Allied Telesis AT-9000/12PoE Скачать руководство пользователя страница 1364 | Manualshive

Страница: 1364 / 1482

background image

Chapter 86: Secure HTTPS Web Browser Server

1364

Overview

The switch has a web browser server for remote management of the unit
with a web browser application from management workstations on your
network. The server has a secure HTTPS mode and a non-secure HTTP
mode. Web browser management sessions that use the secure HTTPS
mode are protected against snooping because the packets exchanged
between the switch and your management workstations are encrypted.
Only the switch and the workstations are able to decipher the packets.

In contrast, web browser management sessions conducted in the non-
secure HTTP mode are vulnerable to eavesdropping because the packets
are sent in clear text.

This chapter explains how to configure the switch for the secure HTTPS
mode. For directions on the non-secure mode, refer to Chapter 84, “Non-
secure HTTP Web Browser Server” on page 1351.

Certificates

When you initiate an HTTPS connection from your management
workstation to the switch, the switch responds by sending a certificate to
your workstation. This file contains the encryption key that the two devices
use to encrypt and decrypt their packets to each other. Also included in
the certificate is a distinguished name that identifies the owner of the
certificate, which in the case of a certificate for your switch, is the switch
itself and your company.

The switch does not come with a certificate. You have to create it, along
with the encryption key and distinguished name, as part of the HTTPS
configuration process.

There are two ways to create the certificate. The quickest and easiest way
is to have the switch create it itself. This type of certificate is called a self-
signed certificate because the switch authenticates the certificate itself.

Another option is to create the encryption key and have someone else
issue the certificate. That person, group, or organization is called a
certification authority (CA), of which there are public and private CAs. A
public CA issues certificates typically intended for use by the general
public, for other companies or organizations. Public CAs require proof of
the identify of the company or organization before they will issue a
certificate. VeriSign is an example of a public CA.

Because the certificate for the switch is not intended for general use and
will only be used by you and other network managers to manage the
device, having a public CA issue the certificate will probably be
unnecessary.

Some large companies have private CAs. This is a person or group that is
responsible for issuing certificates for the company’s network equipment.

«
...
1362
1363
1364
1365
1366
...
»

Содержание AT-9000/12PoE

Страница 1: ...001823 Rev B AT 9000 Series Gigabit Ethernet Switches AT 9000 12PoE AT 9000 28 AT 9000 28PoE AT 9000 28SP AT 9000 52 Management Software Command Line Interface User s Guide AlliedWare Plus Version 2 1...

Страница 2: ...ng University of Posts and Telecommunications All rights reserved Copyright c 2003 by Fabasoft R D Software GmbH Co KG All rights reserved Copyright c 2004 2006 by Internet Systems Consortium Inc ISC...

Страница 3: ...is logo are trademarks of Allied Telesis Incorporated Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation All other product names company names logos or other designatio...

Страница 4: ......

Страница 5: ...unk 54 INTERFACE VLAN Command 54 VLAN DATABASE Command 55 LOCATION CIVIC LOCATION Command 55 LOCATION COORD LOCATION Command 55 Moving Up the Hierarchy 56 EXIT and QUIT Commands 56 END Command 56 DISA...

Страница 6: ...D 104 Chapter 6 Temperature and Fan Control Commands 105 ECOFRIENDLY LED 106 NO ECOFRIENDLY LED 107 SHOW ECOFRIENDLY 108 SHOW SYSTEM ENVIRONMENT 109 Section II Basic Operations 111 Chapter 7 Basic Swi...

Страница 7: ...I MDI X Wiring Configuration 175 Enabling or Disabling Ports 176 Enabling or Disabling Backpressure 177 Enabling or Disabling Flow Control 178 Resetting Ports 181 Configuring Threshold Limits for Ingr...

Страница 8: ...bling and Disabling PoE 246 Adding PD Descriptions to Ports 248 Prioritizing Ports 249 Managing the Maximum Power Limit on Ports 250 Managing Legacy PDs 251 Monitoring Power Consumption 252 Displaying...

Страница 9: ...teway 297 Chapter 14 IPv4 and IPv6 Management Address Commands 299 CLEAR IPV6 NEIGHBORS 301 IP ADDRESS 302 IP ADDRESS DHCP 304 IP ROUTE 306 IPV6 ADDRESS 308 IPV6 ROUTE 310 NO IP ADDRESS 312 NO IP ADDR...

Страница 10: ...and Switch to Member Switches 385 Disabling Enhanced Stacking 387 Chapter 20 Enhanced Stacking Commands 389 ESTACK COMMAND SWITCH 391 ESTACK RUN 392 NO ESTACK COMMAND SWITCH 393 NO ESTACK RUN 394 RCOM...

Страница 11: ...TCHPORT BLOCK EGRESS MULTICAST 450 SWITCHPORT BLOCK INGRESS MULTICAST 451 Section III File System 453 Chapter 26 File System 455 Overview 456 Copying Boot Configuration Files 457 Renaming Boot Configu...

Страница 12: ...PY FLASH TFTP 503 COPY TFTP FLASH 504 COPY ZMODEM 506 UPLOAD IMAGE REMOTELIST 507 Section IV Event Messages 509 Chapter 32 Event Log 511 Overview 512 Displaying the Event Log 513 Clearing the Event Lo...

Страница 13: ...39 LACP Commands 575 CHANNEL GROUP 576 LACP SYSTEM PRIORITY 578 NO CHANNEL GROUP 579 PORT CHANNEL LOAD BALANCE 580 SHOW ETHERCHANNEL 582 SHOW ETHERCHANNEL DETAIL 583 SHOW ETHERCHANNEL SUMMARY 585 SHO...

Страница 14: ...641 Configuring Port Costs 641 Configuring Port Priorities 642 Designating Point to point and Shared Ports 642 Designating Edge Ports 642 Enabling or Disabling RSTP Loop guard 643 Enabling or Disabli...

Страница 15: ...HOW SPANNING TREE MST CONFIG 700 SHOW SPANNING TREE MST 701 SHOW SPANNING TREE MST INSTANCE 702 SPANNING TREE ERRDISABLE TIMEOUT ENABLE 703 SPANNING TREE ERRDISABLE TIMEOUT INTERVAL 704 SPANNING TREE...

Страница 16: ...VRP and Network Security 766 GVRP inactive Intermediate Switches 767 Enabling GVRP on the Switch 768 Enabling GIP on the Switch 769 Enabling GVRP on the Ports 770 Setting the GVRP Timers 771 Disabling...

Страница 17: ...S 822 VLAN MACADDRESS 824 VLAN SET MACADDRESS Global Configuration Mode 826 VLAN SET MACADDRESS Port Interface Mode 828 Chapter 53 Private Port VLANs 831 Overview 832 Host Ports 832 Uplink Port 832 Pr...

Страница 18: ...PORT SECURITY 887 SWITCHPORT PORT SECURITY AGING 888 SWITCHPORT PORT SECURITY MAXIMUM 889 SWITCHPORT PORT SECURITY VIOLATION 890 Chapter 60 802 1x Port based Network Access Control 893 Overview 894 A...

Страница 19: ...ZED 942 DOT1X PORT CONTROL FORCE UNAUTHORIZED 943 DOT1X TIMEOUT TX PERIOD 944 NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS 945 NO AUTH DYNAMIC VLAN CREATION 946 NO AUTH GUEST VLAN 947 NO AUTH REAU...

Страница 20: ...IEW 1007 SHOW SNMP SERVER 1008 SHOW SNMP SERVER GROUP 1009 SHOW SNMP SERVER HOST 1010 SHOW SNMP SERVER USER 1011 SHOW SNMP SERVER VIEW 1012 SNMP SERVER 1013 SNMP SERVER ENGINEID LOCAL 1014 SNMP SERVER...

Страница 21: ...2 Deleting LLDP MED Location Entries 1073 Disabling LLDP and LLDP MED on the Switch 1074 Displaying General LLDP Settings 1075 Displaying Port Settings 1076 Displaying or Clearing Neighbor Information...

Страница 22: ...pter 71 RMON 1155 Overview 1156 RMON Port Statistics 1157 Adding Statistics Groups 1157 Viewing Statistics Groups 1158 Deleting Statistics Groups 1158 RMON Histories 1159 Adding History Groups 1159 Di...

Страница 23: ...tricting Remote Access 1224 Deleting Numbered IP and MAC Address ACLs 1225 Displaying the ACLs 1226 Displaying IPv4 ACLs 1226 Displaying IP ACL Port Assignments 1226 Displaying ACLs Assigned to VTY Li...

Страница 24: ...E PASSWORD 1304 NO SERVICE PASSWORD ENCRYPTION 1305 NO USERNAME 1306 SERVICE PASSWORD ENCRYPTION 1307 USERNAME 1308 Chapter 78 Telnet Server 1311 Overview 1312 Enabling the Telnet Server 1313 Disablin...

Страница 25: ...ificate 1367 Configuring the HTTPS Web Server for a Certificate Issued by a CA 1370 Enabling the Web Browser Server 1374 Disabling the Web Browser Server 1375 Displaying the Web Browser Server 1376 Ch...

Страница 26: ...CS SERVER HOST 1430 TACACS SERVER KEY 1431 TACACS SERVER TIMEOUT 1432 Appendix A System Monitoring Commands 1433 SHOW CPU 1434 SHOW CPU HISTORY 1435 SHOW CPU USER THREADS 1436 SHOW MEMORY 1437 SHOW ME...

Страница 27: ...MPv3 1467 Simple Network Time Protocol 1468 Spanning Tree Protocols STP RSTP and MSTP 1469 Spanning Tree Status 1469 Spanning Tree Protocol 1469 Rapid Spanning Tree Protocol 1469 Multiple Spanning Tre...

Страница 28: ...Contents 28...

Страница 29: ...22 Connecting the Management Cable to the Console Port 66 Figure 23 AlliedWare Plus Command Line Prompt 67 Figure 24 SHOW BOOT Command 71 Figure 25 Displaying the Keywords of a Mode 79 Figure 26 Displ...

Страница 30: ...igure 77 SHOW MAC ADDRESS TABLE Command 363 Figure 78 SHOW ESTACK REMOTELIST Command 374 Figure 79 SHOW ESTACK Command 376 Figure 80 SHOW ESTACK Command 398 Figure 81 SHOW ESTACK COMMAND SWITCH Comman...

Страница 31: ...pans Switches 805 Figure 140 SHOW VLAN MACADDRESS Command 813 Figure 141 SHOW VLAN MACADDRESS Command 822 Figure 142 SHOW VLAN PRIVATE VLAN Command 838 Figure 143 SHOW VLAN PRIVATE VLAN Command 842 Fi...

Страница 32: ...190 Figure 195 SHOW RMON HISTORY Command 1192 Figure 196 SHOW RMON STATISTICS Command 1194 Figure 197 SHOW ACCESS LIST Command 1226 Figure 198 SHOW INTERFACE ACCESS GROUP Command 1227 Figure 199 SHOW...

Страница 33: ...OW POWER INLINE COUNTERS INTERFACE Command 277 Table 25 SHOW POWER INLINE INTERFACE DETAIL Command 280 Table 26 Features Requiring an IP Management Address on the Switch 286 Table 27 Management IP Add...

Страница 34: ...AN MACADDRESS Command 823 Table 79 Private Port VLAN Commands 839 Table 80 Voice VLAN Commands 845 Table 81 VLAN Stacking Process 855 Table 82 VLAN Stacking Commands 861 Table 83 MAC Address based Por...

Страница 35: ...131 Numbered MAC ACL Example 1213 Table 132 Assigning Numbered IPv4 ACLs 1215 Table 133 Assigning MAC Address ACLs Example 1215 Table 134 Removing Numbered IP ACLs Example 1217 Table 135 Removing MAC...

Страница 36: ...Tables 36...

Страница 37: ...aution The customer re seller sub contractor distributor software developer or any buyer of an Allied Telesis ATI product known as customer hereby agrees to have all licenses required by any governmen...

Страница 38: ...s Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you that pe...

Страница 39: ...Guide 39 Where to Find Web based Guides The installation and user guides for all of the Allied Telesis products are available for viewing in portable document format PDF from our web site at www allie...

Страница 40: ...and to contact Allied Telesis experts USA and EMEA phone support Select the phone number that best fits your location and customer type Hardware warranty information Learn about Allied Telesis warran...

Страница 41: ...Line Interface on page 43 Chapter 2 Starting a Management Session on page 65 Chapter 3 Basic Command Line Management on page 77 Chapter 4 Basic Command Line Management Commands on page 83 Chapter 5 T...

Страница 42: ...42...

Страница 43: ...on page 44 Management Interfaces on page 47 Local Manager Account on page 48 AlliedWare Plus Command Modes on page 49 Moving Down the Hierarchy on page 52 Moving Up the Hierarchy on page 56 Port Numbe...

Страница 44: ...h the switch For modern PCs without a serial port a USB to serial adapter and driver software is required Note The initial management session of the switch must be from a local management session Remo...

Страница 45: ...Secure Shell Management The switch has an SSH server for remote management with an SSH client on a management workstation This management method is similar to Telnet management sessions in that it giv...

Страница 46: ...EdgeSwtich mib RFC 1155 MIB RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2096 IP Forwarding Table MIB RFC 2790 Host MIB RFC 2863 Interface Group MIB RFC 3176 sFlow MIB IEEE 802 1x 201...

Страница 47: ...management interfaces AlliedWare Plus command line Web browser windows The AlliedWare Plus command line is available from local management sessions and remote Telnet and Secure Shell management sessio...

Страница 48: ...ticates the user name and password itself If more manager accounts are needed you can add up to eight more local manager accounts For instructions refer to Chapter 76 Local Manager Accounts on page 12...

Страница 49: ...anagement function you first have to move to the mode that has the appropriate commands For instance to configure the speeds and wiring configurations of the ports you have to move to the Port Interfa...

Страница 50: ...ile system Pings remote systems Sets the date and time Saves the current configuration Downloads new versions of the management software Restores the default settings Renames files in the file system...

Страница 51: ...f Configures port settings Disables and enables ports Configures the port mirror Configures 802 1x port based network access control Creates static port trunks Sets the load distribution method for st...

Страница 52: ...ed Exec mode The format of the command is enable Figure 2 ENABLE Command CONFIGURE TERMINAL Command You use this command to move from the Privileged Exec mode to the Global Configuration mode The form...

Страница 53: ...ic port trunks You specify a trunk by its name of po followed by its ID number You can specify only one static port trunk at a time The format of the command is interface trunk_name This example enter...

Страница 54: ...k by its name of sa followed by its ID number You can specify only one static port trunk at a time The format of the command is interface trunk_name This example enters the Static Port Trunk Interface...

Страница 55: ...ies The format of the command is location civic location id_number This example assigns the ID number 16 to a new LLDP civic location entry Figure 13 LLDP LOCATION CIVIC LOCATION Command LOCATION COOR...

Страница 56: ...one level in the hierarchy as illustrated in Figure 15 Figure 15 Moving Up One Mode with the EXIT and QUIT Command END Command After you have configured a feature you may want to return to the Privil...

Страница 57: ...57 Figure 16 Returning to the Privileged Exec Mode with the END Command DISABLE Command To return to the User Exec mode from the Privileged Exec mode use the DISABLE command Figure 17 Returning to the...

Страница 58: ...lots for networking modules It is used to identify the networking modules by their slot numbers This number should always be 0 for AT 9000 Series switches because they are not modular switches Port nu...

Страница 59: ...l ports and port ranges in the same command as illustrated in these commands which enter the Port Interface mode for ports 5 to 11 and ports 16 and 18 awplus enable awplus configure terminal awplus co...

Страница 60: ...SFP module is installed but does not have a link to a network device The twisted pair port automatically changes to the redundant status mode when an SFP module establishes a link with a network devic...

Страница 61: ...ses the following command format conventions screen text font This font illustrates the format of a command and command examples Brackets indicate optional parameters Vertical line separates parameter...

Страница 62: ...000000 bytes 128MB Total memory used by CFE 0x87EB8000 0x87FFFBE0 1342432 Initialized Data 0x87EFA324 0x87EFCAF0 10188 BSS Area 0x87EFCAF0 0x87EFDBE0 4336 Local Heap 0x87EFDBE0 0x87FFDBE0 1048576 Stac...

Страница 63: ...T VLAN done Initializing Port Mirroring done Initializing Telnet done Initializing Snmp Service done Initializing Web Service done Initializing Monitor done Initializing STP done Initializing SPANNING...

Страница 64: ...AB done Initializing FTABV6 done Initializing ACM done Initializing Filter done Initializing L3_MGMT done Initializing L3APP_MGMT done Initializing SFLOW done Initializing NTP done Initializing CPU_HI...

Страница 65: ...tions Starting a Local Management Session on page 66 Starting a Remote Telnet or SSH Management Session on page 68 What to Configure First on page 70 Ending a Management Session on page 75 Note You mu...

Страница 66: ...n the back panel on the AT 9000 52 Switch Figure 22 Connecting the Management Cable to the Console Port 2 Connect the other end of the cable to an RS 232 port on a terminal or PC with a terminal emula...

Страница 67: ...nagement session of the switch enter manager as the user name friend as the password The user name and password are case sensitive The local management session has started when the AlliedWare Plus com...

Страница 68: ...the client resides The default gateway must be a member of the same subnet as the management IP address For instructions refer to What to Configure First on page 70 or Chapter 13 IPv4 and IPv6 Managem...

Страница 69: ...dividual lines Management session timer This timer is used by the switch to end inactive management sessions automatically This protects the switch from unauthorized changes to its configuration sessi...

Страница 70: ...container the file when you create it contains about 20 lines The quickest and easiest way to create a new boot configuration file and to designate it as the active file is with the BOOT CONFIG FILE...

Страница 71: ...clearsky2a Note Write down the new password and keep it in a safe and secure location If you forget the manager password you cannot manage the switch if there are no other management accounts on the u...

Страница 72: ...h the default gateway The switch must also have a default gateway if the network devices are not members of the same subnet as the management IP address The default gateway specifies the IP address of...

Страница 73: ...right that constitute the network portion of the address For example the decimal masks 16 and 24 are equivalent to masks 255 255 0 0 and 255 255 255 0 respectively awplus config if exit Return to the...

Страница 74: ...the ports as untagged ports to the VLAN with the SWITCHPORT ACCESS VLAN command awplus config if exit Return to the Global Configuration mode awplus config interface vlan5 Use the INTERFACE VLAN comma...

Страница 75: ...go to either the Privileged Exec mode or the User Exec mode From the Privileged Exec mode enter either the EXIT or LOGOUT to end a management session awplus exit or awplus logout From the User Exec mo...

Страница 76: ...Chapter 2 Starting a Management Session 76...

Страница 77: ...mmand Line Management This chapter contains the following sections Clearing the Screen on page 78 Displaying the On line Help on page 79 Saving Your Configuration Changes on page 81 Ending a Managemen...

Страница 78: ...you can start fresh by entering the CLEAR SCREEN command in the User Exec or Privileged Exec mode If you are in a lower mode you have to move up the mode hierarchy to one of these modes to use the co...

Страница 79: ...tem simply displays the previous keyword Typing a question mark at the point in a command where a value is required displays a value s class that is integer string etc The example in Figure 27 on page...

Страница 80: ...d Line Management 80 Figure 27 Displaying the Class of a Parameter awplus enable awplus configure terminal awplus config hostname STRING sysName awplus enable awplus configure terminal awplus config h...

Страница 81: ...ING CONFIG STARTUP CONFIG command both of which are found in the Privileged Exec mode When you enter either of these commands the switch copies its running configuration into the active boot configura...

Страница 82: ...go to either the Privileged Exec mode or the User Exec mode From the Privileged Exec mode enter either the EXIT or LOGOUT to end a management session awplus exit or awplus logout From the User Exec mo...

Страница 83: ...with the current settings from the switch DISABLE on page 90 Privileged Exec Returns you to the User Exec mode from the Privileged Exec mode DO on page 91 Global Configuration Performs Privileged Exe...

Страница 84: ...98 All modes except the User Exec and Privileged Exec Moves you up one mode WRITE on page 99 Privileged Exec Updates the active boot configuration file with the current settings of the switch Table 5...

Страница 85: ...available parameters Note You must type a space between a keyword and the question mark Otherwise the on line help returns the previous keyword Typing after a keyword or parameter that requires a valu...

Страница 86: ...ine Management Commands 86 This example displays the class of the value for the SPANNING TREE HELLO TIME command in the Global Configuration mode awplus enable awplus configure terminal awplus config...

Страница 87: ...0 Switch Command Line User s Guide 87 CLEAR SCREEN Syntax clear screen Parameters None Modes User Exec and Privileged Exec modes Description Use this command to clear the screen Example awplus clear s...

Страница 88: ...mands 88 CONFIGURE TERMINAL Syntax configure terminal Parameters None Mode Privileged Exec mode Description Use this command to move from the Privileged Exec mode to the Global Configuration mode Exam...

Страница 89: ...When you enter the command the switch copies its parameter settings into the active boot configuration file The switch saves only those parameters that are not at their default settings Note Paramete...

Страница 90: ...DISABLE Syntax disable Parameters None Mode Privileged Exec mode Description Use this command to return to the User Exec mode from the Privileged Exec mode Example The following command returns the s...

Страница 91: ...d Exec mode commands To view the available commands type a question mark after the DO command Examples This example displays all of the Privileged Exec mode commands you may perform using the DO comma...

Страница 92: ...Syntax enable Parameters None Mode User Exec mode Description Use this command to move from the User Exec mode to the Privileged Exec mode Example The following command moves the prompt from the User...

Страница 93: ...yntax end Parameters None Mode All modes below the Global Configuration mode Description Use this command to return to the Privileged Exec mode Example The following command returns the prompt to the...

Страница 94: ...ve down one mode in the mode hierarchy in all modes except the User Exec and Privileged Exec modes Using the EXIT command in the User Exec and Privileged Exec modes terminates the management session E...

Страница 95: ...ethods To set this parameter for local management sessions enter the command in the Console Line mode To set this parameter for the ten VTY lines for remote Telnet and SSH sessions enter the same comm...

Страница 96: ...d Line Management Commands 96 This example returns the number of lines to the default setting for local management sessions awplus enable awplus configure terminal awplus config line console 0 awplus...

Страница 97: ...Description Use this command to end a management session Note Entering the EXIT command in either the User Exec or Privileged Exec mode also ends a management session Example This example shows the s...

Страница 98: ...se this command to move up one mode in the mode hierarchy This command is almost identical to the EXIT command The difference is that unlike the EXIT command the QUIT command cannot be used to end a m...

Страница 99: ...he switch copies its parameter settings into the active boot configuration file The switch saves only those parameters that are not at their default settings Note Parameter changes that are not saved...

Страница 100: ...Chapter 4 Basic Command Line Management Commands 100...

Страница 101: ...101 Chapter 5 Temperature and Fan Control Overview Overview on page 102 Displaying the System Environmental Status on page 103 Controlling Eco Mode LED on page 104...

Страница 102: ...n modules Checking this information helps you to identify potential hardware issues before they become problems To check the switch s environmental and saving energy status and turn on and off the por...

Страница 103: ...c or Privileged Exec mode and enter the command awplus show system environment Figure 28 shows an example of the information the command displays The columns are described in SHOW SYSTEM ENVIRONMENT o...

Страница 104: ...Eco Mode LED control to conserve additional power on the port LEDs The Eco Mode LED is an eco friendly feature that turns off the port LEDs when they are not necessary To enable Eco Mode LED control e...

Страница 105: ...106 Global Configuration Turns off the port LEDs on the switch to save power NO ECOFRIENDLY LED on page 107 Global Configuration Turns on the port LEDs on the switch SHOW ECOFRIENDLY on page 108 Priv...

Страница 106: ...ECOFRIENDLY LED Syntax ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn off the port LEDs on the switch to save power Confirmation Command SHOW ECOF...

Страница 107: ...ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn on the port LEDs on the switch Confirmation Command SHOW ECOFRIENDLY on page 108 Example The followi...

Страница 108: ...ec mode Description Use this command to display the power saving status of the port LEDs An example of the information the command displays is shown in Figure 29 Figure 29 SHOW ECOFRIENDLY Command Exa...

Страница 109: ...ure 30 SHOW SYSTEM ENVIRONMENT Command The columns in the display are described here Table 7 SHOW SYSTEM ENVIRONMENT Command Parameter Description Switch Model Indicates a model name of the switch ID...

Страница 110: ...e The following example displays environmental information for the switch awplus show system environment Reading Indicates the current reading of the item Status Indicates the status of the item Table...

Страница 111: ...n page 285 Chapter 14 IPv4 and IPv6 Management Address Commands on page 299 Chapter 15 Simple Network Time Protocol SNTP Client on page 323 Chapter 16 SNTP Client Commands on page 331 Chapter 17 MAC A...

Страница 112: ...112...

Страница 113: ...ngs on page 116 Manually Setting the Date and Time on page 117 Pinging Network Devices on page 118 Resetting the Switch on page 119 Restoring the Default Settings to the Switch on page 120 Setting the...

Страница 114: ...nsist of up to 39 alphanumeric characters Spaces punctuation special characters and quotation marks are not permitted This example assigns the name Switch12 to the switch awplus enable awplus configur...

Страница 115: ...paces and special characters are allowed To view the information use the SHOW SYSTEM command in the User Exec and Privileged Exec modes Here is an example that assigns the switch this contact and loca...

Страница 116: ...mode The settings which are displayed in their equivalent command line commands are limited to just those parameters that have been changed from their default values The information includes new sett...

Страница 117: ...rst three letters For example June is Jun The first letter must be uppercase and the second and third letters lowercase yyyy Use this variable to specify the year The year must be specified in four di...

Страница 118: ...switch to send ICMP Echo Requests to a network device known by the IP address 149 122 14 15 awplus enable awplus ping 149 122 14 15 The results of the ping are displayed on the screen Note To send ICM...

Страница 119: ...r and complexity of the commands in the active boot configuration file Note Any configuration changes that have not been saved in the active boot configuration file are discarded when you reset the sw...

Страница 120: ...o delete the active boot configuration file One way is with the DELETE command in the Privileged Exec mode Here is the format of the command delete filename cfg This example deletes the active boot co...

Страница 121: ...active boot configuration file you can rename it with the MOVE command in the Privileged Exec mode and then reset the switch Here is the format of the MOVE command move filename1 cfg filename2 cfg The...

Страница 122: ...an example to set the baud rate of the Console port on the switch to 57600 bps Example 1 awplus enable awplus configure terminal awplus config conf baud rate set 57600 awplus config Enter configuratio...

Страница 123: ...000 Switch Command Line User s Guide 123 Note The baud rate is the only adjustable parameter on the Console port For reference information refer to BAUD RATE SET on page 139 and SHOW BAUD RATE on page...

Страница 124: ...er this command in different modes depending on the timer you want to set The timer for local management sessions is set in the Line Console mode which is accessed using the LINE CONSOLE 0 command fro...

Страница 125: ...VTY lines This example sets the management session timer to 8 minutes on VTY line 2 awplus enable awplus configure terminal awplus config line vty 2 awplus config line exec timeout 8 This example set...

Страница 126: ...n manage the unit at a time You set the maximum number of sessions with the SERVICE MAXMANAGER command in the Global Configuration mode The default is three manager sessions This example sets the maxi...

Страница 127: ...d SSH management sessions The display banner displays the contents of the login banner The User Exec and Privileged Exec modes banner is displayed above the command line prompts of these two modes aft...

Страница 128: ...ode This example of the BANNER MOTD command assigns the switch the message of the day banner in Figure 33 on page 127 awplus enable awplus configure terminal awplus config banner motd Type CTRL D to f...

Страница 129: ...ves the message of the day banner awplus enable awplus configure terminal awplus config no banner motd This example removes the login banner awplus enable awplus configure terminal awplus config no ba...

Страница 130: ...Chapter 7 Basic Switch Management 130...

Страница 131: ...page 141 Privileged Exec Restores the default settings to all the parameter settings on the switch EXEC TIMEOUT on page 142 Line Console Sets the console timer which is used to end inactive management...

Страница 132: ...active boot configuration file SHOW SWITCH on page 159 Privileged Exec Displays general information about the switch SHOW SYSTEM on page 161 User Exec Displays general information about the switch SH...

Страница 133: ...nter the command the Type CTRL D to finish prompt is displayed Enter a banner message of up to 256 characters Spaces and special characters are allowed When you are finished press CTRL D To remove the...

Страница 134: ...Chapter 8 Basic Switch Management Commands 134 This example deletes the banner awplus enable awplus configure terminal awplus config no banner exec...

Страница 135: ...the command the Type CTRL D to finish prompt is displayed on your screen Enter a login message of up to 4 000 characters Spaces and special characters are allowed When you are finished press CTRL D T...

Страница 136: ...Chapter 8 Basic Switch Management Commands 136 This example removes the login banner awplus enable awplus configure terminal awplus config no banner login...

Страница 137: ...the command the Type CTRL D to finish prompt is displayed Enter a message of the day banner of up to 256 characters Spaces and special characters are allowed When you are finished press CTRL D To rem...

Страница 138: ...Chapter 8 Basic Switch Management Commands 138 This example removes the message of the day banner awplus enable awplus configure terminal awplus config no banner motd...

Страница 139: ...switch Note If you change the baud rate of the serial terminal port during a local management session your session will be interrupted To resume the session you must change the speed of your terminal...

Страница 140: ...and the second and third letters lowercase year Specifies the year The year must be specified in four digits for example 2011 or 2012 Mode Privileged Exec mode Confirmation Command SHOW CLOCK on page...

Страница 141: ...management software Some network traffic may be lost To resume managing the switch after restoring the default settings you must establish a local management session from the Console port Remote manag...

Страница 142: ...active by the switch if there is no management activity for the duration of a timer Local management sessions which are conducted through the Console port on the switch and remote Telnet and SSH sessi...

Страница 143: ...mmand Line User s Guide 143 This example sets the session timer for the first vty 0 Telnet or SSH session to 5 minutes awplus enable awplus configure terminal awplus config line vty 0 awplus config li...

Страница 144: ...the description displayed on the screen Figure 34 HELP Command Example This example displays the HELP command awplus help When you need help at the command line press If nothing matches the help list...

Страница 145: ...al characters and quotation marks are not permitted Mode Global Configuration mode Description Use this command to assign the switch a name The switch displays the name in the command line prompt in p...

Страница 146: ...Console mode to set the session timer and to activate or deactivate remote authentication for local management sessions Example The following example enters the Line Console mode to set the session t...

Страница 147: ...or a range of VTY lines to set the session timer or to activate or deactivate remote authentication for Telnet or SSH management sessions Refer to EXEC TIMEOUT on page 142 to set session timeout valu...

Страница 148: ...obal Configuration mode Description Use this command to delete the switch s name without assigning a new name Example This example deletes the current name of the switch without assigning a new value...

Страница 149: ...tween the switch and another network device such as a RADIUS server or a Telnet client or to troubleshoot communication problems To ping an IPv6 address see PING IPv6 on page 151 In order to specify t...

Страница 150: ...ch Management Commands 150 Example This command instructs the switch to ping a network device with the IP address 149 122 14 15 awplus enable awplus ping 149 122 14 15 The results of the ping are disp...

Страница 151: ...quivalent 12c4 421e 09a8 0000 0000 0000 00a4 1c50 12c4 421e 09a8 a4 1c50 X X X X repeat 1 99 Specifies the number of times the ping is sent The default is 4 times size 36 18024 Indicates the packet si...

Страница 152: ...lost The reset can take from 10 seconds to two minutes depending on the number and complexity of the commands in the active boot configuration file Note The switch discards any configuration changes...

Страница 153: ...traffic may be lost The reset can take from 10 seconds to 2 minutes depending on the number and complexity of the commands in the active boot configuration file Note The switch discards any configura...

Страница 154: ...Use this command to set the maximum number of manager sessions that can be open on the switch simultaneously This feature makes it possible for more than one person to manage the unit at one time The...

Страница 155: ...the contents of the banner login file configured with the BANNER LOGIN command A sample of the display is shown below Figure 35 SHOW BANNER LOGIN Command Example This example displays the contents of...

Страница 156: ...r local management sessions of the switch Here is an example of the information Figure 36 SHOW BAUD RATE Command To set the baud rate refer to BAUD RATE SET on page 139 Note The baud rate is the only...

Страница 157: ...Guide 157 SHOW CLOCK Syntax show clock Parameters None Modes User Exec mode Description Use this command to display the system s current date and time Example This example displays the system s curre...

Страница 158: ...mands The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file Parameters at...

Страница 159: ...plication Software Version The version number of the management software Application Software Build Date The date and time when Allied Telesis released this version of the management software MAC Addr...

Страница 160: ...tch ends management sessions if they are inactive for the length of the timer To set the timer refer to EXEC TIMEOUT on page 142 Telnet Server Status The status of the Telnet server The switch can be...

Страница 161: ...nd Example This example displays general information about the switch awplus show system Switch System StatusFri 18 Nov 2011 00 37 26 BoardBoard NameRevSerial Number BaseAT 9000 28 R1S05525A090200007...

Страница 162: ...ters None Mode User Exec and Privileged Exec modes Description Use this command to display the serial number of the switch Figure 39 is an example of the output Figure 39 SHOW SYSTEM SERIALNUMBER Comm...

Страница 163: ...th a web browser application or an SNMP application Figure 40 displays an example of the information Figure 40 SHOW USERS Command The columns are described in Table 10 Table 10 SHOW USERS Command Para...

Страница 164: ...u just entered the SHOW USERS command Location The network device from which the manager is accessing the switch A device connected to the Console port is identified by ttys0 while remote Telnet and S...

Страница 165: ...r and build date of the management software Figure 41 displays an example of the information Figure 41 SHOW VERSION Command Example This example displays the management software version number awplus...

Страница 166: ...act information to the switch The contact information is usually the name of the person who is responsible for managing the unit To remove the current contact information without adding a new contact...

Страница 167: ...this command to add location information to the switch To remove the current location information without adding new information use the NO form of this command Confirmation Command SHOW SYSTEM on pa...

Страница 168: ...ing australia china europe japan korea nz New Zealand usa Mode Global Configuration mode Description Use this command to specify the territory of the switch The territory setting is not currently used...

Страница 169: ...AT 9000 Switch Command Line User s Guide 169 This example removes the current territory information awplus enable awplus configure terminal awplus config no system territory...

Страница 170: ...Chapter 8 Basic Switch Management Commands 170...

Страница 171: ...g or Disabling Backpressure on page 177 Enabling or Disabling Flow Control on page 178 Resetting Ports on page 181 Configuring Threshold Limits for Ingress Packets on page 182 Displaying Threshold Lim...

Страница 172: ...move the current description from a port without assigning a new description use the NO form of this command This example assigns the name printer22 to port 15 awplus enable awplus configure terminal...

Страница 173: ...o activates Auto Negotiation for duplex mode You should review the following information before configuring the ports Auto Negotiation may be activated separately for speed and duplex mode on a port F...

Страница 174: ...gure terminal awplus config interface port1 0 2 port1 0 4 awplus config if speed 10 awplus config if duplex full This example sets the speed on port 15 to Auto Negotiation and the duplex mode to half...

Страница 175: ...is the POLARITY command in the Port Interface mode Here is the format of the command polarity auto mdi mdix The AUTO setting activates auto MDI MDIX which enables a port to detect the wiring configura...

Страница 176: ...disable ports use the SHUTDOWN command in the Port Interface mode To enable ports again use the NO SHUTDOWN command This example disables ports 1 to 4 awplus enable awplus configure terminal awplus co...

Страница 177: ...x modes manually If you enable backpressure the default setting a port initiates backpressure when it needs to prevent a buffer overrun from packet congestion If you disable backpressure a port does n...

Страница 178: ...OWCONTROL SEND command controls whether or not a port sends pause packets during periods of packet congestion If you set it to ON the port sends pause packets when it reaches the point of packet conge...

Страница 179: ...low control use the NO FLOWCONTROL command in the Port Interface mode This example disables flow control on ports 22 and 23 awplus enable awplus configure terminal awplus config interface port1 0 22 p...

Страница 180: ...Chapter 9 Port Parameters 180 If flow control is not configured on a port this message is displayed Flow control is not set on interface port1 0 2...

Страница 181: ...the Port Interface mode This command performs a hardware reset The port parameter settings are retained The reset takes just a second or two to complete This example resets ports 16 and 17 awplus ena...

Страница 182: ...ronym for database lookup failure is for unknown unicast packets The VALUE parameter specifies the maximum permitted number of ingress packets per second a port will accept The range is 0 to 33 554 43...

Страница 183: ...no storm control broadcast This example disables unknown unicast rate limiting on port 5 6 and 15 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 6 port1 0 15 awplus...

Страница 184: ...ion the command displays Figure 43 SHOW STORM CONTROL Command The columns are described in Table 15 on page 227 If the parameter port is not specified the command displays the threshold settings on al...

Страница 185: ...plished with the RENEGOTIATE command in the Port Interface mode The command does not have any parameters A port must already be set to Auto Negotiation before you can use this command This example pro...

Страница 186: ...a port use the PURGE command in the Port Interface mode This example returns ports 12 13 and 15 to their default settings awplus enable awplus configure terminal awplus config interface port1 0 12 po...

Страница 187: ...and 20 awplus show interface port1 0 18 port1 0 20 status Here is an example of the information the command displays Figure 45 SHOW INTERFACE STATUS Command The columns are described in Table 15 on p...

Страница 188: ...NNING CONFIG INTERFACE Command For a description of the command see SHOW RUNNING CONFIG INTERFACE on page 232 Interface port1 0 1 Link is UP administrative state is UP Address is 0015 77cc e243 index...

Страница 189: ...of the command show platform table port port counters This example displays the statistics for ports 23 and 24 awplus show platform table port port1 0 23 port1 0 24 counter The statistics are describ...

Страница 190: ...BLE command in the Privileged Exec mode Here is the format of the command show system pluggable For more information about this command see SHOW SYSTEM PLUGGABLE on page 235 To view more detail inform...

Страница 191: ...S RATE LIMIT on page 202 Port Interface Sets a limit on the amount of traffic that can be transmitted per second from the port FCTRLLIMIT on page 203 Port Interface Specifies threshold levels for flow...

Страница 192: ...HOW INTERFACE STATUS on page 227 Privileged Exec Displays the speed and duplex mode settings of the ports SHOW PLATFORM TABLE PORT COUNTERS on page 229 Privileged Exec Displays packet statistics for t...

Страница 193: ...CONTROL on page 241 Port Interface Sets a maximum limit of the number of broadcast multicast or unknown unicast packets forwarded by a port Table 11 Port Parameter Commands Continued Command Mode Des...

Страница 194: ...buffer overrun and the subsequent loss and retransmission of network packets A port initiates backpressure by transmitting on the shared link to cause a data collision which causes its link partner to...

Страница 195: ...configures ports 8 and 21 to 100 Mbps half duplex mode with backpressure disabled awplus enable awplus configure terminal awplus config interface port1 0 8 port1 0 21 awplus config if speed 100 awplu...

Страница 196: ...default value is 7935 cells Mode Port Interface mode Description Use this command to specify a threshold level for backpressure on a port Confirmation Command SHOW RUNNING CONFIG on page 158 Example T...

Страница 197: ...r You can specify more than one port at a time in the command Mode User Exec mode and Privileged Exec mode Description Use this command to clear the packet counters of the ports To display the counter...

Страница 198: ...entify if they have descriptions Use the NO form of this command to remove descriptions from ports without assigning new descriptions Note The POWER INLINE DESCRIPTION command is used to describe powe...

Страница 199: ...ommand Line User s Guide 199 This example removes the current name from port 11 without assigning a new name awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if...

Страница 200: ...end and receive packets simultaneously Note To avoid a duplex mode mismatch between switch ports and network devices do not select Auto Negotiation on ports that are connected to network devices on wh...

Страница 201: ...11 half duplex awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if duplex half This example configures the duplex mode with Auto Negotiation on port 15 awplus e...

Страница 202: ...s per second Mode Port Interface mode Description Use this command to set a limit on the amount of traffic that can be transmitted per second from the port Confirmation Command SHOW RUNNING CONFIG on...

Страница 203: ...35 cells The default value is 7935 cells Mode Port Interface mode Description Use this command to specify threshold levels for flow control on the ports Confirmation Command SHOW RUNNING CONFIG on pag...

Страница 204: ...time to process the packets already in their buffers A port that is experiencing traffic congestion initiates flow control by sending pause packets These packets instruct the link partner to stop tra...

Страница 205: ...perating in full duplex mode Confirmation Command SHOW FLOWCONTROL INTERFACE on page 219 Examples This example configures port 19 to 100 Mbps full duplex mode with both the send and receive parts of f...

Страница 206: ...ing periods of traffic congestion But the receive portion is enabled so that the ports respond to pause packets from their network counterparts by temporarily ceasing transmission awplus enable awplus...

Страница 207: ...bed port can prevent other ports from forwarding packets to each other because ingress packets on a port are buffered in a First In First Out FIFO manner If a port has at the head of its ingress queue...

Страница 208: ...of the storage capacity of port D exceeds the threshold the switch signals the other ports to discard packets destined for port D Port A drops the D packets enabling it to once again forward packets t...

Страница 209: ...ce mode Description Use this command to disable egress rate limiting on the ports Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example disable egress rate limiting on the ports 4...

Страница 210: ...t Interface mode Description Use this command to disable flow control on ports Confirmation Command SHOW FLOWCONTROL INTERFACE on page 219 Example This example disables flow control on port 16 awplus...

Страница 211: ...e Description Use this command to enable ports so that they forward packets again This is the default setting for a port Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example enabl...

Страница 212: ...the ports of the switch The switch does not send traps when a port on which link trap is disabled experiences a change in its link state i e goes up or down Confirmation Command SHOW INTERFACE on pag...

Страница 213: ...on page 158 Examples This example removes the threshold limit for broadcast packets on port 12 awplus enable awplus configure terminal awplus config interface port1 0 12 awplus config if no storm con...

Страница 214: ...perating at 10 or 100 Mbps can have one of two wiring configurations known as MDI medium dependent interface and MDI X medium dependent interface crossover To forward traffic a port on the switch and...

Страница 215: ...configuration awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 18 awplus config if polarity mdix This example activates auto MDI MDIX on ports 1 to 3 awplus enable awp...

Страница 216: ...to these port parameters Enabled status NO SHUTDOWN Description Speed Duplex mode MDI MDI X Flow control Backpressure Head of line blocking threshold Backpressure cells Example This example restores...

Страница 217: ...s speed and duplex mode with its network device You might use this command if you believe that a port and a network device did not establish the highest possible common settings during the Auto Negoti...

Страница 218: ...and to perform a hardware reset on the ports The ports retain their parameter settings The reset takes only a second or two to complete You might reset a port if it is experiencing a problem Example T...

Страница 219: ...Command The fields are described in Table 12 Table 12 SHOW FLOWCONTROL INTERFACE Command Parameter Description Port Port number Send admin Whether or not flow control is active on the transmit side of...

Страница 220: ...displays the flow control settings for port 2 awplus show flowcontrol interface port1 0 2 RxPause The number of received pause packets TxPause The number of transmitted pause packets Table 12 SHOW FL...

Страница 221: ...port whose current status you want to view You can display more than one port at a time To display all the ports do not include this parameter Modes Privileged Exec mode Description Use this command t...

Страница 222: ...put packets 0 bytes 0 dropped 0 multicast packets 0 output packets 0 bytes 0 multicast packets 0 broadcast packets 0 Interface port1 0 2 Link is UP administrative state is UP Address is 0015 77cc e244...

Страница 223: ...m packet size of the ports The ports have a maximum packet size of 9198 bytes This is not adjustable Unknown Ingress Egress Multicast Blocking The status of multicast blocking on the port To set multi...

Страница 224: ...r Commands 224 Examples This command displays the current operational state of all the ports awplus show interface This command displays the current operational state of ports 1 to 4 awplus show inter...

Страница 225: ...ed in Table 14 Table 14 SHOW INTERFACE BRIEF Command Field Description Interface Indicates the port number Status Indicates the administrative state of the port The administrative state is DOWN if the...

Страница 226: ...ink statuses of all of the ports on the switch awplus show interface brief Protocol Indicates the status of the link on the port This field is UP when the port has a link with a network device and DOW...

Страница 227: ...mmand The fields are described in Table 15 PortNameStatus Vlan Duplex SpeedType port1 0 1Port_01down3 half 10010 100 1000Base T port1 0 2Port_02up11 auto auto10 100 1000Base T port1 0 2Port_02up2 auto...

Страница 228: ...interface port1 0 17 port1 0 18 status Duplex The duplex mode setting of the port The setting can be half full or auto for Auto Negotiation To set the duplex mode refer to DUPLEX on page 200 Speed The...

Страница 229: ...witch The statistics are described in Table 16 To clear the packet counters refer to CLEAR PORT COUNTER on page 197 Table 16 SHOW PLATFORM TABLE PORT COUNTERS Command Parameter Description 64 65 127 1...

Страница 230: ...port has encountered UnsupportOpcode Number of MAC Control frames with unsupported opcode UndersizePkts Number of frames that were less than the minimum length as specified in the IEEE 802 3 standard...

Страница 231: ...discarded prior to transmission because of an error ipInHdrErrors Number of ingress packets that were discarded because of a hardware error Miscellaneous Counters MAC TxErr Number of frames not trans...

Страница 232: ...f the ports The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file An exam...

Страница 233: ...hows an example of the information when you enter the following command awplus show storm control port1 0 15 Figure 54 SHOW STORM CONTROL Command See Table 17 for a description of the table headings T...

Страница 234: ...mmand displays the settings of ports 15 and 18 awplus show storm control port1 0 15 port1 0 18 DlfLevel Indicates the maximum number of unknown unicast packets destination lookup failure DLF packets p...

Страница 235: ...nd to display information about the SFP modules in the switch Figure 55 SHOW SYSTEM PLUGGABLE Command Example This example displays SFP module information awplus show system pluggable System Pluggable...

Страница 236: ...igure 56 SHOW SYSTEM PLUGGABLE DETAIL Command The OM1 field specifies the link length supported by the pluggable transceiver using 62 5 micron multi mode fiber The OM2 field specifies the link length...

Страница 237: ...hat are unused to secure them from unauthorized use or that are having problems with network cables or their link partners The default setting for the ports is enabled To reactivate a port refer to NO...

Страница 238: ...state To disable link traps on a port refer to NO SNMP TRAP LINK STATUS on page 212 Note For the switch to send SNMP traps you must activate SNMP and specify one or more trap receivers For instructio...

Страница 239: ...uplex operation a twisted pair port must be set to Auto Negotiation Mode Port Interface mode Description Use this command to manually set the speeds of the twisted pair ports or to activate Auto Negot...

Страница 240: ...Chapter 10 Port Parameter Commands 240 This example activates Auto Negotiation on port 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if speed auto...

Страница 241: ...0 to 33 554 431 packets Mode Port Interface mode Description Use this command to set maximum thresholds for the ingress packets on the ports Ingress packets that exceed the thresholds are discarded by...

Страница 242: ...example sets the maximum threshold level of 100 000 packets per second for ingress multicast packets on port 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config i...

Страница 243: ...Disabling PoE on page 246 Adding PD Descriptions to Ports on page 248 Prioritizing Ports on page 249 Managing the Maximum Power Limit on Ports on page 250 Managing Legacy PDs on page 251 Monitoring P...

Страница 244: ...hat provides PoE to other network devices is referred to as power sourcing equipment PSE The AT 9000 12PoE and AT 9000 28PoE switches are PSE devices providing DC power to the network cable and functi...

Страница 245: ...itization The ports on the PoE switch are assigned to one of three priority levels These levels and descriptions are listed in Table 19 Without enough power to support all the ports set to the same pr...

Страница 246: ...le and enable PoE Globally all the ports on the switch at a time Individually on a port basis To enable PoE globally use the SERVICE POWER INLINE command in the Global Configuration mode See SERVICE P...

Страница 247: ...Command Line User s Guide 247 This example disables PoE individually on port 5 to port 8 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 8 awplus config if no power...

Страница 248: ...ION on page 267 To remove the current description from the port without assigning a new one use the NO POWER INLINE DESCRIPTION command See NO POWER INLINE DESCRIPTION on page 259 This example adds a...

Страница 249: ...priority level to the PDs See POWER INLINE PRIORITY on page 270 To reset the priority level to the default Low level use the NO POWER INLINE PRIORITY command See NO POWER INLINE PRIORITY on page 262 T...

Страница 250: ...IP phone to port 1 on the PoE switch The switch detects that the power class of the IP phone is 2 The maximum power output from the switch for a PD of class 2 is 7 0 watts Thus the switch sets 7 0 wa...

Страница 251: ...egacy PDs as valid PDs use the POWER INLINE ALLOW LEGACY command to provide power to legacy PDs See POWER INLINE ALLOW LEGACY on page 266 To disable the switch to detect legacy PDs as valid PDs use th...

Страница 252: ...n Table 20 Note You have to configure SNMP to use the trap For instructions refer to Chapter 62 SNMPv1 and SNMPv2c on page 963 or Chapter 64 SNMPv3 Commands on page 999 This example configures the swi...

Страница 253: ...ports on the switch SHOW POWER INLINE COUNTERS Displays the PoE event counters for the ports SHOW POWER INLINE INTERFACE Displays PoE information of specified ports SHOW POWER INLINE INTERFACE DETAIL...

Страница 254: ...the information the command displays The columns are described in Table 25 on page 280 Figure 59 SHOW POWER INLINE INTERFACE DETAIL Command Interface Admin Pri Oper Power Device Class Max mW port1 0 1...

Страница 255: ...261 Port Interface Restores a port s power limit to the default value NO POWER INLINE PRIORITY on page 262 Port Interface Restores a port s priority setting to the default Low level NO POWER INLINE U...

Страница 256: ...WER INLINE on page 274 Privileged Exec Displays switch and port PoE information SHOW POWER INLINE COUNTERS INTERFACE on page 277 Privileged Exec Displays the port PoE event counters SHOW POWER INLINE...

Страница 257: ...Privileged Exec mode Description Use this command to clear the PoE port event counters To clear all of the port counters do not enter a port number Confirmation Command SHOW POWER INLINE COUNTERS INT...

Страница 258: ...Legacy PDs are PoE devices that were designed before the IEEE 802 3af and IEEE 802 3at PoE standards were finalized This is the default setting for the ports Confirmation Command SHOW POWER INLINE INT...

Страница 259: ...mand to delete PD descriptions from the ports Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAIL on page 280 Example The fol...

Страница 260: ...ot transmit power when PoE is disabled but they do forward network traffic Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAI...

Страница 261: ...mits are based on the power classes of the PDs See Managing the Maximum Power Limit on Ports on page 250 for details Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on...

Страница 262: ...ore the default Low priority setting to the ports Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAIL on page 280 Example Thi...

Страница 263: ...mmand to reset the power usage threshold to the default 80 The switch sends an SNMP power inline trap if the power requirements of the switch and PDs exceed the defined threshold Confirmation Command...

Страница 264: ...The ports do not transmit power to the PDs when PoE is disabled but they do forward network traffic The default setting for PoE is enabled Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWE...

Страница 265: ...sable the transmission of SNMP power inline traps The switch sends this trap if the power requirements of the switch and PDs exceed the threshold set with POWER INLINE USAGE THRESHOLD on page 272 Conf...

Страница 266: ...y PDs are PoE devices that were designed before the IEEE 802 3af and IEEE 802 3at PoE standards were finalized The default setting is no support for legacy PDs Confirmation Commands SHOW POWER INLINE...

Страница 267: ...e ports to make the ports and PDs easier to identify Note To add a general description to a port use the DESCRIPTION command For more information see DESCRIPTION on page 198 Confirmation Commands SHOW...

Страница 268: ...mmand to enable PoE on the ports This is the default setting Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAIL on page 280...

Страница 269: ...ount of power a port may transmit to a PD Ports can have different limits The default power limits are based on the classes of the PDs See Managing the Maximum Power Limit on Ports on page 250 for det...

Страница 270: ...ng power This level is the default setting Mode Port Interface mode Description Use this command to assign PoE priority levels to the ports The priority levels are Low High and Critical Ports connecte...

Страница 271: ...mmand Line User s Guide 271 Example This example assigns the Critical priority level to port 5 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if power inline p...

Страница 272: ...Use this command to set a threshold of the switch s total available system and PoE power An SNMP trap is transmitted if the requirements of the switch and the PDs exceed the threshold To activate the...

Страница 273: ...scription Use this command to enable PoE on the switch This is the default setting Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFA...

Страница 274: ...us Nominal Power 490W Power Allocated 346 0W Actual Power Consumption 151 0W Operational Status On Power Usage Threshold 80 392W PoE Interface Interface Admin Pri Oper Power mW DeviceClassMax mW port1...

Страница 275: ...A SNMP trap is transmitted if the power requirements of the switch and PDs exceed the threshold This parameter is set with POWER INLINE USAGE THRESHOLD on page 272 PoE Interface A table of port PoE in...

Страница 276: ...witch is exceeding the total available power Test The port is in a test mode Power The port s current power consumption in milliwatts mW Device The port s PD description This parameter is set with POW...

Страница 277: ...61 SHOW POWER INLINE COUNTERS INTERFACE Command The fields are described in Table 24 PoE Counters Interface MPSAbsent Overload Short Invalid Denied port1 0 4 0 0 0 0 0 port1 0 5 0 0 0 0 0 port1 0 6 0...

Страница 278: ...t counters for ports 4 to 6 awplus show power inline counters interface port1 0 4 port1 0 6 Denied The number of times the port had to deny power to the PD because the switch had reached its maximum p...

Страница 279: ...OW POWER INLINE INTERFACE Command This command displays a subset of the information the SHOW POWER INLINE command displays The fields are described in Table 23 on page 275 Example This example display...

Страница 280: ...3 Figure 63 SHOW POWER INLINE INTERFACE DETAIL Command The fields are described in Table 25 Interface port1 0 1 Powered device type Desk Phone 1 PoE admin enabled Priority Low Detection status Powered...

Страница 281: ...evel This is default level High the higher priority level Crit the critical or highest priority level Detection status The PoE operating status of the port The possible status are listed here Powered...

Страница 282: ...ces The status of support for a legacy PD on the port Enabled The port supports legacy devices Disabled The port does not support legacy devices Support for legacy devices is enabled with POWER INLINE...

Страница 283: ...tivate the transmission of the SNMP power inline trap The trap is sent if the power requirements of the switch and PDs exceed the power limit threshold set with POWER INLINE USAGE THRESHOLD on page 27...

Страница 284: ...Chapter 12 Power Over Ethernet Commands 284...

Страница 285: ...Management Addresses This chapter contains the following information Overview on page 286 Assigning an IPv4 Management Address and Default Gateway on page 289 Assigning an IPv6 Management Address and...

Страница 286: ...or along with an IPv6 address Table 26 Features Requiring an IP Management Address on the Switch Feature Description Supported by IPv4 Address Supported by IPv6 Address 802 1x port based network acces...

Страница 287: ...to the switch yes no Syslog client Used to send the event messages from the switch to syslog servers on your network for storage yes no TACACS client Used for remote management authentication using a...

Страница 288: ...e switch does not support the assignment of an IPv6 management address from a DHCP server or by IPv6 auto assignment You must also assign the switch a default gateway if the management devices syslog...

Страница 289: ...address For instructions refer to Chapter 47 Port based and Tagged VLANs on page 717 Here is the format of the command ip address ipaddress mask dhcp The IPADDRESS parameter is the IPv4 management ad...

Страница 290: ...The VLAN is assigned the VID 17 and consists of untagged ports 5 and 6 The first series of commands create the new VLAN awplus enable Enter the Privileged Executive mode from the User Exec mode awplus...

Страница 291: ...sents the first hop to the networks in which the management devices reside The switch can have only one IPv4 default gateway and the address must be a member of the same subnet as the management IPv4...

Страница 292: ...to change the address or assign it to a different VLAN you have to delete it and recreate it with the necessary changes To delete a static IPv4 management address from the switch enter the NO IP ADDR...

Страница 293: ...witch is displayed in the first entry in the table and the default gateway address if assigned to the switch in the second entry Figure 64 displays an example of the information Figure 64 SHOW IP ROUT...

Страница 294: ...s refer to Chapter 47 Port based and Tagged VLANs on page 717 If the switch already has an IPv4 address the IPv6 address must be assigned to the same VLAN as that address Here is the format of the com...

Страница 295: ...ce vlan8 awplus config if ipv6 address 1857 80cf d54 1a 8f57 64 awplus config if exit Note You cannot use a DHCP server or SLAAC State Address Autoconfiguration to assign the switch a dynamic IPv6 add...

Страница 296: ...ipv6 route 0 389c be45 78 c45 8156 To verify the default route issue these commands awplus config if end awplus show ipv6 route Deleting an IPv6 Management Address and Default Gateway To delete a sta...

Страница 297: ...efault route is displayed first followed by the management address Figure 66 SHOW IPV6 ROUTE Command Another way to display just the management address is with the SHOW IPV6 INTERFACE command shown he...

Страница 298: ...Chapter 13 IPv4 and IPv6 Management Addresses 298...

Страница 299: ...address IPV6 ADDRESS on page 308 VLAN Interface Assigns the switch a static IPv6 management address IPV6 ROUTE on page 310 Global Configuration Assigns the switch an IPv6 default gateway address NO IP...

Страница 300: ...OW IPV6 INTERFACE on page 320 Privileged Exec Displays the IPv4 management address SHOW IPV6 ROUTE on page 321 Privileged Exec Displays the IPv6 management address and default gateway Table 27 Managem...

Страница 301: ...RS Syntax clear ipv6 neighbors Parameters None Mode Privileged Exec mode Description Use this command to clear all of the dynamic IPv6 neighbor entries Example This example clears all of the dynamic I...

Страница 302: ...asks 255 255 0 0 and 255 255 255 0 respectively Mode VLAN Interface mode Description Use this command to manually assign the switch an IPv4 management address You must perform this command from the VL...

Страница 303: ...which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip address 142 35 78 21 24 This example assigns the switch the IPv4 management address 116 15...

Страница 304: ...hich you want to assign the address The switch must have a management IPv4 address to support the features listed in Table 26 on page 286 The switch can have only one IPv4 address and it must be assig...

Страница 305: ...activates the DHCP client so that the switch obtains its IPv4 management address from a DHCP server on your network The address is applied to a VLAN with the VID 4 awplus enable awplus configure termi...

Страница 306: ...rk devices such as Telnet clients and syslog servers that are not members of the same subnet as its IPv4 address You must assign the switch a default gateway address if both of the following are true...

Страница 307: ...witch Command Line User s Guide 307 Example This example assigns the switch the IPv4 default gateway address 143 87 132 45 awplus enable awplus configure terminal awplus config ip route 0 0 0 0 0 143...

Страница 308: ...number that represents the number of bits from left to right that constitute the network portion of the address For example an address whose network designator consists of the first eight bytes would...

Страница 309: ...he IPv6 management address 4c57 17a9 11 190 a1d4 64 to the Default_VLAN which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ipv6 address 4c57 17a...

Страница 310: ...n address of an interface on a router or other Layer 3 device It defines the first hop to reaching the remote subnets or networks where the network devices are located You must assign the switch a def...

Страница 311: ...Command Line User s Guide 311 Example This example assigns the switch the IPv6 default gateway address 45ab 672 934c 78 17cb awplus enable awplus configure terminal awplus config ipv6 route 0 45ab 67...

Страница 312: ...mmand from the VLAN Interface mode of the VLAN to which the address is attached Note The switch uses the IPv4 management address to perform the features listed Table 26 on page 286 If you delete it th...

Страница 313: ...is attached This command also disables the DHCP client Note The switch uses the IPv4 management address to perform the features listed Table 26 on page 286 If you delete it the switch will not support...

Страница 314: ...ode Global Configuration mode Description Use this command to delete the current IPv4 default gateway The command must include the current default gateway Confirmation Command SHOW IP ROUTE on page 31...

Страница 315: ...ress is attached Note The switch uses the IPv6 management address to perform the features listed Table 26 on page 286 If you delete it the switch will not support the features unless it also has an IP...

Страница 316: ...iguration mode Description Use this command to delete the current IPv6 default gateway from the switch The command must include the current default gateway Confirmation Command SHOW IPV6 ROUTE on page...

Страница 317: ...the switch Figure 68 is an example of the information Figure 68 SHOW IP INTERFACE Command The Interface field is the VID of the VLAN to which the management IP address is assigned The IP Address field...

Страница 318: ...d in Table 28 Table 28 SHOW IP ROUTE Command Parameter Description Mask The masks of the management IP address and the default gateway address The mask of the default gateway is always 0 0 0 0 NextHop...

Страница 319: ...AT 9000 Switch Command Line User s Guide 319 Example The following example displays the routes on the switch awplus show ip route...

Страница 320: ...xample of the information Figure 70 SHOW IPV6 INTERFACE Command The fields are described in Table 29 Example The following example displays the IPv6 management address awplus show ipv6 interface Inter...

Страница 321: ...he switch Figure 71 is an example of the information The default route is display first followed by the management address Figure 71 SHOW IPV6 ROUTE Command Example The following example displays the...

Страница 322: ...Chapter 14 IPv4 and IPv6 Management Address Commands 322...

Страница 323: ...tion Overview on page 324 Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server on page 325 Configuring Daylight Savings Time and UTC Offset on page 326 Disabling the SNTP...

Страница 324: ...s Time For instructions refer to Configuring Daylight Savings Time and UTC Offset on page 326 You must specify the offset of the switch from Coordinated Universal Time UTC For instructions refer to Co...

Страница 325: ...n NTP or SNTP server use the NTP PEER command in the Global Configuration mode You can specify the IP address of only one server This example of the command specifies 1 77 122 54 as the IP address of...

Страница 326: ...ions refer to Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server on page 325 This table lists the commands you use to configure the daylight savings time and UTC offset...

Страница 327: ...Line User s Guide 327 In this example the client is configured for ST and a UTC offset of 2 hours and 45 minutes awplus enable awplus configure terminal awplus config no clock summer time awplus confi...

Страница 328: ...Disabling the SNTP Client To disable the SNTP client so that the switch does not obtain its date and time from an NTP or SNTP server use the NO PEER command in the Global Configuration mode awplus ena...

Страница 329: ...SHOW NTP ASSOCIATIONS Command The fields are described in Table 32 on page 339 To learn whether the switch has synchronized its time with the designated NTP or SNTP server use the SHOW NTP STATUS comm...

Страница 330: ...apter 15 Simple Network Time Protocol SNTP Client 330 Displaying the Date and Time To display the date and time use the SHOW CLOCK command in the User Exec mode or Privileged Exec mode awplus show clo...

Страница 331: ...ctivates Daylight Savings Time and enables Standard Time NO NTP PEER on page 335 Global Configuration Disables the NTP client NTP PEER on page 336 Global Configuration Specifies the IP address of the...

Страница 332: ...he switch is in a locale that uses DST you must remember to enable this when DST begins and disable when DST ends If the switch is in a locale that does not use DST set this option to disabled all the...

Страница 333: ...is 00 00 Mode Global Configuration mode Description Use this command to set the UTC offset which is used by the switch to convert the time from an SNTP or NTP server into local time You must configur...

Страница 334: ...e this command to disable Daylight Savings Time DST and activate Standard Time ST on the SNTP client Confirmation Command SHOW NTP ASSOCIATIONS on page 339 Examples The following example disables Dayl...

Страница 335: ...the SNTP client on the switch When the client is disabled the switch does not obtain its date and time from an SNTP or NTP server the next time it is reset or power cycled Confirmation Command SHOW N...

Страница 336: ...pecify the IP address of the SNTP or NTP server from which it is to obtain its date and time You can specify only one SNTP or NTP server After you enter this command the switch automatically begins to...

Страница 337: ...ete the IP address of the SNTP or NTP server and restore the client settings to the default values Confirmation Command SHOW NTP ASSOCIATIONS on page 339 Example The following example disables the SNT...

Страница 338: ...W CLOCK Syntax show clock Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the switch s date and time Example The following example displays the sw...

Страница 339: ...SHOW NTP ASSOCIATIONS Command Parameter Description Status The status of the SNTP client software on the switch The status can be either enabled or disabled If enabled the switch seeks its date and t...

Страница 340: ...n hours between UTC and local time The range is 12 to 12 hours The default is 0 hours This value is set with CLOCK TIMEZONE on page 333 Daylight Savings Time DST The status of the daylight savings tim...

Страница 341: ...or SNTP server An example of the display is shown in Figure 75 Figure 75 SHOW NTP STATUS Command The IP address above is the address of the NTP or SNTP server specified with the NTP PEER command See...

Страница 342: ...Chapter 16 SNTP Client Commands 342...

Страница 343: ...Table This chapter discusses the following topics Overview on page 344 Adding Static MAC Addresses on page 346 Deleting MAC Addresses on page 348 Setting the Aging Timer on page 350 Displaying the MAC...

Страница 344: ...l its ports excluding the port where the packet was received If the ports are grouped into virtual LANs the switch floods the packet only to those ports that belong to the same VLAN from which the pac...

Страница 345: ...tes You can also enter addresses manually into the table These addresses are referred to as static addresses Static MAC addresses remain in the table indefinitely and are never deleted even when the n...

Страница 346: ...iable to specify the port to which the end node of an address is connected You can specify just one port vlan name or VID Use this variable to specify the name or the ID number of the VLAN of the port...

Страница 347: ...AT 9000 Switch Command Line User s Guide 347 awplus enable awplus configure terminal awplus config mac address table static 00 a0 d2 18 1a 11 discard interface port1 0 7...

Страница 348: ...xx xx or xxxx xxxx xxxx interface You can use this parameter to delete all of the static or dynamic addresses on a particular port You can specify more than one port at a time vlan You can use this pa...

Страница 349: ...ddresses added to ports 2 to 5 awplus enable awplus clear mac address table static interface port1 0 2 port1 0 5 This example deletes all of the dynamic addresses learned on the ports of the VLAN with...

Страница 350: ...To set the aging timer use the MAC ADDRESS TABLE AGEING TIME command in the Global Configuration mode Here is the format of the command mac address table ageing time value none The aging time is expre...

Страница 351: ...e command displays the entire MAC address table awplus show mac address table This example displays the MAC addresses learned on port 2 awplus show mac address table interface port1 0 2 Aging Interval...

Страница 352: ...Chapter 17 MAC Address Table 352 This example displays the addresses learned on the ports in a VLAN with the VID 8 awplus show mac address table vlan 8...

Страница 353: ...EING TIME on page 356 Global Configuration Sets the aging timer which is used by the switch to identify inactive dynamic MAC addresses for deletion from the table MAC ADDRESS TABLE STATIC on page 358...

Страница 354: ...er one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx interface Deletes MAC addresses learned on a specific port port Specifies the port the MAC addresses to be deleted was learned on Yo...

Страница 355: ...r mac address table static address 00 12 a3 d4 67 da This example deletes all of the dynamic addresses learned on ports 17 to 20 awplus enable awplus clear mac address table dynamic interface port1 0...

Страница 356: ...ddress table to prevent the table from becoming full of inactive addresses An address is considered inactive if no packets are sent to or received from the corresponding node for the duration of the t...

Страница 357: ...not delete inactive dynamic MAC addresses from the table awplus enable awplus configure terminal awplus config mac address table ageing time none This example returns the aging timer to its default se...

Страница 358: ...C address is to be assigned A unicast MAC address can be added to only one port vlan name Specifies the name of the VLAN where the node designated by the MAC address is a member vid Specifies the ID n...

Страница 359: ...0 4 vlan Production This example adds the static MAC address 00 a0 d2 18 1d 11 to port 7 in the Default_VLAN which has the VID 1 The port discards the packets from the specified node awplus enable awp...

Страница 360: ...designated source MAC address port Specifies the port s where the MAC address is assigned vlan name Specifies the name of the VLAN where the node of the MAC address is a member This parameter is optio...

Страница 361: ...of the owner of the address awplus enable awplus configure terminal awplus config no mac address table static 00 a0 d2 18 1a 11 forward interface port1 0 12 vlan 1 This example deletes the MAC address...

Страница 362: ...address is included in the display The address must be specified in either one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx port Specifies a port You may specify more than one port vi...

Страница 363: ...ard Dynamic 1 1 0 2 00a0 c416 3b80 Forward Dynamic 1 1 0 3 00a0 12c2 10c6 Forward Dynamic 1 1 0 4 00a0 c209 10d8 Forward Dynamic 1 1 0 4 00a0 3343 a187 Forward Dynamic 1 1 0 4 00a0 12a7 1468 Forward D...

Страница 364: ...t include a value of 90 08 B9 awplus show mac address table include 90 08 B9 Fwd The status of the address MAC addresses have the status of Forward meaning that they are used by the switch to forward...

Страница 365: ...Member Switch on page 372 Managing the Member Switches of an Enhanced Stack on page 374 Changing the Enhanced Stacking Mode on page 376 Uploading Boot Configuration Files from the Command Switch to Me...

Страница 366: ...nt to the other switches in a stack To manage the switches of a stack you start a local or remote management session on the command switch and then redirect the session as needed to the other switches...

Страница 367: ...tance limitations between the command switch and the member switches of a stack other than those dictated by the Ethernet cabling standards The command switch is not required to be assigned a manageme...

Страница 368: ...is not necessary if you are using the Default_VLAN VID 1 as the common VLAN 5 Optionally assign the command switch a management IP address in the common VLAN 6 If you plan to remotely manage the stack...

Страница 369: ...ame subnet as the command switch 1 This step creates the common VLAN awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure terminal Enter the Global Configuration mode...

Страница 370: ...rt VLAN awplus config if ip address 149 22 88 5 24 Assign the VLAN the management IP address 149 22 88 5 and the subnet mask 255 255 255 0 awplus config if exit Return to the Global Configuration mode...

Страница 371: ...AT 9000 Switch Command Line User s Guide 371 awplus write Save the configuration...

Страница 372: ...se that is the default setting awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database...

Страница 373: ...e Privileged Executive mode 4 Connect the switches together using ports of the common VLAN awplus config estack run Activate enhanced stacking on the switch awplus config exit Return to the Privileged...

Страница 374: ...ample is shown here Figure 78 SHOW ESTACK REMOTELIST Command 3 Use the RCOMMAND command in the Global Configuration mode to redirect the management session from the command switch to one of the member...

Страница 375: ...User Exec mode or Privileged Exec mode to return the management session to the command switch 7 To manage another member switch in the enhanced stack repeat this procedure starting with Step 2 8 To e...

Страница 376: ...o change its mode to the command mode if it is part of an active stack The easiest way to determine whether the switch is part of an active stack is to use the SHOW ESTACK command An example of the co...

Страница 377: ...mand with the ESTACK COMMAND SWITCH command 3 On the original command switch restart enhanced stacking with the ESTACK RUN command and if desired reestablish its command mode with the ESTACK COMMAND S...

Страница 378: ...store the file on the command switch To restore the configuration of a member switch you could download this file to it from the command switch and afterwards manually configure whatever other setting...

Страница 379: ...k in which multiple switches have the same IP address A member switch has to be configured for enhanced stacking before the command switch can upload a configuration file to it This means you have to...

Страница 380: ...rminal Enter the Global Configuration mode awplus config upload config remotelist Enter the UPLOAD CONFIG REMOTELIST command to begin the file transfer Enter the configuration file name Eng12c cfg At...

Страница 381: ...on the new switch is to be actSalesE4 cfg The first step is to create the common VLAN on the new switch This is necessary because the enhanced stack is not using the Default VLAN as the common VLAN o...

Страница 382: ...rom the command switch with these steps 1 Start a local or remote management session on the command switch of the enhanced stack 2 Transfer the SalesE4 cfg configuration file from the command switch t...

Страница 383: ...confirm that it has the configuration file you want to upload to the member switch In this example the filename is Eng12c cfg file awplus configure terminal Enter the Global Configuration mode awplus...

Страница 384: ...tch awplus enable Enter the Privileged Exec mode awplus config move boot cfg actSalesE4 cfg Rename the boot cfg configuration file to actSalesE4 cfg awplus config boot config file actSalesE4 cfg Desig...

Страница 385: ...see this prompt enter the enhanced stacking ID numbers of the member switches to receive the management software from the command switch The numbers are viewed with the SHOW ESTACK REMOTELIST command...

Страница 386: ...lled on the command switch awplus enable Enter the Privileged Exec mode from the User Exec mode awplus show estack remotelist Display the enhanced stacking ID numbers of the member switches in the sta...

Страница 387: ...he command when you are managing a switch directly from a local management session or a remote Telnet SSH or web browser session When you disable enhanced stacking on a command switch you may not use...

Страница 388: ...Chapter 19 Enhanced Stacking 388...

Страница 389: ...Configuration Redirects the management session to a different switch in the enhanced stack REBOOT ESTACK MEMBER on page 396 Global Configuration Reboots member switches of an enhanced stack from the c...

Страница 390: ...Commands 390 UPLOAD IMAGE REMOTELIST on page 404 Global Configuration Uploads the management software on the command switch of an enhanced stack to the member switches Table 36 Enhanced Stacking Comma...

Страница 391: ...A switch that is a member of an active enhanced stack cannot be changed to the command mode You must first disable enhanced stacking on the current command switch in the stack You cannot use this com...

Страница 392: ...Mode Global Configuration mode Description Use this command to activate enhanced stacking on the switch Confirmation Command SHOW ESTACK on page 398 Example The following example activates enhanced st...

Страница 393: ...command mode and now want to return it to member mode Enhanced stacking must be activated on the switch for you to use the command To activate enhanced stacking refer to ESTACK RUN on page 392 You can...

Страница 394: ...ble enhanced stacking on the command switch its mode is reset to member mode Consequently you must set it back again to the command mode if you reactivate enhanced stacking Note You should only use th...

Страница 395: ...er switch in the enhanced stack The member switch is identified by its ID number displayed with SHOW ESTACK REMOTELIST on page 401 You can manage only one member switch at a time Note You must perform...

Страница 396: ...vidual member switches or all of the member switches of a stack You must perform SHOW ESTACK REMOTELIST on page 401 prior to this command to determine the ID numbers of the switches Caution A switch d...

Страница 397: ...ots a member switch that has the ID number 3 awplus enable awplus configure terminal awplus config reboot estack member 3 This example reboots all of the member switches of the enhanced stack awplus e...

Страница 398: ...f the information the command displays Figure 80 SHOW ESTACK Command The fields are described in Table 37 on page 398 Table 37 SHOW ESTACK Command Parameter Description Enhanced Stacking mode The stat...

Страница 399: ...mand switch on the common VLAN of the enhanced stack The number is the switch s stack ID number If the brackets are empty the switch did not detect a command switch on the common VLAN and so does not...

Страница 400: ...lent to issuing the SHOW ESTACK command on the command switch Figure 81 is an example of the information the command displays Figure 81 SHOW ESTACK COMMAND SWITCH Command The fields are described in T...

Страница 401: ...e or model series The default is MAC address An example is shown in Figure 82 Figure 82 SHOW ESTACK REMOTELIST Command The list does not include the command switch on which you entered the command Not...

Страница 402: ...mple sorts the switches by host name awplus enable awplus configure terminal awplus config show estack remotelist name This example sorts the switches by model series awplus enable awplus configure te...

Страница 403: ...itch to the member switches You may specify only one filename and the name must include the extension cfg The second prompt is shown here Enter the list of switches At this prompt enter the enhanced s...

Страница 404: ...mas To update all of the switches in the enhanced stack enter ALL The numbers are viewed with the SHOW ESTACK REMOTELIST command in the Privileged Exec mode Here are the steps of the file transfer bet...

Страница 405: ...t power off the member switches while they are writing the software to their flash memory Example This example uploads the management software on the command switch to two member switches that have th...

Страница 406: ...Chapter 20 Enhanced Stacking Commands 406...

Страница 407: ...ing topics Overview on page 408 Creating the Port Mirror or Adding New Source Ports on page 409 Removing Source Ports or Deleting the Port Mirror on page 410 Combining the Port Mirror with Access Cont...

Страница 408: ...ource ports are the ports whose packets are to be mirrored and monitored The destination port is the port where the packets from the source ports are copied and where the network analyzer is connected...

Страница 409: ...re terminal awplus config interface port1 0 5 awplus config if mirror interface port1 0 3 direction receive The switch immediately begins to copy the monitored traffic from the source ports to the des...

Страница 410: ...interface port1 0 11 awplus config if no mirror interface port1 0 2 To stop port mirroring and return the destination port to normal network operations remove all of the source ports from the port mi...

Страница 411: ...n have to create the access control list and assign it to the port whose packets you want to monitor When you create the access control list you have to specify the copy to mirror action Here is an ex...

Страница 412: ...ination port of the port mirror awplus show access list Use the SHOW ACCESS LIST command to confirm the configuration of the access control list awplus show interface port1 0 14 port1 0 15 access grou...

Страница 413: ...ror with access control lists to copy subsets of ingress packets on source ports the SHOW MIRROR command displays only the destination port of the copied traffic Here is an example Figure 84 SHOW MIRR...

Страница 414: ...Chapter 21 Port Mirror 414...

Страница 415: ...nation port for access control lists that use the copy to mirror action MIRROR INTERFACE on page 417 Port Interface Creates the port mirror and adds ports to the port mirror NO MIRROR INTERFACE on pag...

Страница 416: ...he copy to mirror action in access control lists You can designate only one destination port Confirmation Command SHOW MIRROR on page 420 Example This example designates port 21 as the destination por...

Страница 417: ...he destination port The options are receive Copies the ingress packets on a source port transmit Copies the egress packets on a source port both Copies both the ingress and egress packets on a source...

Страница 418: ...and 4 the source ports to port 5 the destination port If port 5 is already acting as the destination port of the port mirror the commands add ports 3 and 4 to the port mirror awplus enable awplus con...

Страница 419: ...t Interface mode of the destination port of the port mirror To delete the port mirror and return the destination port to normal operations remove all of the source ports from the port mirror Confirmat...

Страница 420: ...rror Test Port Name port1 0 22 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 1 Mirror Test Port Name port1 0 22 Mirror option Enabled Mirror direction receive Monitored Port...

Страница 421: ...264 respectively Example The following example displays the source and destination ports of the port mirror on the switch awplus show mirror Mirror direction The packets to be mirrored to the destinat...

Страница 422: ...Chapter 22 Port Mirror Commands 422...

Страница 423: ...ping This chapter discusses the following topics Overview on page 424 Host Node Topology on page 426 Enabling IGMP Snooping on page 427 Configuring the IGMP Snooping Commands on page 428 Disabling IGM...

Страница 424: ...s that want to be members of multicast groups the router does not send multicast packets out the port This improves network performance by restricting the multicast packets only to router ports where...

Страница 425: ...t all reports are suppressed on the specified ports except for reserved multicast addresses When you enable IGMP Snooping by executing the IP IGMP SNOOPING command all unknown multicast traffic is uns...

Страница 426: ...requests or have timed out The switch responds by immediately ceasing the transmission of additional multicast packets out the ports Multiple hosts Per Port The multiple hosts per port setting is appr...

Страница 427: ...the IP IGMP SNOOPING command in the Global Configuration mode After you enter the command the switch begins to build its multicast table as queries from the multicast router and reports from the host...

Страница 428: ...nds To Use This Command Range Clear all IGMP group membership records CLEAR IP IGMP none Specify the maximum number of multicast groups the switch will support IP IGMP LIMIT multicastgroups 0 to 255 m...

Страница 429: ...timeout 50 awplus config ip igmp snooping mrouter interface port1 0 4 For more information about these commands see IP IGMP QUERIER TIMEOUT on page 436 and IP IGMP SNOOPING MROUTER on page 440 This ex...

Страница 430: ...Snooping on the switch is the NO IP IGMP SNOOPING command in the Global Configuration mode To disable IGMP Snooping awplus enable awplus configure terminal awplus config no ip igmp snooping When IGMP...

Страница 431: ...dow is described in Table 42 on page 445 IGMP Snooping Configuration IGMP Snooping Status Enabled Host Topology Single Host Port Host Router Timeout Interval 255 seconds Maximum IGMP Multicast Groups...

Страница 432: ...Chapter 23 Internet Group Management Protocol IGMP Snooping 432...

Страница 433: ...uters IP IGMP SNOOPING on page 437 Global Configuration Enables IGMP snooping on the switch IP IGMP SNOOPING FLOOD UNKNOWN MCAST on page 438 Global Configuration Disables the automatic suppression of...

Страница 434: ...tax clear ip igmp Parameters None Mode Privileged Exec mode Description Use this command to clear all IGMP group membership records on all VLANs Example This example clears all IGMP group membership r...

Страница 435: ...lobal Configuration mode Description Use this command to specify the maximum number of multicast addresses the switch can learn If your network has a large number of multicast groups you can use this...

Страница 436: ...for the duration of the timer The switch stops transmitting multicast packets from a port of an inactive host node if there are no additional host nodes A multicast router is deemed inactive if the s...

Страница 437: ...OOD UNKNOWN MCAST command is enabled by default when IGMP Snooping is activated This may cause a slow down of network data If you want to disable flooding of unknown multicast packets you must enter t...

Страница 438: ...in message Once a join message occurs for a particular multicast destination it is no longer unknown and therefore no longer floods Use the no version of this command NO IP IGMP SNOOPING FLOOD UNKNOWN...

Страница 439: ...terminal awplus config ip igmp snooping awplus config ip igmp snooping flood unknown mcast This example enables the automatic suppression of unknown multicast traffic on the switch awplus enable awpl...

Страница 440: ...y ports that are connected to multicast routers Manually specifying multicast router ports deactivates auto detect To reactivate auto detect remove all static multicast router ports For instructions r...

Страница 441: ...e Mode Global Configuration mode Description Use this command to specify the IGMP host node topology For background information refer to Host Node Topology on page 426 Confirmation Command SHOW IP IGM...

Страница 442: ...e Description Use this command to deactivate IGMP snooping on the switch When IGMP snooping is disabled the switch floods multicast packets on all ports except on ports that receive the packets Confir...

Страница 443: ...e Global Configuration mode Description Use this command to remove static multicast router ports Removing all multicast router ports activates auto detect Confirmation Command SHOW IP IGMP SNOOPING on...

Страница 444: ...iguration IGMP Snooping Status Enabled Host Topology Single Host Port Host Router Timeout Interval 255 seconds Maximum IGMP Multicast Groups 64 Router Port s Auto Detect Router List VLAN ID Port Trunk...

Страница 445: ...etting multihost This is the multiple host per port topology This topology is appropriate when there is more than one host node per port on the switch To set this parameter refer to IP IGMP STATUS on...

Страница 446: ...ueries from it Host List Number of IGMP Multicast Groups The number of IGMP multicast groups that have active host nodes on the switch Multicast Group The multicast addresses of the groups ID The ID n...

Страница 447: ...t Interface Resumes forwarding egress multicast packets on ports NO SWITCHPORT BLOCK INGRESS MULTICAST on page 449 Port Interface Resumes forwarding ingress multicast packets on ports SWITCHPORT BLOCK...

Страница 448: ...o resume forwarding of egress multicast packets on ports By default this is the default setting on all of the ports on the switch Confirmation Command SHOW INTERFACE on page 221 Example This example r...

Страница 449: ...ode Description Use this command to resume forwarding of ingress multicast packets on ports Confirmation Command SHOW INTERFACE on page 221 Example This example resumes forwarding of ingress multicast...

Страница 450: ...range of 01 80 C2 00 00 00 to 01 80 C2 00 00 0F Note If IGMP snooping is disabled on the switch all reports are suppressed on a port even if you enable this command By default IGMP snooping is disable...

Страница 451: ...o 01 80 C2 00 00 0F Note If IGMP snooping is disabled on the switch all reports are suppressed on a port even if you enable this command By default IGMP snooping is disabled on the switch For more inf...

Страница 452: ...Chapter 25 Multicast Commands 452...

Страница 453: ...ers Chapter 26 File System on page 455 Chapter 27 File System Commands on page 463 Chapter 28 Boot Configuration Files on page 471 Chapter 29 Boot Configuration File Commands on page 477 Chapter 30 Fi...

Страница 454: ...454...

Страница 455: ...s Overview on page 456 Copying Boot Configuration Files on page 457 Renaming Boot Configuration Files on page 458 Deleting Boot Configuration Files on page 459 Displaying the Specifications of the Fil...

Страница 456: ...ion key pairs The file system has a flat directory structure All the files are stored in the root directory The file system does not support subdirectories Table 44 File Extensions and File Types Exte...

Страница 457: ...specifies the name of the boot configuration file you want to copy The DESTINATIONFILE parameter specifies the name of the new copy The name can be up to 16 alphanumeric characters and must include th...

Страница 458: ...s example renames the Sales2sw cfg boot configuration file to unit12a cfg awplus enable awplus move Sales2sw cfg unit12a cfg Note If you rename the active boot configuration file you will have to desi...

Страница 459: ...he configuration file unit2a cfg awplus delete unit2a cfg Note If you delete the active boot configuration file you will have to designate another active boot configuration file before the switch will...

Страница 460: ...d the amount of space used by the files currently stored in the file system It is the SHOW FILE SYSTEMS command Here is an example of the information Figure 89 SHOW FILE SYSTEMS Command The fields in...

Страница 461: ...d Line User s Guide 461 Listing the Files in the File System To view the names of the files in the file system of the switch use the DIR command in the Privileged Exec mode awplus dir The command does...

Страница 462: ...Chapter 26 File System 462...

Страница 463: ...DELETE on page 465 Privileged Exec Deletes boot configuration files from the file system DELETE FORCE on page 466 Privileged Exec Deletes boot configuration files from the file system DIR on page 467...

Страница 464: ...his command to create copies of boot configuration files in the file system of the switch Creating copies of the active boot configuration file is an easy way to maintain a history of the configuratio...

Страница 465: ...itch This command is equivalent to DELETE FORCE on page 466 Note If you delete the active configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFI...

Страница 466: ...command is equivalent to DELETE on page 465 Note If you delete the active configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFIG STARTUP CONFI...

Страница 467: ...DIR Syntax dir Parameter None Mode Privileged Exec mode Description Use this command to list the names of the files stored in the file system on the switch Example The following command lists the fil...

Страница 468: ...de Description Use this command to rename boot configuration files in the switch s file system Note If you rename the active boot configuration file the switch recreates it the next time you issue the...

Страница 469: ...Prefixes S D V Lcl Ntwk Avail 2 0M 1 4M flash rw cfg static local Y Table 46 SHOW FILE SYSTEMS Command Parameter Description Size B The total amount of flash memory in the switch The amount is given...

Страница 470: ...system awplus show file systems S D V The memory type static dynamic or virtual Lcl Ntwk Whether the memory is located locally or via a network connection This is always Local Y N Whether the memory i...

Страница 471: ...les This chapter discusses the following topics Overview on page 472 Specifying the Active Boot Configuration File on page 473 Creating a New Boot Configuration File on page 475 Displaying the Active...

Страница 472: ...tings every time you power off or reset the unit The switch as part of its initialization process whenever it is powered on or reset automatically refers to this file to set its parameter settings You...

Страница 473: ...nter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command In fact you probably will not want to enter either of those commands after you specify a new active boot configuration file bec...

Страница 474: ...it as the active boot configuration file The file is now ready to store any new parameter settings you might make to the switch In this example the settings of the switch are configured using a differ...

Страница 475: ...cluding the extension cfg If you specify the name of an existing file the new file overwrites the existing file It is important to understand that this command does not change the switch s active boot...

Страница 476: ...nd awplus show boot Here is an example of the information Figure 91 SHOW BOOT Command The Current boot config field displays the name of the active boot configuration file which for the switch in the...

Страница 477: ...vileged Exec Saves the switch s current configuration to the active boot configuration file ERASE STARTUP CONFIG on page 482 Privileged Exec Returns the switch to its default settings NO BOOT CONFIG F...

Страница 478: ...nfiguration file enter a new filename in the command The command automatically creates the file updates it with the current settings of the switch and designates it as the active boot configuration fi...

Страница 479: ...as the switch s active configuration file The example assumes that the file already exists in the file system of the switch and that you want to reconfigure the switch according to the settings in the...

Страница 480: ...ored in the file system on the switch the files contain the current settings of the switch You might use this command to create a backup copy of the switch s current configuration This command does no...

Страница 481: ...ter settings into the active boot configuration file The switch saves only those parameters that have been changed from their default settings Note Parameter changes that are not saved in the active b...

Страница 482: ...uration file To return the active configuration file to the default settings you must enter the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command after the switch reboots and after you have establis...

Страница 483: ...ses the BOOT CFG file to configure its parameter settings To overwrite the settings in the active boot configuration file with the switch s current settings enter the WRITE or COPY RUNNING CONFIG STAR...

Страница 484: ...le 48 SHOW BOOT Command Field Description Current software The version number of the AlliedWare Plus Management Software on the switch Current boot image The version number of the bootloader Default b...

Страница 485: ...9000 Switch Command Line User s Guide 485 Example This command displays the name of the active boot configuration file and the version numbers of the management software and bootloader awplus show bo...

Страница 486: ...ax show startup config Parameters None Mode Privileged Exec mode Description Use this command to display the contents of the active boot configuration file Example The following example displays the c...

Страница 487: ...t configuration file The switch saves only those parameters that have been changed from their default settings Note Parameter changes that are not saved in the active boot configuration file are disca...

Страница 488: ...Chapter 29 Boot Configuration File Commands 488...

Страница 489: ...r This chapter discusses the following topics Overview on page 490 Uploading or Downloading Files with TFTP on page 491 Uploading or Downloading Files with Zmodem on page 495 Downloading Files with En...

Страница 490: ...private CA certificates Refer to Chapter 86 Secure HTTPS Web Browser Server on page 1363 You can upload following file types from the switch Boot configuration files CA certificate requests Technical...

Страница 491: ...New Management Software with TFTP To use TFTP to download new management software to the switch Caution This procedure causes the switch to reset The switch does not forward network traffic while it w...

Страница 492: ...switch to write the new management software to flash memory 6 To resume managing the switch start a new management session after the switch has reset 7 To confirm the new management software on the s...

Страница 493: ...ch s new active boot configuration file awplus configure terminal awplus config boot config file switch1a cfg 6 At this point do one of the following To configure the switch using the settings in the...

Страница 494: ...ur network The FILENAME parameter is the name of the file to be uploaded from the switch to the TFTP server The filename can not contain spaces and must include the appropriate extension This example...

Страница 495: ...switch For instructions refer to Starting a Local Management Session on page 66 3 Enter this command in the Privileged Exec mode awplus copy zmodem You will see this prompt Waiting to receive 4 Use y...

Страница 496: ...6 Secure HTTPS Web Browser Server on page 1363 Technical support text files Refer to SHOW TECH SUPPORT on page 1444 To upload a file from the switch using Zmodem 1 Start a local management session on...

Страница 497: ...ommand the switch displays this message Waiting to send 4 Use your terminal or terminal emulator program to begin the upload The upload must be Zmodem The upload should take only a few moments The upl...

Страница 498: ...hapter 2 After you have updated the management software on the command switch start a new local or remote session on it Issue the SHOW ESTACK REMOTELIST command in the Privileged Exec mode to display...

Страница 499: ...ist of switches 1 2 The command switch starts the download process with the first switch After downloading its management software to that switch it repeats the process with the next switch and so on...

Страница 500: ...Chapter 30 File Transfer 500...

Страница 501: ...P on page 503 Privileged Exec Uses TFTP to upload files from the switch COPY TFTP FLASH on page 504 Privileged Exec Uses TFTP to download new versions of the management software boot configuration fil...

Страница 502: ...em utility to upload boot configuration files from the file system in the switch to your terminal or computer This command must be performed from a local management session For instructions on how to...

Страница 503: ...lename Mode Privileged Exec mode Description Use this command to upload configuration files from the file system in the switch to a TFTP server on your network You can perform the command from a local...

Страница 504: ...mode Description Use this command to download new versions of the management software boot configuration files or CA certificates to the switch from a TFTP server on your network You may perform the c...

Страница 505: ...to the switch from a TFTP server that has the IP address 149 22 121 45 awplus enable awplus copy tftp flash 149 22 121 45 at9000_app img This example downloads the boot configuration file sw12a cfg to...

Страница 506: ...r instructions on how to use this command refer to Downloading Files to the Switch with Zmodem on page 495 Note You may not use Zmodem to download new versions of the management software to the switch...

Страница 507: ...65 For instructions on how to use this command refer to Uploading the Management Software from the Command Switch to Member Switches on page 385 Caution Downloading new management software causes the...

Страница 508: ...Chapter 31 File Transfer Commands 508...

Страница 509: ...vent Messages This section contains the following chapters Chapter 32 Event Log on page 511 Chapter 33 Event Log Commands on page 515 Chapter 34 Syslog Client on page 529 Chapter 35 Syslog Client Comm...

Страница 510: ...510...

Страница 511: ...511 Chapter 32 Event Log This chapter covers the following topics Overview on page 512 Displaying the Event Log on page 513 Clearing the Event Log on page 514...

Страница 512: ...t happened when a problem occurred The operation of the switch can be monitored by viewing the event messages generated by the device These events and the vital information about system activity that...

Страница 513: ...are displayed one screen at a time To cancel the log type q for quit Here is an example of the log Figure 94 SHOW LOG Command The columns are described in Table 52 on page 521 If you happen to be inte...

Страница 514: ...hapter 32 Event Log 514 Clearing the Event Log To clear all the messages from the event log use the CLEAR LOG BUFFERED command in the Privileged Exec mode Here is the command awplus clear log buffered...

Страница 515: ...be stored in the event log NO LOG BUFFERED on page 519 Global Configuration Cancels the settings set by the LOG BUFFERED command SHOW LOG on page 521 Privileged Exec Displays the event messages in th...

Страница 516: ...Parameters None Mode Privileged Exec mode Description Use this command to delete the event messages in the event log Confirmation Command NO LOG BUFFERED on page 519 Example The following command dele...

Страница 517: ...everity level 0 4 or 6 program Specifies the event messages of a particular management software module The modules are listed in Table 53 on page 522 To specify more than one module separate the modul...

Страница 518: ...awplus enable awplus configure terminal awplus config log buffered program igmpsnoop lacp pcfg This example configures the event log to save event messages that have the severity level 0 or 4 and tha...

Страница 519: ...e settings set by the log buffered command You can cancel a setting individually by specifying a parameter If you do not specify any parameters the command cancels all the settings and restores the de...

Страница 520: ...Chapter 33 Event Log Commands 520 awplus configure terminal awplus config no log buffered Program mac OUtputID Type Status Details 1 Temporary Enabled Wrap on Full Filter Level 4 program MAC IP...

Страница 521: ...te time facility severity program pid message 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded...

Страница 522: ...nagement Software Modules Module Name Description ALL All management software modules ACL Port access control list CFG Switch configuration CLASSIFIER Classifiers used by ACL and QoS CLI Command line...

Страница 523: ...ce RADIUS RADIUS authentication protocol RTC Real time clock SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree and Rapid Spanning protocols SYSTEM Hardware status...

Страница 524: ...CONFIG Command The fields in the display are described here Table 54 SHOW LOG CONFIG Command Field Description Level The severity levels of the messages to be stored in the log The default is level 6...

Страница 525: ...slog Client Commands on page 537 Example The following command displays the configuration of the event log awplus show log config Program The software module messages to be stored in the log The modul...

Страница 526: ...LOG command display the same messages but in different order The SHOW LOG command displays the messages from oldest to newest To cancel the display type q for quit You cannot filter the log for speci...

Страница 527: ...vent messages in the buffered event log The NUMBER parameter is used to specify the number of messages to display The messages are displayed from oldest to newest For an example and description of the...

Страница 528: ...Chapter 33 Event Log Commands 528...

Страница 529: ...og Client This chapter covers the following topics Overview on page 530 Creating Syslog Server Definitions on page 531 Deleting Syslog Server Definitions on page 534 Displaying the Syslog Server Defin...

Страница 530: ...ent IP Address on page 72 or Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The syslog servers must be members of the same subnet as the management IP address of the switch or must be able...

Страница 531: ...server For example specifying level 4 for a syslog server definition causes the switch to transmit levels 0 and 4 messages If you omit this parameter messages of all severity levels are sent The PROG...

Страница 532: ...CFG Port configuration PKI Public Key Infrastructure PMIRR Port mirroring PSEC MAC address based port security PTRUNK Static port trunking QOS Quality of Service RADIUS RADIUS authentication protocol...

Страница 533: ...on that sends messages from the RADIUS spanning tree protocols and static port trunks to a syslog server that has the IP address 156 74 134 76 awplus enable awplus configure terminal awplus config log...

Страница 534: ...s To view the IP addresses of the syslog servers of the definitions use the SHOW LOG CONFIG command You can delete just one definition at a time with this command The switch stops sending event messag...

Страница 535: ...Entries The syslog server entries are marked with Host followed by the server IP addresses The example display has two syslog server entries that have the IP addresses 149 132 45 75 and 149 132 101 1...

Страница 536: ...Chapter 34 Syslog Client 536...

Страница 537: ...within the chapter Table 57 Syslog Client Commands Command Mode Description LOG HOST on page 538 Global Configuration Creates syslog server definitions NO LOG HOST on page 540 Global Configuration De...

Страница 538: ...the syslog server The modules are listed in Table 53 on page 522 You can specify more than one feature Separate multiple features with commas Omit this parameter to send messages from all features Mo...

Страница 539: ...that has the IP address 149 152 122 143 The definition sends only those messages that have a minimum severity level of 4 and that are generated by the RADIUS client RADIUS and static port trunks PTRUN...

Страница 540: ...er Mode Global Configuration mode Description Use this command to delete syslog server definitions from the switch Confirmation Command SHOW LOG CONFIG on page 541 Example This example deletes a syslo...

Страница 541: ...mmand with Syslog Server Entries The syslog server entries are marked with Host followed by the server IP addresses The example display has two syslog server entries that have the IP addresses 149 132...

Страница 542: ...Chapter 35 Syslog Client Commands 542 Example This example displays the configurations of the syslog server entries awplus show log config...

Страница 543: ...section contains the following chapters Chapter 36 Static Port Trunks on page 545 Chapter 37 Static Port Trunk Commands on page 555 Chapter 38 Link Aggregation Control Protocol LACP on page 563 Chapte...

Страница 544: ...544...

Страница 545: ...opics Overview on page 546 Creating New Static Port Trunks or Adding Ports To Existing Trunks on page 550 Specifying the Load Distribution Method on page 551 Removing Ports from Static Port Trunks or...

Страница 546: ...ion Control Protocol LACP on page 563 static port trunks do not permit standby ports If a link is lost on a port in a static port trunk the trunk s total bandwidth is reduced Although the traffic carr...

Страница 547: ...me you created a static port trunk or an LACP trunk of Ports 7 through 14 on the switch The table below shows the mappings of the switch ports to the possible values of the last three bits of a MAC or...

Страница 548: ...ethods assume that the final three bits of the source and or destination addresses of the packets from the network nodes are varied enough to support efficient distribution of the packets over the tru...

Страница 549: ...hout also changing the other ports A port can belong to only one static trunk at a time A port cannot be a member of a static trunk and an LACP trunk at the same time The ports of a static trunk must...

Страница 550: ...ates a new trunk of ports 22 to 23 and the ID number 1 awplus enable awplus configure terminal awplus config interface port1 0 22 port1 0 23 awplus config if static channel group 1 If a static port tr...

Страница 551: ...AC address src ip Specifies source IP address dst ip Specifies destination IP address src dst ip Specifies source address destination IP address To enter the Static Port Trunk Interface mode you use t...

Страница 552: ...port1 0 4 port1 0 5 awplus config if no static channel group To delete a static port trunk remove all its member ports This example deletes a trunk that consists of member ports 15 to 17 and 21 awplus...

Страница 553: ...ileged Exec mode awplus show static channel group Here is an example of the information Figure 100 SHOW STATIC CHANNEL GROUP Command To view the load distribution methods of static port trunks display...

Страница 554: ...Chapter 36 Static Port Trunks 554...

Страница 555: ...Removes ports from existing static port trunks and deletes trunks from the switch PORT CHANNEL LOAD BALANCE on page 557 Static Port Trunk Interface Sets the load distribution methods of static port tr...

Страница 556: ...ve ports from a static port trunk without first disconnecting their network cable Network loops can result in broadcast storms that can adversely affect network performance Note You cannot leave a tru...

Страница 557: ...ecifies source address destination IP address Mode Static Port Trunk Interface mode Description Use this command to specify the load distribution methods of static port trunks The load distribution me...

Страница 558: ...558 Example This example sets the load distribution method to destination MAC address for a trunk with an ID number 4 awplus enable awplus configure terminal awplus config interface sa4 awplus config...

Страница 559: ...An example of the command is shown in Figure 101 Figure 101 SHOW STATIC CHANNEL GROUP Command To view the load distribution methods of static port trunks display the running configuration with SHOW RU...

Страница 560: ...resulting in a broadcast storm and poor network performance To create a new static port trunk you have to assign it an ID number in the range of 1 to 32 This number is used by the switch to identify...

Страница 561: ...e port you are adding will be the lowest numbered port in the trunk its parameter settings will overwrite the settings of the existing ports in the trunk Consequently you check to see if its settings...

Страница 562: ...Chapter 37 Static Port Trunk Commands 562...

Страница 563: ...following topics Overview on page 564 Creating New Aggregators on page 567 Setting the Load Distribution Method on page 568 Adding Ports to Aggregators on page 569 Removing Ports from Aggregators on...

Страница 564: ...occur if there is a difference in their LACP implementations For example the two devices might not support the same number of active ports in an aggregate trunk If a conflict does occur the two devic...

Страница 565: ...802 3ad compliant An aggregator can consist of any number of ports The switch supports up to eight active ports in an aggregate trunk at a time The switch can support up to a total of 32 static and LA...

Страница 566: ...rt forwarding network traffic while also continuing to transmit LACPDU packets The port with the highest priority in an aggregate trunk carries broadcast packets and packets with an unknown destinatio...

Страница 567: ...rts of a new aggregator are already members of other aggregators the switch automatically removes them from their current assignments before adding them to the new aggregator Caution To avoid creating...

Страница 568: ...the mode use the INTERFACE PO command from the Global Configuration mode in this format interface poid_number You specify the intended aggregator by adding its ID number as a suffix to PO Here is the...

Страница 569: ...the ID number of the existing aggregator to which the new ports are to be assigned If you do not know the ID number use the SHOW ETHERCHANNEL DETAIL command If the new ports of an aggregator are alre...

Страница 570: ...disconnecting the network cable Leaving the network cable connected may result in a network loop which can cause a broadcast storm Note You cannot remove the base port of an aggregator The base port i...

Страница 571: ...t delete an aggregator without first disconnecting the network cables from its ports Leaving the network cables connected may result in a network loop which can cause a broadcast storm These commands...

Страница 572: ...NEL DETAIL The only information the SHOW ETHERCHANNEL DETAIL command does not include is the LACP system priority value That value can been seen with the SHOW LACP SYS ID command also in the Privilege...

Страница 573: ...nformation Figure 103 SHOW LACP SYS ID Command It should be mentioned that while the system priority value is set as an integer with the LACP SYSTEM PRIORITY command this command displays it in hexade...

Страница 574: ...Chapter 38 Link Aggregation Control Protocol LACP 574...

Страница 575: ...ports from aggregators and deletes aggregators PORT CHANNEL LOAD BALANCE on page 580 LACP Port Trunk Interface Sets the load distribution method SHOW ETHERCHANNEL on page 582 Privileged Exec Displays...

Страница 576: ...ator you cannot add ports that are below the base port For example you cannot add ports 1 to 6 to an existing aggregator that consists of ports 7 to 12 You have to delete and recreate an aggregator to...

Страница 577: ...mber of the aggregator is 2 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 16 awplus config if channel group 2 This example adds port 15 to an existing aggregator t...

Страница 578: ...ACP priority of the switch The switch uses the LACP priority to resolve conflicts with other network devices when it creates aggregate trunks Confirmation Command SHOW LACP SYS ID on page 586 Note The...

Страница 579: ...recreating the aggregator Caution To prevent creating a loop in your network topology you should not remove ports from an aggregator without first disconnecting their network cables Network loops can...

Страница 580: ...ddress destination IP address Mode LACP Port Trunk Interface mode Description Use this command to set the load distribution methods of aggregators An aggregator can have only one load distribution met...

Страница 581: ...THERCHANNEL DETAIL on page 583 Example This example sets the load distribution method to source MAC address for the LACP trunk that has the ID number 22 awplus enable awplus configure terminal awplus...

Страница 582: ...and to display the ports of specific aggregators on the switch Figure 104 illustrates the information Figure 104 SHOW ETHERCHANNEL Command Example This example displays the ports of the aggregator wit...

Страница 583: ...77 d8 43 60 0000 Admin Key 0xff01 Oper Key 0x0101 Receive link count 4 Transmit link count 4 Individual 0 Ready 0 Distribution Mode MACBoth Partner LAG 0080 00 a0 d2 00 94 24 F601 Link Port 1 0 1 sync...

Страница 584: ...Chapter 39 LACP Commands 584 Example This example displays detailed information about aggregators awplus show etherchannel detail...

Страница 585: ...gure 106 SHOW ETHERCHANNEL SUMMARY Command Example This example displays the states of the aggregator s member ports awplus show etherchannel summary Aggregator 2 po2 Admin Key 0xff01 Oper Key 0x0101...

Страница 586: ...s of the switch Figure 107 provides an example of the display Figure 107 SHOW LACP SYS ID Command Note The LACP priority value is set as an integer with LACP SYSTEM PRIORITY on page 578 and displayed...

Страница 587: ...L Command Example This example displays the LACP port information for port 5 awplus show port etherchannel port1 0 5 Link port 1 0 5 Aggregator 2 Receive machine state Defaulted Periodic Transmission...

Страница 588: ...Chapter 39 LACP Commands 588...

Страница 589: ...ocols on page 591 Chapter 41 Spanning Tree Protocol STP Procedures on page 611 Chapter 42 STP Commands on page 619 Chapter 43 Rapid Spanning Tree Protocol RSTP Procedures on page 635 Chapter 44 RSTP C...

Страница 590: ...590...

Страница 591: ...s on page 594 Port Priority on page 595 Forwarding Delay and Topology Changes on page 596 Hello Time and Bridge Protocol Data Units BPDU on page 597 Point to Point and Edge Ports on page 598 Mixed STP...

Страница 592: ...convergence When a change is made to the network topology such as the addition of a new bridge a spanning tree protocol must determine whether there are redundant paths that must be blocked to preven...

Страница 593: ...two or more bridges have the same bridge priority number of those bridges the one with the lowest MAC address is designated as the root bridge You can change the bridge priority number on the switch...

Страница 594: ...will be the primary active path and which path s will be placed in the standby blocking mode This is accomplished by a determination of path costs The path offering the lowest cost to the root bridge...

Страница 595: ...ferred path In some instances this can involve the use of the port priority parameter This parameter is used as a tie breaker when two paths have the same cost The port priority has a range from 0 to...

Страница 596: ...to forwarding passes through two additional states listening and learning before beginning to forward frames The amount of time a port spends in these states is set by the forwarding delay value This...

Страница 597: ...already been selected in the network and if not whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a...

Страница 598: ...ex mode is functioning as a point to point port Figure 109 illustrates two switches that are connected with one data link With the link operating in full duplex the ports are point to point ports Figu...

Страница 599: ...illustrates a port functioning as both a point to point and edge port Figure 111 Point to Point and Edge Port Determining whether a bridge port is point to point edge or both can be a bit confusing Fo...

Страница 600: ...ther to create a single spanning tree domain Given this if you decide to activate spanning tree on the switch there is no reason not to use RSTP even if the other switches are running STP The switch c...

Страница 601: ...Ns Sales and Production span two switches Two links consisting of untagged ports connect the separate parts of each VLAN If STP or RSTP is activated on the switches one of the links is disabled becaus...

Страница 602: ...k such as workstations and printers The advantages of edge ports are that they typically do not participate in the convergence process and that they immediately transition to the forwarding state skip...

Страница 603: ...ting is disabled This feature is supported on the base ports of the switch and any fiber optic transceivers installed in the unit Note A port disabled by the BPDU guard feature remains in that state u...

Страница 604: ...more ports in the spanning tree domain causing a network loop The loop guard feature protects against this type of failure by monitoring the ports on the switch for BPDUs from the other RSTP devices I...

Страница 605: ...ws spanning tree under normal operations in a network of three switches that have been connected to form a loop To block the loop switch 3 designates port 14 as an alternate port and places it in the...

Страница 606: ...rd works to maintain a loop free topology by keeping alternate ports in the blocking state when they stop receiving BPDUs Loop guard can also work on root and designated ports that are in the forwardi...

Страница 607: ...orwarding state from the blocking state to become the new root port for the switch The result is a network loop Figure 116 Loop Guard Example 4 But if loop guard is active on port 4 on switch 3 the po...

Страница 608: ...Loop Guard Example 5 Switch 3 Switch 1 Old root bridge RSTP stops operating Port 4 Loop guard changes the port to the blocking state from the forwarding state Switch 2 New root bridge Port 14 Transit...

Страница 609: ...t bridge are connected If the bridge receives a superior BPDU on a root designated port the Root Guard feature changes the state of the port to a root inconsistent STP state This state varies dependin...

Страница 610: ...Chapter 40 STP RSTP and MSTP Protocols 610...

Страница 611: ...rocedures Designating STP as the Active Spanning Tree Protocol on page 612 Enabling the Spanning Tree Protocol on page 613 Setting the Switch Parameters on page 614 Setting the Port Parameters on page...

Страница 612: ...spanning tree protocols in addition to STP but only one of them can be active at a time on the device To designate STP as the active spanning tree protocol on the switch use the SPANNING TREE MODE ST...

Страница 613: ...TP on the switch use the SPANNING TREE STP ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree stp enable The switch...

Страница 614: ...config spanning tree max age 20 If you want the switch to be the root bridge of the spanning tree domain assign it a low priority number with the SPANNING TREE PRIORITY command The bridge priority ha...

Страница 615: ...AT 9000 Switch Command Line User s Guide 615 This example of the command sets the switch s priority value to 8 192 awplus enable awplus configure terminal awplus config spanning tree priority 8192...

Страница 616: ...t1 0 4 port1 0 18 awplus config if spanning tree path cost 40 This example of the SPANNING TREE PRIORITY command assigns a priority value of 32 awplus enable awplus configure terminal awplus config in...

Страница 617: ...ig no spanning tree stp enable Note Before disabling the spanning tree protocol on the switch display the STP states of the ports and disconnect the network cables from any ports that are in the disca...

Страница 618: ...1 Default Bridge Id 8000 00153355ede1 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interv...

Страница 619: ...625 Port Interface Enables the Root Guard feature on a port SPANNING TREE HELLO TIME on page 626 Global Configuration Sets the hello time which defines how frequently the switch sends spanning tree co...

Страница 620: ...f they receive BPDUs SPANNING TREE PRIORITY Bridge Priority on page 632 Global Configuration Assigns the switch a priority number SPANNING TREE Priority Port Priority on page 633 Port Interface Assign...

Страница 621: ...ch display the STP states of the ports and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when STP...

Страница 622: ...efault Bridge Id 8000 00153355ede1 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval...

Страница 623: ...ne User s Guide 623 Examples This command displays the STP settings for all the ports awplus show spanning tree This command displays the STP settings for ports 1 and 4 awplus show spanning tree inter...

Страница 624: ...ch is acting as the root bridge of the spanning tree domain Switches that are not acting as the root bridge use a dynamic value supplied by the root bridge The forward time max age and hello time para...

Страница 625: ...t state For STP this state is a listening state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To display the current setting fo...

Страница 626: ...come the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max a...

Страница 627: ...s are stored by the switch before they are deleted The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x...

Страница 628: ...on the switch You must select STP as the active spanning tree protocol before you can enable it or configure its parameters Only one spanning tree protocol can be active on the switch at a time Confir...

Страница 629: ...he cost of a port to the root bridge This cost is combined with the costs of the other ports in the path to the root bridge to determine the total path cost The lower the numeric value the higher the...

Страница 630: ...spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered to be an edge port This command is used in conjunction with th...

Страница 631: ...and disables them if they receive BPDU packets To disable an edge port that was disabled by the BPDU guard feature use the NO SPANNING TREE PORTFAST BPDU GUARD command See NO SPANNING TREE PORTFAST B...

Страница 632: ...two or more devices have the same priority value the device with the numerically lowest MAC address becomes the root bridge The range is 0 to 61 440 in increments of 4 096 The priority values can be s...

Страница 633: ...reaker when two or more ports have equal costs to the root bridge The range is 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default is 128 Use the no form o...

Страница 634: ...st designate STP as the active spanning tree protocol on the switch before you can enable it or configure its parameters For instructions refer to SPANNING TREE MODE STP on page 628 Confirmation Comma...

Страница 635: ...es Designating RSTP as the Active Spanning Tree Protocol on page 636 Enabling the Rapid Spanning Tree Protocol on page 637 Configuring the Switch Parameters on page 638 Configuring the Port Parameters...

Страница 636: ...complished with the SPANNING TREE MODE RSTP command in the Global Configuration mode Afterwards you can configure its settings and enable the protocol Here is the command awplus enable awplus configur...

Страница 637: ...Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree rstp enable After you enter the command the switch immediately begins to participate in the s...

Страница 638: ...ax age 10 Table 63 RSTP Switch Parameters To Use This Command Range Specify how long the ports remain in the listening and learning states before they transition to the forwarding state SPANNING TREE...

Страница 639: ...meter is 0 to 61 440 in increments of 4 096 The priority values can be set only in increments of 4 096 This example assigns the switch the low priority number 4 096 to increase the likelihood of it be...

Страница 640: ...cedures 640 To disable the BPDU guard feature on the switch use the NO SPANNING TREE BPDU GUARD command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awp...

Страница 641: ...is Command Range Specify port costs SPANNING TREE PATH COST path cost 1 to 200000000 Assign a priority value to be used as a tie breaker when two or more paths have equal costs to the root bridge SPAN...

Страница 642: ...ample designates ports 11 to 23 as point to point ports awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 23 awplus config if spanning tree link type point to point Th...

Страница 643: ...nning tree loop guard A port disabled by this feature remains disabled until it starts to receive BPDU packets again or the switch is reset To disable the loop guard feature use the NO SPANNING TREE L...

Страница 644: ...activates disabled ports after the specified period of time This example activates the timer and sets it to 1000 seconds awplus enable awplus configure terminal awplus config spanning tree errdisable...

Страница 645: ...w the current status of RSTP refer to Displaying RSTP Settings on page 646 Note Before disabling the spanning tree protocol on the switch display the RSTP states of the ports and disconnect the networ...

Страница 646: ...bf9 Default Bridge Id 8000 eccd6d4d5bf9 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout inte...

Страница 647: ...RSTP on the switch SHOW SPANNING TREE on page 654 User Exec and Privileged Exec Displays the RSTP settings on the switch SPANNING TREE ERRDISABLE TIMEOUT ENABLE on page 656 Global Configuration Activa...

Страница 648: ...e spanning tree protocol on the switch SPANNING TREE PATH COST on page 665 Port Interface Specifies the costs of the ports to the root bridge SPANNING TREE PORTFAST on page 666 Port Interface Designat...

Страница 649: ...ode Port Interface mode Description Use this command to remove ports as edge ports on the switch Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example removes port 21 as an edge po...

Страница 650: ...RSTP BPDU guard feature When the timer is deactivated ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN com...

Страница 651: ...s disabled Note Ports that are disabled by the loop guard feature do not forward traffic again when you disable the feature They only forward traffic if they start to receive BPDUs again or you reset...

Страница 652: ...n a port Note Edge ports disabled by the BPDU guard feature remain disabled until you enable them with the management software For instructions refer to NO SHUTDOWN on page 211 Confirmation Command SH...

Страница 653: ...rts and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when RSTP is disabled Leaving the cables con...

Страница 654: ...bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval 300 sec port1 0 1 Port Id 8101 Role Disabled State Forwarding port1 0 1 Designated Path...

Страница 655: ...AT 9000 Switch Command Line User s Guide 655 Example This example displays the RSTP settings on the switch awplus show spanning tree...

Страница 656: ...y RSTP domain convergences by disabling edge ports if they receive BPDUs When the timer is activated the switch will automatically reactivate disabled ports The time interval that ports remain disable...

Страница 657: ...seconds Mode Global Configuration mode Description Use this command to specify the number of seconds that must elapse before the switch automatically enables ports that are disabled by the RSTP BPDU...

Страница 658: ...the learning state to the forwarding state This parameter is active only if the switch is acting as the root bridge Switches that are not acting as the root bridge use a dynamic value supplied by the...

Страница 659: ...t state For RSTP this state is a discarding state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To view the current setting for...

Страница 660: ...hen it is the root bridge or is trying to become the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802...

Страница 661: ...witches connected to it Mode Port Interface mode Description Use this command to designate point to point ports and shared ports Confirmation Command SHOW RUNNING CONFIG on page 158 Examples This exam...

Страница 662: ...ch automatically disables it A port that has been disabled by the feature remains in that state until it begins to receive BPDU packets again or the switch is reset The default setting for BPDU loop g...

Страница 663: ...ridge protocol data units BPDUs before it deletes them The forward time maximum age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max...

Страница 664: ...col and set the switch or port parameters RSTP is active on the switch only after you have designated it as the active spanning tree with this command and enabled it with SPANNING TREE RSTP ENABLE on...

Страница 665: ...he cost of a port to the root bridge This cost is combined with the costs of the other ports in the path to the root bridge to determine the total path cost The lower the numeric value the higher the...

Страница 666: ...ing tree devices or to LANs that have spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered an edge port by the swit...

Страница 667: ...switch monitors edge ports and disables them if they receive BPDU packets To disable an edge port that was disabled by the BPDU guard feature use the NO SPANNING TREE PORTFAST BPDU GUARD command Confi...

Страница 668: ...omes the root bridge If two or more devices have the same priority value the device with the numerically lowest MAC address becomes the root bridge The range is 0 to 61 440 in increments of 4 096 The...

Страница 669: ...reaker when two or more ports have equal costs to the root bridge The range is 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default is 128 Use the no form o...

Страница 670: ...to enable the Rapid Spanning Tree Protocol on the switch You cannot enable RSTP until you have activated it with SPANNING TREE MODE RSTP on page 664 Confirmation Command SHOW RUNNING CONFIG on page 15...

Страница 671: ...s Overview on page 672 Multiple Spanning Tree Instance MSTI on page 673 MSTI Guidelines on page 675 VLAN and MSTI Associations on page 676 Ports in Multiple MSTIs on page 677 Multiple Spanning Tree Re...

Страница 672: ...The drawback to this approach is that the link formed by the tagged ports can create a bottleneck to your Ethernet traffic resulting in reduced network performance Another approach is to use the Multi...

Страница 673: ...eral examples Figure 122 illustrates two AT 9000 Switches each containing the two VLANs Sales and Production The two parts of each VLAN are connected with a direct link using untagged ports on both sw...

Страница 674: ...nd Presales VLANs and MSTI 2 contains the Design and Engineering VLANs Figure 124 Multiple VLANs in an MSTI In this example because an MSTI contains more than one VLAN the links between the VLAN parts...

Страница 675: ...ch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTIs This is possible because a port can be in different MS...

Страница 676: ...tions Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances The mapping of VLANs to MSTIs is called associations A VLAN either port based or tagged can belong to onl...

Страница 677: ...d to as generic parameters These are set just once on a port and apply to all the MSTIs where the port is a member One of these parameters is the external path cost which sets the operating cost of a...

Страница 678: ...unctions of the nodes and bridges of the region Examples are Sales Region and Engineering Region The revision number is an arbitrary number assigned to a region This number can be used to keep track o...

Страница 679: ...n MSTI s root bridge is called a regional root The MSTIs within a region may share the same regional root or they can have different regional roots A regional root for an MSTI must be within the regio...

Страница 680: ...A region can contain any number of VLANs All of the bridges in a region must have the same configuration name revision level VLANs and VLAN to MSTI associations An MSTI cannot span multiple regions Ea...

Страница 681: ...oundaries while an MSTI cannot If a port is a boundary port that is if it is connected to another region that port automatically belongs solely to CIST even if it was assigned to an MSTI because only...

Страница 682: ...can be considered as a virtual bridge The implication is that other MSTP regions and STP and RSTP single instance spanning trees cannot discern the topology or constitution of an MSTP region The only...

Страница 683: ...ree instance A router or Layer 3 network device is required to forward traffic between VLANs A network can contain any number of regions and a region can contain any number of AT 9000 Switches The AT...

Страница 684: ...ree Protocol MSTP 684 Note The AlliedWare Plus MSTP implementation complies fully with the new IEEE 802 1s standard Any other vendor s fully compliant 802 1s implementation is interoperable with the A...

Страница 685: ...STI ID 10 The BPDUs transmitted by port 8 to switch B would indicate that the port is a member of both CIST and MSTI 7 while the BPDUs from port 1 would indicate the port is a member of the CIST and M...

Страница 686: ...ST in determining whether a loop exists The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0 Switch B would block a port to cancel the l...

Страница 687: ...t can be a physical loop which spanning tree disables by blocking ports This is illustrated in Figure 127 The example show two switches each residing in a different region Port 7 in switch A is a boun...

Страница 688: ...Support Product Management and Accounting You can group these three VLANs into the same MSTI in each region For instance for Region 1 you might group the three VLANs in MSTI 11 and in Region 2 you cou...

Страница 689: ...ll designated ports unless two or more ports of the root bridge are connected If the bridge receives a superior BPDU on a root designated port the Root Guard feature changes the state of the port to a...

Страница 690: ...Chapter 45 Multiple Spanning Tree Protocol MSTP 690...

Страница 691: ...P on the switch SHOW SPANNING TREE on page 699 User Exec and Privileged Exec Displays the MSTP settings on the switch SHOW SPANNING TREE MST CONFIG on page 700 Privileged Executive Displays the MSPT C...

Страница 692: ...port SPANNING TREE PATH COST on page 710 Port Interface Specifies the cost of a port to the root bridge SPANNING TREE PORTFAST on page 711 Port Interface Designates the ports as edge ports SPANNING T...

Страница 693: ...e lowest value is considered to have the highest priority and is chosen as the root port over a port equivalent in all other aspects but with a higher priority value The default value is 32768 For inf...

Страница 694: ...a priority of 4096 to port 4 awplus enable awplus configure terminal awplus config spanning tree mode mstp awplus config spanning tree mstp enable awplus config spanning tree spanning tree mst config...

Страница 695: ...about MSTI see MSTI Guidelines on page 675 After you use the INSTANCE MSTI ID VLAN command to create an instance and associate it with a VLAN use the SPANNING TREE MST INSTANCE command to associate po...

Страница 696: ...STP BPDU guard feature When the timer is deactivated ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN comma...

Страница 697: ...t Interface mode Description Use this command to remove ports as edge ports on the switch This command is equivalent to NO SPANNING TREE PORTFAST on page 649 Example This example removes port 21 as an...

Страница 698: ...disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when MSTP is disabled Leaving the cables connected m...

Страница 699: ...ettings on the switch awplus show spanning tree Default Bridge up Spanning Tree Enabled Default CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 Default Forward Delay 15 Hello Time 2...

Страница 700: ...y to check that the digest is the same on this device as for all other devices in the same region Example This example displays the MSTP configuration information for a bridge awplus enable awplus sho...

Страница 701: ...tree mst An example of the display is shown in Figure 131 Figure 131 SHOW SPANNING TREE MST Command Default Bridge up Spanning Tree Enabled Default CIST Root Path Cost 200000 CIST Root Port 33033 CIS...

Страница 702: ...ange is from 1 to 15 Mode Privileged Executive Mode Description Use this command to display detailed information for a particular instance and all switch ports associated with that instance Example Th...

Страница 703: ...they receive BPDUs When the timer is activated the switch will automatically reactivate disabled ports The time interval that ports remain disabled is set with SPANNING TREE ERRDISABLE TIMEOUT INTERV...

Страница 704: ...nd to specify the number of seconds that must elapse before the switch automatically enables ports that are disabled by the BPDU guard feature To activate the timer refer to SPANNING TREE ERRDISABLE T...

Страница 705: ...t state For MSTP this state is a discarding state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To view the current setting for...

Страница 706: ...de Global Configuration mode Description Use this command to set MSTP as the spanning tree protocol mode Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example sets MSTP as the span...

Страница 707: ...able the spanning tree protocol and set the switch or port parameters MSTP is active on the switch only after you have designated it as the active spanning tree with this command and enabled it with S...

Страница 708: ...escription Use this command to enter the MST mode Note Only one spanning tree protocol STP RSTP or MSTP can be active on the switch Confirmation Command SHOW SPANNING TREE on page 699 Example This exa...

Страница 709: ...spanning tree information for the associated MSTI when you assign a VLAN to the MSTI using the INSTANCE MST ID VLAN command For information about this command see INSTANCE MSTI ID VLAN on page 695 To...

Страница 710: ...o the root bridge to determine the total path cost For MSTP this command only applies to the path cost for CIST The lower the numeric value the higher the priority of a path The range is 1 to 20000000...

Страница 711: ...to spanning tree devices or to LANs that have spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered an edge port by...

Страница 712: ...feature on the switch which protects the switch from receiving superior BPDUs Use the no version of this command NO SPANNING TREE PORTFAST BPDU GUARD to disable the root guard feature on a switch Con...

Страница 713: ...on mode Description Use this command to name the MSTP Region Confirmation Command SHOW RUNNING CONFIG on page 158 or SHOW SPANNING TREE on page 699 Example This example names the MSTP region santa cla...

Страница 714: ...This value is an arbitrary value that you assign to an MST region Use the revision number to track the number of times an MST configuration has been updated on the network Confirmation Command SHOW RU...

Страница 715: ...ration Protocol on page 761 Chapter 50 GARP VLAN Registration Protocol Commands on page 779 Chapter 51 MAC Address based VLANs on page 801 Chapter 52 MAC Address based VLAN Commands on page 817 Chapte...

Страница 716: ...716...

Страница 717: ...N Overview on page 720 Tagged VLAN Overview on page 726 Creating VLANs on page 731 Adding Untagged Ports to VLANs on page 732 Adding Tagged Ports to VLANs on page 734 Removing Untagged Ports from VLAN...

Страница 718: ...ic stays within the VLANs The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic not destined for them and frees up bandwidth within all...

Страница 719: ...switch This makes it possible to create VLANs of end nodes that are connected to switches located in different physical locations The switch supports the following types of VLANs you can create yours...

Страница 720: ...e The switch is pre configured with one port based VLAN called the Default_VLAN All ports on the switch are members of this VLAN The parts that make up a port based VLAN are VLAN name VLAN Identifier...

Страница 721: ...te a port based VLAN on the switch and assign it a VID of 5 assign the PVID for each port in the VLAN to 5 Some switches and switch management programs require that you assign the PVID value for each...

Страница 722: ...untagged VLAN assignment After the VLAN assignment is made the port s role can be changed back again to authenticator or supplicant if desired You cannot delete the Default VLAN from the switch Delet...

Страница 723: ...reate a VLAN The ports have been assigned PVID values A port s PVID is assigned automatically by the switch when you create the VLANs The PVID of a port is the same as the VID in which the port is an...

Страница 724: ...re port based VLANs In this example two VLANs Sales and Engineering span two switches Figure 133 Port based VLAN Example 2 Router Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Engineer...

Страница 725: ...orts 9 to 13 on the top switch and ports 16 18 to 20 and 22 on the bottom switch Because this VLAN spans multiple switches it needs a direct connection between its various parts to provide a communica...

Страница 726: ...equirements and standards for tagging The device must be able to process the tagged information on received frames and add tagged information to transmitted frames The benefit of a tagged VLAN is that...

Страница 727: ...ID of a port determines the VLAN where the port is an untagged member Because a tagged port determines VLAN membership by examining the tagged header within the frames that it receives and not the PVI...

Страница 728: ...e used to interconnect IEEE 802 1q based products Figure 134 Example of a Tagged VLAN Router Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Engineering VLAN VID 3 Sales VLAN VID 2 AT 90...

Страница 729: ...rt Assignments Switch Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Untagged Ports Tagged Ports Untagged Ports Tagged Ports Untagged Ports Tagged Ports AT 9000 Switch top 1 3 to 5 PVID...

Страница 730: ...e used to simplify network design in the example They are port 10 on the top switch and port 9 on the lower switch These ports have been made tagged members of the Sales and Engineering VLANs so that...

Страница 731: ...vid name name This example creates the Engineering VLAN and assigns it a VID of 5 awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 5 name Engineering Note T...

Страница 732: ...you can use the SWITCHPORT ACCESS VLAN command which is also found in the Port Interface mode to assign it as an untagged member of a VLAN Here is the format of the command switchport access vlan vid...

Страница 733: ...agged ports of a VLAN with the VID 4 The SWITCHPORT MODE ACCESS command is omitted because the example assumes the ports are already designated as untagged ports awplus enable awplus configure termina...

Страница 734: ...mat shown here switchport mode trunk ingress filter enable disable For an explanation of the optional INGRESS FILTER parameter refer to SWITCHPORT MODE TRUNK on page 751 Once a port is labeled as a ta...

Страница 735: ...ar VLAN A port can have only one native VLAN The command for setting the native VLAN of tagged ports is the SWITCHPORT TRUNK NATIVE VLAN command in the Port Interface mode Here is the command s format...

Страница 736: ..._VLAN You can remove more than one port at a time from a VLAN and the same command can be used to remove untagged ports from different VLANs This example removes untagged port 5 from its current VLAN...

Страница 737: ...ich the port is to be removed This example removes tagged ports 18 and 19 from the VLAN with the VID 7 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 19 awplus conf...

Страница 738: ...figuration mode You cannot delete the Default_VLAN The untagged ports of deleted VLANs are automatically returned back to the Default_VLAN Here is the format of the command no vlan vid This example de...

Страница 739: ...nformation is shown in Figure 135 Figure 135 SHOW VLAN ALL Command The information is described in Table 72 on page 746 VLAN ID Name Type State Member ports u Untagged t Tagged 1 default STATIC ACTIVE...

Страница 740: ...Chapter 47 Port based and Tagged VLANs 740...

Страница 741: ...e native VLAN of tagged ports NO VLAN on page 745 VLAN Configuration Deletes VLANs from the switch SHOW VLAN on page 746 User Exec and Privileged Exec Displays all the VLANs on the switch SWITCHPORT A...

Страница 742: ...VLAN if they are set to the authenticator role for 802 1x port based network access control You must first remove the authenticator role For instructions refer to NO DOT1X PORT CONTROL on page 950 Con...

Страница 743: ...the trunk mode has been removed Note You must first remove a port from all tagged VLAN assignments before you can remove its tagged designation For instructions refer to SWITCHPORT TRUNK ALLOWED VLAN...

Страница 744: ...s and egress untagged packets A tagged port can have only one native VLAN Note This command will not work if the tagged port is already a tagged member of the Default_VLAN because a port cannot be bot...

Страница 745: ...ntagged ports Static addresses assigned to the ports of a deleted VLAN become obsolete and should be deleted from the MAC address table For instructions refer to NO MAC ADDRESS TABLE STATIC on page 36...

Страница 746: ...136 SHOW VLAN Command The columns in the table are described here VLAN ID Name Type State Member ports u Untagged t Tagged 1 default STATIC ACTIVE 1 u 20 u 21 u 22 u 23 u 26 u 27 u 28 u 5 Sales STATIC...

Страница 747: ...ANs on the switch awplus show vlan State The states of the VLANs A VLAN has an Active state if it has at least one tagged or untagged port and an Inactive state if it does not have any ports Member Po...

Страница 748: ...tically removes it from its current untagged VLAN assignment before moving it to its new assignment For example if you add port 4 as an untagged port to a VLAN the switch automatically removes the por...

Страница 749: ...0 5 port1 0 7 awplus config if switchport access vlan 12 This example returns port 15 as an untagged port to the Default_VLAN which has the VID 1 awplus enable awplus configure terminal awplus config...

Страница 750: ...ts to VLANs The second command is SWITCHPORT ACCESS VLAN on page 748 The access mode is the default setting for all ports on the switch Consequently you only need to perform this command for ports tha...

Страница 751: ...LLOWED VLAN on page 753 The INGRESS FILTER parameter controls whether the tagged port accepts or rejects tagged packets containing VIDs that do not match any of its tagged VIDs If ingress filtering is...

Страница 752: ...is example designates port 18 as a tagged port and disables ingress filtering so that it accepts all tagged packets awplus enable awplus configure terminal awplus config interface port1 0 18 awplus co...

Страница 753: ...ignated VLAN You can specify more than one VID except vid Adds the port as a tagged port to all the VLANs on the switch except for the designated VLAN You can specify more than one VID remove vid Remo...

Страница 754: ...1x none role before they can be removed from a VLAN You can reassign their roles after you change their VLAN assignments Confirmation Command SHOW VLAN on page 746 Examples of Adding Tagged Ports to...

Страница 755: ...plus config if switchport trunk allowed vlan except 11 Examples of Removing Tagged Ports from VLANs This example removes tagged port 17 from the VLAN with a VID of 8 awplus enable awplus configure ter...

Страница 756: ...native VLANs for tagged ports The native VLAN of a tagged port specifies the appropriate VLAN for ingress untagged packets A tagged port can have only one native VLAN and the VLAN must already exist...

Страница 757: ...uide 757 This example reestablishes the Default_VLAN as the native VLAN for tagged ports 18 and 20 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 20 awplus config i...

Страница 758: ...e VID value name Specifies a name for a new VLAN A name can be from 1 to 20 characters in length The first character must be a letter it cannot be a number VLANs will be easier to identify if their na...

Страница 759: ...ring awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 5 name Engineering This example creates a new VLAN with the VID 17 and the name Manufacturing awplus en...

Страница 760: ...Chapter 48 Port based and Tagged VLAN Commands 760...

Страница 761: ...page 767 Enabling GVRP on the Switch on page 768 Enabling GIP on the Switch on page 769 Enabling GVRP on the Ports on page 770 Setting the GVRP Timers on page 771 Disabling GVRP Timers on the Switch...

Страница 762: ...device that sent it It then does the following If the PDU contains a VID of a VLAN that does not exist on the switch it creates the designated VLAN and adds the port that received the PDU as a tagged...

Страница 763: ...Example The example consists of three switches Switches 1 and 3 have the Sales VLAN but switch 2 does not Consequently the end nodes of the two parts of the Sales VLANs cannot communicate with each o...

Страница 764: ...s VID of 11 Note that port 3 is not yet a member of the VLAN Ports are added to VLANs when they receive PDUs from other network devices not when they transmit PDUs 4 Switch 3 receives the PDU on port...

Страница 765: ...GVRP VLANs and dynamic GVRP port assignments The dynamic assignments are relearned by the switch as PDUs arrive on the ports from other switches GVRP has three timers Join Timer Leave Timer and Leave...

Страница 766: ...member of the VLANs giving the intruder access to restricted areas of your network Here are a couple of suggestions to protect against this type of network intrusion Activating GVRP only on those swi...

Страница 767: ...ives from the GVRP active switches GVRP PDUs are management frames intended for the switch s CPU In all likelihood a GVRP inactive switch will discard the PDUs because it will not recognize them The s...

Страница 768: ...Configuration mode It is the GVRP ENABLE command After the command is entered the switch immediately begins to transmit PDUs from those ports where GVRP is enabled and to learn dynamic GVRP VLANs Her...

Страница 769: ...GVRP on the switch GIP must be enabled if the switch is using GVRP The command for activating GIP is the GVRP APPLICANT STATE ACTIVE command in the Global Configuration mode Here is the command awplus...

Страница 770: ...default setting for GVRP on the ports is enabled you should only need to use this command if you want to enable GVRP after disabling it on a port This example of the command activates GVRP on ports 1...

Страница 771: ...n Timer 2 x Leave Timer The commands for setting the timers are in the Global Configuration mode They are gvrp timer join value gvrp timer leave value gvrp timer leaveall value The timers are set in o...

Страница 772: ...ey are no gvrp timer join no gvrp timer leave no gvrp timer leaveall Use these commands to reset GVRP timers to the default values for each individual parameter The default values are GVRP timer join...

Страница 773: ...he GVRP REGISTRATION NONE command in the Port Interface mode This example of the command deactivates GVRP on ports 4 and 5 awplus enable awplus configure terminal awplus config interface port1 0 4 1 0...

Страница 774: ...d if the switch is using GVRP There is never any reason to disable GIP Even if the switch is not performing GVRP you can still leave GIP enabled The command for disabling GIP is GVRP APPLICANT STATE N...

Страница 775: ...to stop the switch from learning any further dynamic VLANs or GVRP ports use the NO GVRP ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal aw...

Страница 776: ...Default Settings To disable GVRP and to return the timers to their default settings use the PURGE GVRP command in the Global Configuration mode awplus enable awplus configure terminal awplus config pu...

Страница 777: ...d the three timer settings Here is the command awplus show gvrp timer Here is an example of the information the command provides Figure 138 SHOW GVRP TIMER Command For reference information refer to S...

Страница 778: ...Chapter 49 GARP VLAN Registration Protocol 778...

Страница 779: ...nables GVRP GVRP REGISTRATION on page 785 Port Interface Set a port s GVRP status GVRP TIMER JOIN on page 786 Global Configuration Sets the GARP Join Timer GVRP TIMER LEAVE on page 787 Global Configur...

Страница 780: ...ameters for the internal database for the GARP application SHOW GVRP MACHINE on page 796 User Exec and Privileged Exec Displays parameters for the GID state machines for the GARP application SHOW GVRP...

Страница 781: ...mmand to convert dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs and static port assignments Example This example converts dynamic GVRP VLANs and dynamic GVRP port assignments to...

Страница 782: ...icant state active Parameters None Mode Global Configuration mode Description Use this command to enable GIP on the switch GIP must be enabled for GVRP to operate properly Example This example enables...

Страница 783: ...None Mode Global Configuration mode Description Use this command to disable GIP on the switch Note Do not disable GIP if the switch is running GVRP GIP is required for proper GVRP operation Example Th...

Страница 784: ...84 GVRP ENABLE Syntax gvrp enable Parameters None Mode Global Configuration mode Description Use this command to enable GVRP on the switch Example This example enables GVRP on the switch awplus enable...

Страница 785: ...or disable GVRP on a port A port where GVRP is enabled transmits GVRP PDUs A port where GVRP is disabled does not send GVRP PDUs Examples This example enables GVRP on ports 5 and 6 awplus enable awpl...

Страница 786: ...s 20 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Join Timer This timer must be set in relation to the GVRP Leave Timer according to the following equation...

Страница 787: ...a second The range is 30 to 180 centiseconds The default is 60 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Leave Timer Note The setting for this timer must...

Страница 788: ...ge is 500 to 3000 centiseconds The default is 1000 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Leave All timer Note The settings for this timer must be the...

Страница 789: ...ENABLE Syntax no gvrp enable Parameters None Mode Global Configuration mode Description Use this command to disable GVRP on the switch Example This example disables GVRP on the switch awplus enable aw...

Страница 790: ...urations and return the GVRP Join Timer to its default value This timer must only be disabled in relation to the GVRP Leave Timer according to the following equation Join Timer 2 x GVRP Leave Timer No...

Страница 791: ...and return the GVRP Leave Timer to its default value This timer must only be disabled in relation to the GVRP Join Timer according to the following equation Join Timer 2 x GVRP Leave Timer Note The s...

Страница 792: ...mode Description Use this command to disable the GARP Leave All timer and return the GVRP Leave All timer to its default value Note The settings for this timer must be the same on all GVRP active net...

Страница 793: ...Global Configuration mode Description Use this command to disable GVRP on the switch and to return the timers to their default values Example This example disables GVRP on the switch and returns the t...

Страница 794: ...pplicant Parameter None Mode Privileged Exec mode Description Use this command to display the following parameters for the GIP connected ring for the GARP application GARP Application GIP contact STP...

Страница 795: ...cription Use this command to display the following parameters for the internal database for the GARP application Each attribute is represented by a GID index within the GARP application GARP Applicati...

Страница 796: ...Description Use this command to display the following parameters for the GID state machines for the GARP application The output is shown on a per GID index basis each attribute is represented by a GID...

Страница 797: ...eive Discarded GARP Disabled Receive Discarded Port Not Listening Transmit Discarded Port Not Sending Receive Discarded Invalid Port Receive Discarded Invalid Protocol Receive Discarded Invalid Format...

Страница 798: ...ommands 798 Receive GARP Messages Empty Transmit GARP Messages Empty Receive GARP Messages Bad Message Receive GARP Messages Bad Attribute Example This example displays the values of GARP packet and m...

Страница 799: ...scription Use this command to display the current values for the following GARP application parameters GARP application protocol GVRP status GVRP GIP status GVRP Join Time GVRP Leave Time GVRP Leaveal...

Страница 800: ...Chapter 50 GARP VLAN Registration Protocol Commands 800...

Страница 801: ...lines on page 807 General Steps on page 808 Creating MAC Address based VLANs on page 809 Adding MAC Addresses to VLANs and Designating Egress Ports on page 810 Removing MAC Addresses on page 811 Delet...

Страница 802: ...the same resources regardless of the points at which they access the network If you employed port based or tagged VLANs for roaming users you might have to constantly reconfigure the VLANs moving por...

Страница 803: ...LANs relieves you from having to map each address to its corresponding egress port Instead you only need to be sure that all the egress ports in a MAC address based VLAN are assigned to at least one a...

Страница 804: ...l be flooded out port 4 This means that whatever device is connected to the port receives the flooded traffic form all three VLANs If security is a major concern for your network you might not want to...

Страница 805: ...odes on all the switches where the VLAN exists The same MAC address based VLAN on different switches must have the same list of MAC addresses Figure 139 illustrates an example of a MAC address based V...

Страница 806: ...here is a match the switch considers the packet as a member of the corresponding MAC address based VLAN and not the port based VLAN and forwards it out the egress ports defined for the corresponding M...

Страница 807: ...rt of a MAC address based VLAN and an untagged member of a port based VLAN Given that there is no way for the switch to determine the VLAN to which the broadcast packet belongs it floods the packet on...

Страница 808: ...tion mode to assign a name and a VID to the new VLAN and to designate the VLAN as a MAC address based VLAN 2 Use the VLAN SET MACADDRESS command in the Global Configuration mode to assign the MAC addr...

Страница 809: ...of the VLAN must be unique from all other VLANs on the switch The name of a VLAN can be up to 20 characters It cannot contain any spaces and the first character must be a letter not a number This exam...

Страница 810: ...hich the address is to be added and the MAC ADDRESS parameter is the address which has to be entered in this format xx xx xx xx xx xx or xxxx xxxx xxxx The MACADDRESS and DESTADDRESS keywords are equi...

Страница 811: ...g interface port1 0 6 port1 0 8 awplus config if no vlan 23 macaddress 11 8a 92 ce 76 28 Before MAC addresses can be completely removed from this type of VLAN you must first remove them from their egr...

Страница 812: ...he switch use the NO VLAN command in the VLAN Configuration mode You can delete only one VLAN at a time Here is the format of the command no vlan vid This example deletes the VLAN with the VID 23 awpl...

Страница 813: ...in Table 78 on page 823 VLAN 5 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 5A 9E 84 31 23 85 port1 0 13 port1 0 18 1A 87 9B 52 36 D5 port1 0 18 26 72 9A CB 1A E4 por...

Страница 814: ...esignate it as a MAC address based VLAN awplus config vlan exit Return to the Global Configuration mode Use the VLAN SET MACADDRESS command in the Global Configuration mode to assign the MAC addresses...

Страница 815: ...us config if vlan set 21 macaddress 00 30 42 53 10 3a awplus config if end Return to the Privileged Exec mode awplus show vlan macaddress Confirm the configuration again with the SHOW VLAN MACADDRESS...

Страница 816: ...Chapter 51 MAC Address based VLANs 816...

Страница 817: ...e 819 Global Configuration Removes MAC addresses from VLANs NO VLAN MACADDRESS Port Interface Mode on page 820 Port Interface Removes MAC addresses from egress ports SHOW VLAN MACADDRESS on page 822 P...

Страница 818: ...Configuration mode Description Use this command to delete MAC address based VLANs from the switch You can delete only one VLAN at a time with this command Confirmation Command SHOW VLAN MACADDRESS on...

Страница 819: ...ode Description Use this command to remove MAC addresses from MAC address based VLANs You can remove only one address at a time with this command The command does not accept ranges or wildcards MAC ad...

Страница 820: ...xx xx xx xx xx xx Note The MACADDRESS and DESTADDRESS keywords are equivalent Mode Port Interface mode Description Use this command to remove MAC addresses from egress ports in MAC address based VLANs...

Страница 821: ...s example removes the MAC address 00 30 84 75 11 B2 from the egress port 11 to 14 in a VLAN with the VID 24 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 14 awplus...

Страница 822: ...SHOW VLAN MACADDRESS Command VLAN 11 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 5A 9E 84 31 23 85 port1 0 4 port1 0 8 1A 87 9B 52 36 D5 port1 0 4 26 72 9A CB 1A E4 p...

Страница 823: ...ess based VLANs on the switch awplus show vlan macaddress Table 78 SHOW VLAN MACADDRESS Command Parameter Description VLAN VID MAC Associations The VID of the MAC address based VLAN Total Number of As...

Страница 824: ...cter of the name must be a letter it cannot be a number VLANs will be easier to identify if their names reflect the functions of their subnetworks or workgroups for example Sales or Accounting A name...

Страница 825: ...ser s Guide 825 Example This example creates a MAC address based VLAN that has the name Sales and the VID 3 awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan...

Страница 826: ...Use this command to add MAC addresses to MAC address based VLANs You can add only one address at a time with this command You cannot use ranges or wildcards The specified VLAN must already exist Refer...

Страница 827: ...mand Line User s Guide 827 This example adds the MAC address 00 30 84 32 76 1A to a MAC address based VLAN with the VID 12 awplus enable awplus configure terminal awplus config vlan set 12 macaddress...

Страница 828: ...ivalent Mode Port Interface mode Description Use this command to assign MAC addresses to egress ports for MAC address based VLANs The specified MAC address must already be assigned to the VLAN For ins...

Страница 829: ...This example assigns the MAC address 00 30 84 75 11 B2 to ports 11 to 14 in a VLAN that has the VID 24 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config...

Страница 830: ...Chapter 52 MAC Address based VLAN Commands 830...

Страница 831: ...ANs This chapter provides the following topics Overview on page 832 Guidelines on page 834 Creating Private VLANs on page 835 Adding Host and Uplink Ports on page 836 Deleting VLANs on page 837 Displa...

Страница 832: ...ation for private VLANs is to simplify IP address assignments Ports can be isolated from each other while still belonging to the same subnet A private VLAN generally consists of one or more host ports...

Страница 833: ...ommunicate with uplink ports Can communicate with appropriately configured trunk ports Uplink ports Promiscuous ports Promiscuous ports act as untagged trunk ports A private VLAN can have more than on...

Страница 834: ...ort can be an uplink port of just one private VLAN at a time however a private VLAN can have more than one uplink port The host ports of private VLANs are untagged ports and as such transmit only unta...

Страница 835: ...ate vlan vid The VID number has the range of 2 to 4094 The VID of a private VLAN must be unique from all other VLANs on the switch This example assigns the VID 26 to a new private VLAN awplus enable a...

Страница 836: ...d adds ports 2 to 7 as host ports of a private VLAN that has the VID 15 awplus enable awplus configure terminal awplus config interface port1 0 2 port1 0 7 awplus config if switchport mode private vla...

Страница 837: ...re automatically returned by the switch to the Default_VLAN Here is the format of the command no vlan vid The VID parameter is the VID of the private VLAN you want to delete The command lets you delet...

Страница 838: ...in the Privileged Exec mode displays the private VLANs currently existing on the switch along with their host and uplink ports Here is the command awplus show vlan private vlan Here is an example of...

Страница 839: ...VLAN Configuration Deletes VLANs from the switch PRIVATE VLAN on page 841 VLAN Configuration Creates private port VLANs SHOW VLAN PRIVATE VLAN on page 842 Privileged Exec Displays the private port VLA...

Страница 840: ...ode VLAN Configuration mode Description Use this command to delete private port VLANs from the switch You can delete one VLAN at a time with this command Confirmation Command SHOW VLAN PRIVATE VLAN on...

Страница 841: ...iguration mode Description Use this command to create new private port VLANs You can create just one VLAN at a time Refer to SWITCHPORT MODE PRIVATE VLAN HOST on page 843 to add host ports to a new VL...

Страница 842: ...ileged Exec mode Description Use this command to display the private port VLANs on the switch Here is an example of the information Figure 143 SHOW VLAN PRIVATE VLAN Command Example The following exam...

Страница 843: ...erface mode Description Use this command to add host ports to private port VLANs Devices connected to host ports in a private port VLAN can only communicate with the uplink port Confirmation Command S...

Страница 844: ...rface mode Description Use this command to add a promiscuous uplink port to a private port VLAN A promiscuous port can be an uplink port of just one private VLAN at a time Confirmation Command SHOW VL...

Страница 845: ...e VLAN Commands Command Mode Description NO SWITCHPORT VOICE VLAN on page 846 Port Interface Removes ports from voice VLANs SWITCHPORT VOICE DSCP on page 847 Port Interface Configures the Layer 3 DSCP...

Страница 846: ...This command removes LLDP MED network policy configuration for a voice device connected to these ports but does not change the spanning tree edge port status Confirmation Command SHOW VLAN on page 74...

Страница 847: ...e VLAN DSCP and CoS values Use the NO form of this command to remove a DSCP value from a port without replacing it with a new value A DSCP value of 0 will be advertised Confirmation Command SHOW RUNNI...

Страница 848: ...and to configure the Voice VLAN tagging advertised when the transmission of LLDP MED Network Policy TLVs for voice endpoint devices is enabled When LLDP MED capable IP phones receive this network poli...

Страница 849: ...ge 158 SHOW LLDP LOCAL INFO INTERFACE on page 1125 Examples This example tells IP phones connected to port 1 0 5 to send voice data tagged for VLAN 10 awplus enable awplus configure terminal awplus co...

Страница 850: ...Chapter 55 Voice VLAN Commands 850...

Страница 851: ...851 Chapter 56 VLAN Stacking This chapter provides the following topics Overview on page 852 Components on page 854 VLAN Stacking Process on page 855 Example of VLAN Stacking on page 856...

Страница 852: ...ative headers is that different customers are likely to use the same VIDs in their networks And requiring that customers reconfigure their VLANs by assigning unique VIDs not used by other customers is...

Страница 853: ...the source MAC address and remains in the packets only while the packets are being transported across a metro network The headers are deleted at the point the packets leave the metro network and reen...

Страница 854: ...t handle tagged packets But with VLAN stacking customer ports may handle tagged or untagged packets The extra 802 1Q headers are added to or deleted from the packets at the customer ports The action o...

Страница 855: ...mer port adds the new 802 1Q header giving it the same VID number as the VLAN in which the customer port is a member 3 The modified packet is forwarded out the provider port and into the metro Etherne...

Страница 856: ...r the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database Enter the VLAN Configuration mode awplus config v...

Страница 857: ...t access vlan 79 Add the ports as untagged ports to the VLAN with the SWITCHPORT ACCESS VLAN command awplus config if switchport vlan stacking customer edge port Use the SWITCHPORT VLAN STACKING comma...

Страница 858: ...awplus show vlan Use the SHOW VLAN command again to confirm the configuration of the ABC_Inc VLAN TPID INTERFACES c Customer Edge Port p Provider Port 0x8100 port1 0 5 c 0x8100 port1 0 6 c 0x8100 port...

Страница 859: ...alue to 0x8100 with the PLATFORM VLAN STACKING TPID command awplus exit Return to the Privileged Exec mode awplus show vlan vlan stacking Use the SHOW VLAN VLAN STACKING command to confirm the change...

Страница 860: ...Chapter 56 VLAN Stacking 860 Section III File System...

Страница 861: ...Interface Removes ports from VLAN stacking PLATFORMVLAN STACKING TPID on page 863 Global Configuration Specifies the Tag Protocol Identifier TPID value SHOW VLAN VLAN STACKING on page 864 Privileged E...

Страница 862: ...rt Interface mode Description Use this command to remove ports from VLAN stacking Confirmation Command SHOW VLAN VLAN STACKING on page 864 Example This example removes ports 3 to 16 and 21 from VLAN s...

Страница 863: ...one TPID value The value must be entered in hexadecimal format Mode Global Configuration mode Description Use this command to specify the Tag Protocol Identifier TPID value that applies to all frames...

Страница 864: ...o display the port assignments of VLAN stacking Here is an example of the information Figure 147 SHOW VLAN VLAN STACKING Command Example awplus enable awplus show vlan vlan stacking TPID INTERFACES c...

Страница 865: ...edge port or provider port This is sometimes referred to as VLAN double tagging nested VLANs or QinQ Confirmation Command SHOW VLAN VLAN STACKING on page 864 Examples awplus enable awplus configure t...

Страница 866: ...Chapter 57 VLAN Stacking Commands 866 Section III File System...

Страница 867: ...chapters Chapter 58 MAC Address based Port Security on page 869 Chapter 59 MAC Address based Port Security Commands on page 879 Chapter 60 802 1x Port based Network Access Control on page 893 Chapter...

Страница 868: ...868...

Страница 869: ...This chapter contains the following topics Overview on page 870 Configuring Ports on page 872 Enabling MAC Address based Security on Ports on page 874 Disabling MAC Address based Security on Ports on...

Страница 870: ...tore the addresses as dynamic addresses can learn new addresses when addresses are timed out from the table by the switch The addresses are aged out according to the aging time of the MAC address tabl...

Страница 871: ...address based port security and 802 1x port based access control on the same port To configure a port as an Authenticator or Supplicant in 802 1x port based access control you must remove MAC address...

Страница 872: ...to learn up to 25 source MAC addresses each and to store the addresses as static addresses in the MAC address table The intrusion action is set to protect so that the ports discard packets with unknow...

Страница 873: ...g interface port1 0 16 awplus config if switchport port security maximum 45 awplus config if switchport port security aging awplus config if switchport port security violation restrict This example co...

Страница 874: ...to activate the feature on the ports This is accomplished with the SWITCHPORT PORT SECURITY command in the Port Interface mode This example of the command activates port security on ports 16 to 24 awp...

Страница 875: ...SWITCHPORT PORT SECURITY command in the Port Interface mode This example of the command removes port security from port 23 awplus enable awplus configure terminal awplus config interface port1 0 23 aw...

Страница 876: ...is shown in Figure 148 Figure 148 SHOW PORT SECURITY INTERFACE Command The fields are defined in Table 85 on page 882 If you are interested in viewing just the number of packets the ports have discard...

Страница 877: ...877 Figure 149 is an example of the information Figure 149 Example of SHOW PORT SECURITY INTRUSION INTERFACE Command Port Security Intrusion List Last 256 Intrusions Interface Port 1 0 17 2 intrusion...

Страница 878: ...Chapter 58 MAC Address based Port Security 878...

Страница 879: ...SECURITY INTERFACE on page 882 Privileged Exec Displays the security mode settings of the ports SHOW PORT SECURITY INTRUSION INTERFACE on page 885 Privileged Exec Displays the number of packets the po...

Страница 880: ...AC address based security from the ports Note To activate ports that were disabled by the shutdown intrusion action refer to NO SHUTDOWN on page 211 Confirmation Command SHOW PORT SECURITY INTERFACE o...

Страница 881: ...e never deleted from the table ports that learn their maximum numbers of source MAC addresses cannot learn new addresses even when the source nodes of the learned addresses are inactive Confirmation C...

Страница 882: ...NTERFACE Command The fields are described in Table 85 Table 85 SHOW PORT SECURITY INTERFACE Command Field Description Port Port number Security Enabled The current status of MAC address based security...

Страница 883: ...Protect intrusion action Restrict Restrict intrusion action Shutdown Shut down intrusion action Aging The status of MAC address aging on the port If the aging status is No the MAC addresses that are...

Страница 884: ...ort Lock Status Whether or not the port has learned its maximum number of MAC addresses The port will have a Locked status if it has learned its maximum number of MAC addresses and an Unlocked status...

Страница 885: ...ource MAC addresses The ports begin to discard packets after learning their maximum number of source MAC addresses This information is also available with SHOW PORT SECURITY INTERFACE on page 882 Figu...

Страница 886: ...TY INTRUSION INTERFACE Command Port Security Intrusion List Port Security Intrusion List Last 10 Intrusions Interface Port 1 0 5 132 intrusion s detected 000 0900 127E 000 0900 127F 000 0900 027D 000...

Страница 887: ...n Use this command to activate MAC address based security on ports Confirmation Command SHOW PORT SECURITY INTERFACE on page 882 Example This example activates MAC address based security on port 3 and...

Страница 888: ...MAC address in the MAC address table Ports that learn their maximum numbers of addresses can learn new addresses as inactive addresses are deleted from the table Confirmation Command SHOW PORT SECURI...

Страница 889: ...number of dynamic MAC addresses that ports can learn Ports that learn their maximum numbers of MAC addresses discard ingress packets with unknown MAC addresses Use the no form of this command NO SWITC...

Страница 890: ...how the switch responds when ports that have learned their maximum number of MAC addresses receive ingress frames that have unknown source MAC addresses The no form of this command NO SWITCHPORT PORT...

Страница 891: ...erminal awplus config interface port1 0 22 port1 0 24 awplus config if switchport port security violation restrict This example sets the intrusion action on port 2 to shutdown The switch disables the...

Страница 892: ...Chapter 59 MAC Address based Port Security Commands 892...

Страница 893: ...for Authenticator Ports on page 899 Supplicant and VLAN Associations on page 903 Guest VLAN on page 906 Guidelines on page 907 Enabling 802 1x Port Based Network Access Control on the Switch on page...

Страница 894: ...w that you can also use the RADIUS client software on the switch along with a RADIUS server on your network to create new remote manager accounts Note RADIUS with Extensible Authentication Protocol EA...

Страница 895: ...ich the authenticator responds with an EAP Request Identity packet The supplicant responds with an EAP Response Identity packet to the authentication server via the authenticator The authentication se...

Страница 896: ...and must communicate with the switch through a port that is not configured as an authenticator port Authenticator Role The authenticator role activates port access control on a port Ports in this role...

Страница 897: ...signed valid combinations Another advantage is that the authentication is not tied to any specific computer or node An end user can log on from any system and still be verified by the RADIUS server as...

Страница 898: ...S server the port begins forwarding all traffic to and from the supplicant Force authorized Automatically places the port in the authorized state without any authentication exchange required The port...

Страница 899: ...de Multi Host Mode This mode permits multiple supplicants on an authenticator port An authenticator host forwards packets from all supplicants once one supplicant has successfully logged on This mode...

Страница 900: ...e traffic of all the supplicants Figure 154 Multi Host Operating Mode If the port is configured as 802 1x Authenticator one supplicant must have 802 1x client firmware and must provide a username and...

Страница 901: ...and you want all supplicants to be authenticated A switch can support up to a maximum of 208 supplicants If the authentication method is MAC address based the authenticator port uses the MAC addresses...

Страница 902: ...d Network Access Control 902 Figure 155 Multi Supplicant Mode RADIUS Authentication Server Port 1 0 6 Role Authenticator Operating Mode Multi Supplicant Mode Ethernet Hub or Non 802 1x compliant Switc...

Страница 903: ...and security levels The problem with a port based VLAN is that VLAN membership is determined by the port on the switch to which the device is connected If a different device that needs to belong to a...

Страница 904: ...e the VID of a nonexistent VLAN it leaves the port in the unauthorized state to deny access to the port Multi Supplicant Mode The initial authentication on an authenticator port running in the multi s...

Страница 905: ...t medium to be used for the tunnel specified by Tunnel Private Group Id The only supported value is 802 6 Tunnel Private Group ID The ID of the tunnel the authenticated user should use This must be th...

Страница 906: ...If the switch receives 802 1x packets on the port signalling that a supplicant is logging on the authentication process continues normally If dynamic VLAN creation is enabled using AUTH DYNAMIC VLAN...

Страница 907: ...and password when working at different workstations After a supplicant has successfully logged on the MAC address of the end node is added to the switch s MAC address table as an authenticated addres...

Страница 908: ...MD5 EAP TLS EAP TTLS and EAP PEAP authentication methods The switch must have a management IP address to communicate with the RADIUS server For background information refer to Chapter 13 IPv4 and IPv...

Страница 909: ...ENTICATION DOT1X DEFAUT GROUP RADIUS command The command has no parameters Here is the command awplus enable awplus configure terminal awplus config aaa authentication dot1x default group radius Note...

Страница 910: ...rrupts network operations because the designated ports stop forwarding traffic until the supplicants log on Designating the Authentication Methods A port can be configured for either 802 1x authentica...

Страница 911: ...onnected to multiple nodes The ports forward all traffic after just one supplicant successfully logs on Multi supplicant mode For authenticator ports that are connected to multiple nodes The supplican...

Страница 912: ...onfig interface port1 0 8 awplus config if dot1x port control auto awplus config if auth host mode multi host This example configures ports 1 0 16 to 1 0 19 to use the MAC address authentication metho...

Страница 913: ...cate every 2 hours 7200 seconds awplus enable awplus configure terminal awplus config interface port1 0 21 port1 0 22 awplus config if dot1x port control auto awplus config if auth reauthentication aw...

Страница 914: ...y forward traffic without authenticating supplicants go to the Port Interface mode of the ports and enter the NO DOT1X PORT CONTROL command This example removes the authenticator role from ports 1 0 1...

Страница 915: ...de and enter the NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS command Here is the command awplus enable awplus configure terminal awplus config no aaa authentication dot1x default group radius Not...

Страница 916: ...Figure 156 is an example of what you will see Figure 156 SHOW DOT1X INTERFACE Command Authentication Info for interface port1 0 1 portEnabled Enabled portControl Auto portStatus DOWN reAuthenticate Di...

Страница 917: ...ort 1 0 2 awplus enable awplus show dot1x statistics interface port1 0 2 Figure 157 SHOW DOT1X STATISTICS INTERFACE Command Authentication Statistics for interface port1 0 2 EAPOL Frames Rx 0 EAPOL Fr...

Страница 918: ...Chapter 60 802 1x Port based Network Access Control 918...

Страница 919: ...e Sets the operating modes on authenticator ports AUTH REAUTHENTICATION on page 928 Port Interface Activates reauthentication on the authenticator ports AUTH TIMEOUT QUIET PERIOD on page 929 Port Inte...

Страница 920: ...t authentication sessions DOT1X PORT CONTROL AUTO on page 941 Port Interface Sets ports to the authenticator role DOT1X PORT CONTROL FORCE AUTHORIZED on page 942 Port Interface Configures ports to the...

Страница 921: ...ERFACE on page 953 Privileged Exec Displays the authentication statistics of authenticator ports SHOW AUTH MAC SUPPLICANT INTERFACE on page 954 Privileged Exec Displays the supplicant state on authent...

Страница 922: ...ing for this feature is disabled Note You should activate and configure the RADIUS client software on the switch before activating port based access control For instructions refer to Chapter 88 RADIUS...

Страница 923: ...o disable this feature refer to NO AUTH DYNAMIC VLAN CREATION on page 946 Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or SHOW DOT1X INTERFACE on page 956 Examples This example activates s...

Страница 924: ...ds 924 This example activates multiple dynamic VLAN assignment on authenticator port 1 0 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config if dot1x port control...

Страница 925: ...hich point it is moved to a configured VLAN or if the dynamic VLAN setting is enabled it will be moved to the VLAN specified in a supplicant s account on the RADIUS server A port must already be desig...

Страница 926: ...is referred to as piggy backing multi supplicant Specifies the multi supplicant operating mode An authenticator port set to this mode requires that all supplicants log on Mode Port Interface mode Desc...

Страница 927: ...nable awplus configure terminal awplus config interface port1 0 8 awplus config if auth host mode multi host This example configures authenticator ports 1 0 12 and 1 0 13 to the multi supplicant opera...

Страница 928: ...ator ports The supplicants must periodically reauthenticate according to the time interval set with AUTH TIMEOUT REAUTH PERIOD on page 930 Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or S...

Страница 929: ...is 60 seconds Mode Port Interface mode Description Use this command to set the number of seconds that an authenticator port waits after a failed authentication with a supplicant before accepting auth...

Страница 930: ...erval for reauthentication of supplicants on an authenticator port Reauthentication must be enabled on an authenticator port for the timer to work Reauthentication on a port is activated with AUTH REA...

Страница 931: ...The default value is 30 seconds Mode Port Interface mode Description Use this command to set the amount of time the switch waits for a response from a RADIUS authentication server Confirmation Command...

Страница 932: ...nds Mode Port Interface mode Description Use this command to set the retransmission time for EAP request frames from authenticator ports Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or SHO...

Страница 933: ...he initial frames from a supplicant and automatically sends it as the supplicant s username and password to the authentication server This authentication method does not require 802 1x client software...

Страница 934: ...is command to set the MAC address of the supplicant client device to re learning for re authentication on the interface specified in the INTERFACE command Example This example sets the MAC address of...

Страница 935: ...entering the specified port are discarded The in parameter discards the ingress packets received from the supplicant If the both parameter is specified with this command packets entering ingress and...

Страница 936: ...Chapter 61 802 1x Port based Network Access Control Commands 936 awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x control direction in...

Страница 937: ...me VLAN as the ingress port forward vlan Forwards ingress EAP packets to tagged and untagged ports in the same VLAN as the ingress port Mode Global Configuration mode Description Use this command to c...

Страница 938: ...packets when 802 1x authentication is disabled awplus enable awplus configure terminal awplus config dot1x eap discard This example configures the switch to forward EAP packets only to untagged ports...

Страница 939: ...ommand to force authenticator ports into the unauthorized state You might use this command to force supplicants on authenticator ports to reauthenticate themselves again by logging in with their usern...

Страница 940: ...The default value is 2 Mode Port Interface mode Description Use this command to specify the maximum number of times the switch transmits EAP Request packets to a supplicant before it times out the aut...

Страница 941: ...ate forwarding only EAPOL frames until a supplicant has successfully logged on For background information refer to Operational Settings for Authenticator Ports on page 898 Confirmation Command SHOW AU...

Страница 942: ...e without any authentication exchanges required The ports transmit and receive traffic normally without 802 1x based authentication of the supplicants For background information refer to Operational S...

Страница 943: ...in the authenticator role the switch blocks all traffic on the ports For background information refer to Operational Settings for Authenticator Ports on page 898 Confirmation Command SHOW AUTH MAC IN...

Страница 944: ...Mode Port Interface mode Description Use this command to set the amount of time that an authenticator port on the switch waits for a reply from a supplicant to an EAP request identity frame If no rep...

Страница 945: ...iption Use this command to disable 802 1x port based network access control on the switch All ports forward packets without any authentication This is the default setting Confirmation Command SHOW DOT...

Страница 946: ...c VLAN assignments of authentication ports For background information refer to Supplicant and VLAN Associations on page 903 Confirmation Command SHOW AUTH MAC INTERFACE on page 951 SHOW DOT1X INTERFAC...

Страница 947: ...command to disable the Guest VLAN feature on an authenticator port Confirmation Command SHOW AUTH MAC INTERFACE on page 951 SHOW DOT1X INTERFACE on page 956 Example This example removes the guest VLAN...

Страница 948: ...odically reauthenticate after the initial authentication Reauthentication is still required if there is a change to the status of the link between a supplicant and the switch or the switch is reset or...

Страница 949: ...Use this command to deactivate MAC address based authentication on authenticator ports Confirmation Command SHOW DOT1X SUPPLICANT INTERFACE on page 958 Example This example removes MAC address based...

Страница 950: ...ommand to remove ports from the authenticator role so that they forward traffic without authentication Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or SHOW DOT1X INTERFACE on page 956 Exam...

Страница 951: ...ure 158 SHOW AUTH MAC INTERFACE Command Example This example displays the parameter settings of authenticator ports 1 0 1 through 1 0 4 awplus show auth mac interface port1 0 1 port1 0 4 Authenticatio...

Страница 952: ...display session statistics of the authenticator ports An example is shown in Figure 159 Figure 159 SHOW AUTH MAC SESSIONSTATISTICS INTERFACE Command Example This example displays the session statistic...

Страница 953: ...e 957 An example is shown in Figure 160 Figure 160 SHOW AUTH MAC STATISTICS INTERFACE Command Example This example displays the EAP packet statistics of authenticator port 1 0 7 awplus show auth mac s...

Страница 954: ...d is equivalent to SHOW DOT1X SUPPLICANT INTERFACE Command on page 958 An example is shown in Figure 161 Figure 161 SHOW AUTH MAC SUPPLICANT INTERFACE Command Example This example displays the supplic...

Страница 955: ...ss control is enabled or disabled on the switch and the IP addresses of the RADIUS servers An example is shown in Figure 162 Figure 162 SHOW DOT1X Command Example This example displays the status of t...

Страница 956: ...ays an example of the information Figure 163 SHOW DOT1X INTERFACE Command Example The example displays the authenticator parameter settings for ports 1 0 1 to 1 0 4 awplus enable awplus show dot1x int...

Страница 957: ...xample is shown in Figure 164 Figure 164 SHOW DOT1X STATISTICS INTERFACE Command Example This example displays the EAP packet statistics for authenticator port 1 0 7 awplus enable awplus show dot1x st...

Страница 958: ...s equivalent to SHOW AUTH MAC SUPPLICANT INTERFACE Command on page 954 An example is shown in Figure 165 Figure 165 SHOW DOT1X SUPPLICANT INTERFACE Command Interface port1 0 3 authenticationMethod dot...

Страница 959: ...ch Command Line User s Guide 959 Example This example displays the supplicant state of the authentication mode on ports 1 0 21 to 1 0 23 awplus enable awplus show dot1x supplicant interface port1 0 21...

Страница 960: ...Chapter 61 802 1x Port based Network Access Control Commands 960...

Страница 961: ...Simple Network Management Protocols This section contains the following chapters Chapter 62 SNMPv1 and SNMPv2c on page 963 Chapter 63 SNMPv1 and SNMPv2c Commands on page 975 Chapter 64 SNMPv3 Command...

Страница 962: ...962...

Страница 963: ...on page 964 Enabling SNMPv1 and SNMPv2c on page 966 Creating Community Strings on page 967 Adding or Removing IP Addresses of Trap or Inform Receivers on page 968 Deleting Community Strings on page 9...

Страница 964: ...onto your SNMP management workstation The MIBs are available from the Allied Telesis web site at www alliedtelesis com A community string must be assigned an access level The levels are Read and Read...

Страница 965: ...o specify the format in which the switch should send the messages The format can be either SNMPv1 or SNMPv2c For inform messages the format is always SNMPv2c For instructions refer to Adding or Removi...

Страница 966: ...parameters The switch begins to send trap and inform messages to the receivers and permits remote management from SNMP workstations as soon as you enter the command This assumes of course you have alr...

Страница 967: ...ame of the new string It can be up to 15 alphanumeric characters and special characters such as and is case sensitive Spaces are not allowed The RW and RO options define the access levels of new commu...

Страница 968: ...essages The switch can send trap messages in either SNMPv1 or SNMPv2c format Inform messages can only be sent in SNMPv2c format Note SNMP must be activated on the switch for you to add trap or inform...

Страница 969: ...awplus configure terminal awplus config snmp server host 143 154 76 17 informs version 2c st_bldg2 To remove IP addresses of trap or inform receivers from community strings use the NO form of the com...

Страница 970: ...no snmp server community community You can delete only one community string at a time with the command which is found in the Global Configuration mode The COMMUNITY parameter is case sensitive This e...

Страница 971: ...ch use the NO SNMP SERVER command You cannot remotely manage the switch with an SNMP application when SNMP is disabled Furthermore the switch stops transmitting trap and inform messages to your SNMP a...

Страница 972: ...he information that the command provides for each community string includes the community name and the access level of read write or read only There is also a view field which for community strings cr...

Страница 973: ...8 SHOW RUNNING CONFIG SNMP Command snmp server no snmp server enable trap auth snmp server community sw12eng1 rw snmp server community sw12eng1limit rw snmp server community westplnm7 ro snmp server c...

Страница 974: ...Chapter 62 SNMPv1 and SNMPv2c 974...

Страница 975: ...80 Global Configuration Disables the transmission of SNMP authentication traps NO SNMP SERVER HOST on page 981 Global Configuration Removes the IP addresses of trap and inform receivers from the commu...

Страница 976: ...status and authentication traps which are activated separately SNMP SERVER ENABLE TRAP AUTH on page 993 Global Configuration Activates the transmission of SNMP authentication traps SNMP SERVER HOST on...

Страница 977: ...SNMPv1 SNMPv2c and SNMPv3 on the switch The switch does not permit remote management from SNMP applications when SNMP is disabled It also does not send SNMP trap or inform messages Confirmation Comman...

Страница 978: ...gs from the switch Deleting community strings with this command also deletes any IP addresses of SNMP trap or inform receivers assigned to the community strings You can delete only one community strin...

Страница 979: ...to disable the transmission of SNMP traps except for the link status and authentication traps which are disabled separately Confirmation Command SHOW RUNNING CONFIG SNMP on page 985 Example This exam...

Страница 980: ...meters None Mode Global Configuration mode Description Use this command to disable the transmission of SNMP traps Confirmation Command SHOW RUNNING CONFIG SNMP on page 985 Example This example disable...

Страница 981: ...ceiver You can specify only 2c when you are deleting the IP address of an inform message receiver community_string Specifies the SNMP community string to which the IP address of the trap or inform rec...

Страница 982: ...ivate This example removes the IPv4 address 171 42 182 102 of a trap receiver from the community string station12a awplus enable awplus configure terminal awplus config no snmp server host 115 124 187...

Страница 983: ...cifies the OID of the view Mode Global Configuration mode Description Use this command to delete SNMP views You can delete just one view at a time with this command Confirmation Command SHOW SNMP SERV...

Страница 984: ...ssion of SNMP link status notifications traps when ports establish links linkUp or lose links linkDown to network devices Confirmation Command SHOW INTERFACE on page 221 Example This example disables...

Страница 985: ...ample displays the SNMPv1 and SNMPv2c community strings and the IP addresses of trap and inform receivers awplus show running config snmp snmp server no snmp server enable trap auth snmp server commun...

Страница 986: ...tch You can remotely manage the switch with SNMPv1 or v2c when the server is enabled Remote management is not possible when the server is disabled To activate or deactivate SNMP refer to SNMP SERVER o...

Страница 987: ...Table 89 SHOW SNMP SERVER COMMUNITY Command Parameter Description Community Name The community string Access The access level of the community string The possible access levels are Read Write and Rea...

Страница 988: ...Chapter 63 SNMPv1 and SNMPv2c Commands 988 Example This example displays the SNMPv1 and SNMPv2c community strings awplus show snmp server community...

Страница 989: ...P SERVER VIEW Command The fields in the entries are described in Table 90 Example This example displays the SNMPv1 and SNMPv2c views on the switch awplus show snmp server view Table 90 SHOW SNMP SERVE...

Страница 990: ...1 SNMPv2c and SNMPv3 on the switch The switch permits remote management from SNMP applications when SNMP is enabled The switch also sends SNMP messages to trap and inform receivers Confirmation Comman...

Страница 991: ...ifies the access level of a new community string of read write RW or read only RO Mode Global Configuration mode Description Use this command to create new SNMPv1 and SNMPv2c community strings on the...

Страница 992: ...e transmission of all SNMP traps except for power inline link status and authentication traps which are activated separately Confirmation Command SHOW RUNNING CONFIG SNMP on page 985 Example This exam...

Страница 993: ...l Configuration mode Description Use this command to activate the transmission of SNMP authentication failure traps Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example activates...

Страница 994: ...MPv1 1 or SNMPv2c 2c For inform messages the format must be SNMPv2c 2c community Specifies an SNMP community string This parameter is case sensitive Mode Global Configuration mode Description Use this...

Страница 995: ...gns the IPv4 address 152 34 32 18 as a trap receiver to the community string tlpaac78 The traps are sent in the SNMPv1 format awplus enable awplus configure terminal awplus config snmp server host 152...

Страница 996: ...the part of the MIB tree specified by the OID Mode Global Configuration mode Description Use this command to create SNMPv1 and SNMPv2c views on the switch Views are used to restrict the MIB objects th...

Страница 997: ...new view AlliedTelesis that limits the available MIB objects to those in the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config snmp server view AlliedTelesis 1 3 6 1 excluded...

Страница 998: ...notifications traps when ports establish links linkUp or lose links linkDown to network devices Confirmation Command SHOW INTERFACE on page 221 Example This example configures the switch to transmit l...

Страница 999: ...MP SERVER USER on page 1006 Global Configuration Deletes SNMPv3 users from the switch NO SNMP SERVER VIEW on page 1007 Global Configuration Deletes SNMPv3 views from the switch SHOW SNMP SERVER on pag...

Страница 1000: ...MPv3 groups SNMP SERVER HOST on page 1017 Global Configuration Creates SNMPv3 host entries SNMP SERVER USER on page 1019 Global Configuration Creates SNMPv3 users SNMP SERVER VIEW on page 1021 Global...

Страница 1001: ...SNMPv1 SNMPv2c and SNMPv3 on the switch The switch does not permit remote management from SNMP applications when SNMP is disabled It also does not send SNMP trap or inform messages Confirmation Comman...

Страница 1002: ...Global Configuration mode Description Use this command to return the SNMP engine ID value to the default value Confirmation Command SHOW SNMP SERVER on page 1008 Example This example returns the SNMP...

Страница 1003: ...be deleted The options are auth Indicates authentication but no privacy noauth Indicates no authentication or privacy priv Indicates authentication and privacy Mode Global Configuration mode Descript...

Страница 1004: ...The options are informs Sends inform messages trap Sends trap messages noauth auth priv Specifies the minimum security level of the user associated with this entry The options are noauth Indicates no...

Страница 1005: ...1005 Example This example deletes the host entry with the IPv4 address 187 87 165 12 The user name associated with this entry is jones awplus enable awplus configure terminal awplus config snmp serve...

Страница 1006: ...h The name is case sensitive Mode Global Configuration mode Description Use this command to delete SNMPv3 users You can delete just one user at a time with this command Confirmation Command SHOW SNMP...

Страница 1007: ...ase sensitive OID Specifies the OID of the subtree of the view to be deleted Mode Global Configuration mode Description Use this command to delete SNMPv3 views from the switch Confirmation Command SHO...

Страница 1008: ...u can remotely manage the switch with SNMPv1 or v2c when the server is enabled Remote management is not possible when the server is disabled To activate or deactivate SNMP refer to SNMP SERVER on page...

Страница 1009: ...de 1009 SHOW SNMP SERVER GROUP Syntax show snmp server group Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 groups Example This example displays the SNMPv...

Страница 1010: ...SNMP SERVER HOST Syntax show snmp server host Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 host entries Example This example displays the SNMPv3 host e...

Страница 1011: ...uide 1011 SHOW SNMP SERVER USER Syntax show snmp server user Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 users Example This example displays the SNMPv3...

Страница 1012: ...SERVER VIEW Syntax show snmp server view Parameter None Mode Privileged Exec mode Description Use this command to display the SNMPv3 views on the switch Example This example displays the SNMPv3 views...

Страница 1013: ...MPv2c and SNMPv3 on the switch The switch permits remote management from SNMP applications when SNMP is enabled The switch also sends SNMP messages to trap and inform receivers Confirmation Command SH...

Страница 1014: ...figure the SNMPv3 engine ID Note Changing the SNMPv3 engine ID from its default value is not recommended because the SNMP server on the switch may fail to operate properly Confirmation Command SHOW SN...

Страница 1015: ...privacy noauth Indicates no authentication or privacy priv Indicates authentication and privacy readview Specifies the name of an existing SNMPv3 view that specifies the MIB objects the members of the...

Страница 1016: ...s a group called swengineering with a minimum security level of authentication and privacy The group has the read view internet and the write view ATI awplus enable awplus configure terminal awplus co...

Страница 1017: ...message the switch sends The options are informs Sends inform messages traps Sends trap messages noauth auth priv Specifies the minimum security level of the user associated with this entry The optio...

Страница 1018: ...gures SNMPv3 to send trap messages to an end node with the IPv4 address 149 157 192 12 The user name associated with this entry is sthompson awplus enable awplus configure terminal awplus config snmp...

Страница 1019: ...gest Algorithms authentication protocol sha The SHA Secure Hash Algorithms authentication protocol auth_password Specifies a password for authentication A password can have up to 40 alphanumeric and o...

Страница 1020: ...plus enable awplus configure terminal awplus config snmp server user dcraig This example creates the user bjones The user is assigned authentication using SHA and the authentication password as11fir T...

Страница 1021: ...MIB tree specified by the OID included Permits access to the part of the MIB tree specified by the OID Mode Global Configuration mode Description Use this command to create SNMPv3 views on the switch...

Страница 1022: ...ew AlliedTelesis that limits the available MIB objects to those in the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config snmp server view AlliedTelesis 1 3 6 1 excluded awplus...

Страница 1023: ...1049 Chapter 68 LLDP and LLDP MED Commands on page 1081 Chapter 69 Address Resolution Protocol ARP on page 1141 Chapter 70 Address Resolution Protocol ARP Commands on page 1147 Chapter 71 RMON on pag...

Страница 1024: ...1024...

Страница 1025: ...ing topics Overview on page 1026 Configuring the sFlow Agent on page 1028 Configuring the Ports on page 1029 Enabling the sFlow Agent on page 1031 Disabling the sFlow Agent on page 1032 Displaying the...

Страница 1026: ...defines the average number of ingress packets from which the agent samples one packet For example a sampling rate of 1000 on a port prompts the agent to send one packet from an average of 1000 ingres...

Страница 1027: ...depending on its internal dynamics may send the information to the collector before five minutes have actually elapsed Guidelines Here are the guidelines to the sFlow agent You can specify just one s...

Страница 1028: ...dress port udp_port The IPADDRESS parameter specifies the IP address of the collector and the UDP_PORT parameter its UDP port This example specifies the IP address of the sFlow collector as 154 122 11...

Страница 1029: ...can have different rates The packet sampling rate is controlled with the SFLOW SAMPLING RATE command in the Port Interface mode Here is the format of the command sflow sampling rate value The VALUE pa...

Страница 1030: ...st one polling rate but different ports can have different settings The command to set this value is the SFLOW POLLING INTERVAL command in the Port Interface mode Here is the format of the command sfl...

Страница 1031: ...sflow enable This command assumes that you have already performed these steps Added the IP address of the collector to the sFlow agent with the SFLOW COLLECTOR IP command Used the SFLOW SAMPLING RATE...

Страница 1032: ...t from collecting performance data on the ports on the switch and from sending the data to the collector on your network use the NO SFLOW ENABLE command in the Global Configuration mode Here is the co...

Страница 1033: ...in the Global Configuration mode Here is the command awplus config show sflow Here is an example of the display Figure 174 SHOW SFLOW Command The fields are described in Table 93 on page 1047 Number o...

Страница 1034: ...the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config sflow collector ip 152 232 56 11 port 6342 Use the SFLOW COLLECTO...

Страница 1035: ...utes 1800 seconds before sending performance data for that particular port awplus config if sflow sampling rate 50000 Use the SFLOW SAMPLING RATE command to set the sampling rate of the ports to 1 pac...

Страница 1036: ...Chapter 65 sFlow Agent 1036...

Страница 1037: ...collectors on your network to the sFlow agent on the switch SFLOW ENABLE on page 1041 Global Configuration Activates the sFlow agent on the switch SFLOW POLLING INTERVAL on page 1042 Port Interface Se...

Страница 1038: ...ector Mode Global Configuration mode Description Use this command to delete the IP address of an sFlow collector from the switch Confirmation Command SHOW SFLOW on page 1046 Example This example delet...

Страница 1039: ...on mode Description Use this command to disable the sFlow agent to stop the switch from transmitting sample and counter data to the sFlow collector on your network Confirmation Command SHOW SFLOW on p...

Страница 1040: ...sFlow collector on your network The packet sampling data and the packet counters from the ports are sent by the switch to the specified collector You can specify just one collector If the IP address o...

Страница 1041: ...Flow agent on the switch The switch uses the agent to gather packet sampling data and packet counters from the designated ports and to transmit the data to the sFlow collector on your network Confirma...

Страница 1042: ...ed between successive pollings of the packet counters on the ports by the sFlow agent The ports can have different polling intervals To remove sFlow monitoring from a port enter the NO form of this co...

Страница 1043: ...Line User s Guide 1043 This example removes sFlow monitoring on port 21 using the NO form of the command awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config if no...

Страница 1044: ...sFlow collector For example a sample rate of 700 on a port means that one sample packet is taken for every 700 ingress packets The ports can have different sampling rates To disable packet sampling on...

Страница 1045: ...000 Switch Command Line User s Guide 1045 This example disables packet sampling on port 7 awplus enable awplus configure terminal awplus config interface port1 0 7 awplus config if no sflow sampling r...

Страница 1046: ...agent on the switch The command displays the same information with or without the DATABASE keyword Here is an example of the information Figure 175 SHOW SFLOW Command Number of Collectors 1 Collector_...

Страница 1047: ...ured to be sampled or polled Port The port number Sample rate The rate of ingress packet sampling on the port For example a rate of 500 means that one in every 500 packets is sent to the designated co...

Страница 1048: ...Chapter 66 sFlow Agent Commands 1048 Example This example displays the settings of the sFlow agent awplus enable awplus show sflow...

Страница 1049: ...ing Ports to Send LLDP MED Civic Location TLVs on page 1062 Configuring Ports to Send LLDP MED Coordinate Location TLVs on page 1065 Configuring Ports to Send LLDP MED ELIN Location TLVs on page 1069...

Страница 1050: ...transmitted in LLDP advertisements flows in one direction only from one device to its neighbors and the communication ends there Transmitted advertisements do not solicit responses and received advert...

Страница 1051: ...that transmitted the advertisements Time to Live TTL The length of time in seconds for which the information received in the advertisements remains valid If the value is greater than zero the informat...

Страница 1052: ...s The names of the VLANs in which the transmitting port is either an untagged or tagged member Protocol IDs List of protocols that are accessible through the port for instance 9000 Loopback 0026424203...

Страница 1053: ...is connected to a port Otherwise LLDP MED TLVs are not transmitted Note The switch is not an LLDP MED activated device The switch while capable of transmitting LLDP MED TLVs to other devices cannot p...

Страница 1054: ...this switch this advertises the power that the port can supply over a maximum length cable based on its current configuration that is it takes into account power losses over the cable In TLVs received...

Страница 1055: ...transmit advertisements from those ports that are configured to send TLVs and begins to populate its neighbor information table as advertisements from the neighbors arrive on the ports The command doe...

Страница 1056: ...ports do not receive any advertisements from the switch because the ports do not send any TLVs awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal...

Страница 1057: ...the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 16 port1 0 20 Enter the Port Interface mode for ports 16 to 20 awplus config if l...

Страница 1058: ...ry TLVs port description link aggregation mac phy config Table 97 Optional LLDP TLVs Summary TLV Designator Description port description Port description system name System name system description Sys...

Страница 1059: ...wplus config if no lldp tlv select all Remove all optional LLDP TLVs from the ports with the NO LLDP TLV SELECT command awplus config if no lldp med tlv select all Remove all optional LLDP MED TLVs fr...

Страница 1060: ...ivileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 3 port1 0 4 Enter the Port Interface mode for ports 3...

Страница 1061: ...AT 9000 Switch Command Line User s Guide 1061 awplus show lldp interface port1 0 3 port1 0 4 Use the SHOW LLDP INTERFACE command to confirm the configuration...

Страница 1062: ...witch and then configure the ports to send it as their civic location TLV Here are the main steps to creating civic location TLVs 1 Starting in the Global Configuration mode use the LOCATION CIVIC LOC...

Страница 1063: ...he location entry seat cube 411a state CA street suffix Blvd unit A11 Table 98 Abbreviated List of LLDP MED Civic Location Entry Parameters Parameter Example awplus enable Enter the Privileged Executi...

Страница 1064: ...ode for port 14 awplus config if lldp transmit receive Configure the port to send and receive LLDP advertisements awplus config if lldp location civic location id 8 Use the LLDP LOCATION command to ad...

Страница 1065: ...imal degrees The range is 90 0 to 90 0 The parameter accepts up to eight digits to the right of the decimal point lat resolution Latitude resolution as the number of valid bits The range is 0 to 34 lo...

Страница 1066: ...ntry are ID number 16 Latitude 37 29153547 Longitude 121 91528320 Datum nad83 navd Altitude 10 25 meters The example is assigned to port 15 The first series of commands creates the coordinate location...

Страница 1067: ...the parameter commands to define the entry awplus config_coord exit Return to the Global Configuration mode awplus config exit Return to the Privileged Exec mode awplus show location coord location i...

Страница 1068: ...s show lldp interface port1 0 15 Use the SHOW LLDP INTERFACE command to confirm the port is configured to send the location entry ID Element Type Element Value 16 Latitude Resolution 12 bits Latitude...

Страница 1069: ...TLV SELECT command to configure the ports to send the TLV in their advertisements Here is an example of how to create an ELIN location entry and apply it to a port The specifications of the entry are...

Страница 1070: ...us config if lldp location elin location id 3 Use the LLDP LOCATION command to add the ELIN location entry ID number 3 to the port awplus config if lldp med tlv select location Use the LLDP MED TLV SE...

Страница 1071: ...s ports 4 and 5 from including the system capabilities and the management address TLVs in their advertisements awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 5 awplu...

Страница 1072: ...in the Port Interface mode This example stops ports 6 and 11 from sending the location and inventory management TLVs in their advertisements awplus enable awplus configure terminal awplus config inte...

Страница 1073: ...y one entry at a time and must include both the type and the ID number of the location entry to be deleted This example deletes the civic location ID 22 awplus enable awplus configure terminal awplus...

Страница 1074: ...NO LLDP RUN command in the Global Configuration mode The command has no parameters After the protocols are disabled the switch neither sends advertisements to nor collects information from its neighb...

Страница 1075: ...is an example of the information Figure 176 SHOW LLDP Command The fields are defined in Table 104 on page 1121 LLDP Global Configuration Default Values LLDP Status Enabled Disabled Notification Interv...

Страница 1076: ...ns RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port V...

Страница 1077: ...e summary information The fields are defined in Table 106 on page 1132 To view all the neighbor information use the SHOW LLDP NEIGHBORS DETAIL command The command has this format show lldp neighbors d...

Страница 1078: ...e information the switch has received from all the neighbors awplus enable awplus clear lldp table This example clears the information the switch has received from the neighbor connected to port 11 aw...

Страница 1079: ...fter you have configured the ports or if you believe that ports are not sending the correct information The command has this format show lldp local info interface port To view the TLVs on all the port...

Страница 1080: ...ics for individual ports use this command show lldp statistics interface port You can view the statistics of more than one port at a time as demonstrated in this example which displays the LLDP statis...

Страница 1081: ...the neighbors LLDP LOCATION on page 1087 Port Interface Adds LLDP MED location information to the ports on the switch LLDP MANAGEMENT ADDRESS on page 1089 Port Interface Replaces the default managemen...

Страница 1082: ...and or accept LLDP and LLDP MED advertisements from their neighbors LLDP TX DELAY on page 1104 Global Configuration Sets the value of the transmission delay timer which is the minimum time interval be...

Страница 1083: ...E on page 1123 Privileged Exec Displays the LLDP port settings SHOW LLDP LOCAL INFO INTERFACE on page 1125 Privileged Exec Displays the current configurations of the LLDP advertisements that the ports...

Страница 1084: ...pecifies all the ports Mode Privileged Exec mode Description Use this command to clear the LLDP statistics packet and event counters on the ports You can delete the statistics from all ports or from s...

Страница 1085: ...o clear the LLDP and LLDP MED information the switch has received from its neighbors You can delete all the information the switch has amassed or only the information from neighbors on selected ports...

Страница 1086: ...ode Description Use this command to set the holdtime multiplier value The transmit interval is multiplied by the holdtime multiplier to give the Time To Live TTL the switch advertises to the neighbors...

Страница 1087: ...e Port Interface mode Description Use this command to add LLDP MED location information to the ports on the switch The same command is used to add civic coordinate and ELIN locations The specified loc...

Страница 1088: ...ldp location coord location id 11 This example adds the ELIN location ID 27 to port 21 awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config_if lldp location elin lo...

Страница 1089: ...esent Here are the possible default values for a port A port that belongs to the same VLAN as the management IP address uses the address as its TLV default value A port that belongs to a VLAN that doe...

Страница 1090: ...t IP address TLV awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if lldp management address 149 122 54 2 This example returns the management IP address TLV on p...

Страница 1091: ...ected from the specified ports To prevent the switch from transmitting topology change notifications refer to NO LLDP NOTIFICATIONS on page 1115 Confirmation Command SHOW LLDP INTERFACE on page 1123 E...

Страница 1092: ...ecifies the extended power via MDI TLV inventory management Specifies the inventory management TLV all Configures a port to send all LLDP MED TLVs Mode Port Interface mode Description Use this command...

Страница 1093: ...e terminal awplus config interface port1 0 3 port1 0 8 awplus config if lldp med tlv select inventory management This example configures port 2 to send the capabilities and the location TLVs to its ne...

Страница 1094: ...he NO form of this command to configure the switch to accept only advertisements with TLVs that adhere to the correct order Advertisements in which the TLVs are not in the standard order are discarded...

Страница 1095: ...d LLDP SNMP notifications traps To prevent ports from transmitting LLDP SNMP notifications refer to NO LLDP NOTIFICATIONS on page 1115 Confirmation Command SHOW LLDP INTERFACE on page 1123 Example Thi...

Страница 1096: ...e is 5 to 3600 seconds Mode Global Configuration mode Description Use this command to set the notification interval This is the minimum interval between LLDP SNMP notifications traps Confirmation Comm...

Страница 1097: ...lobal Configuration mode Description Use this command to set the re initialization delay This is the number of seconds that must elapse after LLDP is disabled on a port before it can be re initialized...

Страница 1098: ...iption Use this command to activate LLDP on the switch Once you have activated LLDP the switch begins to transmit and accept advertisements on its ports To deactivate LLDP refer to NO LLDP RUN on page...

Страница 1099: ...Use this command to set the transmit interval This is the interval between regular transmissions of LLDP advertisements The transmit interval must be at least four times the transmission delay timer...

Страница 1100: ...select all the TLVs use the ALL option The optional TLVs are listed in Table 101 Table 101 Optional TLVs TLV Description all Sends all optional TLVs link aggregation Advertises link aggregation value...

Страница 1101: ...ort is an untagged member power management Transmits Power over Ethernet PoE information protocol ids Transmits the protocols that are accessible through the port system capabilities The device s func...

Страница 1102: ...port1 0 5 awplus config if lldp tlv select all This example configures ports 14 and 22 to transmit the optional LLDP port description port vlan and system description TLVs awplus enable awplus configu...

Страница 1103: ...any optional LLDP TLVs they have been configured to send Ports configured to receive LLDP advertisements accept all advertisements from their neighbors Confirmation Command SHOW LLDP INTERFACE on pag...

Страница 1104: ...timer This is the minimum time interval between transmissions of LLDP advertisements due to a change in LLDP local information The transmission delay timer cannot be greater than a quarter of the tran...

Страница 1105: ...nfiguration mode Description Use this command to create or modify LLDP MED civic location entries on the switch This command moves you to the Civic Location mode which contains the parameters you use...

Страница 1106: ...parameters in a single location entry To remove parameters from a location entry use the NO forms of the parameter commands for example NO UNIT leading street direction West name J Smith neighborhood...

Страница 1107: ...ig location civic location identifier 5 awplus config_civic country US awplus config_civic city San Jose awplus config_civic state CA awplus config_civic building 100 awplus config_civic primary road...

Страница 1108: ...ommand moves you to the Coordinate Location mode which contains the parameters you use to define the entries The parameters are listed in Table 103 Table 103 LLDP MED Coordinate Location Entry Paramet...

Страница 1109: ...ter must be specified between the two keywords as shown here altitude n floors altitude meters Altitude in meters The range is 2097151 0 to 2097151 0 meters The parameter accepts up to eight digits to...

Страница 1110: ...ation identifier 16 awplus config_coord latitude 37 29153547 awplus config_coord longitude 121 91528320 awplus config_coord datum nad83 navd awplus config_coord altitude 10 25 meters awplus config_coo...

Страница 1111: ...ne ID number Mode Global Configuration mode Description Use this command to create or modify LLDP MED ELIN location entries on the switch To create a new ELIN TLV specify an unused ID number To modify...

Страница 1112: ...pology change notifications when devices are connected to or disconnected from the specified ports Confirmation Command SHOW LLDP INTERFACE on page 1123 Example This example configures the switch not...

Страница 1113: ...the location identification TLV power management ext Specifies the extended power via MDI TLV inventory management Specifies the inventory management TLV all Configures a port to stop sending all LLD...

Страница 1114: ...nfig interface port1 0 8 awplus config if no lldp med tlv select all This example stops ports 2 and 16 from transmitting the LLDP MED capabilities and network policy TLVs awplus enable awplus configur...

Страница 1115: ...de Description Use this command to prevent ports from sending LLDP SNMP notifications traps Confirmation Command SHOW LLDP INTERFACE on page 1123 Example This example prevents port 14 from transmittin...

Страница 1116: ...and LLDP MED on the switch The switch when LLDP and LLDP MED are disabled neither sends advertisements to nor collects information from its neighbors The LLDP settings are retained by the switch Confi...

Страница 1117: ...01 on page 1100 To stop ports from transmitting LLDP MED TLVs refer to NO LLDP MED TLV SELECT on page 1113 Confirmation Command SHOW LLDP INTERFACE on page 1123 Examples This example configures ports...

Страница 1118: ...g and or accepting LLDP and LLDP MED advertisements to or from their neighbors Confirmation Command SHOW LLDP INTERFACE on page 1123 Examples This example stops port 12 from transmitting or receiving...

Страница 1119: ...a time Mode Global Configuration mode Description Use this command to delete LLDP MED location entries from the switch The same command is used to remove civic locations coordinate locations and ELIN...

Страница 1120: ...LDP and LLDP MED Commands 1120 This example removes the ELIN location IDs 3 and 4 awplus enable awplus configure terminal awplus config no location elin location id 3 awplus config no location elin lo...

Страница 1121: ...LLDP is enabled or disabled on the switch Notification Interval Minimum interval between LLDP notifications Tx Timer Interval Transmit interval between regular transmissions of LLDP advertisements LLD...

Страница 1122: ...lay The re initialization delay This is the minimum time that must elapse after LLDP has been disabled before it can be initialized again Tx Delay The transmission delay This is the minimum time inter...

Страница 1123: ...Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi...

Страница 1124: ...ds 1124 Examples This example displays the LLDP settings for all the ports on the switch awplus show lldp interface This example displays the LLDP settings for ports 5 6 and 11 awplus show lldp interf...

Страница 1125: ...ve not established links with their LLDP counterparts cannot be displayed with this command See Figure 181 and Figure 182 on page 1126 Figure 181 SHOW LLDP LOCAL INFO INTERFACE Command LLDP Local Info...

Страница 1126: ...ower Via MDI PoE Not Supported Link Aggregation Supported Disabled Maximum Frame Size 1522 Octets LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy L...

Страница 1127: ...Neighbor Information Neighbors table last updated 0 hrs 0 mins 20 secs ago Chassis ID Type MAC address Chassis ID 0015 77d8 4360 Port ID Type Port component Port ID port1 0 25 TTL 120 secs Port Descri...

Страница 1128: ...mware Revision v1 0 0 Software Revision v1 0 0 Serial Number A04161H09020007 Manufacturer Name ATI Model Name AT 9000 52 Asset ID not advertised Table 105 SHOW LLDP NEIGHBORS DETAIL Command Parameter...

Страница 1129: ...and duplex mode of the port and whether the port was configured with Auto Negotiation Advertised Capability The auto negotiation port capabilities including 1000BaseTDF 100BaseTXFD 100BaseTX 10BaseTFD...

Страница 1130: ...k ID VID Layer 2 Priority Layer 2 user priority is in the range of 0 to 7 DSCP Value Indicates a DSCP priority level The range is 0 to 63 A level of 0 is the lowest priority and a level of 63 is the h...

Страница 1131: ...This example displays the information from all of the neighbors that are connected to ports 1 and 4 awplus show lldp neighbors interface port1 0 1 port1 0 4 Manufacturer Name The name of the company t...

Страница 1132: ...ained in Table 106 Total number of neighbors on these ports 1 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station Only LLDP MED...

Страница 1133: ...s a summary of the information from the neighbors connected to ports 1 and 4 awplus show lldp neighbors interface port1 0 1 port1 0 4 Neighbor Port Name The number of the neighbor s port that sent the...

Страница 1134: ...on the command displays is explained in Table 107 Table 107 SHOW LLDP STATISTICS Command Statistic Description Frame Out Number of LLDPDU frames transmitted Frame In Number of LLDPDU frames received F...

Страница 1135: ...ighbors has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information advertised by neighbors has been removed from the neighbor table Neighbors Dropped Entries N...

Страница 1136: ...e 187 SHOW LLDP STATISTICS INTERFACE Command The information the command displays is explained in Table 108 Table 108 SHOW LLDP STATISTICS INTERFACE Command Statistic Description Frame Out Number of L...

Страница 1137: ...he port Neighbors New Entries Number of times the information advertised by the neighbor on the port has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information...

Страница 1138: ...splay the civic coordinate or ELIN location entries on the switch Here is an example of a civic location entry Figure 188 SHOW LOCATION Command for a Civic Location The information the command display...

Страница 1139: ...e coordinate location entries awplus show location coord location The following example displays only coordinate location entry 16 awplus show location coord location identifier 16 The following examp...

Страница 1140: ...Chapter 68 LLDP and LLDP MED Commands 1140...

Страница 1141: ...ss Resolution Protocol ARP This chapter contains the following topics Overview on page 1142 Adding Static ARP Entries on page 1143 Deleting Static and Dynamic ARP Entries on page 1144 Displaying the A...

Страница 1142: ...ulate the ARP table in the cache These are called dynamic ARP entries Dynamic ARP entries are updated in two ways During regular operations When a node receives frames from the media it records the so...

Страница 1143: ...tes statically you can reduce ARP broadcasting requests To add a static ARP entry use the ARP command in the Global Configuration mode Here is the format of the command arp ipaddress macaddress port_n...

Страница 1144: ...once The following example deletes all of the dynamic ARP entries in the ARP cache awplus enable awplus clear arp cache You can delete one static ARP entry with the NO ARP IP ADDRESS command The foll...

Страница 1145: ...arp An example is shown in Figure 189 Figure 189 SHOW ARP Command The fields are described in Table 112 on page 1152 IP ARP ARP Cache Timeout 300 seconds Total ARP Entries 215 IP Address MAC Address...

Страница 1146: ...Chapter 69 Address Resolution Protocol ARP 1146...

Страница 1147: ...on page 1148 Global Configuration Adds static ARP entries to the ARP cache CLEAR ARP CACHE on page 1150 User Exec and Privileged Exec Deletes all dynamic ARP entries from the ARP cache NO ARP IP ADDR...

Страница 1148: ...P address Mode Global Configuration mode Description Use this command to add the static ARP entry of a host to the ARP cache The ARP entry must not already exist in the ARP cache The switch can suppor...

Страница 1149: ...de 1149 Example The following example creates an ARP entry for the IP address 192 168 1 3 and the MAC address 7a 54 2b 11 65 72 on port 25 awplus enable awplus configure terminal awplus config arp 192...

Страница 1150: ...es User Exec mode and Privileged Exec mode Description Use this command to delete all dynamic ARP entries from the ARP cache on the switch Confirmation Command SHOW ARP on page 1152 Example The follow...

Страница 1151: ...tion Use this command to delete a static ARP entry from the ARP cache Static ARP entries do not expire and you must remove them manually This command can delete only one ARP entry at a time Confirmati...

Страница 1152: ...ble are described in Table 112 IP ARP ARP Cache Timeout 300 seconds Total ARP Entries 2 IP Address MAC Address Interface Port Type 10 0 0 1 eccd 6d41 9e57 vlan1 port1 0 10 Dynamic 10 0 0 150 000c 2957...

Страница 1153: ...rp Type Indicates the type of entry The type is one of the following Static Static entry added with the ARP IP ADDRESS MAC ADDRESS command Dynamic Dynamic entry learned from ARP request reply exchange...

Страница 1154: ...Chapter 70 Address Resolution Protocol ARP Commands 1154...

Страница 1155: ...1155 Chapter 71 RMON This chapter contains the following topics Overview on page 1156 RMON Port Statistics on page 1157 RMON Histories on page 1159 RMON Alarms on page 1162...

Страница 1156: ...to identify traffic trends or patterns For instructions refer to RMON Histories on page 1159 Alarm group This group is used to create alarms that trigger event log messages or SNMP traps when statisti...

Страница 1157: ...Interface mode Here is the format of the command rmon collection stats stats_id owner owner The STATS_ID parameter is the ID number of the new group The range is 1 to 65535 The groups will be easier...

Страница 1158: ...lege Exec mode awplus show rmon statistics Here is an example of the information Figure 191 SHOW RMON STATISTICS Command The fields are described in Table 119 on page 1194 Deleting Statistics Groups T...

Страница 1159: ...ups on page 1160 Deleting History Groups on page 1161 Adding History Groups The command for creating history groups is the RMON COLLECTION HISTORY command This command is in the Port Interface mode be...

Страница 1160: ...three buckets the switch deletes the first bucket when it adds the fourth bucket To stop a history from gathering any more statistics you must delete it This example configures the switch to take a s...

Страница 1161: ...switch The switch stops collecting port statistic histories as soon as you enter the command This example of the command deletes the history group with the ID 2 on port 2 awplus enable awplus configur...

Страница 1162: ...Here are the three components that comprise RMON alarms RMON statistics group A port must have an RMON statistics group if it is to have an alarm When you create an alarm you specify the port to whic...

Страница 1163: ...er Here is the command to create events that send SNMP traps rmon event event_id trap community_string description description owner owner This command creates events that both send SNMP traps and ent...

Страница 1164: ...MIB object names and numbers for use in the OID portion of the variable For the complete list refer to Table 115 on page 1178 The second part of the OID STATS_ID variable is the ID number of the stati...

Страница 1165: ...3 6 1 2 1 16 1 1 1 5 The alarm is assigned the ID number 1 and triggers event 3 which enters a message in the event log if the ingress traffic on the port exceeds 20000 packets per minute or falls bel...

Страница 1166: ...istics group ID number 22 Interval 60 seconds Rising threshold 20000 packets Rising threshold event 3 Falling threshold 1000 packets Falling threshold event 3 awplus configure terminal Enter the Globa...

Страница 1167: ...re are the steps to create the community string assign it the IP addresses of the host nodes and activate SNMP on the switch awplus configure terminal Enter the Global Configuration mode awplus config...

Страница 1168: ...ith the SHOW SNMP SERVER command awplus show snmp server community Verify the new community string with the SHOW SNMP SERVER COMMUNITY command awplus show running config Verify the host IP addresses o...

Страница 1169: ...the steps to creating the alarm awplus configure terminal Enter the Global Configuration mode awplus config rmon event 2 log trap Station12ap description trap_and_log_event Create the event with the R...

Страница 1170: ...Chapter 71 RMON 1170 awplus show rmon alarm Use the SHOW RMON ALARM command to verify the new alarm...

Страница 1171: ...ge 1177 Global Configuration Creates alarms to monitor RMON statistics on the ports RMON COLLECTION HISTORY on page 1180 Port Interface Creates history groups on the ports RMON COLLECTION STATS on pag...

Страница 1172: ...ivileged Exec Displays the RMON history groups that are assigned to the ports on the switch SHOW RMON STATISTICS on page 1194 Privileged Exec Displays the statistics groups that are assigned to the po...

Страница 1173: ...you want to delete You can delete only one alarm at a time The range is 1 to 65535 Mode Global Configuration mode Description Use this command to delete alarms from the switch Confirmation Command SH...

Страница 1174: ...ly one group at a time The range is 1 to 65535 Mode Port Interface mode Description Use this command to delete history groups from ports on the switch Confirmation Command SHOW RMON HISTORY on page 11...

Страница 1175: ...to delete The range is 1 to 65535 Mode Port Interface mode Description Use this command to delete statistics groups from ports on the switch Confirmation Command SHOW RMON STATISTICS on page 1194 Exam...

Страница 1176: ...lete from the switch You can delete only one event at a time The range is 1 to 65535 Mode Global Configuration mode Description Use this command to delete events from the switch Confirmation Command S...

Страница 1177: ...more information on the OID and STATS_ID variables refer to Creating RMON Alarms on page 1164 interval Specifies the polling interval in seconds The range is 1 to 65535 seconds delta Specifies that t...

Страница 1178: ...OLLECTION STATS on page 1182 The port of an alarm is specified indirectly in the command You use the STATS_ID parameter to specify the ID number of the RMON statistics group you added to the port The...

Страница 1179: ...refer to RMON Alarms on page 1162 etherStatsMulticastPkts 1 3 6 1 2 1 16 1 1 1 7 stats_id etherStatsCRCAlignErrors 1 3 6 1 2 1 16 1 1 1 8 stats_id etherStatsUndersizePkts 1 3 6 1 2 1 16 1 1 1 9 stats_...

Страница 1180: ...e switch to capture snapshots of the RMON statistics of the ports over time You can view the snapshots with an SNMP program to look for trends or patterns in the numbers or types of ingress packets on...

Страница 1181: ...es eight buckets because there are eight fifteen minute intervals in two hours The group is assigned the ID number 1 awplus enable awplus configure terminal awplus config interface port1 0 14 awplus c...

Страница 1182: ...ups on the ports of the switch The groups are used to view RMON port statistics from SNMP workstations on your network and to create RMON alarms A port can have only one RMON statistics group and a gr...

Страница 1183: ...the event Spaces and special characters are not allowed Mode Global Configuration mode Description Use this command to create events for RMON alarms This type of event enters a message in the event l...

Страница 1184: ...xist on the switch description Specifies a description of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed owner Specifies an owner of up to 20 alphanumeric...

Страница 1185: ...eates an event for RMON alarms with an ID of 2 a community string of station43a a description of broadcast_packets and an owner named jones awplus enable awplus configure terminal awplus config rmon e...

Страница 1186: ...must already exist on the switch description Specifies a description of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed owner Specifies an owner of up to...

Страница 1187: ...1187 Example The following example creates an event with an ID of 4 a community string of st_west8 and a description of router_north awplus enable awplus configure terminal awplus config rmon event 4...

Страница 1188: ...f the information Figure 193 SHOW RMON ALARM Command Alarm Index 2 Variable etherStatsBroadcastPkts 2 Interval 80 Alarm Type rising and falling Rising Threshold 1000 Event Index 5 Falling Threshold 10...

Страница 1189: ...r the port and MIB object Interval The polling interval in seconds Alarm Type The alarm type This is always rising and falling meaning the alarm has both a rising threshold and a falling threshold Ris...

Страница 1190: ...17 Event index 2 Description broadcast_packets Event type log trap Event community name wkst12a Last Time Sent 0 Owner Agent Event index 3 Description port24_traffic Event type log Event community nam...

Страница 1191: ...message in the event log and sends an SNMP trap Event community name The SNMP community string used to send SNMP traps Last Time Sent The number of seconds the switch had been operating when it last...

Страница 1192: ...N HISTORY Command The fields are described in Table 118 Table 118 SHOW RMON HISTORY Command Parameter Description History Index The ID number of the history group History Index 1 Data source ifindex 2...

Страница 1193: ...t created the history group Buckets granted The number of buckets allocated by the switch for the history group The value in this field will be less than the value in the buckets requested field if th...

Страница 1194: ...ATISTICS Command The fields are described in Table 119 Example awplus show rmon statistics Table 119 SHOW RMON STATISTICS Command Parameter Description Stats Index The ID number of the port statistics...

Страница 1195: ...s Overview on page 1196 Creating ACLs on page 1199 Assigning ACLs to Ports on page 1214 Removing ACLs from Ports on page 1217 Restricting Remote Access on page 1219 Unrestricting Remote Access on page...

Страница 1196: ...ered IPv4 ACLs and Numbered MAC ACLs are identified by ID numbers The ID number range for Numbered IPv4 ACLs is 3000 to 3699 The ID number range for Numbered MAC ACLs is 4000 to 4699 In addition Numbe...

Страница 1197: ...CLs and forward all other traffic A port that has one ACL that specifies a particular source IP address for example discards all ingress packets with the specified source address and forwards all othe...

Страница 1198: ...sult you must apply ACLs to the ingress ports of the designated traffic flows ACLs for static port trunks or LACP trunks must be assigned to the individual ports of the trunks Because ports by default...

Страница 1199: ...ample on page 1206 Numbered IPv4 ACL with TCP Port Packets Example on page 1207 Numbered IPv4 ACL with UDP Port Packets Example on page 1209 Table 121 ACCESS LIST Commands for Creating Numbered IPv4 A...

Страница 1200: ...to forward a subset of packets that are otherwise discarded deny Discards all ingress packets that match the ACL copy to mirror Copies all ingress packets that match the ACL to the destination port o...

Страница 1201: ...ed IPv4 ACLs that block all traffic with specified subnets 149 87 201 0 24 and 149 87 202 0 24 If you want a port to forward a subset of packets of a more specific traffic flow you have to create a pe...

Страница 1202: ...specified network devices and discard all other ingress traffic The allowed traffic is specified with three permit ACLs Table 124 Creating a Permit ACL Followed by a Deny ACL Example Command Descript...

Страница 1203: ...54 32 any Create the three permit ACLs with the ACCESS LIST command awplus config access list 3018 deny ip any any Create the deny ACL awplus config interface port1 0 21 port1 0 22 Move to the Port In...

Страница 1204: ...tering criteria of the ACL Here are the possible actions permit Forwards all ingress packets that match the ACL Ports by default accept all ingress packets Consequently a permit ACL Table 126 ACL Filt...

Страница 1205: ...The IPv4 address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches packets with a specified IPv4 address and is an alternative to the IPADRESS MASK variable for a...

Страница 1206: ...n port of the mirror port This action must be used together with the port mirror feature explained in Chapter 21 Port Mirror on page 407 The protocol_number parameter specifies a protocol number You c...

Страница 1207: ...to 3699 Within this range you can number ACLs in any order The ACTION parameter specifies the action that the port performs on packets matching the filtering criteria of the ACL Here are the possible...

Страница 1208: ...r specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The lt parameter matches packets that are less than the TCP port number specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The gt paramet...

Страница 1209: ...ackets Consequently a permit ACL is only necessary when you want a port to forward a subset of packets that are otherwise discarded deny Discards all ingress packets that match the ACL copy to mirror...

Страница 1210: ...d indicates that the IPv4 address is assigned to a specific end node and that no mask is required The eq parameter matches packets that are equal to the UDP port number specified by the SRC_UDP _PORT...

Страница 1211: ...mask dst_mac_address ANY dst_mac_mask The id_number parameter specifies the ID number for the new ACL The range is 4000 to 4699 The ACTION parameter specifies the action that the port performs on pack...

Страница 1212: ...0 or F Use a 0 mask to indicate the parts of the MAC address the ACL is to filter Use an F mask for parts of the MAC address the ACL should ignore Note Do not include a mask if you specified ANY as t...

Страница 1213: ...nter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config access list 4102 deny any a4 54 86 12 00 00 00 00 00 00 ff f...

Страница 1214: ...CLs you must assign the permit ACLs to a port first because ingress packets are compared against the ACLs in the order in which they are added to the ports If you add the deny ACLs first the ports may...

Страница 1215: ...tarting with 45 2A B5 ACL 4055 denies all other MAC addresses Then assign both ACLs to port 7 Table 132 Assigning Numbered IPv4 ACLs Command Description awplus enable Enter the Privileged Executive mo...

Страница 1216: ...Port Interface mode for port 7 awplus config_if mac access group 4025 Apply the ACL to the port with the ACCESS GROUP command awplus config_if mac access group 4055 Apply the ACL to the port with the...

Страница 1217: ...age 1233 With this command you can remove one ACL at a time See Table 134 The following example removes an ACL with an ID number of 3082 from port 15 Removing MAC Address ACLs To remove a MAC ACL from...

Страница 1218: ...g MAC Address ACLs Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus confi...

Страница 1219: ...g Numbered IP ACLs to VTY Lines on page 1219 Assigning MAC ACLs to VTY Lines on page 1220 Assigning Named IPv4 and IPv6 ACLs to VTY Lines on page 1221 Assigning Numbered IP ACLs to VTY Lines The follo...

Страница 1220: ...10 0 0 3 full access to the switch awplus config access list 3001 deny ip any host 10 0 0 20 Creates an ACL with an ID number of 3001 that denies all IP addresses access to the switch awplus config l...

Страница 1221: ...10 0 0 7 has remote access to the switch See Table 138 awplus config mac access list 4000 permit ip host 10 0 0 5 host 10 0 0 20 Creates an ACL with an ID number of 4000 that allows IP address 10 0 0...

Страница 1222: ...nfig ip acl permit ip host 10 0 0 7 host 10 0 0 20 Allows IP address 10 0 0 7 full access to the switch awplus config ip acl deny ip any host 10 0 0 20 Denies access all IP addresses access to the swi...

Страница 1223: ...bnet mask 2001 odb8 a2 64 full access to the switch awplus config ipv6 acl deny ip any host 2001 odb8 a5 64 Denies access all IP addresses access to the switch awplus config ipv6 acl exit Exit the Con...

Страница 1224: ...oved from VTY Lines 0 through 9 See Table 140 Table 140 Removing Numbered IP ACLs from VTY Lines Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive m...

Страница 1225: ...3018 and 3019 from the switch The following example deletes a MAC ACL with ID number 4415 from the switch Table 141 Deleting Numbered IP ACLs Example 1 Command Description awplus enable Enter the Pri...

Страница 1226: ...7 SHOW ACCESS LIST Command As you can see from the example the SHOW ACCESS LIST command does not display which if any ports the ACLs are assigned to To display that information use the SHOW INTERFACE...

Страница 1227: ...ACLs assigned to VTY lines Here is the format of the command awplus show running config See Figure 199 for an example of the display that pertains to ACLs assigned to VTY lines For more information a...

Страница 1228: ...Chapter 73 Advanced Access Control Lists ACLs 1228...

Страница 1229: ...ddresses ACCESS LIST IP on page 1241 Global Configuration Creates ACLs that filter packets based on source and destination IP addresses ACCESS LIST PROTO on page 1245 Global Configuration Creates ACLs...

Страница 1230: ...address ACLs from ports on the switch SHOW ACCESS LIST on page 1262 Privileged Exec Displays the ACLs on the switch SHOW INTERFACE ACCESS GROUP on page 1264 Privileged Exec Displays the port assignmen...

Страница 1231: ...de Description Use this command to assign an Access Control List to a VTY This is done to restrict the remote access of the switch via Telnet Web SNMP or SSH access You can add one ACL to multiple VTY...

Страница 1232: ...lly ACL 3025 is assigned to VTY lines 0 through 9 The result is that IP address 10 0 0 3 has full remote access to the switch All other IP addresses are denied remote access to the switch awplus enabl...

Страница 1233: ...signed ACLs This command works for all ACLs except for MAC address ACLs which are added to ports with the MAC ACCESS GROUP command See MAC ACCESS GROUP on page 1258 Note If a port is to have both perm...

Страница 1234: ...rt 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if access group 3022 This example removes an IP ACL with an ID of 3001 from port 7 awplus enable awplus c...

Страница 1235: ...n with the port mirror feature explained in Chapter 21 Port Mirror on page 407 src_mac_address Specifies the source MAC address of the ingress packets Here are the possible options src_mac_address Spe...

Страница 1236: ...ss the ACL is to filter Specify F for parts of the MAC address the ACL should ignore Mode Global Configuration mode Description Use this command to create ACLs that filter packets based on source and...

Страница 1237: ...ple configures port 7 to accept only those packets that have source MAC addresses starting with 45 2A B5 awplus enable awplus configure terminal awplus config access list 4025 permit 45 2a b5 00 00 00...

Страница 1238: ...he access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal numb...

Страница 1239: ...ription Use this command to create Numbered IPv4 ACLs that identify traffic flows based on ICMP and source and destination IP addresses Confirmation Commands SHOW ACCESS LIST on page 1262 and SHOW INT...

Страница 1240: ...313 0 24 subnets respectively The ACLs are assigned the ID numbers 3045 and 3046 awplus enable awplus configure terminal awplus config access list 3045 deny icmp 115 201 312 0 24 115 201 313 0 24 awpl...

Страница 1241: ...ress Specifies the source IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP...

Страница 1242: ...ant the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Global Configuration mode Description Use this command to create ACLs that identify traffic fl...

Страница 1243: ...from the 157 11 21 0 subnet and are going to an end node with the IP address 157 11 21 45 The VID of the tagged packets is 15 awplus enable awplus configure terminal awplus config access list 3202 den...

Страница 1244: ...22 port1 0 23 awplus config_if access group 3011 awplus config_if access group 3012 awplus config_if end awplus show access list awplus show interface port1 0 22 port1 0 23 access group This example...

Страница 1245: ...specify one protocol number Refer to Table 144 Protocol Numbers on page 1246 for the list of protocol numbers scr_ipaddress Specifies the source IP address of the ingress packets the access list shou...

Страница 1246: ...ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Global Configuration mode Confirmation Comman...

Страница 1247: ...ntrol Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP...

Страница 1248: ...list awplus show interface port1 0 2 access group This example adds a deny access list to ports 5 and 6 so that they discard all tagged ingress packets that have the protocol 17 number and the VID 12...

Страница 1249: ...col 54 The permit ACL is assigned the ID number 3014 and the deny ACL which blocks all protocol 54 packets is assigned the ID number 3025 awplus enable awplus configure terminal awplus config access l...

Страница 1250: ...of the ingress packets the access list should filter Choose one of the following any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The...

Страница 1251: ...ring a range of TCP port numbers dst_ipaddress Specifies the destination IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddr...

Страница 1252: ...ACL that discards all untagged ingress packets that have the source and destination TCP port number 165 The ACL is applied to port 1 and assigned the ID number 3078 awplus enable awplus configure ter...

Страница 1253: ...mple configures port 21 to forward untagged TCP port 67 to 87 packets only if they are from the 154 11 234 0 network and are going to the 154 11 235 0 network This example requires a permit ACL becaus...

Страница 1254: ...f the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The...

Страница 1255: ...ring a range of UDP port numbers dst_ipaddress Specifies the destination IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddr...

Страница 1256: ...p any range 0 65535 any range 0 65535 awplus config interface port1 0 18 port1 0 19 awplus config_if access group 3118 awplus config_if end awplus show access list awplus show interface port1 0 18 por...

Страница 1257: ...plus show access list awplus show interface port1 0 18 access group This example configures port 21 to forward tagged UDP port 67 to 87 packets only if they are from the 154 11 234 0 network and are g...

Страница 1258: ...this command NO MAC ACCESS LIST to remove a MAC address ACL from a switch Note If a port is to have both permit and deny ACLs you must add the permit ACLs first because ingress packets are compared ag...

Страница 1259: ...ription Use this command to delete ACLs from the switch ACLs must first be removed from their port assignments before they can be deleted For instructions refer to NO ACCESS GROUP on page 1260 and NO...

Страница 1260: ...mmand to remove ACLs from ports on the switch This command works for all ACLs except for MAC address ACLs which are removed with NO MAC ACCESS GROUP on page 1261 Confirmation Command SHOW INTERFACE AC...

Страница 1261: ...at a time with this command Mode Port Interface mode Description Use this command to remove MAC address ACLs from ports on the switch Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1264 Exam...

Страница 1262: ...Indicates a MAC ACL list name Indicates a Named IP ACL Mode Privileged Exec mode Description Use this command to display the configurations of the Numbered IPv4 MAC and Named IPv4 ACLs on the switch I...

Страница 1263: ...access list Figure 200 SHOW ACCESS LIST Command IP access list 3104 deny 149 87 201 1 mask 255 255 255 0 any MAC access list 4400 permit any any IP access list icmppermit ICMP permit an any time rang...

Страница 1264: ...ec mode Description Use this command to display the port assignments of the ACLs Here is an example of the information Figure 201 SHOW INTERFACE ACCESS GROUP Command Example This example displays the...

Страница 1265: ...specified CoS value MLS QOS SET DSCP on page 1274 Port Interface Remarks all egress packets on a port with the specified DSCP value MLS QOS TRUST COS on page 1275 Port Interface Configures ports to u...

Страница 1266: ...the mappings of CoS priority values to egress queues SHOW MLS QOS MAPS DSCP QUEUE on page 1283 Privileged Exec Displays the mappings of DSCP priority values to port egress queues WRR QUEUE WEIGHT on...

Страница 1267: ...ers None Mode Global Configuration mode Description Use this command to activate QoS on the switch so that ingress packets are stored in egress queues according to their CoS or DSCP values Confirmatio...

Страница 1268: ...one queue Mode Port Interface mode Description Use this command to map CoS priorities to port egress queues An egress queue can have more than one priority but you can assign just one priority at a t...

Страница 1269: ...qos map cos queue 1 to 5 awplus config if mls qos map cos queue 2 to 5 awplus config if mls qos map cos queue 3 to 6 This example restores the default mappings of the CoS priorities to the egress que...

Страница 1270: ...e Mode Port Interface mode Description Use this command to map DSCP priorities to port egress queues An egress queue can have more than one priority but you can assign just one priority at a time with...

Страница 1271: ...11 to 7 awplus config if mls qos map cos queue 12 to 7 awplus config if mls qos map cos queue 13 to 7 This example restores the default mappings of the DSCP priorities to the egress queues on port 3 a...

Страница 1272: ...default egress queue for any packet arriving on the port When no default queue is configured the cos queue map is used to choose the queue for packets Confirmation Command SHOW RUNNING CONFIG on page...

Страница 1273: ...s packets on a port with the specified CoS value Use the NO form of this command to remove remark CoS values from ports Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example config...

Страница 1274: ...ets on a port with the specified DSCP value Use the NO form of this command to remove remark DSCP values from ports Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example configures...

Страница 1275: ...ets Note QoS must be enabled on the switch before you can use this command Use the NO form of this command to stop ports from using the CoS priorities in ingress packets to determine the egress queues...

Страница 1276: ...re the packets Note QoS must be enabled on the switch before you can use this command Use the NO form of this command to stop ports from using the DSCP priorities in ingress packets to determine the e...

Страница 1277: ...MLS QOS ENABLE Syntax no mls qos enable Parameters None Mode Global Configuration mode Description Use this command to disable QoS on the switch When QoS is disabled all traffic is treated the same Ex...

Страница 1278: ...heduling method on the ports to strict priority so that they transmit packets from higher priority queues before packets in lower priority queues Confirmation Command SHOW MLS QOS INTERFACE on page 12...

Страница 1279: ...ignments of weights to egress queues Figure 202 and Figure 203 on page 1280 are examples of a port set to strict priority Figure 202 SHOW MLS QOS INTERFACE Command Strict Priority Default CoS 0 Defaul...

Страница 1280: ...eduler Strict Priority Weight N A Default CoS 0 Default Queue 2 Number of egress queues 8 Trust Mark Remark Egress Queue 0 Scheduler Weighted Round Robin Weight 1 Egress Queue 1 Scheduler Weighted Rou...

Страница 1281: ...packets that do not have a value Default Queue Specifies the default egress queue for packets that do not have a COS value Number of egress queues Specifies the number of egress queues on the port Eac...

Страница 1282: ...igure 205 SHOW MLS QOS MAPS COS QUEUE Command The CoS values in the first line are matched with the egress queue assignments in the second line For example in Figure 205 of port 1 packets with CoS 0 a...

Страница 1283: ...w mls qos maps dscp queue interface port Parameters port Specifies the port to display You can view only one port at a time Mode Privileged Exec mode Description Use this command to display the mappin...

Страница 1284: ...ess queues are set with MLS QOS MAP DSCP QUEUE on page 1270 Example This example displays the DSCP mappings for port 21 awplus show mls qos maps dscp queue interface port1 0 21 Interface port1 0 21 DS...

Страница 1285: ...specify all eight queues For example to assign a weight of 1 to Q0 and Q1 a weight of 5 to Q2 and Q3 a weight of 10 to Q4 and Q5 and a weight of 15 to Q6 and Q7 you enter this parameter as 1 1 5 5 10...

Страница 1286: ...Chapter 75 Quality of Service QOS Commands 1286 Section X Network Management awplus config interface port1 0 3 awplus config if wrr queue weight 1 1 10 10 15 15 15 15...

Страница 1287: ...1321 Chapter 81 Telnet Client Commands on page 1325 Chapter 82 Secure Shell SSH Server on page 1329 Chapter 83 SSH Server Commands on page 1341 Chapter 84 Non secure HTTP Web Browser Server on page 1...

Страница 1288: ...1288...

Страница 1289: ...on page 1293 Deleting Local Manager Accounts on page 1295 Activating Command Mode Restriction and Creating the Special Password on page 1296 Deactivating Command Mode Restriction and Deleting the Spec...

Страница 1290: ...ere in the command mode structure managers can go and consequently which commands they can access The privilege levels are 1 and 15 Manager accounts with a privilege level of 15 have access to the ent...

Страница 1291: ...yption When you create a new manager account you have to assign it a password You also have to create a new password if you activate command mode restrictions The commands for creating manager account...

Страница 1292: ...asswords of new manager accounts When you deactivate password encryption with the NO SERVICE PASSWORD ENCRYPTION command the switch searches the running configuration and decrypts passwords that were...

Страница 1293: ...password is case sensitive and can have up to 16 alphanumeric characters including punctuation and printable special characters Spaces are not permitted To enter an encrypted password precede it with...

Страница 1294: ...76 Local Manager Accounts 1294 Passwords entered in encrypted form remain encrypted in the running configuration even if you disable password encryption by issuing the NO SERVICE PASSWORD ENCRYPTION...

Страница 1295: ...e the switch If you delete the account with which you logged on to the switch your current management session is not interrupted But you will not be able to use that account again to log in and config...

Страница 1296: ...hanging the password is the ENABLE PASSWORD command in the Global Configuration mode The switch can have only one special password Here is the format of the command enable password 8 password The PASS...

Страница 1297: ...password is the NO ENABLE PASSWORD command in the Global Configuration mode When command mode restriction is deactivated manager accounts with a privilege level of 15 do not have to enter the special...

Страница 1298: ...erminal awplus config service password encryption When password encryption is activated the switch searches the running configuration for plaintext passwords and encrypts them It also automatically en...

Страница 1299: ...lay the running configuration Here is an example of several accounts Figure 209 Displaying the Local Manager Accounts in the Running Configuration username manager privilege 15 password WestWind11a us...

Страница 1300: ...Chapter 76 Local Manager Accounts 1300...

Страница 1301: ...h and specifies the password NO ENABLE PASSWORD on page 1304 Global Configuration Deactivates command mode restriction on the switch NO SERVICE PASSWORD ENCRYPTION on page 1305 Global Configuration Di...

Страница 1302: ...managers with a privilege level of 1 must enter the password to move to the Privileged Exec mode from the User Exec mode Managers who do not know the password or have a privilege level of 1 are restr...

Страница 1303: ...AT 9000 Switch Command Line User s Guide 1303 awplus enable awplus configure terminal awplus config enable password 8 1255bbf963118fcf750aca356d 35f6ab...

Страница 1304: ...activate command mode restriction on the switch to allow managers who have the privilege level 15 to access all of the command modes without having to enter the special password Confirmation Command S...

Страница 1305: ...onfiguration file unless they are entered in their encrypted forms in the USERNAME command Also the switch decrypts all of the passwords of the current manager accounts in the running configuration fi...

Страница 1306: ...Note You can delete the default manager account from the switch Caution Do not delete all of the local manager accounts that have the privilege level 15 if the switch does not have any remote RADIUS o...

Страница 1307: ...assword encryption This feature encrypts all of the manager account passwords in the running configuration of the switch and the passwords of new manager accounts This is the default setting for passw...

Страница 1308: ...odes unless command mode restriction is activated Manager accounts with the privilege level 1 are restricted to the User Exec mode 8 Specifies that the password is encrypted password Specifies the pas...

Страница 1309: ...e password is laf238pl awplus enable awplus configure terminal awplus config username allen privilege 15 password laf238pl This example creates a manager account for the user sjones The privilege leve...

Страница 1310: ...Chapter 77 Local Manager Account Commands 1310...

Страница 1311: ...ter 78 Telnet Server This chapter provides the following topics Overview on page 1312 Enabling the Telnet Server on page 1313 Disabling the Telnet Server on page 1314 Displaying the Telnet Server on p...

Страница 1312: ...ve access to it through routers or other Layer 3 devices If the Telnet clients are not members of the same subnet as the switch s management IP address the switch must have a default gateway This is t...

Страница 1313: ...command awplus enable awplus configure terminal awplus config service telnet Once the server is started you can conduct remote management sessions over your network from Telnet clients provided that...

Страница 1314: ...no service telnet Note If you disable the server from a remote Telnet management session your session ends To resume managing the unit establish a local management session or remote web browser sessi...

Страница 1315: ...display the status of the Telnet server use the SHOW TELNET command in the User Exec mode or Privileged Exec mode Here is the command awplus show telnet Here is the information the command displays Fi...

Страница 1316: ...Chapter 78 Telnet Server 1316...

Страница 1317: ...chapter Table 148 Telnet Server Commands Command Mode Description NO SERVICE TELNET on page 1318 Global Configuration Disables the Telnet server SERVICE TELNET on page 1319 Global Configuration Enable...

Страница 1318: ...gement session ends if you disable the server from a remote Telnet session To resume managing the unit establish a local management session or remote web browser session If the maximum number of manag...

Страница 1319: ...tch with a Telnet application protocol The default setting for the Telnet server is enabled Note The switch must have a management IP address for remote Telnet management For background information re...

Страница 1320: ...tion Use this command to display the status of the Telnet server on the switch The status of the server can be either enabled or disabled Here is the information Figure 211 SHOW TELNET Command Example...

Страница 1321: ...1321 Chapter 80 Telnet Client This chapter provides the following topics Overview on page 1322 Starting a Remote Management Session with the Telnet Client on page 1323...

Страница 1322: ...s that have IPv6 addresses For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The other network devices that you intend to manage with the Telnet client must be member...

Страница 1323: ...Telnet client The default is 23 For example if the IPv4 address of the remote device is 149 174 154 12 you enter awplus enable awplus telnet 149 174 154 12 You should now see the login prompts of the...

Страница 1324: ...Chapter 80 Telnet Client 1324...

Страница 1325: ...tail within the chapter Table 149 Telnet Client Commands Command Mode Description TELNET on page 1326 Privileged Exec Starts Telnet management sessions on remote devices that have IPv4 addresses TELNE...

Страница 1326: ...rt number of the Telnet client The default value is 23 Mode Privileged Exec mode Description Use this command to start Telnet management sessions on network devices that have IPv4 addresses You can ma...

Страница 1327: ...et client The default value is 23 Mode Privileged Exec mode Description Use this command to start Telnet management sessions on network devices that have IPv6 addresses You can manage just one remote...

Страница 1328: ...Chapter 81 Telnet Client Commands 1328...

Страница 1329: ...erview on page 1330 Support for SSH on page 1331 SSH and Enhanced Stacking on page 1333 Creating the Encryption Key Pair on page 1335 Enabling the SSH Server on page 1336 Disabling the SSH Server on p...

Страница 1330: ...ent workstation exchange during management sessions are encrypted In contrast Telnet management sessions are unsecured and are vulnerable to snooping because the packets are sent in readable text The...

Страница 1331: ...lt port The following SSH options and features are not supported IDEA or Blowfish encryption Non encrypted Secure Shell sessions Tunnelling of TCP IP traffic Guidelines Here are the guidelines to usin...

Страница 1332: ...re you activate and configure SSH server on the master switch not on the member switches Note If your switch is in a network that is protected by a firewall you may need to configure the firewall to p...

Страница 1333: ...ement station Enhanced stacking uses a proprietary protocol different from Telnet and SSH protocols Consequently there is no encryption between a master switch and a member switch The result is that S...

Страница 1334: ...1334 Because enhanced stacking does not allow for SSH encrypted management sessions between a management station and a member switch you configure SSH only on the master switch of a stack Activating S...

Страница 1335: ...ause you can specify a length in bits by using the VALUE parameter in the command The other keys have a fixed key length of 1024 bits The range is 768 to 2048 bits Entering the length is optional This...

Страница 1336: ...dure The command that activates the server is the SERVICE SSH command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config service ssh After you e...

Страница 1337: ...r the following commands awplus enable awplus configure terminal awplus config no service ssh Note If you disable the server during a remote SSH management session your session ends To resume managing...

Страница 1338: ...SH management session your session ends To resume managing the unit with the manager account you must wait for the console timer on the switch to expire and then establish a local management session o...

Страница 1339: ...0 Switch Command Line User s Guide 1339 Displaying the SSH Server To display the current settings of the server enter this command in the Privileged Exec or Global Configuration mode awplus show ssh s...

Страница 1340: ...Chapter 82 Secure Shell SSH Server 1340...

Страница 1341: ...CRYPTO KEY GENERATE HOSTKEY on page 1344 Global Configuration Creates encryption keys NO SERVICE SSH on page 1346 Global Configuration Disables the SSH server SERVICE SSH on page 1347 Global Configura...

Страница 1342: ...yption keys are permanently removed by the switch when you enter this command You do not have to enter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command to save your changes on the s...

Страница 1343: ...AT 9000 Switch Command Line User s Guide 1343 This example deletes the RSA1 key awplus enable awplus configure terminal awplus config crypto key destroy hostkey rsa1...

Страница 1344: ...escription Use this command to create the encryption key for the Secure Shell server You must create the key before activating the server The switch can have one key of each type at the same time If y...

Страница 1345: ...wanted switch behavior create a key during periods of low network activity Examples This example creates a DSA key awplus enable awplus configure terminal awplus config crypto key generate hostkey dsa...

Страница 1346: ...ession of the switch ends if you disable the server from a remote SSH management session To resume managing the switch from a local management session or a remote Telnet or web browser session you mus...

Страница 1347: ...enable the Secure Shell server on the switch You must create an encryption key before enabling the server For instructions refer to CRYPTO KEY GENERATE HOSTKEY on page 1344 Confirmation Command SHOW S...

Страница 1348: ...nfiguration mode Description Use this command to display the encryption keys Here is an example of the information for an RSA key Figure 213 SHOW CRYPTO KEY HOSTKEY Command Examples This example displ...

Страница 1349: ...and to display the current status of the SSH server Versions supported Server Status Server Port Example This example displays the status of the SSH server awplus show ssh server An example of the inf...

Страница 1350: ...Chapter 83 SSH Server Commands 1350...

Страница 1351: ...This chapter describes the following topics Overview on page 1352 Enabling the Web Browser Server on page 1353 Setting the Protocol Port Number on page 1354 Disabling the Web Browser Server on page 1...

Страница 1352: ...ures the management packet that contains your user name and password he or she could use that information to access the switch and make unauthorized changes to its configuration settings Here are the...

Страница 1353: ...address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 If the web browser server is already configured for secure HTTPS and you are changing it back to non secure...

Страница 1354: ...port 80 for the protocol port of the HTTP web server can be adjusted with the IP HTTP PORT command in the Global Configuration mode This example of the command changes the protocol port to 100 awplus...

Страница 1355: ...TTP command in the Global Configuration mode awplus enable awplus configure terminal awplus config no service http No further web browser management sessions are permitted by the switch after the serv...

Страница 1356: ...r is enabled or disabled on the switch issue the SHOW IP HTTP command in the Privileged Exec mode The command also displays the protocol port number if the server is enabled Here is the command awplus...

Страница 1357: ...ure HTTP Web Browser Server Commands Command Mode Description SERVICE HTTP on page 1358 Global Configuration Enables the HTTP web browser server IP HTTP PORT on page 1359 Global Configuration Sets the...

Страница 1358: ...se this command to activate the HTTP web browser server on the switch The switch supports non secure HTTP web browser management sessions when the server is activated Confirmation Command SHOW IP HTTP...

Страница 1359: ...P web server listens on The range is 0 to 65535 Mode Global Configuration mode Description Use this command to set the TCP port for the web browser server Confirmation Command SHOW IP HTTP on page 136...

Страница 1360: ...gement with a web browser Any active web browser management session are interrupted and are not allowed to continue You might disable the server to prevent remote web browser management sessions of th...

Страница 1361: ...e Privileged Exec mode Description Use this command to display the status of the HTTP server on the switch Here is an example of the information Figure 216 SHOW IP HTTP Command Example This example di...

Страница 1362: ...Chapter 85 Non secure HTTP Web Browser Server Commands 1362...

Страница 1363: ...cs Overview on page 1364 Creating a Self signed Certificate on page 1367 Configuring the HTTPS Web Server for a Certificate Issued by a CA on page 1370 Enabling the Web Browser Server on page 1374 Dis...

Страница 1364: ...distinguished name that identifies the owner of the certificate which in the case of a certificate for your switch is the switch itself and your company The switch does not come with a certificate You...

Страница 1365: ...ompany The name of the owner is entered in the form of a distinguished name which has six parts Common name cn This is the IP address or name of the switch Organizational unit ou This is the name of t...

Страница 1366: ...ns must be members of the same network as the management IP address of the switch or they must have access to it through routers or other Layer 3 devices The web browser server cannot operate in both...

Страница 1367: ...4 to 20 alphanumeric characters that are used to export the certificate in PKCS12 file format Although the switch does not allow you to export certificates you are still required to include a value f...

Страница 1368: ...n Jones_Industries Location San_Jose State California Country US Duration 365 days awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure terminal Enter the Global Confi...

Страница 1369: ...er with SERVICE HTTPS on page 1385 awplus config exit Return to the Privileged Exec mode awplus show ip https Confirm the confirmation with SHOW IP HTTPS on page 1389 HTTPS server enabled Port 443 Cer...

Страница 1370: ...state country The values of the parameters in this command must be exactly the same as the corresponding values from the CRYPTO CERTIFICATE GENERATE command used to create the self signed certificate...

Страница 1371: ...a public or private CA The certificate is assigned these specifications ID number 1 Key length 512 Passphrase hazeltime Common name 124 201 76 54 This is the IP address of the switch Organizational un...

Страница 1372: ...onfig crypto certificate 1 import Import the new certificate into the certificate database with CRYPTO CERTIFICATE IMPORT on page 1382 awplus config ip https certificate 1 Designate the new certificat...

Страница 1373: ...wser server is enabled on the unit disabled it with NO SERVICE HTTP on page 1360 awplus config service https Enable the HTTPS server with SERVICE HTTPS on page 1385 awplus config exit Return to the Pr...

Страница 1374: ...structions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The switch should have a HTTPS certificate If the HTTP mode is enabled you must disable it with the NO HTTP SERVER command...

Страница 1375: ...TPS command in the Global Configuration mode awplus enable awplus configure terminal awplus config no service https No further web browser management sessions are permitted by the switch after the ser...

Страница 1376: ...tocol port number if the server is enabled Here is the command awplus enable awplus show ip https Here is an example of the display Figure 217 SHOW IP HTTPS Command The fields are described in Table 1...

Страница 1377: ...bal Configuration Imports certificates from public or private CAs into the certificate database on the switch CRYPTO CERTIFICATE REQUEST on page 1383 Global Configuration Creates certificate enrollmen...

Страница 1378: ...tion Use this command to delete unused certificates from the switch You can delete just one certificate at a time with this command Entering the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command aft...

Страница 1379: ...ough the switch does not permit the export of certificates a passphrase is still required in the command common_name Specifies a common name for the certificate This should be the IP address or fully...

Страница 1380: ...se this command to create self signed certificates for secure HTTPS web browser management of the switch All the parameters in the command are required Entering the WRITE or COPY RUNNING CONFIG STARTU...

Страница 1381: ...Sales Organization Jones_Industries Location San_Jose State California Country US Duration 365 days awplus enable awplus configure terminal awplus config crypto certificate 2 generate 1280 trailtree...

Страница 1382: ...to the certificate database of the switch A certificate has to be residing in the file system on the switch before you can import it into the certificate database Entering the WRITE or COPY RUNNING CO...

Страница 1383: ...and special characters are not allowed organizational_unit Specifies the name of a department such as Network Support or IT This parameter can have up to 64 characters Spaces and special characters a...

Страница 1384: ...ve the same ID number and other information as its corresponding self signed certificate Confirmation Command DIR on page 467 Example This example creates a certificate enrollment request that has the...

Страница 1385: ...is activated Here are the preconditions to activating the server The non secure HTTP server on the switch must be disabled For instructions refer to NO SERVICE HTTP on page 1360 The switch must have a...

Страница 1386: ...er The switch can have only one active certificate The certificate which must already exist on the switch can be a self signed certificate that the switch created itself or a certificate that was issu...

Страница 1387: ...erver on the switch The switch rejects secure HTTPS web browser management sessions when the server is deactivated You might disable the server to prevent remote web browser management sessions of the...

Страница 1388: ...d_number Specifies a certificate ID number Mode Privileged Exec mode Description Use this command to display detailed information about the certificates on the switch You can display just one certific...

Страница 1389: ...le 153 HTTPS server enabled Port 443 Certificate 1 is active Issued by self signed Valid from 5 17 2010 to 5 16 2011 Subject C US ST California L San_Jose O Jones_Industries OU Sales CN 167 214 121 45...

Страница 1390: ...tive Displays the status of the certificate An active status indicates that the certificate was designated with IP HTTPS CERTIFICATE on page 1386 as the active certificate for the HTTPS server The swi...

Страница 1391: ...chapter describes the following topics Overview on page 1392 Remote Manager Accounts on page 1393 Managing the RADIUS Client on page 1396 Managing the TACACS Client on page 1400 Configuring Remote Au...

Страница 1392: ...lets you add more manager accounts to the switch by transferring the task of authenticating the accounts from the switch to an authentication server on your network This feature is described in Remote...

Страница 1393: ...entication server when a manager logs on 1 The switch uses its RADIUS or TACACS client to transmit the user name and password to an authentication server on the network 2 The server checks to see if t...

Страница 1394: ...0 to 15 however the AT 9000 switch provides only two settings of the Privilege attribute 0 or 15 If command mode restriction is active on the switch a manager account with a privilege level of 0 is re...

Страница 1395: ...rvers The switch must have a management IP address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The authentication servers on your network must be members of the...

Страница 1396: ...e switch the IP addresses below it are moved up For example if you make the following assignments server one is 186 178 11 154 server two is 186 178 11 156 server three is 186 178 11 158 If you delete...

Страница 1397: ...TI Specifying a RADIUS Global Encryption Key If the RADIUS servers on your network use the same encryption key use the RADIUS SERVER KEY command in the Global Configuration mode to enter a global encr...

Страница 1398: ...ter disables accounting messages The GROUP parameter indicates the user server group Specify the RADIUS server The LOCAL parameter indicates that if the first attempt to authenticate a user with the R...

Страница 1399: ...of RADIUS servers awplus enable awplus configure terminal awplus config no radius server host 211 132 123 12 Displaying the RADIUS Client To display the settings of the RADIUS client use the SHOW RADI...

Страница 1400: ...addresses below it are moved up For example if you make the following assignments server one is 186 178 11 154 server two is 186 178 11 156 server three is 186 178 11 158 If you delete the IP address...

Страница 1401: ...counting message is sent at the end of the session The STOP ONLY parameter indicates a stop accounting message is sent at the end of the session The NONE parameter disables accounting messages The GRO...

Страница 1402: ...122 124 15 7 from the TACACS client awplus enable awplus configure terminal awplus config no tacacs server host 122 114 15 7 Displaying the TACACS Client To display the settings of the TACACS client u...

Страница 1403: ...ntication login tacacs After you activate the feature all future login attempts by managers are forwarded by the switch to the designated authentication servers for authentication To deactivate the fe...

Страница 1404: ...g line no login authentication Now even though remote authentication is activated the switch uses its local manager accounts to authenticate the user name and password whenever someone logs on through...

Страница 1405: ...ne vty 0 awplus config line no login authentication Now the switch uses the local manager accounts instead of the remote accounts to authenticate the user name and password when an administrator estab...

Страница 1406: ...Chapter 88 RADIUS and TACACS Clients 1406...

Страница 1407: ...ON on page 1417 Console Line and Virtual Terminal Line Activates remote authentication for local management sessions and remote Telnet and SSH sessions NO LOGIN AUTHENTICATION on page 1419 Console Lin...

Страница 1408: ...eged Exec Displays the configuration settings of the TACACS client TACACS SERVER HOST on page 1430 Global Configuration Adds IP addresses of TACACS servers to the TACACS client in the switch TACACS SE...

Страница 1409: ...cify one of the following radius Uses all RADIUS servers tacacs Uses all TACACS servers Mode Global Configuration mode Description This command configures RADIUS or TACACS accounting for all login she...

Страница 1410: ...ure terminal awplus config aaa accounting login default start stop group radius To reset the configuration of the default accounting list use the following commands awplus enable awplus configure term...

Страница 1411: ...command see ENABLE PASSWORD on page 1302 This is an optional parameter Mode Global Configuration mode Description Use this command to enable the TACACS password on the switch This password is used to...

Страница 1412: ...use the following commands awplus enable awplus configure terminal awplus config aaa authentication enable default group tacacs local To enable the TACACS password on the switch use the following com...

Страница 1413: ...about this command see ENABLE PASSWORD on page 1302 This is an optional parameter Mode Global Configuration mode Description Use this command to enable RADIUS or TACACS on the switch globally This co...

Страница 1414: ...ble RADIUS servers on the switch use the following commands awplus enable awplus configure terminal awplus config aaa authentication login default group radius local To enable TACACS servers on the sw...

Страница 1415: ...client uses the specified IP address on every outgoing RADIUS packet Use the no version of this command NO IP RADIUS SOURCE INTERFACE to remove the RADIUS source lP address from the client Confirmati...

Страница 1416: ...pter 89 RADIUS and TACACS Client Commands 1416 This example removes the RADIUS source IP address from the RADIUS client awplus enable awplus configure terminal awplus config no ip radius source interf...

Страница 1417: ...hile remote authentication for remote Telnet and SSH management sessions is activated in the Virtual Terminal Line mode Note If the switch is unable to communicate with the authentication servers when...

Страница 1418: ...nt Commands 1418 This example activates remote authentication for remote Telnet and SSH management sessions that use VTY line 0 awplus enable awplus configure terminal awplus config line vty 0 awplus...

Страница 1419: ...SSH sessions Confirmation Command SHOW RUNNING CONFIG on page 158 Examples This example deactivates remote authentication for local management sessions awplus enable awplus configure terminal awplus...

Страница 1420: ...l Configuration mode Description Use this command to delete IP addresses of RADIUS servers from the list of authentication servers on the switch You can delete only one IP address at a time with this...

Страница 1421: ...address at a time with this command Mode Global Configuration mode Description Use this command to delete IP addresses of TACACS servers from the client You can delete only one IP address at a time wi...

Страница 1422: ...thentication requests If 0 is specified the server is not used for authentication The default UDP port for authentication is 1812 key Specifies the encryption key used by the designated RADIUS server...

Страница 1423: ...er host 149 245 22 22 auth port 1815 key tiger12 This example adds a RADIUS server with the IP address 176 225 15 23 to the switch The accounting port is 1811 and the UDP port is 1815 The encryption k...

Страница 1424: ...two or three servers that use different encryption keys do not enter a global encryption key with this command Instead define the individual keys when you add the IP addresses of the servers to the c...

Страница 1425: ...er for an authentication request If the timeout expires without a response the client queries the next server in the list If there are no further servers in the list to query the switch defaults to th...

Страница 1426: ...dress assigned to an interface on the switch that is the source of all outgoing RADIUS packets WIth hardware stacking this the source address of the master switch Timeout The length of the time in sec...

Страница 1427: ...xample This example displays the configuration of the RADIUS client awplus show radius Accounting Port The accounting protocol port Encryption Keys The server encryption keys if defined Table 155 SHOW...

Страница 1428: ...ble 156 SHOW TACACS Command Parameter Description Timeout The length of the time in seconds that the switch waits for a response from a TACACS server to an authentication request The default is 40 sec...

Страница 1429: ...ch awplus show tacacs Server Status Indicates the status of the server host One of the following options is displayed Alive Indicates the server is working correctly The sockets are successful Dead In...

Страница 1430: ...scription Use this command to add IP addresses of TACACS servers to the TACACS client in the switch The list can have up to three TACACS authentication servers but you can add only one at a time with...

Страница 1431: ...two or three servers that use different encryption keys do not enter a global encryption key with this command Instead define the individual keys when you add the IP addresses of the servers to the cl...

Страница 1432: ...rver for an authentication request If the timeout expires without a response the client queries the next server in the list If there are no further servers in the list to query the switch defaults to...

Страница 1433: ...s SHOW MEMORY ALLOCATION on page 1438 Privileged Exec Displays the memory allocations used by the processes SHOW MEMORY HISTORY on page 1439 Privileged Exec Displays a graph showing historical memory...

Страница 1434: ...processes sleep Sorts the list by the average sleeping times thrds Sorts the list by the number of threads Mode Privileged Exec mode Description Use this command to display a list of running processe...

Страница 1435: ...Syntax show cpu history Parameters None Mode Privileged Exec mode Description Use this command to display graphs of historical CPU utilization on the switch Example This example displays graphs of hi...

Страница 1436: ...user threads Parameters None Mode Privileged Exec mode Description Use this command to display a list of CPU utilization and the status of the user threads Example This example displays a list of CPU...

Страница 1437: ...the peak amounts of memory the processes are currently using stk Sorts the list by the stack sizes of the processes Mode Privileged Exec mode Description Use this command to display the memory consum...

Страница 1438: ...stem process Mode Privileged Exec mode Description Use this command to display the memory allocations used by the processes Examples This example displays the memory allocations used by all the proces...

Страница 1439: ...Y HISTORY Syntax show memory history Parameters None Mode Privileged Exec mode Description Use this command to display a graph showing historical memory usage Example This example displays a graph sho...

Страница 1440: ...LS Syntax show memory pools Parameters None Mode Privileged Exec mode Description Use this command to display a list of memory pools used by the processes Example This example displays a list of memor...

Страница 1441: ...ry utilization Mode Privileged Exec mode Description Use this command to display a summary of the current running processes Examples This example lists the running processes by ID number awplus show p...

Страница 1442: ...r Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the serial number of the switch The serial number is also displayed with SHOW SYSTEM on page 161...

Страница 1443: ...one Mode Privileged Exec mode Description Use this command to display the number of interrupts for each Interrupt Request IRQ used to interrupt input lines on a Programmable Interrupt Controller PIC o...

Страница 1444: ...e file name tech support followed by a string of numbers and the extension txt After performing the command upload the file from the switch using TFTP or Zmodem and email it to Allied Telesis technica...

Страница 1445: ...ional commands SHOW ARP SHOW INTERFACE SHOW IP INTERFACE SHOW IPV6 INTERFACE SHOW MAC ADDRESS TABLE Examples This example stores the system information in a file awplus show tech support This example...

Страница 1446: ...Chapter System Monitoring Commands 1446...

Страница 1447: ...ED on page 1456 MAC Address based Port Security on page 1457 MAC Address Table on page 1458 Management IP Address on page 1459 Manager Account on page 1460 Port Settings on page 1461 RADIUS Client on...

Страница 1448: ...Appendix B Management Software Default Settings 1448 Boot Configuration File The following table lists the name of the default configuration file Boot Configuration File Default Switch boot cfg...

Страница 1449: ...1449 Class of Service The following table lists the default mappings of the IEEE 802 1p priority levels to the egress port priority queues IEEE 802 1p Priority Level Port Priority Queue 0 Q2 1 Q0 lowe...

Страница 1450: ...50 Console Port The following table lists the default settings for the Console port Note The baud rate is the only adjustable parameter on the port Console Port Setting Default Data Bits 8 Stop Bits 1...

Страница 1451: ...rk Access Control Settings Default Port Access Control Disabled Authentication Method RADIUS EAP Port Roles None Authentication Port 1812 Authenticator Port Setting Default Authentication Mode 802 1x...

Страница 1452: ...Appendix B Management Software Default Settings 1452 The following table lists the default settings for RADIUS accounting RADIUS Accounting Settings Default Status Disabled Port 1813...

Страница 1453: ...AT 9000 Switch Command Line User s Guide 1453 Enhanced Stacking The following table lists the enhanced stacking default setting Enhanced Stacking Setting Default Switch State Member...

Страница 1454: ...are Default Settings 1454 GVRP This section provides the default settings for GVRP GVRP Setting Default Status Disabled GIP Status Enabled Join Timer 20 centiseconds Leave Timer 60 centiseconds Leave...

Страница 1455: ...ing table lists the IGMP Snooping default settings IGMP Snooping Setting Default IGMP Snooping Status Disabled Multicast Host Topology Single Host Port Edge Host Router Timeout Interval 260 seconds Ma...

Страница 1456: ...The following table lists the default settings for LLDP and LLDP MED LLDP an LLDP MED Default Status Disabled Notification Interval 5 seconds Transmit Interval 30 seconds Holdtime Multiplier 4 Reiniti...

Страница 1457: ...de 1457 MAC Address based Port Security The following table lists the MAC address based port security default settings MAC Address based Port Security Setting Default Status Disabled Intrusion Action...

Страница 1458: ...ix B Management Software Default Settings 1458 MAC Address Table The following table lists the default setting for the MAC address table MAC Address Table Setting Default MAC Address Aging Time 300 se...

Страница 1459: ...User s Guide 1459 Management IP Address The following table lists the default settings for the management IP address Management IP Address Setting Default Management IP Address 0 0 0 0 Subnet Mask 0...

Страница 1460: ...following table lists the manager account default settings Note Login names and passwords are case sensitive Manager Account Setting Default Manager Login Name manager Manager Password friend Console...

Страница 1461: ...on MDI MDI X Auto MDI MDIX Threshold Limits for Ingress Packets Disabled Broadcast Multicast or Unknown Unicast Packet Filtering Storm control 33 554 431 packets per second Override Priority No overri...

Страница 1462: ...RADIUS configuration default settings RADIUS Configuration Setting Default Global Encryption Key ATI Global Server Timeout Period 5 seconds RADIUS Server 1 Configuration 0 0 0 0 RADIUS Server 2 Confi...

Страница 1463: ...de 1463 Remote Manager Account Authentication The following table describes the remote manager account authentication default settings Authentication Setting Default Server based Authentication Disabl...

Страница 1464: ...following table lists the default settings for RMON collection histories There are no default settings for alarms or events RMON Setting Default History Buckets 50 History Polling Interval 1800 secon...

Страница 1465: ...rver The following table lists the SSH default settings Note The SSH port number is not adjustable SSH Setting Default Status Disabled Host Key ID Not Defined Server Key ID Not Defined Server Key Expi...

Страница 1466: ...ettings 1466 sFlow Agent The default settings for the sFlow agent are listed in this table sFlow Agent Setting Default sFlow Agent Status Disabled sFlow Collector IP Address 0 0 0 0 UDP Port 6343 Port...

Страница 1467: ...67 Simple Network Management Protocol SNMPv1 SNMPv2c and SNMPv3 The following table describes the default settings for SNMPv1 SNMPv2c and SNMPv3 SNMP Communities Setting Default SNMP Status Disabled A...

Страница 1468: ...ettings 1468 Simple Network Time Protocol The following table lists the SNTP default settings SNTP Setting Default System Time Sat 01 Jan 2000 00 00 00 SNTP Status Disabled SNTP Server 0 0 0 0 UTC Off...

Страница 1469: ...ings Rapid Spanning Tree Protocol The following table describes the RSTP default settings Spanning Tree Setting Default Spanning Tree Status Enabled Active Protocol Version RSTP STP Setting Default Br...

Страница 1470: ...Status Disabled BPDU Guard Timeout Interval 300 seconds RSTP Setting Default MSTP Setting Default Force Version MSTP Bridge Priority 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 E...

Страница 1471: ...AT 9000 Switch Command Line User s Guide 1471 System Name The default setting for the system name is listed in this table System Name Setting Default System Name awplus...

Страница 1472: ...1472 TACACS Client The following table lists the TACACS client configuration default settings TACACS Client Configuration Setting Default TAC Server 1 0 0 0 0 TAC Server 2 0 0 0 0 TAC Server 3 0 0 0...

Страница 1473: ...ine User s Guide 1473 Telnet Server The default settings for the Telnet server are listed in this table Note The Telnet port number is not adjustable Telnet Server Setting Default Telnet Server Enable...

Страница 1474: ...lt Settings 1474 VLANs This section provides the VLAN default settings VLAN Setting Default Default VLAN Name Default_VLAN all ports Management VLAN ID 1 Default_VLAN VLAN Type Port based Member Ports...

Страница 1475: ...mmand Line User s Guide 1475 Web Server The following table lists the web server default settings Web Server Configuration Setting Default Status Disabled Operating Mode HTTP HTTP Port Number 80 HTTPS...

Страница 1476: ...Appendix B Management Software Default Settings 1476...

Страница 1477: ...34 CLEAR IPV6 NEIGHBORS command 301 CLEAR LLDP STATISTICS command 1084 CLEAR LLDP TABLE command 1077 1085 CLEAR LOG BUFFERED command 104 109 514 516 CLEAR MAC ADDRESS TABLE command 354 CLEAR PORT COUN...

Страница 1478: ...mand 1089 LLDP MED NOTIFICATIONS command 1091 LLDP MED TLV SELECT command 1060 1063 1066 1069 1092 LLDPNON STRICT MED TLV ORDER CHECKcommand 1094 LLDP NOTIFICATION INTERVAL command 1096 LLDP NOTIFICAT...

Страница 1479: ...O SERVICE HTTPS command 1387 NO SERVICE PASSWORD ENCRYPTION command 1298 1305 NO SERVICE POWER INLINE command 264 NO SERVICE SSH command 1346 NO SERVICE TELNET command 1314 1318 NO SFLOW COLLECTOR IP...

Страница 1480: ...ASED AUTHENTICATION TACACS command 1403 SERVICE HTTP command 1353 1358 SERVICE HTTPS command 1385 SERVICE MAXMANAGER command 126 154 SERVICE PASSWORD ENCRYPTION command 1298 1307 SERVICE POWER INLINE...

Страница 1481: ...SHOW SFLOW command 1046 SHOW SFLOW DATABASE command 1033 SHOW SNMP SERVER command 972 986 1008 SHOW SNMP SERVER COMMUNITY command 972 987 SHOW SNMP SERVER GROUP command 1009 SHOW SNMP SERVER HOST comm...

Страница 1482: ...VLAN HOST command 836 843 SWITCHPORT MODE PRIVATE VLAN PROMISCUOUS command 836 844 SWITCHPORT MODE TRUNK command 734 751 SWITCHPORT PORT SECURITY AGING command 872 888 SWITCHPORT PORT SECURITY comman...

Отзывы:

Нет отзывов

Похожие инструкции для AT-9000/12PoE

TokenLink Velocity 3C319

Бренд: 3Com Страницы: 2

Бренд: Blackrock Microsystems Страницы: 27

Бренд: BSS Audio Страницы: 20

Бренд: Reeven Страницы: 2

Бренд: IBASE Technology Страницы: 71

Бренд: Net to Net Technologies Страницы: 4

Бренд: Patton electronics Страницы: 9

Бренд: Qlogic Страницы: 8

Бренд: ZALMAN Страницы: 5

RouterBOARD 411R

Бренд: 4gon Страницы: 2

Бренд: Gira Страницы: 6

Бренд: Cytron Technologies Страницы: 13

Бренд: TP-Link Страницы: 2

Бренд: ETAS Страницы: 82

Бренд: Rainbow Страницы: 2

EtherLink 3C905C-TX

Бренд: 3Com Страницы: 96

Бренд: Intercoax Страницы: 2

Бренд: Global Sun Страницы: 39

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды