value that is greater than the round trip delay between any two routers on the attached network to avoid unnecessary retransmissions Hello Interval Sets the interval between sending hello packets on an interface Range 1 65535 seconds Default 10 This interval must be set to the same value for all routers on the network Using a smaller Hello interval allows changes in the ne...

Page 382: ...ut the proper key and key id it is nearly impossible to produce any message that matches the prespecified target message digest The Authentication Key and Message Digest Key id must be used consistently throughout the autonomous system Note that the Message Digest Key id field is disabled when this authentication type is selected Authentication Key Assign a plain text password used by neighboring ...

Page 383: ...to this router with the new key the router will stop using the old key This rollover process gives the network administrator time to update all the routers on the network without affecting the network connectivity Once all the network routers have been updated with the new key the old key should be removed for security reasons Web Click Routing Protocol OSPF Interface Configuration Select the requ...

Page 384: ...g interface vlan 1 Console config if ip ospf priority 5 4 361 Console config if ip ospf transmit delay 6 4 363 Console config if ip ospf retransmit interval 7 4 362 Console config if ip ospf hello interval 5 4 361 Console config if ip ospf dead interval 50 4 360 Console config if ip ospf cost 10 4 359 Console config if ip ospf authentication message digest 4 356 Console config if ip ospf message d...

Page 385: ... you cannot configure a virtual link that runs through a stub or NSSA area Virtual links can also be used to create a redundant link between any area and the backbone to help prevent partitioning or to connect two existing backbone areas into a common backbone Command Attributes Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IP address Neighbor Route...

Page 386: ...n existing link click the Detail button for the required entry modify the link settings and click Set Figure 3 138 OSPF Virtual Link Configuration CLI This example configures a virtual link from the ABR adjacent to area 0 0 0 4 through a transit area to the neighbor router 10 1 1 252 at the other end of the link which is adjacent to the backbone Console config router area 0 0 0 0 virtual link 10 1...

Page 387: ...st be connected to a backbone area This area passes routing information between other areas in the autonomous system The default value 0 0 0 0 is used as the Area ID for the backbone All routers must be connected to the backbone either directly or through a virtual link if a direct physical connection is not possible An area initially configured via the Network Area Address Configuration page is s...

Page 388: ...f routers that share common routing information The area ID must be in the form of an IP address Note This router supports up to 16 total areas either normal transit areas stubs or NSSAs Web Click Routing Protocol OSPF Network Area Address Configuration Configure a backbone area that is contiguous with all the other areas in your network configure an area for all of the other OSPF interfaces then ...

Page 389: ... and then configure one or more summary addresses to reduce the size of the routing table and consolidate these external routes for advertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 3 313 Console config router network 10 0 0 0 255 0 0 0 area 0 0 0 0 4 348 Console config router network 10 1 1 0 255 255 255 0 area 0 0 0 1 Conso...

Page 390: ... 16 Type 5 summary routes Web Click Routing Protocol OSPF Summary Address Configuration Specify the base address and network mask then click Add Figure 3 140 OSPF Summary Address Configuration CLI This example This example creates a summary address for all routes contained in 192 168 x x Console config router summary address 192 168 0 0 255 255 0 0 4 346 Console config router ...

Page 391: ...efault external route into the AS if it has been configured to always advertise a default route even if an external route does not actually exist page 3 305 Metric type specifies the way to advertise routes to destinations outside the autonomous system AS via External LSAs Specify Type 1 to add the internal cost metric to the external route metric In other words the cost of the route from any rout...

Page 392: ...ernal route costs Options Type 1 Type 2 Default Type 1 Redistribute Metric Metric assigned to all external routes for the specified protocol Range 1 65535 Default 10 Web Click Routing Protocol OSPF Redistribute Specify the protocol type to import the metric type and path cost then click Add Figure 3 141 OSPF Redistribute Configuration CLI This example redistributes routes learned from RIP as Type ...

Page 393: ...7 external LSAs throughout its area for known network destination outside of the AS However you can also configure an NSSA ASBR to generate a Type 7 default route to areas outside of the AS or an NSSA ABR to generate a Type 7 default route to other areas within the AS Default Disabled No Redistribution The Redistribute Configuration page page 3 327 is used to import information from other routing ...

Page 394: ... routes using Link State Advertisements LSAs The full collection of LSAs collected by a router interface from the attached area is known as a link state database Routers that are connected to multiple interfaces will have a separate database for each area Each router in the same area should have an identical database describing the topology for that area and the shortest path to external destinati...

Page 395: ...outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an autonomous system boundary router ASBR AS External Type 5 An ASBR can generate an AS External LSA for each known network destination outside the AS NSSA External Type 7 An ASBR within an NSSA generates an NSSA external link state advertisement for each known network destination outside the ...

Page 396: ...older duplicate LSAs CheckSum Checksum of the complete contents of the LSA Web Click Routing Protocol OSPF Link State Database Information Specify parameters for the LSAs you want to display then click Query Figure 3 143 OSPF Link State Database Information CLI The CLI provides a wider selection of display options for viewing the Link State Database See show ip ospf database on page 366 25 These i...

Page 397: ...te Type Route type either intra area or interarea route INTRA or INTER Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been executed for this route Web Click Routing Protocol OSPF Border Router Information Figure 3 144 OSPF Border Router Information CLI This example shows one router that serves as both the ABR for the local area and ...

Page 398: ...t Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent Identification flags include D Dynamic...

Page 399: ...r Information Figure 3 145 OSPF Neighbor Information CLI This shows a designated router and backup designated router as neighbors Console show ip ospf neighbor 4 376 ID Pri State Address 10 2 44 5 1 FULL DR 10 2 44 88 10 2 44 6 2 FULL BDR 10 2 44 88 Console ...

Page 400: ...CONFIGURING THE SWITCH 3 336 ...

Page 401: ...e CLI is very similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters pri...

Page 402: ...ed via DHCP by default To access the stack through a Telnet session you must first set the IP address for the Master unit and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an iso...

Page 403: ...the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify ...

Page 404: ...nfigure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a ...

Page 405: ...ists mac address table Set configuration of the address table management Show management IP filter map Map priority marking Specify marker policy map Display policy maps port Characteristics of the port protocol vlan Protocol VLAN information public key Show information of public key pvlan Information of private VLAN queue Information of priority queue radius server RADIUS server information rip R...

Page 406: ...essages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then...

Page 407: ...en you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session ...

Page 408: ...on volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands are used for packet filtering DHCP Configuration These commands are used to conf...

Page 409: ...on Includes the command to create VLAN groups Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Class Map Configuration Creates a DiffServ class map for a specified traffic type Policy Map Configuration Creates a DiffServ policy map for multiple interfaces To enter the Global Configuration mode enter the command configure in Pri...

Page 410: ...extended access list ip mask precedence access list mac access list mac mask precedence Console config std acl Console config ext acl Console config ip mask acl Console config mac acl Console config mac mask acl 4 114 DHCP ip dhcp pool Console config dhcp 4 157 Interface interface ethernet port port channel id vlan id Console config if 4 186 VLAN vlan database Console config vlan 4 245 MSTP spanni...

Page 411: ... Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters th...

Page 412: ...rity and IEEE 802 1X port access control 4 91 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP frames based on MAC address or Ethernet type 4 114 SNMP Activates authentication failure traps configures community access strings and trap managers 4 139 DHCP Configures DHCP client relay and server functions 4 157 DNS Confi...

Page 413: ...idge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for the bridge extension MIB 4 264 Priority Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP UDP traffic types IP precedence and DSCP 4 269 Quality of Service Configures Differentiated Services 4...

Page 414: ... password on a line LC 4 17 timeout login response Sets the interval that the system waits for a login attempt LC 4 18 exec timeout Sets the interval that the command interpreter waits until user input is detected LC 4 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 20 silent time Sets the amount of time the management console is inacc...

Page 415: ...ed a virtual terminal connection and will be shown as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 25 show users 4 81 disconnect Terminates a line connection PE 4 24 show line Displays a terminal line s parameters NE PE 4...

Page 416: ...figuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login selects no au...

Page 417: ... Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required ...

Page 418: ... Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting...

Page 419: ... CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set th...

Page 420: ...empts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections...

Page 421: ...nsole response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 20 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syn...

Page 422: ...fy 7 data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 22 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Lin...

Page 423: ...d bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you se...

Page 424: ...Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect This command terminates an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Console config line speed 57600 Console config line Console conf...

Page 425: ...nnect an SSH or Telnet connection Example Related Commands show ssh 4 55 show users 4 81 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Console disconnect 1 Console ...

Page 426: ...c Console Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28 configure Activates global configuration mode PE 4 28 show history Shows the command history buffer NE PE 4 29 reload Restarts the system PE 4 30 end Returns to Privileged Exec mode any config mode 4 30 exit Returns to the previous con...

Page 427: ...0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 4 37 The character is appended to the end of the prompt to indicate that the system is in priv...

Page 428: ...cter is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 27 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Config...

Page 429: ... Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 430: ...ad This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows how to reset the switch end T...

Page 431: ... mode exit This command returns to the previous configuration mode or exits the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Console config if end Console Console config exit Conso...

Page 432: ...able 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 33 User Access Configures the basic user names and passwords for management access 4 35 IP Filter Configures IP addresses that are allowed management access 4 38 Web Server Enables management access via a web browser 4 40 Telnet Server Enables management ...

Page 433: ...splays system configuration active managers and version information 4 75 Frame Size Enables support for jumbo frames 4 82 Table 4 8 Device Designation Commands Command Function Mode Page prompt Customizes the prompt used in PE and NE mode GC 4 33 hostname Specifies the host name for the switch GC 4 34 snmp server contact Sets the system contact string GC 4 142 snmp server location Sets the system ...

Page 434: ...iguration Example switch renumber This command resets the switch unit identification numbers in the stack All stack members are numbered sequentially starting from the top unit for a non loop stack or starting from the Master unit for a looped stack Syntax switch all renumber Default Setting For non loop stacking the top unit is unit 1 For loop stacking the master unit is unit 1 Command Mode Globa...

Page 435: ...pecify that no password is required or specifies or changes a user s access level Use the no form to remove a user name Syntax username name access level level nopassword password 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec...

Page 436: ...he encrypted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how the set the access level and password for a user Table 4 10 Default Login...

Page 437: ...rivilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command page 4 27 The encrypted password is required for...

Page 438: ...s IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting address of a range end address The end address of a range Default Setting All addresses Command Mode Global Configuration Table 4 11 IP Filter Command...

Page 439: ...e an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This example restricts management access to the indicated addresses show management This command displays the client IP addresses that are allowed management acc...

Page 440: ...5 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 4 41 ip http server Allows the switch to be monitored or configured from a browser GC 4 41 ip http secure server Enables HTTPS HTTP SSL for en...

Page 441: ...The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 41 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip http ...

Page 442: ...nnot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connecti...

Page 443: ...er used for HTTPS connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Command Mode Global Configuration Table 4 13 HTTPS System Support Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service ...

Page 444: ...t also specifies the TCP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port number used by the Telnet interface port number The TCP port to be used by the browser interface Range 1 65535 Console config...

Page 445: ...H can also provide remote management access to this switch as a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a public key that the client must match along with a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that dat...

Page 446: ...ion retries Specifies the number of retries allowed by a client GC 4 50 ip ssh server key size Sets the SSH server key size GC 4 51 copy tftp public key Copies the user s public key from a TFTP server to the switch PE 4 84 delete public key Deletes the public key for the specified user PE 4 51 ip ssh crypto host key generate Generates the host key PE 4 52 ip ssh crypto zeroize Clear the host key f...

Page 447: ...941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545240839717 52646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy tftp public key command to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on ...

Page 448: ...itch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt the bytes and sends the decrypted bytes back to the switch e The switch compares the decrypted bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is auth...

Page 449: ...lect either DES 56 bit or 3DES 168 bit for data encryption You must generate DSA and RSA host keys before enabling the SSH server Example Related Commands ip ssh crypto host key generate 4 52 show ssh 4 55 ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for clien...

Page 450: ...exec timeout 4 19 show ip ssh 4 54 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Co...

Page 451: ...ts Default Setting 768 bits Command Mode Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA publ...

Page 452: ...d Exec Command Usage This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key t...

Page 453: ... Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Commands ip ssh crypto host key generate 4 52 ip ssh save host key 4 54 no ip ssh serv...

Page 454: ... key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 52 show ip ssh This command displays the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key si...

Page 455: ... version number State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc a...

Page 456: ...ates the size of the host key e g 1024 the second field is the encoded public exponent e g 35 and the last string is the encoded modulus When a DSA key is displayed the first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three i...

Page 457: ...2G395NLy5Qd7ZDxfA9mCOfT yyEfbobMJZi8oGCstSNO xrZZVnMqWrTYfdrKX7YKBw Kjw6Bm iFq7O jAhf1Dg45loAc27s6TLdtny1wRq ow2 eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZ fcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2o dVzX4Gg yqdTlYmGA7fHGm 8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 w0W Console Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging o...

Page 458: ...aved to switch memory You can use the logging history command to control the type of error messages that are stored Example Related Commands logging history 4 58 clear log 4 62 logging history This command limits syslog messages saved to switch memory based on severity The no form returns the logging of syslog messages to the default level Syntax logging history flash ram level no logging history ...

Page 459: ...ified for RAM Example Table 4 18 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g return false unexpected return 3 errors Error conditions e g invalid input default used 2 critical Critical conditions e g memory allocation or...

Page 460: ...is command more than once you can build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example logging facility This command sets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages...

Page 461: ...severity Use this command without a specified level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no logging trap level One of the syslog severity levels listed in the table on page 4 58 Messages sent include the selected level up through level 0 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with...

Page 462: ...leged Exec Example Related Commands show log 4 64 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in tempor...

Page 463: ... logging ram Syslog logging Enabled History logging in RAM level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the loggin...

Page 464: ...w logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sysl...

Page 465: ...Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and event no 1 0 00 01 30 2001 01 01 Unit 1 Port 1 link up notification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page loggingsendmailhost SMTP servers to receive alert messages GC 4 65 logging sendmail level Severity threshold used to tri...

Page 466: ... the first server configured by this command If it fails to send mail the switch selects the next server in the list and tries to send mail again If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert message...

Page 467: ... email This command sets the email address used for the From field in alert messages Syntax logging sendmail source email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator responsible...

Page 468: ...e 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Example logging sendmail This command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configurat...

Page 469: ...the clock is not set the switch will only record the time from the factory default set at the last bootup Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabled Console Table 4 22 Time Commands Comman...

Page 470: ...NTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command show sntp Shows current SNTP configuration settings NE PE 4 73 clock timezone Sets the time z...

Page 471: ...l Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Console config sntp server 10 1 0 19 Console config sntp poll 60 Console c...

Page 472: ...s when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds Default Setting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 4 70 Console config sntp server 10 1 0 19 Console Console config sntp poll 60 Console ...

Page 473: ...mand sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 0 13 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone...

Page 474: ...nds show sntp 4 73 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february...

Page 475: ...4 February 1 2002 Console Table 4 23 System Status Commands Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 76 show running config Displays the configuration data currently in use PE 4 78 show system Displays system information NE PE 4 80 show users Shows all active console and Telnet ses...

Page 476: ...displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Mu...

Page 477: ...e c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server community public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df...

Page 478: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree inst...

Page 479: ...ap 00 30 f1 d4 73 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server community private rw snmp server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e03...

Page 480: ...ion SMC8748ML3 L3 GE Switch System OID string 1 3 6 1 4 1 202 20 45 System information System Up time 0 days 0 hours 11 minutes and 15 59 seconds System Name NONE System Location NONE System Contact NONE MAC address unit1 00 20 1A DF 9E C0 Web server enabled Web server port 80 Web secure server enabled Web secure server port 443 Telnet server enable Telnet server port 23 Jumbo Frame Disabled POST ...

Page 481: ... i e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168...

Page 482: ...se the no form to disable it Syntax no jumbo frame Default Setting Disabled Command Mode Global Configuration Console show version Unit1 Serial number A422000632 Hardware version R01 EPLD version 15 15 Number of ports 24 Main power status up Redundant power status not present Agent master Unit ID 1 Loader version 1 0 1 3 Boot ROM version 1 0 1 6 Operation code version 1 0 0 0 Console Table 4 24 Fr...

Page 483: ...odes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames The current setting for jumbo frames can be displayed with the show system command page 4 80 Example Flash File Commands These commands are used to manage the system code or configuration files Console config jumbo frame Console config Table 4 2...

Page 484: ...s certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key K...

Page 485: ...ther switch in the stack Use the copy unit file command to copy a file from another switch in the stack The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server You must follow the instructions in the release notes for new firmware or contact your distributor for help For information on specifying an https certificate see Replacing the Default Secure site Certificate on page 3...

Page 486: ...ile destination file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate ...

Page 487: ...tting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Example This example shows how to delete the test2 cfg configuration file from flash memory Console copy tftp public key TFTP server IP address 192 168 1 19 Choose public k...

Page 488: ...ge If this file exists but contains errors information on this file cannot be shown unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files A colon is required after the specified unit number File information is shown below Table 4 26 File Directory Information Column Heading Descrip...

Page 489: ...he whichboot command See the table under the dir command for a description of the file information displayed by this command Console dir file name file type startup size byte Unit1 D1016 Boot Rom image Y 825500 V1000 Operation Code Y 3511280 Factory_Default_Config cfg Config File N 455 startup Config File Y 4308 startup1 cfg Config File N 4268 Total free space 24117248 Console Console whichboot fi...

Page 490: ...iguration file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified unit number and file type If the file contains an error it cannot be set as the default file Example Related Commands dir 4 88 whichboot 4 89 Conso...

Page 491: ... logon authentication method and precedence 4 91 RADIUS Client Configures settings for authentication via a RADIUS server 4 94 TACACS Client Configures settings for authentication via a TACACS server 4 99 Port Security Configures secure addresses for a port 4 101 Port Authentication Configures host authentication on specific ports using 802 1X 4 104 Table 4 28 Authentication Sequence Commands Comm...

Page 492: ...s request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication seq...

Page 493: ...ses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name...

Page 494: ...database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 4 29 RADIUS Client Commands Command Function Mode Page radius server host Specifies the RADIUS server GC 4 95 radius server port Sets the RADIUS server network port GC 4 96 radius server key...

Page 495: ...s of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS serverUDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticat...

Page 496: ...65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode G...

Page 497: ... 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 6553...

Page 498: ...leged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Server 1 Server IP address 192 168 1 1 Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Console ...

Page 499: ...r host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 4 30 TACACS Client Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 4 99 tacacs server por...

Page 500: ...1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mo...

Page 501: ...ready stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabli...

Page 502: ...NMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops learning new MAC add...

Page 503: ...d secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monitoring Cannot be a multi VLAN port Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled using the no shutdown command Example The following example enables port securi...

Page 504: ... identity packet to the client before it times out the authentication session IC 4 105 dot1x port control Sets dot1x mode for a port interface IC 4 106 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 107 dot1x re authenticate Forces re authentication on specific ports PE 4 108 dot1x re authentication Enables re authentication for all ports IC 4 108 dot1x timeout quiet pe...

Page 505: ...urable dot1x global and port settings to their default values Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count no dot1x max req count The maximum number of r...

Page 506: ... authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example Console config interface eth 1 2 Console ...

Page 507: ... max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by the dot1x port control command page 4 105 In multi host mode only one host connected to a ...

Page 508: ... 8 port Port number Range 1 25 49 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication for a specified port Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example Console dot1x re authenticate Console Console config interface eth 1 2 Console config if dot1x re authentication...

Page 509: ...od seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configura...

Page 510: ...efault 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 Console config interface eth 1 2 Console c...

Page 511: ...s for each interface including the following items reauth enabled Periodic re authentication page 4 108 reauth period Time after which a connected client must be re authenticated page 4 109 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 109 tx period Time a port waits during authentication session before re transmitting EAP packe...

Page 512: ...te including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier ...

Page 513: ...ost Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Multi Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 3 Authenticator State Machine State Authenticated Rea...

Page 514: ...hes a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There are three filtering modes Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP addre...

Page 515: ...gress checking the bind operation will fail Egress MAC ACLs only work for destination mac known packets not for multicast broadcast or destination mac unknown packets The order in which active ACLs are checked is as follows 1 User defined rules in the Egress MAC ACL for egress ports 2 User defined rules in the Egress IP ACL for egress ports 3 User defined rules in the Ingress MAC ACL for ingress p...

Page 516: ... Mode Page access list ip Creates an IP ACL and enters configuration mode for standard or extended IP ACLs GC 4 117 permit deny Filters packets matching a specified source IP address STD ACL 4 118 permit deny Filters packets meeting the specified criteria including source and destination IP address TCP UDP port number protocol type and TCP control code EXT ACL 4 119 show ip access list Displays th...

Page 517: ...of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage An egress ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no ...

Page 518: ... to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Example This...

Page 519: ... tos dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address precedence IP precedence level Range 0 7 tos Type o...

Page 520: ...u can specify both Precedence and ToS in the same rule However if DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish ...

Page 521: ...s 192 168 1 0 with the TCP control code set to SYN Related Commands access list ip 4 117 show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Console config ext acl p...

Page 522: ...obal Configuration Command Usage A mask can only be used by all ingress ACLs or all egress ACLs The precedence of the ACL rules applied to a packet is not determined by order of the rules but instead by the order of the masks i e the first mask that matches a rule will determine the rule that is applied to a packet You must configure a mask for an ACL rule before you can bind it to a port or set t...

Page 523: ...ield any Any address will be matched host The address must be for a host device not a subnetwork source bitmask Source address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source port field destination port Check the pr...

Page 524: ... order of precedence to look for a match in the ACL entries The first entry matching a mask is applied to the inbound packet This shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny 10 1 1 1 255 255 255 255 rule has the higher precedence according the ma...

Page 525: ...Console config if ip access group A2 in Console config if end Console show access list IP standard access list A2 deny host 171 69 198 102 permit any Console Console config access list ip extended A3 Console config ext acl deny host 171 69 198 5 any Console config ext acl deny 171 69 198 0 255 255 255 0 any source port 23 Console config ext acl end Console show access list IP extended access list ...

Page 526: ...c Switch config access list ip extended 6 Switch config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any control flag 2 2 Console configure Switch config access list ip mask precedence in Switch config ip mask acl mask protocol any any control flag 2 Switch co...

Page 527: ...es to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Console show access list ip mask precedence IP ing...

Page 528: ...d enters configuration mode GC 4 129 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 130 show mac access list Displays the rules for configured MAC ACLs PE 4 132 access list mac mask precedence Changes to the mode for configuring access control masks GC 4 132 mask Sets a precedence mask for the ACL rules MAC Mask 4 133 show ...

Page 529: ...ACL must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Relat...

Page 530: ...tination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit deny untagged 802 3 ...

Page 531: ...ew rules are added to the end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type...

Page 532: ...6 access list mac mask precedence This command changes to MAC Mask mode used to configure access control masks Use the no form to delete the mask table Syntax no access list ip mask precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified MAC ACLs Command Mode Global Configuration Console sh...

Page 533: ... command defines a mask for MAC ACLs This mask defines the fields to check in the packet header Use the no form to remove a mask Syntax no mask pktformat any host source bitmask any host destination bitmask vid vid bitmask ethertype ethertype bitmask pktformat Check the packet format field If this keyword must be used in the mask the packet format must be specified in ACL rule to match any Any add...

Page 534: ...s MAC ACL and bind it to a port You can then see that the order of the rules have been changed by the mask Console config access list mac M4 Console config mac acl permit any any Console config mac acl deny tagged eth2 00 11 11 11 11 11 ff ff ff ff ff ff any vid 3 Console config mac acl end Console show access list MAC access list M4 permit any any deny tagged eth2 host 00 11 11 11 11 11 any vid 3...

Page 535: ...ertype 0806 Console config mac acl end Console show access list MAC access list M5 deny tagged 802 3 host 00 11 11 11 11 11 any deny tagged eth2 host 00 11 11 11 11 11 any vid 3 ethertype 0806 Console config access list mac mask precedence out Console config mac mask acl mask pktformat ff ff ff ff ff ff any vid Console config mac mask acl exit Console config interface ethernet 1 5 Console config i...

Page 536: ... applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show mac access list 4 132 ...

Page 537: ...ll the user defined masks Command Mode Privileged Exec Command Usage Once the ACL is bound to an interface i e the ACL is active the order in which the rules are displayed is determined by the associated mask Console show mac access group Interface ethernet 1 5 MAC access list M5 out Console Table 4 36 ACL Information Commands Command Function Mode Page show access list Show all ACLs and associate...

Page 538: ...ermit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any IP ingress mask ACL mask protocol any any control flag 2 Console Console show access group...

Page 539: ...specific authentication and privacy passwords Table 4 37 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 4 140 show snmp Displays the status of SNMP communications NE PE 4 140 snmp server community Sets up the community access string to permit access to SNMP commands GC 4 141 snmp server contact Sets the system contact string GC 4 142 snmp server location Sets the sy...

Page 540: ...fault Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command show snmp group Shows the SNMP groups PE 4 153 snmp server user Adds a user to an SNMP group GC 4 154 s...

Page 541: ...rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for comm...

Page 542: ...nmp server contact This command sets the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 143 Console config snmp server...

Page 543: ...ommands snmp server contact 4 142 snmp server host This command specifies the recipient of a Simple Network Management Protocol notification operation Use the no form to remove the specified host Syntax snmp server host host addr inform retry retries timeout seconds community string version 1 2c 3 auth noauth priv udp port port no snmp server host host addr host addr Internet address of the host t...

Page 544: ...define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP Version 1 2c or 3 traps Range 1 2c 3 Default 1 auth noauth priv This group uses SNMPv3 with authentication no authentication or with authentication and privacy See Simple Network Management Protocol on page 3 50 ...

Page 545: ... However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to issue notifications as traps or informs To send an inform to a SNMPv2c host complete these steps 1 Enable the SNMP agent page 4 140 2 Allow the switch to send SNMP traps i e notificat...

Page 546: ... exist and the switch will not authorize SNMP access for the host However if you specify a V3 host with the noauth option an SNMP user account will be generated and the switch will authorize SNMP access for the host Example Related Commands snmp server enable traps 4 146 snmp server enable traps This command enables this device to send Simple Network Management Protocol traps or informs i e SNMP n...

Page 547: ...figure at least one snmp server host command The authentication link up and link down traps are legacy notifications and therefore when used for SNMP Version 3 hosts they must be enabled in conjunction with the corresponding entries in the Notify View assigned by the snmp server group command page 4 152 Example Related Commands snmp server host 4 143 snmp server engine id This command configures a...

Page 548: ...ing packets sent to a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 1234 i...

Page 549: ... engineID IP address 80000000030004e2b316c54321 192 168 1 19 Console Table 4 38 show snmp engine id display description Field Description Local SNMP engineID String identifying the engine ID Local SNMP engineBoots The number of times that the engine has re initialized since the snmp EngineID was last configured Remote SNMP engineID String identifying an engine ID on a remote device IP address IP a...

Page 550: ...s an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view include...

Page 551: ...sole show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type volatile Row Status active Console Table 4 39 show snmp view display description Field Description View Name Name of an SNMP view Subtree OID A branch in the MIB tree View Type Indicates if the view is included...

Page 552: ...ines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters notifyview Defines the view for notifications 1 64 characters Default Setting Default groups public28 read only private29 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is defined notifyview Nothing is defined Command Mode Global Configuration Co...

Page 553: ...write access Command Mode Privileged Exec Example Console config snmp server group r d v3 auth write daily Console config Console show snmp group Group Name r d Security Model v3 Read View defaultview Write View daily Notify View none Storage Type permanent Row Status active Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status ...

Page 554: ...t Range 1 32 characters Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 4 40 show snmp group display description Field Description groupname Name of an SNM...

Page 555: ...n Command Usage The SNMP engine ID is used to compute the authentication privacy digests from the password You should therefore configure the engine ID with the snmp server engine id command before using this configuration command Before you configure a remote user use the snmp server engine id command page 4 147 to specify the engine ID for the remote device where the user resides Then use the sn...

Page 556: ...tocol des56 Storage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description Field Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Pr...

Page 557: ...e current interface Use the no form to remove this identifier Syntax ip dhcp client identifier text text hex hex no ip dhcp client identifier text A text string Range 1 15 characters hex The hexadecimal value Table 4 42 DHCP Commands Command Group Function Page DHCP Client Allows interfaces to dynamically acquire IP address information 4 157 DHCP Relay Relays DHCP requests from local hosts to a re...

Page 558: ...P or DHCP client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the addr...

Page 559: ...nfiguration VLAN Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip interface Vlan 1 is up addressing mode is DHCP Interface address is 192 168 1 54 mask is 255 255 255 0 Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console Table 4 44 DHCP Relay Commands Command Function Mode Page ip dh...

Page 560: ... this switch This switch then broadcasts the DHCP response received from the server to the client Example In the following example the device is reassigned the same address Related Commands ip dhcp relay server 4 160 ip dhcp relay server This command specifies the addresses of DHCP servers to be used by the switch s DHCP relay agent Use the no form to clear all addresses Syntax ip dhcp relay serve...

Page 561: ...Page service dhcp Enables the DHCP server feature on this switch GC 4 162 ip dhcp excluded address Specifies IP addresses that a DHCP server should not assign to DHCP clients GC 4 163 ip dhcp pool Configures a DHCP address pool on a DHCP Server GC 4 163 network Configures the subnet number and mask for a DHCP address pool DC 4 164 default router Specifies the default router list for a DHCP client ...

Page 562: ... 170 lease Sets the duration an IP address is assigned to a DHCP client DC 4 171 host Specifies the IP address and network mask to manually bind to a DHCP client DC 4 172 client identifier Specifies a client identifier for a DHCP client DC 4 173 hardware address Specifies the hardware address of a DHCP client DC 4 174 clear ip dhcp binding Deletes an automatic address binding from the DHCP server ...

Page 563: ... address An excluded IP address or the first IP address in an excluded address range high address The last IP address in an excluded address range Default Setting All IP pool addresses may be assigned Command Mode Global Configuration Example ip dhcp pool This command configures a DHCP address pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool Syntax no ip dhcp ...

Page 564: ...work address pools and up to 32 manually bound host address pools i e listing one host address per pool However note that any address specified in a host command must fall within the range of a configured network address pool Example Related Commands network 4 164 host 4 172 network This command configures the subnet number and mask for a DHCP address pool Use the no form to remove the subnet numb...

Page 565: ...d it assigns an address from the matching network address pool However if no matching address pool is found the request is ignored This command is valid for DHCP network address pools only If the mask is not specified the class A B or C natural mask is used see page 3 295 The DHCP server assumes that all host addresses are available You can exclude subsets of the address space by using the ip dhcp...

Page 566: ...the most preferred router Example domain name This command specifies the domain name for a DHCP client Use the no form to remove the domain name Syntax domain name domain no domain name domain Specifies the domain name of the client Range 1 32 characters Default Setting None Command Mode DHCP Pool Configuration Example Console config dhcp default router 10 1 0 54 10 1 0 64 Console config dhcp Cons...

Page 567: ...e Guidelines If DNS IP servers are not configured for a DHCP client the client cannot correlate host names to IP addresses Servers are listed in order of preference starting with address1 as the most preferred server Example next server This command configures the next server in the boot process of a DHCP client Use the no form to remove the boot server list Syntax no next server address address S...

Page 568: ...rivial File Transfer Protocol TFTP server specified with the next server command Use the no form to delete the boot image name Syntax bootfile filename no bootfile filename Name of the file that is used as a default boot image Default Setting None Command Mode DHCP Pool Configuration Example Related Commands next server 4 167 Console config dhcp next server 10 1 0 21 Console config dhcp Console co...

Page 569: ...dress2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP address of alternate NetBIOS WINS name server Default Setting None Command Mode DHCP Pool Configuration Usage Guidelines Servers are listed in order of preference starting with address1 as the most preferred server Example Related Commands netbios node type 4 170 Console config dhc...

Page 570: ... remove the NetBIOS node type Syntax netbios node type type no netbios node type type Specifies the NetBIOS node type broadcast hybrid recommended mixed peer to peer Default Setting None Command Mode DHCP Pool Configuration Example Related Commands netbios name server 4 169 Console config dhcp netbios node type hybrid Console config dhcp ...

Page 571: ... must be supplied before you can configure hours Range 0 23 minutes Specifies the number of minutes in the lease A days and hours value must be supplied before you can configure minutes Range 0 59 infinite Specifies that the lease time is unlimited This option is normally used for addresses manually bound to a BOOTP client via the host command Default Setting One day Command Modes DHCP Pool Config...

Page 572: ... If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool When searching for a manual binding the switch compares the client identifier for DHCP clients...

Page 573: ...ier text A text string Range 1 15 characters hex The hexadecimal value Default Setting None Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier and hardware address are configured for a host address the client identifier takes precedence over the hardware address in the search proce...

Page 574: ...owing protocol used on the client device ethernet ieee802 fddi Default Setting If no type is specified the default protocol is Ethernet Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifier To bind an address to a BOOTP client you must associate a hardwa...

Page 575: ...gs Default Setting None Command Mode Privileged Exec Usage Guidelines An address specifies the client s IP address If an asterisk is used as the address parameter the DHCP server clears all automatic bindings Use the no host command to delete a manual binding This command is normally used after modifying the address pool or after moving DHCP service to another device Example Related Commands show ...

Page 576: ...show ip dhcp binding address address Specifies the IP address of the DHCP client for which bindings will be displayed Default Setting None Command Mode Normal Exec Privileged Exec Example Console show ip dhcp binding IP MAC Lease Time Start dd hh mm ss 192 1 3 21 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console ...

Page 577: ...t Creates a static host name to address mapping GC 4 178 clear host Deletes entries from the host name to address table PE 4 179 ip domain name Defines a default domain name for incomplete host names GC 4 179 ip domain list Defines a list of default domain names for incomplete host names GC 4 180 ip name server Specifies the address of one or more name servers to use for host name to address trans...

Page 578: ... Setting No static entries Command Mode Global Configuration Command Usage Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device Example This example maps two address to a host...

Page 579: ...domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove the current domain name Syntax ip domain name name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default S...

Page 580: ...e initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is received by the DNS server on this switch it will work through the domain list appending each domain name in the list to the host name and checking with ...

Page 581: ...or name to address resolution Use the no form to remove a name server from this list Syntax no ip name server server address1 server address2 server address6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Console config ip domain list sample com jp Console config ip...

Page 582: ...nds ip domain name 4 179 ip domain lookup 4 182 ip domain lookup This command enables DNS host name to address translation Use the no form to disable DNS Syntax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Console config ip domain server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Doma...

Page 583: ... displays the static host name to address mapping table Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name S...

Page 584: ...om jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 10 2 44 96 893 pttch_pc smc com tw 1 4 CNAME 10 2 44 3 898 ahten smc com tw 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 ...

Page 585: ... a cache entry and therefore unreliable TYPE This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console clear ...

Page 586: ...iation of a given interface IC 4 189 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 190 flowcontrol Enables flow control on a given interface IC 4 191 media type Force port type selected for combination ports IC 4 192 shutdown Disables an interface IC 4 193 switchport broadcast packet rate Configures the broadcast storm control threshold IC 4 194 clea...

Page 587: ...nge 1 25 49 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 4 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to th...

Page 588: ...s full duplex operation 1000full Forces 1 Gbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is Gigabit Ethernet ports 100...

Page 589: ... list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 4 189 capabilities 4 190 negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When aut...

Page 590: ...emove an advertised capability or the no form without parameters to restore the default values Syntax no capabilities 10000full 1000full 100full 100half 10full 10half flowcontrol symmetric 10000full Supports 10 Gbps full duplex operation 1000full Supports 1 Gbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 ...

Page 591: ...flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3x for ful...

Page 592: ...ming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands negotiation 4 189 capabilities flowcontrol symmetric 4 190 media type This command forces the port type selected for combination ports 21 24 45 48 Use the no form to restore the default mode Syntax media type mode no media type mode copper f...

Page 593: ...bled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 24 Console config if media type co...

Page 594: ...ASE 1041 pps Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped Broadcast control does not effect IP multicast traffic The resolution for Gigabit ports is 1 packet per second pps i e any setting between 500 262143 is acceptable However the resolution for the 10 Gigabit port is in steps of 1041 ...

Page 595: ... None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statisti...

Page 596: ...t Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 3 119 ...

Page 597: ...ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled LACP Disabled Port security Disabled Max MAC count 0 Port security action None Media type None Current status ...

Page 598: ... 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 227208 Packets 333...

Page 599: ...c Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 4 Console show interfaces switchport ethernet 1 4 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership mod...

Page 600: ... 4 250 Ingress rule Shows if ingress filtering is enabled or disabled page 4 252 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 251 Native VLAN Indicates the default Port VLAN ID page 4 253 Priority for untagged traffic Indicates the default priority for untagged frames page 4 269 GVRP status Shows if GARP VLAN Registration Protocol is enabled ...

Page 601: ...smitted packets Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner The destination port is set by specifying an Ethernet interfa...

Page 602: ... Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 both Console config if Console config interface ethernet 1 11 Console config if port monitor ethernet...

Page 603: ...itored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input ...

Page 604: ... bandwidth of 4 Gbps when operating at full duplex Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if Table 4 52 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 4 187 channel group Adds a port to a trunk IC Ethernet 4 206 ...

Page 605: ... settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it ...

Page 606: ...mmand Usage When configuring static trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Example The following example creates trunk 1 and then adds port 11 lacp This command enables 802 3ad Link Aggregation Control Protocol LACP for the current interface Use th...

Page 607: ...d if one of the active links fails Example The following shows LACP enabled on ports 10 12 Because LACP has also been enabled on the ports at the other end of the links the show interfaces status port channel 1 command shows that Trunk1 has been established Console config interface ethernet 1 10 Console config if lacp Console config if exit Console config interface ethernet 1 11 Console config if ...

Page 608: ...guration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in use on that side Con...

Page 609: ...LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote s...

Page 610: ...he same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the gr...

Page 611: ...cates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that sid...

Page 612: ...ngs and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Port channel 1 Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 4 53 show lacp counters display description Fi...

Page 613: ...ubtype Console show lacp 1 internal Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long timeout LACP activity Table 4 54 show lacp internal display description Field Description ...

Page 614: ...ollection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the...

Page 615: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol part...

Page 616: ...0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 56 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system I...

Page 617: ...k unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration mac address table aging time Sets the aging time of the address table GC 4 2...

Page 618: ...ddress is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system ...

Page 619: ...e Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask in the form xx xx xx xx ...

Page 620: ...to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Console show mac address table Interface MAC Address VLAN Type Eth 1 1 ...

Page 621: ...ng tree hello time Configures the spanning tree bridge hello time GC 4 226 spanning tree max age Configures the spanning tree bridge maximum age GC 4 226 spanning tree priority Configures the spanning tree bridge priority GC 4 227 spanning tree path cost method Configures the path cost method for RSTP MSTP GC 4 228 spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC...

Page 622: ... port Enables fast forwarding for edge ports IC 4 237 spanning tree portfast Sets an interface to fast forwarding IC 4 238 spanning tree link type Configures the link type for RSTP MSTP IC 4 239 spanning tree mst cost Configures the path cost of an instance in the MST IC 4 240 spanning tree mst port priority Configures the priority of an instance in the MST IC 4 241 spanning tree protocol migratio...

Page 623: ...two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command selects the spanning tree mode for this switch Use the no form to restore the default Syntax spanning tree mode stp rstp mstp no spanning tree mode stp Spanning Tree Proto...

Page 624: ... the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a rela...

Page 625: ...tting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information t...

Page 626: ...guration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree bridge maximum age globally for this switch Use the no form to restore the default Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 seconds The minimum...

Page 627: ...d port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 65535 Range 0 61440 ...

Page 628: ...e default Syntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 short Specifies 16 bit based values that range from 1 65535 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be ass...

Page 629: ... Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mode Default Setting No VLANs are mapped to any MST instance The region name is set the switch s MAC address Command Mode Global Configuration Example Consol...

Page 630: ...s MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges an...

Page 631: ...6 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the device w...

Page 632: ...Command Mode MST Configuration Command Usage The MST region name and revision number page 4 233 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands revision 4 233 Console config mstp mst 1 priority 4096 Co...

Page 633: ...d revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands name 4 232 max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to rest...

Page 634: ...ents the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Default Setting Enabled Command Mode Interface C...

Page 635: ...ost according to the values shown below Path cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 10 Gigabit Ethernet full duplex 1000 trunk 500 Command Mode Interface Configuration Ethernet Port Channel Command Usage Th...

Page 636: ...is command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands spanni...

Page 637: ...state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However...

Page 638: ...hrough the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is...

Page 639: ...e Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on poin...

Page 640: ...cally detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 10 Gigabit Ethernet full duplex 1000 tr...

Page 641: ...0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more tha...

Page 642: ...5 49 port channel channel id Range 1 32 Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format t...

Page 643: ...ge Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning ...

Page 644: ...port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enable Role root State forwarding External admin path cost 10000 Internal admin cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 3276...

Page 645: ...ow VLAN tagging is used and enable automatic VLAN registration for the selected interface Console show spanning tree mst configuration Mstp Configuration Information Configuration name R D Revision level 0 Instance Vlans 1 2 Console Table 4 59 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 246 Configuring VLAN Interfaces Configures...

Page 646: ...membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Configuring Private VLANs Configures private VLANs including uplink and downlink ports 4 257 Configuring Protocol VLANs Configures protocol based VLANs based on frame type and protocol 4 259 Table 4...

Page 647: ... name ASCII string from 1 to 32 characters media ethernet Ethernet media type state Keyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN ...

Page 648: ... 4 249 switchport mode Configures VLAN membership mode for an interface IC 4 250 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 251 switchport ingress filtering Enables ingress filtering on an interface IC 4 252 switchport native vlan Configures the PVID native VLAN of an interface IC 4 253 switchportallowedvlan Configures the VLANs associated with an ...

Page 649: ...d vlan id ID of the configured VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Related Commands shutdown 4 193 Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if ...

Page 650: ...nging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example The following shows how to set the configuration mode to port 1 and the...

Page 651: ... The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 250 Console con...

Page 652: ...hich it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames su...

Page 653: ...is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering th...

Page 654: ...ntagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when addi...

Page 655: ...f VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN f...

Page 656: ...followed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 4 62 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 256 show interfaces status vlan Displays ...

Page 657: ...t no pvlan up link Specifies an uplink interface down link Specifies a downlink interface Default Setting No private VLANs are defined Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 ...

Page 658: ... without any parameters enables the private VLAN Entering no pvlan disables the private VLAN Example This example enables the private VLAN and then sets port 12 as the uplink and ports 5 8 as the downlinks show pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 12 down link ethernet 1 5 8 Console...

Page 659: ... by the inbound packets To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 247 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the protocol v...

Page 660: ... protocol group Range 1 2147483647 frame31 Frame type used by this protocol Options ethernet rfc_1042 llc_other protocol Protocol type The only option for the llc_other frame type is ipx_raw The options for all other frames types include ip arp rarp Default Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 and specifies Ether...

Page 661: ...rface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as vlan on page 4 247 these interfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the follo...

Page 662: ...ntax show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 Default Setting All protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 2 Console config if Console show protocol vlan ...

Page 663: ...hernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolGroup ID V...

Page 664: ... the no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Command Mode Global Configuration Table 4 65 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 264 show bridge ext Shows the global bridge extension configuration PE 4 265 switchport gvrp Enables GVRP for an interface IC 4 266 switchport forbidden vlan...

Page 665: ...tension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 3 186 and Displaying Bridge Extension Capabilities on page 3 19 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering service...

Page 666: ... GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Console sho...

Page 667: ... Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP...

Page 668: ...8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 4 267 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds...

Page 669: ...oups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 269 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4 276 Table 4 67 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Rob...

Page 670: ... 8 10 12 14 for queues 0 7 respectively Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses ...

Page 671: ...ed ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority is not set and the default value for untagged frames received on the interface is zero Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority The default priority ...

Page 672: ... frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 queue bandwidth This command assigns weighted round robin WRR weights to the eight class of service CoS priority queues Use the no form to restore the default weights Syntax queue bandwidth weight1 weight4 no queue bandwidth weight1 weight4 The ratio of weigh...

Page 673: ...e cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned...

Page 674: ... mapping Related Commands show queue cos map 4 275 show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if queue cos map 0 0 Console config if queue cos map 1 1 Console config if queue cos map 2 2 Console config if exit Console show queue cos map ethernet 1 1 Information of Eth 1 1 T...

Page 675: ...de Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting None Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 ...

Page 676: ...2 0 1 3 4 5 6 7 Console Table 4 69 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of service mapping GC 4 276 map ip port Maps TCP UDP socket to a class of service IC 4 277 map ip precedence Enables IP precedence class of service mapping GC 4 278 map ip precedence Maps IP precedence value to a class of service IC 4 278 map ip dscp Enables IP DSCP class...

Page 677: ...cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority This command sets the IP port priority for all interfaces Example The...

Page 678: ...IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP precedence mapping globally map ip precedence Interface Configuration This command sets IP precedence priority i e IP Type of Service priority Use the no form to restore the default table Syntax map ip precedence ip pre...

Page 679: ...y mapped to the eight hardware priority queues This command sets the IP Precedence for all interfaces Example The following example shows how to map IP precedence value 1 to CoS value 0 map ip dscp Global Configuration This command enables IP DSCP mapping i e Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Syntax no map ip dscp Default Setting Disabled Command...

Page 680: ...d sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to ...

Page 681: ...tly mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip port This command shows the IP port priority map Syntax show map ip port interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32...

Page 682: ...ration 4 277 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 0 Console ...

Page 683: ...yntax show map ip dscp interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7 7 C...

Page 684: ...contained in each packet Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console Table 4 72 Quality of Service Commands Command Function Mode Page class map Creates a class map for a type of traffic GC 4 286 match Defines the criteria used to classify traffic CM 4 287 policy map ...

Page 685: ...ments 6 Use the set command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP service level for traffic exceeding the specified rate 7 Use the service policy command to assign a policy map to a specific interface service policy Applies a policy map de...

Page 686: ... First enter this command to designate a class map and enter the Class Map configuration mode Then use the match command page 4 287 to specify the criteria for ingress traffic that will be classified under this class map Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone match command for a class map The class map uses the Access C...

Page 687: ...dard or extended IP ACLs and MAC ACLs Range 1 16 characters dscp A DSCP value Range 0 63 ip precedence An IP Precedence value Range 0 7 vlan A VLAN Range 1 4094 Default Setting None Command Mode Class Map Configuration Command Usage First enter the class map command to designate a class map and enter the Class Map configuration mode Then use the match command to specify the fields within ingress p...

Page 688: ...e 5 This example creates a class map call rd_class 3 and sets it to match packets marked for VLAN 1 Console config class map rd_class 1_ match any Console config cmap match ip dscp 3 Console config cmap exit Console config access list ip mask precedence in Console config ip mask acl mask any any dscp Console config ip mask acl Console config class map rd_class 2 match any Console config cmap match...

Page 689: ...class map A policy map can contain multiple class statements that can be applied to the same interface with the service policy command page 4 293 You must create a Class Map page 4 289 before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming...

Page 690: ...the set command classifies the service that an IP packet will receive police command defines the maximum throughput burst rate and the action that results from a policy violation Currently you may only configure one rule per Class Map but you can assign one or more classes to a policy map Example This example creates a policy called rd_policy uses the class command to specify the previously define...

Page 691: ...P Precedence value Range 0 7 Default Setting None Command Mode Policy Map Class Configuration Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 by...

Page 692: ...rts and up to 225 policers for 10G Ethernet ingress ports Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is by specified the burst byte field and the average rate tokens are removed from the bucket is by specified by the rate bps option Example This example creates a policy called rd_policy uses the class command to specify the previously d...

Page 693: ...racters Default Setting No policy map is attached to an interface Command Mode Interface Configuration Ethernet Port Channel Command Usage You can only assign one policy map to an interface You must first define a class map set an ACL mask to match the criteria defined in the class map then define a policy map and finally use the service policy command to bind the policy map to the required interf...

Page 694: ...displays the QoS policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name of the policy map Range 1 32 characters class map name Name of the class map Range 1 32 characters Default Setting Displays all policy maps and all classes Console show class map Cl...

Page 695: ...interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_class set ip dscp 3 Console show policy map rd_policy class rd_class Policy Map rd_policy class rd_class set ip dscp 3 Console Console show policy map interface ethernet 1 5 Service policy...

Page 696: ...t groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 296 IGMP Query Layer 2 Configures IGMP query parameters for multicast filtering at Layer 2 4 300 Static Multicast Routing Configures static multicast router ports 4 305 Table 4 74 IGMP Snooping Commands Command Function Mode Page ...

Page 697: ...ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting None Command M...

Page 698: ...2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use ...

Page 699: ...ration show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Console show ip igmp snooping Service status Enabled Querier status Disable...

Page 700: ...ng VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 75 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 4 301 ip igmp snooping query count Configures the query count GC 4 301 ip igmp snooping query interval Configures the query interval GC 4 302 ip igmp snooping query max resp...

Page 701: ...le for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast g...

Page 702: ...ample The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 303 ip igmp snooping query interval This command configures the query interval Use the no form to restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Ra...

Page 703: ...command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the...

Page 704: ...er the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snoopin...

Page 705: ... No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the curren...

Page 706: ...ping mrouter vlan vlan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show ip...

Page 707: ...orks to the enterprise network Basic IP Configuration Table 4 77 IP Interface Commands Command Group Function Page Basic IP Configuration Configures the IP address for interfaces and the gateway router 4 307 Address Resolution Protocol ARP Configures static dynamic and proxy ARP service 4 313 Table 4 78 Basic IP Configuration Commands Command Function Mode Page ip address Sets the IP address for t...

Page 708: ...then you must create a router interface for each VLAN that will support routing The router interface consists of an IP address and subnet mask This interface address defines both the network number to which the router interface is attached and the router s host number on that network In other words a router interface address defines the network and subnetwork numbers of the segment that is connect...

Page 709: ...odically by this device in an effort to learn its IP address BOOTP and DHCP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart client command or by rebooting the router Notes 1 Each VLAN group can be assigned its own IP interface address Therefore if routing is enabled you can manage the router via any ...

Page 710: ...mmand Mode Global Configuration Command Usage The gateway specified in this command is only valid if routing is disabled with the no ip routing command If IP routing is disabled you must define a gateway if the target device is located in a different subnet If routing is enabled you must define the gateway with the ip route command Example The following example defines a default gateway for this d...

Page 711: ...ows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 4 310 Console show ip interface Vlan 1 is up addressing mode is User Interface address is 10 1 0 254 mask is 255 255 255 0 Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console Console show ip redirects ip default gateway 10 1 0...

Page 712: ...tting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ...

Page 713: ... for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console Table 4 79 Address Resolution Protocol Commands Command Function Mode Page arp Adds a static entry in the ARP cache GC 4 314 arp timeout Sets the time a dynamic entry remains in the ARP cache GC 4 315 clear arp cache Deletes all dynamic entries fr...

Page 714: ...nfiguration Command Usage The ARP cache is used to map 32 bit IP addresses into 48 bit hardware i e Media Access Control addresses This cache includes entries for hosts and other routers on local network interfaces defined on this router The maximum number of static entries allowed in the ARP cache is 128 You may need to enter a static entry in the cache if there is no response to an ARP broadcast...

Page 715: ...lobal Configuration Command Usage Use the show arp command to display the current cache timeout value Example This example sets the ARP cache timeout for 15 minutes i e 900 seconds clear arp cache This command deletes all dynamic entries from the Address Resolution Protocol ARP cache Command Mode Privileged Exec Example This example clears all dynamic entries in the ARP cache Console config arp ti...

Page 716: ...rface Note that entry type other indicates local addresses for this router Example This example displays all entries in the ARP cache ip proxy arp This command enables proxy Address Resolution Protocol ARP Use the no form to disable proxy ARP Syntax no ip proxy arp Default Setting Disabled Console show arp Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff...

Page 717: ...exchanges information with other routers on the network to automatically determine the best path to any subnetwork This section includes commands for both static and dynamic routing These commands are used to connect between different local subnetworks or to connect the router to the enterprise network Console config interface vlan 3 Console config if ip proxy arp Console config if Table 4 80 IP R...

Page 718: ...ched based on MAC addresses If IP routing is disabled all packets are switched with filtering and forwarding decisions based strictly on MAC addresses Example Table 4 81 Global Routing Configuration Commands Command Function Mode Page ip routing Enables static and dynamic IP routing GC 4 318 ip route Configures static routes GC 4 319 clear ip route Deletes specified entries from the routing table ...

Page 719: ... the default route gateway IP address of the gateway used for this route metric Selected RIP cost for this interface Range 1 5 default 1 Removes all static routing table entries Default Setting No static routes are configured Command Mode Global Configuration Command Usage You can configure up to 2000 static routes Static routes take precedence over dynamically learned routes Static routes are inc...

Page 720: ... clears dynamically learned routes Use the no ip address command to remove a local interface Use the no ip route command to remove a static route Example show ip route This command displays information in the IP routing table Syntax show ip route config address netmask config Displays all static routing entries address IP address of the destination network subnetwork or host for which routing info...

Page 721: ...P 1 2 10 3 9 1 255 255 255 0 10 2 9 254 OSPF intra 2 3 Total entry 4 Console Table 4 82 show ip route display description Field Description Ip Address IP address of the destination network subnetwork or host Note that the address 0 0 0 0 indicates the default gateway for this router Netmask Network mask for the associated IP subnet Next Hop IP address of the next hop or gateway used for this route...

Page 722: ...250 00 00 30 01 01 01 3 1 1 10 2 48 2 00 00 30 01 01 02 1 1 1 10 2 5 6 00 00 30 01 01 03 1 1 2 10 3 9 1 00 00 30 01 01 04 2 1 3 Console Table 4 83 show ip host route display description Field Description Ip address IP address of the destination network subnetwork or host Mac address The physical layer address associated with the IP address VLAN The VLAN that connects to this IP address Port The po...

Page 723: ...t a gateway Frags 0 reassembled 0 timeouts 0 fragmented 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP stat...

Page 724: ... if not already specified with a receive version or send version command RC 4 328 ip rip receive version Sets the RIP receive version to use on a network interface IC 4 330 ip rip send version Sets the RIP send version to use on a network interface IC 4 331 ip split horizon Enables split horizon or poison reverse loop prevention IC 4 332 ip rip authentication key Enables authentication for RIP2 pa...

Page 725: ...is also used to enter router configuration mode Example Related Commands network 4 327 timers basic This command configures the RIP update timer timeout timer and garbage collection timer Use the no form to restore the defaults Syntax timers basic update seconds no timers basic update seconds Sets the update timer to the specified value sets the timeout time value to 6 times the update time and se...

Page 726: ...packets are still forwarded on this route After the timeout interval expires the router waits for an interval specified by the garbage collection timer before removing this entry from the routing table This timer allows neighbors to become aware of an invalid route prior to purging it Setting the update timer to a short interval can cause the router to spend an excessive amount of time processing ...

Page 727: ...command Subnet addresses are interpreted as class A B or C based on the first field in the specified address In other words if a subnet address nnn xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address are used 192 223 is class C and the first three ...

Page 728: ...etting No neighbors are defined Command Usage This command can be used to configure a static neighbor with which this router will exchange information rather than relying on broadcast messages generated by the RIP protocol Example version This command specifies a RIP version used globally by the router Use the no form to restore the default value Syntax version 1 2 no version 1 RIP Version 1 2 RIP...

Page 729: ...Pv1 or RIPv2 protocol messages RIP Version 2 configures the unset interfaces to use RIPv2 for both sending and receiving protocol messages When the no form of this command is used to restore the default value any VLAN interface not previously set by the ip rip receive version or ip rip send version command will be set to the default send or receive version Example This example sets the global vers...

Page 730: ...s on the setting specified with the version command Global RIPv1 RIPv1 or RIPv2 packets Global RIPv2 RIPv2 packets Command Usage Use this command to override the global setting specified by the RIP version command You can specify the receive version based on these options Use none if you do not want to add any dynamic entries to the routing table for an interface For example you may only want to a...

Page 731: ...mit RIP updates 1 Sends only RIPv1 packets 2 Sends only RIPv2 packets v2 broadcast Route information is broadcast to other routers with RIPv2 Command Mode Interface Configuration VLAN Default Setting The default depends on the setting specified with the version command Global RIPv1 Route information is broadcast to other routers with RIPv2 Global RIPv2 RIPv2 packets Command Usage Use this command ...

Page 732: ...ocol messages but still allows RIPv2 routers to receive the additional information provided by RIPv2 including subnet mask next hop and authentication information Example This example sets the interface version for VLAN 1 to send RIPv1 packets Related Commands version 4 328 ip split horizon This command enables split horizon or poison reverse a variation on an interface Use the no form to disable ...

Page 733: ... key that must be used on an interface Use the no form to prevent authentication Syntax ip rip authentication key key string no ip rip authentication key string A password used for authentication Range 1 16 characters case sensitive Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage This command can be used to restrict the interfaces that can exchange RIPv2 r...

Page 734: ...ip rip authentication mode text Indicates that a simple password will be used Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentication key command page 4 333 This command requires the interface to exchange routing information with other routers based on an authorized password Note ...

Page 735: ...mode text Console config if Console show rip globals RIP Process Enabled Update Time in Seconds 30 Number of Route Change 0 Number of Queries 1 Console Table 4 85 show rip globals display description Field Description RIP Process Indicates if RIP has been enabled or disabled Update Time in Seconds The interval at which RIP advertises known route information Default 30 seconds Number of Route Chang...

Page 736: ...ved the RIP version used by the neighbor and the status of routing messages received from this neighbor Command Mode Privileged Exec Example Console show ip rip configuration Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console show ip rip status Interface Rcv...

Page 737: ...ention method is in use Authentication Shows if authentication is set to simple password or none show ip rip status Interface IP address of the interface RcvBadPackets Number of bad RIP packets received RcvBadRoutes Number of bad routes received SendUpdates Number of route changes show ip rip peer Peer IP address of a neighboring RIP router UpdateTime Last time a route update was received from thi...

Page 738: ...cost for a default summary route sent into a stub or NSSA RC 4 345 summary address Summarizes routes advertised by an ASBR RC 4 346 redistribute Redistribute routes from one routing domain to another RC 4 347 Area Configuration network area Assigns specified interface to an area RC 4 348 area stub Defines a stubby area that cannot send or receive LSAs RC 4 350 area nssa Defines a not so stubby tha...

Page 739: ...e update packet over an interface IC 4 363 Display Information show ip ospf Displays general information about the routing processes PE 4 364 show ip ospf border routers Displays routing table entries for Area Border Routers ABR and Autonomous System Boundary Routers ASBR PE 4 365 show ip ospf database Shows information about different LSAs in the database PE 4 366 show ip ospf interface Displays ...

Page 740: ...change routing table information This command is also used to enter router configuration mode Example Related Commands network area 4 348 router id This command assigns a unique router ID for this device within the autonomous system Use the no form to use the default router identification method i e the lowest interface address Syntax router id ip address no router id ip address Router ID formatte...

Page 741: ...e no router ospf followed by the router ospf command If the priority values of the routers bidding to be the designated router or backup designated router for an area are equal the router with the highest ID is elected Example Related Commands router ospf 4 340 compatible rfc1583 This command calculates summary route costs using RFC 1583 OSPFv1 Use the no form to calculate costs using RFC 2328 OSP...

Page 742: ...Options Type 1 Type 2 Default Type 2 Command Mode Router Configuration Default Setting Disabled Command Usage The metric for the default external route is used to calculate the path cost for traffic passed from other routers within the AS out through the ASBR When you use this command to redistribute routes into a routing domain i e an Autonomous System this router automatically becomes an Autonom...

Page 743: ... have the same cost Example This example assigns a metric of 20 to the default external route advertised into an autonomous system sending it as a Type 2 external metric Related Commands ip route 4 319 redistribute 4 347 timers spf This command configures the hold time between making two consecutive shortest path first SPF calculations Use the no form to restore the default value Syntax timers spf...

Page 744: ...outes are summarized The area ID must be in the form of an IP address ip address Base address for the routes to summarize netmask Network mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the routes remain hidden from the rest of the network Command Mode Router Configuration Default Setting Disabled Command Usage This command can ...

Page 745: ...a id Identifier for a stub or NSSA in the form of an IP address cost Cost for the default summary route sent to a stub or NSSA Range 0 65535 Command Mode Router Configuration Default Setting 1 Command Usage If you enter this command for a normal area it will changed to a stub If the default cost is set to 0 the router will not advertise a default route into the attached stub or NSSA Example Relate...

Page 746: ... route Command Mode Router Configuration Default Setting Disabled Command Usage An Autonomous System Boundary Router ASBR can redistribute routes learned from other protocols by advertising an aggregate route into all attached autonomous systems This router supports up 16 Type 5 summary routes Example This example creates a summary address for all routes contained in 192 168 x x Related Commands a...

Page 747: ...ype value 1 Type 1 external route 2 Type 2 external route default Routers do not add internal route metric to external route metric Command Mode Router Configuration Default Setting redistribution none protocol RIP and static metric value 0 type metric 2 Command Usage This router supports redistribution for both RIP and static routes When you redistribute external routes into an OSPF autonomous sy...

Page 748: ...l routes Related Commands default information originate 4 342 network area This command defines an OSPF area and the interfaces that operate within this area Use the no form to disable OSPF for a specified interface Syntax no network ip address netmask area area id ip address Address of the interfaces to add to the area netmask Network mask of the address range to add to the area area id Area to w...

Page 749: ...lapped in subsequent network area commands the router will implement the address range for the area specified in first command and ignore the overlapping ranges in subsequent commands However note that if a more specific address range is removed from an area the interface belonging to that range may still remain active if a less specific address range covering that area has been specified This rou...

Page 750: ... with the same area ID Routing table space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that advertise the default route for destinations external to the local area or the autonomous system Use the area default cost command to specify the cost of a default summary rou...

Page 751: ...eas and not into the NSSA In other words this keyword prevents the NSSA ABR from advertising external routing information learned via routers in other areas into the NSSA default information originate When the router is an NSSA Area Border Router ABR or an NSSA Autonomous System Boundary Router ASBR this parameter causes it to generate Type 7 default LSA into the NSSA This default provides a route...

Page 752: ...OSPF NSSA external LSAs Type 7 are converted by any ABR adjacent to the NSSA into external LSAs Type 5 and propagated into other areas within the AS Also note that unlike stub areas all Type 3 summary LSAs are always imported into NSSAs to ensure that internal routes are always chosen over Type 7 NSSA external routes This router supports up to 16 total areas either normal transit areas stubs or NS...

Page 753: ...follow this keyword then plain text authentication is used along with the password specified by the authentication key If message digest authentication is specified then the message digest key and md5 parameters must also be specified If the null option is specified then no authentication is performed on any OSPF routing protocol messages message digest Specifies message digest MD5 authentication ...

Page 754: ...that is used by neighboring routers on a virtual link to generate or verify the authentication field in protocol message headers A separate password can be assigned to each network interface However this key must be the same for all neighboring routers on the same network i e autonomous system This key is only used when authentication is enabled for the backbone message digest key key id md5 key S...

Page 755: ...include the transit area ID and the router ID for a virtual link neighbor that is adjacent to the backbone This router supports up 64 virtual links Example This example creates a virtual link using the defaults for all optional parameters This example creates a virtual link using MD5 authentication Related Commands show ip ospf virtual links 4 378 Console config router network 10 4 0 0 0 255 255 0...

Page 756: ...ault Setting No authentication Command Usage Before specifying plain text password authentication for an interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the message digest key id and key with the ip ospf message digest key command The plain text authentication key or the MD5 key id and key must be used consi...

Page 757: ...on for an interface configure a password with the ip ospf authentication key command Before specifying MD5 authentication for an interface configure the message digest key id and key with the ip ospf message digest key command A different password can be assigned to each network interface basis but the password must be used consistently on all neighboring routers throughout a network i e autonomou...

Page 758: ...ion information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and another with the new key Once all the neighboring routers start sending protocol messages back to this router with the new key the router will stop ...

Page 759: ...c for this interface Use higher values to indicate slower ports Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 Command Usage Interface cost reflects the port speed This router uses a default cost of 1 for all ports Therefore if you install a Gigabit module you may have to reset the cost for all of the 100 Mbps ports to a value greater than 1 Example Console config interf...

Page 760: ...maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 40 or four times the interval specified by the ip ospf hello interval command Example Related Commands ip ospf hello interval 4 361 Console conf...

Page 761: ...10 seconds Command Usage Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic Example ip ospf priority This command sets the router priority used when determining the designated router DR and backup designated router BDR for an area...

Page 762: ...r an area when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the election process is initiated Example ip ospf retransmit interval This command specifies the time between resending link state advertisements LSAs Use the no form to restore the default value Syntax ip ospf retransmit interval seconds no ip ...

Page 763: ...nds no ip ospf transmit delay seconds Sets the estimated time required to send a link state update Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 second Command Usage LSAs have their age incremented by this delay before transmission When estimating the transmit delay consider both the transmission and propagation delays for an interface Set the transmit delay according t...

Page 764: ...Number of interfaces in this area is 4 SPF algorithm executed 19 times Console Table 4 88 show ip ospf display description Field Description Routing Process with ID Router ID Supports only single TOS TOS0 route Type of service is not supported so you can only assign one cost per interface It is an router type The types displayed include internal area border or autonomous system boundary routers Nu...

Page 765: ... 0 3 10 2 6 252 10 2 9 253 0 ASBR INTER 10 2 0 0 7 Console Table 4 89 show ip ospf border routers display description Field Description Destination Identifier for the destination router Next Hop IP address of the next hop toward the destination Cost Link metric for this route Type Router type of the destination either ABR ASBR or both RteType Route type either intra area or interarea route INTRA o...

Page 766: ...rea id database nssa external link state id adv router ip address show ip ospf area id database nssa external link state id self originate link state id show ip ospf area id database router link state id show ip ospf area id database router adv router ip address show ip ospf area id database router self originate link state id show ip ospf area id database self originate link state id show ip ospf...

Page 767: ... information about router LSAs summary Shows information about summary LSAs Command Mode Privileged Exec Examples The following shows output for the show ip ospf database command Console show ip ospf database Displaying Router Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link State...

Page 768: ...ork Mask 255 255 255 0 Metric 1 Console Table 4 91 show ip ospf asbr summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Summary Links LSA describes routes to AS boundary routers Link State ID Interface address of the autonomous system boundary router Advertising Router Advertising router ...

Page 769: ...LSAs Sum Net Number of summary LSAs Sum ASBR Number of summary ASBR LSAs External AS Number of autonomous system external LSAs External Nssa Number of NSSA external network LSAs Total LSA Counts Total number of LSAs Console show ip ospf database external OSPF Router with id 192 168 5 1 Autonomous system 5 Displaying AS External Link States LS age 433 Options No TOS capability LS Type AS External L...

Page 770: ...r Sequence number of LSA used to detect older duplicate LSAs LS Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Address mask for the network Metric Type Type 1 or Type 2 external metric see redistribute on page 4 347 Metrics Cost of the link Forward Address Forwarding address for data to be passed to the advertised destination If set to 0 0 ...

Page 771: ...outer 10 1 1 253 Console Table 4 94 show ip ospf network display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Network Link LSA describes the routers attached to the network Link State ID Interface address of the designated router Advertising Router Advertising router ID LS Sequence Number Sequence ...

Page 772: ...e 233 Options Support External routing capability LS Type Router Links Link State ID 10 1 1 252 Originating Router s Router ID Advertising Router 10 1 1 252 LS Sequence Number 80000011 LS Checksum 0x7287 Length 48 Router Role Area Border Router Number of Links 1 Link ID 10 1 7 0 IP Network Subnet Number Link Data 255 255 255 0 Network s IP address mask Link Type Connection to a stub network Number...

Page 773: ...s LS Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Router Role Description of router type including None AS Boundary Router Area Border Router or Virtual Link Number of Links Number of links described by the LSA Link ID Link type and corresponding Router ID or network address Link Data Router ID for transit network Network s IP address mask for stub ne...

Page 774: ...ksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Table 4 96 show ip ospf summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Summary Links LSA describes routes to networks Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router I...

Page 775: ...riority 1 Designated Router id 10 1 1 252 Interface address 10 1 1 252 Backup Designated router id 10 1 1 253 Interface addr 10 1 1 253 Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Table 4 97 show ip ospf interface display description Field Description Vlan VLAN ID and Status of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address...

Page 776: ... find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but is not the DR or BDR Priority Router priority Designated Router Designated router ID and respective interface address Backup Designated Router Backup designated router ID and respective interface address Timer intervals Configuration settings for timer intervals including Hello ...

Page 777: ...clude Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent I...

Page 778: ...0 255 255 0 0 Console Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Transmit Delay is 1 sec Timer intervals configured Hello 10 Dead 40 Retransmit 5 Console Table 4 99 show ip ospf virtual links display description Field Description Virtual Link to router OSPF neighbor and link state up or down Transit area Common area the virtual link crosses to ...

Page 779: ...t Routing Commands ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4093 interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 25 49 port channel channel id Range 1 32 Default Setting No static multicast rout...

Page 780: ...1 show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Exa...

Page 781: ...the backup routers and configure an authentication string You can also enable the preempt feature which allows a router to take over as the master router when it comes on line Table 4 101 Router Redundancy Commands Command Groups Function Page Virtual Router Redundancy Protocol Configures interface settings for VRRP 4 381 Table 4 102 VRRP Commands Command Function Mode Page vrrp ip Enables VRRP an...

Page 782: ...LAN interface that are supported by this VRRP group Default Setting No virtual router groups are configured Command Mode Interface VLAN Command Usage The interfaces of all routers participating in a virtual router group must be within the same IP subnet show vrrp interface Displays VRRP status information for the specified interface PE 4 389 show vrrp router counters Displays VRRP statistics PE 4 ...

Page 783: ...ommand is entered If you need to customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP Example This example creates VRRP group 1 using the primary interface for VLAN 1 as the VRRP group Owner and also adds a secondary interface as a member of the group vrrp authentication This command spec...

Page 784: ...s supported only to prevent a misconfigured router from participating in VRRP Example vrrp priority This command sets the priority of this router in a VRRP group Use the no form to restore the default setting Syntax vrrp group priority level no vrrp group priority group Identifies the VRRP group Range 1 255 level Priority of this router in the VRRP group Range 1 254 Default Setting 100 Command Mod...

Page 785: ...ine this backup router will take over as the new acting master However note that if the original master i e the owner of the VRRP IP address comes back on line it will always resume control as the master Example Related Commands vrrp preempt 4 386 vrrp timers advertise This command sets the interval at which the master virtual router sends advertisements communicating its state as the master Use t...

Page 786: ...er is three times the hello interval plus half a second Example vrrp preempt This command configures the router to take over as the master virtual router for a VRRP group if it has a higher priority than the current acting master router Use the no form to disable preemption Syntax vrrp group preempt delay seconds no vrrp group preempt group Identifies the VRRP group Range 1 255 seconds The time to...

Page 787: ...elated Commands vrrp priority 4 384 show vrrp This command displays status information for VRRP Syntax show vrrp brief group brief Displays summary information for all VRRP groups on this router group Identifies a VRRP group Range 1 255 Defaults None Command Mode Privileged Exec Command Usage Use this command without any keywords to display the full listing of status information for all VRRP group...

Page 788: ...tual IP address Virtual address that identifies this VRRP group Virtual MAC address Virtual MAC address derived from the owner of the virtual IP address Advertisement interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the current acting master Min delay Delay before a router with a higher prior...

Page 789: ...igured on the VRRP master This interval is used by all the routers in the group regardless of their local settings Console show vrrp brief Interface Grp State Virtual addr Int Pre Prio vlan 1 1 Master 192 168 1 6 5 E 1 Console Table 4 104 show vrrp brief display description Field Description Interface VLAN interface Grp VRRP group State VRRP role of this interface master or backup Virtual addr Vir...

Page 790: ...d with an unknown or unsupported version number Console show vrrp interface vlan 1 Vlan 1 Group 1 state Master Virtual IP address 192 168 1 6 Virtual MAC address 00 00 5E 00 01 01 Advertisement interval 5 sec Preemption enabled Min delay 10 sec Priority 1 Authentication SimpleText Authentication key bluebird Master Router 192 168 1 6 Master priority 1 Master Advertisement interval 5 sec Master dow...

Page 791: ...c Example Console show vrrp 1 interface vlan 1 counters Total Number of Times Transitioned to MASTER 6 Total Number of Received Advertisements Packets 0 Total Number of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority 0 VRRP Packets 0 Total Number of Sent...

Page 792: ...istics for the specified group and interface clear vrrp group interface interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 Defaults None Command Mode Privileged Exec Example Console clear vrrp 1 interface 1 counters Console ...

Page 793: ...0 100 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP 10GBASE LR 10 Gbps at full duplex Module Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic t...

Page 794: ...ghted Round Robin Queueing which can be configured by VLAN tag or port Layer 3 4 priority mapping IP Port IP Precedence IP DSCP Quality of Service DiffServ supports class maps policy maps and service policies Multicast Filtering IGMP Snooping Layer 2 IP Routing ARP Proxy ARP Static routes RIP RIPv2 and OSPFv2 dynamic routing VRRP Virtual Router Redundancy Protocol Additional Features BOOTP client ...

Page 795: ...roups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority tags IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP...

Page 796: ...ion 2 0 TFTP RFC 1350 VRRP RFC 2338 Management Information Bases Bridge MIB RFC 1493 DNS Resolver MIB RFC 1612 DVMRP MIB Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 IP Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC...

Page 797: ...B RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMP Community MIB RFC 2576 TACACS Authentication Client MIB TCP MIB RFC 2013 Trap RFC 1215 UDP MIB RFC 2012 VRRP MIB RFC 2787 ...

Page 798: ...SOFTWARE SPECIFICATIONS A 6 ...

Page 799: ...ed the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate sw...

Page 800: ...ave set up an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and the b...

Page 801: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 802: ...TROUBLESHOOTING B 4 ...

Page 803: ... of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit Differentiated Services DiffServ DiffServ provides quality of service on large networks by employing a well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries...

Page 804: ...ghts for any device that is plugged into the switch A user name and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard GARP VLAN Registration Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports a...

Page 805: ...me tags which carry VLAN information It allows switches to assign endstations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks IEEE 802 1p An IEEE standard for providing quality of service QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged pr...

Page 806: ... A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereb...

Page 807: ...atabase objects that contains information about a specific device MD5 Message Digest Algorithm An algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm which has been broken MD5 is a one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast ...

Page 808: ...egation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs Private VLANs provide port based security and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from uplink ports Quality of Service QoS QoS refers to the capability of a network to provi...

Page 809: ...equired by the older IEEE 802 1D STP standard Secure Shell SSH A secure replacement for remote access functions including Telnet SSH can authenticate users with a cryptographic key and encrypt data connections between management clients and the switch Simple Mail Transfer Protocol SMTP A standard host to host mail transport protocol that operates over TCP port 25 Simple Network Management Protocol...

Page 810: ...rotocol Internet Protocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A TCP IP protocol commonly used for software downloads User Datagram Protocol UDP UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like ser...

Page 811: ...router and multiple backup routers The backups can be configured to take over the workload if the master fails or to load share the traffic The primary goal of VRRP is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down XModem A protocol used to transfer files between devices Data is grouped in 128 byte blocks...

Page 812: ...GLOSSARY Glossary 10 ...

Page 813: ...iguring 3 203 4 269 4 284 DSCP 3 212 4 279 IP port priority 3 214 4 276 IP precedence 3 210 4 278 layer 3 4 priorities 3 209 4 276 queue mapping 3 205 4 273 queue mode 3 207 4 270 traffic class weights 3 208 4 272 D default gateway configuration 3 23 3 269 4 310 default priority ingress port 3 203 4 271 default settings system 1 9 DHCP 3 25 4 308 address pool 3 246 4 163 client 3 23 4 157 4 177 dy...

Page 814: ...802 1X 3 93 4 104 IGMP groups displaying 3 232 4 299 Layer 2 3 227 4 296 query 3 227 4 301 query Layer 2 3 228 4 300 snooping 3 227 4 297 snooping configuring 3 228 4 296 ingress filtering 3 194 4 252 IP address BOOTP DHCP 3 25 4 158 4 308 setting 2 10 3 22 4 308 IP port priority enabling 3 214 4 276 mapping priorities 3 214 4 277 IP precedence enabling 3 210 4 278 mapping priorities 3 210 4 278 I...

Page 815: ...ous system boundary router 3 306 4 342 backbone 3 309 4 349 default external route 3 307 4 342 general settings 3 305 4 338 normal area 3 309 4 348 NSSA 3 309 4 351 redistributing external routes 3 327 4 347 stub 3 309 4 350 transit area 3 309 4 353 virtual link 3 321 4 353 P password line 4 17 passwords 2 9 administrator setting 3 75 4 35 path cost 3 158 3 168 method 3 164 4 228 STA 3 158 3 168 4...

Page 816: ...54 4 143 software displaying version 3 17 4 81 downloading 3 28 4 84 Spanning Tree Protocol See STA specifications software A 1 SSH configuring 3 83 4 49 4 50 STA 3 155 4 221 edge port 3 169 3 172 4 237 global settings configuring 3 161 4 222 4 229 global settings displaying 3 157 4 243 interface settings 3 166 3 177 3 179 4 235 4 242 4 243 link type 3 169 3 172 4 239 path cost 3 158 3 168 4 235 p...

Page 817: ... 3 190 3 193 4 254 creating 3 188 4 247 description 3 181 displaying basic information 3 186 4 265 displaying port members 3 187 4 256 egress mode 3 195 4 250 interface configuration 3 194 4 251 4 255 private 3 197 4 257 protocol 3 199 4 259 VRRP 3 256 4 381 authentication 3 259 4 383 configuration settings 3 256 4 381 group statistics 3 263 4 387 preemption 3 257 3 258 4 386 priority 3 257 3 259 ...

Page 818: ...INDEX Index 6 ...

Page 819: ......

Page 820: ...1 38 01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10 6235 495...

Reviews:

No comments

Related manuals for 8724ML3 - annexe 1

D-Link SmartPro DGS-1500-20 Reference Manual preview
SmartPro DGS-1500-20
Brand: D-Link Pages: 113
D-Link xStack DGS-3120 Series Cli Reference Manual preview
xStack DGS-3120 Series
Brand: D-Link Pages: 1150
Lucent Technologies LambdaUnite MSS Installation Manual preview
LambdaUnite MSS
Brand: Lucent Technologies Pages: 388
Hirschmann PAT TRS 05 / PATB3 Installation And Setup Manual preview
PAT TRS 05 / PATB3
Brand: Hirschmann Pages: 12
Eaton 9476-ET Instruction Manual preview
9476-ET
Brand: Eaton Pages: 43
MuxLab HM44 User Manual preview
HM44
Brand: MuxLab Pages: 32
Black Box 26592 Specifications preview
26592
Brand: Black Box Pages: 3
Dahua VTNS1006A-2 User Manual preview
VTNS1006A-2
Brand: Dahua Pages: 12
Atlona AT-HD-SC-500 Manual preview
AT-HD-SC-500
Brand: Atlona Pages: 22
TP-Link P1201-08 User Manual preview
P1201-08
Brand: TP-Link Pages: 34
PowerShield PSMBSR10K Quick Manual preview
PSMBSR10K
Brand: PowerShield Pages: 2
PCB Piezotronics 685B0001A13 Installation And Operating Manual preview
685B0001A13
Brand: PCB Piezotronics Pages: 31
TRENDnet TE100-S24g Specifications preview
TE100-S24g
Brand: TRENDnet Pages: 2
H3C S1850 Series Getting Started Manual preview
S1850 Series
Brand: H3C Pages: 19
CAMDEN Sure-Wave CM-330/N Installation Instructions preview
Sure-Wave CM-330/N
Brand: CAMDEN Pages: 4
Cabletron Systems CyberSWITCH CSX150 User Manual preview
CyberSWITCH CSX150
Brand: Cabletron Systems Pages: 620
Gefen EXT-DVI-444DL User Manual preview
EXT-DVI-444DL
Brand: Gefen Pages: 20
Extreme Networks ExtremeSwitching 3600 Series Installation Manual preview
ExtremeSwitching 3600 Series
Brand: Extreme Networks Pages: 51

Brands by name

Popular brands

Load more brands