Accton Technology 24/48 10/100 Ports + 2GE Скачать руководство пользователя страница 325 | Manualshive

Страница: 325 / 512

Accton Technology 24/48 10/100 Ports + 2GE Скачать руководство пользователя страница 325

Authentication Commands

4-83

4

Syntax

tacacs-server key

key_string

no tacacs-server key

key_string

- Encryption key used to authenticate logon access for the

client. Do not use blank spaces in the string.
(Maximum length: 20 characters)

Default Setting

None

Command Mode

Global Configuration

Example

show tacacs-server

This command displays the current settings for the server.

Default Setting

None

Command Mode

Privileged Exec

Example

Console(config)#tacacs-server key green
Console(config)#

Console#show tacacs-server
Remote TACACS server configuration:
Server IP address: 10.11.12.13
Communication key with TACACS server: *****
Server port number: 49
Console#

«
...
323
324
325
326
327
...
»

Содержание 24/48 10/100 Ports + 2GE

Страница 1: ...Powered by Accton www edge core com Management Guide 24 48 10 100 Ports 2GE Intelligent Layer 2 Fast Ethernet Switch...

Страница 2: ......

Страница 3: ...Management Guide Fast Ethernet Switch Layer 2 Standalone Switch with 24 48 10 100BASE TX RJ 45 Ports and 2 Combination Gigabit Ports RJ 45 SFP...

Страница 4: ...ES3526XA ES3552XA F2 2 6 3 E122006 CS R02 149100005500H...

Страница 5: ...2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Saving Configuration Settings 2 8 Managing System Files 2 9 Chapter 3 Configuring the Switch 3 1 Using the Web Inter...

Страница 6: ...3 44 Configuring SNMPv3 Users 3 45 Configuring Remote SNMPv3 Users 3 47 Configuring SNMPv3 Groups 3 49 Setting SNMPv3 Views 3 53 User Authentication 3 54 Configuring User Accounts 3 54 Configuring Lo...

Страница 7: ...6 Configuring Rate Limits 3 107 Rate Limit Granularity 3 107 Rate Limit Configuration 3 108 Showing Port Statistics 3 109 Address Table Settings 3 114 Setting Static Addresses 3 114 Displaying the Add...

Страница 8: ...abling IGMP Immediate Leave 3 173 Displaying Interfaces Attached to a Multicast Router 3 174 Specifying Static Interfaces for a Multicast Router 3 175 Displaying Port Members of Multicast Services 3 1...

Страница 9: ...5 Using Command History 4 5 Understanding Command Modes 4 5 Exec Commands 4 6 Configuration Commands 4 7 Command Line Processing 4 8 Command Groups 4 9 Line Commands 4 11 line 4 11 login 4 12 passwor...

Страница 10: ...authentication retries 4 38 ip ssh server key size 4 39 delete public key 4 39 ip ssh crypto host key generate 4 40 ip ssh crypto zeroize 4 40 ip ssh save host key 4 41 show ip ssh 4 41 show ssh 4 42...

Страница 11: ...Frame Size Commands 4 69 jumbo frame 4 69 Flash File Commands 4 70 copy 4 70 delete 4 73 dir 4 73 whichboot 4 74 boot system 4 75 Authentication Commands 4 76 Authentication Sequence 4 76 authenticati...

Страница 12: ...authentication reauth time 4 98 clear network access 4 99 show network access 4 99 show network access mac filter 4 100 show network access mac address table 4 100 Access Control List Commands 4 102...

Страница 13: ...gotiation 4 133 capabilities 4 134 flowcontrol 4 135 shutdown 4 136 switchport broadcast packet rate 4 137 clear counters 4 137 show interfaces status 4 138 show interfaces counters 4 139 show interfa...

Страница 14: ...spanning disabled 4 170 spanning tree cost 4 170 spanning tree port priority 4 171 spanning tree edge port 4 172 spanning tree portfast 4 173 spanning tree link type 4 173 spanning tree mst cost 4 17...

Страница 15: ...bandwidth 4 202 show queue cos map 4 203 Priority Commands Layer 3 and 4 4 204 map ip port Global Configuration 4 204 map ip port Interface Configuration 4 205 map ip precedence Global Configuration...

Страница 16: ...mp throttle interface 4 227 Multicast VLAN Registration Commands 4 227 mvr Global Configuration 4 228 mvr Interface Configuration 4 229 show mvr 4 230 Domain Name Service Commands 4 233 ip host 4 233...

Страница 17: ...252 show cluster members 4 253 show cluster candidates 4 253 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Append...

Страница 18: ...Contents xiv...

Страница 19: ...and Line Processing 4 8 Table 4 4 Command Groups 4 9 Table 4 5 Line Commands 4 11 Table 4 6 General Commands 4 20 Table 4 7 System Management Commands 4 25 Table 4 8 Device Designation Commands 4 25 T...

Страница 20: ...142 Table 4 48 Rate Limit Commands 4 144 Table 4 49 Link Aggregation Commands 4 146 Table 4 50 show lacp counters display description 4 153 Table 4 51 show lacp internal display description 4 154 Tabl...

Страница 21: ...cription 4 231 Table 4 76 show mvr members display description 4 232 Table 4 75 show mvr interface display description 4 232 Table 4 77 DNS Commands 4 233 Table 4 78 show dns cache display description...

Страница 22: ...Tables xviii...

Страница 23: ...Alerts 3 33 Figure 3 20 Resetting the System 3 34 Figure 3 21 SNTP Configuration 3 35 Figure 3 22 NTP Client Configuration 3 37 Figure 3 23 Setting the System Clock 3 38 Figure 3 24 Enabling the SNMP...

Страница 24: ...rt Configuration 3 107 Figure 3 63 Rate Limit Granularity Configuration 3 108 Figure 3 64 Output Rate Limit Port Configuration 3 109 Figure 3 65 Port Statistics 3 113 Figure 3 66 Static Addresses 3 11...

Страница 25: ...uter Port Configuration 3 175 Figure 3 102 IP Multicast Registration Table 3 176 Figure 3 103 IGMP Member Port Table 3 177 Figure 3 104 Enabling IGMP Filtering and Throttling 3 179 Figure 3 105 IGMP P...

Страница 26: ...Figures xxii...

Страница 27: ...P or MAC ACLs DHCP Client Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One port mirrored to a single analysis po...

Страница 28: ...ght to access the network via an authentication server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Telnet equivalent con...

Страница 29: ...ching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 8K addresses Store and Forward Switching The switch copies each frame in...

Страница 30: ...me VLAN and allowing you to limit the total number of VLANs that need to be configured Traffic Prioritization This switch prioritizes each packet based on the required level of service using four prio...

Страница 31: ...one Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Pa...

Страница 32: ...ing Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port in...

Страница 33: ...s Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 6 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled Table 1 2 System Defaults...

Страница 34: ...Introduction 1 8 1...

Страница 35: ...nsole port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch to b...

Страница 36: ...end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud rate to...

Страница 37: ...s to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program prov...

Страница 38: ...ion for the switch to obtain management access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If you...

Страница 39: ...therefore need to use the ip dhcp restart command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values ca...

Страница 40: ...rovide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that pro...

Страница 41: ...re no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a...

Страница 42: ...rk Management Protocol on page 3 38 or refer to the specific CLI commands for SNMP starting on page 4 116 Saving Configuration Settings Configuration commands only modify the running configuration fil...

Страница 43: ...after boot up also known as run time code This code runs the switch operations and provides the CLI and Web management interfaces See Managing Firmware on page 3 19 for more information Diagnostic Co...

Страница 44: ...Initial Configuration 2 10 2...

Страница 45: ...Set user names and passwords using an out of band serial connection Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwor...

Страница 46: ...When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the...

Страница 47: ...y visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web age...

Страница 48: ...emory 3 20 Set Startup Sets the startup file 3 20 Line 3 24 Console Sets console port connection parameters 3 24 Telnet Sets Telnet connection parameters 3 26 Log 3 28 Logs Stores and displays error m...

Страница 49: ...filters 3 79 ACL 3 82 Configuration Configures packet filtering based on IP or MAC addresses 3 82 Port Binding Binds a port to the specified ACL 3 88 IP Filter Sets IP addresses of clients allowed man...

Страница 50: ...plays STA values used for the bridge 3 119 Configuration Configures global bridge settings for STA and RSTP 3 123 Port Information Displays individual port settings for STA 3 127 Trunk Information Dis...

Страница 51: ...nk 3 158 Traffic Classes Maps IEEE 802 1p priority tags to output queues 3 160 Traffic Classes Status Enables disables traffic class priorities not implemented NA Queue Mode Sets queue mode to strict...

Страница 52: ...3 181 IGMP Filter Throttling Trunk Configuration Assigns IGMP filter profiles to trunk interfaces and sets throttling settings 3 181 MVR Configuration Globally enables MVR sets the MVR VLAN adds mult...

Страница 53: ...Adds switch Members to the cluster 3 195 Member Information Displays cluster Member switch information 3 196 Candidate Information Displays network Candidate switch information 3 197 Table 3 2 Main M...

Страница 54: ...is switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enable...

Страница 55: ...er of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Combination RJ 45 SFP ports Console config hostname R D 5 4 26 Console config snmp serv...

Страница 56: ...3 4 Displaying Switch Information CLI Use the following command to display version information Console show version 4 68 Unit 1 Serial number S542021059 Service tag Hardware version R01A Module A type...

Страница 57: ...ering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 114 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering datab...

Страница 58: ...been assigned an IP address IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP...

Страница 59: ...tatic enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config...

Страница 60: ...nsole connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart co...

Страница 61: ...llows compatible DHCP servers to use the information when assigning IP addresses or to set other services or policies for clients Using DHCP Relay Option 82 clients can be identified by the VLAN and s...

Страница 62: ...cify at least one DHCP server IP address Click Apply Figure 3 8 DHCP Relay Option 82 Configuration CLI This example enables DHCP relay with Option 82 and sets the policy as replace Console config ip d...

Страница 63: ...erver tftp to file Copies a file from a TFTP server to the switch file to unit1 Copies a file from this switch to another unit in the stack unit to file1 Copies a file from another unit in the stack t...

Страница 64: ...the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the cur...

Страница 65: ...enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmware enter the reload comma...

Страница 66: ...on to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies...

Страница 67: ...ftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then...

Страница 68: ...e 0 65535 seconds Default 0 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system int...

Страница 69: ...a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Defa...

Страница 70: ...out interval the connection is terminated for the session Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not...

Страница 71: ...es a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt De...

Страница 72: ...tem Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 6 to be logged to RA...

Страница 73: ...the show logging command to display the current settings Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Norma...

Страница 74: ...type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Ran...

Страница 75: ...nfig logging host 192 168 1 15 4 46 Console config logging facility 23 4 46 Console config logging trap 4 4 47 Console config end Console show logging trap 4 47 Syslog logging Enabled REMOTELOG status...

Страница 76: ...h or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 29 used to trigger alert messages All events at this level or high...

Страница 77: ...y level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Spe...

Страница 78: ...e the reload command to restart the switch When prompted confirm that you want to reset the switch Note When restarting the system it will always run the Power On Self Test Console config logging send...

Страница 79: ...ides more reliable time updates since the updates are collected from many NTP servers then filtered and selected using an algorithm that determines the most accurate time The NTP client also uses auth...

Страница 80: ...P server to be polled The switch requests an update from all configured servers then determines the most accurate time update from the responses received Version Specifies the NTP version supported by...

Страница 81: ...2 168 5 23 version 3 key 19 Console config ntp poll 60 4 58 Console config ntp client 4 57 Console config ntp authenticate 4 59 Console config exit Console show ntp 4 60 Current time Jan 1 02 58 58 20...

Страница 82: ...23 Setting the System Clock CLI This example shows how to set the time zone for the system clock Simple Network Management Protocol SNMP is a communication protocol designed specifically for managing...

Страница 83: ...reading and writing which are known as views The switch has a default view all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and...

Страница 84: ...anagers should be listed in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strin...

Страница 85: ...or encryption options authNoPriv or authPriv the user name must first be defined in the SNMPv3 Users page page 3 45 Otherwise the authentication password and or privacy password will not exist and the...

Страница 86: ...in the Trap Managers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version...

Страница 87: ...s for Authentication and Link up down traps and then click Apply Figure 3 26 Configuring SNMP Trap Managers CLI This example adds a trap manager and enables authentication traps Configuring SNMPv3 Man...

Страница 88: ...than 26 characters are specified trailing zeroes are added to the value For example the value 1234 is equivalent to 1234 followed by 22 zeroes Web Click SNMP SNMPv3 Engine ID Enter an ID of up to 26...

Страница 89: ...level and assigned to a group The SNMPv3 group restricts users to a specific read write or notify view Command Attributes User Name The name of user connecting to the SNMP agent Range 1 32 characters...

Страница 90: ...sword A minimum of eight plain text characters is required Actions Enables the user to be assigned to another SNMPv3 group Web Click SNMP SNMPv3 Users Click New to configure a user name In the New Use...

Страница 91: ...t on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 3 44 Remote I...

Страница 92: ...f eight plain text characters is required Web Click SNMP SNMPv3 Remote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to save the c...

Страница 93: ...SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication a...

Страница 94: ...ntity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent state This...

Страница 95: ...with the master board version This trap binds two objects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 259...

Страница 96: ...k Delete Figure 3 31 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and wri...

Страница 97: ...in the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view W...

Страница 98: ...ing User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign...

Страница 99: ...nt from the list Web Click Security User Accounts To configure a new user account specify a user name select the user s access level then enter a password and confirm it Click Add to save the new user...

Страница 100: ...e packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the auth...

Страница 101: ...Network UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank s...

Страница 102: ...thentication login radius 4 76 Console config radius server port 181 4 79 Console config radius server key green 4 79 Console config radius server retransmit 5 4 80 Console config radius server timeou...

Страница 103: ...status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Rep...

Страница 104: ...obtain a unique certificate and a private key and password from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at...

Страница 105: ...uthentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settings pa...

Страница 106: ...ble the SSH server on the switch 6 Challenge Response Authentication When an SSH client attempts to contact the switch the SSH server uses the host key pair to negotiate a session key and encryption m...

Страница 107: ...andard DSS The last string is the encoded modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default RSA The SSH s...

Страница 108: ...320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 6032591968369705343933643844522333518828717389689451172929051081...

Страница 109: ...0 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authenti...

Страница 110: ...frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table page 3 114 When the port has reached the maximum number of MAC addresses th...

Страница 111: ...nt The maximum number of MAC addresses that can be learned on a port Range 0 1024 where 0 means disabled Trunk Trunk number if port is a member page 3 94 and 3 95 Web Click Security Port Security Mark...

Страница 112: ...only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the RADIUS se...

Страница 113: ...AEGIS dot1x client or other comparable client software Displaying 802 1X Global Settings The 802 1X protocol provides client authentication Command Attributes 802 1X System Authentication Control The...

Страница 114: ...itch and authentication server These parameters are described in this section Command Attributes Port Port number Status Indicates if authentication is enabled or disabled on the port Default Disabled...

Страница 115: ...uire a new client Range 1 65535 seconds Default 60 seconds Re authen Period Sets the time period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX P...

Страница 116: ...2 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 52 disabl...

Страница 117: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx E...

Страница 118: ...itch enables network access from these devices to be controlled by authenticating device MAC addresses with a central RADIUS server Note MAC authentication 802 1X and port security cannot be configure...

Страница 119: ...VLAN identifier list to be applied to the switch port The following attributes need to be configured on the RADIUS server Tunnel Type VLAN Tunnel Medium Type 802 Tunnel Private Group ID 1u 2t VLAN ID...

Страница 120: ...ilter ID Applies a MAC address filter to a port interface MAC address filters must first be created from the MAC Filter Configuration page Only one filter can be applied to a port Default No filters a...

Страница 121: ...entries can be displayed and selected entries can be removed from the table Command Attributes Network Access MAC Address Count The number of MAC addresses currently in the secure MAC address table C...

Страница 122: ...ress MAC Address The authenticated MAC address RADIUS Server The IP address of the RADIUS server that authenticated the MAC address Time The time when the MAC address was last authenticated Attribute...

Страница 123: ...t MAC address filters or a specific filter configuration Add Remove Specify a filter ID and MAC address to create a filter Specify the same filter ID with other MAC addresses to add them to the filter...

Страница 124: ...ng addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addr...

Страница 125: ...Figure 3 47 Creating a Web IP Filter List CLI This example allows SNMP access for a specific client Console config management snmp client 10 1 2 3 4 29 Console config end Console show management all c...

Страница 126: ...ts against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match for a list of all permit rul...

Страница 127: ...ype There are three filtering modes Standard IP ACL mode that filters packets based on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well...

Страница 128: ...te match and 0 bits to indicate ignore The mask is bitwise ANDed with the specified source IP address and compared with the address for each IP packet entering the port s to which this ACL has been as...

Страница 129: ...pe to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified pro...

Страница 130: ...packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2...

Страница 131: ...matted packets Range 0 65535 A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Web Specify the action i e Permit o...

Страница 132: ...t to a port This switch only supports ACLs for ingress filtering You can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering Command Attributes Port Fixed port or SFP modul...

Страница 133: ...es if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back P...

Страница 134: ...d for a port during auto negotiation To access this item on the web see Configuring Interface Connections on page 3 48 The following capabilities are supported 10half Supports 10 Mbps half duplex oper...

Страница 135: ...ace capabilities to advertise or manually fix the speed duplex mode and flow control Command Attributes Name Allows you to label an interface Range 1 64 characters Admin Allows you to manually disable...

Страница 136: ...w control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for half dup...

Страница 137: ...more than eight ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides ba...

Страница 138: ...g on the manufacturer s implementation However note that the static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via t...

Страница 139: ...k must be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3...

Страница 140: ...unk ports on another switch to form a trunk Console config interface ethernet 1 3 4 131 Console config if lacp 4 148 Console config if exit Console config interface ethernet 1 6 Console config if lacp...

Страница 141: ...Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be...

Страница 142: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggrega...

Страница 143: ...ole show lacp sysid 4 152 Port Channel System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 4 32768 00 00 E9 31 31 31 Console show lacp 1 intern...

Страница 144: ...hernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that car...

Страница 145: ...ormation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be ena...

Страница 146: ...e LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 152 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP...

Страница 147: ...gned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregati...

Страница 148: ...1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 3 00 30 F1 CE 2A 20 Partner Admin Port Number 5 Partner Oper Port Number 3 Port Admin Priority 32768 Port Op...

Страница 149: ...ffic Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic The...

Страница 150: ...sions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive or Tx transmit Tar...

Страница 151: ...miting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is...

Страница 152: ...apply rate limiting Command Usage Input and output rate limit can be enabled or disabled for individual interfaces Command Attributes Port Trunk Displays the port number Rate Limit Status Enables or d...

Страница 153: ...tistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statis...

Страница 154: ...luding framing characters Transmit Unicast Packets The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded...

Страница 155: ...or which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of res...

Страница 156: ...s received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frames 1024 1518 Byte...

Страница 157: ...nfiguration 3 113 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 65 Port Sta...

Страница 158: ...dress of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Console show interfaces counters ethernet 1 13 4 139 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122...

Страница 159: ...nd traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indic...

Страница 160: ...elect the method of sorting the displayed addresses and then click Query Figure 3 67 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address tabl...

Страница 161: ...on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Prot...

Страница 162: ...ompared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining...

Страница 163: ...nterconnects all adjacent MST Regions and acts as a virtual bridge node for communications with STP or RSTP nodes in the global network MSTP connects all bridges and LAN segments with a single Common...

Страница 164: ...make it return to a discarding state otherwise temporary data loops might result Designated Root The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the r...

Страница 165: ...changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each...

Страница 166: ...Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of topology changes 1 Last topology changes time sec 13380 Transmiss...

Страница 167: ...PDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing the...

Страница 168: ...ts and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing stat...

Страница 169: ...VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision10 The revision for this MSTI Range 0 65535 Default 0 Region Name The name for this MSTI M...

Страница 170: ...Configuring the Switch 3 126 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 70 STA Global Configuration...

Страница 171: ...packets and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this p...

Страница 172: ...t or is the MSTI regional root i e master port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed The role is set to disabled i e...

Страница 173: ...rt You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly th...

Страница 174: ...information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter wit...

Страница 175: ...hown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the defau...

Страница 176: ...y balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all...

Страница 177: ...e MSTI settings Command Attributes MST Instance Instance identifier of this spanning tree Default 0 Priority The priority of a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192...

Страница 178: ...d by settings for each port Console show spanning tree mst 1 4 178 Spanning tree information Spanning tree mode MSTP Spanning tree enabled disabled enabled Instance 1 VLANs configuration 1 Priority 32...

Страница 179: ...ernal oper path cost 10000 Priority 128 Designated cost 0 Designated port 128 1 Designated root 32768 1 0030F1D473A0 Designated bridge 32768 1 0030F1D473A0 Fast forwarding disabled Forward transitions...

Страница 180: ...isplays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 3 119 the settings for other instances only apply to t...

Страница 181: ...ributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for al...

Страница 182: ...t path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000...

Страница 183: ...Ns inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VL...

Страница 184: ...ame VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic...

Страница 185: ...he same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tag...

Страница 186: ...802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 76 GLobally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informa...

Страница 187: ...ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Perman...

Страница 188: ...figured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch Dynamic Automatically learned via GVRP Static Added as a static entry Name Name of the VLAN 1 to 32 characters St...

Страница 189: ...operational Disabled VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN is operational Suspend VLAN is suspended i e does not pass packets Add Add...

Страница 190: ...atic Name DefaultVlan Status Active Ports Port channel Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1...

Страница 191: ...the VLAN 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Membership Type Select VLA...

Страница 192: ...tic Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a...

Страница 193: ...d the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 81 VLAN Static Membership by Port CLI This example...

Страница 194: ...luding tagged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Options All Tagged Default All Ingress...

Страница 195: ...p Range 500 18000 centiseconds Default 1000 Mode Indicates VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link betw...

Страница 196: ...red Note that private VLANs and normal VLANs can exist simultaneously within the same switch To configure primary secondary associated groups follow these steps 1 Use the Private VLAN Configuration me...

Страница 197: ...the selected VLAN ID is associated A primary VLAN displays its own ID a community VLAN displays the associated primary VLAN and an isolated VLAN displays the stand alone VLAN Ports List The list of p...

Страница 198: ...vate VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entry in the Current list box and then c...

Страница 199: ...is a community port and can only communicate with other ports in its own community VLAN and with the designated promiscuous port s Or the port is an isolated port that can only communicate with the l...

Страница 200: ...rt Trunk The switch interface PVLAN Port Type Sets the private VLAN port types Normal The port is not assigned to a private VLAN Host The port is a community port or an isolated port A community port...

Страница 201: ...mmunity or isolated VLAN After all the ports have been configured click Apply Figure 3 87 Private VLAN Port Configuration CLI This example shows the switch configured with primary VLAN 5 and secondary...

Страница 202: ...ty and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue bl...

Страница 203: ...tchport priority default 5 4 199 Console config if end Console show interfaces switchport ethernet 1 3 4 140 Information of Eth 1 3 Broadcast threshold Disabled LACP status Disabled Ingress rate limit...

Страница 204: ...he following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0...

Страница 205: ...ic values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 131 Console con...

Страница 206: ...e This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4...

Страница 207: ...sequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table16 Displays a list of weights for each traffic class i e queue Weig...

Страница 208: ...t queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be en...

Страница 209: ...ation types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selected IP Pr...

Страница 210: ...ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are defined in...

Страница 211: ...P Priority Values CLI The following example globally enables DSCP Priority service on the switch maps DSCP value 0 to CoS value 1 on port 1 and then displays the DSCP Priority settings Note Mapping sp...

Страница 212: ...priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priori...

Страница 213: ...only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see page 3 160 Command Attributes Port Port i...

Страница 214: ...service to the network and any hosts that want to receive the multicast register with their local multicast switch router Although this approach reduces the network overhead required by a multicast s...

Страница 215: ...witch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 177 Configur...

Страница 216: ...Default 125 IGMP Report Delay Sets the time between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its...

Страница 217: ...hed network Command Attributes VLAN ID ID of configured VLAN 1 4093 Immediate Leave Enable or disable IGMP immediate leave for the selected VLAN Web Click IGMP Snooping IGMP Immediate Leave Figure 3 9...

Страница 218: ...st router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically ass...

Страница 219: ...or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web...

Страница 220: ...vice Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are...

Страница 221: ...to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects t...

Страница 222: ...d as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum nu...

Страница 223: ...file number you can then configure the multicast groups to filter and set the access mode Command Usage Each profile has only one access mode either permit or deny When the access mode is set to permi...

Страница 224: ...P address Specify a single multicast group by entering the same IP address for the start and end of the range Click the Add button to add a range to the current list Current Multicast Address Range Li...

Страница 225: ...to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group Command Attributes Profile...

Страница 226: ...ber and action The current IGMP filtering and throttling settings for the interface are then displayed Console config interface ethernet 1 1 Console config if ip igmp filter 19 4 224 Console config if...

Страница 227: ...nto other VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN users in different IEEE 802 1Q or private VLANs cannot exch...

Страница 228: ...ignated source ports and to all receiver ports that have registered to receive data from that multicast group Default Disabled MVR Running Status Indicates whether or not all necessary conditions in t...

Страница 229: ...ACTIVE only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave i...

Страница 230: ...vided through the MVR VLAN Web Click MVR Group IP Information Figure 3 109 MVR Group IP Information CLI This example following shows information about the interfaces associated with multicast groups a...

Страница 231: ...dentified in the leave message When immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if...

Страница 232: ...uration menu see Configuring Global MVR Settings on page 15 10 The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved...

Страница 233: ...gnates this switch as a DNS server the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the switch and waiting for a response You can manually configure entries...

Страница 234: ...ntil a response is received or the end of the list is reached with no response Note that if all name servers are deleted DNS will automatically be disabled Command Attributes Domain Lookup Status Enab...

Страница 235: ...and a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 4 234 Console config ip domain list sample com uk 4...

Страница 236: ...an one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection wi...

Страница 237: ...efore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped to the same IP address as a...

Страница 238: ...e managed through only using a Telnet connection to the Commander From the Commander CLI prompt use the rcommand command see page 4 252 to connect to the Member switch Cluster Configuration To create...

Страница 239: ...tches in the cluster Number of Candidates The current number of Candidate switches discovered in the network that are available to become Members Web Click Cluster Configuration Figure 3 115 Cluster C...

Страница 240: ...nformation Command Attributes Member ID The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assigned...

Страница 241: ...Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 118 Cluster Candidate Information CLI This example shows information about cluster C...

Страница 242: ...Configuring the Switch 3 198 3...

Страница 243: ...Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your desired tas...

Страница 244: ...e device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access mode i e Pr...

Страница 245: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Страница 246: ...information log Login records logging Login setting mac MAC access lists mac address table Configuration of the address table management Management IP filter map Maps priority mvr CLI_MSG_PRIVILEGE_E...

Страница 247: ...tains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or f...

Страница 248: ...from within Normal Exec mode by entering the enable command followed by the privileged level password super page 4 28 To enter Privileged Exec mode enter the following user names and passwords Table...

Страница 249: ...ups To enter the Global Configuration mode enter the command configure in Privileged Exec mode The system prompt will change to Console config which gives you access privilege to all Global Configurat...

Страница 250: ...line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one...

Страница 251: ...port for analysis without affecting the data passing through or the performance of the monitored port 4 142 Rate Limiting Controls the maximum rate for traffic transmitted or received on a port 4 144...

Страница 252: ...es is indicated by these abbreviations NE Normal Exec IC Interface Configuration PE Privileged Exec LC Line Configuration GC Global Configuration VC VLAN Database Configuration ACL Access Control List...

Страница 253: ...Specifies a password on a line LC 4 13 timeout login response Sets the interval that the system waits for a user to log into the CLI LC 4 14 exec timeout Sets the interval that the command interprete...

Страница 254: ...There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using...

Страница 255: ...em prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before...

Страница 256: ...erminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the de...

Страница 257: ...se the no form to remove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The defaul...

Страница 258: ...ole response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related...

Страница 259: ...rity 4 17 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity...

Страница 260: ...the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported Example To spe...

Страница 261: ...0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 42 show users 4 67 show...

Страница 262: ...Disabled Login timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec con...

Страница 263: ...enable password 4 28 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet stati...

Страница 264: ...None Command Mode Privileged Exec Example Related Commands end 4 23 show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged...

Страница 265: ...etain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets...

Страница 266: ...tion mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can bot...

Страница 267: ...the basic user names and passwords for management access 4 26 IP Filter Configures IP addresses that are allowed management access 4 29 Web Server Enables management access via a web browser 4 31 Tel...

Страница 268: ...t access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 11 user authentication via a remote authentication serve...

Страница 269: ...password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The fact...

Страница 270: ...8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password...

Страница 271: ...address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectiv...

Страница 272: ...p client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Console config...

Страница 273: ...This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configuration...

Страница 274: ...e client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session ke...

Страница 275: ...secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the sa...

Страница 276: ...Commands ip telnet server 4 34 ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default S...

Страница 277: ...that you also need to install a SSH client on the management station when using this protocol to configure the switch Note The switch supports both SSH Version 1 5 and 2 0 Table 4 15 SSH Commands Com...

Страница 278: ...29781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058...

Страница 279: ...ey must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip ssh server This command ena...

Страница 280: ...egotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 14 show ip ssh 4...

Страница 281: ...and Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes th...

Страница 282: ...programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SS...

Страница 283: ...save host key 4 41 no ip ssh server 4 37 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Settin...

Страница 284: ...entication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES...

Страница 285: ...ing is the encoded modulus Example Console show public key host Host RSA 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868 544358361651999923329781766065830958610825913...

Страница 286: ...ory 4 45 clear logging 4 47 Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 44 logging history Limits syslog messages saved to switch me...

Страница 287: ...Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 18 Logging Levels Leve...

Страница 288: ...s the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog...

Страница 289: ...ng Enabled Level 6 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command...

Страница 290: ...n Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the message le...

Страница 291: ...show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP add...

Страница 292: ...01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00 54 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 2 00 00 50 2001 01 01 STA topol...

Страница 293: ...he process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger a...

Страница 294: ...the switch Example This example will set the source email john acme com logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a rec...

Страница 295: ...nfiguration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config...

Страница 296: ...ient time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Table 4 22 Time Commands Command F...

Страница 297: ...e servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchro...

Страница 298: ...tp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec...

Страница 299: ...tup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the ntp servers command It issues time synchronization requests based on the interval set via the nt...

Страница 300: ...optional If enabled with the ntp authenticate command you must also configure at least one key number using the ntp authentication key command Use the no form of this command without an argument to cl...

Страница 301: ...ally distributed to NTP servers and clients The key numbers and key values must match on both the server and client Example Related Commands ntp authentication key 4 59 ntp authentication key This com...

Страница 302: ...ion is optional When enabled with the ntp authenticate command you must also configure at least one key number using this command Use the no form of this command without an argument to clear all authe...

Страница 303: ...To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Console show ntp Current time Jan 1 02 5...

Страница 304: ...Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Defau...

Страница 305: ...the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface IP address configured for the switch...

Страница 306: ...guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw logging history ram 6 logging history flash 3 vla...

Страница 307: ...le memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the...

Страница 308: ...15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783e...

Страница 309: ...and IP address of Telnet client Default Setting None Command Mode Normal Exec Privileged Exec Console show system System description Layer2 Fast Ethernet Standalone Switch ES3526XA System OID string...

Страница 310: ...Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 11 for detailed information on the items displayed by this command Console show users Username accounts Username Privileg...

Страница 311: ...oth the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nod...

Страница 312: ...copy file file running config startup config tftp copy running config file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certifica...

Страница 313: ...efault_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the des...

Страница 314: ...file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup c...

Страница 315: ...fg configuration file from flash memory Related Commands dir 4 73 delete public key 4 39 dir This command displays a list of files in flash memory Syntax dir boot rom config opcode filename The type o...

Страница 316: ...mn Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the...

Страница 317: ...config Configuration file opcode Run time operation code filename Name of the configuration file or code image The colon is required Default Setting None Command Mode Global Configuration Command Usag...

Страница 318: ...ers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet Tabl...

Страница 319: ...age 4 20 Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS server password only tacacs Us...

Страница 320: ...rver index host host_ip_address host_alias auth port auth_port timeout timeout retransmit retransmit key key index Allows you to specify up to five servers These servers are queried in sequence until...

Страница 321: ...default Syntax radius server port port_number no radius server port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configura...

Страница 322: ...rver Range 1 30 Default Setting 2 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use t...

Страница 323: ...r group that require management access to a switch Console config radius server timeout 10 Console config Console show radius server Remote RADIUS server configuration Global settings Communication ke...

Страница 324: ...er port This command specifies the TACACS server network port Use the no form to restore the default Syntax tacacs server port port_number no tacacs server port port_number TACACS server TCP port used...

Страница 325: ...cters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Ex...

Страница 326: ...the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number o...

Страница 327: ...y re enabled using the no shutdown command Example The following example enables port security for port 5 and sets the response to a security violation to issue a trap message Related Commands shutdow...

Страница 328: ...ific ports PE 4 88 dot1x re authentication Enables re authentication for all ports IC 4 89 dot1x timeout quiet period Sets the time that a switch port waits after the Max Request Count has been exceed...

Страница 329: ...store the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients th...

Страница 330: ...port Range 1 20 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by...

Страница 331: ...tch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Use the no form to reset the default Syntax dot1x timeout quiet period seconds no dot1x timeout q...

Страница 332: ...tch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds...

Страница 333: ...splays the port access control parameters for each interface including the following items reauth enabled Periodic re authentication page 4 89 reauth period Time after which a connected client must be...

Страница 334: ...necting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including r...

Страница 335: ...s disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authori...

Страница 336: ...terface Configuration Table 4 33 Network Access Command Function Mode Page network access mode Enables MAC authentication on an interface IC 4 94 network access max mac count Sets a maximum for authen...

Страница 337: ...ing time expires The maximum number of secure MAC addresses supported for the switch system is 1024 Configured static MAC addresses are added to the secure address table when seen on a switch port Sta...

Страница 338: ...ddress filters Syntax no network access mac filter filter id mac address filter id The number that identifies the filter Range 1 64 mac address A MAC address to be excluded from authentication Must be...

Страница 339: ...e Command Mode Interface Configuration Command Usage MAC address filters must first be created using the network access mac filter command Only one filter can be applied to a port Example The followin...

Страница 340: ...ess table Example The following example enables dynamic VLAN assignment on port 1 mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re...

Страница 341: ...face Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 26 52 Default Setting None Command Mode Privileged Exec Example show network access Use this command to...

Страница 342: ...address mask interface interface sort address interface static Specifies static address entries dynamic Specifies dynamic address entries mac address Specifies a MAC address entry Format xx xx xx xx x...

Страница 343: ...are For example a MAC of 00 00 01 02 03 04 and mask FF FF FF 00 00 00 would result in all MACs in the range 00 00 01 00 00 00 to 00 00 01 FF FF FF to be displayed All other MACs would be filtered out...

Страница 344: ...EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP c...

Страница 345: ...C ACLs Configures ACLs based on hardware addresses packet format and Ethernet type 4 110 ACL Information Displays ACLs and associated rules shows ACLs assigned to each port 4 115 Table 4 35 IP ACLs Co...

Страница 346: ...ng from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representin...

Страница 347: ...host destination precedence precedence tos tos dscp dscp source port sport end destination port dport end control flag control flags flag bitmask protocol number A specific protocol number Range 0 25...

Страница 348: ...quivalent binary bit 1 means to match a bit and 0 means to ignore a bit The following bits may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent p...

Страница 349: ...s Command Mode Privileged Exec Example Related Commands permit deny 4 104 ip access group 4 107 ip access group This command binds a port to an IP ACL Use the no form to remove the port Syntax no ip a...

Страница 350: ...ands ip access group 4 107 map access list ip This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it...

Страница 351: ...he CoS value mapped to an IP ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit p...

Страница 352: ...owed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Table 4 37 MAC ACLs Command Function Mode Page access list mac Creates a MAC ACL and enters configurati...

Страница 353: ...source or destination address host A specific MAC address source Source MAC address destination Destination MAC address range with bitmask address bitmask22 Bitmask for MAC address in hexidecimal form...

Страница 354: ...Privileged Exec Example Related Commands permit deny 4 111 mac access group 4 112 mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl...

Страница 355: ...st mac This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself Use...

Страница 356: ...MAC ACL for the current interface The CoS value determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is unit 1...

Страница 357: ...ow all ACLs and associated rules PE 4 115 show access group Shows the ACLs assigned to each port PE 4 115 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 16...

Страница 358: ...s Command Function Mode Page snmp server Enables the SNMP agent GC 4 117 show snmp Displays the status of SNMP communications NE PE 4 117 snmp server community Sets up the community access string to p...

Страница 359: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Страница 360: ...nt stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent e...

Страница 361: ...at describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 119 snmp server locatio...

Страница 362: ...0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like...

Страница 363: ...re that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to networ...

Страница 364: ...thentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Страница 365: ...ge An SNMP engine is an independent SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also used in...

Страница 366: ...p server engine id local 12345 Console config snmp server engineID remote 54321 192 168 1 19 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engine...

Страница 367: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefin...

Страница 368: ...Simple Network Management Protocol on page 3 38 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines t...

Страница 369: ...fication Messages on page 3 50 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command...

Страница 370: ...s Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write V...

Страница 371: ...th the snmp server engine id command before using this configuration command Before you configure a remote user use the snmp server engine id command page 4 123 to specify the engine ID for the remote...

Страница 372: ...Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 44 show snmp user display description Field Description EngineId String identif...

Страница 373: ...Adds a description to an interface configuration IC 4 132 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 132 negotiation Enables aut...

Страница 374: ...he following example adds a description to port 24 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the d...

Страница 375: ...egotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation...

Страница 376: ...full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause...

Страница 377: ...2 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When...

Страница 378: ...mmand Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the proble...

Страница 379: ...ceeds the specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value appli...

Страница 380: ...e clears statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit This is unit 1 port Por...

Страница 381: ...s displayed by this command see Showing Port Statistics on page 3 109 Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 00 AB CD 00 01...

Страница 382: ...0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment...

Страница 383: ...ess rate limit Shows if rate limiting is enabled and the current rate limit page 4 144 VLAN membership mode Indicates membership mode as Trunk or Hybrid page 4 182 Ingress rule Shows if ingress filter...

Страница 384: ...traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in...

Страница 385: ...nd Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX Example The following shows mirroring configured from port 6...

Страница 386: ...e limit for an interface Granularity is a global setting that applies to Fast Ethernet or Gigabit Ethernet interfaces rate limit Use this command to define the rate limit level for a specific interfac...

Страница 387: ...y one granularity option is supported 33 3 Mbps Default Setting Fast Ethernet interface 3 3 Mbps Gigabit Ethernet interface 33 3 Mbps Command Mode Global Configuration Ethernet Port Channel Command Us...

Страница 388: ...rt an aggregate bandwidth of 4 Gbps when operating at full duplex Console show rate limit Fast ethernet granularity 1000 Gigabit ethernet granularity 33300 Console Table 4 49 Link Aggregation Commands...

Страница 389: ...fied port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same po...

Страница 390: ...e Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LAC...

Страница 391: ...ership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Co...

Страница 392: ...ey Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate...

Страница 393: ...during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system...

Страница 394: ...h the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP set...

Страница 395: ...s Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by th...

Страница 396: ...ate Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this l...

Страница 397: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Страница 398: ...up configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form...

Страница 399: ...ault mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static add...

Страница 400: ...ace ethernet unit port unit This is unit 1 port Port number Range 1 26 52 port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Default Setting None Com...

Страница 401: ...seconds Aging time Range 10 30000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwardi...

Страница 402: ...ng tree instance MST 4 168 name Configures the name for the multiple spanning tree MST 4 168 revision Configures the revision number for the multiple spanning tree MST 4 169 max hops Configures the ma...

Страница 403: ...hat only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Span...

Страница 404: ...y timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same...

Страница 405: ...xample spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no span...

Страница 406: ...r designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the atta...

Страница 407: ...ng short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit b...

Страница 408: ...bal Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mod...

Страница 409: ...balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all V...

Страница 410: ...the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priorit...

Страница 411: ...of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Configuration Command Usage The MST region name page 4 168 and revision number are used to designate a unique MST region A bridge...

Страница 412: ...ables the spanning tree algorithm for the specified interface Use the no form to reenable the spanning tree algorithm for the specified interface Syntax no spanning tree spanning disabled Default Sett...

Страница 413: ...0 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should...

Страница 414: ...AN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Port...

Страница 415: ...rvers and also overcome other STA related timeout problems Remember that fast forwarding should only be enabled for ports connected to a LAN segment that is at the end of a bridged LAN or for an end n...

Страница 416: ...to restore the default Syntax spanning tree mst instance_id cost cost no spanning tree mst instance_id cost instance_id Instance identifier of the spanning tree Range 0 4094 no leading zeroes cost Pat...

Страница 417: ...he Multiple Spanning Tree Use the no form to restore the default Syntax spanning tree mst instance_id port priority priority no spanning tree mst instance_id port priority instance_id Instance identif...

Страница 418: ...automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU forma...

Страница 419: ...iguration for an instance within the Multiple Spanning Tree MST For a description of the items displayed under Spanning tree information see Configuring Global Settings on page 3 123 For a description...

Страница 420: ...al oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwar...

Страница 421: ...mand Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can...

Страница 422: ...AN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration C...

Страница 423: ...erface configuration mode for a specified VLAN IC 4 181 switchport mode Configures VLAN membership mode for an interface IC 4 182 switchport acceptable frame types Configures frame types to be accepte...

Страница 424: ...tion of this command see switchport mode private vlan on page 4 191 Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel...

Страница 425: ...d Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for...

Страница 426: ...face is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured...

Страница 427: ...witchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when addi...

Страница 428: ...n Ethernet Port Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interf...

Страница 429: ...ll VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 Vlan ID 1 Type Static Name DefaultVlan Status Active...

Страница 430: ...LAN One or more isolated VLANs can also be configured Note that private VLANs and normal VLANs can exist simultaneously within the same switch This section describes commands used to configure private...

Страница 431: ...to an isolated VLAN 4 Use the show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary community or isolated private VLAN Use the no form...

Страница 432: ...id association secondary vlan id add secondary vlan id remove secondary vlan id no private vlan primary vlan id association primary vlan id ID of primary VLAN Range 1 4094 no leading zeroes secondary...

Страница 433: ...primary VLAN use the switchport private vlan mapping command To assign a host port to a community VLAN use the private vlan host association command To assign a promiscuous port or host port to an iso...

Страница 434: ...signment Syntax switchport private vlan isolated isolated vlan id no switchport private vlan isolated isolated vlan id ID of isolated VLAN Range 1 4094 Default Setting None Command Mode Interface Conf...

Страница 435: ...ers within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN configuration settings on this switch Syntax show vlan private vlan community isolate...

Страница 436: ...r to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Console show vlan...

Страница 437: ...les GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console config bridge ext gvrp C...

Страница 438: ...mand sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall joi...

Страница 439: ...leave Note Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 197 show garp...

Страница 440: ...ty for untagged frames sets queue weights and maps class of service tags to hardware queues 4 198 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values 4...

Страница 441: ...n a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relativ...

Страница 442: ...default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames that do not have prio...

Страница 443: ...iority queue Ranges are 0 to 3 where 3 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 t...

Страница 444: ...current queue mode Default Setting None Command Mode Privileged Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues D...

Страница 445: ...ernet unit port unit This is unit 1 port Port number Range 1 26 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID Wei...

Страница 446: ...C 4 205 map ip precedence Enables IP precedence class of service mapping GC 4 204 map ip precedence Maps IP precedence value to a class of service IC 4 206 map ip dscp Enables IP DSCP class of service...

Страница 447: ...priority This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Global Configuration This command enable...

Страница 448: ...on Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Servi...

Страница 449: ...itchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP D...

Страница 450: ...EEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP v...

Страница 451: ...ip port Interface Configuration 4 205 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit This is unit 1...

Страница 452: ...p Syntax show map ip dscp interface interface ethernet unit port unit This is unit 1 port Port number Range 1 26 52 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec...

Страница 453: ...h 1 1 63 0 Console Table 4 68 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP version displays...

Страница 454: ...lan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is unit 1 port Port number Range 1 26 52 port channel channel id Range 1 4 Default Setting...

Страница 455: ...et must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for...

Страница 456: ...t Example show ip igmp snooping This command shows the IGMP snooping configuration Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Query Parameters on...

Страница 457: ...lay only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The fol...

Страница 458: ...p igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from t...

Страница 459: ...have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 218 ip igmp snooping query interval This co...

Страница 460: ...ponded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicas...

Страница 461: ...se the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit This is unit 1 port Port number Rang...

Страница 462: ...how ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID...

Страница 463: ...nly one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is...

Страница 464: ...An IGMP filter profile number Range 1 4294967295 Default Setting Disabled Command Mode Global Configuration Command Usage A profile defines the multicast groups that a subscriber is permitted or denie...

Страница 465: ...or start of a group range high ip address A valid IP address for the end of a multicast group range Default Setting None Command Mode IGMP Profile Configuration Command Usage Enter this command multip...

Страница 466: ...max groups number The maximum number of multicast groups an interface can join at the same time Range 0 64 Default Setting 64 Command Mode Interface Configuration Command Usage IGMP throttling sets a...

Страница 467: ...r replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast gr...

Страница 468: ...command displays the interface settings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit This is unit 1 port Port number Range 1 26 52 Console sho...

Страница 469: ...lticast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong Console s...

Страница 470: ...VR group address is defined The default number of contiguous addresses is 0 MVR VLAN ID is 1 Command Mode Global Configuration Command Usage Use the mvr group command to statically configure all multi...

Страница 471: ...Configuration Ethernet Port Channel Command Usage A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for...

Страница 472: ...assigns a multicast group to another receiver port show mvr This command shows information about the global MVR configuration settings when entered without any keywords the interfaces attached to the...

Страница 473: ...lan Shows the VLAN used to transport all MVR multicast traffic MVR Max Multicast Groups Shows the maximum number of multicast groups which can assigned to the MVR VLAN MVR Current multicast groups Sho...

Страница 474: ...able 4 76 show mvr members display description Field Description MVR Group IP Multicast groups assigned to the MVR VLAN Status Shows whether or not the there are active subscribers for this multicast...

Страница 475: ...one IP address is associated with a host name using this command a DNS client can try each address in succession until it establishes a connection with the target device Example This example maps two...

Страница 476: ...e the current domain name Syntax ip domain name name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Defa...

Страница 477: ...n incomplete host name is received by the DNS service on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name s...

Страница 478: ...e The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Example This example adds two domain name servers to the...

Страница 479: ...e server 4 236 show hosts This command displays the static host name to address mapping table Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped t...

Страница 480: ...E 66 218 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTE...

Страница 481: ...e Service Commands 4 239 4 clear dns cache This command clears all entries in the DNS cache Command Mode Privileged Exec Example Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMA...

Страница 482: ...ation when assigning IP addresses or to set other services or policies for clients When the DHCP relay Option 82 is enabled clients can be identified by the VLAN and switch port to which they are conn...

Страница 483: ...switch receives DHCP packets from clients that already include DHCP Option 82 information the switch can be configured to set the action policy for these packets Either the switch can discard the Opt...

Страница 484: ...ire VLAN Example show ip dhcp relay This command shows the current DHCP relay agent configuration Default Setting None Command Mode Privileged Exec Example Console config ip dhcp relay server 192 168...

Страница 485: ...specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configuration VLAN Table 4 80 IP Interface Commands Command Function...

Страница 486: ...witch Note Only one VLAN interface can be assigned an IP address the default is VLAN 1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you...

Страница 487: ...le If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the devi...

Страница 488: ...f bytes in a packet Range 32 512 default 32 The actual packet size will be eight bytes larger than the size specified because the switch adds header information count Number of packets to send Range 1...

Страница 489: ...r host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 4 131 Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0...

Страница 490: ...et the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to switches when they become Members and ar...

Страница 491: ...by the administrator through the management station Cluster Member switches can be managed through only using a Telnet connection to the Commander From the Commander CLI prompt use the rcommand id com...

Страница 492: ...be disabled Example cluster member This command configures a Candidate switch as a cluster Member Use the no form to remove a Member switch from the cluster Syntax cluster member mac address mac addr...

Страница 493: ...ing configuration Command Mode Privileged Exec Example show cluster members This command shows the current switch cluster members Command Mode Privileged Exec Example Vty 0 rcommand id 1 CLI session w...

Страница 494: ...overed Candidate switches in the network Command Mode Privileged Exec Example Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE MEMBER 00 12 cf 23 49 c0 24 48 L2 L4 IPV4 I...

Страница 495: ...roring One source port one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Cont...

Страница 496: ...ccess via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 802 1p Priority ta...

Страница 497: ...roup MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS...

Страница 498: ...Software Specifications A 4 A...

Страница 499: ...the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum...

Страница 500: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 501: ...ces Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of for...

Страница 502: ...es or end stations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation...

Страница 503: ...rectly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includ...

Страница 504: ...within the subnet and to national time standards via wire or radio Out of Band Management Management of the network from a station not attached to the network Port Authentication See IEEE 802 1X Port...

Страница 505: ...rnal clock based on periodic updates from a Network Time Protocol NTP server Updates can be requested from a specific NTP server or can be received via broadcasts sent by NTP servers Spanning Tree Alg...

Страница 506: ...targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of thei...

Страница 507: ...4 204 queue mapping 3 160 4 201 queue mode 3 162 4 199 traffic class weights 3 163 4 200 D default gateway configuration 3 14 4 245 default priority ingress port 3 158 4 199 default settings system 1...

Страница 508: ...parameters 4 152 protocol message statistics 4 152 link type STA 3 129 3 131 4 173 logging syslog traps 4 47 to syslog servers 4 46 log in Web interface 3 2 logon authentication 3 54 4 76 RADIUS clien...

Страница 509: ...7 restarting the system 3 34 4 23 RSTP 3 117 4 162 global configuration 3 119 4 162 S secure shell 3 61 4 35 Secure Shell configuration 3 61 4 38 serial port configuring 4 11 Simple Network Management...

Страница 510: ...ftware 3 20 4 70 user password 3 54 4 27 4 28 V VLANs 3 139 3 158 4 179 4 194 adding static members 3 147 3 148 4 185 creating 3 145 4 180 description 3 139 3 158 displaying basic information 3 142 4...

Страница 511: ......

Страница 512: ...ES3526XA ES3552XA E122006 CS R02D 149100005500H...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды