Black Box LGB6026A Скачать руководство пользователя страница 331 | Manualshive

Страница: 331 / 1289

background image

– 329 –

C

HAPTER

14

| Security Measures

Configuring 802.1X Port Authentication

Figure 177: Configuring Port Security

C

ONFIGURING

802.1X P

ORT

A

UTHENTICATION

Network switches can provide open and easy access to network resources
by simply attaching a client PC. Although this automatic configuration and
access is a desirable feature, it also allows unauthorized personnel to easily
intrude and possibly gain access to sensitive network data.

The IEEE 802.1X (dot1X) standard defines a port-based access control
procedure that prevents unauthorized access to a network by requiring
users to first submit credentials for authentication. Access to all switch
ports in a network can be centrally controlled from a server, which means
that authorized users can use the same credentials for authentication from
any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL)
to exchange authentication protocol messages with the client, and a
remote RADIUS authentication server to verify user identity and access
rights. When a client (i.e., Supplicant) connects to a switch port, the switch
(i.e., Authenticator) responds with an EAPOL identity request. The client
provides its identity (such as a user name) in an EAPOL response to the
switch, which it forwards to the RADIUS server. The RADIUS server verifies
the client identity and sends an access challenge back to the client. The
EAP packet from the RADIUS server contains not only the challenge, but
the authentication method to be used. The client can reject the
authentication method and request another, depending on the
configuration of the client software and the RADIUS server. The encryption
method used to pass authentication messages can be MD5 (Message-
Digest 5), TLS (Transport Layer Security), PEAP (Protected Extensible
Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The
client responds to the appropriate method with its credentials, such as a
password or certificate. The RADIUS server verifies the client credentials
and responds with an accept or reject packet. If authentication is
successful, the switch allows the client to access the network. Otherwise,
non-EAP traffic on the port is blocked or assigned to a guest VLAN based on
the “intrusion-action” setting. In “multi-host” mode, only one host
connected to a port needs to pass authentication for all other hosts to be
granted network access. Similarly, a port can become unauthorized for all

«
...
329
330
331
332
333
...
»

Содержание LGB6026A

Страница 1: ...Port or 48 Port LGB6026A LGB6050A Order toll free in the U S Call 877 877 BBOX outside U S call 724 746 5500 FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746...

Страница 2: ...Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any other trademarks mentioned in this manual are acknowledged to be the property...

Страница 3: ...rts 4 Gigabit Combination Ports RJ 45 SFP 4 Gigabit Combination Ports RJ 45 SFP 2 10 Gigabit Extender Module Slots 2 10 Gigabit Extender Module Slots and 2 Stacking Ports and 2 Stacking Ports We re he...

Страница 4: ...ombination Ports RJ 45 SFP 2 10 Gigabit Extender Module Slots and 2 Stacking Ports LGB6050A GIGABIT ETHERNET SWITCH Layer 3 Switch with 44 10 100 1000BASE T RJ 45 Ports and 4 Gigabit Combination Ports...

Страница 5: ...your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard tha...

Страница 6: ...ABOUT THIS GUIDE 4...

Страница 7: ...tion 60 Access Control Lists 61 DHCP 61 Port Configuration 61 Port Mirroring 61 Port Trunking 61 Rate Limiting 62 Broadcast Storm Control 62 Static Addresses 62 IEEE 802 1D Bridge 62 Store and Forward...

Страница 8: ...80 Saving or Restoring Configuration Settings 81 SECTION II WEB CONFIGURATION 83 3 USING THE WEB INTERFACE 85 Connecting to the Web Interface 85 Navigating the Web Browser Interface 86 Home Page 86 C...

Страница 9: ...atus 133 Configuring Port Mirroring 134 Showing Port or Trunk Statistics 136 Trunk Configuration 140 Configuring a Static Trunk 141 Configuring a Dynamic Trunk 144 Displaying LACP Port Counters 149 Di...

Страница 10: ...hanging the Aging Time 198 Displaying the Dynamic Address Table 199 Clearing the Dynamic Address Table 200 8 SPANNING TREE ALGORITHM 203 Overview 203 Configuring Loopback Detection 206 Configuring Glo...

Страница 11: ...7 Configuring Interface Settings for Web Authentication 278 Network Access MAC Address Authentication 279 Configuring Global Settings for Network Access 281 Configuring Network Access for Ports 282 Co...

Страница 12: ...332 Displaying 802 1X Statistics 336 IP Source Guard 337 Configuring Ports for IP Source Guard 337 Configuring Static Bindings for IP Source Guard 339 Displaying Information for Dynamic IP Source Guar...

Страница 13: ...ping and Query 405 Configuring IGMP Snooping and Query Parameters 407 Specifying Static Interfaces for a Multicast Router 411 Assigning Interfaces to Multicast Services 413 Setting IGMP Snooping Statu...

Страница 14: ...estinations 466 18 GENERAL IP ROUTING 469 Overview 469 Initial Configuration 469 IP Routing and Switching 470 Routing Path Management 471 Routing Protocols 472 Configuring IP Routing Interfaces 472 Co...

Страница 15: ...rmation Protocol 518 Configuring General Protocol Settings 519 Clearing Entries from the Routing Table 522 Specifying Network Interfaces 523 Specifying Passive Interfaces 525 Specifying Static Neighbo...

Страница 16: ...splaying the Multicast Routing Table 578 Configuring PIM for IPv4 582 Enabling PIM Globally 582 Configuring PIM Interface Settings 582 Displaying Neighbor Information 588 Configuring Global PIM SM Set...

Страница 17: ...ssing 615 CLI Command Groups 616 24 GENERAL COMMANDS 619 prompt 619 reload Global Configuration 620 enable 621 quit 622 show history 622 configure 623 disable 624 reload Privileged Exec 624 show reloa...

Страница 18: ...word 646 password thresh 647 silent time 648 speed 648 stopbits 649 timeout login response 650 disconnect 650 show line 651 Event Logging 652 logging facility 652 logging history 653 logging host 654...

Страница 19: ...w time range 669 26 SNMP COMMANDS 671 snmp server 672 snmp server community 672 snmp server contact 673 snmp server location 673 show snmp 674 snmp server enable traps 675 snmp server host 676 snmp se...

Страница 20: ...er size 701 sflow owner 701 sflow sample 702 sflow source 702 sflow timeout 703 show sflow 703 29 AUTHENTICATION COMMANDS 705 User Accounts 705 enable password 706 username 707 Authentication Sequence...

Страница 21: ...ation exec 724 show accounting 725 Web Server 726 ip http port 726 ip http server 727 ip http secure server 727 ip http secure port 729 Telnet Server 729 ip telnet max sessions 730 ip telnet port 730...

Страница 22: ...Management IP Filter 752 management 753 show management 754 30 GENERAL SECURITY MEASURES 755 Port Security 756 mac learning 756 port security 757 Network Access MAC Address Authentication 759 network...

Страница 23: ...cate IP 776 show web auth 777 show web auth interface 777 show web auth summary 778 DHCP Snooping 778 ip dhcp snooping 779 ip dhcp snooping database flash 781 ip dhcp snooping information option 781 i...

Страница 24: ...ESS CONTROL LISTS 801 IPv4 ACLs 801 access list ip 802 permit deny Standard IP ACL 803 permit deny Extended IPv4 ACL 804 ip access group 806 show ip access group 807 show ip access list 807 IPv6 ACLs...

Страница 25: ...faces counters 832 show interfaces status 834 show interfaces switchport 835 show interfaces transceiver 836 test loop internal 837 show loop internal 838 33 LINK AGGREGATION COMMANDS 839 channel grou...

Страница 26: ...nning tree priority 867 spanning tree mst configuration 867 spanning tree transmission limit 868 max hops 868 mst priority 869 mst vlan 870 name 870 revision 871 spanning tree bpdu filter 872 spanning...

Страница 27: ...LAN Interfaces 892 interface vlan 893 switchport acceptable frame types 893 switchport allowed vlan 894 switchport ingress filtering 895 switchport mode 896 switchport native vlan 897 vlan trunking 89...

Страница 28: ...subnet vlan 916 Configuring MAC Based VLANs 917 mac vlan 917 show mac vlan 918 Configuring Voice VLANs 918 voice vlan 919 voice vlan aging 920 voice vlan mac address 920 switchport voice vlan 921 swi...

Страница 29: ...police trtcm color 949 set cos 951 set phb 952 service policy 953 show class map 954 show policy map 954 show policy map interface 955 41 MULTICAST FILTERING COMMANDS 957 IGMP Snooping 958 ip igmp sn...

Страница 30: ...74 show mac address table multicast 975 Static Multicast Routing 976 ip igmp snooping vlan mrouter 976 show ip igmp snooping mrouter 977 IGMP Filtering and Throttling 977 ip igmp filter Global Configu...

Страница 31: ...nterval 1006 ipv6 mld robustval 1006 ipv6 mld static group 1007 ipv6 mld version 1008 clear ipv6 mld group 1009 show ipv6 mld groups 1009 show ipv6 mld interface 1011 MLD Proxy Routing 1012 ipv6 mld p...

Страница 32: ...te device 1029 show lldp info statistics 1030 43 DOMAIN NAME SERVICE COMMANDS 1033 ip domain list 1033 ip domain lookup 1034 ip domain name 1035 ip host 1036 ip name server 1037 ipv6 host 1038 clear d...

Страница 33: ...w ip dhcp 1059 45 VRRP COMMANDS 1061 vrrp authentication 1062 vrrp ip 1062 vrrp preempt 1063 vrrp priority 1064 vrrp timers advertise 1065 clear vrrp interface counters 1066 clear vrrp router counters...

Страница 34: ...pv6 address eui 64 1088 ipv6 address link local 1090 ipv6 enable 1091 ipv6 mtu 1092 show ipv6 interface 1093 show ipv6 mtu 1095 show ipv6 traffic 1095 clear ipv6 traffic 1099 ping6 1100 ipv6 neighbor...

Страница 35: ...uthentication mode 1127 ip rip authentication string 1128 ip rip receive version 1128 ip rip receive packet 1129 ip rip send version 1130 ip rip send packet 1131 ip rip split horizon 1131 clear ip rip...

Страница 36: ...mit interval 1160 ip ospf transmit delay 1161 passive interface 1162 show ip ospf 1162 show ip ospf border routers 1164 show ip ospf database 1165 show ip ospf interface 1171 show ip ospf neighbor 117...

Страница 37: ...ipv6 ospf virtual links 1202 48 MULTICAST ROUTING COMMANDS 1205 General Multicast Routing 1205 ip multicast routing 1205 show ip mroute 1206 ipv6 multicast routing 1208 show ipv6 mroute 1209 Static Mu...

Страница 38: ...sr router 1233 show ip pim rp mapping 1234 show ip pim rp hash 1235 IPv6 PIM Commands 1236 router pim6 1236 ipv6 pim dense mode 1237 ipv6 pim graft retry interval 1238 ipv6 pim hello holdtime 1238 ipv...

Страница 39: ...rds 1251 Management Information Bases 1252 B TROUBLESHOOTING 1255 Problems Accessing the Management Interface 1255 Using System Logs 1256 C LICENSE INFORMATION 1257 The GNU General Public License 1257...

Страница 40: ...38 CONTENTS...

Страница 41: ...Zone 119 Figure 15 Console Port Settings 121 Figure 16 Telnet Connection Settings 123 Figure 17 Displaying CPU Utilization 124 Figure 18 Displaying Memory Utilization 124 Figure 19 Restarting the Swi...

Страница 42: ...gure 47 Enabling Traffic Segmentation 156 Figure 48 Configuring Members for Traffic Segmentation 157 Figure 49 Configuring VLAN Trunking 158 Figure 50 Configuring VLAN Trunking 159 Figure 51 VLAN Comp...

Страница 43: ...gure 85 STP Root Ports and Designated Ports 204 Figure 86 MSTP Region Internal Spanning Tree Multiple Spanning Tree 205 Figure 87 Common Internal Spanning Tree Common Spanning Tree Internal Spanning T...

Страница 44: ...figuring Port Settings for a Voice VLAN 258 Figure 123 Configuring the Authentication Sequence 262 Figure 124 Authentication Server Operation 262 Figure 125 Configuring Remote Authentication Server RA...

Страница 45: ...ir 297 Figure 155 Copying the SSH User s Public Key 298 Figure 156 Showing the SSH User s Public Key 299 Figure 157 Setting the Name of a Time Range 301 Figure 158 Showing a List of Time Ranges 301 Fi...

Страница 46: ...g Error Messages Looged to System Memory 353 Figure 192 Configuring Settings for Remote Logging of Error Messages 354 Figure 193 Configuring SMTP Alert Messages 356 Figure 194 Configuring LLDP Timing...

Страница 47: ...howing Configured RMON Statistical Samples 402 Figure 231 Showing Collected RMON Statistical Samples 402 Figure 232 Multicast Filtering Concept 403 Figure 233 IGMP Protocol 405 Figure 234 Configuring...

Страница 48: ...e 263 Showing the Static MVR Groups Assigned to a Port 445 Figure 264 Showing All MVR Groups Assigned to a Port 446 Figure 265 Configuring a Static IPv4 Address 449 Figure 266 Configuring a Dynamic IP...

Страница 49: ...ackets 495 Figure 300 Showing Counters for Errors Found in a VRRP Group 496 Figure 301 Configuring General Settings for DNS 498 Figure 302 Configuring a List of Domain Names for DNS 499 Figure 303 Sho...

Страница 50: ...uted into RIP 529 Figure 335 Setting the Distance Assigned to External Routes 530 Figure 336 Showing the Distance Assigned to External Routes 530 Figure 337 Configuring a Network Interface for RIP 534...

Страница 51: ...ettings for a Virtual Link 567 Figure 373 Showing MD5 Authentication Keys 568 Figure 374 Displaying Information in the Link State Database 570 Figure 375 Displaying Virtual Links Stored in the Link St...

Страница 52: ...50 FIGURES Figure 392 Enabling PIMv6 Multicast Routing 598 Figure 393 Configuring PIMv6 Interface Settings Dense Mode 602 Figure 394 Showing PIMv6 Neighbors 603...

Страница 53: ...ection Log 324 Table 15 802 1X Statistics 336 Table 16 Logging Levels 352 Table 17 Chassis ID Subtype 361 Table 18 System Capabilities 362 Table 19 Port ID Subtype 364 Table 20 Remote Port Auto Negoti...

Страница 54: ...ble 47 Event Logging Commands 658 Table 48 Time Commands 662 Table 49 Time Range Commands 667 Table 50 SNMP Commands 671 Table 51 show snmp engine id display description 683 Table 52 show snmp group d...

Страница 55: ...nds 822 Table 85 Interface Commands 823 Table 86 show interfaces switchport display description 836 Table 87 Link Aggregation Commands 839 Table 88 show lacp counters display description 846 Table 89...

Страница 56: ...Table 120 Static Multicast Interface Commands 976 Table 121 IGMP Filtering and Throttling Commands 977 Table 122 Multicast VLAN Registration Commands 984 Table 123 show mvr display description 989 Tab...

Страница 57: ...58 show ip ospf display description 1163 Table 159 show ip ospf database display description 1166 Table 160 show ip ospf database summary display description 1167 Table 161 show ip ospf database exter...

Страница 58: ...1213 Table 181 PIM DM and PIM SM Multicast Routing Commands 1213 Table 182 show ip pim neighbor display description 1222 Table 183 show ip pim bsr router display description 1234 Table 184 show ip pim...

Страница 59: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 60: ...58 SECTION I Getting Started...

Страница 61: ...MAC address filtering General Security Measures Private VLANs Port Authentication Port Security DHCP Snooping IP Source Guard Access Control Lists Supports up to 256 ACLs 96 MAC rules 96 IP rules and...

Страница 62: ...uery for Layer 2 IGMP for Layer 3 and Multicast VLAN Registration Multicast Routing Supports PIM DM and PIM SM for IPv4 and PIM SM for IPv6 DESCRIPTION OF SOFTWARE FEATURES The switch provides a wide...

Страница 63: ...client must physically reside on the same subnet Since it is not practical to have a DHCP server on every subnet DHCP Relay is also supported to allow dynamic configuration of local clients from a DH...

Страница 64: ...ransparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses...

Страница 65: ...restrict traffic to the VLAN groups to which a user has been assigned By segmenting your network into VLANs you can Eliminate broadcast storms which severely degrade performance in a flat network Sim...

Страница 66: ...ormation contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding IP ROUTING The switch provides Layer 3 IP routing To maintain a h...

Страница 67: ...hop to the next Either static or dynamic entries can be configured in the ARP cache Proxy ARP allows hosts that do not support routing to determine the MAC address of a device on another network or s...

Страница 68: ...omer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network SYSTEM DEFAULTS The switch s system defaults are provided in the configuratio...

Страница 69: ...d only private read write Port Configuration Admin Status Enabled Auto negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiti...

Страница 70: ...s IP Address DHCP assigned Default Gateway 0 0 0 0 DHCP Client Enabled Relay Disabled Server Disabled DNS Client Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabl...

Страница 71: ...andard web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to...

Страница 72: ...storm control on any port for excessive broadcast traffic Display system information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a connection to a PC or...

Страница 73: ...sk and default gateway using a console connection or DHCP protocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignme...

Страница 74: ...er admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have a...

Страница 75: ...ess allocation servers on the network An IPv6 link local address for use in a local network can be dynamically generated as described in Obtaining an IPv6 Address on page 77 The current software does...

Страница 76: ...e address An IPv6 prefix or address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the...

Страница 77: ...luding a network prefix and the host address for the switch You can specify either the full IPv6 address or the IPv6 address and prefix length The prefix length for an IPv6 network is the number of bi...

Страница 78: ...equests IP will be enabled but will not function until a BOOTP or DHCP reply has been received Requests are broadcast every few minutes using exponential backoff until IP configuration information is...

Страница 79: ...VLAN 1 and address mode DHCP Console copy running config startup config Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success OBTAINING AN IPV6 ADDRESS Link...

Страница 80: ...The switch includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a defa...

Страница 81: ...SNMP v1 and v2c clients is disabled TRAP RECEIVERS You can also specify SNMP stations that are to receive traps from the switch To configure a trap receiver use the snmp server host command From the P...

Страница 82: ...ol on page 370 or refer to the specific CLI commands for SNMP starting on page 671 MANAGING SYSTEM FILES The switch s flash memory supports three types of system files that can be managed by the CLI p...

Страница 83: ...save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command New startup configuration files must...

Страница 84: ...tftp startup config and press Enter 2 Enter the address of the TFTP server Press Enter 3 Enter the name of the startup file stored on the server Press Enter 4 Enter the name for the startup file on t...

Страница 85: ...VLAN Configuration on page 161 Address Table Settings on page 195 Spanning Tree Algorithm on page 203 Rate Limit Configuration on page 227 Storm Control Configuration on page 229 Class of Service on...

Страница 86: ...84 SECTION II Web Configuration Unicast Routing on page 517 Multicast Routing on page 575...

Страница 87: ...ateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 73 2 Set user names and passwords using an out of band serial connection Access to the web agent...

Страница 88: ...your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right...

Страница 89: ...values and restores current values prior to pressing Apply Help Links directly to web help NOTE To ensure proper screen refresh be sure that Internet Explorer 5 x is configured as follows Under the me...

Страница 90: ...nual Manually sets the current time 116 SNTP Configures SNTP polling interval 117 Configure Time Server Configures a list of SNTP servers 118 Configure Time Zone Sets the local time zone for the syste...

Страница 91: ...arameters for link aggregation group members on the remote side 144 Show Information Counters Displays statistics for LACP protocol messages 149 Internal Displays configuration settings and operationa...

Страница 92: ...ws the interfaces assigned to a VLAN through GVRP 171 Private Configure VLAN Add Creates primary or community VLANs 175 Show Display configured primary and community VLANs 175 Add Community VLAN Assoc...

Страница 93: ...on parameters 206 STA Spanning Tree Algorithm Configure Global Configure Configures global bridge settings for STP RSTP and MSTP 207 Show Informaton Displays STA values used for the bridge 212 Configu...

Страница 94: ...on conforming traffic 241 Show Rule Shows the rules used to enforce bandwidth policing for a policy map 241 Configure Interface Applies a policy map to an ingress port 251 VoIP Voice over IP 253 Confi...

Страница 95: ...gure Service Sets the authorization method applied used for the console port and for Telnet 272 Show Information Shows the configured authorization methods and the methods applied to specific interfac...

Страница 96: ...dd Specifies the name of a time range 300 Show Shows the name of configured time ranges 300 Add Rule 300 Absolute Sets exact time or time range 300 Periodic Sets a recurrent time 300 Show Rule Shows t...

Страница 97: ...dresses in the source guard binding table 339 Dynamic Binding Displays the source guard binding table for a selected interface 342 Administration 351 Log 351 System 351 Configure Global Stores error m...

Страница 98: ...ccess policies for assigned users 379 Show Shows configured groups and access policies 379 Configure User Add Community Configures community strings and access mode 382 Show Community Shows community...

Страница 99: ...e network 473 Trace Route Shows the route packets take to the specified destination 474 ARP Address Resolution Protocol 475 Configure General Sets the protocol timeout and enables or disables proxy AR...

Страница 100: ...link 452 local address and sets related protocol settings Add IPv6 Address Adds an global unicast EUI 64 or link local IPv6 address to an interface 455 Show IPv6 Address Show the IPv6 addresses assign...

Страница 101: ...nooping binding information 349 Server 505 Configure Global Enables DHCP service on this switch 505 Configure Excluded Address 506 Add Adds excluded addresses 506 Show Shows excluded addresses 506 Con...

Страница 102: ...erface 415 Configure Configures IGMP snooping per VLAN interface 415 Show Shows IGMP snooping settings per VLAN interface 415 Forwarding Entry Displays the current multicast groups learned through IGM...

Страница 103: ...1 Configure Static Group Member 444 Add Statically assigns MVR multicast streams to an interface 444 Show Show MVR multicast streams statically assigned to an interface 444 Show Member Shows informati...

Страница 104: ...RIP settings and statistics on RIP protocol messages 534 Show Peer Information Displays information on neighboring RIP routers 535 Reset Statistics Clears statistics for RIP protocol messages 536 OSPF...

Страница 105: ...9 Virtual Link 565 Add Configures a virtual link through a transit area to the backbone 565 Show Shows virtual links neighbor address and state 565 Configure Detailed Settings Configures detailed prot...

Страница 106: ...the multicast groups for which this switch is advertising itself as an RP candidate to the BSR 593 Show Information Show BSR Router Displays information about the BSR 595 Show RP Mapping Displays the...

Страница 107: ...system start up files Setting the System Clock Sets the current time manually or through specified SNTP servers Console Port Settings Sets console port connection parameters Telnet Settings Sets Teln...

Страница 108: ...e management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To con...

Страница 109: ...ain board Internal Power Status Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as Master or Slave EPLD Version Version number...

Страница 110: ...o process protocol encapsulation fields CLI REFERENCES System Management Commands on page 627 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or serve...

Страница 111: ...based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service on page 231 Static Entry Indivi...

Страница 112: ...st filtering WEB INTERFACE To view Bridge Extension information 1 Click System then Capability Figure 6 Displaying Bridge Extension Configuration MANAGING SYSTEM FILES This section describes how to up...

Страница 113: ...e Copies a file from a TFTP server to the switch TFTP Download Copies a file from the switch to a TFTP server FTP TFTP Server IP Address IP address of an FTP or TFTP server User Name The user name for...

Страница 114: ...s used enter the IP address of the file server 5 If FTP Upgrade is used enter the user name and password for your account on the FTP server 6 Set the file type to Operation Code 7 Enter the name of th...

Страница 115: ...n Running Config Copies the current configuration settings to a local file on the switch Destination File Name Copy to the currently designated startup file or to a new file The file name should not c...

Страница 116: ...mware or configuration file to use for system initialization CLI REFERENCES whichboot on page 641 boot system on page 636 WEB INTERFACE To set a file to use for system initialization 1 Click System th...

Страница 117: ...stem Files SETTING THE SYSTEM CLOCK Simple Network Time Protocol SNTP allows the switch to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time...

Страница 118: ...e set on the switch Hours Sets the hour Range 0 23 Default 0 Minutes Sets the minute value Range 0 59 Default 0 Seconds Sets the second value Range 0 59 Default 0 Month Sets the month Range 1 12 Defau...

Страница 119: ...switch will query the time servers PARAMETERS The following parameters are displayed in the web interface Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval...

Страница 120: ...are displayed in the web interface SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three time servers The switch attempts to update the time from the first server if this fails it attem...

Страница 121: ...0 predefined time zone definitions or your can manually configure the parameters for your local time zone PARAMETERS The following parameters are displayed in the web interface Direction Configures th...

Страница 122: ...35 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interfac...

Страница 123: ...the console connection see login on page 645 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts The...

Страница 124: ...300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is term...

Страница 125: ...play information on CPU utilization CLI REFERENCES show process cpu on page 629 PARAMETERS The following parameters are displayed in the web interface Time Interval The interval at which to update the...

Страница 126: ...on parameters CLI REFERENCES show memory on page 628 PARAMETERS The following parameters are displayed in the web interface Free Size The amount of memory currently free for use Used Size The amount o...

Страница 127: ...ETERS The following parameters are displayed in the web interface System Reload Configuration Reset Mode Restarts the switch immediately or at the specified time s Immediately Restarts the system imme...

Страница 128: ...d Daily Every day Weekly Day of the week at which to reload Range Sunday Saturday Monthly Day of the month at which to reload Range 1 31 WEB INTERFACE To restart the switch 1 Click System then Reset 2...

Страница 129: ...127 CHAPTER 4 Basic Management Tasks Resetting the System Figure 20 Restarting the Switch In Figure 21 Restarting the Switch At...

Страница 130: ...ly System Reset System Reload Information No configured sett ngs for reloading Refresh Cancel System Reload Configuration Reset Mode IRegularly Time ios 30 I HH M I Period 0 Daily 0 Weekly S nday 0 f...

Страница 131: ...ross one or more intermediate switches which pass traffic for VLAN groups to which they do not belong PORT CONFIGURATION This section describes how to configure port connections mirror traffic from on...

Страница 132: ...n Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive collisions and then re enable it after the problem has been resolved You may also disa...

Страница 133: ...a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Default Autonegotiation enabled on G...

Страница 134: ...e or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page 129 CLI REFERENCES Interfac...

Страница 135: ...yed in the web interface Port Port identifier Type Indicates the port type 1000Base T 1000Base SFP or 10G Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indicates if t...

Страница 136: ...e to the target port and study the traffic crossing the source port in a completely unobtrusive manner Figure 26 Configuring Local Port Mirroring Source port s Single target port CLI REFERENCES Local...

Страница 137: ...lows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Rx WEB INTERFACE To configure a local mirror session 1 Click Interface Port Mirror 2 Select Add fro...

Страница 138: ...d have been accumulated since the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default NOTE RMON groups 2 3 and 9 can only be accessed using SNMP...

Страница 139: ...ose that were discarded or not sent Received Unknown Packets The number of packets received via the interface which were discarded because of an unknown or unsupported protocol Etherlike Statistics Si...

Страница 140: ...s Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less than 64 octets long exc...

Страница 141: ...wn list 4 Use the Refresh button at the bottom of the page if you need to update the screen Figure 29 Showing Port Statistics Table To show a chart of port statistics 1 Click Interface Port Chart 2 Se...

Страница 142: ...s must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can automatically negotiate a trunked link with LACP configured ports on another device You can configure any...

Страница 143: ...settings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added o...

Страница 144: ...e 1 Port Port identifier Range 1 26 50 WEB INTERFACE To create a static trunk 1 Click Interface Trunk Static 2 Select Configure Trunk from the Step list 3 Select Add from the Action list 4 Enter a tru...

Страница 145: ...from the Step list 3 Select Configure from the Action list 4 Modify the required interface settings Refer to Configuring by Port List on page 129 for a description of the parameters 5 Click Apply Fig...

Страница 146: ...re disabling LACP If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assign...

Страница 147: ...lt 1 By default the Actor Admin Key is determined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the P...

Страница 148: ...om the Step list 3 Set the Admin Key for the required LACP group 4 Click Apply Figure 37 Configuring the LACP Aggregator Admin Key To enable LACP for a port 1 Click Interface Trunk Dynamic 2 Select Co...

Страница 149: ...st 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 39 Configuring LACP Parameters on a Port To show the active members of a dyna...

Страница 150: ...t 4 Modify the required interface settings See Configuring by Port List on page 129 for a description of the interface settings 5 Click Apply Figure 41 Configuring Connection Settings for Dynamic Trun...

Страница 151: ...r PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protoco...

Страница 152: ...RENCES show lacp on page 845 PARAMETERS These parameters are displayed in the web interface Table 7 LACP Internal Configuration Information Parameter Description LACP System Priority LACP system prior...

Страница 153: ...bled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has bee...

Страница 154: ...e user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port...

Страница 155: ...twork administrators with an accurate detailed and real time overview of the types and levels of traffic present on their network The sFlow Agent samples 1 out of n packets from all data traversing th...

Страница 156: ...ampling Commands on page 699 PARAMETERS These parameters are displayed in the web interface Port Choose the port to configure Range 1 26 50 Default 1 Status Enables sFlow on the selected port Receiver...

Страница 157: ...00 bytes Sample Rate The number of packets out of which one sample will be taken Range 256 16777215 packets or 0 to disable sampling Default Disabled WEB INTERFACE To configure flow sampling 1 Click I...

Страница 158: ...orts is only forwarded to and from uplink ports ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation CLI REFERENCES Configuring Por...

Страница 159: ...rt based Traffic Segmentation on page 904 PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifier Range 1 26 50 Trunk Trunk Ide...

Страница 160: ...N group tags However by enabling VLAN trunking on the intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN groups in switches A and B Switches C D and E...

Страница 161: ...only be enabled on Gigabit ports Trunk Trunk Identifier Range 1 32 VLAN Trunking Status Enables VLAN trunking on the selected interface WEB INTERFACE To enable VLAN trunking on a port or trunk 1 Clic...

Страница 162: ...160 CHAPTER 5 Interface Configuration VLAN Trunking...

Страница 163: ...mapping table IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs t...

Страница 164: ...LAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports V...

Страница 165: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Страница 166: ...oes not contain any VLAN aware devices including the destination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this...

Страница 167: ...of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN WEB INTERFACE To create VLAN groups 1 Click VLAN Static 2 Select Add from the Action list 3 Enter a VLAN ID...

Страница 168: ...tatic 2 Select Show from the Action list Figure 55 Showing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a ran...

Страница 169: ...ts tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames PVID VLAN ID assigned to untagge...

Страница 170: ...AN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an unta...

Страница 171: ...y VLAN from the Step list 3 Set the Interface type to display as Port or Trunk 4 Modify the settings for any interface as required Remember that Membership Type cannot be changed until an interface ha...

Страница 172: ...the Step list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptable frame type and ingress filterin...

Страница 173: ...Status Enables disables GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets receive...

Страница 174: ...tch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch 1 Click VLAN Dynamic 2 Select Co...

Страница 175: ...this switch 1 Click VLAN Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 61 Showing Dynamic VLANs Registered on the Switch To show the members of...

Страница 176: ...t while the community ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN Note...

Страница 177: ...to community ports within secondary or community VLANs Community Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN WEB INTERFACE To configure privat...

Страница 178: ...S These parameters are displayed in the web interface Primary VLAN ID of primary VLAN 2 4093 Community VLAN VLAN associated with the selected primary VLAN WEB INTERFACE To associate a community VLAN w...

Страница 179: ...ng Associated VLANs CONFIGURING PRIVATE VLAN INTERFACES Use the VLAN Private Configure Interface page to set the private VLAN interface type and assign the interfaces to a private VLAN CLI REFERENCES...

Страница 180: ...iscuous then specify the associated primary VLAN Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Set Port Mode to...

Страница 181: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Страница 182: ...AN tags are added to all incoming packets no matter how many tags they already have The ingress process constructs and inserts the outer tag SPVLAN into the packet based on the default VLAN ID and Tag...

Страница 183: ...al to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled I...

Страница 184: ...nformation are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tunnel...

Страница 185: ...port Range hexadecimal 0800 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value This feature allows the switch to interoperate with third party switches that do not use the standar...

Страница 186: ...d client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Tunnel mode and set the uplink...

Страница 187: ...e easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind o...

Страница 188: ...ocol groups CLI REFERENCES protocol vlan protocol group Configuring Groups on page 912 PARAMETERS These parameters are displayed in the web interface Frame Type Choose either Ethernet RFC 1042 or LLC...

Страница 189: ...from the Action list 4 Select an entry from the Frame Type list 5 Select an entry from the Protocol Type list 6 Enter an identifier for the protocol group 7 Click Apply Figure 71 Configuring Protocol...

Страница 190: ...e frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If...

Страница 191: ...affic will be forwarded 7 Click Apply Figure 73 Assigning Interfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the...

Страница 192: ...e VLAN ID An IP subnet consists of an IP address and a mask When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLAN mapping table and if an entry is...

Страница 193: ...s field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 194: ...ses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last PA...

Страница 195: ...iguration Configuring MAC based VLANs 6 Click Apply Figure 77 Configuring MAC Based VLANs To show the MAC addresses mapped to a VLAN 1 Click VLAN MAC Based 2 Select Show from the Action list Figure 78...

Страница 196: ...194 CHAPTER 6 VLAN Configuration Configuring MAC based VLANs...

Страница 197: ...MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on page 756 COMMAND USAGE When MAC address learning...

Страница 198: ...ee Configuring Port Security on page 327 is enabled on the same interface PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifi...

Страница 199: ...en on another interface the address will be ignored and will not be written to the address table Static addresses will not be removed from the address table when a given interface link is down A stati...

Страница 200: ...GING THE AGING TIME Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned forwarding inf...

Страница 201: ...dress for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Othe...

Страница 202: ...EARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from the forwarding database CLI REFERENCES clear mac address table dynamic on page 85...

Страница 203: ...3 Select the method by which to clear the entries i e All MAC Address VLAN or Interface 4 Enter information in the additional fields required for clearing entries by MAC Address VLAN or Interface 5 C...

Страница 204: ...CHAPTER 7 Address Table Settings Clearing the Dynamic Address Table 202...

Страница 205: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 206: ...into MSTP RSTP achieves much faster reconfiguration i e around 1 to 3 seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefi...

Страница 207: ...idge node for communications with STP or RSTP nodes in the global network Figure 87 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree Region 1 Region 1 CIST CST IST Region 4 Re...

Страница 208: ...s own BPDUs in a forward delay interval NOTE If loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802...

Страница 209: ...MMAND USAGE Spanning Tree Protocol2 Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemente...

Страница 210: ...spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances f...

Страница 211: ...is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 When the Switch Becomes Root Hello Time Interval in seconds at which the ro...

Страница 212: ...pping table In other words this key is a mapping of all VLANs to the CIST Region Revision3 The revision for this MSTI Range 0 65535 Default 0 Region Name3 The name for this MSTI Maximum length 32 char...

Страница 213: ...211 CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA Figure 89 Configuring Global Settings for STA STP Figure 90 Configuring Global Settings for STA RSTP...

Страница 214: ...on page 883 show spanning tree mst configuration on page 884 PARAMETERS The parameters displayed in the web interface are described in the preceding section except for the following items Bridge ID A...

Страница 215: ...ACE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 92 Displaying Global Settings for STA CO...

Страница 216: ...between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Also not that path cost takes precedence over port pri...

Страница 217: ...servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate re...

Страница 218: ...PDU guard feature provides a secure response to invalid configurations because an administrator must manually enable the port Default Disabled BPDU Filter BPDU filtering allows you to avoid transmitti...

Страница 219: ...g Tree Shows if STA has been enabled on this interface STA Status Displays current state of this port within the Spanning Tree Discarding Port receives STA configuration messages but does not forward...

Страница 220: ...mmunicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operationa...

Страница 221: ...R A D B x R Root Port A Alternate Port D Designated Port B Backup Port R R A D B x Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port WEB...

Страница 222: ...ithin the same MSTI Region page 207 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecti...

Страница 223: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Страница 224: ...the priority for an MSTP Instance 5 Click Apply Figure 98 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the S...

Страница 225: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 10...

Страница 226: ...d for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Sp...

Страница 227: ...rameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Cl...

Страница 228: ...ona Totat 26 I DnlgnMedBrldge II 0 mrn 1 TJpelir I PortEdgeIPortAc l 1 Forwardilg 3 0 32768 0 0000E89382AO 128 1 100000 Point ta Disabled Oesignated Point Point ta 2 Discard11g 0 0 32768 0 0000ES9382A...

Страница 229: ...fic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes CLI REFERENCES Rate Limit Commands on page 853 PAR...

Страница 230: ...I Slalue I ble 1 1OOOBase TX 0 Enabled 11000000 1 64 1oooooo 0Enabled 11000000 64 1000000 2 1OOOBase TX 0 Enabled 11000000 1 64 1oooooo 0Enabled 11000000 64 1000000 3 1OOOBase TX 0Enabled lsooooo 1 6...

Страница 231: ...ERENCES switchport packet rate on page 831 COMMAND USAGE Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic PARAMETERS These parameters are displayed...

Страница 232: ...fic Storm Control Interface 0 Port O Trunk Port Storm ContrOIList Mox 26 Total 26 EJ mrn I I Port I Type I llroedceat 1 t OOOBose TX Enobled 500 262143 2 1000Bose TX Enobled lj2ooo l 500 262143 3 1000...

Страница 233: ...ority page to specify the default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the a...

Страница 234: ...eue mode for the egress queues on any interface The switch can be set to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before the lower...

Страница 235: ...These parameters are displayed in the web interface Interface Displays a list of ports or trunks Queue Mode Strict Services the egress queues in sequential order transmitting all traffic in the higher...

Страница 236: ...eue mode 4 If any of the weighted queue modes is selected the queue weight can be modified if required 5 If any of the queue modes that use a combination of strict and weighted queueing are selected t...

Страница 237: ...nd WRR Traffic Priority Queue Interface r Port f i 3 r Trunk Queue Mode I S lrict and WRR iJ Queue SettingTable l lax 8 Totat 8 QI ID l Sirlet llode 1 Weight 1 ti 0 IEnabled iJ r 1 IEnabled iJ r 2 loi...

Страница 238: ...CHAPTER 11 Class of Service Layer 2 Queue Settings 236...

Страница 239: ...t kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the...

Страница 240: ...nitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign a policy ma...

Страница 241: ...e of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSC...

Страница 242: ...aps To edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of tra...

Страница 243: ...ich indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value or a member of specific VLAN A policy map is then configured which indicates the boundary param...

Страница 244: ...lors as described below A packet is marked green if it doesn t exceed the committed information rate and committed burst size yellow if it does exceed the committed information rate and committed burs...

Страница 245: ...peak information rate PIR and their associated burst sizes committed burst size BC or burst rate and peak burst size BP Action may taken for traffic conforming to the maximum throughput exceeding the...

Страница 246: ...red as red or if Tp t B 0 the packet is red else if the packet has been precolored as yellow or if Tc t B 0 the packet is yellow and Tp is decremented by B else the packet is green and both Tp and Tc...

Страница 247: ...t committed burst size BC or burst rate and the action to take for conforming and non conforming traffic Policing is based on a token bucket where bucket depth that is the maximum burst before the buc...

Страница 248: ...colors The color modes include Color Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional differences between...

Страница 249: ...oughput exceeding the maximum throughput but within the peak information rate or exceeding the peak information rate In addition to the actions defined by this command to transmit remark the DSCP serv...

Страница 250: ...ether traffic that exceeds the maximum rate CIR but is within the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority for out of con...

Страница 251: ...Policy from the Step list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assign...

Страница 252: ...QoS Policies Figure 116 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Страница 253: ...one policy map can be bound to an interface The switch does not allow a policy map to be bound to an interface for egress traffic PARAMETERS These parameters are displayed in the web interface Port Sp...

Страница 254: ...252 CHAPTER 12 Quality of Service Attaching a Policy Map to a Port...

Страница 255: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Страница 256: ...ady be created on the switch Range 1 4093 Voice VLAN Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port Range 5 43200 minutes Def...

Страница 257: ...played in the web interface Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 89 AB Mask Identifies a range of MAC addresses Selecting a mask o...

Страница 258: ...age to configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic priority You can also enable security filtering to ensure that o...

Страница 259: ...the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MAC address OUI numbers are assigned to manufacturers and form the first thr...

Страница 260: ...affi c VoiP Step 13 Conf gureInterface v I VoiPPortList Max 26 Total 26 Port i llocle I s rtty I _ _ I Prtorttr I AernM IgAge _ 1 IAuto v J 0Enabled 0OUI 0LLDP ls I NA 2 IAuto v J 0Enabled 0OUI 0LLDP...

Страница 261: ...uthentication methods are infeasible or impractical Network Access Configure MAC authentication and dynamic VLAN assignment HTTPS Provide a secure web connection SSH Provide a secure shell for secure...

Страница 262: ...ers in the network The security servers can be defined as sequential groups that are applied as a method for controlling user access to specified services For example when the switch attempts to authe...

Страница 263: ...08 COMMAND USAGE By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentica...

Страница 264: ...e logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of...

Страница 265: ...Transport Layer Security or TTLS Tunneled Transport Layer Security PARAMETERS These parameters are displayed in the web interface Configure Server RADIUS Global Provides globally applicable RADIUS se...

Страница 266: ...CS server used for authentication messages Range 1 65535 Default 49 Set Key Mark this box to set or modify the encryption key Authentication Key Encryption key used to authenticate logon access for cl...

Страница 267: ...the parameters that apply to a specific server 5 To set or modify the authentication key mark the Set Key box enter the key and then confirm it 6 Click Apply Figure 125 Configuring Remote Authenticati...

Страница 268: ...p name followed by the index of the server to use for each priority level 6 Click Apply Figure 127 Configuring AAA Server Groups To show the RADIUS or TACACS server groups used for accounting and auth...

Страница 269: ...nutes where 0 means disabled Configure Method Accounting Type Specifies the service as 802 1X Accounting for end users Exec Administrative accounting for local console Telnet or SSH connections Method...

Страница 270: ...unting service Method Name Displays the user defined or default accounting method Server Group Name Displays the accounting server group Interface Displays the port console or Telnet interface to whic...

Страница 271: ...g method applied to various service types and the assigned server group 1 Click Security AAA Accounting 2 Select Configure Method from the Step list 3 Select Add from the Action list 4 Select the acco...

Страница 272: ...e Action list Figure 131 Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces console commands entered at specific privilege levels and local console Telnet...

Страница 273: ...ecified service types 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Summary Figure 134 Displaying a Summary of Applied AAA Accounting Methods To display basic ac...

Страница 274: ...onnections Method Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 255 characters Server Gro...

Страница 275: ...the Exec service type and the assigned server group 1 Click Security AAA Authorization 2 Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name...

Страница 276: ...Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 138 Configuring AAA Authorization Methods for Exec Service To display a the configured authorization...

Страница 277: ...are displayed in the web interface User Name The name of the user Maximum length 8 characters maximum number of users 16 Access Level Specifies the user level Options 0 Normal 15 Privileged Normal pri...

Страница 278: ...on are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP...

Страница 279: ...must also be enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Rang...

Страница 280: ...Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply Enables web auth...

Страница 281: ...TE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access MAC Address Authentication on page 759 COMMAND USAGE MAC address authentication controls access to the network b...

Страница 282: ...nnel Private Group ID 1u 2t VLAN ID list The VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute The VLAN list can contain multiple VLAN identifiers in the format 1u 2t 3u...

Страница 283: ...d profiles on the authenticated port When the last user logs off on a port with a dynamic QoS assignment the switch restores the original QoS configuration for the port When a user attempts to log int...

Страница 284: ...rver During the reauthentication process traffic through the port remains unaffected Default 1800 seconds Range 120 1000000 seconds WEB INTERFACE To configure aging status and reauthentication time fo...

Страница 285: ...hentication intrusion action must be set for Guest VLAN see Configuring Port Settings for 802 1X on page 332 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port When enabled any VLA...

Страница 286: ...LAN and QoS assignments 5 Click Apply Figure 145 Configuring Interface Settings for Network Access CONFIGURING PORT LINK DETECTION Use the Security Network Access Configure Interface Link Detection pa...

Страница 287: ...onfigure Interface from the Step list 3 Click the Link Detection button 4 Modify the link detection status trigger condition and the response for any port 5 Click Apply Figure 146 Configuring Link Det...

Страница 288: ...ill check for the range of MAC addresses defined by the MAC bit mask If you omit the mask the system will assign the default mask of an exact match Range 000000000000 FFFFFFFFFFFF Default FFFFFFFFFFFF...

Страница 289: ...interface Query By Specifies parameters to use in the MAC address query Sort Key Sorts the information displayed based on MAC address port interface or attribute MAC Address Specifies a specific MAC a...

Страница 290: ...GURING HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s we...

Страница 291: ...ng systems currently support HTTPS Table 12 HTTPS System Support Web Browser Operating System Internet Explorer 5 0 or later Windows 98 Windows NT with service pack 6a Windows 2000 Windows XP Windows...

Страница 292: ...ue certificate and a private key and password from a recognized certification authority CAUTION For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest o...

Страница 293: ...ng the certificate to the switch Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not...

Страница 294: ...rts both password and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authent...

Страница 295: ...Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Setti...

Страница 296: ...he authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whether the su...

Страница 297: ...s the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Server Key Size Specifie...

Страница 298: ...the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with th...

Страница 299: ...Click Show Figure 154 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be st...

Страница 300: ...establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and...

Страница 301: ...rotocol port number or TCP control code IPv6 frames based on address next header type or flow label or any frames based on MAC address or Ethernet type To filter incoming packets first create an acces...

Страница 302: ...ess ports are checked in parallel 2 Rules within an ACL are checked in the configured order from top to bottom 3 If the result of checking an IP ACL is to permit a packet but the result of a MAC ACL o...

Страница 303: ...onfigure Time Range from the Step list 3 Select Add from the Action list 4 Enter the name of a time range 5 Click Apply Figure 157 Setting the Name of a Time Range To show a list of time ranges 1 Clic...

Страница 304: ...a mode option of Absolute or Periodic 6 Fill in the required parameters for the selected mode 7 Click Apply Figure 159 Add a Rule to a Time Range To show the rules configured for a time range 1 Click...

Страница 305: ...P protocol is specified then you can also filter packets based on the TCP control code IPv6 Standard IPv6 ACL mode filters packets based on the source IPv6 address IPv6 Extended IPv6 ACL mode filters...

Страница 306: ...eny Standard IP ACL on page 803 show ip access list on page 807 Time Range on page 667 PARAMETERS These parameters are displayed in the web interface Type Selects the type of ACLs to show in the Name...

Страница 307: ...g the port s to which this ACL has been assigned Time Range Name of a time range WEB INTERFACE To add rules to a Standard IPv4 ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Sele...

Страница 308: ...P Address Source or destination IP address Source Destination Subnet Mask Subnet mask for source or destination address See the description for Subnet Mask on page 304 Source Destination Port Source d...

Страница 309: ...control bit mask 18 SYN valid and ACK invalid use control code 2 control bit mask 18 Time Range Name of a time range WEB INTERFACE To add rules to an Extended IPv4 ACL 1 Click Security ACL 2 Select C...

Страница 310: ...tion of permit or deny rules Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 prefix t...

Страница 311: ...3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type...

Страница 312: ...ues One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The switch only checks the first 64 bits of the destination address De...

Страница 313: ...e routers by a control protocol such as a resource reservation protocol or by information within the flow s packets themselves e g in a hop by hop option A flow is uniquely identified by the combinati...

Страница 314: ...ers are displayed in the web interface Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permi...

Страница 315: ...can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bit mask Range 600 ffff hex Time Range Name of a time range WEB INTERFACE To...

Страница 316: ...are displayed in the web interface Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permit or...

Страница 317: ...tion MAC Bit Mask Hexadecimal mask for source or destination MAC address Log Logs a packet when it matches the access control entry WEB INTERFACE To add rules to an ARP ACL 1 Click Security ACL 2 Sele...

Страница 318: ...EFERENCES ip access group on page 806 ipv6 access group on page 813 show ip access group on page 807 show ipv6 access group on page 813 mac access group on page 817 show mac access group on page 818 T...

Страница 319: ...e middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropr...

Страница 320: ...not affect the ARP Inspection configuration of any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration changes wil...

Страница 321: ...ed basis After the system message is generated the entry is cleared from the log buffer Each log entry contains flow information such as the receiving VLAN the port number the source and destination I...

Страница 322: ...y ARP Inspection 2 Select Configure General from the Step list 3 Enable ARP inspection globally enable any of the address validation options and adjust any of the logging parameters if required 4 Clic...

Страница 323: ...arameters are displayed in the web interface ARP Inspection VLAN ID Selects any configured VLAN Default 1 ARP Inspection VLAN Status Enables ARP Inspection for the selected VLAN Default Disabled ARP I...

Страница 324: ...are exempt from ARP packet rate limiting Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untr...

Страница 325: ...ount of ARP packets received but not exceeding the ARP Inspection rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limi...

Страница 326: ...to show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 799 PARAMETERS These parameters are disp...

Страница 327: ...lt Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the s...

Страница 328: ...e SNMP group Telnet Configures IP address es for the Telnet group Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTERFACE To cre...

Страница 329: ...ress table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can aut...

Страница 330: ...e taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap messa...

Страница 331: ...enticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verif...

Страница 332: ...enabled globally for the switch Each switch port that will be used must be set to dot1X Auto mode Each client that needs to be authenticated must have dot1X client software installed and properly con...

Страница 333: ...tches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the edge of the network When this device is functioning as an edge swi...

Страница 334: ...he web interface Port Port number Status Indicates if authentication is enabled or disabled on the port The status is disabled if the control mode is set to Force Authorized Authorized Displays the 80...

Страница 335: ...x Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Supplicant Timeout Sets the time that a switc...

Страница 336: ...unt Number of times connecting state is re entered Current Identifier Identifier sent in each EAP Success Failure or Request packet by the Authentication Server Backend State Machine State Current sta...

Страница 337: ...ion Mode J Single Host vJ Max MAC Count 1 1024 Max Request 1 10 EJ Quiet Period 1 65535 EJsec Tx Period 1 65535 sec Supplicant Timeout 1 65535 sec Server Timeout 10 sec Re authentication Status O Enab...

Страница 338: ...pe that have been received by this Authenticator Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Authenticator Rx Last EAPOLSrc The source MAC addr...

Страница 339: ...d see DHCP Snooping on page 343 IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network This section describes command...

Страница 340: ...46 IP source guard will check the VLAN ID source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is static IP...

Страница 341: ...Configuring Static Bindings for IP Source Guard on page 339 WEB INTERFACE To set the IP Source Guard filter for ports 1 Click Security IP Source Guard Port Configuration 2 Set the required filtering...

Страница 342: ...same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with the same VLAN ID and MAC address and the typ...

Страница 343: ...figuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 Click Apply Figure 183 Configuring Static Bindings for IP Source Guard To display static bindings for IP Sour...

Страница 344: ...ayed in the web interface Query by Port A port on this switch VLAN ID of a configured VLAN Range 1 4093 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful...

Страница 345: ...ion to a DHCP server This information can be useful in tracking an IP address back to a physical port COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messages...

Страница 346: ...only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address ve...

Страница 347: ...by the switch and in reply packets sent back from the DHCP server This information may specify the MAC address or IP address of the requesting device that is the switch in this context By default the...

Страница 348: ...Option 82 information relay Default Disabled DHCP Snooping Information Option Policy Specifies how to handle DHCP client request packets which already contain Option 82 information Drop Drops the cli...

Страница 349: ...c VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned...

Страница 350: ...de the network or fire wall When DHCP snooping is enabled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed t...

Страница 351: ...g to the client Lease Time seconds The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN...

Страница 352: ...INTERFACE To display the binding table for DHCP Snooping 1 Click Security IP Source Guard DHCP Snooping 2 Select Show Information from the Step list 3 Use the Store or Clear function if required Figur...

Страница 353: ...ONFIGURING EVENT LOGGING The switch allows you to control the logging of error messages including the type of events that are recorded in switch memory logging to a remote System Log syslog server and...

Страница 354: ...itions e g return false unexpected return 3 Error Error conditions e g invalid input default used 2 Critical Critical conditions e g memory allocation or free memory error resource exhausted 1 Alert I...

Страница 355: ...ss memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Figure 191 Showing Error Messages Looged to System Memory REMOTE LOG CONFIGURATION Use the Administrati...

Страница 356: ...r storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Level Limits log messages that are sent to the remote syslog server for all levels up to the specified level For ex...

Страница 357: ...ents at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 Email Source Address Sets the emai...

Страница 358: ...capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers SETTING LLDP TIMING ATTRIBUTES Use the Adminis...

Страница 359: ...anges are reported in each transmission This attribute must comply with the rule 4 Delay Interval Transmission Interval Reinitialization Delay Configures the delay before attempting to re initialize a...

Страница 360: ...the transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the...

Страница 361: ...by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Port Description The port description is taken from the ifDescr objec...

Страница 362: ...ggregation capabilities aggregation status of the link and the IEEE 802 3 aggregated port identifier if this interface is currently a link aggregation member Max Frame Size The maximum frame size See...

Страница 363: ...e Identifies the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to...

Страница 364: ...CSIS cable device IETF RFC 2669 and IETF RFC 2670 End Station Only IETF RFC 2011 System Capabilities Enabled The primary function s of the system which are currently enabled Refer to the preceding tab...

Страница 365: ...tion about devices connected directly to the switch s ports which are advertising information through LLDP or to display detailed information about an LLDP enabled device connected to a specific port...

Страница 366: ...stem Description A textual description of the network entity Management Address The IPv4 address of the remote device If no management address is available the address should be the MAC address for th...

Страница 367: ...Identity List Information about particular protocols that are accessible through a port This object represents an arbitrary local integer value used by this agent to identify a particular protocol ide...

Страница 368: ...te system PSE Power Sourcing Equipment or PD Powered Device Remote Power MDI Status Shows whether MDI power is enabled on the given port associated with the remote system Remote Power Pairs Signal mea...

Страница 369: ...aggregation state and or it does not support link aggregation this value should be zero Port Details 802 3 Extension Frame Information Remote Max Frame Size An integer value indicating the maximum sup...

Страница 370: ...capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1030 PARAMETERS These parameters...

Страница 371: ...es as well as any specific usage rules defined for the particular TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Fra...

Страница 372: ...d to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain softw...

Страница 373: ...n as views The switch has a default view all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and levels available and the system def...

Страница 374: ...p page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want...

Страница 375: ...required trap types 4 Click Apply Figure 202 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engin...

Страница 376: ...decimal characters 5 Click Apply Figure 203 Configuring the Local Engine ID for SNMP SPECIFYING A REMOTE ENGINE ID Use the Administration SNMP Configure Engine Add Remote Engine page to configure a en...

Страница 377: ...9 is equivalent to 1234567890 Remote IP Host The IP address of a remote management station which is using the specified engine ID WEB INTERFACE To configure a remote SNMP engine ID 1 Click Administrat...

Страница 378: ...er of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the obj...

Страница 379: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 207 Showing SNMP...

Страница 380: ...o an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Страница 381: ...ations This is the default security level AuthNoPriv SNMP communications use authentication but the data is not encrypted AuthPriv SNMP communications use both authentication and encryption Read View...

Страница 382: ...message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be generate...

Страница 383: ...Notification 1 3 6 1 4 1 259 10 1 1 2 1 0 108 This notification indicates that the CPU utilization crossed cpuUtiFallingThreshold swMemoryUtiRisingThresholdNotification 1 3 6 1 4 1 259 10 1 1 2 1 0 10...

Страница 384: ...g SNMP v1 and v2c For security reasons you should consider removing the default strings CLI REFERENCES snmp server community on page 672 PARAMETERS These parameters are displayed in the web interface...

Страница 385: ...lect Add Community from the Action list 4 Add new community strings as required and select the corresponding access rights from the Access Mode list 5 Click Apply Figure 212 Setting Community Access S...

Страница 386: ...ange 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups assigned to the SNMP security model noAuthNoPriv...

Страница 387: ...or authPriv then an authentication protocol and password must be specified If the security level is authPriv a privacy password must also be specified 5 Click Apply Figure 214 Configuring Local SNMPv...

Страница 388: ...age 388 and Specifying a Remote Engine ID on page 374 PARAMETERS These parameters are displayed in the web interface User Name The name of user connecting to the SNMP agent Range 1 32 characters Group...

Страница 389: ...it to a group Enter the IP address to identify the source of SNMPv3 inform messages sent from the local switch If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv...

Страница 390: ...which include a request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because...

Страница 391: ...defining it in the Configure User Add Community page UDP Port Specifies the UDP port number used by the trap manager Default 162 SNMP Version 2c IP Address IP address of a new management station to re...

Страница 392: ...Range 0 2147483647 centiseconds Default 1500 centiseconds Retry times The maximum number of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 Local...

Страница 393: ...P communications use both authentication and encryption WEB INTERFACE To configure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action lis...

Страница 394: ...o specified events on an independent basis This switch is an RMON capable device which can independently perform a wide range of tasks significantly reducing network management traffic It can continuo...

Страница 395: ...arm is triggered it will not be triggered again until the statistical value crosses the opposite bounding threshold and then back across the trigger threshold CLI REFERENCES Remote Monitoring Commands...

Страница 396: ...alling threshold and the last sample value was greater than this threshold then an alarm will be generated After a falling event has been generated another such event will not be generated until the s...

Страница 397: ...emote Monitoring Figure 222 Configuring an RMON Alarm To show configured RMON alarms 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Show from the Action list 4 Click...

Страница 398: ...the web interface Index Index to this entry Range 1 65535 Type Specifies the type of event to initiate None No event is generated Log Generates an RMON log entry when the event is triggered Log messag...

Страница 399: ...list 4 Click Event 5 Enter an index number the type of event to initiate the community string to send with trap messages the name of the person who created this event and a brief description of the ev...

Страница 400: ...nds on page 691 COMMAND USAGE Each index number equates to a port on the switch If history collection is already enabled on an interface the entry must be deleted before any changes can be made The in...

Страница 401: ...Select Add from the Action list 4 Click History 5 Select a port from the list as the data source 6 Enter an index number the sampling interval the number of buckets to use and the name of the owner f...

Страница 402: ...the list 5 Click History Figure 228 Showing Collected RMON History Samples CONFIGURING RMON STATISTICAL SAMPLES Use the Administration RMON Configure Interface Add Statistics page to collect statistic...

Страница 403: ...ntry Range 1 65535 Owner Name of the person who created this entry Range 1 127 characters WEB INTERFACE To enable regular sampling of statistics on a port 1 Click Administration RMON 2 Select Configur...

Страница 404: ...ure 230 Showing Configured RMON Statistical Samples To show collected RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from th...

Страница 405: ...security and data isolation OVERVIEW Multicasting is used to support real time applications such as video conferencing or streaming audio A multicast server does not have to establish a separate conn...

Страница 406: ...embers but also supports the Protocol Independent Multicasting PIM routing protocol required to forward multicast traffic to other subnets page 1213 You can also configure a single network wide multic...

Страница 407: ...ersion 1 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports The primary enhancement provided by IGMPv3 snooping is in keeping track of information about the specific multicast sou...

Страница 408: ...ached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 407 Static IGMP Router Interface If IGMP snooping cannot locate...

Страница 409: ...ut the VLAN if unregistered flooding is enabled see Unregistered Data Flood in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they...

Страница 410: ...nd all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolicited re...

Страница 411: ...queries that do not contain the Router Alert option Unregistered Data Flooding Floods unregistered multicast traffic into the attached VLAN Default Disabled Once the table used to store multicast ent...

Страница 412: ...dless of the snooping version employed Querier Status When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic This feature is n...

Страница 413: ...ate interfaces within the switch CLI REFERENCES Static Multicast Routing on page 976 PARAMETERS These parameters are displayed in the web interface VLAN Selects the VLAN which is to propagate all mult...

Страница 414: ...ting protocol such as PIM to support IP multicasting across the Internet These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch To show all the...

Страница 415: ...973 COMMAND USAGE Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within...

Страница 416: ...Select the VLAN for which to display this information Figure 239 Showing Static Interfaces Assigned to a Multicast Service To display information about all multicast groups IGMP Snooping or multicast...

Страница 417: ...st routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast source and group membership messages MR...

Страница 418: ...acefully shut down Advertisement and Termination messages are sent to the All Snoopers multicast address Solicitation messages are sent to the All Routers multicast address NOTE MRD messages are flood...

Страница 419: ...iable fixed at 2 as defined in RFC 2236 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should only be enabled on an interfa...

Страница 420: ...o proxy general queries Range 10 31744 tenths of a second Default 10 seconds This attribute applies when the switch is serving as the querier page 407 or as a proxy host when IGMP snooping proxy repor...

Страница 421: ...dress in IGMP reports sent to upstream ports Many hosts do not implement RFC 4541 and therefore do not understand query messages with the source address of 0 0 0 0 These hosts will therefore not reply...

Страница 422: ...AMETERS These parameters are displayed in the web interface VLAN An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address Group Address IP mu...

Страница 423: ...or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast gro...

Страница 424: ...nooping Filter Add page to create an IGMP profile and set its access mode Then use the Add Multicast Group Range page to configure the multicast groups to filter CLI REFERENCES IGMP Filtering and Thro...

Страница 425: ...range of multicast groups End Multicast IP Address Specifies the ending address of a range of multicast groups WEB INTERFACE To create an IGMP filter profile and set its access mode 1 Click Multicast...

Страница 426: ...rofile to configure and add a multicast group address or range of addresses 4 Click Apply Figure 247 Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an...

Страница 427: ...s are displayed in the web interface Interface Port or trunk identifier An IGMP profile or throttling setting can be applied to a port or trunk When ports are configured as trunk members the trunk use...

Страница 428: ...which need to forward multicast traffic Layer 3 IGMP Query as described below is used in conjunction with both Layer 2 IGMP Snooping and multicast routing IGMP This protocol includes a form of multica...

Страница 429: ...168 1 3 IP IGMP Proxy Layer3 Switch Router Downstream Interfaces 192 168 2 1 192 168 3 1 192 168 4 1 PC PC PC PC PC Using IGMP proxy routing to forward multicast traffic on edge switches greatly reduc...

Страница 430: ...oxy settings described in this section 4 Optional Indicate how often the system will send unsolicited reports to the upstream router using the Multicast IGMP Proxy page as described later in this sect...

Страница 431: ...hould transmit unsolicited IGMP reports Range 1 65535 seconds Default 400 seconds WEB INTERFACE To configure IGMP Proxy Routing 1 Click Multicast IGMP Proxy 2 Select the upstream interface enable the...

Страница 432: ...web interface VLAN VLAN interface bound to a primary IP address Range 1 4093 IGMP Protocol Status Enables IGMP including IGMP query functions on a VLAN interface Default Disabled When a multicast rou...

Страница 433: ...s bursty as host responses are spread out over a larger interval The number of seconds represented by the maximum response interval must be less than the Query Interval Last Member Query Interval The...

Страница 434: ...tatically mapped this group to a specific source address Also if an address outside of the SSM address range is specified and a specific source address is included in the command the request to join t...

Страница 435: ...1 Click Multicast IGMP Static Group 2 Select Add from the Action list 3 Select a VLAN interface to be assigned as a static multicast group member and then specify the multicast group If source specif...

Страница 436: ...AN identifier The selected entry must be a configured IP interface Range 1 4093 Group Address IP multicast group address with subscribers directly attached or downstream from the switch Last Reporter...

Страница 437: ...ticast address is requested from all IP source addresses except for those listed in the source list parameter and for any other sources where the source timer status has expired Group Source List A li...

Страница 438: ...for transmitting multicast traffic such as television channels or video on demand across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers Th...

Страница 439: ...ports or receiver ports see Configuring MVR Interface Status on page 441 3 For multicast streams that will run for a long term and be associated with a stable set of hosts you can statically bind the...

Страница 440: ...members of the MVR VLAN see Adding Static Members to VLANs on page 166 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether o...

Страница 441: ...ayed in the web interface MVR Group IP IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default no groups are assigned to the MVR VLAN Any multicast data sent to this address is s...

Страница 442: ...multicast groups assigned to the MVR VLAN 1 Click Multicast MVR 2 Select Configure Group Range from the Step list 3 Select Show from the Action list Figure 260 Showing the Configured Group Range for M...

Страница 443: ...e ports Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled t...

Страница 444: ...e switch MVR status for receiver ports is Active only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface...

Страница 445: ...ress Defines a multicast service sent to the selected port Multicast groups must be assigned from the MVR group range configured on the Configure General page WEB INTERFACE To assign a static MVR grou...

Страница 446: ...b interface Group IP Address Multicast groups assigned to the MVR VLAN Source IP Address Indicates the source address of the multicast service or displays an asterisk if the group address has been sta...

Страница 447: ...egistration Figure 264 Showing All MVR Groups Assigned to a Port Multicast MVR Step 14 Show l lember _ MVR l lember List Total 3 224 1 1 1 Uno1 Port 5 VlAN2 I SourceiP a I VlAII I focw nlngPort 2 224...

Страница 448: ...446 CHAPTER 16 Multicast Filtering Multicast VLAN Registration...

Страница 449: ...to configure an IPv4 address for the switch An IPv4 address is obtained via DHCP by default for VLAN 1 To configure a static address you need to change the switch s default settings to values that ar...

Страница 450: ...y by the switch for an IP address DHCP BOOTP responses can include the IP address subnet mask and default gateway Default DHCP IP Address Type Specfies a primary or seconday IP address An interface ca...

Страница 451: ...enter the IP address and subnet mask 4 Click Apply Figure 265 Configuring a Static IPv4 Address To obtain an dynamic address through DHCP BOOTP for the switch 1 Click IP General Routing Interface 2 Se...

Страница 452: ...r for a specific period of time If the address expires or the switch is moved to another network segment you will lose management access to the switch In this case you can reboot the switch or submit...

Страница 453: ...ess cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshooting tasks However to connect to a larger netw...

Страница 454: ...explicit configuration of a link local interface address the MTU size and neighbor discovery protocol settings for duplicate address detection and the neighbor solicitation interval CLI REFERENCES IPv...

Страница 455: ...1280 65535 bytes Default 1500 bytes The maximum value set by this command cannot exceed the MTU of the physical interface which is currently fixed at 1500 bytes If a non default value is configured an...

Страница 456: ...not for any of the IPv6 global unicast addresses already associated with the interface ND NS Interval The interval between transmitting IPv6 neighbor solicitation messages on an interface Range 1000...

Страница 457: ...r of zeros required to fill the undefined fields The switch must always be configured with a link local address Therefore explicitly enabling IPv6 see Configuring IPv6 Interface Settings on page 452 o...

Страница 458: ...ddress Range 1 4093 Address Type Defines the address type configured for this interface Global Configures an IPv6 global unicast address with a full IPv6 address including the network prefix and host...

Страница 459: ...nd the rest of the address resulting in a modified EUI 64 interface identifier of 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP int...

Страница 460: ...l attached IPv6 nodes The interface local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicas...

Страница 461: ...R CACHE Use the IP IPv6 Configuration Show IPv6 Neighbor Cache page to display the IPv6 addresses detected for neighbor devices CLI REFERENCES show ipv6 neighbors on page 1106 PARAMETERS These paramet...

Страница 462: ...ile in Stale state the device takes no action until a packet is sent Delay More than the ReachableTime interval has elapsed since the last positive confirmation was received that the forward path was...

Страница 463: ...capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitable routes that is the...

Страница 464: ...fragments were addressed which might not be necessarily the input interface for some of the fragments Reassembled Succeeded The number of IPv6 datagrams successfully reassembled Note that this counter...

Страница 465: ...d Messages The number of ICMP Time Exceeded messages received by the interface Parameter Problem Messages The number of ICMP Parameter Problem messages received by the interface Echo Request Messages...

Страница 466: ...mber of ICMP Router Advertisement messages sent by the interface Redirect Messages The number of Redirect messages sent For a host this object will always be zero since hosts do not send redirects Gro...

Страница 467: ...465 CHAPTER 17 IP Configuration Setting the Switch s IP Address IP Version 6 Figure 273 Showing IPv6 Statistics IPv6 Figure 274 Showing IPv6 Statistics ICMPv6...

Страница 468: ...RENCES show ipv6 mtu on page 1095 PARAMETERS These parameters are displayed in the web interface Table 25 Show MTU display description Field Description MTU Adjusted MTU contained in the ICMP packet t...

Страница 469: ...figuration Setting the Switch s IP Address IP Version 6 Figure 276 Showing Reported MTU Values IP 1Pv6 Action lshowloiTU v l MTUTable l lax 10 Totat 2 IITU I Slnce I 1400 00 04 21 5000 1 3 1280 00 04...

