background image

S

PANNING

 T

REE

 A

LGORITHM

 C

ONFIGURATION

3-127

that can be used when a node or port fails, and retaining the forwarding 
database for ports insensitive to changes in the tree structure when 
reconfiguration occurs. 

Displaying Global Settings

You can display a summary of the current bridge STA information that 
applies to the entire switch using the STA Information screen.

Field Attributes

Spanning Tree

 

State

 – Shows if the switch is enabled to participate 

in an STA-compliant network.

Bridge ID

 – A unique identifier for this bridge, consisting of the 

bridge priority and MAC address (where the address is taken from the 
switch system).

Max Age

 – The maximum time (in seconds) a device can wait without 

receiving a configuration message before attempting to reconfigure. 
All device ports (except for designated ports) should receive 
configuration messages at regular intervals. Any port that ages out STA 
information (provided in the last configuration message) becomes the 
designated port for the attached LAN. If it is a root port, a new root 
port is selected from among the device ports attached to the network. 
(References to “ports” in this section mean “interfaces,” which 
includes both ports and trunks.)

Hello Time

 – Interval (in seconds) at which the root device transmits 

a configuration message. 

Forward Delay

 – The maximum time (in seconds) the root device will 

wait before changing states (i.e., discarding to learning to forwarding). 
This delay is required because every device must receive information 
about topology changes before it starts to forward frames. In addition, 
each port needs time to listen for conflicting information that would 
make it return to a discarding state; otherwise, temporary data loops 
might result.

Summary of Contents for TigerSwitch

Page 1: ...act as Ethernet ports in standalone mode Stacks up to 8 units 12 8 Gbps of aggregate bandwidth Non blocking switching architecture Spanning Tree Protocol and Rapid STP Up to four LACP or static 4 por...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions November 2004 Pub 149100005000H...

Page 4: ...is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla...

Page 5: ...corporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinua...

Page 6: ...IDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUN...

Page 7: ...Interface for Management Access 2 6 Basic Configuration 2 6 Console Connection 2 6 Setting Passwords 2 7 Setting an IP Address 2 8 Manual Configuration 2 8 Dynamic Configuration 2 9 Enabling SNMP Man...

Page 8: ...Protocol Alerts 3 39 Resetting the System 3 41 Setting the System Clock 3 42 Configuring SNTP 3 42 Setting the Time Zone 3 44 Simple Network Management Protocol 3 45 Setting Community Access Strings...

Page 9: ...P Port Counters 3 103 Displaying LACP Settings and Status for the Local Side 3 104 Displaying LACP Settings and Status for the Remote Side 3 107 Setting Broadcast Storm Thresholds 3 109 Configuring Po...

Page 10: ...Egress Queues 3 170 Selecting the Queue Mode 3 172 Setting the Service Weight for Traffic Classes 3 173 Layer 3 4 Priority Settings 3 174 Mapping Layer 3 4 Priorities to CoS Values 3 174 Selecting IP...

Page 11: ...ry 4 7 Understanding Command Modes 4 8 Exec Commands 4 8 Configuration Commands 4 9 Command Line Processing 4 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 timeout login...

Page 12: ...er 4 43 ip http secure port 4 44 Telnet Server Commands 4 45 ip telnet port 4 45 ip telnet server 4 46 Secure Shell Commands 4 47 ip ssh server 4 50 ip ssh timeout 4 51 ip ssh authentication retries 4...

Page 13: ...t 4 73 sntp server 4 74 sntp poll 4 75 show sntp 4 75 clock timezone 4 76 calendar set 4 77 show calendar 4 78 System Status Commands 4 78 light unit 4 79 show startup config 4 79 show running config...

Page 14: ...tication 4 108 dot1x system auth control 4 109 dot1x default 4 110 dot1x max req 4 110 dot1x port control 4 111 dot1x operation mode 4 112 dot1x re authenticate 4 113 dot1x re authentication 4 113 dot...

Page 15: ...4 139 snmp server location 4 140 snmp server host 4 141 snmp server enable traps 4 142 show snmp 4 143 Interface Commands 4 145 interface 4 146 description 4 146 speed duplex 4 147 negotiation 4 148...

Page 16: ...ng time 4 182 Spanning Tree Commands 4 183 spanning tree 4 184 spanning tree mode 4 185 spanning tree forward time 4 186 spanning tree hello time 4 187 spanning tree max age 4 187 spanning tree priori...

Page 17: ...ivate vlan 4 215 GVRP and Bridge Extension Commands 4 216 bridge ext gvrp 4 217 show bridge ext 4 217 switchport gvrp 4 218 show gvrp configuration 4 219 garp timer 4 219 show garp timer 4 221 Priorit...

Page 18: ...g query count 4 243 ip igmp snooping query interval 4 244 ip igmp snooping query max response time 4 245 ip igmp snooping router port expire time 4 246 Static Multicast Routing Commands 4 247 ip igmp...

Page 19: ...CONTENTS xv Glossary Index...

Page 20: ...CONTENTS xvi...

Page 21: ...Egress Queue Priority Mapping 3 181 Table 4 1 Command Modes 4 8 Table 4 2 Configuration Modes 4 10 Table 4 3 Command Line Processing 4 11 Table 4 4 Command Groups 4 12 Table 4 5 Line Commands 4 14 Ta...

Page 22: ...g 4 135 Table 4 38 ACL Information 4 136 Table 4 39 SNMP Commands 4 138 Table 4 40 Interface Commands 4 145 Table 4 41 Interfaces Switchport Statistics 4 158 Table 4 42 Mirror Port Commands 4 159 Tabl...

Page 23: ...29 Table 4 61 Mapping IP Precedence Values 4 232 Table 4 62 IP DSCP to CoS Values 4 234 Table 4 63 Multicast Filtering Commands 4 238 Table 4 64 IGMP Snooping Commands 4 238 Table 4 65 IGMP Query Comm...

Page 24: ...Logs 3 37 Figure 3 17 Displaying Logs 3 38 Figure 3 18 Enabling and Configuring SMTP Alerts 3 40 Figure 3 19 Resetting the System 3 41 Figure 3 20 SNTP Configuration 3 43 Figure 3 21 Setting the Syst...

Page 25: ...120 Figure 3 53 Configuring a Static Address Table 3 123 Figure 3 54 Configuring a Dynamic Address Table 3 124 Figure 3 55 Setting the Address Aging Time 3 125 Figure 3 56 STA Information 3 129 Figure...

Page 26: ...78 Mapping IP DSCP Priority Values 3 178 Figure 3 79 IP Port Priority Status 3 180 Figure 3 80 IP Port Priority 3 180 Figure 3 81 ACL CoS Priority 3 182 Figure 3 82 IGMP Configuration 3 186 Figure 3...

Page 27: ...s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web U...

Page 28: ...plications Some of the management features are briefly described below Port Trunking Supports up to 4 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Addre...

Page 29: ...ement access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering...

Page 30: ...ng over the load if a port in the trunk should fail The switch supports up to four trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When en...

Page 31: ...to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alternate path will b...

Page 32: ...queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions can be used to pro...

Page 33: ...System Defaults Function Parameter Default Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username ad...

Page 34: ...in Status Enabled Auto negotiation Enabled Flow Control Disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Stat...

Page 35: ...6 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled BOOTP Disabled M...

Page 36: ...INTRODUCTION 1 10...

Page 37: ...itch s HTTP Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Micros...

Page 38: ...2 1Q VLANs Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spa...

Page 39: ...erminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud rate to 9600 bps Set the data format to 8 data bits 1 stop bit and no parity Set f...

Page 40: ...mic address assignment via DHCP or BOOTP see Setting an IP Address on page 2 8 Note This switch supports four concurrent Telnet SSH sessions After configuring the switch s IP parameters you can access...

Page 41: ...elected on the front panel graphic of the web interface or from the CLI If more than one stack Master is selected using the Master push button on the switch s front panel the stack will not function I...

Page 42: ...veral units within the primary VLAN used for stack management Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec and privilege...

Page 43: ...ss to the switch set the passwords as follows 1 Open the console interface with the default user name and password admin to access the Privileged Exec level 2 Type configure and press Enter 3 Type use...

Page 44: ...en this device and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be a...

Page 45: ...TP and DHCP values can include the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service req...

Page 46: ...C EliteView You can configure the switch to 1 respond to SNMP requests or 2 generate SNMP traps When SNMP management stations send requests to the switch either to return information or to set a param...

Page 47: ...lete both of the default community strings If there are no community strings then SNMP management access to the switch is disabled To prevent unauthorized access to the switch via SNMP it is recommend...

Page 48: ...st enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link up down Press Enter Saving Configuration Settings Configuration co...

Page 49: ...up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system See Saving or Restori...

Page 50: ...f each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that...

Page 51: ...a Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configu...

Page 52: ...password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses t...

Page 53: ...and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The hom...

Page 54: ...Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web...

Page 55: ...3 Bridge Extension Shows the bridge extension parameters 3 15 IP Configuration Sets the IP address for management access 3 17 File 3 21 Copy Allows the transfer and copying files 3 21 Delete Allows de...

Page 56: ...st Key Settings Generates the host key pair public and private 3 60 Settings Configures Secure Shell server settings 3 62 Port Security Configures per port security including status response for secur...

Page 57: ...99 Port Counters Displays statistics for LACP protocol messages 3 103 Port Internal Information Displays settings and operational state for the local side 3 104 Port Neighbors Information Displays set...

Page 58: ...res global bridge settings for STA and RSTP 3 131 Port Information Displays individual port settings for STA 3 135 Trunk Information Displays individual trunk settings for STA 3 135 Port Configuration...

Page 59: ...secondary VLANs 3 164 Port Configuration Sets the private VLAN interface type and associates the interfaces with a private VLAN 3 165 Trunk Information Shows VLAN port type and associated primary or...

Page 60: ...nd associated class of service value 3 179 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 181 IGMP Snooping 3 183 IGMP Configuration Enables mult...

Page 61: ...the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled...

Page 62: ...tem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line In...

Page 63: ...er location WC 9 4 140 Console config snmp server contact Ted 4 139 Console config exit Console show system 4 84 System description 24 Port 10 100Mbps Stackable Managed Switch with 2 optional uplink m...

Page 64: ...T and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Combination RJ 45 SFP ports These ad...

Page 65: ...asses This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 3 168 Static Entry Individual Port This switch allows static filtering...

Page 66: ...LAN Capable This switch does not support multiple local bridges outside of the scope of 802 1Q defined VLANs GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstatio...

Page 67: ...255 separated by periods Anything outside this format will not be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all port...

Page 68: ...address bits used for routing to specific subnets Default 255 0 0 0 Gateway IP address IP address of the gateway router between this device and management stations that exist on other network segments...

Page 69: ...Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figu...

Page 70: ...uest to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP serv...

Page 71: ...e switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another u...

Page 72: ...p file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the so...

Page 73: ...click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 9 Select Start Up Operation File To delete a file select System File Delete Select the file name from the gi...

Page 74: ...the switch s settings Command Attributes File Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name fil...

Page 75: ...p config Copies a file from a TFTP server to the startup config file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to th...

Page 76: ...on file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Copy Select tftp...

Page 77: ...ttings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch To select another configuration file as the...

Page 78: ...urrent session is terminated Range 0 65535 seconds Default 0 Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold...

Page 79: ...a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Defau...

Page 80: ...bles Telnet access to the switch Default Enabled Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login resp...

Page 81: ...reshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of...

Page 82: ...onsole config line vty 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 300 4 18 Console config line exec timeout 600 4 1...

Page 83: ...s Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you...

Page 84: ...Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning co...

Page 85: ...f messages that are sent to syslog servers or other management stations You can also limit the error messages sent to only those messages below a specified level Command Attributes Remote Log Status E...

Page 86: ...sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level Fo...

Page 87: ...e facility type and set the logging trap Console config logging host 192 168 1 15 4 61 Console config logging facility 23 4 62 Console config logging trap 4 4 63 Console config end Console show loggin...

Page 88: ...emory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3 17 Displaying Logs CLI This example shows the event message stored in RAM Console show...

Page 89: ...or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 34 used to trigger alert messages All events at this level or higher...

Page 90: ...y level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Spe...

Page 91: ...set to reboot the switch When prompted confirm that you want reset the switch Figure 3 19 Resetting the System Console config logging sendmail host 192 168 1 200 4 68 Console config logging sendmail l...

Page 92: ...ch will only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You c...

Page 93: ...Figure 3 20 SNTP Configuration CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp server 10 1 0 19 137 82...

Page 94: ...butes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after...

Page 95: ...ights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for confi...

Page 96: ...Add Figure 3 22 Configuring SNMP CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the s...

Page 97: ...ies whether to send notifications as SNMP v1 or v2c traps The default is version 1 Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP a...

Page 98: ...addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Configuring User A...

Page 99: ...Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user name Add Remove Adds or removes an account from the list Web Click...

Page 100: ...ces on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the switch RADIUS...

Page 101: ...n server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on t...

Page 102: ...the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply...

Page 103: ...tion Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selecte...

Page 104: ...radius server retransmit 5 4 101 Console config radius server timeout 10 4 102 Console config radius server 1 host 192 168 1 25 4 99 Console config end Console show radius server 4 102 Remote RADIUS...

Page 105: ...et Explorer 5 x or above and Netscape Navigator 4 x or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Sec...

Page 106: ...a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a messa...

Page 107: ...s intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts th...

Page 108: ...nable the SSH server Authentication Settings To use the SSH server complete these steps 1 Generate a Host Key Pair On the SSH Host Key Settings page create a host public private key pair 2 Provide Hos...

Page 109: ...29029789827213532671316294325328189150 45306393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout t...

Page 110: ...cations between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the pro...

Page 111: ...r Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page Clear This button...

Page 112: ...ey 4 50 Console show public key host 4 50 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 631403...

Page 113: ...the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web...

Page 114: ...trusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port a...

Page 115: ...ount from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 91 Command Attribu...

Page 116: ...ork resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access t...

Page 117: ...lient responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an accept or reject packet If authen...

Page 118: ...ion type MD5 Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1X protocol provides port authentication The 802 1X protoc...

Page 119: ...on Control Sets the global setting for 802 1X Default Disabled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 31 802 1X Configuration Console s...

Page 120: ...lti Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to...

Page 121: ...which a connected client must be re authenticated Range 1 65535 seconds Default 3600 Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP...

Page 122: ...ameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 26 disabled Singl...

Page 123: ...f EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EA...

Page 124: ...ing 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 115 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Lo...

Page 125: ...ss respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet...

Page 126: ...end address of a range Add Remove Filtering Entry Adds removes an IP address from the list Web Click Security IP Filter Enter the IP addresses or range of addresses that are allowed management access...

Page 127: ...y to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches...

Page 128: ...s ports 2 User defined rules in the Ingress IP ACL for ingress ports 3 Explicit default rule permit any any in the ingress IP ACL for ingress ports 4 Explicit default rule permit any any in the ingres...

Page 129: ...Web Click Security ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 35...

Page 130: ...Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers...

Page 131: ...cific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain any combination of pe...

Page 132: ...P UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range...

Page 133: ...elect Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code The...

Page 134: ...rce Destination MAC Address Source or destination MAC address Source Destination Bitmask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4094 Ethernet Type This option can o...

Page 135: ...u select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID or Ethernet type Then click Add Figure 3 38 ACL Configuration MAC CLI This...

Page 136: ...the ports on the switch Command Usage You must configure a mask for an ACL rule before you can bind it to a port This switch only supports ACLs for ingress filtering You can only bind one IP ACL to an...

Page 137: ...gure 3 39 Binding a Port to an ACL CLI This example assigns an IP and MAC access list to port 1 and an IP access list to port 3 Console config interface ethernet 1 1 4 146 Console config if ip access...

Page 138: ...T or SFP Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flo...

Page 139: ...the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current spee...

Page 140: ...ontrol is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be le...

Page 141: ...after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Fl...

Page 142: ...ts symmetric pause frames FC Supports flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When e...

Page 143: ...four trunks at a time The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switche...

Page 144: ...r before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish...

Page 145: ...le To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via t...

Page 146: ...Trunk Membership Enter a trunk ID of 1 4 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click...

Page 147: ...exit Console config interface ethernet 1 1 4 146 Console config if channel group 2 4 166 Console config if exit Console config interface ethernet 1 2 Console config if channel group 2 Console config i...

Page 148: ...ed for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 96 Command Attrib...

Page 149: ...port to be allowed to join a channel group Console config interface ethernet 1 1 4 146 Console config if lacp 4 167 Console config if exit Console config interface ethernet 1 6 Console config if lacp...

Page 150: ...ust be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific...

Page 151: ...can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate...

Page 152: ...tem priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 173 Port Channel System Priority System MAC Add...

Page 153: ...r of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group...

Page 154: ...1 1 LACPDUs Sent 91 LACPDUs Receive 43 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 7 LACP Internal Configuration Information Field Description Oper Key...

Page 155: ...ection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol inform...

Page 156: ...P configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 173 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP Syst...

Page 157: ...e of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrati...

Page 158: ...side of port channel 1 Console show lacp 1 neighbors 4 173 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 3 00 30 F1 CE 2A 20 Partner Admin Po...

Page 159: ...ing a threshold for broadcast traffic Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does no...

Page 160: ...CONFIGURING THE SWITCH 3 110 Web Click Port Port Trunk Broadcast Control Set the threshold mark the Enabled field for the desired interface and click Apply Figure 3 48 Port Broadcast Control...

Page 161: ...ng port traffic the target port must be included in the same VLAN as the source port Console config interface ethernet 1 1 4 146 Console config if no switchport broadcast 4 152 Console config if exit...

Page 162: ...uplicate or mirror the traffic on the source port Target Port The port that will mirror the traffic on the source port Web Click Port Mirror Port Configuration Specify the source port unit the traffic...

Page 163: ...rming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Granularity Rate limit granularity is an additional feature enabling the network manager greater control over tr...

Page 164: ...nterfaces Command Attributes Port Trunk Displays the port number Rate Limit Status Enables or disables the rate limit Default Disabled Rate Limit Level Sets the rate limit level Range 1 255 Default 25...

Page 165: ...on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a f...

Page 166: ...o a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being delive...

Page 167: ...errors Etherlike Statistics Alignment Errors The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is detected later than 512 bit times into...

Page 168: ...ount of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped du...

Page 169: ...wise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes...

Page 170: ...ING THE SWITCH 3 120 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 52 Port St...

Page 171: ...ors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac...

Page 172: ...address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the addres...

Page 173: ...ddress Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in...

Page 174: ...s Table Lists all the dynamic addresses Web Click Address Table Dynamic Addresses Specify the search type i e mark the Interface MAC Address or VLAN checkbox select the method of sorting the displayed...

Page 175: ...ress Aging Time CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide...

Page 176: ...spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible...

Page 177: ...nfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message become...

Page 178: ...d on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The device with...

Page 179: ...In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interv...

Page 180: ...tree 4 196 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enabled Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Ti...

Page 181: ...tch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP re...

Page 182: ...root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configura...

Page 183: ...data loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Configuration Settings for RSTP Path Cost Method The path cost is used to determine the best path between...

Page 184: ...res the STA and RSTP parameters Console config spanning tree 4 184 Console config spanning tree mode rstp 4 185 Console config spanning tree priority 45056 4 188 Console config spanning tree hello tim...

Page 185: ...ontinues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to th...

Page 186: ...age 3 139 i e true or false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of...

Page 187: ...t for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely...

Page 188: ...red to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems Howev...

Page 189: ...utes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 3 135 for additional information Discarding Po...

Page 190: ...be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port...

Page 191: ...can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database...

Page 192: ...y group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure...

Page 193: ...t or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware...

Page 194: ...ow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can...

Page 195: ...twork This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VL...

Page 196: ...en forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain...

Page 197: ...n and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 60 Enabling GVRP CLI This example en...

Page 198: ...ge VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VL...

Page 199: ...agged Ports Shows the untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 62 Displaying Current VLANs Command Attributes CLI VLAN ID of...

Page 200: ...be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added...

Page 201: ...vate the VLAN and then click Add Figure 3 63 Configuring a VLAN Static List CLI This example creates a new VLAN Console config vlan database 4 198 Console config vlan vlan 2 name R D media ethernet st...

Page 202: ...Static Membership by Port page to configure VLAN groups based on the port index page 3 154 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the def...

Page 203: ...t will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forb...

Page 204: ...orts to VLAN 2 Adding Static Members to VLANs Port Index Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Por...

Page 205: ...rship information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each inter...

Page 206: ...ged unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is no...

Page 207: ...on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer8 The interval between transmitting requests queries to participate in a V...

Page 208: ...ing to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Member...

Page 209: ...the same switch Each private VLAN consists of two components a primary VLAN and one or more community VLANs A primary VLAN allows traffic to pass between promiscuous ports and between promiscuous por...

Page 210: ...scuous ports in its own VLAN or host i e having access restricted to community VLAN members and channeling all other traffic through a promiscuous port Then assign any promiscuous ports to a primary V...

Page 211: ...uous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring...

Page 212: ...configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entr...

Page 213: ...Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with...

Page 214: ...ous port s Isolated The port is an isolated port that can only communicate with promiscuous ports within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces wi...

Page 215: ...VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLAN Interfaces Use the Private VLAN Port Configuration and Private VLAN Trunk Configuration menus to...

Page 216: ...If PVLAN type is Promiscuous then specify the associated primary VLAN For Host type the Primary VLAN displayed is the one to which the selected secondary VLAN has been associated Community VLAN A comm...

Page 217: ...promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console...

Page 218: ...default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue...

Page 219: ...f 5 to port 3 9 CLI displays this information as Priority for untagged traffic Console config interface ethernet 1 3 4 146 Console config if switchport priority default 5 4 224 Console config if end C...

Page 220: ...levels recommended in the IEEE 802 1p standard for various network applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that b...

Page 221: ...le shows how to change the CoS assignments to a one to one mapping Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to th...

Page 222: ...This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4...

Page 223: ...esponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific prio...

Page 224: ...r Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding out...

Page 225: ...from the scroll down menu then click Apply Figure 3 76 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Servi...

Page 226: ...sent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 77 Ma...

Page 227: ...bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSC...

Page 228: ...nts low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Servi...

Page 229: ...P service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP...

Page 230: ...IP Port Priority Status to Enabled Figure 3 79 IP Port Priority Status Click Priority IP Port Priority Enter the port number for a network application in the IP Port Number box and the new CoS value i...

Page 231: ...n the following table Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to o...

Page 232: ...ty ACL CoS Priority Enable mapping for any port select an ACL from the scroll down list then click Add Figure 3 81 ACL CoS Priority CLI This example assigns a CoS value of zero to packets matching rul...

Page 233: ...sed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It ident...

Page 234: ...that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 191 Configuring IGMP Snooping and Query Parameters You can configure the...

Page 235: ...ing hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to dr...

Page 236: ...splays the current status Console config ip igmp snooping 4 239 Console config ip igmp snooping querier 4 243 Console config ip igmp snooping query count 10 4 243 Console config ip igmp snooping query...

Page 237: ...e switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of...

Page 238: ...switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all t...

Page 239: ...ithin VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for which...

Page 240: ...this multicast service Figure 3 85 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corresponding ser...

Page 241: ...common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN...

Page 242: ...dd After you have completed adding ports to the member list click Apply Figure 3 86 IGMP Member Port Table CLI This example assigns a multicast address to VLAN 1 and then displays all the known multic...

Page 243: ...on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and gues...

Page 244: ...t set the IP address for the Master unit and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network out...

Page 245: ...you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the sessi...

Page 246: ...a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration...

Page 247: ...rd up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief descripti...

Page 248: ...nformation lacp LACP statistic line TTY line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Configuration of the address table manage...

Page 249: ...command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI...

Page 250: ...Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Onl...

Page 251: ...g config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hos...

Page 252: ...owing commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec...

Page 253: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Page 254: ...also configures port security and IEEE 802 1X port access control 4 95 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP...

Page 255: ...s VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 198 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows...

Page 256: ...meout Sets the interval that the command interpreter waits until user input is detected LC 4 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts L...

Page 257: ...fault Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users...

Page 258: ...fied by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specifie...

Page 259: ...ode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You...

Page 260: ...seconds no silent time seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Com...

Page 261: ...specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the t...

Page 262: ...d The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold...

Page 263: ...set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 n...

Page 264: ...its per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 da...

Page 265: ...tion protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the terminal line s...

Page 266: ...if the speed you selected is not supported Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the d...

Page 267: ...0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 56 show users 4 85 show...

Page 268: ...how line Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 VTY configuration Pas...

Page 269: ...Privileged Exec mode Default Setting Level 15 Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28...

Page 270: ...ommands disable 4 28 enable password 4 37 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configurati...

Page 271: ...some of the other configuration modes including Interface Configuration Line Configuration and VLAN Database Configuration See Understanding Command Modes on page 4 8 Default Setting None Command Mode...

Page 272: ...when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Note When the sys...

Page 273: ...nd Mode Global Configuration Interface Configuration Line Configuration and VLAN Database Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configur...

Page 274: ...configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to q...

Page 275: ...eb Server Enables management access via a web browser 4 41 Telnet Server Enables management access via Telnet 4 45 Secure Shell Provides secure replacement for Telnet 4 47 Event Logging Controls loggi...

Page 276: ...mpt Maximum length 255 characters Default Setting Console Command Mode Global Configuration Example hostname This command specifies or modifies the host name for this device Use the no form to restore...

Page 277: ...Telnet connection page 4 14 user authentication via a remote authentication server page 4 95 and host access authentication for specific ports page 4 108 Console config hostname RD 1 Console config Ta...

Page 278: ...Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in...

Page 279: ...ged Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable...

Page 280: ...figuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4...

Page 281: ...range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the c...

Page 282: ...management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP web and Telnet groups http...

Page 283: ...25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Commands Command Function Mode Page ip http port Sp...

Page 284: ...TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 42 ip http server This command allows this de...

Page 285: ...the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_num...

Page 286: ...ommand specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure po...

Page 287: ...4 43 Telnet Server Commands ip telnet port This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax ip telnet port port number no ip teln...

Page 288: ...r This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuratio...

Page 289: ...a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over...

Page 290: ...use the SSH server complete these steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair delete public key Deletes the public key for...

Page 291: ...switch via the User Accounts page as described on page 3 48 The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format...

Page 292: ...tication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip s...

Page 293: ...1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase...

Page 294: ...attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 56 ip ssh server key size This command sets...

Page 295: ...f an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate...

Page 296: ...anually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example...

Page 297: ...ated Commands ip ssh crypto host key generate 4 53 ip ssh save host key 4 55 no ip ssh server 4 50 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key...

Page 298: ...1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc h...

Page 299: ...client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256...

Page 300: ...61732531367489083654725415020245593 1998685443583616519999233297817660658309586108259132128902337654680 1726272571413428762941301196195566782595664104869574278881462065194 1746772984865468615717739390...

Page 301: ...that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 59 logging history Limits syslog messages saved to switch memory based...

Page 302: ...power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity N...

Page 303: ...slog server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server D...

Page 304: ...A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The com...

Page 305: ...logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 60 Default Setting Enabled Level 7 0 Command Mode G...

Page 306: ...ommand Mode Privileged Exec Example Related Commands show logging 4 64 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handle...

Page 307: ...s debugging i e default level 7 0 Console show logging flash Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM level d...

Page 308: ...address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console Table 4 20 show logging trap dis...

Page 309: ...e following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 4 00 01 00 2001 01 01 STA roo...

Page 310: ...mand Mode Global Configuration Command Usage You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server Table 4 21 SMTP Alert Commands...

Page 311: ...fully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syntax logging sendmail level level level One of the system message level...

Page 312: ...on Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example This example will set the source email john acme...

Page 313: ...his command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configuration Example show logging sendmail This...

Page 314: ...minimum severity level 4 SMTP destination email addresses 1 geoff acme com SMTP source email address john acme com SMTP status Enabled Console Table 4 22 Time Commands Command Function Mode Page sntp...

Page 315: ...cords the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issu...

Page 316: ...addresses Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The cli...

Page 317: ...tting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 4 73 show sntp This command displays the current time and configuration settings for the SNTP client and indicat...

Page 318: ...Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC fo...

Page 319: ...h day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october nove...

Page 320: ...f a switch using its front panel LED indicators NE PE 4 79 show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 79 show r...

Page 321: ...ED indicators for ports 1 to 8 When the light unit command is entered the LED corresponding to the switch s ID will flash for about 15 seconds Example show startup config This command displays the con...

Page 322: ...ation mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configurati...

Page 323: ...guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw logging history ram 6 logging history flash 3 vl...

Page 324: ...displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information M...

Page 325: ...blic ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable passwo...

Page 326: ...tem information Default Setting None Command Mode Normal Exec Privileged Exec Command Usage For a description of the items shown by this command refer to Displaying System Information on page 11 The P...

Page 327: ...n 24 Port 10 100Mbps Stackable Managed Switch with 2 optional uplink modules System OID string 1 3 6 1 4 1 202 20 43 System information System Up time 0 days 0 hours 0 minutes and 7 18 seconds System...

Page 328: ...rsions on page 3 13 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online us...

Page 329: ...porting jumbo frames up to 9216 bytes Compared to standard Ethernet frames that run only up to 1 5 KB Console show version Unit 1 Serial number S416000963 Service tag Hardware version R0A Module A typ...

Page 330: ...support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 152 Example Flash File Com...

Page 331: ...nfig file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that a...

Page 332: ...ation Use the copy file unit command to copy a local file to another switch in the stack Use the copy unit file command to copy a file from another switch in the stack The Boot ROM and Loader cannot b...

Page 333: ...e name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup conf...

Page 334: ...m startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Example This example shows how to delete the test2 cfg confi...

Page 335: ...mber File information is shown below Example The following example shows how to display all file information Table 4 26 File Directory Information Column Heading Description file name The name of the...

Page 336: ...of the file information displayed by this command boot system This command specifies the image used to start up the system Syntax boot system unit boot rom config opcode filename The type of file or i...

Page 337: ...s You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods You can also enable port based authentication for netwo...

Page 338: ...s UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the Port Security Configures secur...

Page 339: ...ed first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is checked Example Related C...

Page 340: ...ord pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication sequ...

Page 341: ...s server index host host_ip_address host_alias auth port auth_port timeout timeout retransmit retransmit key key index Allows you to specify up to five servers These servers are queried in sequence un...

Page 342: ...not use blank spaces in the string Maximum length 20 characters Default Setting auth port 1812 timeout 5 seconds retransmit 2 Command Mode Global Configuration Example radius server port This command...

Page 343: ...um length 20 characters Default Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax ra...

Page 344: ...t number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configurati...

Page 345: ...itch Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Sever 1 Server IP a...

Page 346: ...Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server network port Use the no form to restore the default Syntax tacacs serv...

Page 347: ...used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server T...

Page 348: ...unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically ta...

Page 349: ...message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Default Setting Status Disabled Action None Maximum Addresses 0 Comm...

Page 350: ...ue a trap message Related Commands shutdown 4 151 mac address table static 4 179 show mac address table 4 181 802 1X Port Authentication The switch supports IEEE 802 1X dot1x port based access control...

Page 351: ...dot1x port IC 4 112 dot1x re authenticate Forces re authentication on specific ports PE 4 113 dot1x re authentication Enables re authentication for all ports IC 4 113 dot1x timeout quiet period Sets t...

Page 352: ...q This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore t...

Page 353: ...S server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the po...

Page 354: ...max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 20 Default 5 Default Single host Command Mode Interface Configuration Command Us...

Page 355: ...8 port Port number Range 1 26 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authent...

Page 356: ...d seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected clie...

Page 357: ...Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x stati...

Page 358: ...terface including the following items reauth enabled Periodic re authentication page 4 113 reauth period Time after which a connected client must be re authenticated page 4 114 quiet period Time a por...

Page 359: ...e including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State...

Page 360: ...disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authoriz...

Page 361: ...le or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There a...

Page 362: ...ports 5 If no explicit rule is matched the implicit default is permit all IP ACLs Table 4 33 Access Control Lists Command Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP po...

Page 363: ...stination IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration show ip access list Displays the rule...

Page 364: ...mple Related Commands permit deny 4 122 ip access group 4 126 show ip access list 4 126 permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for pack...

Page 365: ...x 168 92 31 x using a bitmask Related Commands access list ip 4 121 permit deny Extended ACL This command adds a rule to an Extended IP ACL The rule sets a filter condition for packets with specific...

Page 366: ...ge 0 65535 control flags Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing the code bits to match Range...

Page 367: ...lid use control code 2 18 Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equal...

Page 368: ...length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 122 ip access group 4 126 ip access group This command binds a port to an IP ACL Use the no form to remove the...

Page 369: ...one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show ip access list 4 126 show ip access group This command shows the ports assigned to IP ACLs...

Page 370: ...s cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage A packet matching a rule within the specified ACL is mapped to one of the output queues...

Page 371: ...alue determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged E...

Page 372: ...Creates a MAC ACL and enters configuration mode GC 4 130 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 131 show mac access...

Page 373: ...4 133 show mac access list 4 133 permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destination address i e physical layer address o...

Page 374: ...of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include...

Page 375: ...ds permit deny 4 131 mac access group 4 133 mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in acl_name Name of the ACL Maxi...

Page 376: ...ess group 4 133 map access list mac This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not wri...

Page 377: ...ds queue cos map 4 226 show map access list mac 4 135 show map access list mac This command shows the CoS value mapped to a MAC ACL for the current interface The CoS value determines the output queue...

Page 378: ...Privileged Exec Command Usage Once the ACL is bound to an interface i e the ACL is active the order in which the rules are displayed is determined by the associated mask Console show map access list...

Page 379: ...ob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00...

Page 380: ...to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects Table 4...

Page 381: ...Mode Global Configuration Command Usage The first snmp server community command you enter enables SNMP SNMPv1 The no snmp server community command disables SNMP Example snmp server contact This comma...

Page 382: ...the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Conf...

Page 383: ...he snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP v1 or v2c traps Default Setting Host A...

Page 384: ...efault is to send SNMP version 1 notifications Example Related Commands snmp server enable traps 4 142 snmp server enable traps This command enables this device to send Simple Network Management Proto...

Page 385: ...used in conjunction with the snmp server host command Use the snmp server host command to specify which host or hosts receive SNMP notifications In order to send notifications you must configure at le...

Page 386: ...ivilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number...

Page 387: ...negotiation Enables autonegotiation of a given interface IC 4 148 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 149 flowcontrol Enables flow control on...

Page 388: ...port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds...

Page 389: ...Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiat...

Page 390: ...for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negoti...

Page 391: ...eration 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flow...

Page 392: ...commands Example The following example configures Ethernet port 5 capabilities to 100half 100full and flow control Related Commands negotiation 4 148 speed duplex 4 147 flowcontrol 4 150 flowcontrol...

Page 393: ...ties command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actuall...

Page 394: ...to disable broadcast storm control Syntax switchport broadcast octet rate rate no switchport broadcast rate Threshold level as a rate i e octets per second Range 64 95232000 Default Setting Enabled fo...

Page 395: ...rivileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log o...

Page 396: ...nit Range 1 8 port Port number Range 1 26 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Comma...

Page 397: ...ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadc...

Page 398: ...3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late colli...

Page 399: ...erface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Ena...

Page 400: ...ows if acceptable VLAN frames include all types or tagged frames only page 4 203 Native VLAN Indicates the default Port VLAN ID page 4 205 Priority for untagged traffic Indicates the default priority...

Page 401: ...mitted packets Default Setting No mirror session is defined Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination po...

Page 402: ...11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Range 1 8 port Port number Range 1 26 Default...

Page 403: ...to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Note The rate limit granularity is multiplied by the rate limit page 4 162 to set the actual...

Page 404: ...ge 1 255 Default Setting 30 Command Mode Interface Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit level Granularity Example rate limit granularity Use this command to d...

Page 405: ...Actual rate limit Rate limit level Granularity Example The following sets Fast Ethernet granularity to 1 Mbps and Gigabit Ethernet granularity to 33 3 Mbps show rate limit Use this command to display...

Page 406: ...0 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Console show rate limit Fast ethernet granularity 1000 Gigabit ethernet granularity 33300 Console Table 4 44 Lin...

Page 407: ...ings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have t...

Page 408: ...p channel id Trunk index Range 1 4 Default Setting The current port will be added to this trunk Command Mode Interface Configuration Ethernet Command Usage When configuring static trunks the switches...

Page 409: ...P trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If...

Page 410: ...n aggregate link Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console confi...

Page 411: ...bined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been es...

Page 412: ...tem priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group i...

Page 413: ...rt Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If th...

Page 414: ...tes a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port p...

Page 415: ...sages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sysid Summary of system priority and MAC address for a...

Page 416: ...m this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type valu...

Page 417: ...ronization aggregation long timeout LACP activity Table 4 46 show lacp internal display description Field Description Oper Key Current operational value of the key for the aggregation port Admin Key C...

Page 418: ...nabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers...

Page 419: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Page 420: ...p configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form t...

Page 421: ...lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The stat...

Page 422: ...This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privilege...

Page 423: ...ommand Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic addre...

Page 424: ...sable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table agin...

Page 425: ...time Configures the spanning tree bridge forward time GC 4 186 spanning tree hello time Configures the spanning tree bridge hello time GC 4 187 spanning tree max age Configures the spanning tree bridg...

Page 426: ...dging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically...

Page 427: ...Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs Rapid Spanning Tree Protocol RSTP supports connections to e...

Page 428: ...e seconds Time in seconds Range 4 30 seconds The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximu...

Page 429: ...uration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree...

Page 430: ...port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree...

Page 431: ...ree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 0 200 000 000 short Specifies 16 bit based values that range from 0 65535 Default Set...

Page 432: ...ng 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree cost This command configures the spanning tree path cost for the...

Page 433: ...to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 189 is set to short...

Page 434: ...anning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface Confi...

Page 435: ...o disable fast forwarding Syntax no spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the...

Page 436: ...xample Related Commands spanning tree edge port 4 192 spanning tree link type This command configures the link type for Rapid Spanning Tree Use the no form to restore the default Syntax spanning tree...

Page 437: ...tion This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack unit Range 1 8 port...

Page 438: ...w spanning tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree Use the show spanning tree interface command to display the spa...

Page 439: ...rent root port 1 Current root cost 50000 Number of topology changes 5 Last topology changes time sec 226 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root S...

Page 440: ...ately Default Setting None Table 4 51 VLANs Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 198 Configuring VLAN Interfaces Configures VLAN interfac...

Page 441: ...n to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 208 vlan This command configures a VLAN Use the no fo...

Page 442: ...uration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLA...

Page 443: ...a specified VLAN IC 4 201 switchport mode Configures VLAN membership mode for an interface IC 4 202 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 203 sw...

Page 444: ...a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmi...

Page 445: ...ll The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage W...

Page 446: ...ged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives...

Page 447: ...s not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an...

Page 448: ...tagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has sw...

Page 449: ...VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do n...

Page 450: ...e vlan name ASCII string from 1 to 32 characters private vlan For an explanation of this command see show vlan private vlan on page 215 Default Setting Shows all VLANs Command Mode Normal Exec Privile...

Page 451: ...lan Status Active Ports Port channel Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Et...

Page 452: ...hport private vlan host association command to assign a port to a secondary VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan c...

Page 453: ...LAN Port membership for private VLANs is static Once a port has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked mode...

Page 454: ...Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members The associated primary VLAN provides a common interface for access to other network resources within th...

Page 455: ...his port type can communicate with all other promiscuous ports in the same primary VLAN as well as with all the ports in the associated secondary VLANs Default Setting Normal VLAN Command Mode Interfa...

Page 456: ...uration Ethernet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via a p...

Page 457: ...LAN configuration settings on this switch Syntax show vlan private vlan community isolated primary community Displays all community VLANs along with their associated primary VLAN and assigned host int...

Page 458: ...condary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 0 8 isolated Console Table 4 56 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally...

Page 459: ...members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example show bridge ext This command...

Page 460: ...ernet Port Channel Example Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Con...

Page 461: ...figuration Command Mode Normal Exec Privileged Exec Example garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax g...

Page 462: ...nt of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration deregistration Timer values are applied to GVRP fo...

Page 463: ...port unit Stack unit Range 1 8 port Port number Range 1 26 port channel channel id Range 1 4 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands ga...

Page 464: ...Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 222 Priority Layer 3 and 4 Maps TCP ports I...

Page 465: ...obal Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues a...

Page 466: ...The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame t...

Page 467: ...ult weights Syntax queue bandwidth weight1 weight3 no queue bandwidth weight1 weight3 The ratio of weights for queues 0 3 determines the weights used by the WRR scheduler However note that Queue 0 is...

Page 468: ...ated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin...

Page 469: ...ged Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Console config interface ethernet 1 1 Co...

Page 470: ...interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Console show queue bandw...

Page 471: ...cedence value to a class of service IC 4 232 map ip dscp Enables IP DSCP class of service mapping GC 4 233 map ip dscp Maps IP DSCP value to a class of service IC 4 233 map access list ip Sets the CoS...

Page 472: ...priority i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port number Range 1...

Page 473: ...Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enable...

Page 474: ...Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a on...

Page 475: ...tchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DS...

Page 476: ...y DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This com...

Page 477: ...ort Port number Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Comm...

Page 478: ...er Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip port Global Configuration 4 229 map ip precedence Interface Configurat...

Page 479: ...number Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 233 map ip dscp Interface Configurati...

Page 480: ...cast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 238 IGMP Query Configures I...

Page 481: ...les IGMP snooping ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan...

Page 482: ...ng IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you wi...

Page 483: ...ation show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only...

Page 484: ...g VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 65 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the que...

Page 485: ...e for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping...

Page 486: ...mple The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 245 ip igmp snooping query interval This command configures the query interv...

Page 487: ...ommand defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has...

Page 488: ...r the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global...

Page 489: ...static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Ther...

Page 490: ...er vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed i...

Page 491: ...ess Syntax ip address ip address netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to...

Page 492: ...t periodically by this device in an effort to learn its IP address BOOTP and DHCP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by...

Page 493: ...n the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Exa...

Page 494: ...eway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The...

Page 495: ...er node on the network Syntax ping host size size count count host IP address or IP alias of the host size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight byte...

Page 496: ...nds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press...

Page 497: ...0 100 Mbps half full duplex 1000BASE T 1000 Mbps full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mi...

Page 498: ...ayer 3 4 priority mapping IP Port IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol...

Page 499: ...d Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet IEEE 802 3 2002 Full duplex flow control IEEE 802 3 2002 Link Aggregation Control Proto...

Page 500: ...up MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP MIB RFC 2011 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1212 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB...

Page 501: ...the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the...

Page 502: ...an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used C...

Page 503: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 504: ...TROUBLESHOOTING B 4...

Page 505: ...appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to...

Page 506: ...n Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work autom...

Page 507: ...networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1X Port Authentication controls acces...

Page 508: ...bership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participat...

Page 509: ...ne way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multic...

Page 510: ...Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network...

Page 511: ...cated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communi...

Page 512: ...targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of thei...

Page 513: ...r restoring 2 12 3 24 4 89 console port required connections 2 2 CoS configuring 3 168 4 222 DSCP 3 177 3 181 4 233 IP precedence 3 175 4 229 4 230 4 231 layer 3 4 priorities 3 174 4 229 queue mapping...

Page 514: ...75 4 229 4 230 4 231 mapping priorities 3 175 4 232 J jumbo frame 4 87 L LACP local parameters 4 173 partner parameters 4 173 protocol message statistics 4 173 link type STA 3 138 3 141 4 194 logging...

Page 515: ...scuous ports 3 159 protocol migration 3 141 4 195 PVLAN association 3 163 community ports 3 159 interface configuration 3 165 primary VLAN 3 160 promiscuous ports 3 159 Q queue weights 3 173 4 225 R R...

Page 516: ...clock setting 3 42 4 72 System Logs 3 33 system software downloading from server 3 22 4 89 T TACACS logon authentication 3 50 4 103 time setting 3 42 4 72 traffic class weights 3 173 4 225 trap manage...

Page 517: ......

Page 518: ...73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Switzerland 41 0 1 9409971 Fax 41 0 1 9409972 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Northern Europe 44 0 118 974 8700 Fax 44 0 118 974 870...

Reviews: