manualshive.com logo in svg

SMC Networks TigerSwitch 1000, Management Manual

The SMC Networks TigerSwitch 1000 is a versatile and reliable network switch. For comprehensive guidance on its features and functionalities, be sure to download the Management Manual for free. Get your manual from manualshive.com and optimize your networking experience with this high-performance device.

Share
Download
background image

S

YSTEM

 M

ANAGEMENT

 C

OMMANDS

4-47

5.

Enable SSH Service – Use the 

ip ssh server

 command to enable the 

SSH server on the switch.

6.

Configure Challenge-Response Authentication – When an SSH client 
attempts to contact the switch, the SSH server uses the host key pair to 
negotiate a session key and encryption method. Only clients that have a 
private key corresponding to the public keys stored on the switch can 
gain access. The following exchanges take place during this process:

a.

The client sends its public key to the switch. 

b.

The switch compares the client's public key to those stored in 
memory. 

c.

If a match is found, the switch uses the public key to encrypt a 
random sequence of bytes, and sends this string to the client. 

d.

The client uses its private key to decrypt the bytes, and sends the 
decrypted bytes back to the switch. 

e.

The switch compares the decrypted bytes to the original bytes it sent. 
If the two sets match, this means that the client's private key 
corresponds to an authorized public key, and the client is 
authenticated. 

Note:

To use SSH with only password authentication, the host public key 
must still be given to the client, either during initial connection or 
manually entered into the known host file. However, you do not 
need to configure the client’s keys.

ip ssh server

This command enables the Secure Shell (SSH) server on this switch. Use 
the 

no

 form to disable this service.

Syntax 

[

no

]

 ip ssh server

Default Setting 

Disabled

Summary of Contents for TigerSwitch 1000

Page 1: ...switching architecture Support for a redundant power unit Spanning Tree Protocol and Rapid STP Up to six LACP or static 8 port trunks CoS support for four level priority Full support for VLANs with GV...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions November 2005...

Page 4: ...d by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA...

Page 5: ...corporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinua...

Page 6: ...IDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUN...

Page 7: ...Dynamic Configuration 2 7 Enabling SNMP Management Access 2 8 Community Strings 2 9 Trap Receivers 2 10 Saving Configuration Settings 2 10 Managing System Files 2 11 3 Configuring the Switch 3 1 Usin...

Page 8: ...ss Strings 3 39 Specifying Trap Managers and Trap Types 3 40 User Authentication 3 42 Configuring User Accounts 3 42 Configuring Local Remote Logon Authentication 3 44 Configuring HTTPS 3 48 Replacing...

Page 9: ...Configuring Rate Limits 3 100 Rate Limit Configuration 3 100 Showing Port Statistics 3 101 Address Table Settings 3 108 Setting Static Addresses 3 108 Displaying the Address Table 3 110 Changing the...

Page 10: ...DSCP Priority 3 160 Mapping DSCP Priority 3 160 Mapping CoS Values to ACLs 3 162 Multicast Filtering 3 164 Layer 2 IGMP Snooping and Query 3 165 Configuring IGMP Snooping and Query Parameters 3 165 D...

Page 11: ...4 17 exec timeout 4 18 password thresh 4 19 silent time 4 20 databits 4 20 parity 4 21 speed 4 22 stopbits 4 23 disconnect 4 23 show line 4 24 General Commands 4 25 enable 4 26 disable 4 27 configure...

Page 12: ...ip ssh server key size 4 50 delete public key 4 50 ip ssh crypto host key generate 4 51 ip ssh crypto zeroize 4 52 ip ssh save host key 4 52 show ip ssh 4 53 show ssh 4 53 show public key 4 55 Event L...

Page 13: ...w version 4 80 Frame Size Commands 4 81 jumbo frame 4 81 Flash File Commands 4 83 copy 4 83 delete 4 86 dir 4 87 whichboot 4 88 boot system 4 89 Authentication Commands 4 90 Authentication Sequence 4...

Page 14: ...d 4 108 dot1x timeout tx period 4 109 show dot1x 4 109 Access Control List Commands 4 112 IP ACLs 4 114 access list ip 4 114 permit deny Standard ACL 4 115 permit deny Extended ACL 4 116 show ip acces...

Page 15: ...e limit 4 147 Link Aggregation Commands 4 149 channel group 4 151 lacp 4 151 lacp system priority 4 154 lacp admin key Ethernet Interface 4 155 lacp admin key Port Channel 4 156 lacp port priority 4 1...

Page 16: ...LAN Interfaces 4 185 interface vlan 4 186 switchport mode 4 187 switchport acceptable frame types 4 188 switchport ingress filtering 4 189 switchport native vlan 4 190 switchport allowed vlan 4 191 sw...

Page 17: ...g Commands 4 219 IGMP Snooping Commands 4 220 ip igmp snooping 4 220 ip igmp snooping vlan static 4 221 ip igmp snooping version 4 222 show ip igmp snooping 4 222 show mac address table multicast 4 22...

Page 18: ...cts 4 234 ping 4 235 A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 3 Management Information Bases A 3 B Troubleshooting B 1 Problems Accessing the Management...

Page 19: ...CONTENTS xv...

Page 20: ...le 3 13 CoS to ACL Mapping 3 162 Table 4 1 Command Modes 4 7 Table 4 2 Configuration Commands 4 9 Table 4 3 Keystroke Commands 4 10 Table 4 4 Command Group Index 4 11 Table 4 5 Line Command Syntax 4 1...

Page 21: ...Priority Mapping 4 120 Table 4 36 ACL Information 4 122 Table 4 37 SNMP Commands 4 123 Table 4 38 Interface Commands 4 131 Table 4 39 show interfaces switchport display description 4 144 Table 4 40 Mi...

Page 22: ...ayer 3 and 4 4 216 Table 4 59 Mapping IP DSCP to CoS Values 4 217 Table 4 60 Multicast Filtering Commands 4 219 Table 4 61 IGMP Snooping Commands 4 220 Table 4 62 IGMP Query Commands Layer 2 4 224 Tab...

Page 23: ...TABLES xix...

Page 24: ...30 Figure 3 15 System Logs 3 32 Figure 3 16 Remote Logs 3 34 Figure 3 17 Displaying Logs 3 35 Figure 3 18 Resetting the System 3 35 Figure 3 19 SNTP Configuration 3 37 Figure 3 20 Setting the Time Zo...

Page 25: ...N Statistics 3 107 Figure 3 51 Mapping Ports to Static Addresses 3 109 Figure 3 52 Displaying the MAC Dynamic Address Table 3 111 Figure 3 53 Setting the Aging Time 3 112 Figure 3 54 Displaying the Sp...

Page 26: ...ority Status 3 160 Figure 3 75 Mapping IP DSCP Priority to Class of Service Values 3 161 Figure 3 76 Configuring Internet Group Management Protocol 3 167 Figure 3 77 Mapping Multicast Switch Ports to...

Page 27: ...he switch s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Te...

Page 28: ...ations Some of the management features are briefly described below Port Trunking Supports up to 25 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address...

Page 29: ...anagement access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filte...

Page 30: ...uld fail The switch supports up to 25 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffi...

Page 31: ...nce by allowing two or more redundant connections to be created between a pair of LAN segments When there are multiple physical paths between segments this protocol will choose a single path and disab...

Page 32: ...ity by restricting all traffic to the originating VLAN Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN...

Page 33: ...m Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file page 3...

Page 34: ...mits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Ena...

Page 35: ...t Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 6 all...

Page 36: ...INTRODUCTION 1 10...

Page 37: ...nt allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0...

Page 38: ...filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Confi...

Page 39: ...bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make s...

Page 40: ...d using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a...

Page 41: ...etting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe p...

Page 42: ...ou may also need to specify a default gateway that resides between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated...

Page 43: ...ou select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to use the ip dhcp restart client command to start broadcas...

Page 44: ...face command Press Enter 6 Then save your configuration changes by typing copy running config startup config Enter the startup file name and press Enter Enabling SNMP Management Access The switch can...

Page 45: ...ess level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized management stations are ab...

Page 46: ...n order to configure the switch to send SNMP notifications you must enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link u...

Page 47: ...uration files can be selected as a system start up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot b...

Page 48: ...f each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that...

Page 49: ...a Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configu...

Page 50: ...password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses t...

Page 51: ...s and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The ho...

Page 52: ...Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web...

Page 53: ...re firmware version numbers and power status 3 13 Bridge Extension Shows the bridge extension parameters 3 15 IP Configuration Sets the IP address for management access 3 17 File 3 22 Copy Allows the...

Page 54: ...ttings Configures Secure Shell server settings 3 55 Host Key Settings Generates the host key pair public and private 3 53 Port Security Configures per port security including status response for secur...

Page 55: ...7 Port Counters Information Displays statistics for LACP protocol messages 3 90 Port Internal Information Displays settings and operational state for local side 3 92 Port Neighbors Information Display...

Page 56: ...ttings for STA 3 121 Port Configuration Configures individual port settings for STA 3 125 Trunk Configuration Configures individual trunk settings for STA 3 125 VLAN 3 129 802 1Q VLAN GVRP Status Enab...

Page 57: ...ype and associates the interfaces with a private VLAN 3 151 Trunk Information Shows VLAN port type and associated primary or secondary VLANs 3 149 Trunk Configuration Sets the private VLAN interface t...

Page 58: ...ast filtering configures parameters for multicast query 3 165 Multicast Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 3 168 Static Mul...

Page 59: ...the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled...

Page 60: ...tem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line In...

Page 61: ...6 Console config snmp server contact Geoff 4 126 Console config exit Console show system 4 79 System description SMC8748L2 Layer 2 Gigabit Ethernet Intelligent Switch System OID string 1 3 6 1 4 1 202...

Page 62: ...gement Software Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Expansion Slot Expa...

Page 63: ...Displaying Private VLAN Interface Information on page 3 149 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on pa...

Page 64: ...MRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Bridge Extension Configuration CLI Enter the following com...

Page 65: ...he CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all ports on the switch are members of VLAN 1 However the management station can be atta...

Page 66: ...tion Web Click System IP Configuration Select the VLAN through which the management station is attached set the IP Address Mode to Static enter the IP address subnet mask and gateway then click Apply...

Page 67: ...agement station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadc...

Page 68: ...to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service v...

Page 69: ...ument in this Batch Upgrade folder Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a file within the switch directory assigning it a new...

Page 70: ...of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the...

Page 71: ...toring Configuration Settings You can upload download configuration settings to from a TFTP server The configuration file can be later downloaded to restore the switch s settings Command Attributes Fi...

Page 72: ...g to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to running config Copies a file from a...

Page 73: ...tartup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then click Ap...

Page 74: ...via the web or CLI interface Command Attributes Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the...

Page 75: ...Defines the generation of a parity bit Communication protocols provided by some terminals can require a specific parity bit setting Specify Even Odd or None Default None Speed Sets the terminal line...

Page 76: ...assword 0 secret 4 12 Console config line timeout login response 0 4 13 Console config line exec timeout 0 4 13 Console config line password thresh 3 4 14 Console config line silent time 60 4 15 Conso...

Page 77: ...e connection is terminated for the session Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected withi...

Page 78: ...d To display the current virtual terminal settings use the show line command from the Normal Exec level Console config line vty 4 10 Console config line login local 4 11 Console config line password 0...

Page 79: ...s Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you...

Page 80: ...be logged to RAM and flash memory then click Apply Figure 3 15 System Logs Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages on...

Page 81: ...erver to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by...

Page 82: ...syslog server host IP address choose the facility type and set the logging trap Console config logging host 192 168 1 15 4 45 Console config logging facility 23 4 45 Console config logging trap 4 4 4...

Page 83: ...b Click System Log Logs Figure 3 17 Displaying Logs CLI This example shows the event message stored in RAM Resetting the System Web Click System Reset Reset to reboot the switch When prompted confirm...

Page 84: ...ill only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can c...

Page 85: ...Figure 3 19 SNTP Configuration CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp client 4 70 Console conf...

Page 86: ...Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before...

Page 87: ...rights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for conf...

Page 88: ...Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the...

Page 89: ...message whenever an invalid community string is submitted during the SNMP access authentication process The default is enabled Enable Link up and Link down Traps Issues link up or link down traps The...

Page 90: ...b SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboar...

Page 91: ...name select the user s access level then enter a password and confirm it Click Add to save the new user account and add it to the Account List To change the password for a specific user enter the use...

Page 92: ...S aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the s...

Page 93: ...n server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on t...

Page 94: ...acters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch...

Page 95: ...4 94 Console config radius server port 181 4 95 Console config radius server key green 4 95 Console config radius server retransmit 5 4 96 Console config radius server timeout 10 4 97 Console show rad...

Page 96: ...ng the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data...

Page 97: ...Certificate When you log onto the web interface using HTTPS for secure access a Secure Sockets Layer SSL certificate appears for the switch By default the certificate that Netscape and Internet Explor...

Page 98: ...n remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley...

Page 99: ...create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherw...

Page 100: ...switch the SSH server uses the host key pair to negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access The...

Page 101: ...encoded modulus DSA The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type us...

Page 102: ...emory RAM and non volatile memory Flash Web Click Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required...

Page 103: ...st key 4 47 Console show public key host 4 47 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 63...

Page 104: ...es the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits W...

Page 105: ...n automatically take action by disabling the port and sending a trap message To use port security first allow the switch to dynamically learn the source MAC address VLAN pair for frames received on a...

Page 106: ...connection device If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 80 Command Attributes Port Port number Name De...

Page 107: ...work resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access...

Page 108: ...ent version of the firmware supports only the MD5 authentication method The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies...

Page 109: ...server and client also have to support the same EAP authentication type The current version of the firmware supports only the EAP MD5 authetication type Some clients have native support in Windows oth...

Page 110: ...abled Web Select Security 802 1x Configuration Enable dot1x globally for the switch and click Apply Figure 3 30 802 1x Global Configuration CLI This enables 802 1x globally for the switch Console show...

Page 111: ...s Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authen...

Page 112: ...3600 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected clien...

Page 113: ...s Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 52 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on p...

Page 114: ...The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth...

Page 115: ...he statistics Figure 3 32 Displaying 802 1x Port Statistics Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request fram...

Page 116: ...uential list of permit or deny conditions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by o...

Page 117: ...Ingress IP ACL for ingress ports 2 Explicit default rule permit any any in the ingress IP ACL for ingress ports 3 If no explicit rule is matched the implicit default is permit all Setting the ACL Name...

Page 118: ...source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Optio...

Page 119: ...dress range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Src Dst I...

Page 120: ...ecify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet a...

Page 121: ...t to any port Command Usage Each ACL can have up to 60 rules This switch supports ACLs for ingress filtering only However you can only bind one IP ACL to any port for ingress filtering In other words...

Page 122: ...ing Management Access You can specify the client IP addresses that are allowed management access to the switch through the web interface SNMP or Telnet Command Usage The management interfaces are open...

Page 123: ...for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can...

Page 124: ...e the Port Information or Trunk Information pages to display the current connection status including link state speed duplex mode flow control and auto negotiation Field Attributes Web Name Interface...

Page 125: ...if port is a trunk member Creation2 Shows if a trunk is manually configured or dynamically set via LACP 1 Port Information only 2 Trunk Information only Web Click Port Port Information or Trunk Inform...

Page 126: ...half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow contro...

Page 127: ...one CLI This example shows the connection status for Port 5 Console show interfaces status ethernet 1 5 4 140 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 30 f1 47 58 46 Con...

Page 128: ...duplex mode Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need...

Page 129: ...grade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full T...

Page 130: ...nfigured ports on another device You can configure any number of ports on the switch as LACP as long as they are not already configured as part of a static trunk If ports on another device are also co...

Page 131: ...onfiguring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at both ends of a trunk must be configured in an identical manner includi...

Page 132: ...d trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Range 1 25 Port Port identifier Range 1 50 Web Click Port Trunk Membership Enter a trunk ID of 1 25...

Page 133: ...nsole config interface ethernet 1 1 4 132 Console config if channel group 1 4 151 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end C...

Page 134: ...one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation Command Attributes Member List Current Shows configured trunks Port New I...

Page 135: ...e port channel admin key lacp admin key page 4 156 is Console config interface ethernet 1 1 4 132 Console config if lacp 4 151 Console config if exit Console config interface ethernet 1 6 Console conf...

Page 136: ...system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations wi...

Page 137: ...ionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is...

Page 138: ...e config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 4 158 Channel Group Syste...

Page 139: ...DUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not c...

Page 140: ...ACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 7 LACP Settings Field Description Oper Key Current operational value of...

Page 141: ...this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The Sy...

Page 142: ...P configuration settings and operational state for the local side of port channel 1 Console show 1 lacp internal 4 158 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP Syste...

Page 143: ...ative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current ad...

Page 144: ...e side of port channel 1 Console show 1 lacp neighbors 4 158 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Ad...

Page 145: ...t traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP mu...

Page 146: ...2 Console config if no switchport broadcast 4 138 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 500 4 138 Console config if end Consol...

Page 147: ...affic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port...

Page 148: ...ximum rate for traffic received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming into the switch Packets that exceed the acceptable amount of...

Page 149: ...set the Rate Limit Level and click Apply Figure 3 48 Configuring Input Port Rate Limiting CLI This example sets the rate limit for input traffic passing through port 3 Showing Port Statistics You can...

Page 150: ...ed on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets The number of packets...

Page 151: ...arded or not sent Transmit Broadcast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer includin...

Page 152: ...ls due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Erro...

Page 153: ...good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this...

Page 154: ...luding bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frame...

Page 155: ...PORT CONFIGURATION 3 107 Figure 3 50 Displaying Etherlike and RMON Statistics...

Page 156: ...tats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftab...

Page 157: ...of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Web Only Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Fi...

Page 158: ...dress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with th...

Page 159: ...splaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table C...

Page 160: ...network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your n...

Page 161: ...etwork packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for He...

Page 162: ...figure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes...

Page 163: ...tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The dev...

Page 164: ...rt needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interval between the tran...

Page 165: ...pports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below Console s...

Page 166: ...ree Protocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default Priority Bridge priorit...

Page 167: ...ed to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward...

Page 168: ...terface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rat...

Page 169: ...begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device i...

Page 170: ...s of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 3 125 Oper...

Page 171: ...this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spannin...

Page 172: ...for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not ca...

Page 173: ...oint connection or shared media connection and edge port to indicate if the attached device can support fast forwarding Console show spanning tree ethernet 1 5 4 181 Eth 1 5 information Admin status e...

Page 174: ...forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enable...

Page 175: ...ne other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media This is the default setting...

Page 176: ...b Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply Figure 3 57 Configuring Spanning Tree Algorithm per Port CLI This example sets STA a...

Page 177: ...t having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia ap...

Page 178: ...ticipate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port...

Page 179: ...switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast...

Page 180: ...ched directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable...

Page 181: ...red based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local sw...

Page 182: ...nd whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN f...

Page 183: ...Q VLAN Current Table Select any ID from the scroll down list Figure 3 60 Displaying VLAN Information by Port Membership Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type...

Page 184: ...s only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or dis...

Page 185: ...ick Add Figure 3 61 Creating Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 183 Console config vlan vlan 2 name R D media ethernet state active 4 184 Console config vl...

Page 186: ...ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Co...

Page 187: ...the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 131 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interf...

Page 188: ...AN Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface...

Page 189: ...y for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group Address Registration Protocol is used by GVRP to register or der...

Page 190: ...always enabled Default Enabled Ingress filtering only affects tagged frames If a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering do...

Page 191: ...VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that i...

Page 192: ...sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 4 132 Console config if switchport acceptable frame types tagged 4 188 Console config if switchp...

Page 193: ...ernet while the community or isolated ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each pr...

Page 194: ...solated VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on the switch including primary community and isolated VLANs and th...

Page 195: ...d as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLANs The Private VLAN Configuration page is used to create r...

Page 196: ...Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entry in the Current list box and then click Remov...

Page 197: ...t box and click Add to associate these entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 67 Private VLAN Association CLI This example associ...

Page 198: ...iscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associate...

Page 199: ...e VLAN Host The port is a community port or an isolated port A community port can communicate with other ports in its own community VLAN and with designated promiscuous port s An isolated port can onl...

Page 200: ...Port Type to Host then specify an isolated VLAN by marking the check box for an Isolated VLAN and selecting the required VLAN from the drop down box Web Click VLAN Private VLAN Port Configuration or T...

Page 201: ...ags to the switch s priority queues Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch All untagged packets entering the switch are...

Page 202: ...an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Command Attributes Default Priority The priority that is assigned to untagged frames received...

Page 203: ...lowing table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Console config interface ethernet 1 3 4 132 Console...

Page 204: ...display the current mapping of CoS values to output queues Assign priorities to the traffic classes i e output queues for the selected interface then click Apply Figure 3 71 Configuring Ports and Trun...

Page 205: ...ime the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin sh...

Page 206: ...port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently...

Page 207: ...rame using the number of the TCP port When these service is enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Beca...

Page 208: ...ority IP DSCP Priority Status Check Enabled then click Apply Figure 3 74 IP DSCP Priority Status Mapping DSCP Priority The DSCP is six bits wide allowing coding for up to 64 different forwarding behav...

Page 209: ...ity and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value fiel...

Page 210: ...e Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see pag...

Page 211: ...ays the configured information For information on configuring ACLs see page 3 68 Web Click Priority ACL CoS Priority Enable mapping for any port select an ACL from the scroll down list then click Appl...

Page 212: ...ssed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It iden...

Page 213: ...ppropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces...

Page 214: ...s is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traf...

Page 215: ...is example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 220 Console config ip igmp snooping querier 4 224 Console config ip igmp...

Page 216: ...n the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID...

Page 217: ...nsure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propaga...

Page 218: ...e VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been...

Page 219: ...if this entry was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages...

Page 220: ...ffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Web Click...

Page 221: ...ll the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 4 221 Console config exit Console show mac address table multicast vlan 1 4 2...

Page 222: ...CONFIGURING THE SWITCH 3 174...

Page 223: ...on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and gues...

Page 224: ...address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office o...

Page 225: ...t command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI comma...

Page 226: ...CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further inpu...

Page 227: ...interfaces Interface information ip IP information lacp LACP statistics line TTY line information log Login records logging Login setting mac address table Configuration of the address table managemen...

Page 228: ...mand will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI main...

Page 229: ...you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited nu...

Page 230: ...ng config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as ho...

Page 231: ...s To enter the other modes at the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following comman...

Page 232: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Page 233: ...lso configures port security and IEEE 802 1X port access control 4 90 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP f...

Page 234: ...figures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 183 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning...

Page 235: ...ets the interval that the command interpreter waits until user input is detected LC 4 18 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 19...

Page 236: ...et Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show...

Page 237: ...by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by...

Page 238: ...ection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the...

Page 239: ...ult Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the...

Page 240: ...ting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated T...

Page 241: ...Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use...

Page 242: ...console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Rel...

Page 243: ...ata bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 21 parity This command defines the generat...

Page 244: ...speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud...

Page 245: ...bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax di...

Page 246: ...isconnect an SSH or Telnet connection Example Related Commands show ssh 4 53 show users 4 80 show line This command displays the terminal line s parameters Syntax show line console vty console Console...

Page 247: ...nsole Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 26 disable Returns to normal mode from privileged mode PE 4 27 configure Activates global configuratio...

Page 248: ...s 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the co...

Page 249: ...is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 26 configure This command activates Global Configuration mode You must ente...

Page 250: ...ec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buff...

Page 251: ...his command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy...

Page 252: ...ion mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged...

Page 253: ...Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 32 User Access Configures the basic user names and pas...

Page 254: ...ion System Status Displays system configuration active managers and version information 4 75 Frame Size Enables support for jumbo frames 4 81 Table 4 8 Device Designation Commands Command Function Mod...

Page 255: ...nt access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 13 user authentication via a remote authentication serv...

Page 256: ...m users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0...

Page 257: ...ivileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Pri...

Page 258: ...ous protocols Use the no form to restore the default setting Syntax no management all client http client snmp client telnet client start address end address all client Adds IP address es to the SNMP w...

Page 259: ...r the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot...

Page 260: ...management all client Management Ip Filter Http Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Snmp Client Start ip address End ip address 1 192 168 1...

Page 261: ...ing 80 Command Mode Global Configuration Example Related Commands ip http server 4 39 ip http server This command allows this device to be monitored or configured from a browser Use the no form to dis...

Page 262: ...nnection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HT...

Page 263: ...ing systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 49 Also refer to the copy command on page 4 83 Example Related Comm...

Page 264: ...e Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must spe...

Page 265: ...ort This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax no ip telnet port port number port number The TCP port to be used by the brow...

Page 266: ...Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a pub...

Page 267: ...the SSH server GC 4 48 ip ssh authentication retries Specifies the number of retries allowed by a client GC 4 49 ip ssh server key size Sets the SSH server key size GC 4 50 copy tftp public key Copies...

Page 268: ...2 59566410486957427888146206 519417467729848654686157177393901647793559423035774130980227370877945452408397 1752646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy t...

Page 269: ...witch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt the bytes and sends the decrypted bytes back to the swi...

Page 270: ...56 bit or 3DES 168 bit for data encryption You must generate the host key before enabling the SSH server Example Related Commands ip ssh crypto host key generate 4 51 show ssh 4 53 ip ssh timeout This...

Page 271: ...3 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentication...

Page 272: ...on Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command del...

Page 273: ...RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration proces...

Page 274: ...the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Relate...

Page 275: ...SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console...

Page 276: ...ES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfi...

Page 277: ...g is the encoded modulus Example Console show public key host Host RSA 1024 65537 1568499540186766925933394677505461732531367489083654725415020245593 19986854435836165199992332978176606583095861082591...

Page 278: ...hat are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 56 logging history Limits syslog messages saved to switch memory based on...

Page 279: ...on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity...

Page 280: ...rver host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default...

Page 281: ...e A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The c...

Page 282: ...gging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 57 Default Setting Disabled Level 7 0 Command Mode Glo...

Page 283: ...ds show log 4 63 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging fla...

Page 284: ...level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in F...

Page 285: ...ow logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via t...

Page 286: ...ification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4...

Page 287: ...mand to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection t...

Page 288: ...tes an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example...

Page 289: ...of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters...

Page 290: ...ion Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console...

Page 291: ...servers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 4 22 Time Command...

Page 292: ...ated Commands sntp client 4 69 sntp poll 4 71 show sntp 4 72 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments t...

Page 293: ...on the interval set via the sntp poll command Example Related Commands Related Commands 4 70 sntp poll 4 71 show sntp 4 72 sntp poll This command sets the interval between sending time requests when...

Page 294: ...ple clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Ra...

Page 295: ...t after of UTC Example Related Commands show sntp 4 72 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switc...

Page 296: ...e shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console cal...

Page 297: ...separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Table 4 23 System Status Commands Com...

Page 298: ...ing config 4 76 show running config This command displays the configuration information currently in use Default Setting None Console show startup config building startup config please wait username a...

Page 299: ...es Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names acc...

Page 300: ...blic ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486...

Page 301: ...tion SMC8748L2 System OID string 1 3 6 1 4 1 202 20 42 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC addr...

Page 302: ...e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege...

Page 303: ...for jumbo frames Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Console show version Unit 1 Serial number A429048179 Hardware version R01 EPLD version 15 15 Number of por...

Page 304: ...ation end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept...

Page 305: ...onfig file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to cop...

Page 306: ...tch Valid characters A Z a z 0 9 _ Due to the size limit of the flash memory the switch supports only two operation code files The maximum number of user defined configuration files depends on availab...

Page 307: ...ile name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programm...

Page 308: ...iguration file or image name unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Fact...

Page 309: ...dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image...

Page 310: ...chboot unit unit Stack unit Range 1 8 Default Setting None Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code...

Page 311: ...of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or image name unit Stack unit Range 1 8...

Page 312: ...mand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 90 RADIUS Client Configures settings for authentication via a RADIUS server 4 93 TACACS Client Con...

Page 313: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege...

Page 314: ...S server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort deliver...

Page 315: ...ntication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password p...

Page 316: ...ce until a server responds or the retransmit period expires host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used...

Page 317: ...1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server...

Page 318: ...re the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Ra...

Page 319: ...ch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS s...

Page 320: ...host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Defa...

Page 321: ...65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_st...

Page 322: ...ady stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been pr...

Page 323: ...ake when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum numbe...

Page 324: ...t the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monit...

Page 325: ...identity packet to the client before it times out the authentication session IC 4 105 dot1x port control Sets dot1x mode for a port interface IC 4 105 dot1x operation mode Allows single or multiple h...

Page 326: ...Syntax no dot1x system auth control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable dot1x global and port settings to their default...

Page 327: ...control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requir...

Page 328: ...ngle host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts...

Page 329: ...unit Range 1 8 port Port number Range 1 24 48 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to dis...

Page 330: ...d seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected clie...

Page 331: ...seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics inte...

Page 332: ...henticated page 4 108 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 108 tx period Time a port waits during authentication session...

Page 333: ...Reauthentication State Machine State Current state including initialize reauthenticate Example Console show dot1x Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Stat...

Page 334: ...riteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny ru...

Page 335: ...are included in an ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail The order in which active ACLs are checked is as follows 1 User defined rules i...

Page 336: ...es an IP ACL and enters configuration mode for standard or extended IP ACLs GC 4 114 permit deny Filters packets matching a specified source IP address STD ACL 4 115 permit deny Filters packets meetin...

Page 337: ...no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 115 ip access group 4 119 show ip acce...

Page 338: ...for each IP packet entering the port s to which this ACL has been assigned Example This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 16...

Page 339: ...bits to match host Keyword followed by a specific IP address sport Protocol1 source port number Range 0 65535 dport Protocol1 destination port number Range 0 65535 end Upper bound of the protocol por...

Page 340: ...ccess list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_n...

Page 341: ...e Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the ol...

Page 342: ...CL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can map CoS val...

Page 343: ...ut queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 Command Mode Privileged Exec Ex...

Page 344: ...ws all ACLs and associated rules PE 4 122 show access group Shows the ACLs assigned to each port PE 4 123 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0...

Page 345: ...ess list david IP access list jerry Console Table 4 37 SNMP Commands Command Function Mode Page show snmp Displays the status of SNMP communications NE PE 4 124 snmp server community Sets up the commu...

Page 346: ...Example Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 S...

Page 347: ...nsitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are...

Page 348: ...ion Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 126 snmp server location This command sets the system location...

Page 349: ...trap destination IP address entries community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp serve...

Page 350: ...for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled The switch can send SNMP Ver...

Page 351: ...an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable tr...

Page 352: ...COMMAND LINE INTERFACE 4 130 Example Related Commands snmp server host 4 127 Console config snmp server enable traps link up down Console config...

Page 353: ...negotiation Enables autonegotiation of a given interface IC 4 134 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 135 flowcontrol Enables flow control on...

Page 354: ...port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command add...

Page 355: ...l duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by...

Page 356: ...for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negoti...

Page 357: ...100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol...

Page 358: ...eed duplex 4 133 flowcontrol 4 136 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Enabled Command Mode Interface Configurat...

Page 359: ...on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The...

Page 360: ...trol Syntax switchport broadcast packet rate rate no switchport broadcast rate Threshold level as a rate i e packets per second Range 500 262143 Default Setting Enabled for all ports Packet rate limit...

Page 361: ...mand Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However i...

Page 362: ...t Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Com...

Page 363: ...thernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000ful...

Page 364: ...3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late colli...

Page 365: ...Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet...

Page 366: ...enabled Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 188 Native VLAN Indicates the default Port VLAN ID page 4 190 Priority for untagged traffi...

Page 367: ...t unit Stack unit Range 1 8 port Port number Range 1 24 48 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session...

Page 368: ...s must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirro...

Page 369: ...the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this...

Page 370: ...48 input Input rate rate Percentage Default Setting 100 percent Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit in...

Page 371: ...perating at full duplex Table 4 42 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode f...

Page 372: ...annel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the followin...

Page 373: ...tic trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Examp...

Page 374: ...med with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated autom...

Page 375: ...11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk...

Page 376: ...e Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG id...

Page 377: ...m priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel gro...

Page 378: ...ommand Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chann...

Page 379: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port...

Page 380: ...sages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for...

Page 381: ...ls group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an ille...

Page 382: ...inistrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled...

Page 383: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Page 384: ...0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 46 show lacp sysid display description Field Description Channel group A link aggregation group configured on...

Page 385: ...unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is...

Page 386: ...dress is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no...

Page 387: ...Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic add...

Page 388: ...ging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learn...

Page 389: ...Spanning Tree Commands Command Function Mode Page spanning tree Enables the spanning tree protocol GC 4 168 spanning tree mode Configures STP or RSTP mode GC 4 169 spanning tree forward time Configur...

Page 390: ...e spanning disabled Disables spanning tree for an interface IC 4 175 spanning tree cost Configures the spanning tree path cost of an interface IC 4 175 spanning tree port priority Configures the spann...

Page 391: ...Spanning Tree Protocol IEEE 802 1D rstp Rapid Spanning Tree Protocol IEEE 802 1w Default Setting rstp Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal...

Page 392: ...xpires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Example The following example configures the switch to use Rapid Spanning Tree spanning tree forward time This c...

Page 393: ...y data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning t...

Page 394: ...Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconf...

Page 395: ...is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lo...

Page 396: ...4 176 Example spanning tree transmission limit This command configures the minimum interval between the transmission of consecutive RSTP BPDUs Use the no form to restore the default Syntax spanning tr...

Page 397: ...nnel Example This example disables the spanning tree algorithm for port 5 spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore...

Page 398: ...ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 173 is set to short th...

Page 399: ...nning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface Config...

Page 400: ...o disable fast forwarding Syntax no spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the...

Page 401: ...and configures the link type for Rapid Spanning Tree Use the no form to restore the default Syntax spanning tree link type auto point to point shared no spanning tree link type auto Automatically deri...

Page 402: ...igration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Command Mode Privileged Exec Command Usage If at any time th...

Page 403: ...and Mode Privileged Exec Command Usage Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every in...

Page 404: ...Current root cost 10000 Number of topology changes 1 Last topology changes time sec 21561 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding...

Page 405: ...fault Setting None Table 4 49 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 183 Configuring VLAN Interfaces Configures VLAN interfac...

Page 406: ...le by entering the show running config command Example Related Commands show vlan 4 193 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN Syntax vlan...

Page 407: ...RD5 The VLAN is activated by default Related Commands show vlan 4 193 Configuring VLAN Interfaces Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan...

Page 408: ...ssign an IP address to the VLAN Related Commands shutdown 4 137 switchport native vlan Configures the PVID native VLAN of an interface IC 4 190 switchport allowed vlan Configures the VLANs associated...

Page 409: ...to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting...

Page 410: ...ged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frame...

Page 411: ...s filtering Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames With ingress filtering enabled a port will dis...

Page 412: ...nnel Command Usage Setting the native VLAN for a port can only be performed when the port is a member of the VLAN and the VLAN is untagged The no switchport native vlan command will set the native VLA...

Page 413: ...of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Se...

Page 414: ...The following example shows how to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port 1 switchport forbidden vlan This command configures forbidden VLANs Use the no form to remove the...

Page 415: ...how vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCI...

Page 416: ...d VLANs on the other hand consist a single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports In all cases the promiscuous ports are designed to provide open ac...

Page 417: ...VLAN COMMANDS 4 195 This section describes commands used to configure private VLANs...

Page 418: ...ry VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN Table 4 53 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private vlan Adds or d...

Page 419: ...e show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary community or isolated private VLAN Use the no form to remove the specified priv...

Page 420: ...rt has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked mode See switchport mode on page 187 Example private vlan ass...

Page 421: ...of the primary VLAN via promiscuous ports Example switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the default setting Syntax swit...

Page 422: ...host association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association Syntax switchport private vlan host association secondary vlan id no switc...

Page 423: ...vlan isolated isolated vlan id no switchport private vlan isolated isolated vlan id ID of isolated VLAN Range 1 4094 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Com...

Page 424: ...VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the priv...

Page 425: ...ction describes how to enable GVRP for individual interfaces and globally for the switch as well as how to display default configuration settings for the Bridge Extension MIB Console show vlan private...

Page 426: ...e enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example show bridge ext This command shows the configuration for bridge extension commands Def...

Page 427: ...mmand enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Console show bridge ext Max su...

Page 428: ...nfiguration Command Mode Normal Exec Privileged Exec Example garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax...

Page 429: ...The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registratio...

Page 430: ...n this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch supports CoS with eight priority queues for each por...

Page 431: ...of service values 4 216 Table 4 56 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 209 switchport priority defa...

Page 432: ...Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue bef...

Page 433: ...used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLA...

Page 434: ...used by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR con...

Page 435: ...value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight...

Page 436: ...ueue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Console config interface ethernet 1 1 Console config if queue...

Page 437: ...nit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Information...

Page 438: ...ds Layer 3 and 4 Command Function Mode Page map ip dscp Enables IP DSCP class of service mapping GC 4 216 map ip dscp Maps IP DSCP value to a class of service IC 4 217 map access list ip Sets the CoS...

Page 439: ...alue no map ip dscp dscp value 8 bit DSCP value Range 0 255 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP...

Page 440: ...y queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip dscp This command shows the IP DSCP priorit...

Page 441: ...tch router to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1...

Page 442: ...Table 4 61 IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 4 220 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4 221 i...

Page 443: ...lan id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default S...

Page 444: ...on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only...

Page 445: ...ast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting N...

Page 446: ...mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 62 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snoop...

Page 447: ...ast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking act...

Page 448: ...ery messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max respon...

Page 449: ...ient is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 222 ip igmp snoopin...

Page 450: ...vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4...

Page 451: ...r you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping...

Page 452: ...er devices that exist on another network segment Basic IP Configuration Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4...

Page 453: ...configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this for...

Page 454: ...P client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the...

Page 455: ...address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a differ...

Page 456: ...shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands If the BOOTP or DHCP server has been moved to a different domain the ne...

Page 457: ...tting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some resul...

Page 458: ...9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets tran...

Page 459: ...ps half full duplex 1000BASE T 10 100 Mbps at half full duplex 1000 Mbps at full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a...

Page 460: ...n be configured by VLAN tag or port Layer 3 4 priority mapping IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network...

Page 461: ...rnet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 3ad Link Aggregation Control...

Page 462: ...3 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2...

Page 463: ...the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the...

Page 464: ...an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used C...

Page 465: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 466: ...TROUBLESHOOTING B 4...

Page 467: ...em in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set acc...

Page 468: ...n Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work autom...

Page 469: ...ice QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1s An IEEE standa...

Page 470: ...Protocol IGMP A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is...

Page 471: ...tion meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multicast frames for s...

Page 472: ...Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network...

Page 473: ...Tree Protocol STP A technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest a...

Page 474: ...that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share...

Page 475: ...DSCP 3 160 3 162 4 216 layer 3 4 priorities 3 159 4 216 queue mapping 3 155 4 213 queue mode 3 157 4 209 traffic class weights 3 158 4 212 D default gateway configuration 3 18 4 233 default priority...

Page 476: ...authentication 3 42 4 90 RADIUS client 3 44 4 93 RADIUS server 3 44 4 93 TACACS client 3 44 4 98 TACACS server 3 44 4 98 logon authentication sequence 3 45 4 91 4 92 M main menu 3 5 Management Inform...

Page 477: ...ap manager 3 40 4 127 software displaying version 3 13 4 80 downloading 3 22 4 83 Spanning Tree Protocol See STA specifications software A 1 SSH configuring 3 50 4 48 4 49 STA 3 112 4 167 edge port 3...

Page 478: ...198 adding static members 3 138 3 140 4 191 creating 3 136 4 184 description 3 129 displaying basic information 3 133 4 204 displaying port members 3 134 4 193 egress mode 3 143 4 187 interface config...

Page 479: ......

Page 480: ...34 68 58 Italy 39 02 739 12 68 Fax 39 02 739 14 17 Benelux 31 0 654 776 790 Fax 31 0 172 242 393 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic and Baltics 46 0 566 622 83 Fax 45 0 566 6...

Reviews:

No comments

Related manuals for TigerSwitch 1000

SMC Networks Barricade SMC7901WBRA2 Installation Manual preview
Barricade SMC7901WBRA2
Brand: SMC Networks Pages: 2
Compaq StorageWorks AIT 35GB AutoLoader Overview And Installation preview
StorageWorks AIT 35GB AutoLoader
Brand: Compaq Pages: 4
Juniper EX2500 Quick Start preview
EX2500
Brand: Juniper Pages: 2
AMX NXA-ENET8POE Installation Manual preview
NXA-ENET8POE
Brand: AMX Pages: 2
Aethra AS1241 Technical Specifications preview
AS1241
Brand: Aethra Pages: 2
ETL TeleCLIENT TC7730 Series User Manual preview
TeleCLIENT TC7730 Series
Brand: ETL Pages: 83
H3C MSR 930 Installation, Quick Start preview
MSR 930
Brand: H3C Pages: 4
LevelOne NVR-0432 User Manual preview
NVR-0432
Brand: LevelOne Pages: 142
ORiNG IES-3082GC User Manual preview
IES-3082GC
Brand: ORiNG Pages: 101
Hirschmann 943 221-001 Description And Operating Instructions preview
943 221-001
Brand: Hirschmann Pages: 8
Planet FGSW-4840S User Manual preview
FGSW-4840S
Brand: Planet Pages: 38
IBEX Westermo Ibex-RT-330-5G Series Manual preview
Westermo Ibex-RT-330-5G Series
Brand: IBEX Pages: 36
Planet Networking & Communication VRT-311 User Manual preview
VRT-311
Brand: Planet Networking & Communication Pages: 147
Billion BiPAC 7300GX Quick Start Manual preview
BiPAC 7300GX
Brand: Billion Pages: 8
Digi WR41v1 Test preview
WR41v1
Brand: Digi Pages: 22
MikroTik RBwAPR-2nD Quick Manual preview
RBwAPR-2nD
Brand: MikroTik Pages: 18
MikroTik CCR2004-16G-2S+ Quick Start Manual preview
CCR2004-16G-2S+
Brand: MikroTik Pages: 5
D-Link DIR-300NRU Quick Installation Manual preview
DIR-300NRU
Brand: D-Link Pages: 27

Brands by name

Popular brands

Load more brands