Страница 470: ...468 CHAPTER 17 IP Configuration Setting the Switch s IP Address IP Version 6...

Страница 471: ...g traffic between VLANs with different IP interfaces and routing traffic to external IP networks However when the switch is first booted default routing can only forward traffic between local IP inter...

Страница 472: ...r 3 as well as traditional routing These functions include Layer 2 forwarding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing Based on the Layer 3 destination address...

Страница 473: ...ready there the switch broadcasts an ARP packet to all the ports on the destination VLAN to find out the destination MAC address After the MAC address is discovered the packet is reformatted and sent...

Страница 474: ...router s host number on that network In other words a router interface address defines the network segment that is connected to that interface and allows you to send IP packets to or from the router...

Страница 475: ...parameters are displayed in the web interface IP Address IP address of the host Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 512 bytes The actual...

Страница 476: ...s when the maximum timeout TTL is exceeded or the maximum number of hops is exceeded The trace route function first sends probe datagrams with the TTL value set at one This causes the first router to...

Страница 477: ...hop to the next ARP is used to map an IP address to a physical layer i e MAC address When an IP frame is received by this router or any standards based router it first looks up the MAC address corres...

Страница 478: ...er will be able forward traffic directly to the next hop for this destination without having to broadcast another ARP request Also if the switch receives a request for its own IP address it will send...

Страница 479: ...r specified VLAN interfaces allowing a non routing device to determine the MAC address of a host on another subnet or network Default Disabled End stations that require Proxy ARP must view the entire...

Страница 480: ...used if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Static e...

Страница 481: ...YNAMIC OR LOCAL ARP ENTRIES The ARP cache contains static entries and entries for local interfaces including subnet host and broadcast addresses However most entries will be dynamically learned throug...

Страница 482: ...RP Show Information page to display statistics for ARP messages crossing all interfaces on this router CLI REFERENCES show ip traffic on page 1113 PARAMETERS These parameters are displayed in the web...

Страница 483: ...to a subnet rather than using dynamic routing Static routes do not automatically change in response to changes in network topology so you should only configure a small number of stable routes to ensur...

Страница 484: ...IP address of the next router hop used for this route Distance An administrative distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic rou...

Страница 485: ...e interface identifier and next hop information for each reachable destination network prefix based on the IP routing table When routing or topology changes occur in the network the routing table is u...

Страница 486: ...isplay the routing table 1 Click IP Routing Routing Table 2 Select Show Information from the Action List Figure 289 Displaying the Routing Table EQUAL COST MULTIPATH ROUTING Use the IP Routing Routing...

Страница 487: ...paths have the same lowest cost the static paths have precedence over dynamic paths Each path toward the same destination with equal cost takes up one entry in the routing table to record routing inf...

Страница 488: ...he maximum ECMP number 1 Click IP Routing Routing Table 2 Select Configure ECMP Number from the Action List 3 Enter the maximum number of equal cost paths used to route traffic to the same destination...

Страница 489: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Страница 490: ...p router To select a specific device as the master router set the address of this interface as the virtual router address for the group Now set the same virtual address and a priority on the backup ro...

Страница 491: ...he virtual IP address Owner is the highest the original master router will always become the active master router when it recovers If two or more routers are configured with the same VRRP priority the...

Страница 492: ...ormation about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be proce...

Страница 493: ...n the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded State VRRP router role Values M...

Страница 494: ...nfigure Group ID from the Step List 3 Select Show from the Action List Figure 295 Showing Configured VRRP Groups To configure the virtual router address for a VRRP group 1 Click IP VRRP 2 Select Confi...

Страница 495: ...Configure Group ID from the Step List 3 Select Show IP Addresses from the Action List Figure 297 Showing the Virtual Addresses Assigned to VRRP Groups To configure detailed settings for a VRRP group...

Страница 496: ...e parameters are displayed in the web interface VRRP Packets with Invalid Checksum The total number of VRRP packets received with an invalid VRRP checksum value VRRP Packets with Unknown Error The tot...

Страница 497: ...to master Received Advertisement Packets Number of VRRP advertisements received by this router Received Error Advertisement Interval Packets Number of VRRP advertisements received for which the adver...

Страница 498: ...ived Invalid Authentication Type VRRP Packets Number of packets received with an unknown authentication type Received Mismatch Authentication Type VRRP Packets Number of packets received with Auth Typ...

Страница 499: ...ion to other name servers on the network When a client device designates this switch as a DNS server the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the sw...

Страница 500: ...the default domain name 4 Click Apply Figure 301 Configuring General Settings for DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of doma...

Страница 501: ...500 PARAMETERS These parameters are displayed in the web interface Domain Name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters...

Страница 502: ...il a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status PARAM...

Страница 503: ...E Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are displayed in t...

Страница 504: ...ACHE Use the IP Service DNS Cache page to display entries in the DNS cache that have been learned via the designated name servers CLI REFERENCES show dns cache on page 1040 COMMAND USAGE Servers or ot...

Страница 505: ...N PROTOCOL Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they boot up If a subnet does not already include...

Страница 506: ...erver to the client Figure 309 Layer 3 DHCP Relay Service Provides IP address compatible with switch segment to which client is attached DHCP Server CLI REFERENCES ip dhcp relay server on page 1045 ip...

Страница 507: ...er code or MAC address Figure 311 DHCP Server Address Pool 8 network address pools Static Addresses 32 static addresses all within the confines of configured network address pools COMMAND USAGE First...

Страница 508: ...bling the DHCP Server SETTING EXCLUDED ADDRESSES Use the IP Service DHCP Server Configure Excluded Addresses Add page to specify the IP addresses that should not be assigned to clients CLI REFERENCES...

Страница 509: ...3 Configuring Excluded Addresses on the DHCP Server To show the IP addresses excluded for DHCP clients 1 Click IP Service DHCP Server 2 Select Configure Excluded Addresses from the Step list 3 Select...

Страница 510: ...ddress pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hardware address for DHCP cli...

Страница 511: ...WINS name server used for Microsoft DHCP clients Netbios Type NetBIOS node type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the...

Страница 512: ...on Protocol 6 Click Apply Figure 315 Configuring DHCP Server Address Pools Network Figure 316 Configuring DHCP Server Address Pools Host To show the configured DHCP address pools 1 Click IP Service DH...

Страница 513: ...s DHCP server CLI REFERENCES show ip dhcp binding on page 1058 PARAMETERS These parameters are displayed in the web interface IP Address IP address assigned to host MAC Address MAC address of host Le...

Страница 514: ...o forward broadcast packets for specified UDP application ports to remote servers located in another network segment To configure UDP helper enable it globally see Configuring General DNS Service Para...

Страница 515: ...ace Destination UDP Port UDP application port for which UDP service requests are forwarded Range 1 65535 The following UDP ports are inlcuded in the forwarding list when the UDP helper is enabled and...

Страница 516: ...ed UDP broadcast packets are forwarded CLI REFERENCES ip helper address on page 1083 COMMAND USAGE Up to 20 helper addresses can be specified To forward UDP packets with the UDP helper the clients mus...

Страница 517: ...by default as described on page 513 PARAMETERS These parameters are displayed in the web interface VLAN ID VLAN identifier Range 1 4093 IP Address Host address or directed broadcast address to which U...

Страница 518: ...vices Forwarding UDP Service Requests Figure 323 Showing the Target Server or Subnet for UDP Requests IP Service UOP Helper Address Act on IShow v I VLAII ID UDP Helper Address List l lax 1024 Total 1...

Страница 519: ...ate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to learn consistent tables of n...

Страница 520: ...s Figure 324 Configuring RIP A 1 B 2 C 3 4 5 D 6 E Cost 1 for all links Routing table for node A COMMAND USAGE Just as Layer 2 switches use the Spanning Tree Algorithm to prevent loops routers also us...

Страница 521: ...mation Protocol RIP on page 1117 COMMAND USAGE RIP is used to specify how routers exchange routing information When RIP is enabled on this router it sends RIP messages to all devices in the network ev...

Страница 522: ...and the router learns about the same external network with a better metric from a redistribution point other than that derived from the original source The default metric does not override the metric...

Страница 523: ...outing protocol less sensitive to changes in the network configuration Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessib...

Страница 524: ...ntire RIP network redistribute connected routes using the Routing Protocol RIP Redistribute screen page 527 to make the RIP network a connected route To delete the RIP routes learned from neighbors bu...

Страница 525: ...l 2 Select Clear Route from the Action list 3 When clearing routes by type select the required type from the drop down list When clearing routes by network enter a valid network address and prefix len...

Страница 526: ...the network portion of the address This mask identifies the network address bits used for the associated routing entries By VLAN Adds a Layer 3 VLAN to the RIP routing process The VLAN must be config...

Страница 527: ...n interface the attached subnet will still continue to be advertised to other interfaces and updates from other routers on the specified interface will continue to be received and processed This featu...

Страница 528: ...h a static neighbor specifically for point to point links rather than relying on broadcast or multicast messages generated by the RIP protocol This feature can be used in conjunction with the passive...

Страница 529: ...ing Protocol RIP Redistribute Add page to import external routing information from other routing domains that is directly connected routes protocols or static routes into this autonomous system CLI RE...

Страница 530: ...ed to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follow an imported route the maximum number of hops allowed with...

Страница 531: ...rding to the IP address of the router supplying the routing information For example to filter out unreliable routing information from routers not under your administrative control The administrative d...

Страница 532: ...ion 4 Click Apply Figure 335 Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols 1 Click Routing Protocol RIP Distanc...

Страница 533: ...d by RIPv2 including subnet mask next hop and authentication information This is the default setting Use Do Not Send to passively monitor route information advertised by other routers attached to the...

Страница 534: ...se parameters are displayed in the web interface VLAN ID Layer 3 VLAN interface This interface must be configured with an IP address and have an active link Range 1 4093 Send Version The RIP version t...

Страница 535: ...ame password Range 1 16 characters case sensitive Instability Prevention Specifies the method used to reduce the convergence time when the network topology changes and to prevent RIP protocol messages...

Страница 536: ...S Use the Routing Protocol RIP Statistics Show Interface Information page to display information about RIP interface configuration settings CLI REFERENCES show ip rip on page 1134 PARAMETERS These par...

Страница 537: ...rmation page to display information on neighboring RIP routers CLI REFERENCES show ip protocols rip on page 1133 PARAMETERS These parameters are displayed in the web interface Peer Address IP address...

Страница 538: ...OSPF is more suited for large area networks which experience frequent changes in the links It also handles subnets much better than RIP OSPF protocol actively tests the status of each link to its neig...

Страница 539: ...ly the OSPF algorithms have been tailored for efficient operation in TCP IP Internets OSPFv2 is a compatible upgrade to OSPF It involves enhancements to protocol message authentication and the additio...

Страница 540: ...d areas and external links to other areas Use the Routing Protocol OSPF Network Area Add page to define an OSPF area and the interfaces that operate within this area An autonomous system must be confi...

Страница 541: ...rresponding address range forms a routing interface and can be configured to aggregate LSAs from all of its subnetwork addresses and exchange this information with other routers in the network as desc...

Страница 542: ...hat is contiguous with all the other areas in the network and configure an area for all of the other OSPF interfaces 4 Click Apply Figure 344 Defining OSPF Network Areas Based on Addresses To to show...

Страница 543: ...ers are using the same RFC for calculating summary route costs Enable this field to force the router to calculate summary route costs using RFC 1583 Default Disabled When RFC 1583 compatibility is ena...

Страница 544: ...ported from other protocols Range 0 16777214 Default 20 A default metric must be used to resolve the problem of redistributing external routes from other protocols that use incompatible metrics This d...

Страница 545: ...route Type 1 route advertisements add the internal cost to the external route metric Type 2 routes do not add the internal cost metric When comparing Type 2 routes the internal cost is only used as a...

Страница 546: ...eter Description Router ID Type Indicates if the router ID was manually configured or automatically generated by the system Rx LSAs The number of link state advertisements that have been received Orig...

Страница 547: ...mous systems to which it may be attached If a router is enabled as an ASBR then every other router in the autonomous system can learn about external routes from this device Restart Status Indicates if...

Страница 548: ...col OSPF Network Area Add page Range 1 65535 Area ID Identifier for a not so stubby area NSSA or stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from...

Страница 549: ...BR An NSSA is similar to a stub It blocks most external routing information and can be configured to advertise a single default route for traffic passing between the NSSA and other areas within the au...

Страница 550: ...s own area and then leaked to adjacent areas Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned through OSPF the default route static routes rout...

Страница 551: ...BR it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using this option Metric Type Type 1 or Type 2 external routes W...

Страница 552: ...icantly reduce the amount of topology data that has to be exchanged over the network Figure 354 OSPF Stub Area backbone ABR default external route stub By default a stub can only pass traffic to other...

Страница 553: ...ched stub Summary Controls the use of summary routes Summary Allows an Area Border Router ABR to send a summary link advertisement into the stub area No Summary Stops an ABR from sending a summary lin...

Страница 554: ...een see page 538 Area ID Identifier for a not so stubby area NSSA or stub SPF Runs The number of times the Shortest Path First algorithim has been run for this area ABR Count The number of Area Border...

Страница 555: ...Route Summarization for ABRs area ABR area summary route CLI REFERENCES router ospf on page 1136 area range on page 1142 COMMAND USAGE Use the Area Range configuration page to summarize intra area ro...

Страница 556: ...es whether or not to advertise the summary route If the routes are set to be advertised the router will issue a Type 3 summary LSA for each specified address range If the summary is not advertised the...

Страница 557: ...page 1185 COMMAND USAGE This router supports redistribution for all currently connected routes entries learned through RIP and static routes When you redistribute external routes into an OSPF autonom...

Страница 558: ...signed to all external routes for the specified protocol Range 1 65535 Default 10 The metric value specified for redistributed routes supersedes the Default External Metric specified in the Routing Pr...

Страница 559: ...oute individually in an external LSA as described in the preceding section The reduce the numer of protocol messages required to redistribute these external routes an Autonomous System Boundary Router...

Страница 560: ...ertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 553 This router supports up 20 Type 5 summary routes PARAMETERS These parameters...

Страница 561: ...assign an interface address range to an OSPF area After assigning a routing interface to an OSPF area use the Routing Protocol OSPF Interface Configure by VLAN or Configure by Address page to configur...

Страница 562: ...to prevent a router from being elected as a DR or BDR If set to any value other than zero the router with the highest priority becomes the DR and the router with the next highest priority becomes the...

Страница 563: ...d trip delay between any two routers on the attached network to avoid unnecessary retransmissions Authentication Type Specifies the authentication type used for an interface Options None Simple MD5 De...

Страница 564: ...e incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and ano...

Страница 565: ...s for All Interfaces Assigned to a VLAN To configure interface settings for a specific area assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by Address from the Action lis...

Страница 566: ...VLAN To show the configuration settings for OSPF interfaces 1 Click Routing Protocol OSPF Interface 2 Select Show from the Action list 3 Select the VLAN ID Figure 367 Showing OSPF Interfaces To show t...

Страница 567: ...ckbone area i e transit area to reach the backbone To define this path you must configure an ABR that serves as an endpoint connecting the isolated area to the common transit area and specify a neighb...

Страница 568: ...see page 538 Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IPv4 address or also as a four octet unsigned integer ranging from 0 4294967295 Neighbor Rou...

Страница 569: ...settings for a virtual link 1 Click Routing Protocol OSPF Virtual Link 2 Select Configure Detailed Settings from the Action list 3 Specify the process ID then modify the protocol timers and authentic...

Страница 570: ...zed with neighboring routers through a process called reliable flooding You can show information about different LSAs stored in this router s database which may include any of the following types Rout...

Страница 571: ...is to be displayed Link ID Network portion described by an LSA The Link ID is either An IP network number for Type 3 Summary and Type 5 AS External LSAs When an Type 5 AS External LSA is describing a...

Страница 572: ...e to show the Link State Advertisements LSAs stored in the link state database for virtual links CLI REFERENCES show ip ospf virtual links on page 1174 PARAMETERS These parameters are displayed in the...

Страница 573: ...lo message is due This time is determined by the Hello Interval which must be the same for all router attached to a common network Adjacency State The state of the virtual neighbor relationship Down C...

Страница 574: ...es include Down Connection down Attempt Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional commu...

Страница 575: ...ier Figure 376 Displaying Neighbor Routers Stored in the Link State Database Routing Protocol OSPF Information Type Q LSOB O Virtuallink 0 Neighbor Proeess 10 tJelghborInformation Ust Max s Totat 2 I...

Страница 576: ...574 CHAPTER 21 Unicast Routing Configuring the Open Shortest Path First Protocol Version 2...

Страница 577: ...s designed for networks where the probability of multicast group members is high such as a local network PIM SM is designed for networks where the probability of multicast group members is low such as...

Страница 578: ...a Reverse Path Tree RPT that channels the multicast traffic from each source through a single Rendezvous Point RP within the local PIM SM domain and then forwards this traffic to the Designated Route...

Страница 579: ...uters along the RP Tree are replicated wherever the RP Tree branches and eventually reach all the receivers for that multicast group Because all routers along the shared tree are using PIM SM the mult...

Страница 580: ...terface ENABLING MULTICAST ROUTING GLOBALLY Use the Multicast Multicast Routing General page to enable IP multicast routing globally on the switch CLI REFERENCES ip multicast routing on page 1205 PARA...

Страница 581: ...ticast routing tree based on the unicast routing table If the related unicast routing table does not exist PIM will still create a multicast routing entry displaying the upstream interface to indicate...

Страница 582: ...tes a pruned state along the shared tree for a particular source SPT bit set Multicast packets have been received from a source on shortest path tree Join SPT The rate of traffic arriving over the sha...

Страница 583: ...2 Select Show Summary from the Action List Figure 378 Displaying the Multicast Routing Table To display detailed information on a specific flow in multicast routing table 1 Click Multicast Multicast R...

Страница 584: ...ary to the multicast protocol parameters To use PIM multicast routing must be enabled on the switch see Enabling Multicast Routing Globally on page 578 WEB INTERFACE To enable PIM multicast routing 1...

Страница 585: ...received from a downstream router or if group members are directly connected to the interface When routers want to receive a multicast flow they periodically send join messages to the RP and are subs...

Страница 586: ...prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry PIM SM The multicast interface that first receives a multicast stream fro...

Страница 587: ...e hello delay is set to random value between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also...

Страница 588: ...a priority in its hello messages it is assumed to have the highest priority and is elected as the DR If more than one router is not advertising its priority then the router with the highest IP addres...

Страница 589: ...587 CHAPTER 22 Multicast Routing Configuring PIM for IPv4 Figure 381 Configuring PIM Interface Settings Dense Mode Figure 382 Configuring PIM Interface Settings Sparse Mode...

Страница 590: ...GLOBAL PIM SM SETTINGS Use the Routing Protocol PIM SM Configure Global page to configure the rate at which register messages are sent the source of register messages and switchover to the Shortest Pa...

Страница 591: ...gh the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree...

Страница 592: ...age This router will continue to be the BSR until it receives a bootstrap message from another candidate with a higher priority or a higher IP address if the priorities are the same To improve failove...

Страница 593: ...ge 0 255 Default 0 WEB INTERFACE To configure the switch as a BSR candidate 1 Click Multicast Multicast Routing SM 2 Select BSR Candidate from the Step list 3 Specify the VLAN interface for which this...

Страница 594: ...over the one statically configured All routers within the same PIM SM domain must be configured with the same RP s Selecting an RP through the dynamic election process is therefore preferable for mos...

Страница 595: ...RENCES ip pim rp candidate on page 1228 COMMAND USAGE When this router is configured as an RP candidate it periodically sends PIMv2 messages to the BSR advertising itself as a candidate RP for the spe...

Страница 596: ...p one of these routers as both the primary BSR and RP PARAMETERS These parameters are displayed in the web interface VLAN Identifier of configured VLAN interface Range 1 4093 Interval The interval at...

Страница 597: ...Select an interface from the VLAN list Figure 389 Showing Settings for an RP Candidate DISPLAYING THE BSR ROUTER Use the Routing Protocol PIM SM Show Information Show BSR Router page to display Infor...

Страница 598: ...the new BSR s identity and the RP set Accept Preferred The router knows the identity of the current BSR and is using the RP set provided by that BSR Only bootstrap messages from that BSR or from a C...

Страница 599: ...yed in the web interface Groups A multicast group address RP Address IP address of the RP for the listed multicast group Information Source RP that advertised the mapping how the RP was selected Stati...

Страница 600: ...y on the router You also need to enable PIM DM for each interface that will support multicast routing see page 599 and make any changes necessary to the multicast protocol parameters To use PIMv6 mult...

Страница 601: ...LD proxy is enabled on an interface PIMv6 cannot be enabled on any interface PARAMETERS These parameters are displayed in the web interface VLAN Layer 3 VLAN interface Range 1 4093 Mode PIMv6 routing...

Страница 602: ...am The protocol maintains both the current join state and the pending RPT prune state for this source group pair until the join prune interval timer expires LAN Prune Delay Causes this device to infor...

Страница 603: ...n 0 and the trigger hello delay Graft Retry Interval The time to wait for a Graft acknowledgement before resending a Graft message Range 1 10 seconds Default 3 seconds A graft message is sent by a rou...

Страница 604: ...v6 Interface Settings Dense Mode DISPLAYING NEIGHBOR INFORMATION Use the Routing Protocol PIM6 Neighbor page to display all neighboring PIMv6 routers CLI REFERENCES show ip pim neighbor on page 1222 P...

Страница 605: ...RFACE To display neighboring PIMv6 routers 1 Click Routing Protocol PIM6 Neighbor Figure 394 Showing PIMv6 Neighbors Routing Protocol PIM6 Neighbor NeighborInformation r rax 128 Total 2 I Vl AII I Upl...

Страница 606: ...604 CHAPTER 22 Multicast Routing Configuring PIMv6 for IPv6...

Страница 607: ...mands on page 691 Flow Sampling Commands on page 699 Authentication Commands on page 705 General Security Measures on page 755 Access Control Lists on page 801 Interface Commands on page 823 Link Aggr...

Страница 608: ...face LLDP Commands on page 1015 Domain Name Service Commands on page 1033 DHCP Commands on page 1043 VRRP Commands on page 1061 IP Interface Commands on page 1071 IP Routing Commands on page 1109 Mult...

Страница 609: ...le prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI d...

Страница 610: ...Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated...

Страница 611: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Страница 612: ...tion hosts Host information interfaces Shows interface information ip IP information ipv6 IPv6 information lacp LACP statistics line TTY line information lldp LLDP log Log records logging Logging sett...

Страница 613: ...keyword with a question mark alternatives that match the initial letters are provided Remember not to leave a space between the command and question mark For example s shows all the keywords starting...

Страница 614: ...nge VLAN Database You must be in Privileged Exec mode to access the Global configuration mode You must be in Global Configuration mode to access any of the other configuration modes EXEC COMMANDS When...

Страница 615: ...er community Access Control List Configuration These commands are used for packet filtering Class Map Configuration Creates a DiffServ class map for a specified traffic type IGMP Profile Sets a profil...

Страница 616: ...config std acl Console config ext acl Console config mac acl 802 802 814 access list ipv6 standard access list ipv6 extended Console config std ipv6 acl 809 Console config ext ipv6 acl 810 Class Map c...

Страница 617: ...tart of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor...

Страница 618: ...lid static or dynamic addresses web authentication MAC address authentication filtering DHCP requests and replies and discarding invalid ARP responses 755 Access Control List Provides filtering for IP...

Страница 619: ...relay and server functions 1043 Router Redundancy Configures router redundancy to create primary and backup routers 1061 IP Interface Configures IP address for the switch interfaces also configures A...

Страница 620: ...618 CHAPTER 23 Using the Command Line Interface CLI Command Groups...

Страница 621: ...urns to normal mode from privileged mode PE reload Restarts the system immediately PE show reload Displays the current reload settings and the time at which PE next scheduled reload will take place en...

Страница 622: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 623: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 624: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verifi...

Страница 625: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 626: ...ded to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 621 reload Privileged Exec This command restarts the system NO...

Страница 627: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 628: ...s EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Us...

Страница 629: ...or switch configuration files Line Sets communication parameters for the serial port including baud rate and console time out Event Logging Controls logging of error messages SMTP Alerts Configures SM...

Страница 630: ...Commands Command Function Mode show memory Shows memory utilization parameters NE PE show process cpu Shows CPU utilization parameters NE PE show running config Displays the configuration data curren...

Страница 631: ...onfiguration information currently in use COMMAND MODE Privileged Exec COMMAND USAGE Use this command in conjunction with the show startup config command to compare the information in running memory t...

Страница 632: ...kingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac snmp server community public ro snmp server community private rw snmp server enable traps authen...

Страница 633: ...vels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for VLANs La...

Страница 634: ...formation System Up Time 0 days 0 hours 21 minutes and 47 6 seconds System Name System Location System Contact MAC Address Unit 1 00 00 E8 93 82 A0 Web Server Enabled Web Server Port 80 Web Secure Ser...

Страница 635: ...4 192 168 0 61 Console show version This command displays hardware and software version information for the system COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE See Displaying Switch Hardware...

Страница 636: ...mes on Gigabit Ethernet ports up to 9216 bytes Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process prot...

Страница 637: ...LE MANAGEMENT Managing Firmware Firmware can be uploaded and downloaded to or from an FTP TFTP server By saving runtime code to a file on an FTP TFTP server that file can later be downloaded to the sw...

Страница 638: ...onfiguration to or PE from flash memory or an FTP TFTP server delete Deletes a file or code image PE dir Displays a list of files in flash memory PE whichboot Displays the files booted PE boot system...

Страница 639: ...certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See Secure Shell on page 732 running config Keywo...

Страница 640: ...et as the default user name EXAMPLE The following example shows how to download new firmware from a TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opco...

Страница 641: ...certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y This example shows how to copy a public key used by SSH from an TFTP se...

Страница 642: ...LE This example shows how to delete the test2 cfg configuration file from flash memory Console delete test2 cfg Console RELATED COMMANDS dir 640 delete public key 737 dir This command displays a list...

Страница 643: ...file was last modified Size The length of the file in bytes EXAMPLE The following example shows how to display all file information Console dir File Name Type Startup Modify Time Size bytes Unit 1 EC...

Страница 644: ...H connections authorization exec Applies an authorization method to local console LC Telnet or SSH connections databits Sets the number of data bits per character that are LC interpreted and generated...

Страница 645: ...own as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections EXAMPLE To enter console line mode enter the following comman...

Страница 646: ...input is detected Use the no form to restore the default SYNTAX exec timeout seconds no exec timeout seconds Integer that specifies the timeout interval Range 0 65535 seconds 0 no timeout DEFAULT SETT...

Страница 647: ...mmand When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default sett...

Страница 648: ...h as terminals and modems often require a specific parity bit setting EXAMPLE To specify no parity enter this command Console config line parity none Console config line password This command specifie...

Страница 649: ...There is no need for you to manually configure encrypted passwords EXAMPLE Console config line password 0 secret Console config line RELATED COMMANDS login 645 password thresh 647 password thresh Thi...

Страница 650: ...ilent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 30 seconds DEFAULT SETTING The default value is no silent time COMMAND MODE Line Configurati...

Страница 651: ...ption the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accordingly EXAMPLE To specify 57600 bps enter this command Console config line speed...

Страница 652: ...minated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the defa...

Страница 653: ...nal for remote console access i e Telnet DEFAULT SETTING Shows all lines COMMAND MODE Normal Exec Privileged Exec EXAMPLE To show all lines enter this command Console show line Console Configuration P...

Страница 654: ...om the logging buffer PE show log Displays log messages PE show logging Displays the state of logging PE logging facility This command sets the facility type for remote logging of syslog messages Use...

Страница 655: ...Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning...

Страница 656: ...wed is five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of error messages sending debug or error messages to a logging process The no form disa...

Страница 657: ...le on page 653 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Global Configuration COMMAND USAGE Using this command with a specified level enabl...

Страница 658: ...ry stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE The following examp...

Страница 659: ...ging is enabled the message level for flash memory is errors i e default level 3 0 and the message level for RAM is debugging i e default level 7 0 Console show logging flash Syslog logging Enabled Hi...

Страница 660: ...threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address of syslog servers as specified in the logging host command RELATE...

Страница 661: ...ng DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server To s...

Страница 662: ...ND MODE Global Configuration COMMAND USAGE The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7...

Страница 663: ...default value SYNTAX logging sendmail source email email address no logging sendmail source email email address The source email address used in alert messages Range 1 41 characters DEFAULT SETTING N...

Страница 664: ...mmands Command Function Mode SNTP Commands sntp client Accepts time from specified time servers GC sntp poll Sets the interval at which the client polls for time GC sntp server Specifies one or more t...

Страница 665: ...erver 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current Time Dec 23 02 52 44 2002 Poll Interval 60 Current Mode unicast SNTP Status Enabled...

Страница 666: ...command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received I...

Страница 667: ...13 hours after UTC minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of UTC DEFAULT SET...

Страница 668: ...Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE...

Страница 669: ...he time range for the periodic execution of a TR command show time range Shows configured time ranges PE time range This command specifies the name of a time range and enters time range configuration...

Страница 670: ...me Range Configuration COMMAND USAGE If a time range is already configured you must use the no form of this command to remove the current entry prior to configuring a new time range EXAMPLE This examp...

Страница 671: ...ple configures a time range for the periodic occurrence of an event Console config time range sales Console config time range periodic daily 1 1 to 2 1 Console config time range show time range This c...

Страница 672: ...670 CHAPTER 25 System Management Commands Time Range...

Страница 673: ...Command Function Mode General SNMP Commands snmp server Enables the SNMP agent GC snmp server community Sets up the community access string to permit GC access to SNMP commands snmp server contact Se...

Страница 674: ...server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config snmp server Console config snmp server community This command defines community access strings used to authoriz...

Страница 675: ...Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 charac...

Страница 676: ...t and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication Enabl...

Страница 677: ...In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down...

Страница 678: ...econds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string...

Страница 679: ...at informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to...

Страница 680: ...ies an SNMP engine on a remote device ip address The Internet address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters DEFAULT SETTING A unique e...

Страница 681: ...gineID remote 9876543210 192 168 1 19 Console config RELATED COMMANDS snmp server host 676 snmp server group This command adds an SNMP group mapping SNMP users to SNMP views Use the no form to remove...

Страница 682: ...rithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages support...

Страница 683: ...password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with pri...

Страница 684: ...onfig snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config snmp server user mark group r d remote 192 168 1 19 v3 auth md5 greenpeace priv des56 einstien Console...

Страница 685: ...show snmp engine id This command shows the SNMP engine ID COMMAND MODE Privileged Exec EXAMPLE This example shows the default engine ID Console show snmp engine id Local SNMP EngineID 8000002a8000000...

Страница 686: ...latile Row Status active Group Name public Security Model v2c Read View defaultview Write View No writeview specified Notify View No notifyview specified Storage Type volatile Row Status active Group...

Страница 687: ...torage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status act...

Страница 688: ...n View Name Name of an SNMP view Subtree OID A branch in the MIB tree View Type Indicates if the view is included or excluded Storage Type The storage type for this entry Row Status The row status of...

Страница 689: ...rameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a mechanism...

Страница 690: ...ntain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network management station...

Страница 691: ...s command displays the configured notification logs COMMAND MODE Privileged Exec EXAMPLE This example displays the configured notification logs and associated target hosts Console show snmp notify fil...

Страница 692: ...690 CHAPTER 26 SNMP Commands...

Страница 693: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 694: ...ue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 1 65535 event index The index of the event to use if an alarm is triggered If there...

Страница 695: ...Log messages are processed based on the current configuration settings for event logging see Event Logging on page 652 trap Sends a trap message to all configured trap managers see snmp server host o...

Страница 696: ...o rmon collection history index index Index to this entry Range 1 65535 number The number of buckets requested for this entry Range 1 65536 seconds The polling interval Range 1 3600 seconds name Name...

Страница 697: ...on who created this entry Range 1 127 characters DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE By default each index number equates to a port on the swich but can...

Страница 698: ...ed by steve Description is for r d Event firing causes log and trap to community public last fired 00 00 00 Console show rmon history This command shows the sampling parameters configured for each ent...

Страница 699: ...atistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372 packets 120 broadcast and 2211 multicast packets 0 undersized and 0 oversized packets 0...

Страница 700: ...698 CHAPTER 27 Remote Monitoring Commands...

Страница 701: ...ze of the sFlow datagram IC payload sflow max header size Configures the maximum size of the sFlow datagram IC header sflow owner Configures the name of the receiver IC sflow sample Configures the pac...

Страница 702: ...the default UDP port Console config interface ethernet 1 9 Console config if sflow destination ipv4 192 168 0 4 Console config if sflow max datagram size This command configures the maximum size of th...

Страница 703: ...Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 9 Console config if sflow max header size 256 Console config if sflow owner This command configures the name of the receiv...

Страница 704: ...guration Ethernet EXAMPLE This example sets the sample rate to 1 out of every 100 packets Console config interface ethernet 1 9 Console config if sflow sample 100 Console config if sflow source This c...

Страница 705: ...cates no time out DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE The sFlow parameters affected by this command include the sampling interval the receiver s name a...

Страница 706: ...ec EXAMPLE Console show sflow interface ethernet 1 9 Interface of Ethernet 1 9 Interface status Enabled Owner name Lamar Owner destination 192 168 0 4 Owner socket port 6343 Time out 9994 Maximum head...

Страница 707: ...ork access Web Server Enables management access via a web browser Telnet Server Enables management access via Telnet Secure Shell Provides secure replacement for Telnet 802 1X Port Authentication Conf...

Страница 708: ...el Maximum length 8 characters plain text 32 encrypted case sensitive DEFAULT SETTING The default is level 15 The default password is super COMMAND MODE Global Configuration COMMAND USAGE You cannot s...

Страница 709: ...s encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive DEFAULT SETTING The default access level is Normal Ex...

Страница 710: ...hentication enable local Use local password only radius Use RADIUS server password only tacacs Use TACACS server password DEFAULT SETTING Local COMMAND MODE Global Configuration COMMAND USAGE RADIUS u...

Страница 711: ...le TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client t...

Страница 712: ...lient Commands Command Function Mode radius server acct port Sets the RADIUS server network port GC radius server auth port Sets the RADIUS server network port GC radius server host Specifies the RADI...

Страница 713: ...RADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a specified server or to restore the default values SYNTAX no radius server index host h...

Страница 714: ...Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 port 181 timeout 10 retransmit 5 key green Console config radius server key This command sets the RADIUS encryption key Us...

Страница 715: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Страница 716: ...e TACACS CLIENT Terminal Access Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on t...

Страница 717: ...ess for the client Do not use blank spaces in the string Maximum length 48 characters port number TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 10 11 12 13 COMM...

Страница 718: ...tring Maximum length 48 characters DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config tacacs server key green Console config tacacs server port This command specifies the TA...

Страница 719: ...quire the use of configured RADIUS or TACACS servers in the network Table 63 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x...

Страница 720: ...ng method for service requests method name Specifies an accounting method for service requests Range 1 255 characters start stop Records accounting from starting point and stopping point group Specifi...

Страница 721: ...s accounting from starting point and stopping point group Specifies the server group to use radius Specifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS...

Страница 722: ...pecifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS hosts configure with the tacacs server host command server group Specifies the name of a server grou...

Страница 723: ...interim interval enables updates but does not change the current interval setting EXAMPLE Console config aaa accounting update periodic 30 Console config aaa authorization exec This command enables t...

Страница 724: ...zation type applies except those that have a named method explicitly defined EXAMPLE Console config aaa authorization exec default group tacacs Console config aaa group server Use this command to name...

Страница 725: ...host command When specifying the index for a TACACS server that server index must already be defined by the tacacs server host command EXAMPLE Console config aaa group server radius tps Console confi...

Страница 726: ...the aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console config line exit Console config...

Страница 727: ...me interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable command level dot1x Displays dot1x ac...

Страница 728: ...nterface ip http server Allows the switch to be monitored or configured from GC a browser ip http secure server Enables HTTPS HTTP SSL for encrypted GC communications ip http secure port Specifies the...

Страница 729: ...631 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web in...

Страница 730: ...Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS Table 65 HTTPS System Support Web Browser Operating System Internet Explorer 5 0 or later Windows 98...

Страница 731: ...nnect to the HTTPS server must specify the port number in the URL in this format https device port_number EXAMPLE Console config ip http secure port 1000 Console config RELATED COMMANDS ip http secure...

Страница 732: ...on count no ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 4 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of four ses...

Страница 733: ...Use the no form to disable this function SYNTAX no ip telnet server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip telnet server Console config show ip telnet This...

Страница 734: ...rypto zeroize Clear the host key from RAM PE ip ssh save host key Saves the host key from RAM to flash memory PE show ip ssh Displays the status of the SSH server and the PE configured values for auth...

Страница 735: ...he public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch with the username command The clients are subsequently a...

Страница 736: ...he challenge string computes the MD5 checksum and sends the checksum back to the switch e The switch compares the checksum sent from the client against that computed for the original string it sent If...

Страница 737: ...tires 2 Console config RELATED COMMANDS show ip ssh 739 ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service SYNTAX no ip ssh server DE...

Страница 738: ...y size key size The size of server key Range 512 896 bits DEFAULT SETTING 768 bits COMMAND MODE Global Configuration COMMAND USAGE The server key is a private key that is never shared outside the swit...

Страница 739: ...config RELATED COMMANDS exec timeout 644 show ip ssh 739 delete public key This command deletes the specified user s public key SYNTAX delete public key username dsa rsa username Name of an SSH user...

Страница 740: ...you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to...

Страница 741: ...ey from RAM to flash memory SYNTAX ip ssh save host key DEFAULT SETTING Saves both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console ip ssh save host key dsa Console RELATED COMMANDS ip...

Страница 742: ...last string is the encoded modulus EXAMPLE Console show public key host Host RSA 1024 65537 13236940658254764031382795526536375927835525327972629521130241 071942106165575942459093923609695405036277525...

Страница 743: ...submit credentials for authentication Client authentication is controlled centrally by a RADIUS server using EAP Extensible Authentication Protocol Table 69 802 1X Port Authentication Commands Comman...

Страница 744: ...dot1x Shows all dot1x related information PE dot1x default This command sets all configurable dot1x global and port settings to their default values COMMAND MODE Global Configuration EXAMPLE Console...

Страница 745: ...E 802 1X port authentication globally on the switch Use the no form to restore the default SYNTAX no dot1x system auth control DEFAULT SETTING Disabled COMMAND MODE Global Configuration EXAMPLE Consol...

Страница 746: ...Console config if dot1x intrusion action guest vlan Console config if dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the...

Страница 747: ...ws multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAGE The max count parameter specified by this co...

Страница 748: ...T force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enable...

Страница 749: ...fault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console config...

Страница 750: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Страница 751: ...ce SYNTAX dot1x re authenticate interface interface ethernet unit port unit Stack unit Range 1 port Port number EC S4626F 1 26 EC S4650F 1 50 COMMAND MODE Privileged Exec COMMAND USAGE The re authenti...

Страница 752: ...Type Administrative state for port access control Enabled Authenticator or Supplicant Operation Mode Allows single or multiple hosts page 745 Control Mode Dot1x port control mode page 746 Authorized A...

Страница 753: ...ackend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response...

Страница 754: ...tifier 0 Authenticator PAE State Machine State Authenticated Reauth Count 0 Current Identifier 3 Backend State Machine State Idle Request Count 0 Identifier Server 2 Reauthentication State Machine Sta...

Страница 755: ...invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access r...

Страница 756: ...resses for all groups http client Displays IP addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Displays IP addresses for the Telnet group COMMAND MODE Pri...

Страница 757: ...secure addresses for a port 802 1X Port Authentication Configures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authen...

Страница 758: ...cally take action by disabling the port and sending a trap message Table 72 Management IP Filter Commands Command Function Mode mac address table static Maps a static address to a port in a VLAN GC ma...

Страница 759: ...to restore the default settings for a response to security violation or for the maximum number of allowed addresses SYNTAX port security action shutdown trap trap and shutdown max mac count address co...

Страница 760: ...mmand to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the follo...

Страница 761: ...s guest vlan Specifies the guest VLAN IC network access link detection Enables the link detection feature IC network access link detection link down Configures the link detection feature to detect and...

Страница 762: ...ured by the MAC Address Authenticataion process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host...

Страница 763: ...g network access mac filter 1 mac address 11 22 33 44 55 66 Console config mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re authent...

Страница 764: ...p name service policy in p1 Rate Limit rate limit input rate rate limit input 100 Kbps 802 1p switchport priority default value switchport priority default 2 When the last user logs off of a port with...

Страница 765: ...VLAN configuration or they are treated as an authentication failure If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still tre...

Страница 766: ...be effective see the dot1x intrusion action command EXAMPLE Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if network access link detection Use thi...

Страница 767: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Страница 768: ...ponse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAN...

Страница 769: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Страница 770: ...Type attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter...

Страница 771: ...ce Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addre...

Страница 772: ...it port unit Stack unit Range 1 port Port number Range 1 26 50 DEFAULT SETTING Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface ether...

Страница 773: ...e 1 port Port number Range 1 26 50 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit mask...

Страница 774: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user nam...

Страница 775: ...uth Displays global web authentication parameters PE show web auth interface Displays interface specific web authentication PE parameters and statistics show web auth summary Displays a summary of web...

Страница 776: ...D MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid...

Страница 777: ...h and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web auth This command enables web aut...

Страница 778: ...ged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Failed to reauth Console web auth re authenticate IP This command ends the web authentication session associated with the desig...

Страница 779: ...pts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfac...

Страница 780: ...nction Mode ip dhcp snooping Enables DHCP snooping globally GC ip dhcp snooping database flash Writes all dynamically learned snooping entries to GC flash memory ip dhcp snooping information option En...

Страница 781: ...ltered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port ident...

Страница 782: ...trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both trusted and untrusted ports in the same VLAN If the DHCP snooping is globally...

Страница 783: ...n option DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server Known...

Страница 784: ...aying it keep Retains the Option 82 information in the client request and forwards the packets to trusted ports replace Replaces the Option 82 information circuit id and remote id fields in the client...

Страница 785: ...packet is dropped EXAMPLE This example enables MAC address verification Console config ip dhcp snooping verify mac address Console config RELATED COMMANDS ip dhcp snooping 779 ip dhcp snooping vlan 78...

Страница 786: ...ed Use the no form to restore the default setting SYNTAX no ip dhcp snooping trust DEFAULT SETTING All interfaces are untrusted COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE...

Страница 787: ...lient request to the DHCP server must be configured as trusted EXAMPLE This example sets port 5 to untrusted Console config interface ethernet 1 5 Console config if no ip dhcp snooping trust Console c...

Страница 788: ...le DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Address enable Interface Trusted Eth 1 1 No Eth 1 2 No Eth 1 3 No Eth 1 4 No Eth 1 5...

Страница 789: ...raffic based IC on source IP address or source IP address and corresponding MAC address ip source guard max binding Sets the maximum number of entries that can be IC bound to an interface show ip sour...

Страница 790: ...ed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an entry with same VLAN ID and M...

Страница 791: ...d port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC addr...

Страница 792: ...uard if enabled on an interface for which IP source bindings dynamically learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except...

Страница 793: ...inding 1 Console config if show ip source guard This command shows whether source guard is enabled or disabled on each interface COMMAND MODE Privileged Exec EXAMPLE Console show ip source guard Inter...

Страница 794: ...hosts with statically configured IP addresses This section describes commands used to configure ARP Inspection Table 78 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Ins...

Страница 795: ...ose VLANs where it has been enabled with the ip arp inspection vlan command When ARP Inspection is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are r...

Страница 796: ...not checked DEFAULT SETTING ARP ACLs are not bound to any VLAN Static mode is not enabled COMMAND MODE Global Configuration COMMAND USAGE ARP ACLs are configured with the commands described on page 3...

Страница 797: ...logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VLAN the port...

Страница 798: ...e target IP addresses are checked only in ARP responses src mac Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP...

Страница 799: ...gine and their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs When ARP Inspec...

Страница 800: ...pted from ARP Inspection Use the no form to restore the default setting SYNTAX no ip arp inspection trust DEFAULT SETTING Untrusted COMMAND MODE Interface Configuration Port COMMAND USAGE Packets arri...

Страница 801: ...interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 COMMAND MODE Privileged Exec EXAMPLE Console show ip arp inspection interface ethernet 1 1 Port...

Страница 802: ...AC address 0 ARP packets dropped by additional validation destination MAC address 0 ARP packets dropped by additional validation IP address 0 ARP packets dropped by ARP ACLs 0 ARP packets dropped by D...

Страница 803: ...CLs Configures ACLs based on ARP messages addresses ACL Information Displays ACLs and associated rules shows ACLs assigned to each port IPV4 ACLS The commands in this section configure ACLs based on I...

Страница 804: ...er more specific criteria acl name Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you crea...

Страница 805: ...one COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated by a...

Страница 806: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Страница 807: ...tmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedenc...

Страница 808: ...0 255 255 255 0 any destination port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 1...

Страница 809: ...ccess list 807 Time Range 667 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP access l...

Страница 810: ...ackets matching a specified source IPv6 address IPv6 STD ACL permit deny Filters packets meeting the specified criteria including destination IPv6 address DSCP traffic class next header type and flow...

Страница 811: ...dard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address pref...

Страница 812: ...rmit deny any destination ipv6 address prefix length dscp dscp flow label flow label next header next header time range time range name any Any IP address an abbreviation for the IPv6 prefix 0 destina...

Страница 813: ...handling might be conveyed to the routers by a control protocol such as a resource reservation protocol or by information within the flow s packets themselves e g in a hop by hop option A flow is uni...

Страница 814: ...ext ipv6 acl permit 2009 DB9 2229 79 48 flow label 43 Console config ext ipv6 acl RELATED COMMANDS access list ipv6 808 Time Range 667 show ipv6 access list This command displays the rules for config...

Страница 815: ...DE Interface Configuration Ethernet COMMAND USAGE A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding wi...

Страница 816: ...group Binds a MAC ACL to a port IC show mac access group Shows port assignments for MAC ACLs PE show mac access list Displays the rules for configured MAC ACLs PE access list mac This command adds a...

Страница 817: ...bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask NOTE The default is for Ethernet II packets permit deny tagged eth2 any host source sou...

Страница 818: ...s bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source...

Страница 819: ...MANDS access list mac 814 Time Range 667 mac access group This command binds a MAC ACL to a port Use the no form to remove the port SYNTAX mac access group acl name in time range time range name acl n...

Страница 820: ...face ethernet 1 5 MAC access list M5 in Console RELATED COMMANDS mac access group 817 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name...

Страница 821: ...ccess list Displays the rules for configured ARP ACLs PE access list arp This command adds an ARP access list and enters ARP ACL configuration mode Use the no form to remove the specified ACL SYNTAX n...

Страница 822: ...response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac de...

Страница 823: ...mac any any Console config mac acl RELATED COMMANDS access list arp 819 show arp access list This command displays the rules for configured ARP ACLs SYNTAX show arp access list acl name acl name Name...

Страница 824: ...XAMPLE Console show access group Interface ethernet 1 2 IP access list david MAC access list jerry Console show access list This command shows all ACLs and associated rules COMMAND MODE Privileged Exe...

Страница 825: ...ombination ports IC negotiation Enables autonegotiation of a given interface IC shutdown Disables an interface IC speed duplex Configures the speed and duplex operation of a given IC interface when au...

Страница 826: ...Port number Range 1 26 50 port channel channel id Range 1 32 vlan vlan id Range 1 4093 DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE To specify port 4 enter the following command Cons...

Страница 827: ...s 1 Gbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps hal...

Страница 828: ...ntrol 827 description This command adds a description to an interface Use the no form to remove the description SYNTAX description string no description string Comment or a description to help you rem...

Страница 829: ...low control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable a...

Страница 830: ...MMAND MODE Interface Configuration Ethernet Ports 21 24 on the EC S4626F and 45 48 on the EC S4650F EXAMPLE This forces the switch to use the built in RJ 45 port for the combination port 25 Console co...

Страница 831: ...interface ethernet 1 11 Console config if negotiation Console config if RELATED COMMANDS capabilities 825 speed duplex 830 shutdown This command disables an interface To restart a disabled interface u...

Страница 832: ...for auto negotiation COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish...

Страница 833: ...rate falls back down beneath the threshold Using both rate limiting and storm control on the same interface may lead to unexpected results For example suppose broadcast storm control is set to 500 pps...

Страница 834: ...played statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the l...

Страница 835: ...ti cast Input 1342 Multi cast Output 210 Broadcast Input 2 Broadcast Output Ether like Stats 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 D...

Страница 836: ...ws the status for all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displayed For a description of the items displayed...

Страница 837: ...OMMAND USAGE If no interface is specified information on all interfaces is displayed EXAMPLE This example shows the configuration setting for port 21 Console show interfaces switchport ethernet 1 21 I...

Страница 838: ...col is enabled or disabled page 888 Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged page 894 Forbidden VLAN Shows the VLANs this interface can...

Страница 839: ...al Wavelength 1310 nm Baud Rate 1300 MBd Vendor OUI 00 00 00 Vendor Name DELTA Vendor PN LCP 1250B4QDRT Vendor Rev 000 Vendor SN 0000070904100004 Date Code 07 03 02 Temperature 56 degrees C Vcc 3 33 V...

Страница 840: ...Internal loopback test succeeded Console show loop internal This command shows the results of a loop back test SYNTAX show loop internal interface interface interface ethernet unit port unit Stack un...

Страница 841: ...r the trunk channel group Adds a port to a trunk IC Ethernet Dynamic Configuration Commands lacp Configures LACP for the current interface IC Ethernet lacp admin key Configures a port s administration...

Страница 842: ...it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key...

Страница 843: ...ssigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same tar...

Страница 844: ...f an aggregate link key The port admin key must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 DEFAULT SETTING 0 COMMAND MODE Interface Configurati...

Страница 845: ...guration Ethernet COMMAND USAGE Setting a lower value indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed...

Страница 846: ...switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP...

Страница 847: ...he interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3...

Страница 848: ...low Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU...

Страница 849: ...ciated with a compatible Aggregator and the identity of the Link Aggregation Group is consistent with the System ID and operational Key information transmitted Aggregation The system considers this li...

Страница 850: ...s of the partner s state parameters See preceding table Console show lacp sysid Port Channel System Priority System MAC Address 1 32768 00 30 F1 8F 2C A7 2 32768 00 30 F1 8F 2C A7 3 32768 00 30 F1 8F...

Страница 851: ...T MIRRORING COMMANDS This section describes how to mirror traffic from a source port to a target port Table 93 Mirror Port Commands Command Function Mode port monitor show port monitor Configures a mi...

Страница 852: ...nitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor p...

Страница 853: ...ation port and mirror mode i e RX TX RX TX EXAMPLE The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Co...

Страница 854: ...CHAPTER 34 Port Mirroring Commands Local Port Mirroring Commands 852...

Страница 855: ...defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled SYNTAX rate limit inpu...

Страница 856: ...therefore not advisable to use both of these commands on the same interface Rate limits are not supported for the 10 Gigabit Ethernet ports EXAMPLE Console config interface ethernet 1 1 Console config...

Страница 857: ...ess table Displays entries in the bridge forwarding PE database show mac address table aging time Shows the aging time for the address table PE show mac address table count Shows the number of MAC add...

Страница 858: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Страница 859: ...classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask B...

Страница 860: ...face MAC Address VLAN Type Life Time Eth 1 1 00 E0 29 94 34 DE 1 Config Delete on Reset Eth 1 21 00 01 EC F8 D8 D9 1 Learn Delete on Timeout Console show mac address table aging time This command show...

Страница 861: ...d in the system Total Number of MAC Address 16384 Number of Static MAC Address 1024 Current number of entries which have been created in the system Total Number of MAC Address 2 Number of Static MAC A...

Страница 862: ...860 CHAPTER 36 Address Table Commands...

Страница 863: ...e maximum number of hops allowed in the region before a BPDU is discarded MST mst priority Configures the priority of a spanning tree instance MST mst vlan Adds VLANs to a spanning tree instance MST n...

Страница 864: ...le spanning tree show spanning tree mst configuration Shows the multiple spanning tree configuration PE spanning tree This command enables the Spanning Tree Algorithm globally for the switch Use the n...

Страница 865: ...evice must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discard...

Страница 866: ...of 40 or 2 x forward time 1 DEFAULT SETTING 20 seconds COMMAND MODE Global Configuration COMMAND USAGE This command sets the maximum time in seconds a device can wait without receiving a configuration...

Страница 867: ...P supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP M...

Страница 868: ...method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535...

Страница 869: ...selecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority the devic...

Страница 870: ...ole config spanning tree transmission limit 4 Console config max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to restore the default...

Страница 871: ...panning tree instance Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 DEFAULT SETTING 32768 COMMAND MODE MST Configurat...

Страница 872: ...allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST regi...

Страница 873: ...on This command configures the revision number for this multiple spanning tree configuration of this switch Use the no form to restore the default SYNTAX revision number number Revision number of the...

Страница 874: ...ng port connected to another switch or bridging device is mistakenly configured as an edge port and BPDU filtering is enabled on this port this might cause a loop in the spanning tree Before enabling...

Страница 875: ...thernet ethernet 1 5 Console config if spanning tree edge port Console config if spanning tree bpdu guard Console config if RELATED COMMANDS spanning tree edge port 874 spanning tree spanning disabled...

Страница 876: ...et 1 000 1 000 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower v...

Страница 877: ...panning tree edge port Console config if spanning tree link type This command configures the link type for Rapid Spanning Tree and Multiple Spanning Tree Use the no form to restore the default SYNTAX...

Страница 878: ...BPDU according to IEEE Standard 802 1W 2001 9 3 4 Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch EXAMPLE Console config interface ethernet 1 5 Console co...

Страница 879: ...Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch When configured for manual release mode then a link down up event will not release the port from the discar...

Страница 880: ...auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 The default path costs...

Страница 881: ...ple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Wh...

Страница 882: ...ort Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch receiv...

Страница 883: ...PLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree loopback detect...

Страница 884: ...rt number Range 1 26 50 port channel channel id Range 1 32 COMMAND MODE Privileged Exec COMMAND USAGE If at any time the switch detects STP BPDUs including Configuration or Topology Change Notificatio...

Страница 885: ...d for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tre...

Страница 886: ...1 Designated Root 32768 0 0001ECF8D8C6 Designated Bridge 32768 0 123412341234 Fast Forwarding Disabled Forward Transitions 4 Admin Edge Port Disabled Oper Edge Port Disabled Admin Link Type Auto Oper...

Страница 887: ...rfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addre...

Страница 888: ...chport forbidden vlan Configures forbidden VLANs for an interface IC switchport gvrp Enables GVRP for an interface IC show bridge ext Shows the global bridge extension configuration PE show garp timer...

Страница 889: ...SAGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepe...

Страница 890: ...ING No VLANs are included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified in...

Страница 891: ...onsole show bridge ext Maximum Supported VLAN Numbers 4093 Maximum Supported VLAN ID 4093 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurable PVID...

Страница 892: ...rface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel channel id Range 1 32 DEFAULT SETTING Shows both global and interface specific configuration COMM...

Страница 893: ...ou can display this file by entering the show running config command EXAMPLE Console config vlan database Console config vlan RELATED COMMANDS show vlan 899 vlan This command configures a VLAN Use the...

Страница 894: ...URING VLAN INTERFACES Table 102 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified GC VLAN switchport acceptable frame ty...

Страница 895: ...configuration for the desired VLAN enter any Layer 3 configuration commands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command EXAM...

Страница 896: ...ace Use the no form to restore the default SYNTAX switchport allowed vlan add vlan list tagged untagged remove vlan list no switchport allowed vlan add vlan list List of VLAN identifiers to add remove...

Страница 897: ...and 6 to the allowed list as tagged VLANs for port 1 Console config interface ethernet 1 1 Console config if switchport allowed vlan add 1 2 5 6 tagged Console config if switchport ingress filtering...

Страница 898: ...or untagged frames trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that fra...

Страница 899: ...d to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all o...

Страница 900: ...AN trunking ports The following restrictions apply to this feature VLAN trunking can only be enabled on Gigabit Ethernet ports or trunks VLAN trunking is mutually exclusive with the access switchport...

Страница 901: ...SYNTAX show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan n...

Страница 902: ...id Sets the Tag Protocol Identifier TPID value of a IC tunnel port show dot1q tunnel Displays the configuration of QinQ tunnel ports PE show interfaces switchport Displays port QinQ operational status...

Страница 903: ...nnel control This command sets the switch to operate in QinQ mode Use the no form to disable QinQ operating mode SYNTAX no dot1q tunnel system tunnel control DEFAULT SETTING Disabled COMMAND MODE Glob...

Страница 904: ...d the packet passed on to the VLAN indicated by the inner tag If no inner tag is found the packet is passed onto the native VLAN defined for the uplink port EXAMPLE Console config interface ethernet 1...

Страница 905: ...itch will be set to the same ethertype EXAMPLE Console config interface ethernet 1 1 Console config if switchport dot1q tunnel tpid 9100 Console config if RELATED COMMANDS show interfaces switchport 8...

Страница 906: ...traffic segmentation uplink interface list downlink interface list uplink Specifies an uplink interface downlink Specifies a downlink interface DEFAULT SETTING Disabled globally No segmented port grou...

Страница 907: ...vide port based security and isolation of local ports contained within different private VLAN groups This switch supports two types of private VLANs primary and community groups A primary VLAN contain...

Страница 908: ...mation show vlan private vlan Shows private VLAN information NE PE To configure private VLANs follow these steps 1 Use the private vlan command to designate one or more community VLANs and the primary...

Страница 909: ...etween community VLANs and other locations DEFAULT SETTING None COMMAND MODE VLAN Configuration COMMAND USAGE Private VLANs are used to restrict traffic to ports within the same community and channel...

Страница 910: ...provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports...

Страница 911: ...itchport private vlan host association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association SYNTAX switchport private vlan host association secon...

Страница 912: ...o a primary VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs EXAMPLE Console config interface ethernet 1 2 Consol...

Страница 913: ...on the protocol type in use by the inbound packets Table 107 Protocol based VLAN Commands Command Function Mode protocol vlan protocol group Create a protocol group specifying the supported GC protoc...

Страница 914: ...MMAND MODE Global Configuration EXAMPLE The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame type...

Страница 915: ...ames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the d...

Страница 916: ...for the selected interfaces SYNTAX show interfaces protocol vlan protocol group interface interface ethernet unit port unit Stack unit Range 1 port Port number ES3526MA 1 26 ES4524MA 1 24 port channe...

Страница 917: ...vlan This command configures IP Subnet VLAN assignments Use the no form to remove an IP subnet to VLAN assignment SYNTAX subnet vlan subnet ip address mask vlan vlan id priority priority no subnet vla...

Страница 918: ...24 vlan 4 Console config show subnet vlan This command displays IP Subnet VLAN assignments COMMAND MODE Privileged Exec COMMAND USAGE Use this command to display subnet to VLAN mappings The last match...

Страница 919: ...Defines the IP Subnet VLANs Displays IP Subnet VLAN settings GC PE mac vlan This command configures MAC address to VLAN mapping Use the no form to remove an assignment SYNTAX mac vlan mac address mac...

Страница 920: ...ddress VLAN ID Priority 00 00 00 11 22 33 10 0 Console CONFIGURING VOICE VLANS The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic VoIP traffic ca...

Страница 921: ...e over IP VoIP network traffic from other data traffic Traffic isolation helps prevent excessive packet delays packet loss and jitter which results in higher voice quality This is best achieved by ass...

Страница 922: ...gures the Voice VLAN aging time as 3000 minutes Console config voice vlan aging 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Us...

Страница 923: ...Telephony list Console config voice vlan mac address 00 12 34 56 78 90 mask ff ff ff 00 00 00 description A new phone Console config switchport voice vlan This command specifies the Voice VLAN mode fo...

Страница 924: ...MMAND USAGE Specifies a CoS priority to apply to the port VoIP traffic on the Voice VLAN The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is ac...

Страница 925: ...ting VoIP traffic Console config interface ethernet 1 1 Console config if switchport voice vlan rule oui Console config if switchport voice vlan security This command enables security filtering for Vo...

Страница 926: ...tatus Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Au...

Страница 927: ...Priority Commands Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to class of service values PRIORITY COMMANDS LAYER 2 This section describes commands used to configure Layer 2 traffic...

Страница 928: ...queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below Table 1...

Страница 929: ...hted Round Robin for the rest of the queues queue type list Indicates if the queue is a normal or strict type Options 0 indicates a normal queue 1 indicates a strict queue DEFAULT SETTING Weighted Rou...

Страница 930: ...queue mode strict Console config if RELATED COMMANDS queue weight 928 show queue mode 930 queue weight This command assigns weights to the eight class of service CoS priority queues when using weighte...

Страница 931: ...r priority mapping is IP Port IP Precedence or IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e rece...

Страница 932: ...ce priority map SYNTAX show queue cos map interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel channel id Range 1 32 DEFAULT SETTING None COMMAND MODE Privi...

Страница 933: ...le show queue weight This command displays the weights used for the weighted queues SYNTAX show queue mode interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50...

Страница 934: ...IP precedence value to a class of service IC show map ip dscp Shows the IP DSCP map PE show map ip port Shows the IP port map PE show map ip precedence Shows the IP precedence map PE map ip dscp Glob...

Страница 935: ...ort priority EXAMPLE The following example shows how to enable TCP UDP port mapping globally Console config map ip port Console config map ip precedence Global Configuration This command enables IP pr...

Страница 936: ...SETTING The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Table 115 Mapping IP DSCP to CoS Values IP DSCP Value...

Страница 937: ...cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 DEFAULT SETTING None COMMAND MODE Interface Configuration Ethernet...

Страница 938: ...to CoS Values IP Precedence Value 0 1 2 3 4 5 6 7 CoS Value 0 1 2 3 4 5 6 7 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The precedence for priority mapping is IP Port IP P...

Страница 939: ...1 32 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show map ip dscp ethernet 1 1 DSCP mapping status Disabled Port DSCP CoS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1...

Страница 940: ...precedence This command shows the IP precedence priority map SYNTAX show map ip precedence interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel ch...

Страница 941: ...olicy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color m...

Страница 942: ...he matching traffic class and use one of the police commands to monitor parameters such as the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP...

Страница 943: ...ommands EXAMPLE This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd class match any Console config cmap match ip dsc...

Страница 944: ...map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qualify for this class map If a...

Страница 945: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 16 characters COMMAND MODE Class Map Configur...

Страница 946: ...to drop any violating packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set ip dscp 3 Console config pmap c police flow 10000 4000 conform action tra...

Страница 947: ...lice flow 10000 4000 conform action transmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no for...

Страница 948: ...d Burst Size The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by on...

Страница 949: ...s burst Excess burst size BE in bytes Range 4000 1600000 at a granularity of 4k bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service t...

Страница 950: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Страница 951: ...olor blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit new dscp exceed action drop new dscp violate action drop new dscp trtcm color blind Two rate th...

Страница 952: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Страница 953: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service tha...

Страница 954: ...op any violating packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set cos 3 Console config pmap c police flow 10000 4000 conform action transmit vio...

Страница 955: ...licy map defined by the policy map command to the ingress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map name input Apply to the input...

Страница 956: ...ess list rd access Match ip dscp 0 Class Map match any rd class 2 Match ip precedence 5 Class Map match any rd class 3 Match vlan 1 Console show policy map This command displays the QoS policy maps wh...

Страница 957: ...ole show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Stack unit Range 1...

Страница 958: ...956 CHAPTER 40 Quality of Service Commands...

Страница 959: ...service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicast traffic to the attached VLANs IGMP Filtering and Throttling Configures I...

Страница 960: ...n Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a version GC different to that currently configured ip igmp snooping vlan gen...

Страница 961: ...ble multicast Shows known multicast addresses PE ip igmp snooping This command enables IGMP snooping globally on the switch or on a selected VLAN interface Use the no form to disable it SYNTAX no ip i...

Страница 962: ...s IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 including report suppression last leave and query suppression Report suppression intercepts absorbs and summarizes IGMP r...

Страница 963: ...TING Disabled COMMAND MODE Global Configuration COMMAND USAGE As described in Section 9 1 of RFC 3376 for IGMP Version 3 the Router Alert Option can be used to protect against DOS attacks One common m...

Страница 964: ...flood This command enables flooding of multicast traffic if a spanning tree topology change notification TCN occurs Use the no form to disable flooding SYNTAX no ip igmp snooping tcn flood DEFAULT SE...

Страница 965: ...ot bridge sends a proxy query to quickly re learn the host membership port relations for multicast channels The root bridge also sends an unsolicited Multicast Router Discover MRD request to quickly l...

Страница 966: ...p igmp snooping tcn query solicit Console config ip igmp snooping unregistered data flood This command floods unregistered multicast traffic into the attached VLAN Use the no form to drop unregistered...

Страница 967: ...l Configuration COMMAND USAGE When a new upstream interface that is uplink port starts up the switch sends unsolicited reports for all currently learned multicast channels out through the new upstream...

Страница 968: ...xclusive This command discards any received IGMP messages except for multicast protocol packets which use a version different to that currently configured by the ip igmp snooping version command Use t...

Страница 969: ...ges are forwarded only to downstream ports which have joined a multicast service EXAMPLE Console config ip igmp snooping vlan 1 general query suppression Console config ip igmp snooping vlan immediate...

Страница 970: ...ediate leave Console config ip igmp snooping vlan last memb query count This command configures the number of IGMP proxy group specific or group and source specific query messages that are sent out be...

Страница 971: ...ved by the switch it checks to see if this host is the last to leave the group by sending out an IGMP group specific or group and source specific query message and starts a timer If no reports are rec...

Страница 972: ...timer as a part of a router s start up procedure during the restart of a multicast forwarding interface and on receipt of a solicitation message When the multicast services provided to a VLAN is relat...

Страница 973: ...placed with any valid unicast address other than the router s own address using this command EXAMPLE The following example sets the source address for proxied IGMP query messages to 10 0 1 8 Console c...

Страница 974: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4093 interval T...

Страница 975: ...AND USAGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EX...

Страница 976: ...ng global status Disabled Immediate leave Disabled Last member query interval 10 1 10s Last member query count 2 General query suppression Disabled Query interval 125 Query response interval 100 1 10s...

Страница 977: ...mmand shows known multicast addresses SYNTAX show mac address table multicast vlan vlan id user igmp snp user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast en...

Страница 978: ...id mrouter interface vlan id VLAN ID Range 1 4093 interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 50 port channel channel id Range 1 32 DEFAULT SETTING No static multi...

Страница 979: ...In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service based on a specific subscription plan The IGMP...

Страница 980: ...MODE Global Configuration COMMAND USAGE IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile...

Страница 981: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Страница 982: ...up range DEFAULT SETTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE...

Страница 983: ...p max groups number no ip igmp max groups number The maximum number of multicast groups an interface can join at the same time Range 0 64 DEFAULT SETTING 64 COMMAND MODE Interface Configuration Ethern...

Страница 984: ...itch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing g...

Страница 985: ...p profile profile number profile number An existing IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ip igmp profile IGMP Profile 19...

Страница 986: ...ocessing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN seg...

Страница 987: ...must be assigned vlan id MVR VLAN ID Range 1 4093 DEFAULT SETTING MVR is disabled No MVR group address is defined The default number of contiguous addresses is 0 MVR VLAN ID is 1 COMMAND MODE Global...

Страница 988: ...et Port Channel COMMAND USAGE Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immedia...

Страница 989: ...used to allow a receiver port to dynamically join or leave multicast groups sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to trunk mode see the switc...

Страница 990: ...FAULT SETTING No receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically assigned to a r...

Страница 991: ...Privileged Exec COMMAND USAGE Enter this command without any keywords to display the global settings for MVR Use the interface keyword to display information about interfaces attached to the MVR VLAN...

Страница 992: ...MVR status and interface status MVR status for source ports is ACTIVE if MVR is globally enabled on the switch MVR status for receiver ports is ACTIVE only if there are subscribers receiving multicast...

Страница 993: ...ables IGMP for the specified interface IC ip igmp last member query interval Configures the frequency at which to send query IC messages in response to receiving a leave message ip igmp max resp inter...

Страница 994: ...sec Last Member Query Interval 10 resolution in 0 1 sec Querier 0 0 0 0 Joined Groups Static Groups Console RELATED COMMANDS ip igmp snooping 959 show ip igmp snooping 973 ip igmp last member query in...

Страница 995: ...d to restore the default SYNTAX ip igmp max resp interval seconds no ip igmp max resp interval seconds The report delay advertised in IGMP queries Range 0 255 tenths of a second DEFAULT SETTING 100 10...

Страница 996: ...send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service Only the designated multicast router for a subnet sends host query...

Страница 997: ...o indicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the max...

Страница 998: ...multicast group will also fail if the next node up the reverse path tree has enabled the PIM SSM protocol If a static group is configured for an any source multicast G a source address cannot subseque...

Страница 999: ...he IGMP versions 1 3 If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts which are members of the group for which it heard the report If t...

Страница 1000: ...ticast group address interface vlan vlan id VLAN ID Range 1 4093 detail Displays detailed information about the multicast process and source addresses when available COMMAND MODE Privileged Exec COMMA...

Страница 1001: ...P Version 1 members on the IP subnet attached to this interface If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts present which are memb...

Страница 1002: ...one of the multicast servers transmitting traffic to the specified group Uptime The time elapsed since this entry was created v3 Exp The time remaining before this entry will be aged out The V3 label...

Страница 1003: ...ip multicast routing command to enable IP multicasting globally on the router 2 Use the ip igmp proxy command to enable IGMP proxy on the upstream interface that is attached to an upstream multicast r...

Страница 1004: ...rk then the proxy device will act as an IGMPv1 or IGMPv2 host on the upstream interface accordingly Otherwise it will act as an IGMPv3 host Multicast routing protocols are not supported on interfaces...

Страница 1005: ...es the frequency at which to send query IC messages in response to receiving a leave message ipv6 mld max resp interval Configures the maximum host response time IC ipv6 mld query interval Configures...

Страница 1006: ...al This command configures the frequency at which to send MLD group specific or MLDv2 group source specific query messages in response to receiving a group specific or group source specific leave mess...

Страница 1007: ...nds no ipv6 mld max resp interval seconds The report delay advertised in MLD queries Range 0 255 tenths of a second DEFAULT SETTING 100 10 seconds COMMAND MODE Interface Configuration VLAN COMMAND USA...

Страница 1008: ...ulticast service Only the designated multicast router for a subnet sends host query messages which are addressed to the link scope all nodes multicast address FF02 1 and uses a time to live TTL value...

Страница 1009: ...ends EXAMPLE Console config if ipv6 mld robustval 3 Console config if ipv6 mld static group This command statically binds multicast groups to a VLAN interface Use the no form to remove the static mapp...

Страница 1010: ...d on an interface Use the no form of this command to restore the default setting SYNTAX ipv6 mld version 1 2 no ipv6 mld version 1 MLD Version 1 2 MLD Version 2 DEFAULT SETTING MLD Version 2 COMMAND M...

Страница 1011: ...for the specified group Enter the interface option to delete all multicast groups for the specified interface Enter no options to clear all multicast groups from the cache EXAMPLE The following exampl...

Страница 1012: ...tly attached or downstream from the switch Interface VLAN The interface on the switch that has received traffic directed to the multicast group address Uptime The time elapsed since this entry was cre...

Страница 1013: ...w ipv6 mld interface interface interface vlan vlan id VLAN ID Range 1 4093 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE The following example shows the MLD configuration for VLAN 1 as wel...

Страница 1014: ...rface that is attached to an upstream multicast router 3 Use the ipv6 mld command to enable MLD on the downstream interfaces from which to forward MLD membership reports 4 Optional Use the ipv6 mld pr...

Страница 1015: ...on interfaces where MLD proxy service is enabled Only one upstream interface is supported on the system MLD and MLD proxy cannot be enabled on the same interface A maximum of 1024 multicast streams a...

Страница 1016: ...port interval only applies to the interface where MLD proxy has been enabled MLD and MLD proxy cannot be enabled on the same interface EXAMPLE The following example sets the interval for sending unsol...

Страница 1017: ...ng to re GC initialize after LLDP ports are disabled or the link goes down lldp tx delay Configures a delay between the successive GC transmission of advertisements initiated by a change in local LLDP...

Страница 1018: ...nfiguration settings for this device show lldp info remote device Shows LLDP global and interface specific PE configuration settings for remote devices show lldp info statistics Shows statistical coun...

Страница 1019: ...nds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Range 5 3600 seconds DEFAULT SETTING 5 seconds COMMAND MODE Global Configuration COMMAND...

Страница 1020: ...he following rule refresh interval holdtime multiplier 65536 EXAMPLE Console config lldp refresh interval 60 Console config lldp reinit delay This command configures the delay before attempting to re...

Страница 1021: ...vent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in...

Страница 1022: ...port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardw...

Страница 1023: ...udes information about the manufacturer the product name and the version of the interface hardware software EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv port descript...

Страница 1024: ...n RFC 3418 which includes the full name and version identification of the system s hardware type software operating system and networking software EXAMPLE Console config interface ethernet 1 1 Console...

Страница 1025: ...ses the protocols that are accessible through this interface EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto ident Console config if lldp dot1 tlv proto vid This...

Страница 1026: ...th which untagged or priority tagged frames are associated see the switchport native vlan command EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv pvid Console config i...

Страница 1027: ...status of the link and the 802 3 aggregated port identifier if this interface is currently a link aggregation member EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv li...

Страница 1028: ...size for this switch EXAMPLE Console config interface ethernet 1 1 Console config if lldp dot3 tlv max frame Console config if lldp notification This command enables the transmission of SNMP trap not...

Страница 1029: ...ethernet 1 1 Console config if lldp notification Console config if show lldp config This command shows LLDP configuration settings for all ports SYNTAX show lldp config detail interface detail Shows c...

Страница 1030: ...max frame Console show lldp info local device This command shows LLDP global and interface specific configuration settings for this device SYNTAX show lldp info local device detail interface detail S...

Страница 1031: ...Ethernet Port on unit 1 port 1 Console show lldp info remote device This command shows LLDP global and interface specific configuration settings for remote devices attached to an LLDP enabled port SYN...

Страница 1032: ...Aggregation Remote link aggregation capable Yes Remote link aggragation enable No Remote link aggragation port id 0 Remote Max Frame Size 1518 Console show lldp info statistics This command shows stat...

Страница 1033: ...10 11 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail PortName Eth 1 1 Frames Discarded 0 Frames Invalid 0 F...

Страница 1034: ...1032 CHAPTER 42 LLDP Commands...

Страница 1035: ...for incomplete host GC names ip host Creates a static IPv4 host name to address mapping GC ip name server Specifies the address of one or more name servers to GC use for host name to address translati...

Страница 1036: ...omain name command is used If there is a domain list the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip dom...

Страница 1037: ...192 168 1 55 10 1 0 55 Console RELATED COMMANDS ip domain name 1035 ip name server 1037 ip domain name This command defines the default domain name appended to incomplete host names i e host names pa...

Страница 1038: ...emove an entry SYNTAX no ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration CO...

Страница 1039: ...servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list is reach...

Страница 1040: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuratio...

Страница 1041: ...lear host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all static entries from the DNS table Console config clear host Console config...

Страница 1042: ...name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address as an existing entry IP Address The IP address associated with this record TTL The...

Страница 1043: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1044: ...1042 CHAPTER 43 Domain Name Service Commands...

Страница 1045: ...amically acquire IPv4 address information DHCP Relay Relays DHCP requests from local hosts to a remote DHCP server DHCP Server Configures DHCP service using address pools or static bindings DHCP CLIEN...

Страница 1046: ...rative Up Link Up Address is 12 34 12 34 12 34 bia 12 34 12 34 12 34 Index 1001 MTU 1500 Bandwidth 1g Address Mode is DHCP IP Address 192 168 0 9 Mask 255 255 255 0 Proxy ARP is disabled Console RELAT...

Страница 1047: ...ces attached to the switch Table 139 DHCP Relay Commands Command Function Mode ip dhcp relay server Specifies DHCP server addresses for relay IC ip dhcp restart relay Enables DHCP relay agent PE ip dh...

Страница 1048: ...erver will know the subnet where the client is located Then the switch forwards the packet to the DHCP server on another network When the server receives the DHCP request it allocates a free IP addres...

Страница 1049: ...t domain name Specifies the domain name for a DHCP client DC hardware address Specifies the hardware address of a DHCP client DC host Specifies the IP address and network mask to DC manually bind to a...

Страница 1050: ...ss pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool SYNTAX no ip dhcp pool name name A string or integer Range 1 8 characters DEFAULT SETTING DHCP address pools a...

Страница 1051: ...E If the DHCP server is running you must restart it to implement any configuration changes EXAMPLE Console config service dhcp Console config bootfile This command specifies the name of the default bo...

Страница 1052: ...al value DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration COMMAND USAGE This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier a...

Страница 1053: ...to two routers Routers are listed in order of preference starting with address1 as the most preferred router EXAMPLE Console config dhcp default router 10 1 0 54 10 1 0 64 Console config dhcp dns ser...

Страница 1054: ...ent Range 1 32 characters DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration EXAMPLE Console config dhcp domain name sample com Console config dhcp hardware address This command specifies the h...

Страница 1055: ...dress for the client SYNTAX host address mask no host address Specifies the IP address of a client mask Specifies the network mask of the client DEFAULT SETTING None COMMAND MODE DHCP Pool Configurati...

Страница 1056: ...currently in use by the host EXAMPLE Console config dhcp host 10 1 0 21 255 255 255 0 Console config dhcp RELATED COMMANDS client identifier 1050 hardware address 1052 lease This command configures th...

Страница 1057: ...to remove the NetBIOS name server list SYNTAX netbios name server address1 address2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP addr...

Страница 1058: ...er 1055 network This command configures the subnet number and mask for a DHCP address pool Use the no form to remove the subnet number and mask SYNTAX network network number mask no network network nu...

Страница 1059: ...rst field nnn determines the class 0 127 is class A only uses the first field in the network address 128 191 is class B uses the first two fields in the network address 192 223 is class C uses the fir...

Страница 1060: ...d as the address parameter the DHCP server clears all automatic bindings Use the no host command to delete a manual binding This command is normally used after modifying the address pool or after movi...

Страница 1061: ...2 1 3 21 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console show ip dhcp This command displays DHCP address pools configured on the switch COMMAND MODE Privileged Exec EXAMPLE Console show ip dhcp N...

Страница 1062: ...1060 CHAPTER 44 DHCP Commands DHCP Server...

Страница 1063: ...ich allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Table 141 VRRP Commands Command Function Mode vrrp authe...

Страница 1064: ...the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded Plain text authentication does not provide any real security It is supported only to p...

Страница 1065: ...customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP EXAMPLE This example creates VRRP g...

Страница 1066: ...p priority 1064 vrrp priority This command sets the priority of this router in a VRRP group Use the no form to restore the default setting SYNTAX vrrp group priority level no vrrp group priority group...

Страница 1067: ...interval at which the master virtual router sends advertisements communicating its state as the master Use the no form to restore the default interval SYNTAX vrrp group timers advertise interval no vr...

Страница 1068: ...group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console clear vrrp 1 interface 1 counters Co...

Страница 1069: ...Authentication SimpleText Authentication Key bluebird Master Router 192 168 1 6 Master Priority 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 142 show vrrp display desc...

Страница 1070: ...te Virtual Addr Interval Preempt Priority VLAN 1 1 Master 192 168 0 3 1 E 255 Console Table 143 show vrrp brief display description Field Description Interface VLAN interface Grp VRRP group State VRRP...

Страница 1071: ...fies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console show vrrp 1 interface vlan 1 counters Total Numb...

Страница 1072: ...OMMAND MODE Privileged Exec EXAMPLE Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Страница 1073: ...p Function IPv4 Interface Configures an IPv4 address for the switch IPv6 Interface Configures an IPv6 address for the switch IPV4 INTERFACE There are no IP addresses assigned to this switch by default...

Страница 1074: ...ress ip address netmask bootp dhcp secondary no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specif...

Страница 1075: ...not be removed if a secondary address is still present Also if any router in a network segment uses a secondary address all other routers in that segment must also use a secondary address from the sam...

Страница 1076: ...tly connects to the gateway has been configured on the router The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local a...

Страница 1077: ...00 E8 93 82 A0 via 00 00 E8 93 82 A0 Index 1001 MTU 1280 Bandwidth 1g Address Mode is User specified IP Address 192 168 1 3 Mask 255 255 255 0 Proxy ARP is disabled Console RELATED COMMANDS ip addres...

Страница 1078: ...aximum timeout has been reached may indicate this problem with the target device EXAMPLE Console traceroute 192 168 0 1 Press ESC to abort Source address 192 168 0 9 Destination address 192 168 0 1 Ho...

Страница 1079: ...ole ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response tim...

Страница 1080: ...P addresses into 48 bit hardware i e Media Access Control addresses This cache includes entries for hosts and other routers on local network interfaces defined on this router The maximum number of sta...

Страница 1081: ...P request packet is sent to re establish the MAC address The aging time determines how long dynamic entries remain in the cache If the timeout is too short the router may tie up resources by repeating...

Страница 1082: ...and deletes all dynamic entries from the Address Resolution Protocol ARP cache COMMAND MODE Privileged Exec EXAMPLE This example clears all dynamic entries in the ARP cache Console clear arp cache Thi...

Страница 1083: ...UDP destination ports for which GC broadcast traffic will be forwarded ip helper Enables UDP helper globally on the switch GC ip helper address Specifies the servers to which designated UDP protocol...

Страница 1084: ...asionally use UDP broadcasts to determine information such as address configuration and domain name mapping These broadcasts are confined to the local subnet either as an all hosts broadcast all ones...

Страница 1085: ...forward UDP packets with the UDP helper the clients must be connected to the selected interface and the interface configured with an IP address The UDP packets to be forwarded must be specifed by the...

Страница 1086: ...onsole config if show ip helper This command displays configuration settings for UDP helper COMMAND MODE Privileged Exec COMMAND USAGE This command displays all configuration settings for UDP helper i...

Страница 1087: ...and configured settings for IPv6 interfaces NE PE show ipv6 mtu Displays maximum transmission unit MTU information for IPv6 interfaces NE PE show ipv6 traffic Displays statistics about IPv6 traffic N...

Страница 1088: ...mal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The same link local address may be used by different interfaces...

Страница 1089: ...using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields To connect to a larger...

Страница 1090: ...ix prefix length eui 64 no ipv6 address ipv6 prefix prefix length eui 64 ipv6 prefix The IPv6 network portion of the address assigned to the interface prefix length A decimal value indicating how many...

Страница 1091: ...first be inverted to meet EUI 64 requirements i e 1 for globally defined addresses and 0 for locally defined addresses changing 28 to 2A Then the two bytes FFFE are inserted between the OUI i e compan...

Страница 1092: ...imal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields And the address prefix must be FE80 The address specified with...

Страница 1093: ...COMMAND MODE Interface Configuration VLAN COMMAND USAGE This command enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 an...

Страница 1094: ...transmission unit MTU for IPv6 packets sent on an interface Use the no form to restore the default setting SYNTAX ipv6 mtu size no ipv6 mtu size Specifies the MTU size Range 1280 65535 bytes DEFAULT S...

Страница 1095: ...v6 network portion of the address assigned to the interface The prefix must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double...

Страница 1096: ...e local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF...

Страница 1097: ...ption Field Description MTU Adjusted MTU contained in the ICMP packet too big message returned from this destination and now used for all traffic sent along this path Since Time since an ICMP packet t...

Страница 1098: ...group membership reduction messages router solicit messages router advertisement messages neighbor solicit messages neighbor advertisement messages redirect messages UDP Statistics Console 15 output...

Страница 1099: ...total number of datagrams successfully delivered to IPv6 user protocols including ICMP This counter is incremented at the interface to which these datagrams were addressed which might not be necessari...

Страница 1100: ...put interface for the messages errors The number of ICMP messages which the interface received but determined as having ICMP specific errors bad ICMP checksums bad length etc destination unreachable m...

Страница 1101: ...rface router solicit messages The number of ICMP Router Solicitation messages sent by the interface neighbor advertisement messages The number of ICMP Router Advertisement messages sent by the interfa...

Страница 1102: ...et Range 48 18024 bytes The actual packet size will be eight bytes larger than the size specified because the router adds header information DEFAULT SETTING count 5 size 100 bytes COMMAND MODE Privile...

Страница 1103: ...bor ipv6 address vlan vlan id hardware address no ipv6 mtu ipv6 address The IPv6 address of a neighbor device that can be reached through one of the network interfaces configured on this switch You ca...

Страница 1104: ...e no ipv6 enable command see page 1091 deletes all dynamically learned entries in the IPv6 neighbor discovery cache for that interface but does not delete static entries EXAMPLE The following maps a s...

Страница 1105: ...e Duplicate address detection is stopped on any interface that has been suspended see the vlan command While an interface is suspended all unicast IPv6 addresses assigned to that interface are placed...

Страница 1106: ...unicast address es 2001 DB8 2222 7272 64 subnet is 2001 DB8 2222 7272 64 2009 DB9 2229 79 subnet is Joined group address es FF02 2 FF02 1 FF00 0 FF02 1 2 FF02 1 FF9C CA10 FF02 1 IPv6 link MTU is 1500...

Страница 1107: ...end Console show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 2E0 CFF FE9C CA10 64 Global unicast address es 2001 DB8 2222 7272 64 subnet is 2001 DB8 2222 7272 64 2009 DB9 2229 7...

Страница 1108: ...s unspecified by this router EXAMPLE The following sets the reachable time for a remote node to 1000 milliseconds Console config interface vlan 1 Console config pv6 nd reachable time 1000 Console conf...

Страница 1109: ...fined fields DEFAULT SETTING All IPv6 neighbor discovery cache entries are displayed COMMAND MODE Privileged Exec EXAMPLE The following shows all known IPv6 neighbors for this switch Console show ipv6...

Страница 1110: ...that the forward path was functioning While in STALE state the device takes no action until a packet is sent D Delay More than the ReachableTime interval has elapsed since the last positive confirmat...

Страница 1111: ...uting Commands Command Group Function Global Routing Configuration Configures global parameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange...

Страница 1112: ...s route can be overridden by dynamic routing information if the distance of the dynamic route is less than that configured for the static route Note that the default administrative distances used by t...

Страница 1113: ...rm to restore the default settings SYNTAX maximum paths path count no maximum paths path count The maximum number of equal cost paths to the same destination that can be installed in the routing table...

Страница 1114: ...ding information base contains unique paths only It does not contain any secondary paths A FIB entry consists of the minimum amount of information necessary to make a forwarding decision on a particul...

Страница 1115: ...ected S static R RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2...

Страница 1116: ...es timestamp reply messages source quench messages address mask request messages address mask reply messages 2 input no port errors other errors output 4698 input input errors 5867 output Console ipv6...

Страница 1117: ...routing using the maximum paths command If an administrative distance is defined for a static route and the same destination can be reached through a dynamic route at a lower administration distance t...

Страница 1118: ...rivileged Exec COMMAND USAGE The FIB contains information required to forward IP traffic It contains the interface identifier and next hop information for each reachable destination network prefix bas...

Страница 1119: ...om other routing protocols maximum prefix Sets the maximum number of RIP routes allowed RC neighbor Defines a neighboring router with which to exchange RC information network Specifies the network int...

Страница 1120: ...guration settings router rip This command enables Routing Information Protocol RIP routing for all IP interfaces on the router Use the no form to disable it SYNTAX no router rip COMMAND MODE Global Co...

Страница 1121: ...MODE Router Configuration COMMAND USAGE This command does not override the metric value set by the redistribute command When a metric value has not been configured by the redistribute command the defa...

Страница 1122: ...e routes for which the best path is learned from a neighbor external to the local RIP autonomous system Routes with a distance of 255 are not installed in the routing table Range 1 255 network address...

Страница 1123: ...fix maximum routes no maximum prefix maximum routes The maximum number of RIP routes which can be installed in the routing table Range 1 7168 DEFAULT SETTING 1024 COMMAND MODE Router Configuration COM...

Страница 1124: ...ole config router RELATED COMMANDS passive interface 1123 network This command specifies the network interfaces that will be included in the RIP routing process Use the no form to remove an entry SYNT...

Страница 1125: ...assive interface vlan vlan id vlan id VLAN ID Range 1 4093 DEFAULT SETTING Disabled COMMAND MODE Router Configuration COMMAND USAGE If this command is used to stop sending routing updates on an interf...

Страница 1126: ...ic value to be used for all imported external routes A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric...

Страница 1127: ...240 seconds DEFAULT SETTING Update 30 seconds Timeout 180 seconds Garbage collection 120 seconds COMMAND MODE Router Configuration COMMAND USAGE The update timer sets the rate at which updates are sen...

Страница 1128: ...RIPv1 or RIPv2 packets Send Route information is broadcast to other routers with RIPv2 COMMAND MODE Router Configuration COMMAND USAGE When this command is used to specify a global RIP version any VL...

Страница 1129: ...n string command This command requires the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For authentication...

Страница 1130: ...at this command does not apply to RIPv1 For authentication to function properly both the sending and receiving interface must be configured with the same password and authentication enabled by the ip...

Страница 1131: ...e are still some older routers using RIPv1 EXAMPLE This example sets the interface version for VLAN 1 to receive RIPv1 packets Console config interface vlan 1 Console config if ip rip receive version...

Страница 1132: ...TING 1 compatible Route information is broadcast to other routers with RIPv2 COMMAND MODE Interface Configuration VLAN COMMAND USAGE Use this command to override the global setting specified by the RI...

Страница 1133: ...DE Interface Configuration VLAN DEFAULT SETTING Enabled COMMAND USAGE The no form of this command allows the router to passively monitor route information advertised by other routers attached to the n...

Страница 1134: ...med unreachable EXAMPLE This example propagates routes back to the source using poison reverse Console config interface vlan 1 Console config if ip split horizon poison reverse Console config if clear...

Страница 1135: ...ip protocols rip This command displays RIP process parameters COMMAND MODE Privileged Exec EXAMPLE Console show ip protocols rip Routing Protocol is rip Sending updates every 30 seconds with 5 seconds...

Страница 1136: ...ied interface vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPLE Console show ip rip Codes R RIP Rc RIP connected Rs RIP static C Connected S Static O OSPF Network Next Hop Metric From...

Страница 1137: ...ault metric for external routes imported RC from other protocols redistribute Redistribute routes from one routing domain to RC another summary address Summarizes routes advertised by an ASBR RC Area...

Страница 1138: ...e Displays interface information PE show ip ospf neighbor Displays neighbor information PE show ip ospf route Displays the OSPF routing table PE show ip ospf virtual links Displays parameters and the...

Страница 1139: ...me destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF rout...

Страница 1140: ...vertise a default external route into the AS if it has been configured to import external routes through other routing protocols or static routing and such a route is known See the redistribute comman...

Страница 1141: ...efault information originate metric 20 metric type 2 Console config router RELATED COMMANDS ip route 1110 redistribute 1185 router id This command assigns a unique router ID for this device within the...

Страница 1142: ...nge and starting the shortest path first SPF calculation and the hold time between making two consecutive SPF calculations Use the no form to restore the default values SYNTAX timers spf spf delay spf...

Страница 1143: ...command specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assigned default cost SYNTAX area area id default cost cost...

Страница 1144: ...es remain hidden from the rest of the network COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command can be used to summarize intra area routes and advertise this inform...

Страница 1145: ...lculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By default the cost is 1 Mbps for all port types including 100 Mbps ports 1 Gigabit ports and 10 Gigab...

Страница 1146: ...cols Range 0 16777214 COMMAND MODE Router Configuration DEFAULT SETTING 20 COMMAND USAGE The default metric must be used to resolve the problem of redistributing external routes from other protocols t...

Страница 1147: ...xternal route metric tag value A tag placed in the AS external LSA to identify a specific external routing domain or to pass additional information between routers Range 0 4294967295 COMMAND MODE Rout...

Страница 1148: ...earned from RIP as Type 1 external routes Console config router redistribute rip metric type 1 Console config router RELATED COMMANDS default information originate 1138 summary address This command ag...

Страница 1149: ...ates NSSA ABR translator role for Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never translates NSSA LSAs to Type 5 external LSAs always R...

Страница 1150: ...eyword External routes advertised into an NSSA can include network destinations outside the AS learned via OSPF the default route static routes routes imported from other routing protocols such as RIP...

Страница 1151: ...able space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that adverti...

Страница 1152: ...or as a four octet unsigned integer ranging from 0 4294967295 router id Router ID of the virtual link neighbor This specifies the Area Border Router ABR at the other end of the virtual link To create...

Страница 1153: ...Specifies message digest MD5 authentication null Indicates that no authentication is used authentication key key Sets a plain text password up to 8 characters that is used by neighboring routers on a...

Страница 1154: ...mple creates a virtual link using the defaults for all optional parameters Console config router network 10 4 0 0 0 255 255 0 0 area 10 4 0 0 Console config router area 10 4 0 0 virtual link 10 4 3 25...

Страница 1155: ...has been specified EXAMPLE This example creates the backbone 0 0 0 0 covering class B addresses 10 1 x x and a normal transit area 10 2 9 0 covering the class C addresses 10 2 9 x Console config route...

Страница 1156: ...earn the authentication key by snooping on routing protocol packets When using Message Digest 5 MD5 authentication the router uses the MD5 algorithm to verify data integrity by creating a 128 bit mess...

Страница 1157: ...No password COMMAND USAGE Before specifying plain text password authentication for an interface with the ip ospf authentication command configure a password with this command This command creates a pa...

Страница 1158: ...etric for this interface Use higher values to indicate slower ports Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 1 COMMAND USAGE The interface cost indicates the overhead re...

Страница 1159: ...ted to the current interface seconds The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down This interval must be set to the same value for al...

Страница 1160: ...that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic EXAMPLE Console config int...

Страница 1161: ...administrator time to update all the routers on the network without affecting the network connectivity Once all the network routers have been updated with the new key the old key should be removed for...

Страница 1162: ...segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the election process is initiated Configure ro...

Страница 1163: ...SYNTAX ip ospf ip address transmit delay seconds no ip ospf ip address transmit delay ip address This parameter can be used to indicate a specific IP address connected to the current interface If not...

Страница 1164: ...NG None COMMAND USAGE You can configure an OSPF interface as passive to prevent OSPF routing traffic from exiting or entering that interface No OSPF adjacency can be formed if one of the interfaces in...

Страница 1165: ...OSPF process ID and router ID The router ID uniquely identifies the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The...

Страница 1166: ...f interfaces in this area is The number of interfaces attached to this area Number of fully adjacent neighbors in this area is The number of neighbors for which the exchange of recognition protocol me...

Страница 1167: ...ation about all advertising routers is displayed ip address IP address of the specified router If no address is entered information about the local router is displayed link state id The network portio...

Страница 1168: ...scription OSPF Router Process with ID OSPF process ID and router ID The router ID uniquely identifies the router in the autonomous system By convention this is normally set to one of the router s IP i...

Страница 1169: ...equence number of LSA used to detect older duplicate LSAs Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Address mask for the network TOS Type...

Страница 1170: ...for the AS Link State ID IP network number External Network Number Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs Checksum Check...

Страница 1171: ...LS Sequence Number Sequence number of LSA used to detect older duplicate LSAs Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Address mask for...

Страница 1172: ...e LSA in bytes Link connected to Link state type including transit network stub network or virtual link Link ID Link type and corresponding Router ID or network address Link Data Router ID for transit...

Страница 1173: ...he link show ip ospf interface This command displays summary information for OSPF interfaces SYNTAX show ip ospf interface vlan vlan id vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPL...

Страница 1174: ...face is down Loopback This is a loopback interface Waiting Router is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but i...

Страница 1175: ...ription Neighbor ID Neighbor s router ID Pri Neighbor s router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for...

Страница 1176: ...10 11 0 24 10 is directly connected fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 vlan1 IA 172 16 10 0 24 30 via 10 10 11 50 vlan2...

Страница 1177: ...l link Timer intervals Configuration settings for timer intervals including Hello Dead and Retransmit RELATED COMMANDS area virtual link 1150 show ip protocols ospf This command displays OSPF process...

Страница 1178: ...hange and the RC hold time between consecutive SPF calculations Route Metrics and Summaries area default cost Sets the cost for a default summary route sent into a RC stub area range Summarizes routes...

Страница 1179: ...pv6 ospf route Displays the OSPF routing table PE show ipv6 ospf virtual links Displays parameters and the adjacency state of virtual PE links General Guidelines Follow these basic steps to configure...

Страница 1180: ...uting processes It should not be confused with the instance id configured with the ipv6 router ospf area command which is used to distinguish between different routing processes running on the same li...

Страница 1181: ...the backbone area IBM Interpretation A router is considered to be an ABR if it has more than one actively attached area and the backbone area is configured Standard Interpretation A router is consider...

Страница 1182: ...e router only advertises intra area routes into non backbone areas EXAMPLE Console config router abr type ibm Console config router max current dd This command sets the maximum number of neighbors wit...

Страница 1183: ...uter ID must be unique for every router in the autonomous system Note that the router ID can also be set to 255 255 255 255 If this router already has registered neighbors the new router ID will be us...

Страница 1184: ...iguration DEFAULT SETTING SPF delay 5 seconds SPF holdtime 10 seconds COMMAND USAGE Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations Using a low value for th...

Страница 1185: ...not advertise area id Identifies an area for which the routes are summarized The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 4294967295 ipv6 prefi...

Страница 1186: ...ange 73 8 advertise Console config router default metric This command sets the default metric for external routes imported from other protocols Use the no form to remove the default metric for the sup...

Страница 1187: ...te default Routers do not add internal route metric to external route metric COMMAND MODE Router Configuration DEFAULT SETTING redistribution none metric value 20 type metric 2 COMMAND USAGE This comm...

Страница 1188: ...ment are sent into the stub COMMAND USAGE All routers in a stub must be configured with the same area ID Routing table space is saved by stopping an ABR from flooding Type 4 Inter Area Router and Type...

Страница 1189: ...the virtual link To create a virtual link enter this command for an ABR at both ends of the link One of the ABRs must be next to the isolated area and the transit area at one end of the link while the...

Страница 1190: ...bone area 0 0 0 0 to maintain routing connectivity throughout the autonomous system If it not possible to physically connect an area to the backbone you can use a virtual link A virtual link can provi...

Страница 1191: ...ge 0 255 COMMAND MODE Interface Configuration DEFAULT SETTING None COMMAND USAGE An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous sy...

Страница 1192: ...er Range Alphanumeric string up to 16 characters instance id Identifies a specific OSPFv3 routing process on the link local network segment attached to this interface Range 0 255 COMMAND MODE Interfac...

Страница 1193: ...stance id cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link local network segment attach...

Страница 1194: ...ore declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link...

Страница 1195: ...econds COMMAND USAGE Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological...

Страница 1196: ...d If a DR already exists for a network segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the elec...

Страница 1197: ...o send a link state update packet over an interface Use the no form to restore the default value SYNTAX ipv6 ospf transmit delay seconds instance id instance id no ipv6 ospf transmit delay instance id...

Страница 1198: ...interface vlan vlan id ipv6 address vlan id VLAN ID Range 1 4093 ipv6 address A full IPv6 address including the network prefix and host address bits COMMAND MODE Router Configuration DEFAULT SETTING N...

Страница 1199: ...es the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The time this process has been running Supports only single TOS T...

Страница 1200: ...en executed for this area Number of LSA The total number of link state advertisements in this area s link state database excluding AS External LSA s Checksum The sum of the LS checksums of link state...

Страница 1201: ...SYNTAX show ipv6 ospf interface vlan vlan id vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 ospf interface vlan 1 VLAN 1 is up line protocol is up Link local Addr...

Страница 1202: ...outer Designated router ID and respective interface address Backup Designated Router Backup designated router ID and respective interface address Timer intervals Configuration settings for timer inter...

Страница 1203: ...ions being exchanged Loading LSA databases being exchanged Full Neighboring routers now fully adjacent Identification flags include D Dynamic neighbor S Static neighbor DR Designated router BDR Backup...

Страница 1204: ...ocal address 192 168 0 3 Remote address 192 168 0 2 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Adjacency state...

Страница 1205: ...these neighbors Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectio...

Страница 1206: ...CHAPTER 47 IP Routing Commands Open Shortest Path First OSPFv3 1204...

Страница 1207: ...cast Routing Configures static multicast router ports PIM Multicast Routing Configures global and interface settings for PIM DM and PIM SM GENERAL MULTICAST ROUTING This section describes commands use...

Страница 1208: ...command displays the IPv4 multicast routing table SYNTAX show ip mroute group address source summary group address An IPv4 multicast group address with subscribers directly attached or downstream from...

Страница 1209: ...M SSM C Connected A member of the multicast group is present on this interface P Pruned This route has been terminated F Register flag This device is registering for a multicast source R RP bit set Th...

Страница 1210: ...s associated with each interface indicate F Register flag This device is registering for a multicast source P Pruned This route has been terminated L Local Downstream interface has received IGMP repor...

Страница 1211: ...y in the IP multicast routing table COMMAND MODE Privileged Exec COMMAND USAGE This command displays information for multicast routing If no optional parameters are selected detailed information for e...

Страница 1212: ...r immediately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a requested service source Subnetwork containing...

Страница 1213: ...routes on the switch Table 179 Static Multicast Routing Commands Command Function Mode ip igmp snooping vlan mrouter Adds a multicast router port GC show ip igmp snooping mrouter Shows multicast rout...

Страница 1214: ...thin VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned...

Страница 1215: ...IC neighboring PIM router before declaring it dead ip pim hello interval Sets the interval between sending PIM hello messages IC ip pim join prune holdtime Configures the hold time for the prune stat...

Страница 1216: ...y Sets the priority value for a DR candidate IC ip pim join prune interval Sets the join prune timer IC clear ip pim bsr rp set Clears RP entries learned through the BSR PE show ip pim bsr router Disp...

Страница 1217: ...e mode Enables PIM Sparse Mode DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE To fully enable PIM you need to enable multicast routing globally for the router with th...

Страница 1218: ...oin messages toward the source They also send prune messages toward the RP to prune the shared path if they have already connected to the source through the SPT or if there are no longer any group mem...

Страница 1219: ...lo interval seconds Interval between sending PIM hello messages Range 1 65535 DEFAULT SETTING 30 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE Hello messages are sent to neighboring...

Страница 1220: ...ceiving a prune request Use the no form to disable this feature SYNTAX no ip pim lan prune delay DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE When other downstream...

Страница 1221: ...tinue receiving the flow referenced in the message Range 500 6000 milliseconds DEFAULT SETTING 2500 milliseconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The override interval configure...

Страница 1222: ...te the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the propagation delay represents the time require...

Страница 1223: ...le config if show ip pim interface This command displays information about interfaces configured for PIM SYNTAX show ip pim interface vlan vlan id vlan id VLAN ID Range 1 4094 COMMAND MODE Normal Exec...

Страница 1224: ...ole Table 182 show ip pim neighbor display description Field Description Neighbor Address IP address of the next hop router VLAN Interface Interface number that is attached to this neighbor Uptime The...

Страница 1225: ...to resend a Graft message if it has not been acknowledged Use the no form to restore the default value SYNTAX ip pim max graft retries retries no ip pim max graft retries retries The maximum number o...

Страница 1226: ...outer BSR candidate Use the no form to restore the default value SYNTAX ip pim bsr candidate interface vlan vlan id hash hash mask length priority priority no ip pim bsr candidate vlan id VLAN ID Rang...

Страница 1227: ...wo core routers in diverse locations each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP EXAMPLE The following ex...

Страница 1228: ...s back toward the rendezvous point RP Use the no form to restore the default setting SYNTAX ip pim register source interface vlan vlan id no ip pim register source vlan id VLAN ID Range 1 4094 DEFAULT...

Страница 1229: ...IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by more than one entr...

Страница 1230: ...ommand configures the router to advertise itself as a Rendezvous Point RP candidate to the bootstrap router BSR Use the no form to remove this router as an RP candidate SYNTAX ip pim rp candidate inte...

Страница 1231: ...d on the group address RP address priority and hash mask included in the bootstrap messages If there is a tie use the candidate RP with the highest IP address This distributed election process provide...

Страница 1232: ...rce to a receiver is through the RP However the path through the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its...

Страница 1233: ...ple election process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with...

Страница 1234: ...ce will be adversely affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested t...

Страница 1235: ...ion changes to the RP Use the show ip pim rp mapping command to display active RPs that are cached with associated multicast groups EXAMPLE This example clears the RP map Console clear ip pim bsr rp s...

Страница 1236: ...ow of an active BSR and will accept the first bootstrap message it sees as giving the new BSR s identity and the RP set Accept Preferred The router knows the identity of the current BSR and is using t...

Страница 1237: ...time before this entry will be removed show ip pim rp hash This command displays the RP used for the specified multicast group and the RP that advertised the mapping SYNTAX show ip pim rp hash group...

Страница 1238: ...m number of times to resend a IC Graft message if it has not been acknowledged ipv6 pim override interval Specifies the time it takes a downstream router to IC respond to a lan prune delay message ipv...

Страница 1239: ...ace that will participate in multicast routing with this command If you enable PIM on an interface you should also enable IGMP on that interface PIM mode selection determines how the switch populates...

Страница 1240: ...OMMAND MODE Interface Configuration VLAN COMMAND USAGE A graft message is sent by a router to cancel a prune state When a router receives a graft message it must respond with an graft acknowledgement...

Страница 1241: ...y at which PIM hello messages are transmitted Use the no form to restore the default value SYNTAX ipv6 pim hello interval seconds no pimv6 hello interval seconds Interval between sending PIM hello mes...

Страница 1242: ...ate for this multicast stream The prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry EXAMPLE Console config if ipv6 pim join...

Страница 1243: ...rride interval from those advertised by each neighbor including this switch EXAMPLE Console config if ipv6 pim lan prune delay Console config if RELATED COMMANDS ipv6 pim override interval 1242 ipv6 p...

Страница 1244: ...tion delay command are used to calculate the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the overrid...

Страница 1245: ...TED COMMANDS ipv6 pim override interval 1242 ipv6 pim lan prune delay 1240 ipv6 pim state refresh origination interval This command sets the interval between sending PIM DM state refresh control messa...

Страница 1246: ...ce Use the no form to restore the default value SYNTAX ipv6 pim triggerr hello delay seconds no ipv6 pim triggerr hello delay seconds The maximum time before sending a triggered PIM Hello message Rang...

Страница 1247: ...f neighboring PIM routers EXAMPLE Console show ip pim interface vlan 1 PIM is enabled Vlan 1 is up PIM Mode Dense Mode IPv6 Address None Hello Interval 30 sec Hello HoldTime 105 sec Triggered Hello De...

Страница 1248: ...AN 1 00 01 23 00 01 23 FF80 0202 VLAN 2 1d 11h Never Console Table 187 show ipv6 pim neighbor display description Field Description Neighbor Address IP address of the next hop router VLAN Interface In...

Страница 1249: ...1247 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1249 Troubleshooting on page 1255 License Information on page 1257...

Страница 1250: ...1248 SECTION IV Appendices...

Страница 1251: ...duplex SFP 10GBASE SR LR ER 10 Gbps at full duplex Module 10GBASE T 10 Gbps 1000 Mbps 100 Mbps at full duplex Module FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Br...

Страница 1252: ...vice policies MULTICAST FILTERING IGMP Snooping Layer 2 IGMP Layer 3 IGMP Proxy Multicast VLAN Registration IP ROUTING ARP Proxy ARP Static routes CIDR Classless Inter Domain Routing RIP RIPv2 OSPFv2...

Страница 1253: ...er Discovery Protocol IEEE 802 1D 2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802 1p Priority tags IEEE...

Страница 1254: ...6 TFTP RFC 1350 VRRP RFC 3768 MANAGEMENT INFORMATION BASES Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 DNS Resolver MIB RFC 1612 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridg...

Страница 1255: ...n Client MIB RFC 2619 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP Community MIB RFC 3584 SNMP Fr...

Страница 1256: ...1254 APPENDIX A Software Specifications Management Information Bases...

Страница 1257: ...network must be configured with the appropriate tag If you cannot connect using Telnet you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a la...

Страница 1258: ...ssages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages 6 Repeat the sequence of commands or other actions that lead...

Страница 1259: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1260: ...notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any...

Страница 1261: ...ired to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if y...

Страница 1262: ...ibution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exc...

Страница 1263: ...TFTP server that contains the devices system files and the name of the boot file COS Class of Service is supported by prioritizing packets based on the required level of service and then placing them...

Страница 1264: ...of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues EAPOL Extensible Authentication Protocol over LAN EAPOL is a client authentication protocol u...

Страница 1265: ...thod for the operation of MAC bridges including the Spanning Tree Protocol IEEE 802 1Q VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign endstations to...

Страница 1266: ...oup membership information onto the upstream interface based on IGMP messages monitored on downstream interfaces and forwards multicast traffic based on that information There is no need for multicast...

Страница 1267: ...tion meaning that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Information Base An acronym for Management Information Base It is a set o...

Страница 1268: ...ls such as RIP It includes features such as unlimited hop count authentication of routing updates and Variable Length Subnet Masks VLSM OUT OF BAND MANAGEMENT Management of the network from a station...

Страница 1269: ...et alarms on a variety of traffic conditions including specific error types RSTP Rapid Spanning Tree Protocol RSTP reduces the convergence time for network topology changes to about 10 of that require...

Страница 1270: ...hen TCP would be too complex too slow or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accur...

Страница 1271: ...940 clear arp cache 1080 clear counters 832 clear dns cache 1038 clear host 1039 clear ip dhcp binding 1058 clear ip dhcp snooping database flash 785 clear ip igmp group 997 clear ip ospf process 1141...

Страница 1272: ...secure port 729 ip http secure server 727 ip http server 727 ip igmp 991 ip igmp filter Global Configuration 978 ip igmp filter Interface Configuration 980 ip igmp last member query interval 992 ip ig...

Страница 1273: ...rver 735 ip ssh server key size 736 ip ssh timeout 736 ip telnet max sessions 730 ip telnet port 730 ip telnet server 731 ipv6 access group 813 ipv6 address 1087 ipv6 address eui 64 1088 ipv6 address...

Страница 1274: ...ration 932 map ip dscp Interface Configuration 934 map ip port Global Configuration 933 map ip port Interface Configuration 935 map ip precedence Global Configuration 933 map ip precedence Interface C...

Страница 1275: ...am size 700 sflow max header size 701 sflow owner 701 sflow sample 702 sflow source 702 sflow timeout 703 show access group 822 show access list 822 show accounting 725 show arp 1080 show arp access l...

Страница 1276: ...ss table count 858 show mac address table multicast 975 show mac vlan 918 show management 754 show map ip dscp 937 show map ip port 937 show map ip precedence 938 show memory 628 show mvr 989 show net...

Страница 1277: ...witchport acceptable frame types 893 switchport allowed vlan 894 switchport dot1q tunnel mode 901 switchport dot1q tunnel tpid 902 switchport forbidden vlan 888 switchport gvrp 888 switchport ingress...

Страница 1278: ...1276 COMMAND LIST...

Страница 1279: ...303 310 808 810 IPv6 Standard 303 308 808 809 MAC 303 312 814 time range 300 667 Address Resolution Protocol See ARP address table 195 855 aging time 198 855 aging time displaying 198 858 aging time s...

Страница 1280: ...ferentiated Services See DiffServ DiffServ 237 939 binding policy to interface 251 953 class map 238 940 944 class map description 239 941 color blind srTCM 246 947 color blind trTCM 247 949 committed...

Страница 1281: ...g throttling enabling 422 978 filtering throttling interface configuration 425 980 filtering throttling status 422 978 filtering configuring profile 979 980 filtering creating profile 423 979 filterin...

Страница 1282: ...87 dynamic configuration link local 77 453 1091 EUI format 456 1088 EUI 64 setting 456 1088 explicit configuration 453 1091 global unicast 456 1087 link local 457 1090 manual configuration global unic...

Страница 1283: ...MP snooping 407 959 enabling IGMP snooping per interface 415 959 router configuration 411 976 multicast groups 414 420 435 974 975 998 displaying 414 420 435 975 998 static 413 414 973 974 975 Multica...

Страница 1284: ...550 565 566 571 1150 transmit delay over interface 560 1161 virtual link 565 1150 virtual links displaying 570 1174 OSPFv3 1176 ABR route summary 1183 area border router 1183 backbone 1189 1190 config...

Страница 1285: ...guring interfaces 188 912 group configuration 186 912 interface configuration 188 912 proxy ARP 476 1079 proxy query address IGMP snooping 419 970 proxy query interval IGMP snooping 418 971 proxy quer...

Страница 1286: ...sures 259 755 serial port configuring 120 642 sFlow flow configuration 154 699 703 target device 154 699 shared tree PIM SM 589 1207 1210 1230 shortest path tree PIM SM 589 1207 1210 1230 Simple Mail...

Страница 1287: ...ing 157 904 trap manager 79 388 676 troubleshooting 1255 trTCM police meter 247 949 QoS policy 243 949 trunk configuration 140 839 LACP 144 839 841 static 141 840 tunneling unknown VLANs VLAN trunking...

Страница 1288: ...8 1061 group statistics 495 1066 preemption 489 490 1063 priority 489 490 1064 protocol message statistics 494 1070 timers 490 1065 virtual address 488 1062 W web authentication 276 775 address re aut...

Страница 1289: ...ch support available in 30 seconds or less Copyright 2013 Black Box Corporation All rights reserved Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any third par...

Отзывы:

Нет отзывов

Похожие инструкции для LGB6026A

Бренд: Datavideo Страницы: 4

Бренд: Datavideo Страницы: 66

Бренд: 3Com Страницы: 12

S7906E - Switch

Бренд: 3Com Страницы: 8

SilverStorm 9000

Бренд: Qlogic Страницы: 50

Бренд: Black Box Страницы: 4

Бренд: hager Страницы: 2

Бренд: REV Ritter Страницы: 15

Бренд: KinAn Страницы: 4

ToolBox GTB-MHDMI1.3-441

Бренд: Gefen Страницы: 25

Бренд: PRO SIGNAL Страницы: 4

Бренд: Scion Страницы: 8

Бренд: TP-Link Страницы: 34

Бренд: WilTec Страницы: 7

Бренд: Conrad Страницы: 8

Бренд: Zektor Страницы: 30

Бренд: AV Link Страницы: 2

Бренд: TP-Link Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды