TP-Link TL-SG5426 - Installation Manual Download Page 112 | Manualshive

Page: 112 / 499

background image

Access Control Lists

3-69

3

Configuring a Standard IP ACL

Command Attributes

•

Action

– An ACL can contain any combination of permit or deny rules.

•

Address Type

– Specifies the source IP address. Use “Any” to include all possible

addresses, “Host” to specify a specific host address in the Address field, or “IP” to
specify a range of addresses with the Address and SubMask fields. (Options: Any,
Host, IP; Default: Any)

•

IP Address

– Source IP address.

•

Subnet Mask

– A subnet mask containing four integers from 0 to 255, each

separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to
indicate “ignore.” The mask is bitwise ANDed with the specified source IP address,
and compared with the address for each IP packet entering the port(s) to which this
ACL has been assigned.

Web

– Specify the action (i.e., Permit or Deny). Select the address type (Any, Host,

or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet
address and the mask for an address range. Then click Add.

Figure 3-44 Configuring Standard IP ACLs

CLI

– This example configures one permit rule for the specific address 10.1.1.21

and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask.

Configuring an Extended IP ACL

Command Attributes

•

Action

– An ACL can contain any combination of permit or deny rules.

•

Source/Destination Address Type

– Specifies the source or destination IP

address. Use “Any” to include all possible addresses, “Host” to specify a specific

Console(config-std-acl)#permit host 10.1.1.21

4-91

Console(config-std-acl)#permit 168.92.16.0 255.255.240.0
Console(config-std-acl)#

«
...
110
111
112
113
114
...
»

Summary of Contents for TL-SG5426 -

Page 1: ...TL SG5426 26 Port Gigabit Managed Switch Rev 1 0 0 1910010105...

Page 2: ...are trademarks or registered trademarks of their respective holders No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation tran...

Page 3: ...orrect the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an out...

Page 4: ...1 and 2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Saving Configuration Settings 2 8 Managing System Files 2 9 Chapter 3 Configuring the Switch 3 1 Using the We...

Page 5: ...D 3 36 Specifying a Remote Engine ID 3 37 Configuring SNMPv3 Users 3 37 Configuring Remote SNMPv3 Users 3 40 Configuring SNMPv3 Groups 3 41 Setting SNMPv3 Views 3 45 User Authentication 3 46 Configuri...

Page 6: ...e 3 100 Changing the Aging Time 3 102 Spanning Tree Algorithm Configuration 3 102 Displaying Global Settings 3 105 Configuring Global Settings 3 107 Displaying Interface Settings 3 111 Configuring Int...

Page 7: ...162 Configuring IGMP Snooping and Query Parameters 3 163 Enabling IGMP Immediate Leave 3 164 Displaying Interfaces Attached to a Multicast Router 3 165 Specifying Static Interfaces for a Multicast Ro...

Page 8: ...mand Line Interface 4 1 Using the Command Line Interface 4 1 Accessing the CLI 4 1 Console Connection 4 1 Telnet Connection 4 2 Entering Commands 4 3 Keywords and Arguments 4 3 Minimum Abbreviation 4...

Page 9: ...nt 4 28 Web Server Commands 4 29 ip http port 4 29 ip http server 4 30 ip http secure server 4 30 ip http secure port 4 31 Telnet Server Commands 4 32 ip telnet port 4 32 ip telnet server 4 33 Secure...

Page 10: ...ck timezone 4 56 calendar set 4 56 show calendar 4 57 System Status Commands 4 57 show startup config 4 57 show running config 4 59 show system 4 61 show users 4 61 show version 4 62 Frame Size Comman...

Page 11: ...imeout tx period 4 85 show dot1x 4 86 Access Control List Commands 4 89 IP ACLs 4 90 access list ip 4 90 permit deny Standard ACL 4 91 permit deny Extended ACL 4 91 show ip access list 4 93 ip access...

Page 12: ...Port Commands 4 127 port monitor 4 127 show port monitor 4 128 Rate Limit Commands 4 129 rate limit 4 129 Link Aggregation Commands 4 130 channel group 4 131 lacp 4 132 lacp system priority 4 133 lac...

Page 13: ...60 show spanning tree mst configuration 4 162 VLAN Commands 4 163 GVRP and Bridge Extension Commands 4 163 bridge ext gvrp 4 164 show bridge ext 4 164 switchport gvrp 4 165 show gvrp configuration 4 1...

Page 14: ...ueue bandwidth 4 188 show queue cos map 4 189 Priority Commands Layer 3 and 4 4 189 map ip dscp Global Configuration 4 189 map ip dscp Interface Configuration 4 190 show map ip dscp 4 191 Quality of S...

Page 15: ...p profile 4 216 show ip igmp throttle interface 4 216 Multicast VLAN Registration Commands 4 217 mvr Global Configuration 4 218 mvr Interface Configuration 4 219 show mvr 4 221 IP Interface Commands 4...

Page 16: ...uster 4 241 show cluster members 4 241 show cluster candidates 4 242 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3...

Page 17: ...Contents xiv...

Page 18: ...mand Line Processing 4 8 Table 4 4 Command Groups 4 9 Table 4 5 Line Commands 4 10 Table 4 6 General Commands 4 19 Table 4 7 System Management Commands 4 24 Table 4 8 Device Designation Commands 4 24...

Page 19: ...ble 4 47 show lacp counters display description 4 137 Table 4 48 show lacp internal display description 4 138 Table 4 49 show lacp neighbors display description 4 139 Table 4 50 show lacp sysid displa...

Page 20: ...LAN Registration Commands 4 217 Table 4 73 show mvr display description 4 221 Table 4 74 show mvr interface display description 4 222 Table 4 75 show mvr members display description 4 222 Table 4 76 I...

Page 21: ...Tables xviii...

Page 22: ...3 20 Renumbering the System 3 30 Figure 3 21 Resetting the System 3 30 Figure 3 22 SNTP Configuration 3 31 Figure 3 23 Setting the System Clock 3 32 Figure 3 24 Configuring SNMP Community Strings 3 34...

Page 23: ...ress Aging Time 3 102 Figure 3 64 Displaying Spanning Tree Information 3 106 Figure 3 65 Configuring Spanning Tree 3 110 Figure 3 66 Displaying Spanning Tree Port Information 3 113 Figure 3 67 Configu...

Page 24: ...05 IGMP Profile Configuration 3 173 Figure 3 106 MVR Global Configuration 3 176 Figure 3 107 MVR Port Information 3 177 Figure 3 108 MVR Group IP Information 3 178 Figure 3 109 MVR Port Configuration...

Page 25: ...Figures xxii...

Page 26: ...ption 82 relay information Port Configuration Speed duplex mode and flow control Rate Limiting Input rate and output limiting per port Port Mirroring One or more port mirrored to a single analysis por...

Page 27: ...tensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then verifies the client s right to access the network via an authentication server Other authen...

Page 28: ...nterface the address will be ignored and will not be written to the address table Static addresses can be used to provide network security by restricting access for a known host to a specific port IEE...

Page 29: ...nection Provide data security by restricting all traffic to the originating VLAN Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent p...

Page 30: ...required priority level for the designated VLAN The switch uses IGMP Snooping and Query to manage multicast group registration It also supports Multicast VLAN Registration MVR which allows common mult...

Page 31: ...cation Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled T...

Page 32: ...g Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Enabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port inter...

Page 33: ...sh Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled DHCP Snooping Status Disabled IP Source Guard Status Disabled all ports Switch Clusterin...

Page 34: ...RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permit...

Page 35: ...erial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the RS 232 connector 2 Connect the other end of the cable to the RS 232 serial port on...

Page 36: ...basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program provides...

Page 37: ...rmation for the stack to obtain management access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If...

Page 38: ...therefore need to use the ip dhcp restart command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values ca...

Page 39: ...clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community str...

Page 40: ...re no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a...

Page 41: ...work Management Protocol on page 3 33 or refer to the specific CLI commands for SNMP starting on page 4 100 Saving Configuration Settings Configuration commands only modify the running configuration f...

Page 42: ...Initial Configuration 2 10 2...

Page 43: ...user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on...

Page 44: ...tatistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page...

Page 45: ...be Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The...

Page 46: ...lows the transfer and copying files 3 17 Delete Allows deletion of files from the flash memory 3 18 Set Start Up Sets the startup file 3 18 Line 3 21 Console Sets console port connection parameters 3...

Page 47: ...each and maximum allowed MAC addresses 3 59 802 1X Port authentication 3 60 Information Displays global configuration settings 3 62 Configuration Configures the global configuration setting 3 62 Port...

Page 48: ...rt statistics 3 95 Address Table 3 99 Static Addresses Displays entries for interface address or VLAN 3 99 Dynamic Addresses Displays or edits static entries in the Address Table 3 100 Address Aging S...

Page 49: ...Configuration Adds trunks to a QinQ tunnel 3 138 Private VLAN 3 141 Status Enables or disables the private VLAN 3 141 Link Status Configures the private VLAN 3 141 Protocol VLAN 3 142 Configuration C...

Page 50: ...r Port Configuration Assigns ports that are attached to a neighboring multicast router 3 166 IP Multicast Registration Table Displays all multicast groups active on this switch including multicast IP...

Page 51: ...7 VLAN Configuration Enables DHCP Snooping for a VLAN 3 188 Information Option Configuration Enables DHCP Snooping Information Option 3 188 Port Configuration Selects the DHCP Snooping Information Opt...

Page 52: ...is switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enable...

Page 53: ...after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces See Managing Firmware on page 3 17 for more information Diagnostic Co...

Page 54: ...Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Console config host...

Page 55: ...owing command to display version information Console show version 4 62 Unit 1 Serial Number Hardware Version EPLD Version 1 02 Number of Ports 26 Main Power Status Up Redundant Power Status Not presen...

Page 56: ...ic filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 99 VLAN Learning This switch uses Shared VLAN Learning SVL where all VLANs share the same address table Con...

Page 57: ...has been assigned an IP address IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BO...

Page 58: ...Static enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console conf...

Page 59: ...onnection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart command R...

Page 60: ...erver or copy files to and from switch units in a stack By saving runtime code to a file on a TFTP server that file can later be downloaded to the switch to restore operation You can also set the swit...

Page 61: ...wnload the file using a different name from the current runtime code file and then set the new file as the startup file Web Click System File Management Copy Operation Select tftp to file as the file...

Page 62: ...options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a f...

Page 63: ...memory space Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file or you can specify the current startup...

Page 64: ...nfigured via the web or CLI interface Command Attributes Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout inte...

Page 65: ...Even Odd or None Default None Speed Sets the terminal line s baud rate for transmit to terminal and receive from terminal Set the speed to match the baud rate of the device connected to the serial por...

Page 66: ...Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range...

Page 67: ...with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login2 Enables password checking at login You can select a...

Page 68: ...The switch can store up to 2048 log entries in temporary random access memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3...

Page 69: ...d level For example if level 3 is specified all messages from level 0 to level 3 will be logged to flash Range 0 7 Default 3 RAM Level Limits log messages saved to the switch s temporary RAM memory fo...

Page 70: ...ility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in sysl...

Page 71: ...between servers The messages can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address This command specifies...

Page 72: ...or free memory error resource exhausted Level 2 Alert Sends urgent notification that immediate action must be taken Level 1 Emergency Sends an emergency notification that the system is now unusable L...

Page 73: ...l always run the Power On Self Test Resetting the System Web Click System Reset Click the Reset button to reboot the switch When prompted confirm that you want reset the switch Figure 3 21 Resetting t...

Page 74: ...to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time se...

Page 75: ...2 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set th...

Page 76: ...ust first submit a valid community string for authentication The options for configuring community strings trap functions and restricting access to clients with specified IP addresses are described in...

Page 77: ...switch Command Attributes Trap Manager Capability This switch supports up to five trap managers Current Displays a list of the trap managers currently configured Trap Manager IP Address IP address of...

Page 78: ...Figure 3 25 Configuring IP Trap Managers CLI This example adds a trap manager and enables both authentication and link up link down traps Enabling SNMP Agent Status Enables SNMPv3 service for all mana...

Page 79: ...th user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the de...

Page 80: ...specified a trailing zero is added to the value to fill the octet For example entering the value 123456789 results in an engine ID of 1234567890 Web Click SNMP SNMPv3 Remote Engine ID Figure 3 28 Set...

Page 81: ...available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication The method used for user authen...

Page 82: ...ed group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 29 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new use...

Page 83: ...the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 44 Model The user security model SNMP v1 v2c or v3 Level The security level...

Page 84: ...thentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 secu...

Page 85: ...3 1 1 5 1 A coldStart trap signifies that the SNMPv2 entity acting in an agent role is reinitializing itself and that its configuration may have been altered warmStart 1 3 6 1 6 3 1 1 5 2 A warmStart...

Page 86: ...11863 6 10 58 1 0 1 This trap is sent when the power state changes swPortSecurityTrap 1 3 6 1 4 1 11863 6 10 58 1 0 36 This trap is sent when the port is being intruded This trap will only be sent wh...

Page 87: ...Delete Figure 3 31 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and write...

Page 88: ...n the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view We...

Page 89: ...ring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assig...

Page 90: ...oves an account from the list Web Click Security User Accounts To configure a new user account specify a user name select the user s access level then enter a password and confirm it Click Add to save...

Page 91: ...e packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the auth...

Page 92: ...n server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length...

Page 93: ...ication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if sele...

Page 94: ...mote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Server 1 Server IP address 192 168 1 25 Communication...

Page 95: ...decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The...

Page 96: ...rom a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certific...

Page 97: ...ord authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settin...

Page 98: ...SSH server on the switch 6 Challenge Response Authentication When an SSH client attempts to contact the switch the SSH server uses the host key pair to negotiate a session key and encryption method O...

Page 99: ...120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authen...

Page 100: ...Version 1 DSA Version 2 Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select ei...

Page 101: ...320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 6032591968369705343933643844522333518828717389689451172929051081...

Page 102: ...port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the switch...

Page 103: ...resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to s...

Page 104: ...network Otherwise network access is denied and the port remains blocked The operation of 802 1X on the switch requires the following The switch must have an IP address assigned RADIUS authentication m...

Page 105: ...obal setting for 802 1X Default Disabled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 40 802 1X Global Configuration CLI This example enables...

Page 106: ...nauthorized Forces the port to deny access to all clients either dot1x aware or otherwise Re authen Sets the client to be re authenticated after the interval specified by the Re authentication Period...

Page 107: ...Configuring the Switch 3 64 3 Figure 3 41 802 1X Port Configuration...

Page 108: ...1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 26 disabled...

Page 109: ...s of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Respon...

Page 110: ...et is accepted Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is also 32 The maximum number of rules that can be bound to the ports...

Page 111: ...ed on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well as protocol type and protocol port number MAC MAC ACL mode that filters packets...

Page 112: ...for each IP packet entering the port s to which this ACL has been assigned Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address...

Page 113: ...at specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary...

Page 114: ...i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when s...

Page 115: ...ound in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bitmask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet ty...

Page 116: ...ge This switch supports ACLs for ingress filtering only Command Attributes Port Fixed port or SFP module Range 1 26 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a por...

Page 117: ...ace on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SN...

Page 118: ...ddress es for the SNMP group Telnet IP Filter Configures IP address es for the Telnet group IP Filter List IP address which are allowed management access to this interface Start IP Address A single IP...

Page 119: ...e Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type3 Media type used...

Page 120: ...capabilities to be advertised for a port during auto negotiation To access this item on the web see 3 78 The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full...

Page 121: ...Configuration page to enable disable an interface set auto negotiation and the interface capabilities to advertise or manually fix the speed duplex mode and flow control Command Attributes Name Allow...

Page 122: ...x operation 100full Supports 100 Mbps full duplex operation 1000full Combo ports only Supports 1000 Mbps full duplex operation Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10...

Page 123: ...standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other p...

Page 124: ...he static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and...

Page 125: ...of an LACP trunk must be configured for full duplex and auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see 3 81 Console...

Page 126: ...w Includes entry fields for creating new trunks Port Port identifier Range 1 26 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you...

Page 127: ...ibutes Set Port Actor This menu sets the local side of an aggregate link i e the ports on this switch Port Port number Range 1 26 System Priority LACP system priority is used to determine link aggrega...

Page 128: ...ed device The command attributes have the same meaning as those used for the port actor However configuring LACP settings for the partner only applies to its administrative state not its operational s...

Page 129: ...nsole show lacp sysid 4 136 Port Channel System Priority System MAC Address 1 3 00 12 CF 31 31 31 2 32768 00 12 CF 31 31 31 3 32768 00 12 CF 31 31 31 4 32768 00 12 CF 31 31 31 Console show lacp 1 inte...

Page 130: ...value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry the Slow P...

Page 131: ...nformation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be e...

Page 132: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 136 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP S...

Page 133: ...igned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregat...

Page 134: ...ontrol is enabled by default Broadcast control does not effect IP multicast traffic Command Attributes Port Port number Type Indicates the port type 100BASE TX 1000BASE T or SFP Protect Status Shows w...

Page 135: ...22 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 500 4 122 Console config if end Console show interfaces switchport ethernet 1 2 4 125...

Page 136: ...d Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 26 Type Allows you to select which traffic to mirror to the target...

Page 137: ...rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Configuration Use the rate limit configura...

Page 138: ...ber of octetts received on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets...

Page 139: ...de frames received with frame too long or frame too short error Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions This counter d...

Page 140: ...e number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and wer...

Page 141: ...ng the Switch 3 98 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 60 Port St...

Page 142: ...dress of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Console show interfaces counters ethernet 1 13 4 124 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122...

Page 143: ...for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interf...

Page 144: ...method of sorting the displayed addresses and then click Query Figure 3 62 Configuring a Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac add...

Page 145: ...backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid...

Page 146: ...s or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding data...

Page 147: ...d acts as a virtual bridge node for communications with STP or RSTP nodes in the global network MSTP connects all bridges and LAN segments with a single Common and Internal Spanning Tree CIST The CIST...

Page 148: ...before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In additi...

Page 149: ...orts in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to for...

Page 150: ...cally adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the sw...

Page 151: ...rt and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root d...

Page 152: ...The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifi...

Page 153: ...nfigures the STA and RSTP parameters Console config spanning tree 4 145 Console config spanning tree mode rstp 4 145 Console config spanning tree priority 45056 4 148 Console config spanning tree hell...

Page 154: ...Learning state to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the higher the cost D...

Page 155: ...Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with...

Page 156: ...to The switch automatically determines if the interface is attached to a point to point link or to shared media Web Click Spanning Tree STA Port Information or STA Trunk Information Figure 3 66 Displa...

Page 157: ...es if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defin...

Page 158: ...ree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an...

Page 159: ...note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 3...

Page 160: ...ly To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 68 Configuring Multiple Spanning Trees CLI This example sets the priority for MS...

Page 161: ...iguration 2 Priority 4096 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 De...

Page 162: ...e Algorithm Configuration 3 119 3 Web Click Spanning Tree MSTP Port or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 69 Displaying MSTP Interf...

Page 163: ...ormation Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root...

Page 164: ...ue will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than o...

Page 165: ...02 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you...

Page 166: ...participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged p...

Page 167: ...ports GVRP it will also place the receiving port in the specified VLANs and pass the message on to all other ports VLAN requirements are propagated in this way throughout the network This allows GVRP...

Page 168: ...ing the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device...

Page 169: ...Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches s...

Page 170: ...Select any ID from the scroll down list Figure 3 73 Displaying Current VLANs Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch...

Page 171: ...4 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enabled VLAN is operational Disabled VLAN is suspended i e does not pass packets Sta...

Page 172: ...ing it to a VLAN via the GVRP protocol Notes 1 You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 131 However note that this configuration...

Page 173: ...f the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface can only have one untagged VLAN which mus...

Page 174: ...ace Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 76 VLA...

Page 175: ...ed or untagged member Acceptable Frame Type Sets the interface to accept all frame types including tagged or untagged frames or only tagged frames When set to receive all frame types any received fram...

Page 176: ...ternal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might...

Page 177: ...runk port on the service provider s egress switch the outer tag is again stripped for packet processing However the SPVLAN tag is not added when it is sent out the tunnel access port on the edge switc...

Page 178: ...are untagged the PVID VLAN native tag is added 2 If the ether type of an incoming packet single or double tagged is not equal to the TPID of the uplink port the VLAN tag is determined to be a Custome...

Page 179: ...not support IP Access Control Lists Layer 3 Quality of Service QoS and other QoS features containing Layer 3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU...

Page 180: ...area network Command Attributes 802 1Q Tunnel Sets the switch to QinQ mode and allows the QinQ tunnel port to be configured The default is for the switch to function in normal mode 802 1Q Ethernet Ty...

Page 181: ...the VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as untagged frames...

Page 182: ...provider network Web Click VLAN 802 1Q VLAN Tunnel Configuration or Tunnel Trunk Configuration Set the mode for a tunnel access port to 802 1Q Tunnel and a tunnel uplink port to 802 1Q Tunnel Uplink...

Page 183: ...1q tunnel 52 16 Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x9100 The dot1q tunnel mode of the set interface 1 2 is Upl...

Page 184: ...d from uplink ports Note that private VLANs and normal VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN...

Page 185: ...nd port 5 and 6 as downlinks Protocol VLANs You can configure VLAN behavior to support multiple protocols to allow traffic to pass through different VLANS When a packet is received at a port its VLAN...

Page 186: ...guration Configuring Protocol VLAN Interfaces Use the Protocol VLAN Port Configuration menu to set the protocol VLAN settings per port Command Attributes Interface Port or Trunk indentifier Protocol G...

Page 187: ...ity and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue b...

Page 188: ...s are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table Console config interface ethernet 1 3 4 116 Console config if switchport priority default 5 4 18...

Page 189: ...utput queue buffer Range 0 3 where 3 is the highest CoS priority queue Web Click Priority Traffic Classes Select a port or trunk for the current mapping of CoS values to output queues to be displayed...

Page 190: ...ach queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority q...

Page 191: ...nd thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications as...

Page 192: ...the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following m...

Page 193: ...IP Precedence values are mapped one to one to Class of Service values i e Precedence value 0 maps to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various a...

Page 194: ...port 1 and then displays the IP Precedence settings Note Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interface...

Page 195: ...he DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP P...

Page 196: ...TP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP...

Page 197: ...configure Quality of Service QoS classification criteria and service policies Differentiated Services DiffServ provides policy based management mechanisms used for prioritizing network resources to me...

Page 198: ...ctions cannot be enabled at the same time Thus if the user has already enabled the IP source guard function it needs to be disabled first in order for the QoS function to work and vice versa Configuri...

Page 199: ...Class Opens the Class Configuration page Enter a class name and description on this page and click Add to open the Match Class Settings page Enter the criteria used to classify ingress traffic on this...

Page 200: ...les to change the rules of an existing class Figure 3 94 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console...

Page 201: ...so note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is specifi...

Page 202: ...p Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settings on 3 155 Range CoS 0 7 DSCP 0 63 IP P...

Page 203: ...g Policy Maps CLI This example creates a policy map called rd policy sets the average bandwidth the 1 Mbps the burst rate to 1522 bps and the response to reduce the DSCP value for violating packets to...

Page 204: ...an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate...

Page 205: ...his procedure is called multicast filtering The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing...

Page 206: ...otocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive...

Page 207: ...ry for that multicast group unless a multicast router was learned on the port IGMP immediate leave improves bandwidth management for all hosts in a switched network Console config ip igmp snooping 4 2...

Page 208: ...vered by the switch or statically assigned to an interface on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast...

Page 209: ...if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join al...

Page 210: ...within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for whic...

Page 211: ...ations that require tighter control you may need to statically configure a multicast service on the switch First add all the ports attached to participating hosts to a common VLAN and then assign the...

Page 212: ...lticast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multcast groups that are permitted or denied on the port An IGMP filter profile can contai...

Page 213: ...lobally for the switch Default Disabled IGMP Profile Creates IGMP profile numbers Range 1 4294967295 Web Click IGMP Snooping IGMP Filter Configuration Create a profile number by entering the number in...

Page 214: ...ns either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the...

Page 215: ...t groups to filter and set the access mode Command Usage Each profile has only one access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multic...

Page 216: ...icast group range by entering a start and end IP address Specify a single multicast group by entering the same IP address for the start and end of the range Click the Add button to add a range to the...

Page 217: ...or disabling MVR for the switch selecting the VLAN that will serve as the sole channel for common multicast streams supported by the service provider and assigning the multicast group address for eac...

Page 218: ...tree for a normal multicast VLAN This makes it possible to support common multicast services over a wide part of the network without having to use any multicast routing protocol MVR maintains the use...

Page 219: ...e MVR VLAN Field Attributes Type Shows the MVR port type Oper Status Shows the link status MVR Status Shows the MVR status MVR status for source ports is ACTIVE if MVR is globally enabled on the switc...

Page 220: ...ormation Figure 3 107 MVR Port Information CLI This example shows information about interfaces attached to the MVR VLAN Console show mvr interface 4 221 Port Type Status Immediate Leave eth1 1 SOURCE...

Page 221: ...ed through the MVR VLAN Web Click MVR Group IP Information Figure 3 108 MVR Group IP Information CLI This example following shows information about the interfaces associated with multicast groups assi...

Page 222: ...ified in the leave message When immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if ther...

Page 223: ...enu see Configuring Global MVR Settings on page 3 175 The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multic...

Page 224: ...esolve host names into IP addresses by forwarding DNS queries to the switch and waiting for a response You can manually configure entries in the DNS table used for mapping domain names to IP addresses...

Page 225: ...Lookup Status Enables DNS host name to address translation Default Domain Name14 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List...

Page 226: ...atic table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a...

Page 227: ...ly Figure 3 112 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 4...

Page 228: ...ys 4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which...

Page 229: ...If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is...

Page 230: ...e that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filte...

Page 231: ...ption 82 it allows compatible DHCP servers to use the information when assigning IP addresses or to set other services or policies for clients When the DHCP Snooping Information Option is enabled clie...

Page 232: ...Click DHCP Snooping Information Option Configuration Figure 3 116 DHCP Snooping Information Option Configuration CLI This example enables DHCP Snooping Information Option and sets the policy as repla...

Page 233: ...binding information Command Attributes No Entry number for DHCP snooping binding information Unit Stack unit Port Port number VLAN ID ID of a configured VLAN Range 1 4094 MAC Address A valid unicast M...

Page 234: ...QoS functions cannot be enabled at the same time Thus if the user has already enabled the IP source guard function it needs to be disabled first in order for the QoS function to work and vice versa IP...

Page 235: ...119 IP Source Guard Port Configuration CLI This example shows how to enable IP source guard on port 5 Static IP Source Guard Binding Configuration Adds a static addresses to the source guard binding...

Page 236: ...his example shows how to configure a static source guard binding on port 5 Dynamic IP Source Guard Binding Information Displays the source guard binding table for a selected interface Command Attribut...

Page 237: ...itch type as long as they are connected to the same local network A switch cluster has a Commander unit that is used to manage all other Member switches in the cluster The management station can use b...

Page 238: ...network IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Command Attributes Cluster Status Ena...

Page 239: ...Cluster Member Configuration Adds Candidate switches to the cluster as Members Command Attributes Member ID Specify a Member ID number for the selected Candidate switch Range 1 16 MAC Address Select...

Page 240: ...rmation Command Attributes Member ID The ID number of the Member switch Range 1 16 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assigned to...

Page 241: ...MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 126 Cluster Candidate Information CLI This examp...

Page 242: ...t the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entere...

Page 243: ...n isolated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by perform...

Page 244: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Page 245: ...ip IP information lacp LACP statistics line TTY line information log Login records logging Logging setting mac MAC access list mac address table Configuration of the address table management Show man...

Page 246: ...he up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands...

Page 247: ...mode by entering the enable command followed by the privileged level password super page 4 26 To enter Privileged Exec mode enter the following user names and passwords Table 4 1 Command Modes Class M...

Page 248: ...bal Configuration mode enter the command configure in Privileged Exec mode The system prompt will change to Console config which gives you access privilege to all Global Configuration commands To ente...

Page 249: ...line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one...

Page 250: ...rrors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 127 Rate Limiting Controls the maximum rate for traffic transmitted or rec...

Page 251: ...login LC 4 11 password Specifies a password on a line LC 4 12 timeout login response Sets the interval that the system waits for a user to log into the CLI LC 4 13 exec timeout Sets the interval that...

Page 252: ...rial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 18 show users 4 61 login This co...

Page 253: ...vers Example Related Commands username 4 25 password 4 12 password This command specifies the password for a line Use the no form to remove the password Syntax password 0 7 password no password 0 7 0...

Page 254: ...led 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command...

Page 255: ...Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command Related Commands silent time 4 15 ti...

Page 256: ...ement console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Syntax silent tim...

Page 257: ...character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 16 parity This command defines the generation of a par...

Page 258: ...age Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed...

Page 259: ...fier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 40 show users 4 61...

Page 260: ...sabled Login timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec consol...

Page 261: ...20 enable password 4 26 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet st...

Page 262: ...e Command Mode Privileged Exec Example Related Commands end 4 22 show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exe...

Page 263: ...o retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command rese...

Page 264: ...n mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both e...

Page 265: ...basic user names and passwords for management access 4 25 IP Filter Configures IP addresses that are allowed management access 4 27 Web Server Enables management access via a web browser 4 29 Telnet S...

Page 266: ...cation via a remote authentication server page 4 70 and host access authentication for specific ports page 4 81 username This command adds named users requires authentication at login specifies or cha...

Page 267: ...encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Exa...

Page 268: ...o need for you to manually configure encrypted passwords Example Related Commands enable 4 19 authentication enable 4 72 IP Filter Commands management This command specifies the client IP addresses th...

Page 269: ...entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter t...

Page 270: ...ess End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 TELNET Client Start IP ad...

Page 271: ...PS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default S...

Page 272: ...n page 3 53 Also refer to the copy command on page 4 64 Example Related Commands ip http secure port 4 31 copy tftp https certificate 4 64 ip http secure port This command specifies the UDP port numbe...

Page 273: ...use the default port Syntax ip telnet port port number no ip telnet port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 23 Command Mode Global Configuratio...

Page 274: ...a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a public key that the client must match along with a local user name and password for access auth...

Page 275: ...3674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 519417467729848654686157177393901647793...

Page 276: ...n access The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is...

Page 277: ...he default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configurati...

Page 278: ...iguration Example Related Commands show ip ssh 4 40 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key si...

Page 279: ...rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage This command stores the host key pair in memory i e RAM Use the ip ssh sa...

Page 280: ...s the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Rela...

Page 281: ...y dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Enc...

Page 282: ...sed by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options...

Page 283: ...ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBr...

Page 284: ...story 4 44 clear logging 4 46 Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 43 logging history Limits syslog messages saved to switch...

Page 285: ...ode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 18 Logging Levels Level...

Page 286: ...ets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the sysl...

Page 287: ...44 Default Setting Enabled Level 6 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved U...

Page 288: ...ting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the message level for RAM i...

Page 289: ...ow logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP addre...

Page 290: ...1 01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00 54 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 2 00 00 50 2001 01 01 STA top...

Page 291: ...process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger ale...

Page 292: ...r the switch Example This example will set the source email john acme com logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a r...

Page 293: ...iguration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Co...

Page 294: ...om time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001...

Page 295: ...time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time sync...

Page 296: ...sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exe...

Page 297: ...enwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone i...

Page 298: ...None Command Mode Privileged Exec Console calendar set 15 12 34 1 April 2004 Console Console show calendar 15 12 43 April 1 2004 Console Table 4 23 System Status Commands Command Function Mode Page sh...

Page 299: ...nfiguration settings for each interface IP address configured for the switch Spanning tree settings Any configured settings for the console port and Telnet Example Console show startup config building...

Page 300: ...ry This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the followi...

Page 301: ...erver community private rw SNMP server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest passwo...

Page 302: ...name idle time and IP address of Telnet client Default Setting None Command Mode Normal Exec Privileged Exec Console show system System Description TL SG5426 System OID String 1 3 6 1 4 1 11863 6 10...

Page 303: ...Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 11 for detailed information on the items displayed by this command Console show users Username accounts Username Privileg...

Page 304: ...he source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes mu...

Page 305: ...quality of the network connection Syntax copy file file running config startup config tftp unit copy running config file startup config tftp copy startup config file running config tftp copy tftp fil...

Page 306: ...nly two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default co...

Page 307: ...file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Progra...

Page 308: ...ileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number...

Page 309: ...mmand dir without any parameters the system displays all files A colon is required after the specified unit number File information is shown below Example The following example shows how to display al...

Page 310: ...em This command specifies the image used to start up the system Syntax boot system unit boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config...

Page 311: ...system config startup Console config Table 4 27 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 70 RADIUS Client Confi...

Page 312: ...e server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and p...

Page 313: ...nd mode to Privileged Exec command mode with the enable command see page 4 19 Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use...

Page 314: ...If the TACACS server is not available the local user name and password is checked Example Related Commands enable password sets the password for changing command modes 4 26 RADIUS Client Remote Authen...

Page 315: ...sages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the...

Page 316: ...Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of...

Page 317: ...lt Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Con...

Page 318: ...tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server netwo...

Page 319: ...spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server De...

Page 320: ...the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number o...

Page 321: ...et the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port moni...

Page 322: ...dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 4 82 dot1x port control Sets...

Page 323: ...d Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized fo...

Page 324: ...Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The m...

Page 325: ...he no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits af...

Page 326: ...le dot1x timeout tx period This command sets the time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the defaul...

Page 327: ...e This command displays the following information Global 802 1X Parameters Shows whether or not 802 1X port authentication is globally enabled on the switch 802 1X Port Summary Displays the port acces...

Page 328: ...le or multiple hosts clients can connect to an 802 1X authorized port Max Count The maximum number of hosts allowed to access this port page 4 83 Port control Shows the dot1x mode on a port as auto fo...

Page 329: ...disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authoriz...

Page 330: ...d on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number The following restrictions apply to...

Page 331: ...y command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a p...

Page 332: ...ntaining four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP ad...

Page 333: ...end Upper bound of the protocol port range Range 0 65535 Default Setting None Command Mode Extended ACL Command Usage All new rules are appended to the end of the list Address bitmasks are similar to...

Page 334: ...gth 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 91 ip access group 4 93 ip access group This command binds a port to an IP ACL Use the no form to remove the port...

Page 335: ...he permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the e...

Page 336: ...nation address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no pe...

Page 337: ...om any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 4 95 show mac access list This command displays the rules for co...

Page 338: ...A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show mac a...

Page 339: ...e a mask for an ACL rule before you can bind it to a port Example Related Commands show ip access list 4 93 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privilege...

Page 340: ...le 4 36 ACL Information Command Function Mode Page show access list Show all ACLs and associated rules PE 4 99 show access group Shows the ACLs assigned to each port PE 4 99 Console show access list I...

Page 341: ...s Command Function Mode Page snmp server Enables the SNMP agent GC 4 101 show snmp Displays the status of SNMP communications NE PE 4 101 snmp server community Sets up the community access string to p...

Page 342: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Page 343: ...nt stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent e...

Page 344: ...at describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 103 snmp server locatio...

Page 345: ...0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like...

Page 346: ...re that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to networ...

Page 347: ...thentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Page 348: ...nt SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords t...

Page 349: ...shows the default engine ID Console config snmp server engine id local 12345abcdef Console config snmp server engineID remote 54321fedcba Console config Console show snmp engine id Local SNMP engineI...

Page 350: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefin...

Page 351: ...Simple Network Management Protocol on page 5 1 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines th...

Page 352: ...thm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages supported...

Page 353: ...s active Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview W...

Page 354: ...1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password...

Page 355: ...for the remote device where the user resides The remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configur...

Page 356: ...e mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description Field Description EngineId String identifying...

Page 357: ...ption Adds a description to an interface configuration IC 4 117 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 117 negotiation Enable...

Page 358: ...following example adds a description to port 24 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the def...

Page 359: ...negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiatio...

Page 360: ...ll Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause fr...

Page 361: ...802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface Whe...

Page 362: ...and Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem...

Page 363: ...specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all...

Page 364: ...ars statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit Stack unit Range Unit 1 port...

Page 365: ...e items displayed by this command see Showing Port Statistics on page 3 95 Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 12 CF 12...

Page 366: ...t 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment...

Page 367: ...d the current rate limit page 4 129 Egress rate limit Shows if egress rate limiting is enabled and the current rate limit page 4 129 VLAN membership mode Indicates membership mode as Trunk or Hybrid p...

Page 368: ...d Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossi...

Page 369: ...ommand Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX Example The following shows mirroring configured from po...

Page 370: ...ffic is dropped conforming traffic is forwarded without any changes rate limit Use this command to define the rate limit level for a specific interface Use this command without specifying a rate to re...

Page 371: ...erating at full duplex Table 4 46 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode f...

Page 372: ...ty Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this ke...

Page 373: ...ll duplex and auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connect...

Page 374: ...ership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Co...

Page 375: ...ey Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate...

Page 376: ...during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system...

Page 377: ...h the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP set...

Page 378: ...r of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addr...

Page 379: ...ection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol inform...

Page 380: ...e partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin State Administrative values of the par...

Page 381: ...umber Range 1 26 port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No s...

Page 382: ...this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configure...

Page 383: ...t 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 819...

Page 384: ...ng time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 Console config Cons...

Page 385: ...ng tree instance MST 4 151 name Configures the name for the multiple spanning tree MST 4 152 revision Configures the revision number for the multiple spanning tree MST 4 153 max hops Configures the ma...

Page 386: ...rovide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command sele...

Page 387: ...To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tre...

Page 388: ...ning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree h...

Page 389: ...t for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the...

Page 390: ...t method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifi...

Page 391: ...bal Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mod...

Page 392: ...d to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST region This switch supports up to 58 instances You should try to group VLANs which cover the same general area...

Page 393: ...cifying a priority of 16384 Example name This command configures the name for the multiple spanning tree region in which this switch is located Use the no form to clear the name Syntax name name name...

Page 394: ...in the same region must be configured with the same MST instances Example Related Commands name 4 152 max hops This command configures the maximum number of hops in the region before a BPDU is discard...

Page 395: ...command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cost cost no spanning tree cost cost The path cost for the port R...

Page 396: ...ommand configures the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree port priority priority The priority for a...

Page 397: ...vers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconf...

Page 398: ...mand may be removed for future software versions Example Related Commands spanning tree edge port 4 156 spanning tree link type This command configures the link type for Rapid Spanning Tree and Multip...

Page 399: ...eed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duple...

Page 400: ...Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a s...

Page 401: ...mpatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP comp...

Page 402: ...items displayed under Spanning tree information see Configuring Global Settings on page 3 128 For a description of the items displayed for specific interfaces see Displaying Interface Settings on page...

Page 403: ...al oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwar...

Page 404: ...he configuration for bridge extension MIB 4 163 Editing VLAN Groups Sets up VLAN groups including name VID and state 4 167 Configuring VLAN Interfaces Configures VLAN interface parameters including in...

Page 405: ...cal switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Informat...

Page 406: ...P is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range Unit 1 port Port number Range 1 26 port channel channel id Range 1 4 Default Setting Shows both...

Page 407: ...RP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These va...

Page 408: ...n database This command enters VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration Console show garp timer ethernet 1 1 Eth...

Page 409: ...or delete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4094 no leading zeroes name Keyword to be foll...

Page 410: ...Table 4 56 Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN GC 4 169 switchport mode Configures VLAN membership mode for...

Page 411: ...port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames private vlan For an exp...

Page 412: ...default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 170 switchport ingress filtering This command enabl...

Page 413: ...ve vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Us...

Page 414: ...ged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to a VLAN as untagged If a trunk has switchport mode...

Page 415: ...designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage Th...

Page 416: ...ANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Table 4 57 Show VLAN Commands Command Function Mode Page show vlan Shows VLAN inf...

Page 417: ...y 802 1Q tagged frames The standard ethertype value is 0x8100 See switchport dot1q tunnel tpid page 4 178 5 Configure the QinQ tunnel access port to join the SPVLAN as an untagged member switchport al...

Page 418: ...tunnel mode access uplink no switchport dot1q tunnel mode access Sets the port as an 802 1Q tunnel access port uplink Sets the port as an 802 1Q tunnel uplink port Default Setting Disabled Command Mod...

Page 419: ...d interface This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example 0x1234 is set as the cus...

Page 420: ...fig if end Console show dot1q tunnel Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x8100 The dot1q tunnel mode of the set...

Page 421: ...multaneously within the same switch Entering the pvlan command without any parameters enables the private VLAN Entering no pvlan disables the private VLAN Example This example enables the private VLAN...

Page 422: ...the protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protoc...

Page 423: ...vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Co...

Page 424: ...All protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet show interfaces protocol vlan protocol group This command shows the...

Page 425: ...an ID Eth 1 1 1 vlan2 Console Table 4 61 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service ta...

Page 426: ...n a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relativ...

Page 427: ...with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frame...

Page 428: ...re 0 to 3 where 3 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the hi...

Page 429: ...Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Console config...

Page 430: ...uration This command enables IP DSCP mapping i e Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Console show queue bandwidth Queue ID Weight 0 1 1 2 2 4 3 8 Cons...

Page 431: ...ferentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class...

Page 432: ...to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip dscp This comma...

Page 433: ...ANs Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Note Due to a chip limitation IP source guard and Quality of Service only for...

Page 434: ...es 1 You can configure up to 16 rules per Class Map You can also include multiple classes in a Policy Map 2 You should create a Class Map page 4 194 before creating a Policy Map page 4 195 Otherwise y...

Page 435: ...mands are permitted per class map The class map is used with a policy map page 4 195 to create a service policy page 4 199 for a specific interface that defines packet classification service tagging a...

Page 436: ...ked for IP Precedence service value 5 This example creates a class map call rd_class 3 and sets it to match packets marked for VLAN 1 policy map This command creates a policy map that can be attached...

Page 437: ...fication upon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map and return to Policy Map configuration mode Syntax no class class map name cla...

Page 438: ...new dscp New Differentiated Service Code Point DSCP value Range 0 63 new precedence New IP Precedence value Range 0 7 Default Setting None Command Mode Policy Map Class Configuration Example This exam...

Page 439: ...MAC ACL IP ACL including Standard ACL and Extended ACL Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is specified by the burst byte field an...

Page 440: ...et Port Channel Command Usage You can only assign one policy map to an interface You must first define a class map then define a policy map and finally use the service policy command to bind the polic...

Page 441: ...e Privileged Exec Example show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface ethernet uni...

Page 442: ...4 201 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 206 Static Multicast Routing Configures static multicast router ports 4 209 IGMP Filtering and Throttling Configu...

Page 443: ...orm to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stac...

Page 444: ...tch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 ip...

Page 445: ...g table without first sending an IGMP group specific query to the interface Upon receiving a group specific IGMPv2 leave message the switch immediately removes the interface from the Layer 2 forwardin...

Page 446: ...nd Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The following shows the multicast entries learned through IGMP snooping for VLAN...

Page 447: ...p igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from t...

Page 448: ...have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 208 ip igmp snooping query interval This co...

Page 449: ...ponded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicas...

Page 450: ...the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit Stack unit Range Unit 1 port Port numbe...

Page 451: ...how ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID...

Page 452: ...eports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the...

Page 453: ...on Command Usage A profile defines the multicast groups that a subscriber is permitted or denied to join The same profile can be applied to many interfaces but only one profile can be assigned to one...

Page 454: ...or the end of a multicast group range Default Setting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address...

Page 455: ...ps number The maximum number of multicast groups an interface can join at the same time Range 0 64 Default Setting 64 Command Mode Interface Configuration Command Usage IGMP throttling sets a maximum...

Page 456: ...place If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group...

Page 457: ...erface This command displays the interface settings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit Stack unit Range 1 Console show ip igmp filte...

Page 458: ...for a normal multicast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers...

Page 459: ...VR group address is defined The default number of contiguous addresses is 0 MVR VLAN ID is 1 Command Mode Global Configuration Command Usage Use the mvr group command to statically configure all multi...

Page 460: ...port that can receive multicast data source Configure the interface as an uplink port that can send and receive multicast data for the configured multicast groups immediate Configures the switch to i...

Page 461: ...immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if there are any remaining subscribers...

Page 462: ...play the global settings for MVR Use the interface keyword to display information about interfaces attached to the MVR VLAN Or use the members keyword to display information about multicast groups ass...

Page 463: ...ving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or disabled Console show mvr mem...

Page 464: ...bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configuration VLAN Command Usage You must assign an IP address to this device to gain...

Page 465: ...riginal IP address and this becomes the new management VLAN Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart 4 225 ip default gateway This...

Page 466: ...ount Number of packets to send Range 1 16 default 5 Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if anoth...

Page 467: ...ip source guard This command configures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address Use the no form to disable this function Console...

Page 468: ...in the source guard binding table Table entries include a MAC address IP address lease time entry type Static IP SG Binding Dynamic DHCP Binding Static DHCP Binding VLAN identifier and port identifie...

Page 469: ...s interface ethernet unit port no ip source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ip address A valid unicast IP ad...

Page 470: ...new entry will replace the old one and the entry type will be changed to static IP source guard binding Example This example configures a static source guard binding on port 5 Related Commands ip sou...

Page 471: ...show ip source guard binding MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console Table 4 78 DHCP Snooping Commands Command Function Mode Page...

Page 472: ...e DHCP packet is received but the port is not trusted it is processed as follows If the DHCP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If th...

Page 473: ...Mode Global Configuration Command Usage When DHCP snooping enabled globally using the ip dhcp snooping command page 4 231 and enabled on a VLAN with this command DHCP packet filtering will be perform...

Page 474: ...g enabled globally using the ip dhcp snooping command page 4 231 and enabled on a VLAN with this command DHCP packet filtering will be performed on any untrusted ports within the VLAN according to the...

Page 475: ...s verification Related Commands ip dhcp snooping 4 231 ip dhcp snooping vlan 4 233 ip dhcp snooping trust 4 234 ip dhcp snooping information option This command enables the DHCP Option 82 information...

Page 476: ...Syntax ip dhcp snooping information policy drop keep replace drop Discards the Option 82 information in a packet and then floods it to the entire VLAN keep Retains the client s DHCP information repla...

Page 477: ...e Commander throught its IP address and the Commander manages Member switches using cluster internal IP addresses There can be up to 16 Member switches in one cluster Cluster switches are limited to w...

Page 478: ...tween Member switches and the Commander Switch clusters are limited to a single IP subnet Layer 2 domain A switch can only be a Member of one cluster Configured switch clusters are maintained across p...

Page 479: ...orm to reset to the default address Syntax cluster ip pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x...

Page 480: ...nd Mode Global Configuration Command Usage The maximum number of cluster Members is 16 The maximum number of switch Candidates is 100 Example rcommand This command provides access to a cluster Member...

Page 481: ...ommand Mode Privileged Exec Example Vty 0 rcommand id 1 CLI session with the TL SG5426 is opened To end the CLI session enter Exit Vty 0 Console show cluster Role commander Interval heartbeat 30 Heart...

Page 482: ...command shows the discovered Candidate switches in the network Command Mode Privileged Exec Example Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE MEMBER 00 12 cf 23 49...

Page 483: ...a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input limit Output limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggreg...

Page 484: ...agement RS 232 console port Software Loading TFTP in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm...

Page 485: ...oup MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB Quality...

Page 486: ...Software Specifications A 4 A...

Page 487: ...the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum...

Page 488: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Page 489: ...Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding T...

Page 490: ...comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC bridges inc...

Page 491: ...t of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts Layer 2 Data Link layer in...

Page 492: ...the target port to be studied unobstructively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lo...

Page 493: ...he shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Cont...

Page 494: ...less of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located...

Page 495: ...the client will be based on this new domain Example In the following example the device is reassigned the same address Related Commands ip address 4 223 show ip interface This command displays the se...

Page 496: ...189 queue mapping 3 145 4 187 queue mode 3 147 4 185 traffic class weights 3 148 4 186 D default gateway configuration 3 14 4 224 default priority ingress port 3 144 4 185 default settings system 1 6...

Page 497: ...entries 4 229 setting filter criteria 4 227 J jumbo frame 4 63 L LACP local parameters 4 136 partner parameters 4 136 protocol message statistics 4 136 link type STA 3 113 3 115 3 117 3 119 3 122 4 15...

Page 498: ...he system 3 30 4 22 RSTP 3 102 4 145 global configuration 3 105 4 145 S secure shell 3 54 4 33 configuration 3 54 4 36 4 37 serial port configuring 4 10 show dot1q tunnel 4 178 Simple Network Manageme...

Page 499: ...B 1 trunk configuration 3 80 4 130 LACP 3 82 4 132 static 3 81 4 131 U upgrading software 3 18 user password 3 46 4 25 4 26 V VLANs 3 122 3 142 3 144 4 163 802 1Q tunnel mode 3 138 adding static membe...

Reviews:

No comments

Related manuals for TL-SG5426 -

ePowerSwitch 8M+R2

Brand: Neol Pages: 74

Brand: Techroutes Pages: 22

Brand: Siqura Pages: 2

Brand: TRENDnet Pages: 12

Brand: Datavideo Pages: 38

Brand: Zamel Pages: 2

Brand: Cabletron Systems Pages: 170

Brand: LevelOne Pages: 35

Brand: DX Engineering Pages: 4

Brand: hager Pages: 18

EDS-2005-EL Series

Brand: Moxa Technologies Pages: 14

Brand: PairGain Pages: 20

Brand: Accton Technology Pages: 7

Brand: Qlogic Pages: 8

Brand: TRENDnet Pages: 95

ServeView Pro SEB-8UB

Brand: Rose electronics Pages: 2

Brand: Lantech Pages: 108

Brand: Abus Pages: 188

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands