manualshive.com logo in svg

SMC Networks WPCI-G - annexe 1, Management Manual

The SMC Networks WPCI-G - annexe 1 is a high-performance wireless PCI adapter that allows quick and easy installation for seamless internet connectivity. You can download the user manual for this product for free from our website, providing detailed instructions and technical specifications.

Share
Download
background image

A

CCESS

 C

ONTROL

 L

ISTS

7-2

The order in which active ACLs are checked is as follows:
1.User-defined rules in IP and MAC ACLs for ingress ports are checked in 

parallel.

2. Rules within an ACL are checked in the configured order, from top to 

bottom.

3. If the result of checking an IP ACL is to permit a packet, but the result 

of a MAC ACL on the same packet is to deny it, the packet will be 
denied (because the decision to deny a packet has a higher priority for 
security reasons). A packet will also be denied if the IP ACL denies it 
and the MAC ACL accepts it.

Setting the ACL Name and Type

Use the ACL Configuration page to designate the name and type of an 
ACL.

Command Attributes

Name

 – Name of the ACL. (Maximum length: 16 characters)

Type

 – There are three filtering modes:

-

IP Standard

: IPv4 ACL mode that filters packets based on the source 

IPv4 address. 

-

IP Extended

: IPv4 ACL mode that filters packets based on source or 

destination IPv4 address, as well as protocol type and protocol port 
number. If the “TCP” protocol is specified, then you can also filter 
packets based on the TCP control code. 

-

IPv6 Standard

: IPv6 ACL mode that filters packets based on the 

source IPv6 address. 

-

IPv6 Extended

: IPv6 ACL mode that filters packets based on the 

destination IP address, as well as the type of the next header and the 
flow label (i.e., a request for special handling by IPv6 routers). 

-

MAC

: MAC ACL mode that filters packets based on the source or 

destination MAC address and the Ethernet frame type (RFC 1060).

Summary of Contents for WPCI-G - annexe 1

Page 1: ...nit Spanning Tree Protocol RSTP and MSTP Up to 32 LACP or static 8 port trunks Layer 2 3 4 CoS support through eight priority queues Layer 3 4 traffic priority with IP Precedence and IP DSCP Full support for VLANs with GVRP IGMP multicast filtering and snooping Manageable via console Web SNMP RMON Security features ACL RADIUS 802 1x Routing features IP RIP routing CIDR Supports IPv4 IPv6 dual prot...

Page 2: ......

Page 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerStack II 10 100 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions April 2006 Pub 150200054400A ...

Page 4: ...ted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2006 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...ncorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the property of SMC Replacement products may be either new or reconditioned Any r...

Page 6: ...IRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORMANCE FAILURE OR INTERRUPTION OF ITS...

Page 7: ... Change 2 7 Broken Link for Line and Wrap around Topologies 2 7 Resilient IP Interface for Management Access 2 8 Resilient Configuration 2 8 Renumbering the Stack 2 8 Ensuring Consistent Code is Used Across the Stack 2 8 Basic Configuration 2 9 Console Connection 2 9 Setting Passwords 2 10 Setting an IP Address 2 11 Manual Configuration 2 11 Dynamic Configuration 2 15 Enabling SNMP Management Acce...

Page 8: ...ch s IP Address IP Version 6 4 13 Configuring an IPv6 Address 4 13 Configuring an IPv6 General Network Prefix 4 22 Configuring Neighbor Detection Protocol and Static Entries 4 24 Configuring Support for Jumbo Frames 4 28 Managing Firmware 4 29 Downloading System Software from a Server 4 30 Saving or Restoring Configuration Settings 4 32 Downloading Configuration Settings from a Server 4 34 Console...

Page 9: ...s 6 1 Configuring Local Remote Logon Authentication 6 3 Configuring HTTPS 6 7 Replacing the Default Secure site Certificate 6 9 Configuring the Secure Shell 6 10 Generating the Host Key Pair 6 13 Configuring the SSH Server 6 16 Configuring Port Security 6 18 Configuring 802 1X Port Authentication 6 21 Displaying 802 1X Global Settings 6 22 Configuring 802 1X Global Settings 6 23 Configuring Port S...

Page 10: ...e Remote Side 8 21 Setting Broadcast Storm Thresholds 8 23 Configuring Port Mirroring 8 25 Configuring Rate Limits 8 26 Showing Port Statistics 8 28 9 Address Table Settings 9 1 Setting Static Addresses 9 1 Displaying the Address Table 9 3 Changing the Aging Time 9 5 10 Spanning Tree Algorithm 10 1 Displaying Global Settings 10 4 Configuring Global Settings 10 8 Displaying Interface Settings 10 13...

Page 11: ...ues 12 3 Selecting the Queue Mode 12 6 Setting the Service Weight for Traffic Classes 12 7 Layer 3 4 Priority Settings 12 8 Mapping Layer 3 4 Priorities to CoS Values 12 8 Selecting IP Precedence DSCP Priority 12 9 Mapping IP Precedence 12 10 Mapping DSCP Priority 12 12 Mapping IP Port Priority 12 14 13 Quality of Service 13 1 Configuring Quality of Service Parameters 13 2 Configuring a Class Map ...

Page 12: ...gs 16 11 17 IP Routing 17 1 Overview 17 1 Initial Configuration 17 1 IP Switching 17 2 Routing Path Management 17 4 Routing Protocols 17 4 Basic IP Interface Configuration 17 5 Configuring IP Routing Interfaces 17 7 Address Resolution Protocol 17 9 Proxy ARP 17 10 Basic ARP Configuration 17 11 Configuring Static ARP Addresses 17 13 Displaying Dynamically Learned ARP Entries 17 14 Displaying Local ...

Page 13: ...8 1 Using the Command Line Interface 18 1 Accessing the CLI 18 1 Console Connection 18 1 Telnet Connection 18 2 Entering Commands 18 3 Keywords and Arguments 18 3 Minimum Abbreviation 18 4 Command Completion 18 4 Getting Help on Commands 18 4 Showing Commands 18 5 Partial Keyword Lookup 18 6 Negating the Effect of Commands 18 6 Using Command History 18 6 Understanding Command Modes 18 7 Exec Comma...

Page 14: ... 6 show system 20 8 show users 20 9 show version 20 10 Frame Size Commands 20 11 jumbo frame 20 11 File Management Commands 20 12 copy 20 13 delete 20 17 dir 20 18 whichboot 20 19 boot system 20 20 Line Commands 20 21 line 20 22 login 20 23 password 20 24 timeout login response 20 25 exec timeout 20 26 password thresh 20 27 silent time 20 28 databits 20 28 parity 20 29 speed 20 30 stopbits 20 31 d...

Page 15: ...logging sendmail destination email 20 45 logging sendmail 20 46 show logging sendmail 20 47 Time Commands 20 48 sntp client 20 48 sntp server 20 49 sntp poll 20 50 show sntp 20 51 clock timezone 20 52 calendar set 20 53 show calendar 20 53 21 SNMP Commands 21 1 snmp server 21 2 show snmp 21 2 snmp server community 21 4 snmp server contact 21 5 snmp server location 21 5 snmp server host 21 6 snmp s...

Page 16: ...10 radius server key 22 10 radius server retransmit 22 11 radius server timeout 22 11 show radius server 22 12 TACACS Client 22 13 tacacs server host 22 13 tacacs server port 22 14 tacacs server key 22 14 show tacacs server 22 15 Web Server Commands 22 15 ip http port 22 16 ip http server 22 16 ip http secure server 22 17 ip http secure port 22 18 Telnet Server Commands 22 20 ip telnet server 22 2...

Page 17: ...x re authenticate 22 41 dot1x re authentication 22 42 dot1x timeout quiet period 22 42 dot1x timeout re authperiod 22 43 dot1x timeout tx period 22 44 show dot1x 22 44 IP Filter Commands 22 48 management 22 48 show management 22 49 23 Access Control List Commands 23 1 IPv4 ACLs 23 2 access list ip 23 3 permit deny Standard IPv4 ACL 23 4 permit deny Extended IPv4 ACL 23 5 show ip access list 23 7 i...

Page 18: ... Commands 24 1 interface 24 2 description 24 3 speed duplex 24 3 negotiation 24 5 capabilities 24 6 flowcontrol 24 7 media type 24 8 shutdown 24 9 switchport broadcast packet rate 24 10 clear counters 24 11 show interfaces status 24 12 show interfaces counters 24 13 show interfaces switchport 24 15 25 Link Aggregation Commands 25 1 channel group 25 3 lacp 25 4 lacp system priority 25 6 lacp admin ...

Page 19: ... 3 spanning tree mode 29 4 spanning tree forward time 29 5 spanning tree hello time 29 6 spanning tree max age 29 7 spanning tree priority 29 8 spanning tree pathcost method 29 9 spanning tree transmission limit 29 10 spanning tree mst configuration 29 10 mst vlan 29 11 mst priority 29 12 name 29 13 revision 29 14 max hops 29 14 spanning tree spanning disabled 29 15 spanning tree cost 29 16 spanni...

Page 20: ... 9 switchport mode 30 10 switchport acceptable frame types 30 11 switchport ingress filtering 30 12 switchport native vlan 30 13 switchport allowed vlan 30 14 switchport forbidden vlan 30 15 Displaying VLAN Information 30 16 show vlan 30 16 Configuring Private VLANs 30 17 pvlan 30 17 show pvlan 30 18 Configuring Protocol based VLANs 30 19 protocol vlan protocol group Configuring Groups 30 20 proto...

Page 21: ...map ip dscp Global Configuration 31 12 map ip dscp Interface Configuration 31 13 show map ip port 31 14 show map ip precedence 31 15 show map ip dscp 31 16 32 Quality of Service Commands 32 1 class map 32 3 match 32 4 policy map 32 5 class 32 6 set 32 8 police 32 9 service policy 32 10 show class map 32 11 show policy map 32 12 show policy map interface 32 12 33 Multicast Filtering Commands 33 1 I...

Page 22: ...er 33 12 34 Domain Name Service Commands 34 1 ip host 34 2 clear host 34 3 ip domain name 34 4 ip domain list 34 5 ip name server 34 6 ip domain lookup 34 7 show hosts 34 8 show dns 34 9 show dns cache 34 9 clear dns cache 34 10 35 DHCP Commands 35 1 DHCP Client 35 2 ip dhcp client identifier 35 2 ip dhcp restart client 35 3 DHCP Relay 35 4 ip dhcp restart relay 35 4 ip dhcp relay server 35 5 DHCP...

Page 23: ...36 6 ip dhcp restart client 36 7 show ip interface 36 8 show ip redirects 36 8 ping 36 9 ipv6 enable 36 10 ipv6 general prefix 36 12 show ipv6 general prefix 36 13 ipv6 address 36 14 ipv6 address autoconfig 36 16 ipv6 address eui 64 36 18 ipv6 address link local 36 20 show ipv6 interface 36 22 ipv6 default gateway 36 24 show ipv6 default gateway 36 25 ipv6 mtu 36 26 show ipv6 mtu 36 27 show ipv6 t...

Page 24: ...37 2 ip routing 37 2 ip route 37 3 clear ip route 37 4 show ip route 37 5 show ip host route 37 6 show ip traffic 37 7 Routing Information Protocol RIP 37 8 router rip 37 9 default metric 37 9 timers basic 37 11 network 37 12 neighbor 37 13 version 37 14 redistribute 37 15 ip rip receive version 37 16 ip rip send version 37 17 ip split horizon 37 19 ip rip authentication key 37 20 ip rip authentic...

Page 25: ...IV Appendices A Software Specifications A 1 Software Features A 1 Management Features A 3 Standards A 3 Management Information Bases A 4 B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 3 Glossary Index ...

Page 26: ...TABLE OF CONTENTS xxvi ...

Page 27: ... 3 Recommended STA Path Cost Range 10 27 Table 10 4 Default STA Path Costs 10 27 Table 12 1 Mapping CoS Values to Egress Queues 12 3 Table 12 2 CoS Priority Levels 12 4 Table 12 3 Mapping IP Precedence 12 10 Table 12 4 Mapping DSCP Priority 12 12 Table 17 1 Address Resolution Protocol 17 9 Table 17 2 ARP Statistics 17 17 Table 17 3 IP Statistics 17 19 Table 17 4 ICMP Statistics 17 22 Table 17 5 US...

Page 28: ...ation Commands 22 1 Table 22 2 User Access Commands 22 2 Table 22 3 Default Login Settings 22 3 Table 22 4 Authentication Sequence Commands 22 5 Table 22 5 RADIUS Client Commands 22 8 Table 22 6 TACACS Client Commands 22 13 Table 22 7 Web Server Commands 22 15 Table 22 8 HTTPS System Support 22 18 Table 22 9 Telnet Server Commands 22 20 Table 22 10 Secure Shell Commands 22 21 Table 22 11 show ssh ...

Page 29: ... Configuring VLAN Interfaces 30 9 Table 30 5 Commands for Displaying VLAN Information 30 16 Table 30 6 Private VLAN Commands 30 17 Table 30 7 Protocol based VLAN Commands 30 19 Table 31 1 Priority Commands 31 1 Table 31 2 Priority Commands Layer 2 31 1 Table 31 3 Default CoS Priority Levels 31 6 Table 31 4 Priority Commands Layer 3 and 4 31 8 Table 31 5 Mapping IP Precedence to CoS Values 31 11 Ta...

Page 30: ...y description 36 43 Table 36 7 Address Resolution Protocol Commands 36 45 Table 37 1 IP Routing Commands 37 1 Table 37 2 Global Routing Configuration Commands 37 2 Table 37 3 show ip route display description 37 5 Table 37 4 show ip host route display description 37 6 Table 37 5 Routing Information Protocol Commands 37 8 Table 37 6 show rip globals display description 37 22 Table 37 7 show ip rip ...

Page 31: ...onfiguration Settings for Start Up 4 34 Figure 4 15 Setting the Startup Configuration Settings 4 35 Figure 4 16 Configuring the Console Port 4 37 Figure 4 17 Configuring the Telnet Interface 4 40 Figure 4 18 System Logs 4 42 Figure 4 19 Remote Logs 4 44 Figure 4 20 Displaying Logs 4 45 Figure 4 21 Enabling and Configuring SMTP Alerts 4 47 Figure 4 22 Renumbering the Stack 4 49 Figure 4 23 Resettin...

Page 32: ...9 Figure 7 6 ACL Configuration Extended IPv6 7 12 Figure 7 7 ACL Port Binding 7 13 Figure 8 1 Port Port Information 8 2 Figure 8 2 Port Port Configuration 8 6 Figure 8 3 Static Trunk Configuration 8 10 Figure 8 4 LACP Trunk Configuration 8 12 Figure 8 5 LACP Aggregation Port 8 15 Figure 8 6 LACP Port Counters Information 8 17 Figure 8 7 LACP Port Internal Information 8 20 Figure 8 8 LACP Port Neig...

Page 33: ...c Classes 12 5 Figure 12 3 Queue Mode 12 6 Figure 12 4 Queue Scheduling 12 7 Figure 12 5 IP Precedence DSCP Priority Status 12 9 Figure 12 6 IP Precedence Priority 12 11 Figure 12 7 IP DSCP Priority 12 13 Figure 12 8 IP Port Priority Status 12 14 Figure 12 9 IP Port Priority 12 15 Figure 13 1 Configuring Class Maps 13 5 Figure 13 2 Configuring Policy Maps 13 9 Figure 13 3 Service Policy Settings 1...

Page 34: ...7 5 ARP Dynamic Addresses 17 15 Figure 17 6 ARP Other Addresses 17 16 Figure 17 7 ARP Statistics 17 17 Figure 17 8 IP Statistics 17 21 Figure 17 9 ICMP Statistics 17 23 Figure 17 10 UDP Statistics 17 24 Figure 17 11 TCP Statistics 17 26 Figure 17 12 IP Static Routes 17 27 Figure 17 13 IP Routing Table 17 29 Figure 17 14 RIP General Settings 17 33 Figure 17 15 RIP Network Addresses 17 34 Figure 17 ...

Page 35: ...his section provides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface Introduction 1 1 Initial Configuration 2 1 ...

Page 36: ...GETTING STARTED ...

Page 37: ...ce for your particular network environment Note The current software release includes Layer 2 and 4 features Layer 3 features will be included in future releases Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web User name password RADIUS TACACS Web HTTPS Telnet SSH SNMP v1 2c Community strings SNMP versi...

Page 38: ...ing management and QoS IEEE 802 1D Bridge Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs Up to 256 using IEEE 802 1Q port based protocol based or private VLANs Traffic ...

Page 39: ...onfiguration settings Authentication This switch authenticates management access via the console port Telnet or web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to requ...

Page 40: ...witch connections Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded The switch supports flow control based on the IEEE 802 3x standard Rate Limiting This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at ...

Page 41: ...icting access for a known host to a specific port IEEE 802 1D Bridge The switch supports IEEE 802 1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses Store and Forward Switching The switch copies each frame into its memory before forwarding them t...

Page 42: ...TP It can provide an independent spanning tree for different VLANs It simplifies network management provides for even faster convergence than RSTP by limiting the size of each region and prevents VLAN members from being segmented from the rest of the group as sometimes occurs with IEEE 802 1D STP Virtual LANs The switch supports up to 255 VLANs A Virtual LAN is a collection of network nodes that s...

Page 43: ...rts several common methods of prioritizing layer 3 4 traffic to meet application requirements Traffic can be prioritized based on the priority bits in the IP frame s Type of Service ToS octet or the number of the TCP UDP port When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue IP Routing The...

Page 44: ...for the remote destination via the switch which uses its own routing table to reach the destination on the other network Quality of Service Differentiated Services DiffServ provides policy based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis Each packet is classified upon entry into the network based on access lis...

Page 45: ...System Defaults Function Parameter Default Console Port Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Port...

Page 46: ...ivate read write Port Configuration Admin Status Enabled Auto negotiation Enabled Flow Control Disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Enabled RSTP Defaults All values based on IEEE 802 1w Fast Forwar...

Page 47: ...ed untagged frames GVRP global Disabled GVRP port interface Disabled Traffic Prioritization Ingress Port Priority 0 Queue Mode WRR Weighted Round Robin Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled Table 1 2 System Defaults Continued Function Parameter Default ...

Page 48: ...sabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled Unicast Routing RIP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled Table 1 2 System Defaults Continued Fu...

Page 49: ...s HTTP web agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0 and higher The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by a direct connection to the RS 232 serial con...

Page 50: ...ic address filtering Filter packets using Access Control Lists ACLs Configure up to 255 IEEE 802 1Q VLANs Enable GVRP automatic VLAN registration Configure IP routing for unicast traffic Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority qu...

Page 51: ...o connect a terminal to the console port complete the following steps 1 Connect the console cable to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate ...

Page 52: ...I refer to Command Groups on page 18 12 Remote Connections Prior to accessing the switch s onboard agent via a network connection you must first configure it with a valid IP address subnet mask and default gateway using a console connection DHCP or BOOTP protocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignment ...

Page 53: ...agement functions you must use SNMP based network management software Stack Operations Up to eight 24 port or 48 port Gigabit switches can be stacked together as described in the Installation Guide One unit in the stack acts as the Master for configuration tasks and firmware upgrade All of the other units function in Slave mode but can automatically take over management of the stack if the Master ...

Page 54: ...tack fails or is removed from the stack the unit numbers will not change This means that when you replace a unit in the stack the original configuration for the failed unit will be restored to the replacement unit If a unit is removed from the stack and later reattached to the stack it will retain the original unit number obtained during stacking If a unit is removed from the stack and powered up ...

Page 55: ...n from the top to the bottom unit Using this kind of line topology if any link or unit in the stack fails the stack will be broken in two The Stack Link LED on the unit that is no longer receiving traffic from the next unit up or down in the stack will begin flashing to indicate that the stack link is broken When the stack fails a Master unit is selected from the two stack segments either the unit...

Page 56: ...means that when you replace a unit in the stack the original configuration for the failed unit will be restored to the replacement unit This applies to both the Master and Slave units Renumbering the Stack The startup configuration file maps configuration settings to each switch in the stack based on the unit identification number If the units are no longer numbered sequentially after several topo...

Page 57: ...ning messages whenever you log into the system through the CLI that inform you that an image download is required You can use the CLI web or SNMP to download the runtime image from a TFTP server to the master unit The master unit stores the image as its Next boot image and downloads the image to those backup units that are running a different image version For information on downloading firmware s...

Page 58: ...yed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have access at the Privileged Exec level Setting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric ch...

Page 59: ... to BOOTP or DHCP address allocation servers on the network Manual Configuration You can manually assign an IP address to the switch You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment if routing is not enabled on this switch Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Any...

Page 60: ...r the network to which the switch belongs type ip default gateway gateway where gateway is the IP address of the default gateway Press Enter Assigning an IPv6 Address There are several ways to manually configure IPv6 addresses This section describes how to configure a link local address for connectivity within the local subnet only and another option that allows you to specify a global unicast add...

Page 61: ...r devices on the local subnet To configure an IPv6 link local address for the switch complete the following steps 1 From the Global Configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 Type ipv6 address followed by up to 8 colon separated 16 bit hexadecimal values for the ipv6 address similar to that shown in the example followed by the link loca...

Page 62: ... 73 8 To generate an IPv6 global unicast address for the switch using a general network prefix complete the following steps 1 From the Global Configuration mode prompt type ipv6 general prefix prefix name ipv6 prefix prefix length where the prefix name is a label identifying the network segment ipv6 prefix specifies the high order bits of the network address and prefix length indicates the actual ...

Page 63: ...f the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service requests as soon as it is powered on Console config ipv6 general prefix rd 2001 DB8 2222 4836 12 Console config interface vlan 1 24 2 Console config if ipv6 address rd 0 0 0 7272 72 64 36 14 Console config if exit Console config ipv6 default gateway 2001 DB8 2222 7272 254 36 24 Con...

Page 64: ...t client to begin broadcasting service requests Press Enter 5 Wait a few minutes and then check the IP configuration settings by typing the show ip interface command Press Enter 6 Then save your configuration changes by typing copy running config startup config Enter the startup file name and press Enter Console config interface vlan 1 24 2 Console config if ip address dhcp 36 4 Console config if ...

Page 65: ... network containing more than one subnet the switch can be configured to automatically generate a unique host address based on the local subnet address prefix received in router advertisement messages DHCP for IPv6 will also be supported in future software releases To dynamically generate an IPv6 host address for the switch complete the following steps 1 From the Global Configuration mode prompt t...

Page 66: ...cludes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to t...

Page 67: ...authorized access to the switch from SNMP version 1 or 2c clients it is recommended that you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community string mode where string is the community access string and mode is rw read write or ro read only Press Enter Note t...

Page 68: ...etailed description of these parameters see snmp server host on page 21 6 The following example creates a trap host for each type of SNMP client Configuring Access for SNMP Version 3 Clients To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write assign the view to a group and then assign the user to a gro...

Page 69: ... configuration settings are saved Saved configuration files can be selected as a system start up file or can be uploaded via TFTP to a server for backup The file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system If the system is booted with the factory default settings the master unit will also create a file named startup1 cfg that cont...

Page 70: ...e must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the running config the system will reboot and the settings will ha...

Page 71: ... maximum number of saved configuration files depends on available flash memory with each configuration file normally requiring less than 20 kbytes The amount of available flash memory can be checked by using the dir command To save the current configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter th...

Page 72: ...MANAGING SYSTEM FILES 2 24 ...

Page 73: ...nterface Configuring the Switch 3 1 Basic Management Tasks 4 1 Simple Network Management Protocol 5 1 User Authentication 6 1 Access Control Lists 7 1 Port Configuration 8 1 Address Table Settings 9 1 Spanning Tree Algorithm 10 1 VLAN Configuration 11 1 Class of Service 12 1 Quality of Service 13 1 Multicast Filtering 14 1 Domain Name Service 15 1 Dynamic Host Configuration Protocol 16 1 IP Routin...

Page 74: ...SWITCH MANAGEMENT ...

Page 75: ... For more information on using the CLI refer to Chapter 18 Overview of the Command Line Interface Prior to accessing the switch from a web browser be sure you have first performed the following tasks 1 Configure the switch with a valid IP address subnet mask and default gateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 2 11 2 Set user names and...

Page 76: ... password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port attached to your management station to fast forwarding i e enable Admin Edge Port to improve the switch s response time to management comma...

Page 77: ...connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Note The examples in this chapter are based on the SMC8824M Other than the number o...

Page 78: ... is configured as follows Under the menu Tools Internet Options General Temporary Internet Files Settings the setting for item Check for newer versions of stored pages should be Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Table 3 1 Web Page Configuration Buttons Bu...

Page 79: ...ode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Clicking on the image of a port opens the Port Configuration page as described on page 8 4 Figure 3 2 Front Panel Indicators SMC8824M SMC8848M ...

Page 80: ...nsion Shows the bridge extension parameters 4 6 IPv6 Configuration Configures IPv6 interface addresses and static neighbors 4 13 IPv6 Configuration Configures IPv6 interface address and protocol settings 4 13 IPv6 General Prefix Configures IPv6 general prefix for network portion of addresses 4 22 IPv6 Neighbor Configures IPv6 neighbor discover protocol and static neighbors 4 24 Jumbo Frames Enable...

Page 81: ...cified list of servers 4 50 Clock Time Zone Sets the local time zone for the system clock 4 51 SNMP 5 1 Configuration Configures community strings and related trap functions 5 4 Agent Status Enables or disables SNMP 5 4 SNMPv3 5 10 Engine ID Sets the SNMP v3 engine ID 5 10 Remote Engine ID Sets the SNMP v3 engine ID on a remote device 5 11 Users Configures SNMP v3 users 5 12 Remote Users Configure...

Page 82: ... configuration parameters 6 23 Port Configuration Sets the authentication mode for individual ports 6 24 Statistics Displays protocol statistics for the selected port 6 27 ACL 7 1 Configuration Configures packet filtering based on IP or MAC addresses 7 1 Port Binding Binds a port to the specified ACL 7 13 IP Filter Configures IP addresses that are allowed management access 6 29 Port 8 1 Port Infor...

Page 83: ...roadcast Control Sets the broadcast storm threshold for each trunk 8 23 Mirror Port Configuration Sets the source and target ports for mirroring 8 25 Rate Limit 8 26 Input Port Configuration Sets the input rate limit for each port 8 26 Input Trunk Configuration Sets the input rate limit for each trunk 8 26 Output Port Configuration Sets the output rate limit for each port 8 26 Output Trunk Configu...

Page 84: ...ority and VLANs for a spanning tree instance 10 21 Port Information Displays port settings for a specified MST instance 10 24 Trunk Information Displays trunk settings for a specified MST instance 10 24 Port Configuration Configures port settings for a specified MST instance 10 26 Trunk Configuration Configures trunk settings for a specified MST instance 10 26 VLAN 11 1 802 1Q VLAN 11 1 GVRP Statu...

Page 85: ...ity 12 1 Default Port Priority Sets the default priority for each port 12 1 Default Trunk Priority Sets the default priority for each trunk 12 1 Traffic Classes Maps IEEE 802 1p priority tags to output queues 12 3 Traffic Classes Status Enables disables traffic class priorities not implemented NA Queue Mode Sets queue mode to strict priority or Weighted Round Robin 12 6 Queue Scheduling Configures...

Page 86: ... to an ingress port 13 10 IGMP Snooping 14 2 IGMP Configuration Enables multicast filtering configures parameters for multicast query 14 2 Multicast Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 14 5 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 14 6 IP Multicast Registr...

Page 87: ...es DHCP server configures excluded address range 16 5 Pool Configuration Configures address pools for network groups or a specific host 16 6 IP Binding Displays addresses currently bound to DHCP clients 16 11 IP 17 1 General 17 5 Global Settings Enables or disables routing specifies the default gateway 17 5 Routing Interface Configures the IP interface for the specified VLAN 17 7 ARP 17 9 General ...

Page 88: ...of traffic and errors 17 24 TCP Shows statistics for TCP including the amount of traffic and TCP connection activity 17 25 Routing 17 26 Static Routes Configures and display static routing entries 17 26 Routing Table Shows all routing entries including local static and dynamic routes 17 28 Routing Protocol 17 30 RIP 17 30 General Settings Enables or disables RIP sets the global RIP version and tim...

Page 89: ... information from other routing domains into the autonomous system 17 39 Statistics Displays general information on update time route changes and number of queries as well as a list of statistics for known interfaces and neighbors 17 41 Table 3 2 Switch Main Menu Continued Menu Description Page ...

Page 90: ...CONFIGURING THE SWITCH 3 16 ...

Page 91: ...stem Object ID MIB II object ID for switch s network management subsystem Location Specifies the system location Contact Administrator responsible for the system System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI System Description Brief description of device type MAC Address The physical layer address for this switch Web Server Sho...

Page 92: ...thentication Login Shows the user login authentication sequence Jumbo Frame Shows if jumbo frames are enabled POST Result Shows results of the power on self test Web Click System System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line Interface via Telnet...

Page 93: ...ystem Information System Up Time 0 days 1 hours 28 minutes and 0 51 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC Address Unit1 00 20 1A DF 9C A0 MAC Address Unit2 00 20 1A DF 9E C0 Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enable Telnet Server Port 23 Authentication Login Local RADIUS None Jumbo Frame Disabled ...

Page 94: ...ardware version of the main board Internal Power Status Displays the status of the internal power supply Management Software EPLD Version Version number of EEPROM Programmable Logic Device Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Ma...

Page 95: ...lowing command to display version information Console show version 20 10 Unit 1 Serial Number 0000E8900000 Hardware Version R01 EPLD Version 1 02 Number of Ports 26 Main Power Status Up Redundant Power Status Not present Agent master Unit ID 1 Loader Version 1 0 0 1 Boot ROM Version 1 0 0 1 Operation Code Version 3 30 7 54 Console ...

Page 96: ...dual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 9 1 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on eac...

Page 97: ... CLI Enter the following command Console show bridge ext 30 3 Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic classes Enabled Global GVRP status Disabled GMRP Disabled Console ...

Page 98: ...ot enabled on this stack You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by the CLI program Command Usage This section describes how to configure a single local interface for initial access to the s...

Page 99: ... received from the server Requests will be broadcast periodically by the switch for an IP address DHCP BOOTP values can include the IP address subnet mask and default gateway IP Address Address of the VLAN to which the management station is attached Note that you can manage the stack through any configured IP interface Valid IP addresses consist of four numbers 0 to 255 separated by periods Defaul...

Page 100: ... attached set the IP Address Mode to Static and specify a Primary interface Enter the IP address and subnet mask then click Apply Figure 4 4 IPv4 Interface Configuration Manual Click IP Global Setting If this stack and management stations exist on other network segments then specify the default gateway and click Apply Figure 4 5 Default Gateway ...

Page 101: ...OTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the stack will also broadcast a request for IP configuration settings on each power reset Figure 4 6 IPv4 Interface Configuration DHCP Note If you lose your management connection make a console connection to the Master unit and enter show ip interface to determine the new stack address Conso...

Page 102: ... If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service via the web interface if the current address is still available CLI Enter the following command to restart DHCP service Console config Console config interface vlan 1 24 2 Console config if ip address dhcp 36 4 Console config if end Console...

Page 103: ...s easy to set up and may be useful for simple networks or basic troubleshooting tasks However to connect to a larger network with multiple segments the switch must be configured with a global unicast address Both link local and global unicast address types can either be manually configured or dynamically assigned Command Usage This section describes how to configure a single local interface for in...

Page 104: ...must configure a global unicast address There are several alternatives to configuring this address type The global unicast address can be automatically configured by taking the network prefix from router advertisements observed on the local interface and using the modified EUI 64 form of the interface identifier to automatically create the host portion of the address It can be manually configured ...

Page 105: ...e that when an explicit address is assigned to an interface IPv6 is automatically enabled and cannot be disabled until all assigned addresses have been removed IPv6 Default Gateway Sets the IPv6 address of the default next hop router to use when no other routing information is known about an IPv6 address The specified gateway is only valid if routing is disabled using the IP General Global Setting...

Page 106: ...et IP Address Auto Configuration Enables stateless autoconfiguration of IPv6 addresses on an interface and enables IPv6 functionality on the interface The network portion of the address is based on prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the interface identifier i e the switch s MAC address If the rou...

Page 107: ...IPv6 Address field and the full network prefix length which includes the general prefix and any contiguous bits from the left of the address that are appended to the network prefix in the Prefix Length field Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address When used with a general network prefi...

Page 108: ...using an EUI 64 interface ID in the low order 64 bits When using EUI 64 format for the low order 64 bits in the host portion of the address the value entered in the IPv6 Address field includes the network portion of the address and the value in the Prefix Length field indicates how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address Note tha...

Page 109: ...s are attached to different subnets Global Configures an IPv6 global unicast address based on values entered in the IPv6 Address and Prefix Length fields Auto Detect System will automatically detect the address type according to the address prefix entered in the IPv6 Address field Current Address Table IPv6 Address IPv6 address assigned to this interface In addition to the unicast addresses assign...

Page 110: ...resses a node must join In this example FF02 1 FF90 0 104 is the solicited node multicast address which is formed by taking the low order 24 bits of the address and appending those bits to the prefix Note that the solicited node multicast address link local scope FF02 is used to resolve the MAC addresses for neighbor nodes since IPv6 does not support the broadcast method used by the Address Resolu...

Page 111: ... Click System IPv6 Configuration IPv6 Configuration Set the IPv6 default gateway specify the VLAN to configure enable IPv6 and set the MTU Then enter a global unicast or link local address and click Add IPv6 Address Figure 4 7 IPv6 Interface Configuration ...

Page 112: ... Console config Console config ipv6 default gateway 2009 DB9 2229 240 36 24 Console config ipv6 general prefix rd 2009 DB9 2229 48 36 12 Console config interface vlan 1 24 2 Console config if ipv6 address rd 7279 79 64 36 14 Console config if ipv6 mtu 1280 36 26 Console config if ipv6 enable 36 10 Console config if end Console show ipv6 default gateway 36 25 ipv6 default gateway 2009 DB9 2229 240 ...

Page 113: ... using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Prefix Length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Web Click System IPv6 Configuration IPv6 General Prefix Click ...

Page 114: ...formation Command Attributes Protocol Settings VLAN VLAN ID Range 1 4093 IPv6 ND DAD Attempts The number of consecutive neighbor solicitation messages sent on an interface during duplicate address detection Range 0 600 Default 1 Configuring a value of 0 disables duplicate address detection Duplicate address detection determines if a new unicast IPv6 address already exists on the network before it ...

Page 115: ...duplicate state If the link local address for an interface is changed duplicate address detection is performed on the new link local address but not for any of the IPv6 global unicast addresses already associated with the interface Current Neighbor Cache Table IPv6 Address IPv6 address of neighbor device Age The time since the address was verified as reachable in minutes A static entry is indicate...

Page 116: ...ability is received Unknown state The following states are used for static entries INCMP Incomplete The interface for this entry is down REACH Reachable The interface for this entry is up Reachability detection is not applied to static entries in the IPv6 neighbor discovery cache VLAN VLAN interface from which the address was reached Adding Static Neighbors IPv6 Neighbor Add IPv6 Address The IPv6 ...

Page 117: ...ic neighbor entries click Add fill in the IPv6 address VLAN interface and hardware address Then click Add Figure 4 9 IPv6 Neighbor Detection and Neighbor Cache CLI This example maps a static entry for a global unicast address to a MAC address Console config ipv6 general prefix rd 2009 DB9 2229 48 36 12 Console config ipv6 neighbor 2009 0DB9 49A vlan 1 30 65 14 01 11 87 36 38 Console config end Con...

Page 118: ...ch as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes Jumbo Packet Status Configures support for jumbo frames Default Disable...

Page 119: ...e from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify opcode operational code to copy firmware File Name The file name should not contain sl...

Page 120: ... the startup file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new...

Page 121: ...click Apply To start the new firmware reboot the system via the System Reset menu Figure 4 12 Setting the Startup Code To delete a file select System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figure 4 13 Deleting Files ...

Page 122: ...witch s settings Command Attributes File Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a file in the switch to the startup configuration file to tftp Copies a file from the switch to a ...

Page 123: ...tftp to startup config Copies a file from a TFTP server to the startup config file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to this switch TFTP Server IP Address The IP address of a TFTP server File Type Specify config configuration to copy configuration settings File Name The configuration file name should not co...

Page 124: ... replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Management Copy Operation Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file name and then c...

Page 125: ...nfiguration Settings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch To select another configuration file as the start up configuration use the boot system command and then restart the switch Console copy tftp startup config 20 13 TFTP server ip address 192 168 1 19 Source configuration file name ...

Page 126: ...ssword Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Silent Time Sets the amount of time the management console is inaccessible after t...

Page 127: ...ne with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login1 Enables password checking at login You can select authentication by a single global password as configured for the Password parameter or by passwords set up for specific user name accounts Default Local Web Click System Line Console Specify the cons...

Page 128: ...bles Telnet access to the switch Default Enabled Telnet Port Number Sets the TCP port number for Telnet on the switch Default 23 Console config line console 20 22 Console config line login local 20 23 Console config line password 0 secret 20 24 Console config line timeout login response 0 20 25 Console config line exec timeout 0 20 26 Console config line password thresh 5 20 27 Console config line...

Page 129: ...hold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time set by the Silent Time parameter before allowing the next logon attempt Range 0 120 Default 3 attempts Password2 Specifies a password for the line connection When a connection is started on a line with password protection the system pr...

Page 130: ... current virtual terminal settings use the show line command from the Normal Exec level Console config line vty 20 22 Console config line login local 20 23 Console config line password 0 secret 20 24 Console config line timeout login response 300 20 25 Console config line exec timeout 600 20 26 Console config line password thresh 3 20 27 Console config line end Console show line vty 20 32 VTY conf...

Page 131: ...erwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM Command Attributes System Log Status Enables disables the logging of debug or error messages to the logging proce...

Page 132: ...s Specify System Log Status set the level of event messages to be logged to RAM and flash memory then click Apply Figure 4 18 System Logs 4 Warning Warning conditions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert Immediate action needed 0 Emergency Syste...

Page 133: ... syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log mes...

Page 134: ... to add to the Host IP List Web Click System Logs Remote Logs To add an IP address to the Host IP List type the new IP address in the Host IP Address box and then click Add To delete an IP address click the entry in the Host IP List and then click Remove Figure 4 19 Remote Logs ...

Page 135: ...ash memory Web Click System Log Logs Figure 4 20 Displaying Logs Console config logging host 10 1 0 9 20 36 Console config logging facility 23 20 37 Console config logging trap 4 20 38 Console config logging trap Console config exit Console show logging trap 20 40 Syslog logging Enabled REMOTELOG status Disabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG ...

Page 136: ...og severity threshold level see table on page 4 41 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 SMTP Server List Specifies a list of up to three recipient SMTP servers The switch attempts to connect to the other listed servers if the first fa...

Page 137: ...rity level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Specify up to five email addresses to receive the alert messages and click Apply Figure 4 21 Enabling and Configuring SMTP Alerts ...

Page 138: ... the new configuration settings to a startup configuration file prior to powering off the stack Master Command Usage The startup configuration file maps configuration settings to each switch in the stack based on the unit identification number You should Console config logging sendmail host 192 168 1 4 20 43 Console config logging sendmail level 3 20 44 Console config logging sendmail source email...

Page 139: ...d sequentially down through the ring Web Click System Renumbering Figure 4 22 Renumbering the Stack CLI This example renumbers all units in the stack Resetting the System Web Click System Reset Click the Reset button to restart the switch When prompted confirm that you want reset the switch Figure 4 23 Resetting the System CLI Use the reload command to restart the switch Note When restarting the s...

Page 140: ...ime update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This requires at least one time server to be specifie...

Page 141: ...orresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Command Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Console config sntp client 20 48 Console config sntp poll 16 20 50 Console config sntp server 10 1 0 1...

Page 142: ...ne to be before east or after west UTC Web Select SNTP Clock Time Zone Set the offset for your time zone relative to the UTC and click Apply Figure 4 25 Clock Time Zone CLI This example shows how to set the time zone for the system clock Console config clock timezone Dhaka hours 6 minute 0 after UTC 20 52 Console ...

Page 143: ... by the SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB that provides a standard presentation of the information controlled by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 This agent...

Page 144: ...all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings Table 5 1 SNMPv3 Security Models and Levels Model Level Group Read View Write View Notify View Security v1 noAuthNoPriv public read only defaultview none none Community string only v1 noAuthNoPriv private read write defaultview...

Page 145: ...ser defined user defined user defined user defined Provides user authenticati on via MD5 or SHA algorithms v3 AuthPriv user defined user defined user defined user defined Provides user authenticati on via MD5 or SHA algorithms and data privacy using DES 56 bit encryption Table 5 1 SNMPv3 Security Models and Levels Continued Model Level Group Read View Write View Notify View Security ...

Page 146: ...wing example enables SNMP on the switch Setting Community Access Strings You may configure up to five community strings authorized for management access by clients using SNMP v1 and v2c All community strings used for IP Trap Managers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports ...

Page 147: ...ng Read Only Authorized management stations are only able to retrieve MIB objects Read Write Authorized management stations are able to both retrieve and modify MIB objects Web Click SNMP Configuration Add new community strings as required select the access rights from the Access Mode drop down list then click Add Figure 5 2 Configuring SNMP Community Strings CLI The following example adds the str...

Page 148: ...or the host However if you specify a V3 host with the no authentication noAuth option an SNMP user account will be automatically generated and the switch will authorize SNMP access for the host Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send a response to the switch Traps are therefore not as reliable as inform messages which include...

Page 149: ...alid community string for the new trap manager entry Though you can set this string in the Trap Managers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager ...

Page 150: ...f times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 Enable Authentication Traps3 Issues a notification message to specified IP trap managers whenever authentication of an SNMP request fails Default Enabled Enable Link up and Link down Traps3 Issues a notification message whenever a port link is established or broken Default Enabled 3 These are le...

Page 151: ... v3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 5 3 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps Console config snmp server host 10 1 19 23 private version 2c udp port 162 21 6 Console config snmp s...

Page 152: ...e ID An SNMPv3 engine is an independent SNMP agent that resides on the switch This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine...

Page 153: ...ords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types on page 5 6 and Configuring Remote SNMPv3 Users on page 5 15 The engine ID can be specified by entering 1 to 26...

Page 154: ...ange 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is n...

Page 155: ...The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required Actions Enables the user to be assigned to another SNMPv3 group ...

Page 156: ...name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a user click Change Group in the Actions column of the users table and select the new group Figure 5 6 Configuring SNMPv3 Users ...

Page 157: ...Managers and Trap Types on page 5 6 and Specifying a Remote Engine ID on page 5 11 Command Attributes User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Engine ID The engine identifier for the SNMP agent on the remote device where the remote user resides Note that the remote engine ...

Page 158: ...t the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication Protocol The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use...

Page 159: ...ick New to configure a user name In the New User page define a name and assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete Figure 5 7 Configuring Remote SNMPv3 Users ...

Page 160: ...uthentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Read View The configured view for read access Range 1 64 characters Write View The configured view for wri...

Page 161: ... to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state or from the Forwarding state to the Discarding state The trap is not sent if a newRoot trap is sent for the same transition SNMPv2 Traps coldStart 1 3 6 1 6 3 1 1 5 1 A coldStart trap signifies that the SNMPv2 enti...

Page 162: ...detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state but not into the notPresent state Thisotherstate is indicated by the included value of ifOperStatus authenticationFailure 1 3 6 1 6 3 1 1 5 5 An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is...

Page 163: ...8 This trap is sent when the fan failure has recovered swIpFilterRejectTrap 1 3 6 1 4 1 202 20 57 84 2 1 0 40 This trap is sent when an incorrect IP address is rejected by the IP Filter swSmtpConnFailure Trap 1 3 6 1 4 1 202 20 57 84 2 1 0 41 This trap is triggered if the SMTP system cannot open a connection to the mail server successfully swMainBoardVer MismatchNotificaiton 1 3 6 1 4 1 202 20 57 ...

Page 164: ...lls below the switchThermalActionFallingThre shold swModuleInsertion Notificaiton 1 3 6 1 4 1 202 20 57 84 2 1 0 60 This trap is sent when a module is inserted swModuleRemoval Notificaiton 1 3 6 1 4 1 202 20 57 84 2 1 0 61 This trap is sent when a module is removed These are legacy notifications and therefore must be enabled in conjunction with the corresponding traps on the SNMP Configuration men...

Page 165: ... new group In the New Group page define a name assign a security model and level and then select read write and notify views Click Add to save the new group and return to the Groups list To delete a group check the box next to the group name then click Delete Figure 5 8 Configuring SNMPv3 Groups ...

Page 166: ... configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Console config snmp server grou...

Page 167: ...witch MIB to be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click on Edit OID Subtrees to make changes to the view settings To delete a view check the box next to the view name then click Delete Figure 5 9 Configuring SNMPv3 Views ...

Page 168: ...ver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 21 13 Console config exit Console show snmp view 21 14 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile Row Status active View Name readaccess Subtree OID 1 3 6 1 2 View Type included Storage Type nonvolatile Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type nonvolatil...

Page 169: ...rity Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should ther...

Page 170: ... Access Level Specifies the user level Options Normal and Privileged Password Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user Web Click Security User Accounts To configure a new user account enter the user name access level and password then click Add To change the password for a specific user enter the user name...

Page 171: ...S aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the switch RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request...

Page 172: ...ADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attributes Authentication Select the authentication or authentication sequence required Local User authentication is performed only locally by the s...

Page 173: ...ia the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the TACACS server Default 10 11 12 13 Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Secret T...

Page 174: ...quired parameters to enable logon authentication Console config authentication login radius 22 5 Console config radius server port 181 22 10 Console config radius server key green 22 10 Console config radius server retransmit 5 22 11 Console config radius server timeout 10 22 11 Console config radius server 1 host 192 168 1 25 22 13 Console config exit Console show radius server 22 12 Remote RADIU...

Page 175: ...e The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above Server 1 Server IP address 192 168 1 25 Communication...

Page 176: ...switch s web interface Default Port 443 Web Click Security HTTPS Settings Enable HTTPS and specify the port number then click Apply Figure 6 3 HTTPS Settings CLI This example enables the HTTP secure server and modifies the port number Table 6 1 HTTPS System Support Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows XP Netscap...

Page 177: ... a recognized certification authority Note For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and use the following command at the switch s command line interface to replac...

Page 178: ...etween the switch and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered Note that you need to install an SSH client on the management station to access the switch for management via the SSH protocol Note The switch supports both SSH Version 1 5 and 2 0 clients Command Usage The SSH server on this switch supports both password and public key a...

Page 179: ...Client s Public Key to the Switch Use the copy tftp public key command page 20 13 to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch via the User Accounts page as described on page 6 1 The clients are subsequently authenticated using these keys The current firmware only accepts p...

Page 180: ...encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access it The following exchanges take place during this process Authenticating SSH v1 5 Clients a The client sends its RSA public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses its secret key to generate a...

Page 181: ...SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Generating the Host Key Pair A host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to t...

Page 182: ...only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Generate This button is used to generate the host key pair Note that you must first generate the...

Page 183: ...lick Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required prior to generating the key and then click Generate Figure 6 4 SSH Host Key Settings ...

Page 184: ...st key 22 30 Console show public key host 22 32 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 6314033869257931051057652122430528078658854857892726029378660892368 4142327591212760325919683697053439336438445223335188287173896894511 729290510813919642025190932104328579045764891 DSA ssh dss AAAAB3...

Page 185: ...cifies the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings pag...

Page 186: ... to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port...

Page 187: ...nt from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 8 4 Command Attributes Port Port number Name Descriptive text page 24 3 Action Indicates the action to be taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNM...

Page 188: ...owed on a port and click Apply Figure 6 6 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count and then enables port security for the port Console config interface ethernet 1 5 Console config if port security action trap and shutdown 22 35 Console config if port security max mac count 20 Console c...

Page 189: ...fy user identity and access rights When a client i e Supplicant connects to a switch port the switch i e Authenticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet fro...

Page 190: ... Each switch port that will be used must be set to dot1x Auto mode Each client that needs to be authenticated must have dot1x client software installed and properly configured The RADIUS server and 802 1X client support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client also have to support the same EAP authentication type...

Page 191: ...t Disabled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 6 8 802 1X Global Configuration CLI This example enables 802 1X globally for the switch Console show dot1x 22 44 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 disab...

Page 192: ...1024 Default 5 Mode Sets the authentication mode to one of the following options Auto Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise This is the default setting Force Unauthorized Forces the port to deny access to all cl...

Page 193: ...s of a connected client Trunk Indicates if the port is configured as a trunk port Web Click Security 802 1X Port Configuration Modify the parameters required and click Apply Figure 6 9 802 1X Port Configuration CLI This example sets the 802 1X parameters on port 2 For a description of the additional fields displayed in this example see show dot1x on page 22 44 Console config interface ethernet 1 2...

Page 194: ...rt Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Disable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 7 Authenticator State Machine State Authenticated Reauth Count 0 Backen...

Page 195: ...e number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in t...

Page 196: ...02 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 22 44 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 00 E8 98 73 21 Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Page 197: ...h of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You mus...

Page 198: ...xample restricts management access for Telnet clients Console config management telnet client 192 168 1 19 22 48 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management all client 22 49 Management IP Filter HTTP Client Start IP address End IP address SNMP Client Start IP address End IP address TELNET Client Start IP address End IP address 1 192...

Page 199: ...cific criteria This switch tests ingress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the packet is accepted Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is also 32 The maximum number of rules that ...

Page 200: ... type of an ACL Command Attributes Name Name of the ACL Maximum length 16 characters Type There are three filtering modes IP Standard IPv4 ACL mode that filters packets based on the source IPv4 address IP Extended IPv4 ACL mode that filters packets based on source or destination IPv4 address as well as protocol type and protocol port number If the TCP protocol is specified then you can also filter...

Page 201: ...cifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The mask uses 1 bits to indicate match an...

Page 202: ...address range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IPv4 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the...

Page 203: ... Bit Mask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number ...

Page 204: ...teria such as service type protocol type or TCP control code Then click Add Figure 7 3 ACL Configuration Extended IPv4 CLI This example adds three rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from cl...

Page 205: ...t Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet types Any Any...

Page 206: ...ct MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 7 4 ACL Configuration MAC CLI This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype ...

Page 207: ...ccording to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Source Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address Web Specify t...

Page 208: ...the undefined fields The switch only checks the first 64 bits of the destination address Destination Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address Next Header Identifies the type of header immediately following the IPv6 header Range 0 255 Optional internet layer information is encoded in sep...

Page 209: ...eld suitable for use as a hash key by routers for looking up the state associated with the flow A flow identifies a sequence of packets sent from a particular source to a particular unicast or multicast destination for which the source desires special handling by the intervening routers The nature of that special handling might be conveyed to the routers by a control protocol such as a resource re...

Page 210: ...ation Extended IPv6 CLI This example adds three rules 1 Accepts any incoming packets for the destination 2009 DB9 2229 79 48 2 Allows packets to any destination address when the DSCP value is 5 3 Allows any packets sent to the destination 2009 DB9 2229 79 48 when the flow label is 43 Console config ext ipv6 acl permit 2009 DB9 2229 79 48 23 12 Console config ext ipv6 acl permit any dscp 5 Console ...

Page 211: ... filtering only Command Attributes Port Fixed port SFP module or XFP module Range 1 26 50 IP Specifies the IPv4 ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IPv6 Specifies the IPv6 ACL to bind to a port IN ACL for ingress packets OUT ACL for egress packets Egress filtering is not supported ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for t...

Page 212: ...and an IP ingress ACL to port 2 Console config interface ethernet 1 1 24 2 Console config if ip access group tom in 23 8 Console config if mac access group jerry in 23 20 Console config if exit Console config interface ethernet 1 2 Console config if ip access group tom in Console config if ...

Page 213: ...es if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type4 Shows the forced preferred port type to use for combination ports 21 24 SMC8824M or 45 48 SMC8848M Copper F...

Page 214: ...age 4 8 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring Interface Connections on page 3 48 The following capabilities are suppor...

Page 215: ...f port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port security action Shows the response to take when a security violation is detected shutdown trap trap and shutdown Media type Shows the forced preferred port type to use for combination ports 21 24 SMC8824M or 45 48 SMC8848M copper forced SFP forced SFP pre...

Page 216: ...ns and then reenable it after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Console show interfaces status ethernet 1 5 24 12 Information of Eth 1 13 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed du...

Page 217: ...igabit only Check this item to transmit and receive pause frames or clear it to auto negotiate the sender and receiver for asymmetric pause frames The current switch chip only supports symmetric pause frames FC Supports flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressu...

Page 218: ...Indicates if a port is a member of a trunk To create trunks and select port members see Creating Trunk Groups on page 8 8 Note Auto negotiation must be disabled before you can configure or force the interface to use the Speed Duplex Mode or Flow Control options Web Click Port Port Configuration or Trunk Configuration Modify the required interface settings and click Apply Figure 8 2 Port Port Confi...

Page 219: ...hutdown 24 9 Console config if no shutdown Console config if no negotiation 24 5 Console config if speed duplex 100half 24 3 Console config if negotiation Console config if capabilities 100half 24 6 Console config if capabilities 100full Console config if capabilities flowcontrol Console config if exit Console config interface ethernet 1 21 Console config if media type copper forced 24 8 Console c...

Page 220: ...are also configured as LACP the switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than eight ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide...

Page 221: ...ked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk Statically Configuring a Trunk Command Usage When configuring static trunks you may not be able to link switches of different types depending on the manufacturer s implementation...

Page 222: ...s Trunk Trunk identifier Range 1 32 Unit Stack unit Range 1 8 Port Port identifier Range 1 25 49 Web Click Port Trunk Membership Enter a trunk ID of 1 32 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 8 3 Static Trunk Configuration ...

Page 223: ...t Console config interface ethernet 1 9 24 2 Console config if channel group 1 25 3 Console config if exit Console config interface ethernet 1 10 Console config if channel group 1 Console config if end Console show interfaces status port channel 1 24 12 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A2 Configuration Name Port admin Up Speed duplex Auto Capabili...

Page 224: ...or full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 8 9 Command Attributes Member List Current Shows configured trunks Unit Port New Includes entry fields for creating new trunks Unit Stack unit Range 1 8 Port Port identifier Range 1 25 49 Web Click Port LACP Configuration S...

Page 225: ...or a port to be allowed to join a channel group Console config interface ethernet 1 1 24 2 Console config if lacp 25 4 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 24 12 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A2 Configuration Port admin Up Speed du...

Page 226: ... must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a ...

Page 227: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 8 5 LACP Aggregation Port ...

Page 228: ...sole config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 25 10 Channel Group System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 Console show lacp 1 internal 25 10 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs ...

Page 229: ...Number of valid LACPDUs received by this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but...

Page 230: ...ive 10 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 8 2 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Internal Number of seconds before invalidating received LACPDU information LACP System Priorit...

Page 231: ...nabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a compatible Aggregator and the identity of the Link Aggregation Group is con...

Page 232: ...ACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 25 10 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collecting synchronization aggregation long timeo...

Page 233: ...lue of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the pr...

Page 234: ... side of port channel 1 Console show lacp 1 neighbors 25 10 Port channel 1 neighbors Eth 1 2 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 78 AE C0 Partner Admin Port Number 2 Partner Oper Port Number 2 Port Admin Priority 32768 Port Oper Priority 32768 Admin Key 0 Oper Key 3 Admin State defaulted distributing collecting synchronization long timeout Oper Sta...

Page 235: ...c for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast control does not effect IP multicast traffic The resolution is 1 packet per second pps i e any setting between 500 262143 is acceptable Command Attributes Port6 Port number Trunk7 Trunk number Type Indicates the port type 1000BASE T SFP or 10G Protect Status Shows whether or not bro...

Page 236: ...2 Console config if no switchport broadcast 24 10 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 24 10 Console config if end Console show interfaces switchport ethernet 1 2 24 15 Information of Eth 1 2 Broadcast threshold Enabled 600 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate ...

Page 237: ... mirroring port traffic the target port must be included in the same VLAN as the source port when using MSTP see Spanning Tree Algorithm on page 10 1 Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Unit The unit whose port traffic will be monitored Range 1 8 Source Port The port whose traffic will be monitored Range 1 26 50 Type Allows you to select which traff...

Page 238: ... maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with t...

Page 239: ...b Click Port Rate Limit Input Output Port Trunk Configuration Set the Input Rate Limit Status or Output Rate Limit Status then set the rate limit for the individual interfaces and click Apply Figure 8 11 Rate Limit Configuration CLI This example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps Console config interface ethernet 1 1 24 2 Console config if rate limi...

Page 240: ... groups 2 3 and 9 can only be accessed using SNMP management software such as HP OpenView Table 8 4 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets The number of...

Page 241: ... a multicast address at this sub layer including those that were discarded or not sent Transmit Broadcast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Transmit Discarded Packets The number of outbound packets which were chosen to be discarded...

Page 242: ...to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR message is generated by the PLS...

Page 243: ...ood frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this multicast address CRC Alignment Errors The number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding frami...

Page 244: ...d and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte Frames 1519 1536 Byte Frames The total number of frames including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but including FCS octets...

Page 245: ...SHOWING PORT STATISTICS 8 33 Figure 8 12 Port Statistics ...

Page 246: ...rors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets 4422579 Packets 31552 Broadcast pkts 238 Multi cast pkts 17033 Undersize pkts 0 Oversize pkt...

Page 247: ...s can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attributes Static Address Counts8 The number of manually configured addresses Current Static Address Table Lists all the static addresse...

Page 248: ...ss and VLAN then click Add Static Address Figure 9 1 Static Addresses CLI This example adds an address to the static address table but sets it to be deleted when the switch is reset Console config mac address table static 00 e0 29 94 34 de interface ethernet 1 1 vlan 1 delete on reset 28 2 Console config ...

Page 249: ... address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4093 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number o...

Page 250: ...x select the method of sorting the displayed addresses and then click Query Figure 9 2 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address table interface ethernet 1 1 28 4 Interface Mac Address Vlan Type Eth 1 1 00 E0 29 94 34 DE 1 Permanent Eth 1 1 00 20 9C 23 CD 60 2 Learned Console ...

Page 251: ...es disables the aging function Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click Apply Figure 9 3 Address Aging CLI This example sets the aging time to 400 seconds Console config mac address table aging time 400 28 5 Console config ...

Page 252: ...ADDRESS TABLE SETTINGS 9 6 ...

Page 253: ...iple Spanning Tree Protocol IEEE 802 1s STP STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then it selects a designated bridgi...

Page 254: ... the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs MSTP When using STP or RSTP it may be difficult to maintain a stable path between all VLAN members Frequent changes in the tree structure can...

Page 255: ...ion Level and Configuration Digest see Configuring Multiple Spanning Trees on page 21 An MST Region may contain multiple MSTP Instances An Internal Spanning Tree IST is used to connect all the MSTP switches within an MST region A Common Spanning Tree CST interconnects all adjacent MST Regions and acts as a virtual bridge node for communications with STP or RSTP nodes in the global network Region R...

Page 256: ... The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is sel...

Page 257: ...ameters are only displayed for the CLI Spanning tree mode Specifies the type of spanning tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w MSTP Multiple Spanning Tree IEEE 802 1s Instance Instance identifier of this spanning tree This is always 0 for the CIST VLANs configuration VLANs assigned to the CIST Priority Bridge priority is used in select...

Page 258: ...ceive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Max hops The max number of hop counts for the MST region Remaining hops The remaining number of hop counts for the MST instance Transmission limit The minimum in...

Page 259: ... Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 13380 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role disable State discarding External admin path cost 10000 Internal admin cost 10000 External oper path cost 10000 Interna...

Page 260: ...rotocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay t...

Page 261: ...efault MSTP Multiple Spanning Tree IEEE 802 1s Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 Range 0 ...

Page 262: ...se every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Configuration Settings for RSTP The following attributes apply to bot...

Page 263: ...VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision10 The revision for this MSTI Range 0 65535 Default 0 Region Name10 The name for this MSTI Maximum length 32 characters Max Hop Count The maximum number of hops allowed in the MST region before a BPDU is discarded Range 1 40 Default 20 10 The MST name and revision number are both required t...

Page 264: ...SPANNING TREE ALGORITHM 10 12 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 10 2 STA Global Configuration ...

Page 265: ...iving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding Console config spanning tree 29 3 Console config spanning tree mode mstp 29 4 Console config spanning tre...

Page 266: ... the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 10 17 Oper Edge...

Page 267: ... path cost The path cost for the MST See the preceding item Priority Defines the priority used for this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm...

Page 268: ...tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems Howe...

Page 269: ...s and trunks Command Attributes The following attributes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 10 13 for additional information Console show spanning tree ethernet 1 5 29 25 Eth 1 5 information Admin status enabled Role disable State discarding External admin path cost 10000 Internal admi...

Page 270: ...otocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be...

Page 271: ...de Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to Table 1...

Page 272: ... to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Default Disabled Web Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply Figure 10 4 STA Port Configuration CLI This example sets STA attributes for port 7 Console config interface ethernet 1 7 24 2 Console config if no spanning t...

Page 273: ...h the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 10 8 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 Add the V...

Page 274: ...ibed under Displaying Global Settings page 10 4 The attributes displayed by the CLI for individual interfaces are described under Displaying Interface Settings page 10 13 Web Click Spanning Tree MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier a...

Page 275: ...nated Root 32768 1 0030F1D473A0 Current root port 7 Current root cost 10000 Number of topology changes 2 Last topology changes time sec 85 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master State forwarding External admin path cost 10000 Internal admin path cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated co...

Page 276: ...es MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Note The other attributes are described under Displaying Interface Settings page 10 13 Web Click Spanning Tree MSTP Port Information or Trunk Information Select the required MST instance to display the current spanning tree values Figure 10 6 MSTP Port Information Console config spanning tree mst configuration 29 10 Console...

Page 277: ...ot Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000E8AAAA00 Current root port 1 Current root cost 10000 Number of topology changes 12 Last topology changes time sec 303 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding External admin path cost 10000 Internal admin path cost 10000 Externa...

Page 278: ... Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanni...

Page 279: ...ed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Table 10 3 Recommended STA Path Cost Range Port Type IEEE 802 1D 1998 Use the spanning tree pathcost method command on page 29 9 to set the path cost method IEEE 802 1w 2001 Gigabit Ethernet 3 10 2 000 200 000 10G Ethernet 1 5 200 20 000 Tabl...

Page 280: ...priority and path cost for an interface and click Apply Figure 10 7 MSTP Port Configuration CLI This example sets the MSTP attributes for port 4 Console config interface ethernet 1 4 24 2 Console config if spanning tree mst port priority 0 29 23 Console config if spanning tree mst cost 50 29 22 Console config if ...

Page 281: ...h they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater netw...

Page 282: ... intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the ot...

Page 283: ...ded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VLAN Registration GVRP GARP VLAN Registration Protocol defines a system whereby the switch can automatically learn the VLANs to which each end stati...

Page 284: ...e switch ports connected to these devices as described in Adding Static Members to VLANs VLAN Index on page 11 10 But you can still enable GVRP on these edge switches as well as on the core switches in the network Forwarding Tagged Untagged Frames If you want to create a small port based VLAN for devices attached directly to a single switch you can assign ports to the same untagged VLAN However to...

Page 285: ...ing the ingress port s default VID Enabling or Disabling GVRP Global Setting GARP VLAN Registration Protocol GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN regis...

Page 286: ...switch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this switch Web Click VLAN 802 1Q VLAN Basic Information Figure 11 2 VLAN Basic Information CLI Enter the following command 12 Web Only Console show bridge ext 30 3 Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering services No Static entry individual port Yes VLAN learning IV...

Page 287: ...AN for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4093 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port membe...

Page 288: ...e information about VLAN groups used on this switch to external network devices you must specify a VLAN ID for each of these groups Command Attributes Current Lists all the current VLAN groups created for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for ...

Page 289: ...VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it will be reassigned to VLAN group 1 as untagged Web Click VLAN 802 1Q VLAN Static List To create a new VLAN enter the VLAN ID and VLAN name mark the Enable checkbox to ...

Page 290: ...mbers 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Configuring VLAN Behavior for Interfaces on page 11 14 Command Attributes VLAN ID of configured VLAN 1 4093 Name Name of the VLAN 1 to 32 characters Console config vlan database 30 7 Console config vlan vlan 2 name R D media ethern...

Page 291: ...rmation Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from automatically joining the VLAN via GVRP For more information see Automatic VLAN Registration on page 11 ...

Page 292: ... 11 5 VLAN Static Table Adding Static Members CLI The following example adds tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 24 2 Console config if switchport allowed vlan add 2 tagged 30 14 Console config if exit Console config interface ethernet 1 2 Console config if switchport allowed vlan add 2 untagged Console config if exit Console config interface ethernet 1 13 Con...

Page 293: ...by Port Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 11 6 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as a t...

Page 294: ...ed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untag...

Page 295: ...he interval between transmitting requests queries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer13 The interval a port waits before leaving a VLAN group This time should be set to more than twice the join time This ensures that after a Leave or LeaveAll message has been issued the applicants can rejoin before the port actually leaves the group Range 60 3000 c...

Page 296: ... interface click Apply Figure 11 7 VLAN Port Configuration CLI This example sets port 3 to accept only tagged frames assigns PVID 3 as the native VLAN ID enables GVRP sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 24 2 Console config if switchport acceptable frame types tagged 30 11 Console config if switchport ingress filtering 30 12 Console...

Page 297: ...rmal VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable or Disable from the scroll down box and click Apply Figure 11 8 Private VLAN Status CLI This example enables private VLANs Console config pvlan 30 17 Console config Uplink Ports Primary VLAN p...

Page 298: ...signated downlink ports Web Click VLAN Private VLAN Link Status Mark the ports that will serve as uplinks and downlinks for the private VLAN then click Apply Figure 11 9 Private VLAN Link Status CLI This configures port 3 as an uplink and port 5 and 6 as downlinks Console config pvlan up link ethernet 1 3 down link ethernet 1 5 30 17 Console config pvlan up link ethernet 1 3 down link ethernet 1 6...

Page 299: ...is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 8 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at...

Page 300: ...up 1 and then specifies Ethernet frames with IP and ARP protocol types Mapping Protocols to VLANs Map a protocol group to a VLAN for each interface that will participate in the group Command Usage When creating a protocol based VLAN only assign interfaces using this configuration screen If you assign interfaces using any of the other VLAN menus such as the VLAN Static Table page 10 or VLAN Static ...

Page 301: ...nd the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Command Attributes Interface Port or trunk identifier Protocol Group ID Group identifier of this protocol group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 ...

Page 302: ... following maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 3 Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 3 30 21 Console config if ...

Page 303: ... priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received...

Page 304: ...erface Range 0 7 Default 0 Number of Egress Traffic Classes The number of queue buffers provided for each port Web Click Priority Default Port Priority or Default Trunk Priority Modify the default priority for any interface then click Apply Figure 12 1 Default Port Priority 15 CLI displays this information as Priority for untagged traffic ...

Page 305: ...shown in the following table Console config interface ethernet 1 3 24 2 Console config if switchport priority default 5 31 3 Console config if end Console show interfaces switchport ethernet 1 3 24 15 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN member...

Page 306: ...our own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class16 Output queue buffer Range 0 7 where 7 is the highest CoS priority queue Table 12 2 CoS Priority Levels Priority Level Traffic Type 1 Background 2 Spare 0 default Best Effort 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than 10 mi...

Page 307: ...S priorities is implemented as an interface configura tion command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 24 2 Console config queue cos map 0 0 31 5 Console config queue cos map 1 1 Console config queue cos map 2 2 Console config exit Console show queue cos map 31 8 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 3...

Page 308: ...ents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10 12 14 for queues 0 through 7 respectively This is the default selection Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower...

Page 309: ...ueues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table17 Displays a list of weights for each traffic class i e queue Weight Value Set a new weight for the selected traffic class ...

Page 310: ...ervice When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priori...

Page 311: ...e default setting IP Precedence Maps layer 3 4 priorities using IP Precedence IP DSCP Maps layer 3 4 priorities using Differentiated Services Code Point Mapping Web Click Priority IP Precedence DSCP Priority Status Select Disabled IP Precedence or IP DSCP from the scroll down menu then click Apply Figure 12 5 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence servic...

Page 312: ... value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Table 12 3 Mapping...

Page 313: ... and then displays the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configu ration command but any changes will apply to the all interfaces on the switch Console config map ip precedence 31 10 Console config interface ethernet 1 1 24 2 Console config if map ip precedence 1 cos 0 31 11 Console config if end Console show map ip precedence ethernet 1...

Page 314: ... marked for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority Note...

Page 315: ... 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp 31 12 Console config interface ethernet 1 1 24 2 Console config if map ip dscp 1 cos 0 31 13 Console config if end Console show map ip dscp ethernet 1 1 31 16 DSCP mapping s...

Page 316: ...IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note Up to 8 entries can be specified IP Port Priority settings apply to all interfaces Web Click Priority IP P...

Page 317: ...switch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Mapping specific values for IP Port Priority is implemented as an interface config uration command but any changes will apply to the all interfaces on the switch Console config map ip port 31 9 Console config interface ethernet 1 1 24 2 Console config if map ip port 80 cos 0 31 10 Console config if en...

Page 318: ...CLASS OF SERVICE 12 16 ...

Page 319: ...or different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class Class information can be assigned by end hosts or switches or routers along the path Priority can then be assigned based on a general policy or a detailed examination of the packet However note that detailed examination of...

Page 320: ... or a VLAN 3 Use the Policy Map to designate a policy name for a specific manner in which ingress traffic will be handled 4 Add one or more classes to the Policy Map Assign policy rules to each class by setting the QoS value to be assigned to the matching traffic class The policy rule can also be configured to monitor the average flow and burst rate and drop any traffic that exceeds the specified ...

Page 321: ... the name and a brief description of a class map Range 1 16 characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class entry Modify the criteria used to classify ingress traffic on this page Add Class Opens the Class Configuration page Enter a class name and description on this page and click Add to open the Match Class Setting...

Page 322: ...CL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 VLAN A VLAN Range 1 4093 Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class ...

Page 323: ...s or Edit Rules to change the rules of an existing class Figure 13 1 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd_class match any 32 3 Console config cmap match ip dscp 3 32 4 Console config cmap ...

Page 324: ...y click Add to register the new policy A policy map can contain multiple class statements that can be applied to the same interface with the Service Policy Settings page 13 10 You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6 Extended ACL This limitation applies ...

Page 325: ...ss traffic on this page Remove Policy Deletes a specified policy Policy Configuration Policy Name Name of policy map Range 1 16 characters Description A brief description of a policy map Range 1 64 characters Add Adds the specified policy Back Returns to previous page with making any changes Policy Rule Settings Class Settings Class Name Name of class map Action Shows the service provided to ingre...

Page 326: ...eck this to define the maximum throughput burst rate and the action that results from a policy violation Rate kbps Rate in kilobits per second Range 1 100000 kbps or maximum port speed whichever is lower Burst byte Burst in bytes Range 64 1522 Exceed Specifies whether the traffic that exceeds the specified rate or burst will be dropped or the DSCP service level will be reduced Set Decreases DSCP p...

Page 327: ...CE PARAMETERS 13 9 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 13 2 Configuring Policy Maps ...

Page 328: ... bind the service policy to the required interface You can only bind one policy map to an interface The current firmware does not allow you to bind a policy map to an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from the scroll down box ...

Page 329: ...nabled and choose a Policy Map for a port from the scroll down box then click Apply Figure 13 3 Service Policy Settings CLI This example applies a service policy to an ingress interface Console config interface ethernet 1 5 24 2 Console config if service policy input rd_policy 3 32 10 Console config if ...

Page 330: ...QUALITY OF SERVICE 13 12 ...

Page 331: ...e hosts which subscribed to this service This switch can use Internet Group Management Protocol IGMP to filter multicast traffic IGMP Snooping can be used to passively monitor or snoop on exchanges between attached hosts and an IGMP enabled device most commonly a multicast router In this way the switch can discover the ports that want to join a multicast group and set its filters accordingly If th...

Page 332: ...orward multicast traffic Static IGMP Router Interface If IGMP snooping cannot locate the IGMP querier you can manually designate a known IGMP querier i e a multicast router switch connected over the network to an interface on your switch page 14 6 This interface will then join all the current multicast groups supported by the attached router switch to ensure that multicast traffic is passed to all...

Page 333: ...ill continue to receive the multicast service Note Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive multicast traffic This is also referred to as IGMP Snooping Default Enabled A...

Page 334: ... to have expired Range 300 500 seconds Default 300 IGMP Version Sets the protocol version for compatibility with other devices on the network Range 1 2 Default 2 Notes 1 All systems on the subnet must support the same version 2 Some attributes are only enabled for IGMPv2 including IGMP Report Delay and IGMP Query Timeout Web Click IGMP Snooping IGMP Configuration Adjust the IGMP settings as requir...

Page 335: ...r switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Console config ip igmp snooping 33 2 Console config ip igmp snooping querier 33 6 Console config ip igmp snooping query count 10 33 7 Console config ip igmp snooping query...

Page 336: ...e the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch Command...

Page 337: ...xample configures port 11 as a multicast router port within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attribute VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that h...

Page 338: ...multicast service Figure 14 4 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corresponding services The Type field shows if this entry was learned dynamically or was statically configured Console show mac address table multicast vlan 1 33 5 VLAN M cast IP addr Member ports Type 1 224 1 1 12 Eth1 12...

Page 339: ...s to a common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all mul...

Page 340: ...ick Add After you have completed adding ports to the member list click Apply Figure 14 5 IGMP Member Port Table CLI This example assigns a multicast address to VLAN 1 and then displays all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 33 3 Console config exit Console show mac address table multicast vlan 1 33 5 VLAN M cast I...

Page 341: ...o address translation Configuring General DNS Service Parameters Command Usage To enable DNS service on this switch first configure one or more name servers and then enable domain lookup status To append domain names to incomplete host names received from a DNS client i e not formatted with dotted notation you can specify a default domain name or a list of domain names to be tried in sequential or...

Page 342: ...es DNS host name to address translation Default Domain Name18 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List18 Defines a list of domain names that can be appended to incomplete host names Range 1 64 alphanumeric characters 1 5 names Name Server List Specifies the address of one or more domain name servers to use for name to add...

Page 343: ...15 3 Web Select DNS General Configuration Set the default domain name or list of domain names specify one or more name servers to use to use for address resolution enable domain lookup status and click Apply Figure 15 1 DNS General Configuration ...

Page 344: ...work devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Console config ip domain name sample com 34 4 Console config ip domain list sample com uk 34 5...

Page 345: ... Range 1 64 characters IP Address Internet address es associated with a host name Range 1 8 addresses Alias Displays the host names that are mapped to the same address es as a previously configured entry Web Select DNS Static Host Table Enter a host name and one or more corresponding addresses then click Apply Figure 15 2 DNS Static Host Table ...

Page 346: ...e entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Console config ip hos...

Page 347: ...ME 207 46 134 190 51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POINTER TO 4 51 www microsoft com 6 4 CNAME 207 46 68 27 71964 msn com tw 7 4 ALIAS POINTER TO 6 71964 www msn com tw 8 4 CNAME 65 54 131 192 605 passportimages com 9 4 ALIAS POINTER TO ...

Page 348: ...DOMAIN NAME SERVICE 15 8 ...

Page 349: ... the DHCP server on this switch to support that subnet When configuring the DHCP server on this switch you can configure an address pool for each unique IP interface or manually assign a static IP address to clients based on their hardware address or client identifier The DHCP server can provide the host s IP address domain name gateway router and DNS server information about the host s boot image...

Page 350: ... the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcasts the DHCP response received from the server to the client Command Usage You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server Command Attributes VLAN ID ID of configured VLAN VLAN...

Page 351: ...Restart DHCP Relay to start the relay service Figure 16 1 DHCP Relay Configuration CLI This example specifies one DHCP relay server for VLAN 1 and enables the relay service Console config interface vlan 1 24 2 Console config if ip dhcp relay server 10 1 0 99 35 5 Console config if ip dhcp restart relay 35 4 Console config if ...

Page 352: ...ed to hosts based on the client identifier code or MAC address Command Usage First configure any excluded addresses including the address for this switch Then configure address pools for the network interfaces You can configure up to 8 network address pools You can also manually bind an address to a specific client if required However any fixed addresses must fall within the range of an existing n...

Page 353: ...luded Addresses Specifies IP addresses that the DHCP server should not assign to DHCP clients You can specify a single address or an address range New Excluded Addresses New entries for excluded addresses can be specified as a single address or an address range Note Be sure you exclude the address for this switch and other key network devices Web Click DHCP Server General Enter a single address or...

Page 354: ...lay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is found it assigns an address from the match...

Page 355: ...l Setting the Host Parameters IP The IP address of the DHCP address pool Subnet Mask Specifies the network mask of the client Hardware Address Specifies the MAC address and protocol used on the client Options Ethernet IEEE802 FDDI Default Ethernet Client Identifier A unique designation for the client device either a text string 1 15 characters or hexadecimal value Setting the Optional Parameters D...

Page 356: ... as the Next Server Next Server The IP address of the next server in the boot process which is typically a Trivial File Transfer Protocol TFTP server Lease Time The duration that an IP address is assigned to a DHCP client Options fixed period Infinite Default 1 day Examples Creating a New Address Pool Web Click DHCP Server Pool Configuration Specify a pool name then click Add Figure 16 3 DHCP Serv...

Page 357: ...rk Configuration CLI This example configures a network address pool Console config ip dhcp pool tps 35 8 Console config dhcp network 10 1 0 0 255 255 255 0 35 9 Console config dhcp default router 10 1 0 253 35 10 Console config dhcp dns server 10 2 3 4 35 11 Console config dhcp netbios name server 10 1 0 33 35 13 Console config dhcp netbios node type hybrid 35 14 Console config dhcp domain name ex...

Page 358: ...l Configuration Click the Configure button for any entry Click the radio button for Host Enter the IP address subnet mask and hardware address for the client device Configure the optional parameters such as gateway server and DNS server Then click Apply Figure 16 5 DHCP Server Pool Host Configuration ...

Page 359: ...given addresses by the switch Note More than one DHCP server may respond to a service request by a host In this case the host generally accepts the first address assigned by any DHCP server Console config ip dhcp pool mgr 35 8 Console config dhcp host 10 1 0 19 255 255 255 0 35 16 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 35 18 Console config dhcp client identifier text bear ...

Page 360: ... address from the DHCP server s database Figure 16 6 DHCP Server IP Binding CLI This example displays the current binding and then clears all automatic binding Console show ip dhcp binding 35 20 IP MAC Lease Time Start 10 1 0 20 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console clear ip dhcp binding 35 19 Console ...

Page 361: ...ong to the same VLAN and the switch provides only Layer 2 functionality Therefore you should first create VLANs for each unique user group or application traffic page 11 8 assign all ports that belong to the same group to these VLANs page 11 10 and then assign an IP interface to each VLAN page 17 7 By separating the network into different VLANs it can be partitioned into subnetworks that are disco...

Page 362: ...nation MAC address Layer 3 forwarding routing Based on the Layer 3 destination address Replacing destination source MAC addresses for each hop Incrementing the hop count Decrementing the time to live Verifying and recalculating the Layer 3 checksum VLAN 1 VLAN 2 Inter subnet traffic Layer 3 switching Routing Unt Untagged Unt Untagged Tagged or Untagged Tagged or Untagged Tagged or Untagged Tagged ...

Page 363: ...cessary Note In order to perform IP switching the switch should be recognized by other network nodes as an IP router either by setting it as the default gateway or by redirection from another router via the ICMP process When the switch receives an IP packet addressed to its own MAC address the packet follows the Layer 3 routing process The destination IP address is checked against the Layer 3 addr...

Page 364: ...atic and dynamic routing Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch Dynamic routing uses a routing protocol to exchange routing information calculate routing tables and respond to changes in the status or loading of the network The switch supports RIP and RIP 2 dynamic routing protocols ...

Page 365: ...l be connected directly to this switch Note that you must first create a VLAN as described under Creating VLANs on page 11 8 before configuring the corresponding subnet Remember that if you need to manage the switch in band then you must define the IP subnet address for at least one VLAN Command Attributes IP Routing Status Configures the switch to operate as a Layer 2 switch or as a multilayer ro...

Page 366: ...by periods Web Click IP General Global Settings Set IP Routing Status to Disabled to restrict operation to Layer 2 or Enabled to allow multilayer switching specify the default gateway which will be forwarded packets for all unknown subnets and click Apply Figure 17 1 IP Global Settings CLI This example enables IP routing and sets the default gateway Console config ip routing 37 2 Console config ip...

Page 367: ... defines the network and subnetwork numbers of the segment that is connected to that interface and allows you to send IP packets to or from the router Before you configure any network interfaces on this router you should first create a VLAN for each unique user group or for each network application and its associated users Then assign the ports associated with each of these VLANs Command Attribute...

Page 368: ...sses consist of four numbers 0 to 255 separated by periods Subnet Mask This mask identifies the host address bits used for routing to specific subnets Web Click IP General Routing Interface Specify an IP interface for each VLAN that will support routing to other subnets First specify a primary address and click Set IP Configuration If you need to assign secondary addresses enter these addresses on...

Page 369: ...ress into the appropriate field in the frame header and forwards the frame on to the next hop IP traffic passes along the path to its final destination in this way with each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry for an IP address in the ARP cache the route...

Page 370: ...be able forward traffic directly to the next hop for this destination without having to broadcast another ARP request Proxy ARP When a node in the attached subnetwork does not have routing or a default gateway configured Proxy ARP can be used to forward ARP requests to a remote subnetwork When the router receives an ARP request for a remote network and Proxy ARP is enabled it determines if it has ...

Page 371: ...flushed from the table End stations that require Proxy ARP must view the entire network as a single network These nodes must therefore use a smaller subnet mask than that used by the router or other relevant network devices Extensive use of Proxy ARP can degrade router performance because it may lead to increased ARP traffic and increased search time for larger ARP address tables Command Attribute...

Page 372: ...rks that do not have routing or a default gateway and click Apply Figure 17 3 ARP General CLI This example sets the ARP cache timeout for 15 minutes i e 900 seconds and enables Proxy ARP for VLAN 3 Console config arp timeout 900 36 46 Console config interface vlan 3 24 2 Console config if ip proxy arp 36 48 Console config if ...

Page 373: ...d out or deleted when power is reset You can only remove a static entry via the configuration interface Command Attributes IP Address IP address statically mapped to a physical MAC address Valid IP addresses consist of four numbers 0 to 255 separated by periods MAC Address MAC address statically mapped to the corresponding IP address Valid MAC addresses are hexadecimal numbers in the format xx xx ...

Page 374: ...tatic entries or clear all dynamic entries from the cache Command Attributes IP Address IP address of a dynamic entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static19 Changes a selected dynamic entry to a static entry Clear All19 Deletes all dynamic entries from the ARP cache Entry Count The n...

Page 375: ...e Console show arp 36 47 Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 Total entry 6 Console clear arp cache 36 47 This operation will delete all the dynami...

Page 376: ...oadcast addresses Command Attributes IP Address IP address of a local entry in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Entry Count The number of local entries in the ARP cache Web Click IP ARP Other Addresses Figure 17 6 ARP Other Addresses ...

Page 377: ...ddress Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other 1 10 1 0 255 ff ff ff ff ff ff other 1 Total entry 6 Console Table 17 2 ARP Statistics Parameter Description Received Request Number of ARP Request packets received by the router Received Reply Nu...

Page 378: ...d 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP statistics Rcvd 0 total 0 checksum errors 0 no port Sent 0 total TCP statistics Rcvd 0 total 0 ...

Page 379: ... destination field was not a valid address for this entity Received Packets Discarded The number of input datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffer space Output Requests The total number of datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Output Packet No R...

Page 380: ...rted protocol Received Packets Delivered The total number of input datagrams successfully delivered to IP user protocols including ICMP Discarded Output Packets The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Fragments Created The number of datagram fragments that have be...

Page 381: ...sing IP packets ICMP is therefore an integral part of the Internet Protocol ICMP messages may be used to report various situations such as when a datagram cannot reach its destination when the gateway does not have the buffering capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more...

Page 382: ...t Parameter Problems The number of ICMP Parameter Problem messages received sent Source Quenches The number of ICMP Source Quench messages received sent Redirects The number of ICMP Redirect messages received sent Echos The number of ICMP Echo request messages received sent Echo Replies The number of ICMP Echo Reply messages received sent Timestamps The number of ICMP Timestamp request messages re...

Page 383: ...DISPLAYING STATISTICS FOR IP PROTOCOLS 17 23 Web Click IP Statistics ICMP Figure 17 9 ICMP Statistics CLI See the example on page 17 17 ...

Page 384: ...o slow or just unnecessary Web Click IP Statistics UDP Figure 17 10 UDP Statistics CLI See the example on page 17 17 Table 17 5 USP Statistics Parameter Description Datagrams Received The total number of UDP datagrams delivered to UDP users Datagrams Sent The total number of UDP datagrams sent from this entity Receive Errors The number of received UDP datagrams that could not be delivered for reas...

Page 385: ...tate Failed Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD state plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN RCVD state Current Connections The number of TCP connections for which the current state is either ESTABLISHED or CLOSE WAIT ...

Page 386: ...t supported or can be set to force the use of a specific route to a subnet rather than using dynamic routing Static routes do not automatically change in response to changes in network topology so you should only configure a small number of stable routes to ensure network accessibility Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network su...

Page 387: ... such as RIP Range 1 5 default 1 Entry Count The number of table entries Web Click IP Routing Static Routes Figure 17 12 IP Static Routes CLI This example forwards all traffic for subnet 192 168 1 0 to the router 192 168 5 254 using the default metric of 1 Console config ip route 192 168 1 0 255 255 255 0 192 168 5 254 37 3 Console config ...

Page 388: ...ss there is at least one active link connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address of the destination network subnetwork or host Note that the address 0 0 0 0 indicates the default gateway for this router Netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets...

Page 389: ... Table CLI This example shows routes obtained from various methods Console show ip route 37 5 Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 0 0 0 10 1 0 254 static 1 1 10 1 0 0 255 255 255 0 10 1 0 253 local 1 1 10 1 1 0 255 255 255 0 10 1 0 254 RIP 2 1 Total entries 3 Console ...

Page 390: ...o use methods for preventing loops that would cause endless retransmission of data traffic RIP utilizes the following three methods to prevent loops from occurring Split horizon Never propagate routes back to an interface port from which they have been acquired Poison reverse Propagate routes back to an interface port from which they have been acquired but set the distance vector metrics to infini...

Page 391: ...ds RIP messages to all devices in the network every 30 seconds by default and updates its own routing table when RIP messages are received from other routers To communicate properly with other routers using RIP you need to specify the RIP version used globally by the router as well as the RIP send and receive versions used on specific interfaces page 17 35 Command Usage When you specify a Global R...

Page 392: ...s value will also set the timeout timer to 6 times the update time and the garbage collection timer to 4 times the update time Range 15 60 seconds Default 30 seconds Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable However packets are still forwarded on th...

Page 393: ...mer and then click Apply Figure 17 14 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip 37 9 Console config router version 2 37 15 Console config router timers basic 15 37 11 Console config router end Console show rip globals 37 22 RIP Process Enabled Update Time in Seconds 15 Number of Route Change 0 Number ...

Page 394: ...t address nnn xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address are used 192 223 is class C and the first three fields in the network address are used Command Attributes Subnet Address IP address of a network directly connected to this router Web...

Page 395: ... Version or Send Version for an interface overrides the global setting specified by the RIP General Settings Global RIP Version field You can specify the Receive Version based on these options Use RIPv1 or RIPv2 if all routers in the local network are based on RIPv1 or RIPv2 respectively Use RIPv1 or RIPv2 if some routers in the local network are using RIPv2 but there are still some older routers ...

Page 396: ...f data traffic When protocol packets are caught in a loop links will be congested and protocol packets may be lost However the network will slowly converge to the new state RIP utilizes the following three methods that can provide faster convergence when the network topology changes and prevent most loops from occurring Split Horizon Never propagate routes back to an interface port from which they...

Page 397: ...lt depends on the setting specified under RIP General Settings Global RIP Version RIPv1 RIPv1 or RIPv2 packets RIPv2 RIPv2 packets Send Version The RIP version to send on an interface RIPv1 Sends only RIPv1 packets RIPv2 Sends only RIPv2 packets RIPv1 Compatible Route information is broadcast to other routers with RIPv2 Default Do Not Send Does not transmit RIP updates The default depends on the s...

Page 398: ...res the interface to exchange routing information with other routers based on an authorized password Note that authentication only applies to RIPv2 Authentication Key Specifies the key to use for authenticating RIPv2 packets For authentication to function properly both the sending and receiving interface must use the same password Range 1 16 characters case sensitive Web Click Routing Protocol RIP...

Page 399: ...to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistributed into RIP For example if a metric of 10 is defined for redistributed routes these routes can only be advertised to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can fol...

Page 400: ...lue is set by set by the default metric command see page 37 9 Web Click Routing Protocol RIP Redistribute Configuration Enter the redistribution metric for static routes and click Set Figure 17 17 RIP Redistribution Configuration CLI This example redistributes static routes and sets the metric for all of these routes to a value of 3 Console config router rip 37 9 Console config router redistribute...

Page 401: ...of Route Changes Number of times routing information has changed Number of Queries Number of router database queries received by this router Interface Information Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 rip1Compatible ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1Orv2 InstabilityPreventing Shows if split horizon ...

Page 402: ...P Statistics Version Whether RIPv1 or RIPv2 packets were received from this peer RcvBadPackets Number of bad RIP packets received from this peer RcvBadRoutes Number of bad routes received from this peer Table 17 7 RIP Information and Statistics Continued Parameter Description ...

Page 403: ...umber of Queries 0 Console show ip rip configuration 37 22 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication Console show ip rip status 37 22 Interface RcvBadPackets RcvBadRoutes SendUpdates 10 1 0 253 0 0 60 10 1 1 253 0 0 63 Console show ip rip peer 37 22 Peer Up...

Page 404: ...IP ROUTING 17 44 ...

Page 405: ...mands 21 1 User Authentication Commands 22 1 Access Control List Commands 23 1 Interface Commands 24 1 Link Aggregation Commands 25 1 Mirror Port Commands 26 1 Rate Limit Commands 27 1 Address Table Commands 28 1 Spanning Tree Commands 29 1 VLAN Commands 30 1 Class of Service Commands 31 1 Quality of Service Commands 32 1 Multicast Filtering Commands 33 1 Domain Name Service Commands 34 1 DHCP Com...

Page 406: ...COMMAND LINE INTERFACE ...

Page 407: ...s and parameters at the prompt Using the switch s command line interface CLI is very similar to entering commands on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and...

Page 408: ...10 1 0 and a host portion 1 Note The IP address for this switch is obtained via DHCP by default To access the stack through a Telnet session you must first set the IP address for the Master unit and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office or to the Internet you need t...

Page 409: ...er the necessary commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identi...

Page 410: ...ame admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambig...

Page 411: ...tion of interfaces ip IP information ipv6 IPv6 information lacp Show LACP statistic line TTY line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Show management IP filter map Map priority policy map Display policy maps port Characteristics of the port protocol vlan Protocol VLAN inf...

Page 412: ... log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modi...

Page 413: ...yed in the following table Exec Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Priv...

Page 414: ...re not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hostname and snmp server community Access Control List Configuration These commands ...

Page 415: ...d databits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple interfaces Router Configuration These commands configure global settings for unicast routing protocols VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mo...

Page 416: ...ess list ip extended access list mac access list ipv6 standard access list ipv6 extended Console config std acl Console config ext acl Console config mac acl Console config std ipv6 acl Console config ext ipv6 acl 23 3 23 3 23 17 23 10 23 10 Class Map class map Console config cmap 32 3 DHCP ip dhcp pool Console config dhcp 35 8 Interface interface ethernet port port channel id vlan id Console conf...

Page 417: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters t...

Page 418: ... passwords logon access using local or remote authentication management access through the web server Telnet server and Secure Shell as well as port security IEEE 802 1X port access control and restricted access based on specified IP addresses 22 1 Access Control List Provides filtering for IPv4 frames based on address protocol TCP UDP port number or TCP control code IPv6 frames based on destinati...

Page 419: ...res VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs and protocol VLANs 30 1 Class of Service Sets port priority for untagged frames selects strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP UDP traffic types IP precedence and DSCP 31 1 Quality of Service Configures Differentiated Services 32...

Page 420: ...OVERVIEW OF THE COMMAND LINE INTERFACE 18 14 PE Privileged Exec PM Policy Map Configuration RC Router Configuration VC VLAN Database Configuration ...

Page 421: ...rivileged mode PE 19 3 configure Activates global configuration mode PE 19 3 show history Shows the command history buffer NE PE 19 4 reload Restarts the system PE 19 5 prompt Customizes the CLI prompt GC 19 6 end Returns to Privileged Exec mode any config mode 19 6 exit Returns to the previous configuration mode or exits the CLI any 19 7 quit Exits a CLI session NE PE 19 7 help Shows how to use h...

Page 422: ... 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 22 4 The character is appended to the end of the prompt to indicate that the system is in pri...

Page 423: ... appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 19 2 configure This command activates Global Configuration mode You must enter this mode to modify any settings on the switch You must also enter Global Configuration mode prior to enabling some of the other configuration modes including Interface Configuration Line Configuration...

Page 424: ... Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer Console configure Console config Console show history Execution command history 2 config 1 show history Configuration command history 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console ...

Page 425: ... history buffer config reload This command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This example shows ho...

Page 426: ...ting Console Command Mode Global Configuration Example end This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console config prompt ...

Page 427: ...rn to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Console config exit Console exit Press ENTER to start session User Access Verification Username ...

Page 428: ...GENERAL COMMANDS 19 8 Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username ...

Page 429: ...his switch 20 2 System Status Displays system configuration active managers and version information 20 4 Frame Size Enables support for jumbo frames 20 11 File Management Manages code image or ECN330 switch configuration files 20 12 Line Sets communication parameters for the serial port including baud rate and console time out 20 21 Event Logging Controls logging of error messages 20 34 SMTP Alert...

Page 430: ...yntax hostname name no hostname name The name of this host Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Table 20 2 Device Designation Commands Command Function Mode Page hostname Specifies the host name for the switch GC 20 2 snmp server contact Sets the system contact string GC 21 5 snmp server location Sets the system location string GC 21 5 switch...

Page 431: ...ially starting from the top unit for a non loop stack or starting from the Master unit for a looped stack Syntax switch all renumber Default Setting For non loop stacking the top unit is unit 1 For loop stacking the master unit is unit 1 Command Mode Global Configuration Example This example shows how to renumber all units Console switch all renumber Console ...

Page 432: ...n volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration Table 20 3 System Status Commands Command Function Mode Page show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 20 4 show running config Displays the configuration data currently ...

Page 433: ...gMac 01_00 20 1a df 9c a0_00 stackingMac stackingMac 02_00 20 1a df 9e c0_01 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac phymap 00 20 1a df 9c a...

Page 434: ...ompare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree MST configuration interface ethernet 1 1 switchport allowed vlan add 1 untagged switchport native vlan 1 i...

Page 435: ...tings Any configured settings for the console port and Telnet Example Console show running config building running config please wait stackingDB 0000000000000000 stackingDB stackingMac 01_00 30 f1 d4 73 a0_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00...

Page 436: ...rivate rw snmp server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active spanning tree MST configuration interface ethernet 1 ...

Page 437: ...h 2 X 10G System OID String 1 3 6 1 4 1 202 20 57 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 20 1A DF 9C A0 MAC Address Unit2 00 20 1A DF 9E C0 Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enable Telnet Server Port 23 Jumbo Fr...

Page 438: ...ed Exec Command Usage See Displaying Switch Hardware Software Versions on page 5 21 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 16...

Page 439: ...e Default Setting Disabled Command Mode Global Configuration Console show version Unit1 Serial Number 0000E8900000 Hardware Version R01 EPLD Version 1 02 Number of Ports 26 Main Power Status Up Redundant Power Status Not present Agent master Unit ID 1 Loader Version 1 0 0 1 Boot ROM Version 1 0 0 1 Operation Code Version 3 30 7 54 Console Table 20 4 Frame Size Commands Command Function Mode Page j...

Page 440: ... half duplex connections all devices in the collision domain would need to support jumbo frames The current setting for jumbo frames can be displayed with the show system command page 20 8 Example Related Commands show ipv6 mtu 36 27 File Management Commands Managing Firmware Firmware can be uploaded and downloaded to or from a TFTP server By saving runtime code to a file on a TFTP server that fil...

Page 441: ... When you save the system code or configuration settings to a file on a TFTP server that file can later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection Syntax copy file file running config startup config tftp unit copy running config file startup config tftp copy start...

Page 442: ...t Setting None Command Mode Privileged Exec Command Usage The system prompts for data required to complete the copy command The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Due to the siz...

Page 443: ...rmation on configuring the switch to use HTTPS for a secure connection see ip http secure server on page 22 17 Example The following example shows how to download new firmware from a TFTP server The following example shows how to upload the configuration settings to a file on the TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcode 1 2 2 Source fil...

Page 444: ...n file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS c...

Page 445: ...None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Example This example shows how to delete the test2 cfg configuration file from flash memory Related Commands dir 20 18 delete public key 22 28 Console delete test2 cfg Console ...

Page 446: ... but contains errors information on this file cannot be shown unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files A colon is required after the specified unit number File information is shown below Table 20 6 File Directory Information Column Heading Description file name The nam...

Page 447: ...he whichboot command See the table under the dir command for a description of the file information displayed by this command Console dir File name File type Startup Size byte Unit1 D1001 Boot Rom Image Y 1531028 V330754 Operation Code Y 4408104 Factory_Default_Config cfg Config File N 455 startup Config File Y 3649 startup1 cfg Config File N 3649 Total free space 25690112 Console Console whichboot...

Page 448: ...figuration file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified unit number and file type If the file contains an error it cannot be set as the default file Example Related Commands dir 20 18 whichboot 20 19 Co...

Page 449: ... the interval that the command interpreter waits until user input is detected LC 20 26 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 20 27 silent time These commands only apply to the serial port Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the ...

Page 450: ...elnet Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 20 32 show ...

Page 451: ...d by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectiv...

Page 452: ...ommand Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle sta...

Page 453: ...conds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 300 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The...

Page 454: ...ting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To se...

Page 455: ... The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down Example To set the password threshold ...

Page 456: ...nsole response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration console only Example To set the silent time to 60 seconds enter this command Related Commands password thresh 20 27 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the def...

Page 457: ...data bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 20 29 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Co...

Page 458: ...ax speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If...

Page 459: ...stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect This command terminates an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Console config line speed 57600 Console config line Console config l...

Page 460: ...l disconnect an SSH or Telnet connection Example Related Commands show ssh 22 31 show users 20 9 show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Console disconnect 1 Console ...

Page 461: ... line Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent time Disabled Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Console ...

Page 462: ...og servers You can use the logging history Table 20 8 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 20 34 logging history Limits syslog messages saved to switch memory based on severity GC 20 35 logging host Adds a syslog server host IP address that will receive logging messages GC 20 36 logging facility Sets the facility type for remote logging...

Page 463: ...he default level Syntax logging history flash ram level no logging history flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 20 9 Logging Levels Leve...

Page 464: ...emove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server 4 warnings Warning conditions e g return false unexpected return 3 errors Error conditions e g invalid input default used 2 critical Critical conditions e g memory allocation or free memory error resource exhausted 1 alerts Immediate action needed 0 emergencies System unusable Consol...

Page 465: ... to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch Ho...

Page 466: ...l One of the syslog severity levels listed in the table on page 20 35 Messages sent include the selected level up through level 0 Default Setting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enables remote logging b...

Page 467: ...yntax clear log flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset Default Setting Flash and RAM Command Mode Privileged Exec Example Related Commands show log 20 42 Console clear log Console ...

Page 468: ...r Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power reset sendmail Displays settings for the SMTP event handler page 20 47 trap Displays settings for the trap function Default Setting None Command Mode Privileged Exec ...

Page 469: ... The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP add...

Page 470: ...llowing example shows the event message stored in RAM REMOTELOG level type The severity threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address of syslog servers as specified in the logging host command Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and event no 1 0 00...

Page 471: ...nd Mode Global Configuration Command Usage You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server Table 20 12 SMTP Alert Commands Command Function Mode Page loggingsendmailhost SMTP servers to receive alert messages GC 20 43 logging sendmail level Severity threshold used to trigger alert messages GC 20 44 logging sendmail source ...

Page 472: ...sfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syntax logging sendmail level level level One of the system message levels page 20 35 Messages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an even...

Page 473: ...ay use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 cha...

Page 474: ...ecify each recipient Example logging sendmail This command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configuration Example Console config logging sendmail destination email ted this company com Console config Console config logging sendmail Console config ...

Page 475: ... the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabled Console ...

Page 476: ...rvers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 20 13 Time Commands Command Function Mode Page sntp client Accepts time from specified time servers GC 20 48 sntp server Specifies one or more time servers GC 20 49 sntp poll Sets the interval at which the client polls ...

Page 477: ... Commands sntp server 20 49 sntp poll 20 50 show sntp 20 51 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax sntp server ip1 ip2 ip3 ip IP address of an time server NTP or SNTP Range 1 3 addresses Default Setting None Console config sntp server 10 1 0 19 C...

Page 478: ...ed on the interval set via the sntp poll command Example Related Commands sntp client 20 48 sntp poll 20 50 show sntp 20 51 sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seconds Interval between time requests Range 16 16384 seconds Default Setting 16 s...

Page 479: ...operly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the current time the poll interval used for sending time synchronization requests and the current SNTP mode i e unicast Example Console show sntp Current time Dec 23 05 13 28 2002 Poll interval 16 Current mode unicast SNTP status Enabled SNTP server 137 92 140 80 0 0 0 0 0 0 0 0 Current server 137 92 140 80...

Page 480: ...e zone before east of UTC after utc Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the...

Page 481: ... 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Se...

Page 482: ...SYSTEM MANAGEMENT COMMANDS 20 54 Example Console show calendar 15 12 34 February 1 2002 Console ...

Page 483: ...ication and privacy and then assign SNMP users to these groups along with their specific authentication and privacy passwords Table 21 1 SNMP Commands Command Function Mode Page snmp server Enables the SNMP agent GC 21 2 show snmp Displays the status of SNMP communications NE PE 21 2 snmp server community Sets up the community access string to permit access to SNMP commands GC 21 4 snmp server con...

Page 484: ...he status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec snmp server view Adds an SNMP view GC 21 13 show snmp view Shows the SNMP views PE 21 14 snmp server group Adds an SNMP group mapping users to views GC 21 15 show snmp group Shows the SNMP groups PE 21 16 snmp server user Adds a user to an SNMP group GC 21 18 show snmp user Shows the SNMP users PE 21 20 ...

Page 485: ...e Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 T...

Page 486: ...ensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized managem...

Page 487: ...ion Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 21 5 snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Settin...

Page 488: ...ss entries inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used retries The maximum number of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 cent...

Page 489: ...ion Command Usage If you do not enter an snmp server host command no notifications are sent In order to configure the switch to send SNMP notifications you must enter at least one snmp server host command In order to enable multiple hosts you must issue a separate snmp server host command for each host The snmp server host command is used in conjunction with the snmp server enable traps command Us...

Page 490: ...ew with the required notification messages page 21 13 5 Create a group that includes the required notify view page 21 15 To send an inform to a SNMPv3 host complete these steps 1 Enable the SNMP agent page 21 2 2 Allow the switch to send SNMP traps i e notifications page 21 9 3 Specify the target host that will receive inform messages with the snmp server host command as described in this section ...

Page 491: ... Use the no form to disable SNMP notifications Syntax no snmp server enable traps authentication link up down authentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command Mode Global Configuration Command Usage If you do not enter an snmp server enable traps ...

Page 492: ...rresponding entries in the Notify View assigned by the snmp server group command page 21 15 Example Related Commands snmp server host 21 6 snmp server engine id This command configures an identification string for the SNMPv3 engine Use the no form to restore the default Syntax snmp server engine id local remote ip address engineid string no snmp server engine id local remote ip address local Speci...

Page 493: ...passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 1234 is equivalent to 1234 followed by 22 zeroes A local ...

Page 494: ... engineID IP address 80000000030004e2b316c54321 192 168 1 19 Console Table 21 2 show snmp engine id display description Field Description Local SNMP engineID String identifying the engine ID Local SNMP engineBoots The number of times that the engine has re initialized since the snmp EngineID was last configured Remote SNMP engineID String identifying an engine ID on a remote device IP address IP a...

Page 495: ...n included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includes t...

Page 496: ...sole show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type volatile Row Status active Console Table 21 3 show snmp view display description Field Description View Name Name of an SNMP view Subtree OID A branch in the MIB tree View Type Indicates if the view is included...

Page 497: ...ocol on page 5 63 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters notifyview Defines the view for notifications 1 64 characters Default Setting Default groups public20 read only private21 read write readview Every object belonging to the Internet OID space...

Page 498: ...enable traps command page 21 9 Example show snmp group Four default groups are provided SNMPv1 read only access and read write access and SNMPv2c read only access and read write access Command Mode Privileged Exec Example Console config snmp server group r d v3 auth write daily Console config Console show snmp group Group Name r d Security Model v3 Read View defaultview Write View daily Notify Vie...

Page 499: ...tatus active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 21 4 show snmp group display description Field Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view st...

Page 500: ...igned Range 1 32 characters remote Specifies an SNMP engine on a remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise e...

Page 501: ...e user resides The remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to confi...

Page 502: ...e mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 21 5 show snmp user display description Field Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Storage T...

Page 503: ...equence Defines logon authentication method and precedence 22 5 RADIUS Client Configures settings for authentication via a RADIUS server 22 8 TACACS Client Configures settings for authentication via a TACACS server 22 13 Web Server Settings Enables management access via a web browser 22 15 Telnet Server Settings Enables management access via Telnet 22 20 Secure Shell Settings Provides secure repla...

Page 504: ...d or specifies or changes a user s access level Use the no form to remove a user name Syntax username name access level level nopassword password 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No ...

Page 505: ...uired for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how the set the access level and password for a user Table 22 3 Default Login Settings username access le...

Page 506: ...privilege level Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command page 19 2 The encrypted password is required fo...

Page 507: ...e login authentication method and precedence Use the no form to restore the default Syntax authentication login local radius tacacs no authentication login local Use local password radius Use RADIUS server password tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Table 22 4 Authentication Sequence Commands Command Function Mode Page authentication login Def...

Page 508: ...The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication sequence For example if you enter authentication login radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted o...

Page 509: ... a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You c...

Page 510: ...s with associated privilege levels for each user or group that require management access to a switch Console config authentication enable radius Console config Table 22 5 RADIUS Client Commands Command Function Mode Page radius server host Specifies the RADIUS server GC 22 9 radius server port Sets the RADIUS server network port GC 22 10 radius server key Sets the RADIUS encryption key GC 22 10 ra...

Page 511: ...server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticate lo...

Page 512: ...e 1 65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Default Setting None Command Mo...

Page 513: ...0 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 De...

Page 514: ...rivileged Exec Example Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Server 1 Server IP address 192 168 1 1 Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Console ...

Page 515: ...t This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example Table 22 6 TACACS Client Commands Command Function Mode Page tacacs server host Specifies the TACACS server GC 22 13 tacacs server port Sp...

Page 516: ...ge 1 65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 48 characters Default Setting None Command...

Page 517: ...nfig Console show tacacs server Remote TACACS server configuration Server IP address 10 11 12 13 Communication key with TACACS server Server port number 49 Console Table 22 7 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface GC 22 16 ip http server Allows the switch to be monitored or configured from a browser GC 22 16 ip http se...

Page 518: ... The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 22 16 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration Console config ip htt...

Page 519: ...age Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certif...

Page 520: ...ip http secure port 22 18 copy tftp https certificate 20 13 ip http secure port This command specifies the UDP port number used for HTTPS connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS Range 1 65535 Table 22 8 HTTPS System Support Web Browser Operating System ...

Page 521: ...e HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Related Commands ip http secure server 22 17 Console config ip http secure port 1000 Console config ...

Page 522: ...t keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port used by the Telnet interface port number The TCP port number to be used by the browser interface Range 1 65535 Default Setting Server Enabled Server Port 23 Command Mode Global Configuration Example Table 22 9 Telnet Server Commands Command Function Mode Page ip telnet server Allows t...

Page 523: ... key size Sets the SSH server key size GC 22 27 copy tftp public key Copies the user s public key from a TFTP server to the switch PE 20 13 delete public key Deletes the public key for the specified user PE 22 28 ip ssh crypto host key generate Generates the host key PE 22 28 ip ssh crypto zeroize Clear the host key from RAM PE 22 29 ip ssh save host key Saves the host key from RAM to flash memory...

Page 524: ...utomatically import the host public key during the initial connection setup with the switch Otherwise you need to manually create a known hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 150202455931998685...

Page 525: ... SSH v1 5 or V2 Clients a The client sends its password to the server b The switch compares the client s password to those stored in memory c If a match is found the connection is allowed Note To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to con...

Page 526: ... queries the switch to determine if DSA public key authentication using a preferred algorithm is acceptable b If the specified algorithm is supported by the switch it notifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whether th...

Page 527: ...s with the client to select either DES 56 bit or 3DES 168 bit for data encryption You must generate DSA and RSA host keys before enabling the SSH server Example Related Commands ip ssh crypto host key generate 22 28 show ssh 22 31 ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout seconds no ip ssh timeout seco...

Page 528: ... command for vty sessions Example Related Commands exec timeout 20 26 show ip ssh 22 31 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which ...

Page 529: ...ze no ip ssh server key size key size The size of server key Range 512 896 bits Default Setting 768 bits Command Mode Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example Console config ip ssh authentication retires 2 Console config Console config ip ssh server key siz...

Page 530: ...A and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate This command generates the host key pair i e public and private Syntax ip ssh crypto host key generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clien...

Page 531: ...t key to negotiate a session key and encryption method with the client trying to connect to it Example Related Commands ip ssh crypto zeroize 22 29 ip ssh save host key 22 30 ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type rsa RSA key type Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Co...

Page 532: ... no ip ssh server 22 24 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 22 28 Console ip ssh crypto zeroize dsa Console Console ip ssh save host key dsa Console ...

Page 533: ...n 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 22 11 show ssh display description Field Description Session The session number Range 0 3 Version The Secure Shell version number State The authenticatio...

Page 534: ...he client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanced Encryption Standard 16...

Page 535: ...36375927835525327972629521130241 0719421061655759424590939236096954050362775257556251003866130989393 8345231033280214988866192159556859887989191950588394018138744046890 8779160305837768185490002831341625008348718449522087429212255691665 6552963281635169640408315547660664151657116381 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp1K...

Page 536: ...etwork The port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message Table 22 12 Port Security Commands Command Function Mode Page...

Page 537: ... disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Default Setting Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops learning new MAC addresses on the specified port when it has reached a configured maxim...

Page 538: ...device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled using the no shutdown command Example The following example enables port security for port 5 and sets the response to a security violation to issue a trap message Related Commands shutdown 24 9 mac address table static 28 2 Console config interface ethernet 1 5 Console config if port secu...

Page 539: ...alues GC 22 38 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 22 39 dot1x port control Sets dot1x mode for a port interface IC 22 39 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 22 40 dot1x re authenticate Forces re authentication on specific ports ...

Page 540: ... sets all configurable dot1x global and port settings to their default values Command Mode Global Configuration Example dot1x timeout tx period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet IC 22 44 show dot1x Shows all dot1x related information PE 22 44 Console config dot1x system auth control Console config Console config dot1x d...

Page 541: ...t control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients eit...

Page 542: ... host max count count no dot1x operation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max co...

Page 543: ...ot1x re authenticate interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 Command Mode Privileged Exec Command Usage The re authentication process verifies the connected client s user ID and password on the RADIUS server During re authentication the client remains connected the network and the process is handled transparently by the dot1x client software ...

Page 544: ...x client software Only if re authentication fails is the port blocked The connected client is re authenticated after the interval specified by the dot1x timeout re authperiod command The default is 3600 seconds Example Related Commands dot1x timeout re authperiod 22 43 dot1x timeout quiet period This command sets the time that a switch port waits after the Max Request Count has been exceeded befor...

Page 545: ...e authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x timeout quiet period 350 Console config if Console config interface eth 1 2 Console config if dot1x timeout re authperiod 300 Console config if...

Page 546: ...e number of seconds Range 1 65535 Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 Command...

Page 547: ...eauth enabled Periodic re authentication page 22 42 reauth period Time after which a connected client must be re authenticated page 22 43 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 22 42 tx period Time a port waits during authentication session before re transmitting EAP packet page 22 44 supplicant timeout Supplicant timeout s...

Page 548: ... connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier carried in the mos...

Page 549: ...Host Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10 reauth max 2 max req 2 Status Authorized Operation mode Multi Host Max count 5 Port control Auto Supplicant 00 e0 29 94 34 65 Current Identifier 3 Authenticator State Machine State Authenticated Re...

Page 550: ...s all client Adds IP address es to the SNMP web and Telnet groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting address of a range end address The end address of a range Default Setting All addresses Command Mode Global Configuration Table 22 14 ...

Page 551: ...annot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This example restricts management access to the indicated addresses show management This command displays the client IP addresses that are allowed man...

Page 552: ...Ip Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console ...

Page 553: ...uired rules and then bind the list to a specific port This section describes the Access Control List commands Table 23 1 Access Control List Commands Command Groups Function Page IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code 23 2 IPv6 ACLs Configures ACLs based on IPv6 addresses next header type and flow label 23 9 MAC ACLs Configures ACLs...

Page 554: ...Page access list ip Creates an IPv4 ACL and enters configuration mode for standard or extended IPv4 ACLs GC 23 3 permit deny Filters packets matching a specified source IPv4 address IPv4 STD ACL 23 4 permit deny Filters packets meeting the specified criteria including source and destination IPv4 address TCP UDP port number protocol type and TCP control code IPv4 EXT ACL 23 5 show ip access list Di...

Page 555: ...acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the...

Page 556: ... appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Exa...

Page 557: ...ost source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword ...

Page 558: ...ed with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedence and ToS in the same rule However if DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 m...

Page 559: ...1 0 with the TCP control code set to SYN Related Commands access list ip 23 3 show ip access list This command displays the rules for configured IPv4 ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Console config ext acl permit 10 ...

Page 560: ... packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show ip access list 23 7 Console show ip access list standard IP standard access list david permit host 10 1 1 21 permit...

Page 561: ...rface ethernet 1 2 IP standard access list david Console Table 23 3 IPv6 ACL Commands Command Function Mode Page access list ipv6 Creates an IPv6 ACL and enters configuration mode for standard or extended IPv6 ACLs GC 23 10 permit deny Filters packets matching a specified source IPv6 address IPv6 STD ACL 23 11 permit deny Filters packets meeting the specified criteria including destination IPv6 ad...

Page 562: ...acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the...

Page 563: ...sed in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address host Keyword followed by a specific IP address Default Setting None Command Mode Standard IPv6 ACL Command Usage New rules are appended to the en...

Page 564: ...Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The switch only checks the first 64 bits of the destination address prefix length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network p...

Page 565: ... a hop by hop option A flow is uniquely identified by the combination of a source address and a non zero flow label Packets that do not belong to a flow carry a flow label of zero Hosts or routers that do not support the functions specified by the flow label must set the field to zero when originating a packet pass the field on unchanged when forwarding a packet and ignore the field when receiving...

Page 566: ...ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IPv6 ACL extended Specifies an extended IPv6 ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Console config ext ipv6 acl permit 2009 DB9 2229 79 48 Console config ext ipv6 acl Console config ext ipv6 acl permit any dscp 5 Console config ext ipv6 acl Console config...

Page 567: ...this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one IPv6 ACLs can only be applied to ingress packets Example Related Commands show ipv6 access list 23 14 Console config ...

Page 568: ...es and then bind the access list to one or more ports Console show ip access group Interface ethernet 1 2 IPv6 standard access list david in Console Table 23 4 MAC ACL Commands Command Function Mode Page access list mac Creates a MAC ACL and enters configuration mode GC 23 17 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 23 ...

Page 569: ... When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 23 18 m...

Page 570: ... destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no permit deny...

Page 571: ...e New rules are added to the end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet t...

Page 572: ...ac access group 23 20 mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL Console show mac access l...

Page 573: ...xample Related Commands mac access group 23 20 ACL Information This section describes commands used to display ACL information Console config interface ethernet 1 2 Console config if mac access group jerry in Console config if Console show mac access group Interface ethernet 1 5 MAC access list M5 in Console Table 23 5 ACL Information Commands Command Function Mode Page show access list Show all I...

Page 574: ...d permit host 10 1 1 21 permit 168 92 0 0 255 255 15 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any Consol...

Page 575: ...f a given interface when autonegotiation is disabled IC 24 3 negotiation Enables autonegotiation of a given interface IC 24 5 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 24 6 flowcontrol Enables flow control on a given interface IC 24 7 media type Force port type selected for combination ports IC 24 8 shutdown Disables an interface IC 24 9 switchport...

Page 576: ...1 26 50 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 4 enter the following command show interfaces counters Displays statistics for the specified interfaces NE PE 24 13 show interfaces switchport Displays the administrative and operational status of an interface NE PE 24 15 Console config interface ether...

Page 577: ...ollowing example adds a description to port 4 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex 10000full 1000full 100full 100half 10full 10half no speed duplex 10000full Forces 10 Gbps full duplex operation 1000full Forces 1 Gbps full duplex operation 100full Forces 100 Mb...

Page 578: ...and to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed duplex mode under auto negotiation the required mode must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation must always ...

Page 579: ...e best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disabled for the RJ 45 ports Example The following example configures port 11 to use autonegotiation Related Commands capabiliti...

Page 580: ...orts 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 1000BASE T 10half 10full 100half 100full 1000full 1000BASE...

Page 581: ...c from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3 2002 formally IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negoti...

Page 582: ...4 5 capabilities flowcontrol symmetric 24 6 media type This command forces the port type selected for combination ports 21 24 45 48 Use the no form to restore the default mode Syntax media type mode no media type mode copper forced Always uses the built in RJ 45 port sfp forced Always uses the SFP port even if module not installed sfp preferred auto Uses SFP port if both combination types are func...

Page 583: ...onfiguration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 Console config interface ethernet 1 48 Console config if media type copper forced Console config if...

Page 584: ...0 262143 Default Setting Enabled for all ports Packet rate limit 500 pps Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified threshold packets above that threshold are dropped Broadcast control does not effect IP multicast traffic Example The following shows how to configure broadcast storm control at 600 packets per second Console config interf...

Page 585: ...one Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics...

Page 586: ...Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 4 113 ...

Page 587: ...mation of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow control Disabled LACP Disabled Port security Disabled Max MAC count 0 Port security action None Media type None Current status Link status Up Por...

Page 588: ... Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 RMON stats Drop events 0 Octets ...

Page 589: ... Exec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 4 Console show interfaces switchport ethernet 1 4 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership...

Page 590: ...bership mode as Trunk or Hybrid page 30 10 Ingress rule Shows if ingress filtering is enabled or disabled page 30 12 Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 30 11 Native VLAN Indicates the default Port VLAN ID page 30 13 Priority for untagged traffic Indicates the default priority for untagged frames page 31 3 GVRP status Shows if GARP VLA...

Page 591: ...ACP This switch supports up to six trunks For example a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Table 25 1 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC 24 2 channel group Adds a port to a ...

Page 592: ...k have to be treated as a whole when moved from to added or deleted from a VLAN via the specified port channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin ke...

Page 593: ...to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channel id no channel group channel id Trunk index Range 1 32 Default Setting The current port will be added to this trunk Command Mode Interface Configuration Ethernet Command Usage Whe...

Page 594: ... either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and wil...

Page 595: ... config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk 1 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A4 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Flow control Disabled Port security Disab...

Page 596: ...ode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP operational settings are already in u...

Page 597: ...CP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote sid...

Page 598: ... Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Inte...

Page 599: ...s a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Co...

Page 600: ... messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for all channel groups Default Setting Port Channel all Command Mode Privileged Exec Example Console show lacp 1 counters Port channel 1 Eth 1 2 LACPDUs Sent 10 LACPDUs Receive 5 Marker Sent 0 Marker ...

Page 601: ... MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Console show lacp 1 internal Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 3 Oper Key 3 Admi...

Page 602: ...administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggre...

Page 603: ...y the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port...

Page 604: ...00 30 F1 D4 73 A0 8 32768 00 30 F1 D4 73 A0 9 32768 00 30 F1 D4 73 A0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 25 5 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system prior...

Page 605: ...it Stack unit Range 1 8 port Port number Range 1 26 50 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Table 26 1 Mirror Port Commands Command Function M...

Page 606: ... port You can create multiple mirror sessions but all sessions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirror all packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface interface eth...

Page 607: ...ode i e RX TX RX TX Example The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Console config if end Console show port monitor Port Mirroring Destination port listen port Eth1 1 Source port monitored port Eth1 6 Mode RX TX Console ...

Page 608: ...MIRROR PORT COMMANDS 26 4 ...

Page 609: ...e is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax ...

Page 610: ...rnet 1000 Mbps Command Mode Interface Configuration Ethernet Port Channel Command Usage Rate limits are not supported for the 10 Gigabit Ethernet ports Example Console config interface ethernet 1 1 Console config if rate limit input 600 Console config if ...

Page 611: ...and Function Mode Page mac address table static Maps a static address to a port in a VLAN GC 28 2 clear mac address table dynamic Removes any learned entries from the forwarding database PE 28 3 show mac address table Displays entries in the bridge forwarding database PE 28 4 mac address table aging time Sets the aging time of the address table GC 28 5 show mac address table aging time Shows the a...

Page 612: ...t lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following character...

Page 613: ...c address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privileged Exec Example Console config mac address table static 00 e0 29 94 34 de interface ethernet 1 1 vlan 1 delete on reset Console config Console clear mac address table dynamic Co...

Page 614: ...ace Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers representing an equivalent bit mask i...

Page 615: ...Syntax mac address table aging time seconds no mac address table aging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console show mac address table Interface MAC Address VLAN Type Eth 1 1 00 e0 29 94 34 de 1 Delete on...

Page 616: ... show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console show mac address table aging time Aging time 300 sec Console ...

Page 617: ...ree hello time Configures the spanning tree bridge hello time GC 29 6 spanning tree max age Configures the spanning tree bridge maximum age GC 29 7 spanning tree priority Configures the spanning tree bridge priority GC 29 8 spanning tree path cost method Configures the path cost method for RSTP MSTP GC 29 9 spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC 29 10 s...

Page 618: ...18 spanning tree portfast Sets an interface to fast forwarding IC 29 19 spanning tree link type Configures the link type for RSTP MSTP IC 29 21 spanning tree mst cost Configures the path cost of an instance in the MST IC 29 22 spanning tree mst port priority Configures the priority of an instance in the MST IC 29 23 spanning tree protocol migration Re checks the appropriate BPDU format PE 29 24 sh...

Page 619: ...nd disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example ...

Page 620: ... multiple VLANs are implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type ...

Page 621: ...en spanning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the new mode temporarily disrupting user traffic Example The following example configures the switch to use Rapid Spanning Tree spanning tree forward time This command configures the spanning tree bridge forward time globally for this switch Use the no form to restore the defaul...

Page 622: ...ry data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode Global Configuration...

Page 623: ...r of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in t...

Page 624: ... Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have ...

Page 625: ...802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535 This method is based on the IEEE 802 1 Spanning Tree Protocol Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values ...

Page 626: ... Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mode Default Setting No VLANs are mapped to any MST instance The region name is set the switch s MAC address Command Mode Global Configuration Example Consol...

Page 627: ...p VLANs into spanning tree instances MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree ...

Page 628: ...ge 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default Setting 32768 Command Mode MST Configuration Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all de...

Page 629: ...ode MST Configuration Command Usage The MST region name and revision number page 29 14 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands revision 29 14 Console config mstp mst 1 priority 4096 Console con...

Page 630: ...d revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands name 29 13 max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to rest...

Page 631: ...count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example spanning tree spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interfac...

Page 632: ...o spanning tree cost cost The path cost for the port Range 0 for auto configuration or 1 200 000 000 The recommended range is Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if Table 29 2 Recommended STA Path Cost Range Port Type IEEE 802 1D 1998 Use the spanning tree pathcost method command on page 29 9 to set the path cost method IEEE 802 1w...

Page 633: ...ues should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 29 9 is set to short the maximum value for path cost is 65 535 Example Table 29 3 Default STA Path Costs Port Type Link Type IEEE 802 1D 1998 Use the spanning tree pathcost method command on page 29 ...

Page 634: ...y for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands spanning tree cost 29 16 spanning tr...

Page 635: ...of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device This command has the same effect as the spanning tree portfast Example R...

Page 636: ...e time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility wi...

Page 637: ...e Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on poin...

Page 638: ...detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Table 29 4 Recommended STA Path Cost Range Port Type IEEE 802 1D 1998 Use the spanning tree pathcost method command on page 29 9 to set the path cost method IEEE 802 1w 2001 Gigabit Ethernet 3 10 2 000 200 000 10G Ethernet 1 5 ...

Page 639: ...configuration mode Path cost takes precedence over interface priority Example Related Commands spanning tree mst port priority 29 23 spanning tree mst port priority This command configures the interface priority on a spanning instance in the Multiple Spanning Tree Use the no form to restore the default Syntax spanning tree mst instance_id port priority priority no spanning tree mst instance_id por...

Page 640: ... interface is assigned the highest priority the interface with lowest numeric identifier will be enabled Example Related Commands spanning tree mst cost 29 22 spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number R...

Page 641: ...onfiguration for the common spanning tree CST or for an instance within the multiple spanning tree MST Syntax show spanning tree interface mst instance_id interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading zeroes Default Setting None Command Mo...

Page 642: ... a description of the items displayed for specific interfaces see Displaying Interface Settings on page 4 150 Example Console show spanning tree Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4093 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 ...

Page 643: ... External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwarding disable Forward transitions 1 Admin edge port enable Oper edge port disable Admin Link type auto Oper Link type point to point Spanning Tree Status enable Console show spanning tree mst co...

Page 644: ...SPANNING TREE COMMANDS 29 28 ...

Page 645: ...ion Configures GVRP settings that permit automatic VLAN learning shows the configuration for bridge extension MIB 30 2 Editing VLAN Groups Sets up VLAN groups including name VID and state 30 7 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 30 9 Displaying VLAN Information Displays VLAN groups status port me...

Page 646: ...he no form to disable it Syntax no bridge ext gvrp Default Setting Disabled Command Mode Global Configuration Table 30 2 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 30 2 show bridge ext Shows the global bridge extension configuration PE 30 3 switchport gvrp Enables GVRP for an interface IC 30 4 switchport forbidden vlan Conf...

Page 647: ...tension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 4 165 and Displaying Bridge Extension Capabilities on page 4 23 for a description of the displayed items Example Console config bridge ext gvrp Console config Console show bridge ext Max support VLAN numbers 256 Max support VLAN ID 4093 Extended multicast filtering service...

Page 648: ... is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console config interface ethernet 1 1 Console config if switchport gvrp Console config if Console show gvr...

Page 649: ... Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP...

Page 650: ...t Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands garp timer 30 5 Console config interface ethernet 1 1 Console config if garp timer join 100 Console config if Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 20 centiseconds Leave timer 60 centiseconds Leave...

Page 651: ...e show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 30 16 Table 30 3 Commands for Editing VLAN Groups Command Function Mode Page vlan databa...

Page 652: ...lowed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 2...

Page 653: ...e for a specified VLAN IC 30 9 switchport mode Configures VLAN membership mode for an interface IC 30 10 switchport acceptable frame types Configures frame types to be accepted by an interface IC 30 11 switchport ingress filtering Enables ingress filtering on an interface IC 30 12 switchport native vlan Configures the PVID native VLAN of an interface IC 30 13 switchportallowedvlan Configures the V...

Page 654: ...rid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Default Setting All ports...

Page 655: ... types all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to ...

Page 656: ...for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent...

Page 657: ...erface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames ente...

Page 658: ...ged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a...

Page 659: ... List of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a...

Page 660: ...es name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Console config interface ethernet 1 1 Console config if switchport forbidden vlan add 3 Console config if Table 30 5 Commands for Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 30 16 sh...

Page 661: ...ce list no pvlan up link Specifies an uplink interface down link Specifies a downlink interface Default Setting No private VLANs are defined Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Et...

Page 662: ...hout any parameters enables the private VLAN Entering no pvlan disables the private VLAN Example This example enables the private VLAN and then sets port 12 as the uplink and ports 5 8 as the downlinks show pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 12 down link ethernet 1 5 8 Console con...

Page 663: ...ype in use by the inbound packets To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 30 8 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the p...

Page 664: ...47483647 frame24 Frame type used by this protocol Options ethernet rfc_1042 llc_other protocol Protocol type The only option for the llc_other frame type is ipx_raw The options for all other frames types include ip ipv6 arp rarp and user defined 0801 FFFF hexadecimal Default Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 1 a...

Page 665: ... Mode Interface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as vlan on page 30 8 these interfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in ...

Page 666: ...show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 Default Setting All protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet Console config interface ethernet 1 1 Console config if protocol vlan protocol group 1 vlan 2 Console config if Console show protocol vlan proto...

Page 667: ...erface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolG...

Page 668: ...VLAN COMMANDS 30 24 ...

Page 669: ...es Priority Commands Layer 2 This section describes commands used to configure Layer 2 traffic priority on the switch Table 31 1 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 31 1 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of ...

Page 670: ...ely Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin queue cos map Assigns class of service values to the priority queues IC 31 5 show queue mode Shows the c...

Page 671: ...gged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority id The priority number for untagged ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority is not set and the default value for untagged frames received on the interface is zero Comma...

Page 672: ...ve priority tags will be placed in queue 0 of the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 Related Commands show interfaces switchport 24 15 queue bandwidth This command assigns weighted round robin WRR weight...

Page 673: ...ervice CoS values to the priority queues i e hardware output queues 0 7 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The ID of the priority queue Ranges are 0 to 7 where 7 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number ...

Page 674: ... at the ingress port are also used at the egress port This command sets the CoS priority for all interfaces Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map 31 8 Table 31 3 Default CoS Priority Levels Priority 0 1 2 3 4 5 6 7 Queue 2 0 1 3 4 5 6 7 Console config interface ethernet 1 1 Console config if queue cos map 0...

Page 675: ...Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Command Mode Privileged Exec Example Console sh queue mode Wrr status Enabled Console Console show queue bandwidth Information of Eth 1 1 Queue ID Weight 0 1 1 2 2 4 3 6 4 8 5 10 6 12 7 14 ...

Page 676: ...rity Commands Layer 3 and 4 This section describes commands used to configure Layer 3 and Layer 4 traffic priority on the switch Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console Table 31 4 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of service mapping GC 31 9 map ip port ...

Page 677: ...efault switchport priority Example The following example shows how to enable TCP UDP port mapping globally map ip precedence Maps IP precedence value to a class of service IC 31 11 map ip dscp Enables IP DSCP class of service mapping GC 31 12 map ip dscp Maps IP DSCP value to a class of service IC 31 13 show map ip port Shows the IP port map PE 31 14 show map ip precedence Shows the IP precedence ...

Page 678: ...nnel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority Up to 8 entries can be specified for IP Port priority mapping This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Global Configuration This command enables IP precedence mapping ...

Page 679: ...precedence Interface Configuration This command sets IP precedence priority i e IP Type of Service priority Use the no form to restore the default table Syntax map ip precedence ip precedence value cos cos value no map ip precedence precedence value 3 bit precedence value Range 0 7 cos value Class of Service value Range 0 7 Default Setting The list below shows the default priority mapping Command ...

Page 680: ...mple shows how to map IP precedence value 1 to CoS value 0 map ip dscp Global Configuration This command enables IP DSCP mapping i e Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Syntax no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default sw...

Page 681: ...os cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Mode Interface Configuration Ethernet Port Channel Console config map ip dscp Console config Table 31 6 Mapping IP DSCP to CoS V...

Page 682: ...ardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip port This command shows the IP port priority map Syntax show map ip port interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting None Com...

Page 683: ...figuration 31 10 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Console show map ip port TCP port mapping status disabled Port Port no COS Eth 1 5 80 0 Console ...

Page 684: ...ap Syntax show map ip dscp interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Console show map ip precedence ethernet 1 5 Precedence mapping status disabled Port Precedence COS Eth 1 5 0 0 Eth 1 5 1 1 Eth 1 5 2 2 Eth 1 5 3 3 Eth 1 5 4 4 Eth 1 5 5 5 Eth 1 5 6 6 Eth 1 5 7...

Page 685: ...nds map ip dscp Global Configuration 31 12 map ip dscp Interface Configuration 31 13 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Page 686: ...CLASS OF SERVICE COMMANDS 31 18 ...

Page 687: ...de Page class map Creates a class map for a type of traffic GC 32 3 match Defines the criteria used to classify traffic CM 32 4 policy map Creates a policy map for multiple interfaces GC 32 5 class Defines a traffic classification for the policy to act on PM 32 6 set Classifies IP traffic by setting a CoS DSCP or IP precedence value in a packet PM C 32 8 police Defines an enforcer for classified t...

Page 688: ... identify the class map and enter Policy Map Class configuration mode A policy map can contain multiple class statements 6 Use the set command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP service level for traffic exceeding the specified rate 7 U...

Page 689: ...eturn to Global configuration mode Syntax no class map class map name match any match any Match any condition within a class map class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter the Class Map configuration mode Then use the match command page 32 4 to specify th...

Page 690: ...f ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters dscp A DSCP value Range 0 63 ip precedence An IP Precedence value Range 0 7 vlan A VLAN Range 1 4094 Default Setting None Command Mode Class Map Configuration Command Usage First enter the class map command to designate a class map and enter the Class Map configuration mode Then use the match command t...

Page 691: ...e a policy map and return to Global configuration mode Syntax no policy map policy map name policy map name Name of the policy map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage Use the policy map command to specify the name of the policy map and then use the class command to configure policies for traffic that matches criteria defined in a class map Con...

Page 692: ...2 bytes and configure the response to drop any violating packets class This command defines a traffic classification upon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map and return to Policy Map configuration mode Syntax no class class map name class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Po...

Page 693: ...tiple classes in a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any violating packets Con...

Page 694: ...nce New IP Precedence value Range 0 7 Default Setting None Command Mode Policy Map Class Configuration Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate t...

Page 695: ...efault Setting Drop out of profile packets Command Mode Policy Map Class Configuration Command Usage You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6 Extended ACL This limitation applies to each switch chip SMC8824M ports 1 26 SMC8848M ports 1 25 ports 26 50 Pol...

Page 696: ...he no form to remove the policy map from this interface Syntax no service policy input policy map name input Apply to the input traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interface Configuration Ethernet Port Channel Command Usage You can only assign one policy map to an interface Yo...

Page 697: ...class map name class map name Name of the class map Range 1 16 characters Default Setting Displays all class maps Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if service policy input rd_policy Console config if Console show class map Class Map match any rd_class 1 Match ip dscp 3 Class Map match any rd_class 2 Match ip precedence 5 Class Map match any r...

Page 698: ...e 1 16 characters Default Setting Displays all policy maps and all classes Command Mode Privileged Exec Example show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Console show po...

Page 699: ...SHOW POLICY MAP INTERFACE 32 13 Command Mode Privileged Exec Example Console show policy map interface ethernet 1 5 Service policy rd_policy input Console ...

Page 700: ...QUALITY OF SERVICE COMMANDS 32 14 ...

Page 701: ... to any neighboring multicast switch router to ensure that it will continue to receive the multicast service Table 33 1 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 33 2 IGMP Query Confi...

Page 702: ...e The following example enables IGMP snooping Table 33 2 IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 33 2 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 33 3 ip igmp snooping version Configures the IGMP version for snooping GC 33 3 show ip igmp snooping Shows the IGMP snooping and query configuration PE 33 4 show m...

Page 703: ... unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port ip igmp snooping version This command configures the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp snooping version 1...

Page 704: ...use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 show ip igmp snooping This command shows the IGMP snooping configuration Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Query Parameters on page 4 197 for a de...

Page 705: ...ser Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Console show ip igmp snooping Service status Enabled Querier status Disabled Query count 2 Query interval 125 sec Query max response time 10 s...

Page 706: ...ng Enabled Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 33 3 IGMP Query Commands Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping GC 33 6 ip igmp snooping query count Configures the query count GC 33 7 ip igmp snooping query interval Configures...

Page 707: ...has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown tim...

Page 708: ...o restore the default Syntax ip igmp snooping query interval seconds no ip igmp snooping query interval seconds The frequency at which the switch sends IGMP host query messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds Console config ip igmp snooping query count 10 Console config Console...

Page 709: ...and defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the mul...

Page 710: ...after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Commands ip igmp snoo...

Page 711: ...ing No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the cur...

Page 712: ...nooping mrouter vlan vlan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config Console show...

Page 713: ...ookup command Table 34 1 DNS Commands Command Function Mode Page ip host Creates a static host name to address mapping GC 34 2 clear host Deletes entries from the host name to address table PE 34 3 ip domain name Defines a default domain name for incomplete host names GC 34 4 ip domain list Defines a list of default domain names for incomplete host names GC 34 5 ip name server Specifies the addres...

Page 714: ...resses Default Setting No static entries Command Mode Global Configuration Command Usage Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device show dns cache Displays entries i...

Page 715: ... of the host Range 1 64 characters Removes all entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table Console config ip host rd5 192 168 1 55 10 1 0 55 Console config end Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias Console Console config clear host Console config ...

Page 716: ...ame name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Example Related Commands ip domain list 34 5 ip name server 34 6 ip domain lookup 34 7 Console config ip domain name sample com Console config end Console show dns Domain Lookup Status DNS disa...

Page 717: ...st name from the domain name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is received by the DNS service on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a m...

Page 718: ...address6 server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Console config ip domain list sample com jp Console co...

Page 719: ...tax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Console config ip domain server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain Name...

Page 720: ... Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List 192 168 1 55 10 1 0 55 Console show hosts Hostname rd5 In...

Page 721: ...55 Console Console show dns cache NO FLAG TYPE IP TTL DOMAIN 2 4 CNAME 66 218 71 84 298 www yahoo akadns net 3 4 CNAME 66 218 71 83 298 www yahoo akadns net 4 4 CNAME 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Ta...

Page 722: ...the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry IP The IP address associated with this record TTL The time to live reported by the name server DOMAIN The domain name associated with this record Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMAIN Console Table 34 2 show dns cache display description Continu...

Page 723: ...gured to relay DHCP client configuration requests to a DHCP server on another network or you can configure this switch to provide DHCP service directly to any client Table 35 1 DHCP Commands Command Group Function Page DHCP Client Allows interfaces to dynamically acquire IP address information 35 2 DHCP Relay Relays DHCP requests from local hosts to a remote DHCP server 35 4 DHCP Server Configures...

Page 724: ...uration VLAN Command Usage This command is used to include a client identifier in all communications with the DHCP server The identifier type depends on the requirements of your DHCP server Example Related Commands ip dhcp restart client 35 3 Table 35 2 DHCP Client Commands Command Function Mode Page ip dhcp client identifier Specifies the DHCP client identifier for this switch IC 35 2 ip dhcp res...

Page 725: ...e BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Related Commands ip address 36 4 Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip inter...

Page 726: ...s into the request so the DHCP server will know the subnet where the client is located Then the switch forwards the packet to the DHCP server on another network When the server receives the DHCP request it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadc...

Page 727: ...r Range 1 3 addresses Default Setting None Command Mode Interface Configuration VLAN Usage Guidelines You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server To start DHCP relay service enter the ip dhcp restart relay command Console config interface vlan 1 Console config if ip dhcp relay Console config ...

Page 728: ...ber and mask for a DHCP address pool DC 35 9 default router Specifies the default router list for a DHCP client DC 35 10 domain name Specifies the domain name for a DHCP client DC 35 11 dns server Specifies the Domain Name Server DNS servers available to a DHCP client DC 35 11 next server Configures the next server in the boot process of a DHCP client DC 35 12 bootfile Specifies a default boot ima...

Page 729: ...ork mask to manually bind to a DHCP client DC 35 16 client identifier Specifies a client identifier for a DHCP client DC 35 17 hardware address Specifies the hardware address of a DHCP client DC 35 18 clear ip dhcp binding Deletes an automatic address binding from the DHCP server database PE 35 19 show ip dhcp binding Displays address bindings on the DHCP server PE NE 35 20 These commands are used...

Page 730: ... range high address The last IP address in an excluded address range Default Setting All IP pool addresses may be assigned Command Mode Global Configuration Example ip dhcp pool This command configures a DHCP address pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool Syntax no ip dhcp pool name name A string or integer Range 1 8 characters Default Setting DHCP a...

Page 731: ...e range of a configured network address pool Example Related Commands network 35 9 host 35 16 network This command configures the subnet number and mask for a DHCP address pool Use the no form to remove the subnet number and mask Syntax network network number mask no network network number The IP address of the DHCP address pool mask The bit combination that identifies the network or subnet and th...

Page 732: ...see page 4 253 The DHCP server assumes that all host addresses are available You can exclude subsets of the address space by using the ip dhcp excluded address command Example default router This command specifies default routers for a DHCP pool Use the no form to remove the default routers Syntax default router address1 address2 no default router address1 Specifies the IP address of the primary r...

Page 733: ...nfiguration Example dns server This command specifies the Domain Name System DNS IP servers available to a DHCP client Use the no form to remove the DNS server list Syntax dns server address1 address2 no dns server address1 Specifies the IP address of the primary DNS server address2 Specifies the IP address of the alternate DNS server Default Setting None Console config dhcp default router 10 1 0 ...

Page 734: ... configures the next server in the boot process of a DHCP client Use the no form to remove the boot server list Syntax no next server address address Specifies the IP address of the next server in the boot process which is typically a Trivial File Transfer Protocol TFTP server Default Setting None Command Mode DHCP Pool Configuration Example Related Commands bootfile 35 13 Console config dhcp dns ...

Page 735: ... Default Setting None Command Mode DHCP Pool Configuration Example Related Commands next server 35 12 netbios name server This command configures NetBIOS Windows Internet Naming Service WINS name servers that are available to Microsoft DHCP clients Use the no form to remove the NetBIOS name server list Syntax netbios name server address1 address2 no netbios name server address1 Specifies IP addres...

Page 736: ...de type 35 14 netbios node type This command configures the NetBIOS node type for Microsoft DHCP clients Use the no form to remove the NetBIOS node type Syntax netbios node type type no netbios node type type Specifies the NetBIOS node type broadcast hybrid recommended mixed peer to peer Default Setting None Command Mode DHCP Pool Configuration Console config dhcp netbios name server 10 1 0 33 10 ...

Page 737: ... supplied before you can configure hours Range 0 23 minutes Specifies the number of minutes in the lease A days and hours value must be supplied before you can configure minutes Range 0 59 infinite Specifies that the lease time is unlimited This option is normally used for addresses manually bound to a BOOTP client via the host command Default Setting One day Command Modes DHCP Pool Configuration ...

Page 738: ...was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the interface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool When searching for a manual binding the switch compares the cli...

Page 739: ...ext text hex hex no client identifier text A text string Range 1 15 characters hex The hexadecimal value Default Setting None Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier and hardware address are configured for a host address the client identifier takes precedence over the ha...

Page 740: ...g protocol used on the client device ethernet ieee802 fddi Default Setting If no type is specified the default protocol is Ethernet Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifier To bind an address to a BOOTP client you must associate a hardware a...

Page 741: ...s Default Setting None Command Mode Privileged Exec Usage Guidelines An address specifies the client s IP address If an asterisk is used as the address parameter the DHCP server clears all automatic bindings Use the no host command to delete a manual binding This command is normally used after modifying the address pool or after moving DHCP service to another device Example Related Commands show i...

Page 742: ... ip dhcp binding address address Specifies the IP address of the DHCP client for which bindings will be displayed Default Setting None Command Mode Normal Exec Privileged Exec Example Console show ip dhcp binding IP MAC Lease Time Start dd hh mm ss 192 1 3 21 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console ...

Page 743: ... be defined and used simultaneously to access the router An IPv6 address can either be manually configured or dynamically generated You may also need to a establish an IPv4 or IPv6 default gateway between this device and management stations or other devices that exist on another network segment if routing is not enabled This section includes commands for configuring IP interfaces the Address Resol...

Page 744: ...P Version 6 Interface Address Configuration and Utilities ipv6 enable Enables IPv6 on an interface that has not been configured with an explicit IPv6 address IC 36 10 ipv6 general prefix Defines an IPv6 general prefix for the network address segment GC 36 12 show ipv6 general prefix Displays all configured IPv6 general prefixes NE PE 36 13 ipv6 address Configures an IPv6 global unicast address wit...

Page 745: ...affic Displays statistics about IPv6 traffic NE PE 36 27 clear ipv6 traffic Resets IPv6 traffic counters PE 36 35 ping ipv6 Sends ICMP echo request packets to an IPv6 node on the network NE PE 36 36 Neighbor Discovery ipv6 neighbor Configures a static entry in the IPv6 neighbor discovery cache GC 36 38 ipv6 nd dad attempts Configures the number of consecutive neighbor solicitation messages sent on...

Page 746: ... that will be assigned to a specific subnet then you must create a router interface for each VLAN that will support routing The router interface consists of an IP address and subnet mask This interface address defines both the network number to which the router interface is attached and the router s host number on that network In other words a router interface address defines the network and subne...

Page 747: ...the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart client command or by rebooting the router Notes 1 Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you can gain management access to the router If you assign an IP address to any other...

Page 748: ...ied in this command is only valid if routing is disabled with the no ip routing command page 37 2 If IP routing is disabled you must define a gateway if the target device is located in a different subnet If routing is enabled you can still define a static route using the ip route command page 37 3 to ensure that traffic to the designated address or subnet passes through a preferred gateway An defa...

Page 749: ...er to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart cli...

Page 750: ... 8 show ipv6 interface 36 22 show ip redirects This command shows the IPv4 default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Console show ip interface Vlan 1 is up addressing mode is User Interface address is 192 168 1 54 mask is 255 255 255 0 Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console Console show ip redirect...

Page 751: ...ter adds header information Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host ...

Page 752: ...d enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 and the host portion of the address is generated by converting the router s MAC address to modified EUI 64 format see Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms...

Page 753: ...ess Example In this example IPv6 is enabled on VLAN 1 and the link local address FE80 200 E8FF FE90 0 64 is automatically generated by the router Related Commands ipv6 address link local 36 20 show ipv6 interface 36 22 Console config interface vlan 1 Console config if ipv6 enable Console config if end Console show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 200 E8FF FE90 0 6...

Page 754: ...ne double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Default Setting No general prefix is defined Command Mode Global Configuration Command Usage Prefixes may contain ...

Page 755: ...isplays all configured IPv6 general prefixes Command Mode Normal Exec Privileged Exec Example This example displays a single IPv6 general prefix configured for the router Console config ipv6 general prefix rd 2009 DB9 2229 48 Console config end Console show ipv6 general prefix IPv6 general prefix rd 2009 DB9 2229 48 Console Console show ipv6 general prefix IPv6 general prefix rd 2009 DB9 2229 48 C...

Page 756: ...d according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address The length of thi...

Page 757: ...e general network prefix of 2009 DB9 2229 48 used in an earlier example and then specifies the subsequent prefix bits 0 0 0 7279 64 and finally the host address portion of 79 Related Commands ipv6 address eui 64 36 18 ipv6 address autoconfig 36 16 show ipv6 interface 36 22 ip address 36 4 Console config interface vlan 1 Console config if ipv6 address rd 0 0 0 7279 79 64 Console config if end Conso...

Page 758: ...Setting No IPv6 addresses are defined Command Mode Interface Configuration VLAN Command Usage If a link local address has not yet been assigned to this interface this command will dynamically generate a global unicast address and a link local address for the interface The link local address is made with an address prefix of FE80 and a host portion based the router s MAC address in modified EUI 64 ...

Page 759: ...address autoconfig Console config if end Console show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 212 CFFF FE0B 4600 64 Global unicast address es 2005 212 CFFF FE0B 4600 subnet is 2005 0 0 0 64 3FFE 501 FFFF 100 212 CFFF FE0B 4600 subnet is 3FFE 501 FFFF 100 64 Joined group address es FF01 1 16 FF02 1 16 FF02 1 FF0B 4600 104 MTU is 1500 bytes ND DAD is enabled number of DAD ...

Page 760: ...ndicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address Default Setting No IPv6 addresses are defined Command Mode Interface Configuration VLAN Command Usage If a link local address has not yet been assigned to this interfac...

Page 761: ...nging 28 to 2A Then the two bytes FFFE are inserted between the OUI i e company id and the rest of the address resulting in a modified EUI 64 interface identifier of 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device as long as those interfaces are attached to different subnets Example This example uses t...

Page 762: ...d to the interface The address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields And the address prefix must be FE80 Default Setting No IPv6 addresses are defined Command Mode Interface Configuration VLAN ...

Page 763: ... 10 show ipv6 interface 36 22 Console config interface vlan 1 Console config if ipv6 address 2001 0DB8 0 1 64 eui 64 Console config if end Console show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 269 3EF9 FE19 6779 64 Global unicast address es 2001 DB8 1 200 E8FF FE90 0 subnet is 2001 DB8 0 1 64 Joined group address es FF01 1 16 FF02 1 16 FF02 1 FF19 6779 104 MTU is 1500 byt...

Page 764: ... may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Command Mode Normal Exec Privileged Exec Example This example displays all the IPv6 addresses configured for the router Console s...

Page 765: ...ace local and scope 2 link local respectively FF01 1 16 is the transient node local multicast address for all attached IPv6 nodes and FF02 1 16 is the link local multicast address for all attached IPv6 nodes The node local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses includi...

Page 766: ...s The address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields ND DAD Indicates whether neighbor discovery duplicate address detection is enabled number of DAD attempts The number of consecutive neighbor ...

Page 767: ... passes through a preferred gateway An IPv6 default gateway can only be successfully set when a network interface that directly connects to the gateway has been configured on the router Example The following example defines a default gateway for this device Related Commands show ipv6 default gateway 36 25 ip default gateway 36 6 show ipv6 default gateway This command displays the current IPv6 defa...

Page 768: ...in the router advertisements sent from this device This option is provided to ensure that all nodes on a link use the same MTU value in cases where the link MTU is not otherwise well known IPv6 routers do not fragment IPv6 packets forwarded from other routers However traffic originating from an end station connected to an IPv6 router may be fragmented All devices on the same physical medium must u...

Page 769: ...his command displays statistics about IPv6 traffic passing through this router Command Mode Normal Exec Privileged Exec Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6 141D Console Table 36 4 show ipv6 mtu display description Field Description MTU Adjusted MTU contained in the ICMP packet too big message returned from this destination and...

Page 770: ... reassembly failures 0 Ipv6 sent sent generated 1435 forwarded 0 fragmented 0 generated fragments 0 Fragmented failed 0 encapsulation failed 0 no route 0 too big 0 Ipv6 mcast mcast received 0 mcast sent 2 ICMP Statistics Ipv6 icmp input input 1 checksum errors 0 too short 0 unknown info type 0 unknown error type 0 unreach routing 0 unreach admin 0 unreach neighbor 0 unreach address 0 unreach port ...

Page 771: ...ho reply 0 group query 0 group report 1 group reduce 0 router solicit 0 router advert 0 redirects 0 neighbor solicit 1 neighbor advert 0 UDP Statistics input 1 checksum errors 0 length errors 0 no port 1 dropped 0 output 1 TCP Statistics input 1911 checksum errors 0 output 4339 retransmitted 0 Console Table 36 5 show ipv6 traffic display description Field Description IPv6 Statistics Ipv6 rcvd rcvd...

Page 772: ...heir IPv6 header s destination field was not a valid address to be received at this entity This count includes invalid addresses e g 0 and unsupported addresses e g addresses with unallocated prefixes For entities which are not IPv6 routers and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a local address fragments The number o...

Page 773: ...s which do not act as IPv6 routers this counter will include only those packets which were Source Routed via this entity and the Source Route processing was successful Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented fragmented The number of IPv6 datagrams that have been successfully fragmented at this output interface generated fragments The num...

Page 774: ...type ICMPv6 error message not defined in the standards unreach routing The number of times no route was found to the destination unreach admin The number of ICMP destination unreachable communication administratively prohibited messages received by the interface unreach neighbor Indicates that the destination is beyond the scope of the source address For example the source may be a local site or t...

Page 775: ...MPv6 Group Membership Reduction messages received by the interface router solicit The number of ICMP Router Solicit messages received by the interface router advert The number of ICMP Router Advertisement messages received by the interface redirects The number of Redirect messages received neighbor solicit The number of ICMP Neighbor Solicitation messages received by the interface neighbor advert ...

Page 776: ...ded in transit reassembly timeout The number of Send ICMP parameter problem messages caused by the fragment reassembly time being exceeded too big The number of ICMP Packet Too Big messages sent by the interface echo request The number of ICMP Echo request messages sent by the interface echo reply The number of ICMP Echo Reply messages sent by the interface group query The number of ICMPv6 Group M...

Page 777: ...P datagrams for which there was no application at the destination port dropped The number of times the system encounter an error when trying to queue the received packet output The total number of UDP datagrams sent from this entity TCP Statistics input The total number of segments received including those received in error This count includes segments received on currently established connections...

Page 778: ...ll the undefined fields host name The name the IPv6 device to ping A host name can be resolved into an IPv6 address using DNS datagram size Specifies the size of the datagram to send in each ping Range 48 18024 bytes repeat count The number of pings to send Range 1 2147483647 hex data pattern The data pattern to send Range 0 FFFF source address The source address or name to include in the ping Thi...

Page 779: ...g in replies that are received only from immediately adjacent routers depending on the utilization on the both the target and intermediate devices the distance to the remote device and other factors Not all protocols require hosts to support pings For some protocols only another switch or router of the same type may respond to ping requests Use the IPv4 ping command page 36 9 for addresses that re...

Page 780: ...he undefined fields vlan id VLAN ID Range 1 4093 hardware address The 48 bit MAC layer address for the neighbor device This address must be formatted as six hexadecimal pairs separated by hyphens Default Setting None Command Mode Global Configuration Command Usage Address Resolution Protocol ARP has been replaced in IPv6 with the Neighbor Discovery Protocol NDP The ipv6 neighbor command is similar...

Page 781: ...This command configures the number of consecutive neighbor solicitation messages sent on an interface during duplicate address detection Use the no form to restore the default setting Syntax ipv6 nd dad attempts count no ipv6 nd dad attempts count The number of neighbor solicitation messages sent to determine whether or not a duplicate address exists on this interface Range 0 600 Default Setting 1...

Page 782: ...ll unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a tentative state If no duplicate link local address is found duplicate address detection is started for the remaining IPv6 addresses If a duplicate address is detected it is set to duplicate state and a warning message is sent to the co...

Page 783: ...6 nd ns interval milliseconds The interval between transmitting IPv6 neighbor solicitation messages Range 1000 3600000 Default Setting 1000 milliseconds is used for neighbor discovery operations 0 milliseconds is advertised in router advertisements Console config interface vlan 1 Console config if ipv6 nd dad attempts 5 Console config if end Console show ipv6 interface Vlan 1 is up IPv6 is stalled...

Page 784: ...The following sets the interval between sending neighbor solicitation messages to 30000 milliseconds Related Commands show running config 20 6 Console config interface vlan 1 Console config pv6 nd ns interval 30000 Console config end Console show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 200 E8FF FE90 0 64 Global unicast address es 2009 DB9 2229 79 subnet is 2009 DB9 2229 ...

Page 785: ...to fill the undefined fields Default Setting All IPv6 neighbor discovery cache entries are displayed Command Mode Normal Exec No command options are available Privileged Exec All command options are available Example The following shows all known IPv6 neighbors for this router Console show ipv6 neighbors IPv6 Address Age Link layer Addr State Vlan 2009 DB9 2229 79 666 00 00 E8 90 00 00 STALE 1 FE8...

Page 786: ...l a packet is sent DELAY More than the ReachableTime interval has elapsed since the last positive confirmation was received that the forward path was functioning A packet was sent within the last DELAY_FIRST_PROBE_TIME interval If no reachability confirmation is received within this interval after entering the DELAY state the router will send a neighbor solicitation message and change the state to...

Page 787: ...ss hardware address no arp ip address ip address IP address to map to a specified hardware address hardware address Hardware address to map to a specified IP address The format for this address is xx xx xx xx xx xx Console clear ipv6 neighbors Console Table 36 7 Address Resolution Protocol Commands Command Function Mode Page arp Adds a static entry in the ARP cache GC 36 45 arp timeout Sets the ti...

Page 788: ...ter a static entry in the cache if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Example Related Commands clear arp cache show arp arp timeout This command sets the aging time for dynamic entries in the Address Resolution Protocol ARP cache Use the no form to res...

Page 789: ...command deletes all dynamic entries from the Address Resolution Protocol ARP cache Command Mode Privileged Exec Example This example clears all dynamic entries in the ARP cache show arp Use this command to display entries in the Address Resolution Protocol ARP cache Command Mode Normal Exec Privileged Exec Console config arp timeout 900 Console config Console clear arp cache This operation will de...

Page 790: ...This command enables proxy Address Resolution Protocol ARP Use the no form to disable proxy ARP Syntax no ip proxy arp Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage Proxy ARP allows a non routing device to determine the MAC address of a host on another subnet or network Console show arp Arp cache timeout 1200 seconds IP Address MAC Address Type Interface 10 1 0 0...

Page 791: ...ADDRESS RESOLUTION PROTOCOL ARP 36 49 Example Console config interface vlan 3 Console config if ip proxy arp Console config if ...

Page 792: ...IP INTERFACE COMMANDS 36 50 ...

Page 793: ...exchanges information with other routers on the network to automatically determine the best path to any subnetwork This section includes commands for both static and dynamic routing These commands are used to connect between different local subnetworks or to connect the router to the enterprise network Table 37 1 IP Routing Commands Command Group Function Page Global Routing Configuration Configur...

Page 794: ...are or AppleTalk are switched based on MAC addresses If IP routing is disabled all packets are switched with filtering and forwarding decisions based strictly on MAC addresses Table 37 2 Global Routing Configuration Commands Command Function Mode Page ip routing Enables static and dynamic IP routing GC 37 2 ip route Configures static routes GC 37 3 clear ip route Deletes specified entries from the...

Page 795: ...lt Sets this entry as the default route gateway IP address of the gateway used for this route metric Selected RIP cost for this interface Range 1 5 default 1 Removes all static routing table entries Default Setting No static routes are configured Command Mode Global Configuration Command Usage You can configure up to 256 static routes If both static and dynamic paths have the same lowest cost the ...

Page 796: ...ess netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets Removes all dynamic routing table entries Command Mode Privileged Exec Command Usage This command only clears dynamically learned routes Use the no ip address command to remove a local interface Use the no ip route command to remove a static route Example Console co...

Page 797: ...all routes for the corresponding natural class address page 37 12 Example Console show ip route Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 0 0 0 10 2 48 102 static 0 1 10 2 48 2 255 255 252 0 10 2 48 16 local 0 1 10 2 5 6 255 255 255 0 10 2 8 12 RIP 1 2 10 3 9 1 255 255 255 0 10 2 9 254 OSPF intra 2 3 Total entry 4 Console Table 37 3 show ip route display description Field Des...

Page 798: ... 192 168 1 250 00 00 30 01 01 01 3 1 1 10 2 48 2 00 00 30 01 01 02 1 1 1 10 2 5 6 00 00 30 01 01 03 1 1 2 10 3 9 1 00 00 30 01 01 04 2 1 3 Console Table 37 4 show ip host route display description Field Description Ip address IP address of the destination network subnetwork or host Mac address The physical layer address associated with the IP address VLAN The VLAN that connects to this IP address ...

Page 799: ...0 not a gateway Frags 0 reassembled 0 timeouts 0 fragmented 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestamp 0 time exceeded 0 parameter problem UDP ...

Page 800: ... interfaces if not already specified with a receive version or send version command RC 37 15 redistribute Redistribute routes from one routing domain to another RC 37 15 ip rip receive version Sets the RIP receive version to use on a network interface IC 37 16 ip rip send version Sets the RIP send version to use on a network interface IC 37 17 ip split horizon Enables split horizon or poison rever...

Page 801: ...rs exchange routing table information This command is also used to enter router configuration mode Example Related Commands network 37 12 default metric This command sets the default metric assigned to external routes imported from other protocols Use the no form to restore the default value Syntax default metric metric value no default metric metric value Metric assigned to external routes Range ...

Page 802: ...uted into RIP For example if a metric of 10 is defined for redistributed routes these routes can only be advertised to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follow a imported route the maximum number of hops allowed within a RIP domain However note that using a low metric can increase the possibility of rou...

Page 803: ...ets the rate at which updates are sent This is the fundamental timer used to control all basic RIP processes The timeout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable However packets are still forwarded on this route After the timeout interval expires the r...

Page 804: ... Mode Router Configuration Default Setting No networks are specified Command Usage RIP only sends updates to interfaces specified by this command Subnet addresses are interpreted as class A B or C based on the first field in the specified address In other words if a subnet address nnn xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the n...

Page 805: ...entry Syntax no neighbor ip address ip address IP address to map to a specified hardware address Command Mode Router Configuration Default Setting No neighbors are defined Command Usage This command can be used to configure a static neighbor with which this router will exchange information rather than relying on broadcast messages generated by the RIP protocol Example Console config router network...

Page 806: ...l be set to the following values RIP Version 1 configures the unset interfaces to send RIPv1 compatible protocol messages and receive either RIPv1 or RIPv2 protocol messages RIP Version 2 configures the unset interfaces to use RIPv2 for both sending and receiving protocol messages When the no form of this command is used to restore the default value any VLAN interface not previously set by the ip ...

Page 807: ...ommand Usage When a metric value has not been configured by the redistribute command the default metric command page 37 9 sets the metric value to be used for all imported external routes A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a...

Page 808: ...c 37 9 ip rip receive version This command specifies a RIP version to receive on an interface Use the no form to restore the default value Syntax ip rip receive version none 1 2 1 2 no ip rip receive version none Does not accept incoming RIP packets 1 Accepts only RIPv1 packets 2 Accepts only RIPv2 packets 1 2 Accepts RIPv1 or RIPv2 packets Command Mode Interface Configuration VLAN Default Setting...

Page 809: ...local network are using RIPv2 but there are still some older routers using RIPv1 Example This example sets the interface version for VLAN 1 to receive RIPv1 packets Related Commands redistribute 37 15 ip rip send version This command specifies a RIP version to send on an interface Use the no form to restore the default value Syntax ip rip send version none 1 2 v2 broadcast no ip rip send version n...

Page 810: ...se 1 or 2 if all routers in the local network are based on RIPv1 or RIPv2 respectively Use v2 broadcast to propagate route information by broadcasting to other routers on the network using RIPv2 instead of multicasting as normally required by RIPv2 Using this mode allows RIPv1 routers to receive these protocol messages but still allows RIPv2 routers to receive the additional information provided b...

Page 811: ...erface Configuration VLAN Default Setting split horizon Command Usage Split horizon never propagates routes back to an interface from which they have been acquired Poison reverse propagates routes back to an interface port from which they have been acquired but sets the distance vector metrics to infinity This provides faster convergence Example This example propagates routes back to the source us...

Page 812: ... Default Setting No authentication Command Usage This command can be used to restrict the interfaces that can exchange RIPv2 routing information Note that this command does not apply to RIPv1 For authentication to function properly both the sending and receiving interface must be configured with the same password Example This example sets an authentication password of small to verify incoming rout...

Page 813: ...ntication Command Usage The password to be used for authentication is specified in the ip rip authentication key command page 37 20 This command requires the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For authentication to function properly both the sending and receiving interface must be configured with...

Page 814: ...formation about the last time a route update was received the RIP version used by the neighbor and the status of routing messages received from this neighbor Console show rip globals RIP Process Enabled Update Time in Seconds 30 Number of Route Change 0 Number of Queries 1 Console Table 37 6 show rip globals display description Field Description RIP Process Indicates if RIP has been enabled or dis...

Page 815: ...adRoutes 10 1 0 254 1625 2 0 0 10 1 1 254 1625 2 0 0 Console Table 37 7 show ip rip display description Field Description show ip rip configuration Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 or RIPv2 broadcast ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1 or RIPv2 Poison Shows if split horizon poison reverse or no ...

Page 816: ...UpdateTime Last time a route update was received from this peer Version Whether RIPv1 or RIPv2 packets were received from this peer RcvBadPackets Number of bad RIP packets received from this peer RcvBadRoutes Number of bad routes received from this peer Table 37 7 show ip rip display description Continued Field Description ...

Page 817: ...SECTION IV APPENDICES This section provides additional information on the following topics Software Specifications A 1 Troubleshooting B 1 Glossary Index ...

Page 818: ...APPENDICES ...

Page 819: ...lient DNS Client Proxy Port Configuration 1000BASE T 10 100 Mbps at half full duplex 1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP 10GBASE SR LR ER 10 Gbps at full duplex Module Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate L...

Page 820: ...automatic VLAN learning private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing which can be configured by VLAN tag or port Layer 3 4 priority mapping IP Port IP Precedence IP DSCP Quality of Service DiffServ supports class maps policy maps and service policies Multicast Filtering IGMP Snooping IP Routing ARP Proxy ARP Static routes RIP RIPv2 dynamic rout...

Page 821: ...stics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority tags IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow c...

Page 822: ...415 SNTP RFC 2030 SSH Version 2 0 TFTP RFC 1350 Management Information Bases Bridge MIB RFC 1493 DNS Resolver MIB RFC 1612 Differentiated Services MIB RFC 3289 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP MIB RFC 2011 IP M...

Page 823: ... RFC 2621 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMP Community MIB RFC 3584 TACACS Authentication Client MIB T...

Page 824: ...SOFTWARE SPECIFICATIONS A 6 ...

Page 825: ...ed the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you are trying to connect to the switch via the IP address for a tagged VLAN group your management station and the ports connecting intermediate sw...

Page 826: ...et up an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used Cannot access the on board configuration program via a serial port connection Be sure you have set the terminal emulator program to VT100 compatible 8 data bits 1 stop bit no parity and the baud r...

Page 827: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Page 828: ...TROUBLESHOOTING B 4 ...

Page 829: ...he TFTP server that contains the devices system files and the name of the boot file Class of Service CoS CoS is supported by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set...

Page 830: ...P IP network DHCP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options Extended Universal Identifier EUI An address format used by IPv6 to identify the host portion of the network address The interface identifier in EUI compatible addresses is based on the link layer MAC address of an interface Int...

Page 831: ...automatically over a Spanning Tree network Generic Attribute Registration Protocol GARP GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registrati...

Page 832: ...based on the tagged priority value IEEE 802 1s An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame...

Page 833: ...for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts...

Page 834: ... on another device Management Information Base MIB An acronym for Management Information Base It is a set of database objects that contains information about a specific device MD5 Message Digest Algorithm An algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm which has been broken MD5 is a one way hash function meaning...

Page 835: ...he target port to be studied unobstructively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs Private VLANs provide port based security and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from upl...

Page 836: ...oring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types Rapid Spanning Tree Protocol RSTP RSTP reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Routing Information Protocol RIP The RIP protocol seeks to find the shortest rou...

Page 837: ... Tree Algorithm STA A technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Controller Acce...

Page 838: ...de access to IP like services UDP packets are delivered just like IP packets connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the networ...

Page 839: ...onfiguration settings saving or restoring 2 22 4 32 20 13 console port required connections 2 3 CoS configuring 12 1 31 1 32 1 DSCP 12 12 31 12 IP port priority 12 14 31 9 IP precedence 12 10 31 10 layer 3 4 priorities 12 8 31 8 queue mapping 12 3 31 5 queue mode 12 6 31 2 traffic class weights 12 7 31 4 D default gateway configuration 17 5 default IPv4 gateway configuration 4 9 36 6 default IPv6 ...

Page 840: ...ion 11 15 30 4 H hardware version displaying 4 4 20 10 HTTPS 6 7 22 17 HTTPS secure server 6 7 22 17 I IEEE 802 1D 10 1 29 4 IEEE 802 1s 29 4 IEEE 802 1w 10 1 29 4 IEEE 802 1X 6 21 22 37 IGMP groups displaying 14 7 33 5 Layer 2 14 2 33 2 query 14 2 33 6 query Layer 2 14 3 33 6 snooping 14 2 33 2 snooping configuring 14 2 33 2 ingress filtering 11 14 30 12 IP address BOOTP DHCP 35 3 IP port priorit...

Page 841: ...ervers 20 36 log in Web interface 3 3 logon authentication 6 1 22 1 RADIUS client 6 3 22 8 RADIUS server 6 3 22 8 TACACS client 6 3 22 13 TACACS server 6 3 22 13 logon authentication sequence 6 4 22 5 22 7 M main menu 3 6 Management Information Bases MIBs A 4 mirror port configuring 8 25 26 1 MSTP 29 4 global settings 10 21 29 1 interface settings 10 17 29 2 MTU for IPv6 4 16 36 26 multicast filte...

Page 842: ...aying 17 28 37 5 37 6 RSTP 10 1 29 4 global configuration 10 4 29 4 S secure shell 6 10 22 21 Secure Shell configuration 6 10 22 25 22 26 serial port configuring 20 21 SNMP 5 1 community string 5 4 21 4 enabling traps 5 6 21 9 trap manager 5 6 21 6 software displaying version 4 4 20 10 downloading 4 30 20 13 Spanning Tree Protocol See STA specifications software A 1 SSH configuring 6 10 22 25 22 2...

Page 843: ... troubleshooting B 1 trunk configuration 8 8 25 1 LACP 8 11 25 1 25 4 static 8 9 25 3 U upgrading software 4 30 20 13 user account 6 1 user password 6 1 22 2 22 4 V VLANs 11 1 11 18 30 1 30 18 adding static members 11 10 11 13 30 14 creating 11 8 30 8 description 11 1 displaying basic information 11 6 30 3 displaying port members 11 7 30 16 egress mode 11 15 30 10 interface configuration 11 14 30 ...

Page 844: ...INDEX Index 6 ...

Page 845: ......

Page 846: ...01 58 Italy 39 0 335 5708602 Fax 39 02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10 6235 4958 Fax...

Reviews:

No comments

Related manuals for WPCI-G - annexe 1

Sagem 2604 Quick Installation Manual preview
2604
Brand: Sagem Pages: 19
DBM ACE9600 Operating Manual preview
ACE9600
Brand: DBM Pages: 50
Lab.gruppen NLB 60E Operation Manual preview
NLB 60E
Brand: Lab.gruppen Pages: 35
ZyXEL Communications ZyAIR G-3000H User Manual preview
ZyAIR G-3000H
Brand: ZyXEL Communications Pages: 299
National Instruments FieldPoint cFP-RTD-122 Operating Instructions Manual preview
FieldPoint cFP-RTD-122
Brand: National Instruments Pages: 15
Compaq StorageWorks AIT 35GB AutoLoader Overview And Installation preview
StorageWorks AIT 35GB AutoLoader
Brand: Compaq Pages: 4
Abocom PLS342 Specification Sheet preview
PLS342
Brand: Abocom Pages: 2
Hanwha Techwin Wisenet PRN-6400B4 Quick Manual preview
Wisenet PRN-6400B4
Brand: Hanwha Techwin Pages: 14
GarrettCom Industrial Network Track OSI Brochure preview
Industrial Network Track OSI
Brand: GarrettCom Pages: 10
Paradyne iMarc SLV 9820-2M Installation Instructions Manual preview
iMarc SLV 9820-2M
Brand: Paradyne Pages: 24
Variscite VAR-EXT-CB103 Manual preview
VAR-EXT-CB103
Brand: Variscite Pages: 17
Calix GS2020E GigaSPIRE BLAST Quick Start Manual preview
GS2020E GigaSPIRE BLAST
Brand: Calix Pages: 15
B+B SmartWorx Airborne M2M ABDN-er-DP55 Series User Manual preview
Airborne M2M ABDN-er-DP55 Series
Brand: B+B SmartWorx Pages: 120
Altimium CVHH2 User Manual preview
CVHH2
Brand: Altimium Pages: 12
Enterasys Security Router X-PeditionTM User Manual preview
Security Router X-PeditionTM
Brand: Enterasys Pages: 466
NCD Gen3 Ethernet Module Quick Start Manual preview
Gen3 Ethernet Module
Brand: NCD Pages: 18
3Com Router 3033 Configuration Manual preview
Router 3033
Brand: 3Com Pages: 63
Martin 90523000 User Manual preview
90523000
Brand: Martin Pages: 41

Brands by name

Popular brands

Load more brands