Digisol DG-FS4526E Скачать руководство пользователя страница 362

Страница: 362 / 1162

HAPTER

| Security Measures

DHCP Snooping

– 362 –

DHCP S

NOOPING

The addresses assigned to DHCP clients on insecure ports can be carefully

controlled using the dynamic bindings registered with DHCP Snooping (or

using the static bindings configured with IP Source Guard). DHCP snooping

allows a switch to protect a network from rogue DHCP servers or other

devices which send port-related information to a DHCP server. This

information can be useful in tracking an IP address back to a physical port.

OMMAND

SAGE

DHCP Snooping Process

Network traffic may be disrupted when malicious DHCP messages are

received from an outside source. DHCP snooping is used to filter DHCP

messages received on a non-secure interface from outside the network

or fire wall. When DHCP snooping is enabled globally and enabled on a

VLAN interface, DHCP messages received on an untrusted interface

from a device not listed in the DHCP snooping table will be dropped.

Table entries are only learned for trusted interfaces. An entry is added

or removed dynamically to the DHCP snooping table when a client

receives or releases an IP address from a DHCP server. Each entry

includes a MAC address, IP address, lease time, VLAN identifier, and

port identifier.

The rate limit for the number of DHCP messages that can be processed

by the switch is 100 packets per second. Any DHCP packets in excess of

this limit are dropped.

When DHCP snooping is enabled, DHCP messages entering an

untrusted interface are filtered based upon dynamic entries learned via

DHCP snooping.

Filtering rules are implemented as follows:

If the global DHCP snooping is disabled, all DHCP packets are

forwarded.

If DHCP snooping is enabled globally, and also enabled on the VLAN

where the DHCP packet is received, all DHCP packets are forwarded

for a

trusted

port. If the received packet is a DHCP ACK message, a

dynamic DHCP snooping entry is also added to the binding table.

If DHCP snooping is enabled globally, and also enabled on the VLAN

where the DHCP packet is received, but the port is

not trusted

, it is

processed as follows:

If the DHCP packet is a reply packet from a DHCP server

(including OFFER, ACK or NAK messages), the packet is

dropped.

Содержание DG-FS4526E

Страница 1: ...MUSTANG 4000 SWITCH SERIES DG FS4526E MANAGEMENT GUIDE V1 0 2012 04 12 As our products undergo continuous development the specifications are subject to change without prior notice...

Страница 2: ...MANAGEMENT GUIDE DG FS4526E ENHANCED FAST ETHERNET SWITCH Layer 2 Switch with 24 10 100BASE TX RJ 45 Ports and 2 Gigabit Combination Ports RJ 45 SFP DG FS4526E E032011 ST R01 149100000142A...

Страница 3: ...nt information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you t...

Страница 4: ...ABOUT THIS GUIDE 4...

Страница 5: ...n Options 63 Required Connections 64 Remote Connections 65 Basic Configuration 66 Console Connection 66 Setting Passwords 66 Setting an IP Address 67 Downloading a Configuration File Referenced by a D...

Страница 6: ...tion Code Upgrade 111 Setting the System Clock 115 Setting the Time Manually 115 Setting the SNTP Polling Interval 116 Specifying SNTP Time Servers 117 Setting the Time Zone 118 Console Port Settings...

Страница 7: ...ng QinQ Tunneling on the Switch 185 Adding an Interface to a QinQ Tunnel 186 Protocol VLANs 188 Configuring Protocol VLAN Groups 188 Mapping Protocol Groups to Interfaces 190 Configuring IP Subnet VLA...

Страница 8: ...12 QUALITY OF SERVICE 249 Overview 249 Configuring a Class Map 250 Creating QoS Policies 253 Attaching a Policy Map to a Port 263 13 VOIP TRAFFIC CONFIGURATION 265 Overview 265 Configuring VoIP Traffi...

Страница 9: ...ng an Extended IPv4 ACL 320 Configuring a Standard IPv6 ACL 323 Configuring an Extended IPv6 ACL 325 Configuring a MAC ACL 326 Configuring an ARP ACL 329 Binding a Port to an Access Control List 331 A...

Страница 10: ...ting LLDP Timing Attributes 375 Configuring LLDP Interface Attributes 377 Displaying LLDP Local Device Information 380 Displaying LLDP Remote Port Information 383 Displaying Device Statistics 388 Simp...

Страница 11: ...Requests 462 Displaying Local MEPs 464 Displaying Details for Local MEPs 465 Displaying Local MIPs 467 Displaying Remote MEPs 468 Displaying Details for Remote MEPs 469 Displaying the Link Trace Cache...

Страница 12: ...513 Displaying the DNS Cache 514 18 MULTICAST FILTERING 517 Overview 517 Layer 2 IGMP Snooping and Query 518 Configuring IGMP Snooping and Query Parameters 520 Specifying Static Interfaces for a Multi...

Страница 13: ...okup 555 Negating the Effect of Commands 556 Using Command History 556 Understanding Command Modes 556 Exec Commands 556 Configuration Commands 557 Command Line Processing 559 CLI Command Groups 560 2...

Страница 14: ...onfigure mux 579 banner configure note 580 show banner 581 System Status 581 show access list tcam utilization 582 show memory 582 show process cpu 583 show running config 583 show startup config 584...

Страница 15: ...gging on 611 logging trap 612 clear log 612 show log 613 show logging 614 SMTP Alerts 615 logging sendmail 616 logging sendmail host 616 logging sendmail level 617 logging sendmail destination email 6...

Страница 16: ...server contact 635 snmp server location 636 show snmp 636 snmp server enable traps 637 snmp server host 638 snmp server engine id 641 snmp server group 642 snmp server user 643 snmp server view 644 s...

Страница 17: ...ius server auth port 667 radius server host 667 radius server key 668 radius server retransmit 668 radius server timeout 669 show radius server 669 TACACS Client 670 tacacs server host 670 tacacs serv...

Страница 18: ...elete public key 692 ip ssh crypto host key generate 693 ip ssh crypto zeroize 694 ip ssh save host key 694 show ip ssh 695 show public key 695 show ssh 696 802 1X Port Authentication 697 dot1x defaul...

Страница 19: ...0 network access dynamic qos 721 network access dynamic vlan 722 network access guest vlan 723 network access link detection 723 network access link detection link down 724 network access link detecti...

Страница 20: ...ping vlan 743 ip dhcp snooping trust 744 clear ip dhcp snooping database flash 745 show ip dhcp snooping 745 show ip dhcp snooping binding 745 IP Source Guard 746 ip source guard binding 746 ip source...

Страница 21: ...ermit deny Standard IPv6 ACL 769 permit deny Extended IPv6 ACL 770 show ipv6 access list 772 ipv6 access group 772 show ipv6 access group 773 MAC ACLs 774 access list mac 774 permit deny MAC ACL 775 m...

Страница 22: ...save 800 show power save 801 28 LINK AGGREGATION COMMANDS 803 port channel load balance 804 channel group 806 lacp 806 lacp admin key Ethernet Interface 808 lacp port priority 809 lacp system priorit...

Страница 23: ...er enable port traps atc multicast alarm clear 838 snmp server enable port traps atc multicast alarm fire 838 snmp server enable port traps atc multicast control apply 839 snmp server enable port trap...

Страница 24: ...elease mode 864 spanning tree loopback detection trap 865 spanning tree mst cost 865 spanning tree mst port priority 866 spanning tree port bpdu flooding 867 spanning tree port priority 868 spanning t...

Страница 25: ...s 896 switchport allowed vlan 896 switchport ingress filtering 897 switchport mode 898 switchport native vlan 899 vlan trunking 900 Displaying VLAN Information 901 show vlan 901 Configuring IEEE 802 1...

Страница 26: ...uring Voice VLANs 921 voice vlan 922 voice vlan aging 923 voice vlan mac address 923 switchport voice vlan 924 switchport voice vlan priority 925 switchport voice vlan rule 925 switchport voice vlan s...

Страница 27: ...63 ip igmp snooping priority 963 ip igmp snooping proxy reporting 964 ip igmp snooping querier 965 ip igmp snooping router alert option check 965 ip igmp snooping router port expire time 966 ip igmp s...

Страница 28: ...Throttling 981 ip igmp filter Global Configuration 982 ip igmp profile 983 permit deny 983 range 984 ip igmp filter Interface Configuration 984 ip igmp max groups 985 ip igmp max groups action 986 sho...

Страница 29: ...k agg 1010 lldp dot3 tlv mac phy 1011 lldp dot3 tlv max frame 1011 lldp med location civic addr 1012 lldp med notification 1013 lldp med tlv inventory 1014 lldp med tlv location 1015 lldp med tlv med...

Страница 30: ...1047 show ethernet cfm errors 1048 ethernet cfm mep crosscheck start delay 1049 snmp server enable traps ethernet cfm crosscheck 1049 mep crosscheck mpid 1050 ethernet cfm mep crosscheck 1051 show eth...

Страница 31: ...1073 show efm oam status remote interface 1074 42 DOMAIN NAME SERVICE COMMANDS 1075 ip domain list 1075 ip domain lookup 1076 ip domain name 1077 ip host 1078 ip name server 1079 ipv6 host 1080 clear...

Страница 32: ...ess link local 1105 ipv6 enable 1106 ipv6 mtu 1107 show ipv6 default gateway 1108 show ipv6 interface 1109 show ipv6 mtu 1110 show ipv6 traffic 1111 clear ipv6 traffic 1115 ping6 1116 ipv6 nd dad atte...

Страница 33: ...CONTENTS 33 Problems Accessing the Management Interface 1131 Using System Logs 1132 C LICENSE INFORMATION 1133 The GNU General Public License 1133 GLOSSARY 1137 COMMAND LIST 1145 INDEX 1153...

Страница 34: ...CONTENTS 34...

Страница 35: ...ervers 117 Figure 15 Setting the Time Zone 118 Figure 16 Console Port Settings 120 Figure 17 Telnet Connection Settings 122 Figure 18 Displaying CPU Utilization 123 Figure 19 Displaying Memory Utiliza...

Страница 36: ...c Trunks 153 Figure 48 Displaying Connection Parameters for Dynamic Trunks 154 Figure 49 Displaying LACP Port Counters 155 Figure 50 Displaying LACP Port Internal Information 157 Figure 51 Displaying...

Страница 37: ...ddress Aging Time 202 Figure 86 Displaying the Dynamic MAC Address Table 203 Figure 87 Clearing Entries in the Dynamic MAC Address Table 204 Figure 88 Mirroring Packets Based on the Source MAC Address...

Страница 38: ...P Internal Mapping 245 Figure 120 Configuring CoS to DSCP Internal Mapping 247 Figure 121 Showing CoS to DSCP Internal Mapping 248 Figure 122 Configuring a Class Map 251 Figure 123 Showing Class Maps...

Страница 39: ...nfiguring Interface Settings for Web Authentication 291 Figure 156 Configuring Global Settings for Network Access 295 Figure 157 Configuring Interface Settings for Network Access 297 Figure 158 Config...

Страница 40: ...ce Settings for 802 1X Port Authenticator 351 Figure 194 Configuring Interface Settings for 802 1X Port Supplicant 353 Figure 195 Showing Statistics for 802 1X Port Authenticator 355 Figure 196 Showin...

Страница 41: ...igure 227 Setting Community Access Strings 402 Figure 228 Showing Community Access Strings 402 Figure 229 Configuring Local SNMPv3 Users 404 Figure 230 Showing Local SNMPv3 Users 405 Figure 231 Config...

Страница 42: ...Showing Maintenance Associations 453 Figure 266 Configuring Detailed Settings for Maintenance Associations 454 Figure 267 Configuring Maintenance End Points 455 Figure 268 Showing Maintenance End Poi...

Страница 43: ...6 Statistics ICMPv6 507 Figure 302 Showing IPv6 Statistics UDP 508 Figure 303 Showing Reported MTU Values 508 Figure 304 Configuring General Settings for DNS 510 Figure 305 Configuring a List of Domai...

Страница 44: ...an IGMP Filtering Profile 537 Figure 328 Configuring IGMP Filtering and Throttling Interface Settings 539 Figure 329 MVR Concept 540 Figure 330 Configuring Global Settings for MVR 542 Figure 331 Conf...

Страница 45: ...ty Mapping 239 Table 15 CoS Priority Levels 239 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 240 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 244 Table 18 Defau...

Страница 46: ...47 System Status Commands 581 Table 48 Frame Size Commands 588 Table 49 Flash File Commands 589 Table 50 File Directory Information 595 Table 51 Line Commands 599 Table 52 Event Logging Commands 608 T...

Страница 47: ...S Profiles 721 Table 84 Web Authentication 732 Table 85 DHCP Snooping Commands 737 Table 86 IP Source Guard Commands 746 Table 87 ARP Inspection Commands 751 Table 88 Access Control List Commands 761...

Страница 48: ...c Segmentation 912 Table 121 Protocol based VLAN Commands 914 Table 122 IP Subnet VLAN Commands 918 Table 123 MAC Based VLAN Commands 920 Table 124 Voice VLAN Commands 921 Table 125 Priority Commands...

Страница 49: ...50 show fault notify generator display description 1062 Table 151 OAM Commands 1065 Table 152 Address Table Commands 1075 Table 153 show dns cache display description 1082 Table 154 show hosts display...

Страница 50: ...TABLES 50...

Страница 51: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 52: ...SECTION I Getting Started 52...

Страница 53: ...password Telnet SSH Web HTTPS General Security Measures AAA ARP Inspection DHCP Snooping with Option 82 relay information IP Source Guard Port Authentication IEEE 802 1X Port Security MAC address fil...

Страница 54: ...er names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE Store and Forward S...

Страница 55: ...uplex mode and flow control used on specific ports or use auto negotiation to detect the connection settings used by the attached device Use the full duplex mode on ports whenever possible to double t...

Страница 56: ...IEEE 802 1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to...

Страница 57: ...k The switch supports tagged VLANs based on the IEEE 802 1Q standard Members of VLAN groups can be dynamically learned via GVRP or ports can be manually assigned to a specific set of VLANs This allows...

Страница 58: ...t traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding MULTICAST FILTER...

Страница 59: ...h s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file The following table lists s...

Страница 60: ...isabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 64 kbits sec Multicast Disabled Unknown Unicast Disabled OAM...

Страница 61: ...way 0 0 0 0 DHCP Client Enabled DNS Proxy service Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled Multicast VLAN Registration Disabled IGMP Proxy Re...

Страница 62: ...CHAPTER 1 Introduction System Defaults 62...

Страница 63: ...rd web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to the...

Страница 64: ...h provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatibl...

Страница 65: ...rotocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignment via DHCP see Setting an IP Address on page 67 NOTE This...

Страница 66: ...ation procedure starts 2 At the User Name prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the C...

Страница 67: ...fix received in router advertisement messages An IPv6 link local address for use in a local network can also be dynamically generated as described in Obtaining an IPv6 Address on page 71 The current s...

Страница 68: ...address An IPv6 prefix or address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the a...

Страница 69: ...ll address including a network prefix and the host address for the switch You can specify either the full IPv6 address or the IPv6 address and prefix length The prefix length for an IPv6 network is th...

Страница 70: ...casting service requests IP will be enabled but will not function until a BOOTP or DHCP reply has been received Requests are broadcast every few minutes using exponential backoff until IP configuratio...

Страница 71: ...Index 746 MTU 0 Address Mode is User specified VLAN 1 is Administrative Up Link Up Address is 00 17 7C DA FC E8 Index 1001 MTU 1500 Address Mode is DHCP IP Address 192 168 0 2 Mask 255 255 255 0 Conso...

Страница 72: ...To dynamically generate an IPv6 host address for the switch complete the following steps 1 From the Global Configuration mode prompt type interface vlan 1 to access the interface configuration mode Pr...

Страница 73: ...ration file based on information passed by the DHCP server it will not send any further DHCP client requests If the switch does not receive a DHCP response prior to completing the bootup process it wi...

Страница 74: ...vision tftp server name code 66 text option dynamicProvision bootfile name code 67 text subnet 192 168 255 0 netmask 255 255 255 0 range 192 168 255 160 192 168 255 200 option routers 192 168 255 101...

Страница 75: ...IB tree and a default view for the private community string that provides read write access to the entire MIB tree However you may assign new views to version 1 or 2c community strings that suit your...

Страница 76: ...or is the user name of a version 3 host version indicates the SNMP client version and auth noauth priv means that authentication no authentication or authentication and privacy is used for v3 clients...

Страница 77: ...ration files can be selected as a system start up file or can be uploaded via FTP TFTP to a server for backup The file named Factory_Default_Config cfg contains all the system default settings and can...

Страница 78: ...e from 1 to 31 characters must not contain slashes or and the leading letter of the file name must not be a period Valid characters A Z a z 0 9 _ There can be more than one user defined configuration...

Страница 79: ...ame of the startup file stored on the server Press Enter 4 Enter the name for the startup file on the switch Press Enter Console copy file startup config Console copy tftp startup config TFTP server I...

Страница 80: ...CHAPTER 2 Initial Switch Configuration Managing System Files 80...

Страница 81: ...Interface Configuration on page 129 VLAN Configuration on page 167 Address Table Settings on page 199 Spanning Tree Algorithm on page 207 Rate Limit Configuration on page 231 Storm Control Configurat...

Страница 82: ...SECTION II Web Configuration 82...

Страница 83: ...ateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 67 2 Set user names and passwords using an out of band serial connection Access to the web agent...

Страница 84: ...inistrator has Read Write access to all configuration parameters and statistics The default user name and password for the administrator is admin HOME PAGE When your web browser connects with the swit...

Страница 85: ...or item Check for newer versions of stored pages should be Every visit to the page PANEL DISPLAY The web agent displays an image of the switch s ports The Mode can be set to display different informat...

Страница 86: ...jumbo frames shows the bridge extension parameters 104 105 File 106 Copy Allows the transfer and copying files 106 Set Startup Sets the startup file 109 Show Shows the files stored in flash memory all...

Страница 87: ...ion settings 147 Dynamic 149 Configure Aggregator Configures administration key for specific LACP groups 149 Configure Aggregation Port 147 Configure 147 General Allows ports to dynamically join trunk...

Страница 88: ...VLAN attributes per interface 172 Edit Member by Interface Range Specifies VLAN attributes per interface range 172 Dynamic Configure General Enables GVRP VLAN registration protocol globally 177 Confi...

Страница 89: ...ch to a target port 204 Spanning Tree 207 Loopback Detection Configures Loopback Detection parameters 210 STA Spanning Tree Algorithm Configure Global Configure Configures global bridge settings for S...

Страница 90: ...e 239 Configure Maps internal per hop behavior values to hardware queues 239 Show Shows the PHB to Queue mapping list 239 DiffServ 249 Configure Class 250 Add Creates a class map for a type of traffic...

Страница 91: ...at which the local accounting service updates information to the accounting server 279 Configure Method 279 Add Configures accounting for various service types 279 Show Shows the accounting settings u...

Страница 92: ...addresses exempt from authentication 298 Show Shows the list of exempt MAC addresses 298 Show Information Shows the authenticated MAC address list 300 HTTPS Secure HTTP 301 Configure Global Enables H...

Страница 93: ...lowed management access 340 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 342 Port Authentication IEEE 802 1X 344 Configure...

Страница 94: ...92 Configure Engine 393 Set Engine ID Sets the SNMP v3 engine ID on this switch 393 Add Remote Engine Sets the SNMP v3 engine ID for a remote device 394 Show Remote Engine Shows configured engine ID f...

Страница 95: ...in the statistics group 421 Show Details History Shows sampled data for each entry in the history group 418 Statistics Shows sampled data for each entry in the history group 421 Cluster 424 Configure...

Страница 96: ...t Link Trace Sends link trace messages to isolate connectivity faults by tracing the path through a network to the designated target node 458 Transmit Loopback Sends loopback messages to isolate conne...

Страница 97: ...Adds global unicast EUI 64 or link local IPv6 address to an interface 497 Show IPv6 Address Shows the IPv6 addresses assigned to an interface 500 Show IPv6 Neighbor Cache Displays information in the I...

Страница 98: ...nt Multicast Router Displays ports attached to a neighboring multicast router either through static or dynamic configuration 524 IGMP Member 525 Add Static Member Statically assigns multicast addresse...

Страница 99: ...542 Configure Interface Configures MVR interface type and immediate leave mode also displays MVR operational and active status 543 Configure Static Group Member 546 Add Statically assigns MVR multica...

Страница 100: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 100...

Страница 101: ...tem start up files Setting the System Clock Sets the current time manually or through specified SNTP servers Console Port Settings Sets console port connection parameters Telnet Settings Sets Telnet c...

Страница 102: ...ystem Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To configure general system information 1 Click System General 2 Specify the system n...

Страница 103: ...s Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as Master or Slave EPLD Version Version number of EEPROM Programmable Logic...

Страница 104: ...m Management Commands on page 571 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is oper...

Страница 105: ...st addresses Refer to Setting Static Addresses on page 199 VLAN Version Number Based on IEEE 802 1Q 1 indicates Bridges that support only single spanning tree SST operation and 2 indicates Bridges tha...

Страница 106: ...System File Copy page to upload download firmware or configuration settings using FTP TFTP or HTTP By backing up a file to FTP TFTP server or management station that file can later be downloaded to t...

Страница 107: ...le Type Specify Operation Code to copy firmware File Name The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names i...

Страница 108: ...ngs to a local file on the switch The configuration settings are not automatically saved by the system for subsequent use when the switch is rebooted You must save these settings to the current startu...

Страница 109: ...5 Then click Apply Figure 8 Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file reboot the system via the System Reset menu SETTING...

Страница 110: ...System File Show page to show the files in the system directory or to delete a file NOTE Files designated for start up and the Factory_Default_Config cfg file cannot be deleted CLI REFERENCES dir on...

Страница 111: ...ile name of the code stored on the remote server must be dg fs4526e bix using upper case and lower case letters exactly as indicated here Enter the file name for other switches described in this manua...

Страница 112: ...switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image PARAMETERS The following parameters are displayed Automatic Opcode Upgra...

Страница 113: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL Examples The following...

Страница 114: ...3 Mark the check box to enable Automatic Opcode Upgrade 4 Enter the URL of the FTP or TFTP server and the path and directory containing the operation code 5 Click Apply Figure 11 Configuring Automati...

Страница 115: ...tch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY Use the System Time Configure General Manual page to set the system time on the switch manually without using...

Страница 116: ...Time on page 619 PARAMETERS The following parameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time up...

Страница 117: ...RAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three time servers The switch attempts to update the time from the first server if this f...

Страница 118: ...ed time zone definitions or you can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 622 PARAMETERS The following parameters are displayed Direction Con...

Страница 119: ...600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent f...

Страница 120: ...he console connection see login on page 601 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts The...

Страница 121: ...t and Secure Shell i e both Telnet and SSH share a maximum number or eight sessions Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detec...

Страница 122: ...le port 1 Click System then Telnet 2 Specify the connection parameters as required 3 Click Apply Figure 17 Telnet Connection Settings DISPLAYING CPU UTILIZATION Use the System CPU Utilization page to...

Страница 123: ...soon as a new setting is selected Figure 18 Displaying CPU Utilization DISPLAYING MEMORY UTILIZATION Use the System Memory Status page to display memory utilization parameters CLI REFERENCES show mem...

Страница 124: ...e system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command see co...

Страница 125: ...0 59 Regularly Specifies a periodic interval at which to reload the switch Time HH The hour at which to reload Range 0 23 MM The minute at which to reload Range 0 59 Period Daily Every day Weekly Day...

Страница 126: ...CHAPTER 4 Basic Management Tasks Resetting the System 126 Figure 20 Restarting the Switch Immediately Figure 21 Restarting the Switch In...

Страница 127: ...CHAPTER 4 Basic Management Tasks Resetting the System 127 Figure 22 Restarting the Switch At Figure 23 Restarting the Switch Regularly...

Страница 128: ...CHAPTER 4 Basic Management Tasks Resetting the System 128...

Страница 129: ...Configures static or dynamic trunks Saving Power Adjusts the power provided to ports based on the length of the cable used to connect to other devices Traffic Segmentation Configures the uplinks and...

Страница 130: ...ERS These parameters are displayed Port Port identifier Range 1 26 Type Indicates the port type 100Base TX 1000Base T 100Base SFP 1000Base SFP Name Allows you to label an interface Range 1 64 characte...

Страница 131: ...ex operation Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the seg...

Страница 132: ...e or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page 129 CLI REFERENCES Interfac...

Страница 133: ...isplayed Port Port identifier Type Indicates the port type 100Base TX 1000Base T 100Base SFP or 1000Base SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indicates i...

Страница 134: ...re 27 Configuring Local Port Mirroring CLI REFERENCES Local Port Mirroring Commands on page 815 COMMAND USAGE Traffic can be mirrored from one or more source ports to a destination port on the same sw...

Страница 135: ...AC address the matching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed Source Port The port whose traffic will be monitored Target Port...

Страница 136: ...ion over a user specified VLAN dedicated to that RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSPAN VLAN through IEEE 802 1Q trunk or hybri...

Страница 137: ...g the mirror session the switch s role Destination the destination port whether or not the traffic exiting this port will be tagged or untagged and the RSPAN VLAN Then specify each uplink port where t...

Страница 138: ...ffic Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations Destination Specifies this device as a swi...

Страница 139: ...r the same session Also note that a destination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the...

Страница 140: ...rnet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loadin...

Страница 141: ...The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Transmitted Multicast Packets The total number of packets that hi...

Страница 142: ...ss than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet seg...

Страница 143: ...1 Click Interface Port Chart 2 Select the statistics mode to display Interface Etherlike RMON or All Utilization Statistics Input Octets per second Number of octets entering this interface per second...

Страница 144: ...rminations Problems such as opens shorts and cable impedance mismatch can be diagnosed with this test CLI REFERENCES Interface Commands on page 783 COMMAND USAGE Cable diagnostics are performed using...

Страница 145: ...RAMETERS These parameters are displayed Port Switch port identifier Type Displays media type FE Fast Ethernet GE Gigabit Ethernet Link Status Shows if the port link is up or down Test Result The resul...

Страница 146: ...aced in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it COMMAND USAGE Besides balancing the load across each port in the trunk the...

Страница 147: ...his switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the...

Страница 148: ...t Add Member from the Action list 4 Select a trunk identifier 5 Set the unit and port for an additional trunk member 6 Click Apply Figure 39 Adding Static Trunks Members To configure connection parame...

Страница 149: ...NFIGURING A DYNAMIC TRUNK Use the Interface Trunk Dynamic Configure Aggregator page to set the administrative key for an aggregation group enable LACP on a port and configure protocol parameters for l...

Страница 150: ...y is not set when a channel group is formed i e it has a null value of 0 the operational value of this key is set to the same value as the port admin key used by the interfaces that joined the group s...

Страница 151: ...s operational state and will only take effect the next time an aggregate link is established with that port NOTE Configuring the port partner sets the remote side of an aggregate link i e the ports on...

Страница 152: ...gure 44 Enabling LACP on a Port To configure LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action...

Страница 153: ...ct a Trunk Figure 46 Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Trunk from the Step List 3 Select Conf...

Страница 154: ...8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent...

Страница 155: ...ation Internal page to display the configuration settings and operational state for the local side of a link aggregation CLI REFERENCES show lacp on page 811 PARAMETERS These parameters are displayed...

Страница 156: ...d in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not e...

Страница 157: ...ner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Ope...

Страница 158: ...al 5 Select a group member from the Port list Figure 51 Displaying LACP Port Remote Information SAVING POWER Use the Interface Green Ethernet page to enable power savings mode on the selected port CLI...

Страница 159: ...itter and receiver functions and powers up the MAC interface Power saving when there is a link partner Traditional Ethernet connections typically operate with enough power to support at least 100 mete...

Страница 160: ...o isolate traffic for individual clients Traffic belonging to each client is isolated to the allocated downlink ports But the switch can be configured to either isolate traffic passing across a client...

Страница 161: ...segmentation 1 Click Interface Traffic Segmentation 2 Select Configure Global from the Step list 3 Mark the Status check box and set the required uplink to uplink mode 4 Click Apply Figure 53 Enabling...

Страница 162: ...igned uplink ports will operate as normal ports PARAMETERS These parameters are displayed Session ID Traffic segmentation session Range 1 4 Direction Adds an interface to the segmented group by settin...

Страница 163: ...Add from the Action list 4 Enter the session ID set the direction to uplink or downlink and select the interface to add 5 Click Apply Figure 54 Configuring Members for Traffic Segmentation WEB INTERF...

Страница 164: ...e intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN groups in switches A and B Switches C D and E automatically allow frames with VLAN group tags 1 a...

Страница 165: ...ange 1 26 Trunk Trunk Identifier Range 1 13 VLAN Trunking Status Enables VLAN trunking on the selected interface WEB INTERFACE To enable VLAN trunking on a port or trunk 1 Click Interface VLAN Trunkin...

Страница 166: ...CHAPTER 5 Interface Configuration VLAN Trunking 166...

Страница 167: ...each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffi...

Страница 168: ...a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other V...

Страница 169: ...assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When t...

Страница 170: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Страница 171: ...ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows if RSPAN is enabled on this VLAN see Configuring Remote Port Mirroring on page 136 WE...

Страница 172: ...howing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a range of interfaces Use the menus for editing port memb...

Страница 173: ...nk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the p...

Страница 174: ...ort will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is fo...

Страница 175: ...re static members by the VLAN index 1 Click VLAN Static 2 Select Edit Member by VLAN from the Action list 3 Set the Interface type to display as Port or Trunk 4 Modify the settings for any interface a...

Страница 176: ...LAN Members by Interface To configure static members by interface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port or...

Страница 177: ...N members on ports across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN...

Страница 178: ...e for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Ra...

Страница 179: ...VRP To configure GVRP status and timers on a port or trunk 1 Click VLAN Dynamic 2 Select Configure Interface from the Step list 3 Set the Interface type to display as Port or Trunk 4 Modify the GVRP s...

Страница 180: ...w Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 68 Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN 1 Click VLAN Dynamic 2 Select S...

Страница 181: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Страница 182: ...r tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags If the incoming packet is...

Страница 183: ...l to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled If...

Страница 184: ...3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tun...

Страница 185: ...inQ mode Default Disabled Ethernet Type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel port Range hexadecimal 0800 FFFF Default 8100 Use this field to set a c...

Страница 186: ...any participating interface CLI REFERENCES Configuring IEEE 802 1Q Tunneling on page 902 COMMAND USAGE Use the Configure Global page to set the switch to QinQ mode before configuring a tunnel access...

Страница 187: ...egate and preserve customer VLAN IDs for traffic crossing the service provider network Uplink Configures QinQ tunneling for an uplink port to another device within the service provider network WEB INT...

Страница 188: ...y we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to...

Страница 189: ...ng Protocol VLAN rule via the console Alternately the switch can be power cycled however all unsaved configuration changes will be lost WEB INTERFACE To configure a protocol group 1 Click VLAN Protoco...

Страница 190: ...erfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is ta...

Страница 191: ...Select Add from the Action list 4 Select a port or trunk 5 Enter the identifier for a protocol group 6 Enter the corresponding VLAN to which the protocol traffic will be forwarded 7 Click Apply Figur...

Страница 192: ...to only one VLAN ID An IP subnet consists of an IP address and a mask When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLAN mapping table and if a...

Страница 193: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 194: ...VLANs on page 920 COMMAND USAGE The MAC to VLAN mapping applies to all ports on the switch Source MAC addresses can be mapped to only one VLAN ID Configured MAC addresses cannot be broadcast or multic...

Страница 195: ...s in the MAC Address field 4 Enter an identifier in the VLAN field Note that the specified VLAN need not already be configured 5 Enter a value to assign to untagged frames in the Priority field 6 Clic...

Страница 196: ...led the target port can receive a mirrored packet twice once from the source mirror port and again from the source mirrored VLAN The target port receives traffic from all monitored source VLANs and ca...

Страница 197: ...mirroring 1 Click VLAN Mirror 2 Select Add from the Action list 3 Select the source VLAN and select a target port 4 Click Apply Figure 81 Configuring VLAN Mirroring To show the VLANs to be mirrored 1...

Страница 198: ...CHAPTER 6 VLAN Configuration Configuring VLAN Mirroring 198...

Страница 199: ...C addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another...

Страница 200: ...he form of xx xx xx xx xx xx or xxxxxxxxxxxx Static Status Sets the time to retain the specified address Delete on reset Assignment lasts until the switch is reset Permanent Assignment is permanent Th...

Страница 201: ...IME Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned forwarding information CLI REF...

Страница 202: ...source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated...

Страница 203: ...or Interface 5 Click Query Figure 86 Displaying the Dynamic MAC Address Table CLEARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from...

Страница 204: ...port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner CLI REFERENCES Loca...

Страница 205: ...matching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed Source MAC MAC address in the form of xx xx xx xx xx xx or xxxxxxxxxxxx Target P...

Страница 206: ...ress Table Settings Configuring MAC Address Mirroring 206 To show the MAC addresses to be mirrored 1 Click MAC Address Mirror 2 Select Show from the Action list Figure 89 Showing the Source MAC Addres...

Страница 207: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 208: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 209: ...cations with STP or RSTP nodes in the global network Figure 92 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a single Common...

Страница 210: ...eceive it s own BPDUs in a forward delay interval NOTE If loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Sta...

Страница 211: ...MAND USAGE Spanning Tree Protocol1 Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemented...

Страница 212: ...t have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for the previous mode and restarts the system in the...

Страница 213: ...ndard Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to each interface Long Specif...

Страница 214: ...uration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID m...

Страница 215: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 215 Figure 94 Configuring Global Settings for STA STP Figure 95 Configuring Global Settings for STA RSTP...

Страница 216: ...ning tree on page 871 show spanning tree mst configuration on page 873 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique iden...

Страница 217: ...ACE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 97 Displaying Global Settings for STA CO...

Страница 218: ...loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter is used by...

Страница 219: ...ing tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding...

Страница 220: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Страница 221: ...will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays current state of this port within the Spanning Tree Discarding P...

Страница 222: ...mmunicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operationa...

Страница 223: ...tep list 3 Select Show Information from the Action list Figure 100 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 224: ...bridges within the same MSTI Region page 211 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Страница 225: ...lect Configure Global from the Step list 3 Select Add from the Action list 4 Specify the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP...

Страница 226: ...from the Step list 3 Select Show from the Action list Figure 102 Displaying MST Instances To modify the priority for an MST instance 1 Click Spanning Tree MSTP 2 Select Configure Global from the Step...

Страница 227: ...isplaying Global Settings for STA on page 216 Figure 104 Displaying Global Settings for an MST Instance To add additional VLAN groups to an MSTP instance 1 Click Spanning Tree MSTP 2 Select Configure...

Страница 228: ...mands on page 847 PARAMETERS These parameters are displayed MST ID Instance identifier to configure Default 0 Interface Displays a list of ports or trunks STA Status Displays the current state of this...

Страница 229: ...media and higher values assigned to ports with slower media Path cost takes precedence over port priority Note that when the Path Cost Method is set to short page 3 63 the maximum path cost is 65 535...

Страница 230: ...Interface Settings for MSTP 230 To display MSTP parameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Show Information from the Action list...

Страница 231: ...plied to individual ports When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic...

Страница 232: ...uration 232 WEB INTERFACE To configure rate limits 1 Click Traffic Rate Limit 2 Enable the Rate Limit Status for the required ports 3 Set the rate limit for the individual ports 4 Click Apply Figure 1...

Страница 233: ...broadcast and multicast or unknown unicast traffic packets exceeding the threshold are dropped until the rate falls back down beneath the threshold The rate limits set by this function are also used...

Страница 234: ...nd unknown unicast storm control Rate Threshold level as a rate i e packets per second Range 64 100000 Kbps for Fast Ethernet ports 64 1000000 Kbps for Gigabit Ethernet ports Default 64 Kbps NOTE Only...

Страница 235: ...ocessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Страница 236: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 111 Setting the Default Port Priority...

Страница 237: ...pplications assigned a specific priority value Service time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weight...

Страница 238: ...queue mode 1 Click Traffic Priority Queue 2 Set the queue mode 3 If the weighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combination of str...

Страница 239: ...arate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in Table 14 The following table indicates the...

Страница 240: ...where 3 is the highest CoS priority queue WEB INTERFACE To map internal PHB to hardware queues 1 Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Select a port 4 Map an i...

Страница 241: ...s 241 Figure 115 Mapping CoS Values to Egress Queues To show the internal PHB to hardware queue map 1 Click Traffic Priority PHB to Queue 2 Select Show from the Action list 3 Select an interface Figur...

Страница 242: ...ine the hardware queues used for egress traffic not to replace the priority values These defaults are designed to optimize priority services for the majority of network applications It should not be n...

Страница 243: ...Apply Figure 117 Setting the Trust Mode MAPPING INGRESS DSCP VALUES TO INTERNAL DSCP VALUES Use the Traffic Priority DSCP to DSCP page to map DSCP values in incoming packets to per hop behavior and dr...

Страница 244: ...rs are displayed Port Specifies a port DSCP DSCP value in ingress packets Range 0 63 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for Ra...

Страница 245: ...Select Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any DSCP value 5 Click Apply Figure 118 Configuring DSCP to DSCP Internal Mapping To show the DSCP to intern...

Страница 246: ...p behavior PHB which determines the queue to which a packet is sent and two bits for drop precedence namely color which is used by Random Early Detection RED to control traffic congestion RED starts d...

Страница 247: ...o DSCP 2 Select Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any of the CoS CFI combinations 5 Click Apply Figure 120 Configuring CoS to DSCP Internal Mapping T...

Страница 248: ...e Layer 3 4 Priority Settings 248 To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list 3 Select a port Figure 121 Showing CoS...

Страница 249: ...t kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the...

Страница 250: ...ured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign a...

Страница 251: ...e of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSC...

Страница 252: ...aps To edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of tra...

Страница 253: ...ich indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value or a member of specific VLAN A policy map is then configured which indicates the boundary param...

Страница 254: ...Early Detection A packet is marked green if it doesn t exceed the committed information rate and committed burst size yellow if it does exceed the committed information rate and committed burst size b...

Страница 255: ...roughput peak information rate PIR and their associated burst sizes committed burst size BC or burst rate and peak burst size BP Action may taken for traffic conforming to the maximum throughput excee...

Страница 256: ...ed or if Tp t B 0 the packet is red else if the packet has been precolored as yellow or if Tc t B 0 the packet is yellow and Tp is decremented by B else the packet is green and both Tp and Tc are decr...

Страница 257: ...edence on page 247 Set PHB Configures the service provided to ingress traffic by setting the internal per hop behavior for a matching packet as specified in rule settings for a class map Range 0 7 See...

Страница 258: ...the maximum throughput but within the excess burst size or exceeding the excess burst size In addition to the actions defined by this command to transmit remark the DSCP service value or drop a packe...

Страница 259: ...committed burst size BC or burst rate and peak burst size BP and the action to take for traffic conforming to the maximum throughput exceeding the maximum throughput but within the peak information ra...

Страница 260: ...level Transmit Transmits in conformance traffic without any change to the DSCP service level Exceed Specifies whether traffic that exceeds the maximum rate CIR but is within the peak information rate...

Страница 261: ...onfigure Policy from the Step list 3 Select Add from the Action list 4 Enter a policy name 5 Enter a description 6 Click Add Figure 126 Configuring a Policy Map To show the configured policy maps 1 Cl...

Страница 262: ...behavior for matching packets to specify the quality of service to be assigned to the matching traffic class Use one of the metering options to define parameters such as the maximum throughput and bur...

Страница 263: ...raffic DiffServ Configure Interface page to bind a policy map to an ingress port CLI REFERENCES Quality of Service Commands on page 943 COMMAND USAGE First define a class map define a policy map and b...

Страница 264: ...o bind a policy map to a port 1 Click Traffic DiffServ 2 Select Configure Interface from the Step list 3 Check the box under the Ingress field to enable a policy map for a port 4 Select a policy map f...

Страница 265: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Страница 266: ...ted on the switch Range 1 4093 Voice VLAN Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port Range 5 43200 minutes Default 1440 m...

Страница 267: ...these devices is recognized as VoIP Use the Traffic VoIP Configure OUI page to configure this feature CLI REFERENCES Configuring Voice VLANs on page 921 PARAMETERS These parameters are displayed Tele...

Страница 268: ...ter a MAC address that specifies the OUI for VoIP devices in the network 5 Select a mask from the pull down list to define a MAC address range 6 Enter a description for the devices 7 Click Apply Figur...

Страница 269: ...he port but the port must be manually added to the Voice VLAN Security Enables security filtering that discards any non VoIP packets received on the port that are tagged with the voice VLAN ID VoIP tr...

Страница 270: ...Default 6 Remaining Age Number of minutes before this entry is aged out WEB INTERFACE To configure VoIP traffic settings for a port 1 Click Traffic VoIP 2 Select Configure Interface from the Step lis...

Страница 271: ...are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure web connection SSH Provide a sec...

Страница 272: ...ers in the network The security servers can be defined as sequential groups that are applied as a method for controlling user access to specified services For example when the switch attempts to authe...

Страница 273: ...e on page 664 COMMAND USAGE By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the...

Страница 274: ...e logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of...

Страница 275: ...gest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security PARAMETERS These parameters are displayed Configure Server RADIUS Global Provides globally applicable RADIUS settings Serv...

Страница 276: ...CS server used for authentication messages Range 1 65535 Default 49 Set Key Mark this box to set or modify the encryption key Authentication Key Encryption key used to authenticate logon access for cl...

Страница 277: ...globally to all specified servers or select a specific Server Index to specify the parameters that apply to a specific server 5 To set or modify the authentication key mark the Set Key box enter the...

Страница 278: ...Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server type 5 Enter the group name followed by the index of the server to use for each priority level 6 Click Apply Figure 139 Co...

Страница 279: ...ters are displayed Configure Global Periodic Update Specifies the interval at which the local accounting service updates information for all users on the system to the accounting server Range 0 214748...

Страница 280: ...ed in the Configure Method page Range 1 255 characters Exec Console Method Name Specifies a user defined method name to apply to console connections Telnet Method Name Specifies a user defined method...

Страница 281: ...lick Apply Figure 141 Configuring Global Settings for AAA Accounting To configure the accounting method applied to various service types and the assigned server group 1 Click Security AAA Accounting 2...

Страница 282: ...e Action list Figure 143 Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces console commands entered at specific privilege levels and local console Telnet...

Страница 283: ...ecified service types 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Summary Figure 146 Displaying a Summary of Applied AAA Accounting Methods To display basic ac...

Страница 284: ...Method Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 255 characters Server Group Name Spe...

Страница 285: ...the Exec service type and the assigned server group 1 Click Security AAA Authorization 2 Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name...

Страница 286: ...Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 150 Configuring AAA Authorization Methods for Exec Service To display a the configured authorization...

Страница 287: ...METERS These parameters are displayed User Name The name of the user Maximum length 32 characters maximum number of users 16 Access Level Specifies the user level Options 0 Normal 15 Privileged Normal...

Страница 288: ...er Accounts 2 Select Add from the Action list 3 Specify a user name select the user s access level then enter a password if required and confirm it 4 Click Apply Figure 152 Configuring User Accounts T...

Страница 289: ...e Configuring Local Remote Logon Authentication on page 273 NOTE Web authentication cannot be configured on trunk ports CONFIGURING GLOBAL SETTINGS FOR WEB AUTHENTICATION Use the Security Web Authenti...

Страница 290: ...b authentication on a port and display information for any connected hosts CLI REFERENCES Web Authentication on page 731 PARAMETERS These parameters are displayed Port Indicates the port being configu...

Страница 291: ...o support 802 1X authentication due to hardware or software limitations This is often true for devices such as network printers IP phones and some wireless access points The switch enables network acc...

Страница 292: ...sses are added to the secure address table when seen on a switch port Static addresses are treated as authenticated without sending a request to a RADIUS server When port status changes to down all MA...

Страница 293: ...r profile The Filter ID attribute is empty The Filter ID attribute format for dynamic QoS assignment is unrecognizable can not recognize the whole Filter ID attribute Dynamic QoS assignment fails and...

Страница 294: ...ddresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authentication as described on page 347 Authenticated MAC addresses are stored as dynamic e...

Страница 295: ...number of MAC addresses that can be authenticated on a port via MAC authentication that is the Network Access process described in this section Range 1 1024 Default 1024 Network Access Max MAC Count4...

Страница 296: ...o the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table Dynamic QoS Enables dynamic QoS assig...

Страница 297: ...RS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condition The link event type which will trigger the port action Link up Onl...

Страница 298: ...age to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port...

Страница 299: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Страница 300: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Страница 301: ...CES Web Server on page 681 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Страница 302: ...he HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used for HTTPS connection to the switch s web interface Default Port 443 WEB INTERFACE To configure HTTPS...

Страница 303: ...e the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and transfer them to the switch to replace the def...

Страница 304: ...l and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SSH can a...

Страница 305: ...ear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 7654680172627257...

Страница 306: ...1 5 Clients a The client sends its RSA public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses its secret key to generate...

Страница 307: ...SSH Server Status Allows you to enable disable the SSH server on the switch Default Disabled Version The Secure Shell version number Version 2 0 is displayed but the switch supports management access...

Страница 308: ...After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the section Importing User Public Keys on page 310...

Страница 309: ...emory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Default Disabled WEB INTERFACE To generate the S...

Страница 310: ...or the user to be able to log in using the public key authentication mechanism If the user s public key does not exist on the switch SSH will revert to the interactive password authentication mechanis...

Страница 311: ...on 2 for SSHv2 clients TFTP Server IP Address The IP address of the TFTP server that contains the public key file you wish to import Source File Name The public key file to upload WEB INTERFACE To cop...

Страница 312: ...Pv6 frames based on address DSCP or next header type or any frames based on MAC address or Ethernet type To filter incoming packets first create an access list add the required rules and then bind the...

Страница 313: ...to deny it the packet will be denied because the decision to deny a packet has a higher priority for security reasons A packet will also be denied if the IP ACL denies it and the MAC ACL accepts it SE...

Страница 314: ...etting the Name of a Time Range To show a list of time ranges 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Show from the Action list Figure 170 Showing a List of Time...

Страница 315: ...for the selected mode 7 Click Apply Figure 171 Add a Rule to a Time Range To show the rules configured for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select...

Страница 316: ...or traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when setting an IP Source Guard filter rule for a port the system will also use two PCEs PARAMETERS These p...

Страница 317: ...tended IPv4 ACL mode filters packets based on the source or destination IPv4 address as well as the protocol type and protocol port number If the TCP protocol is specified then you can also filter pac...

Страница 318: ...CL 2 Select Configure ACL from the Step list 3 Select Add from the Action list 4 Fill in the ACL Name field and select the ACL type 5 Click Apply Figure 174 Creating an ACL To show a list of ACLs 1 Cl...

Страница 319: ...of permit or deny rules Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of...

Страница 320: ...pecify the action i e Permit or Deny 7 Select the address type Any Host or IP 8 If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range 9...

Страница 321: ...he specified protocol type Range 0 65535 Source Destination Port Bit Mask Decimal number representing the port bits to match Range 0 65535 Protocol Specifies the protocol type to match as TCP UDP or O...

Страница 322: ...Name of a time range WEB INTERFACE To add rules to an IP Extended ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IP Extended from th...

Страница 323: ...permit or deny rules Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specif...

Страница 324: ...3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type...

Страница 325: ...ues One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The switch only checks the first 64 bits of the destination address De...

Страница 326: ...Select the address type Any or IPv6 prefix 8 If you select Host enter a specific address If you select IPv6 prefix enter a subnet address and prefix length 9 Set any other required criteria such as DS...

Страница 327: ...ddress Source Destination Bit Mask Hexadecimal mask for source or destination MAC address Packet Format This attribute includes the following packet types Any Any Ethernet packet type Untagged eth2 Un...

Страница 328: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific address e g 11 22 33 44...

Страница 329: ...fault Request Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field...

Страница 330: ...e Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If you selec...

Страница 331: ...cess list to any port CLI REFERENCES ip access group on page 766 show ip access group on page 767 mac access group on page 777 show mac access group on page 778 Time Range on page 624 COMMAND USAGE Th...

Страница 332: ...an in the middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the...

Страница 333: ...not affect the ARP Inspection configuration of any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration changes will...

Страница 334: ...e controlled basis After the system message is generated the entry is cleared from the log buffer Each log entry contains flow information such as the receiving VLAN the port number the source and des...

Страница 335: ...igure General from the Step list 3 Enable ARP inspection globally enable any of the address validation options and adjust any of the logging parameters if required 4 Click Apply Figure 183 Configuring...

Страница 336: ...ayed ARP Inspection VLAN ID Selects any configured VLAN Default 1 ARP Inspection VLAN Status Enables ARP Inspection for the selected VLAN Default Disabled ARP Inspection ACL Name ARP ACL Allows select...

Страница 337: ...re subject to ARP packet rate limiting and all trusted ports are exempt from ARP packet rate limiting Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Validation che...

Страница 338: ...us reasons CLI REFERENCES show ip arp inspection statistics on page 759 PARAMETERS These parameters are displayed Table 21 ARP Inspection Statistics Parameter Description Received ARP packets before A...

Страница 339: ...N port and address components CLI REFERENCES show ip arp inspection log on page 759 PARAMETERS These parameters are displayed ARP packets dropped by additional validation Src MAC Count of packets that...

Страница 340: ...to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch f...

Страница 341: ...rt address and end address PARAMETERS These parameters are displayed Mode Web Configures IP address es for the web group SNMP Configures IP address es for the SNMP group Telnet Configures IP address e...

Страница 342: ...ess table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can auto...

Страница 343: ...from the Interface Port General page page 129 PARAMETERS These parameters are displayed Port Port number Action Indicates the action to be taken when a port security violation is detected None No act...

Страница 344: ...irst submit credentials for authentication Access to all switch ports in a network can be centrally controlled from a server which means that authorized users can use the same credentials for authenti...

Страница 345: ...The switch must have an IP address assigned RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified 802 1X must be enabled globally for the switch Each s...

Страница 346: ...ried out by switches located on the edge of the network When this device is functioning as an edge switch but does not require any attached clients to be authenticated EAPOL Pass Through can be disabl...

Страница 347: ...tion on page 697 COMMAND USAGE When the switch functions as a local authenticator between supplicant devices attached to the switch and the authentication server configure the parameters for the excha...

Страница 348: ...s the port to deny access to all clients either dot1x aware or otherwise Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Default Single Host Single Host...

Страница 349: ...e requests for authentication information It may also send other EAP request frames to the client during an active connection as required for reauthentication Server Timeout Sets the time that a switc...

Страница 350: ...Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identif...

Страница 351: ...t page to configure 802 1X port settings for supplicant requests issued from a port to an authenticator on another device When 802 1X is enabled and the control mode is set to Force Authorized see Con...

Страница 352: ...displayed Port Port number PAE Supplicant Enables PAE supplicant mode Default Disabled If the attached client must be authenticated through another device in the network supplicant status must be ena...

Страница 353: ...X STATISTICS Use the Security Port Authentication Show Statistics page to display statistics for dot1x protocol exchanges for any port CLI REFERENCES show dot1x on page 708 PARAMETERS These parameters...

Страница 354: ...OL frames that have been received by this Supplicant in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Supplicant Rx...

Страница 355: ...rt Authentication 355 WEB INTERFACE To display port authenticator statistics for 802 1X 1 Click Security Port Authentication 2 Select Show Statistics from the Step list 3 Click Authenticator Figure 19...

Страница 356: ...nooping on page 362 IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network This section describes commands used to co...

Страница 357: ...see page 364 IP source guard will check the VLAN ID source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is...

Страница 358: ...ype for each port 3 Click Apply Figure 197 Setting the Filter Type for IP Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Security IP Source Guard Static Configuration page to bin...

Страница 359: ...static IP source guard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed Add Port The port to which a static entry is bound VLAN ID of a configu...

Страница 360: ...guring Static Bindings for IP Source Guard To display static bindings for IP Source Guard 1 Click Security IP Source Guard Static Configuration 2 Select Show from the Action list Figure 199 Displaying...

Страница 361: ...VLAN to which this entry is bound MAC Address Physical address associated with the entry Interface Port to which this entry is bound IP Address IP address corresponding to the client Type DHCP Snoopin...

Страница 362: ...aces An entry is added or removed dynamically to the DHCP snooping table when a client receives or releases an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLA...

Страница 363: ...lf to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any m...

Страница 364: ...ng globally on the switch or to configure MAC Address Verification CLI REFERENCES DHCP Snooping on page 737 PARAMETERS These parameters are displayed DHCP Snooping Status Enables DHCP snooping globall...

Страница 365: ...nooping on specific VLANs CLI REFERENCES ip dhcp snooping vlan on page 743 COMMAND USAGE When DHCP snooping is enabled globally on the switch and enabled on the specified VLAN DHCP packet filtering wi...

Страница 366: ...Snooping Configure Interface page to configure switch ports as trusted or untrusted CLI REFERENCES ip dhcp snooping trust on page 744 COMMAND USAGE A trusted interface is an interface that is configur...

Страница 367: ...pply Figure 203 Configuring the Port Mode for DHCP Snooping DISPLAYING DHCP SNOOPING BINDING INFORMATION Use the IP Service DHCP Snooping Show Information page to display entries in the binding table...

Страница 368: ...ies will be restored to the snooping table when the switch is reset However note that the lease time shown for a dynamic entry that has been restored from flash memory will no longer be valid Clear Re...

Страница 369: ...Monitoring RMON Configures local collection of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized management by a single unit over...

Страница 370: ...essages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 608 PARAMETERS Th...

Страница 371: ...rface NOTE All log messages are retained in Flash and purged from RAM after a cold restart i e power is turned off and then on through the power source WEB INTERFACE To configure the logging of error...

Страница 372: ...Memory REMOTE LOG CONFIGURATION Use the Administration Log Remote page to send log messages to syslog servers or other management stations You can also limit the event messages sent to only those mess...

Страница 373: ...CE To configure the logging of error messages to remote servers 1 Click Administration Log Remote 2 Enable remote logging specify the facility type to use for the syslog messages and enter the IP addr...

Страница 374: ...entifies the switch or the address of an administrator responsible for the switch Email Destination Address Specifies the email recipients of alert messages You can specify up to five recipients Serve...

Страница 375: ...enhance network management and maintain an accurate network topology SETTING LLDP TIMING ATTRIBUTES Use the Administration LLDP Configure Global page to set attributes for general functions such as gl...

Страница 376: ...conds Default 5 seconds This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that occ...

Страница 377: ...SNMP trap notifications about LLDP and LLDP MED changes Default Disabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Inte...

Страница 378: ...t address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifie...

Страница 379: ...about auto negotiation support capabilities and operational Multistation Access Unit MAU type MED TLVs Configures general information included in the MED TLV field of advertised messages Capabilities...

Страница 380: ...PLAYING LLDP LOCAL DEVICE INFORMATION Use the Administration LLDP Show Local Device Information page to display information about the switch such as its MAC address chassis ID management IP address an...

Страница 381: ...management address associated with the local system If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement Table 25 Chassis...

Страница 382: ...scription If RFC 2863 is implemented the ifDescr object should be used for this field Port Trunk ID A string that contains the specific identifier for the port or trunk from which this LLDPDU was tran...

Страница 383: ...transmitted System Name A string that indicates the system s administratively assigned name Port Details Local Port The local port to which a remote LLDP capable device is attached Chassis Type Identi...

Страница 384: ...802 1 Extension Information Remote Port VID The port s default VLAN identifier PVID indicates the VLAN with which untagged or priority tagged frames are associated Remote Port Protocol VLAN List The...

Страница 385: ...3636 and is equal to the last number in the respective dot3MauType OID Port Details 802 3 Extension Power Information Remote Power Class The port Class of the given port associated with the remote sys...

Страница 386: ...unk Information Remote Link Aggregation Capable Shows if the remote port is not in link aggregation state and or it does not support link aggregation Remote Link Aggregation Status The current aggrega...

Страница 387: ...TER 15 Basic Administration Protocols Link Layer Discovery Protocol 387 Figure 213 Displaying Remote Device Information for LLDP Port Figure 214 Displaying Remote Device Information for LLDP Port Deta...

Страница 388: ...ich the remote database on this switch dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The number of times that a neighbor s information has been deleted from the LL...

Страница 389: ...LLDP Device Statistics General Figure 216 Displaying LLDP Device Statistics Port SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol SNMP is a communication protocol designed specifi...

Страница 390: ...rity models with each model having it s own security levels There are three security models defined SNMPv1 SNMPv2c and SNMPv3 Users are assigned to groups that are defined by a security model and spec...

Страница 391: ...your management station Configuring SNMPv3 Management Access 1 Use the Administration SNMP Configure Global page to enable SNMP on the switch and to enable trap messages 2 Use the Administration SNMP...

Страница 392: ...ation message to specified IP trap managers whenever an invalid community string is submitted during the SNMP access authentication process Default Enabled Link up and Link down Traps5 Issues a notifi...

Страница 393: ...e to the switch This is referred to as the default engine ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users PARAMETERS Thes...

Страница 394: ...authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Configuring Remote SNMPv3 Users...

Страница 395: ...are used to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree CLI REFERENCES snmp server view on page 644 PARAMETERS Th...

Страница 396: ...ded from the SNMP view WEB INTERFACE To configure an SNMP view of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Add View from the Action lis...

Страница 397: ...the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Add OID Subtree from the Action list 4 Select a view name from the list of existing views and...

Страница 398: ...ricting them to specific read write and notify views You can use the pre defined default groups or create new groups to map a set of SNMP users to SNMP views CLI REFERENCES show snmp group on page 646...

Страница 399: ...ing itself such that its configuration is unaltered linkDown 1 3 6 1 6 3 1 1 5 3 A linkDown trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for on...

Страница 400: ...Select Configure Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 225...

Страница 401: ...ider removing the default strings CLI REFERENCES snmp server community on page 635 PARAMETERS These parameters are displayed Community String A community string that acts like a password and permits a...

Страница 402: ...lect Add Community from the Action list 4 Add new community strings as required and select the corresponding access rights from the Access Mode list 5 Click Apply Figure 227 Setting Community Access S...

Страница 403: ...ters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are...

Страница 404: ...ame and assign it to a group If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv then an authentication protocol and password must be specified If the security leve...

Страница 405: ...e user resides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and the remote user See Specifying Trap Managers on pa...

Страница 406: ...Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a remote SNMPv3 user 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Ad...

Страница 407: ...anagement Protocol 407 Figure 231 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Страница 408: ...received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider t...

Страница 409: ...tification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Inform Notifica...

Страница 410: ...0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specified u...

Страница 411: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Страница 412: ...o specified events on an independent basis This switch is an RMON capable device which can independently perform a wide range of tasks significantly reducing network management traffic It can continuo...

Страница 413: ...ed again until the statistical value crosses the opposite bounding threshold and then back across the trigger threshold CLI REFERENCES Remote Monitoring Commands on page 653 COMMAND USAGE If an alarm...

Страница 414: ...ated After a falling event has been generated another such event will not be generated until the sampled value has risen above the falling threshold reaches the rising threshold and again moves back d...

Страница 415: ...Monitoring 415 Figure 237 Configuring an RMON Alarm To show configured RMON alarms 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Show from the Action list 4 Click...

Страница 416: ...played Index Index to this entry Range 1 65535 Type Specifies the type of event to initiate None No event is generated Log Generates an RMON log entry when the event is triggered Log messages are proc...

Страница 417: ...N 2 Select Configure Global from the Step list 3 Select Add from the Action list 4 Click Event 5 Enter an index number the type of event to initiate the community string to send with trap messages the...

Страница 418: ...hich may reveal problems associated with high traffic levels broadcast storms or other unusual events It can also be used to predict network growth and plan for expansion before your network becomes t...

Страница 419: ...number of buckets granted are displayed on the Show page Owner Name of the person who created this entry Range 1 127 characters WEB INTERFACE To periodically sample statistics on a port 1 Click Admini...

Страница 420: ...elect Show from the Action list 4 Select a port from the list 5 Click History Figure 242 Showing Configured RMON History Samples To show collected RMON history samples 1 Click Administration RMON 2 Se...

Страница 421: ...COMMAND USAGE If statistics collection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each entry includes input octets packe...

Страница 422: ...om the Action list 4 Click Statistics 5 Select a port from the list as the data source 6 Enter an index number and the name of the owner for this entry 7 Click Apply Figure 244 Configuring an RMON Sta...

Страница 423: ...d RMON Statistical Samples To show collected RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from the Action list 4 Select a...

Страница 424: ...ates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate switches o...

Страница 425: ...tween 1 and 36 Note that you cannot change the cluster IP pool when the switch is currently in Commander mode Commander mode must first be disabled Default 10 254 254 1 Role Indicates the current role...

Страница 426: ...Address Select a discovered switch MAC address from the Candidate Table or enter a specific MAC address of a known switch WEB INTERFACE To configure cluster members 1 Click Administration Cluster 2 S...

Страница 427: ...CLUSTER MEMBERS Use the Administration Cluster Show Member page to manage another switch in the cluster CLI REFERENCES Switch Clustering on page 627 PARAMETERS These parameters are displayed Member ID...

Страница 428: ...reduced number of links The mechanisms and protocol defined in G 8032 achieve highly reliable and stable protection and never form loops which would fatally affect network operation and service avail...

Страница 429: ...when a signal failure message generated by the Connectivity Fault Management CFM protocol is declared on one of the ring links and the detected failure has a higher priority than any other request or...

Страница 430: ...ure proper connectivity among all ring nodes until the failure is recovered 4 Configure ERPS timers Configure Domain Configure Details Set the Guard timer to prevent ring nodes from receiving outdated...

Страница 431: ...ata VLANs Ring ports can not be a member of a dynamic trunk Dynamic VLANs are not supported as protected data ports Exclusive use of STP EAPS or ERPS on any port The switch takes about 350 ms to detec...

Страница 432: ...e or more protected Data VLANs must be configured and the global ERPS function enabled on the switch see ERPS Configuration on page 431 before a ring can start running Once enabled the RPL owner node...

Страница 433: ...ERPS Configuration on page 431 the east and west ring ports configured on each node the RPL owner specified and the control VLAN configured Once enabled the RPL owner node and non owner node state ma...

Страница 434: ...timing of protection switches at multiple layers a hold off timer may be required Its purpose is to allow for example a server layer protection switch to have a chance to fix the problem before switch...

Страница 435: ...ring ports for the east and west interface as tagged members to this VLAN see Adding Static Members to VLANs on page 172 and then use this parameter to add it to the ring The Control VLAN must not be...

Страница 436: ...rotocol cannot be configured on the ring ports nor can these ports be members of a static or dynamic trunk And the control VLAN must be unique for each ring Adjust the protocol timers as required The...

Страница 437: ...cross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messa...

Страница 438: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 257 Single CFM Maintenance Domain The...

Страница 439: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Страница 440: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Страница 441: ...p and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against the...

Страница 442: ...a forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has...

Страница 443: ...g CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cros...

Страница 444: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Страница 445: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Страница 446: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Страница 447: ...end point MEP is created at some lower MA Level None No MIP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 655...

Страница 448: ...the maintenance domains and authorized maintenance levels thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click...

Страница 449: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Страница 450: ...t If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or M...

Страница 451: ...CCMs The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 100 ms 5 1 sec 6 10 sec 7 60 sec Connectivity Check Enables transmissio...

Страница 452: ...ables suppression of the AIS Default Disabled WEB INTERFACE To create a maintenance association 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4...

Страница 453: ...y from the MD Index list Figure 265 Showing Maintenance Associations To configure detailed settings for maintenance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 S...

Страница 454: ...wing order 1 maintenance domain at the same level as the MEP to be configured see Configuring CFM Maintenance Domains 2 maintenance association within the domain see Configuring CFM Maintenance Associ...

Страница 455: ...from the direction of the physical medium Interface Indicates a port or trunk WEB INTERFACE To configure a maintenance end point 1 Click Administration CFM 2 Select Configure MEP from the Step list 3...

Страница 456: ...compared against the MEPs learned through continuity check messages CCMs and any discrepancies reported via SNMP traps CLI REFERENCES CFM Commands on page 1023 COMMAND USAGE All MEPs that exist on oth...

Страница 457: ...65535 MA Index MA identifier Range 0 4094 MEP ID Identifier for a maintenance end point which exists on another CFM enabled device within the same MA Range 1 8191 WEB INTERFACE To configure a remote m...

Страница 458: ...ce message be sure you have configured the target MEP for the specified MA see Configuring Remote Maintenance End Points LTMs are sent as multicast CFM frames and forwarded from MIP to MIP with each M...

Страница 459: ...D Index Domain index Range 1 65535 MA Index MA identifier Range 0 4094 Source MEP ID The identifier of a source MEP that will send the link trace message Range 1 8191 Target MEP ID The identifier of a...

Страница 460: ...inistration CFM Transmit Loopback page to transmit Loopback Messages LBMs These messages can be used to isolate or verify connectivity faults by submitting a request to a target node i e a remote MEP...

Страница 461: ...arameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 0 4094 Source MEP ID The identifier of a source MEP that will send the loopback message Range 1 8191 Target MEP...

Страница 462: ...k Messages TRANSMITTING DELAY MEASURE REQUESTS Use the Administration CFM Transmit Delay Measure page to send periodic delay measure requests to a specified MEP within a maintenance association CLI RE...

Страница 463: ...ifference between two subsequent two way frame delay measurements PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 0 4094 Source MEP ID The id...

Страница 464: ...identifier or MAC address set the number of times the delay measure message is to be sent the interval and the timeout 5 Click Apply Figure 273 Transmitting Delay Measure Messages DISPLAYING LOCAL MEP...

Страница 465: ...his entry either a port or trunk CC Status Shows administrative status of CCMs MAC Address MAC address of this MEP entry WEB INTERFACE To show information for the MEPs configured on this device 1 Clic...

Страница 466: ...ion Shows the defect detected on the MEP Received RDI Receive status of remote defect indication RDI messages on the MEP AIS Status Shows if MEPs within the specified MA are enabled to send frames wit...

Страница 467: ...e discovered by the CFM protocol For a description of MIPs refer to the Command Usage section under Configuring CFM Maintenance Domains CLI REFERENCES show ethernet cfm maintenance points local on pag...

Страница 468: ...or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1041 clear ethernet cfm maintenance poi...

Страница 469: ...rough continuity check messages or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1041 PA...

Страница 470: ...n received or no interface status TLV was received in the last CCM Up The interface is ready to pass packets Down The interface cannot pass packets Testing The interface is in some test mode Unknown T...

Страница 471: ...cfm linktrace cache on page 1056 clear ethernet cfm linktrace cache on page 1056 PARAMETERS These parameters are displayed Hops The number hops taken to reach the target MEP MA Maintenance associatio...

Страница 472: ...nabled so the target data frame was filtered by ingress filtering Egress Action Action taken on the egress port EgrOk The targeted data frame was forwarded EgrDown The Egress Port can be identified bu...

Страница 473: ...page 1061 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD Name Maintenance domain name MA Name Maintenance association name Highest Defect The highest defect that...

Страница 474: ...ry VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Remote MAC MAC address of remote MEP Reason Error types include LEAK MA x is associated with a specific VID list9 one or more...

Страница 475: ...nuity Check Error from the Action list Figure 281 Showing Continuity Check Errors OAM CONFIGURATION The switch provides OAM Operation Administration and Maintenance remote management tools required to...

Страница 476: ...State State Description Disabled OAM is disabled on this interface via the OAM Admin Status Link Fault The link has detected a fault or the interface is not operational Passive Wait This value is ret...

Страница 477: ...rored frame link events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reached or exceeded within the specified period If repo...

Страница 478: ...old 3 Click Apply Figure 282 Enabling OAM for Local Ports DISPLAYING STATISTICS FOR OAM MESSAGES Use the Administration OAM Counters page to display statistics for the various types of OAM messages pa...

Страница 479: ...t CLI REFERENCES show efm oam event log interface on page 1072 COMMAND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log Whe...

Страница 480: ...isplayed Port Port identifier Range 1 26 MAC Address MAC address of the OAM peer OUI Organizational Unit Identifier of the OAM peer Remote Loopback Shows if remote loopback is supported by the OAM pee...

Страница 481: ...the Administration OAM Remote Loopback Remote Loopback Test page to initiate a loop back test to the peer device attached to the selected port CLI REFERENCES efm oam remote loopback on page 1070 efm o...

Страница 482: ...r The loop back states shown in this field are described below Packets Transmitted The number of loop back frames transmitted during the last loopback test on this interface Packets Received The numbe...

Страница 483: ...Loop Back Test DISPLAYING RESULTS OF REMOTE LOOP BACK TESTING Use the Administration OAM Remote Loopback Show Test Result page to display the results of remote loop back testing for each port for whic...

Страница 484: ...INTERFACE To display the results of remote loop back testing for each port for which this information is available 1 Click Administration OAM Remote Loopback 2 Select Show Test Result from the Action...

Страница 485: ...de on the network Address Resolution Protocol Describes how to configure ARP aging time Also shows how to display the ARP cache IPv4 Configuration Sets an IPv4 address for management access IPv6 Confi...

Страница 486: ...EB INTERFACE To ping another device on the network 1 Click IP General Ping 2 Specify the target device and ping parameters 3 Click Apply Figure 288 Pinging a Network Device ADDRESS RESOLUTION PROTOCOL...

Страница 487: ...ng as this entry has not timed out the switch will be able forward traffic directly to the next hop for this destination without having to broadcast another ARP request Also if the switch receives a r...

Страница 488: ...LAYING ARP ENTRIES Use the IP ARP Show Information page to display dynamic entries in the ARP cache The ARP cache contains entries for local interfaces including subnet host and broadcast addresses Th...

Страница 489: ...fault gateway for the switch CLI REFERENCES ip default gateway on page 1093 PARAMETERS These parameters are displayed Gateway IP Address IP address of the gateway router between the switch and managem...

Страница 490: ...tion Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast per...

Страница 491: ...ck System IP 2 Select Configure Interface from the Action list 3 Select Add from the Step list 4 Select the VLAN through which the management station is attached set the IP Address Mode to Static spec...

Страница 492: ...each power reset NOTE If you lose the management connection make a console connection to the switch and enter show ip interface to determine the new switch address Renewing DCHP DHCP may lease addres...

Страница 493: ...t A link local address makes the switch accessible over IPv6 for all devices attached to the same local subnet Management traffic using this kind of address cannot be passed by any router outside of t...

Страница 494: ...link local interface address the MTU size and neighbor discovery protocol settings for duplicate address detection and the neighbor solicitation interval CLI REFERENCES IPv6 Interface on page 1099 DH...

Страница 495: ...ments have the other stateful configuration flag set the switch will attempt to acquire other non address configuration information such as a default gateway If auto configuration is not selected then...

Страница 496: ...ng message is sent to the console If a duplicate link local address is detected IPv6 processes are disabled on the interface If a duplicate global unicast address is detected it is not used All config...

Страница 497: ...atted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros requi...

Страница 498: ...global unicast address is detected on the network the address is disabled on this interface and a warning message displayed on the console When an explicit address is assigned to an interface IPv6 is...

Страница 499: ...le if a device had an EUI 48 address of 28 9F 18 1C 82 35 the global local bit must first be inverted to meet EUI 64 requirements i e 1 for globally defined addresses and 0 for locally defined address...

Страница 500: ...e local scope and FF02 1 link local scope FF01 1 16 is the transient interface local multicast address for all attached IPv6 nodes and FF02 1 16 is the link local multicast address for all attached IP...

Страница 501: ...o show the configured IPv6 addresses 1 Click IP IPv6 Configuration 2 Select Show IPv6 Address from the Action list 3 Select a VLAN from the list Figure 298 Showing Configured IPv6 Addresses SHOWING TH...

Страница 502: ...path was functioning While in STALE state the device takes no action until a packet is sent DELAY More than the ReachableTime interval has elapsed since the last positive confirmation was received th...

Страница 503: ...buffering capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitable routes t...

Страница 504: ...or some of the fragments Reassembly Succeeded The number of IPv6 datagrams successfully reassembled Note that this counter is incremented at the interface to which these datagrams were addressed which...

Страница 505: ...Parameter Problem Messages The number of ICMP Parameter Problem messages received by the interface Echo Request Messages The number of ICMP Echo request messages received by the interface Echo Reply...

Страница 506: ...face Neighbor Advertisement Messages The number of ICMP Router Advertisement messages sent by the interface Redirect Messages The number of Redirect messages sent For a host this object will always be...

Страница 507: ...Address IP Version 6 507 WEB INTERFACE To show the IPv6 statistics 1 Click IP IPv6 Configuration 2 Select Show Statistics from the Action list 3 Click IPv6 ICMPv6 or UDP Figure 300 Showing IPv6 Statis...

Страница 508: ...w ipv6 mtu on page 1110 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure...

Страница 509: ...esses configure default domain names or specify one or more name servers to use for domain name to address translation CONFIGURING GENERAL DNS SERVICE PARAMETERS Use the IP Service DNS General Configu...

Страница 510: ...is page to define a list of domain names that can be appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation If there is no domain list the de...

Страница 511: ...domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Add Domain Name from the Action list 3 Enter one domain name at a time 4 Click Apply Figur...

Страница 512: ...er is specified the servers are queried in the specified sequence until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically...

Страница 513: ...manually configure static entries in the DNS table that are used to map domain names to IP addresses CLI REFERENCES ip host on page 1078 show hosts on page 1082 COMMAND USAGE Static entries may be us...

Страница 514: ...show static entries in the DNS table 1 Click IP Service DNS Static Host Table 2 Select Show from the Action list Figure 310 Showing Static Entries in the DNS Table DISPLAYING THE DNS CACHE Use the IP...

Страница 515: ...or each resource record Flag The flag is always 4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the host address for the owner and ALIAS which specif...

Страница 516: ...CHAPTER 17 IP Services Displaying the DNS Cache 516...

Страница 517: ...io A multicast server does not have to establish a separate connection with each client It merely broadcasts its service to the network and any hosts that want to receive the multicast register with t...

Страница 518: ...service requests passing between multicast clients and servers and dynamically configure the switch ports which need to forward multicast traffic IGMP Snooping conserves bandwidth on network segments...

Страница 519: ...d in the attached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 520 Static IGMP Router Interface If IGMP snooping c...

Страница 520: ...roughout the VLAN if unregistered flooding is enabled see Unregistered Data Flood in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts i...

Страница 521: ...ology has stabilized and the new locations of all multicast receivers are learned If a topology change notification TCN is received and all the uplink ports are subsequently deleted a time out mechani...

Страница 522: ...ting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert option Unregistered Data Flooding Floods unregistered...

Страница 523: ...ures the IGMP report query version used by IGMP snooping Versions 1 3 are all supported and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snoo...

Страница 524: ...CLI REFERENCES Static Multicast Routing on page 980 PARAMETERS These parameters are displayed VLAN Selects the VLAN which is to propagate all multicast traffic coming from the attached multicast rout...

Страница 525: ...er switch are displayed Figure 316 Showing Current Interfaces Attached a Multicast Router ASSIGNING INTERFACES TO MULTICAST SERVICES Use the Multicast IGMP Snooping IGMP Member Add Static Member page...

Страница 526: ...or Trunk Specifies the interface assigned to a multicast group Multicast IP The IP address for a specific multicast service WEB INTERFACE To statically assign an interface to a multicast service 1 Cli...

Страница 527: ...Interfaces Assigned to a Multicast Service To show the all interfaces statically or dynamically assigned to a multicast service 1 Click Multicast IGMP Snooping IGMP Member 2 Select Show Current Membe...

Страница 528: ...messages to discover multicast routers is insufficient due to query suppression MRD therefore provides a standardized way to identify multicast routers without relying on any particular multicast rou...

Страница 529: ...herwise this kind of packet is only forwarded to known multicast routing ports PARAMETERS These parameters are displayed VLAN ID of configured VLANs Range 1 4093 IGMP Snooping Status When enabled the...

Страница 530: ...y suppression is enabled then these messages are forwarded only to downstream ports which have joined a multicast service Proxy Reporting Enables IGMP Snooping with Proxy Reporting Default Based on gl...

Страница 531: ...e to detect the loss of the last member of a group or source but may generate more burst traffic This attribute will take effect only if IGMP snooping proxy reporting is enabled see page 520 Last Memb...

Страница 532: ...ect Configure VLAN from the Action list 3 Select the VLAN to configure and update the required parameters 4 Click Apply Figure 320 Configuring IGMP Snooping on a VLAN To show the interface settings fo...

Страница 533: ...ports for the specified multicast group address Group Address IP multicast group address with subscribers directly attached or downstream from the switch or a static multicast group assigned to this...

Страница 534: ...roup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a...

Страница 535: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Страница 536: ...and set its access mode 5 Click Apply Figure 324 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step li...

Страница 537: ...which to display this information Figure 327 Showing the Groups Assigned to an IGMP Filtering Profile CONFIGURING IGMP FILTERING AND THROTTLING FOR INTERFACES Use the Multicast IGMP Snooping Configure...

Страница 538: ...umber of multicast groups an interface can join at the same time Range 1 255 Default 255 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode...

Страница 539: ...s protocol can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN This makes it possible to support common mult...

Страница 540: ...hosts you can statically bind the multicast group to the participating interfaces see Assigning Static Multicast Groups to Interfaces on page 546 Although MVR operates on the underlying mechanism of...

Страница 541: ...Members to VLANs on page 172 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether or not all necessary conditions in the MVR...

Страница 542: ...ommands on page 961 PARAMETERS These parameters are displayed Start IP Address Starting IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default no groups are assigned to the MVR...

Страница 543: ...Address Range To show the configured MVR group address ranges 1 Click Multicast MVR 2 Select Configure Group Range from the Step list 3 Select Show from the Action list Figure 332 Displaying MVR Group...

Страница 544: ...s only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled the switch follows the standard...

Страница 545: ...er ports is Active only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Configures the...

Страница 546: ...224 0 0 x Only IGMP version 2 or 3 hosts can issue multicast join or leave messages If MVR must be configured for an IGMP version 1 host the multicast groups must be statically assigned The MVR VLAN...

Страница 547: ...ct the port for which to display this information Figure 335 Showing the Static MVR Groups Assigned to a Port DISPLAYING MVR RECEIVER GROUPS Use the Multicast MVR Show Member page to show the multicas...

Страница 548: ...p address has been statically assigned Up Time Time this service has been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active...

Страница 549: ...P Commands on page 633 Remote Monitoring Commands on page 653 Authentication Commands on page 661 General Security Measures on page 715 Access Control Lists on page 761 Interface Commands on page 783...

Страница 550: ...ervice Commands on page 943 Multicast Filtering Commands on page 961 LLDP Commands on page 999 CFM Commands on page 1023 OAM Commands on page 1065 Domain Name Service Commands on page 1075 DHCP Comman...

Страница 551: ...onsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the C...

Страница 552: ...254 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isol...

Страница 553: ...h command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require...

Страница 554: ...ster dns DNS information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile feature erps Displays ERPS configuration ethernet Specifies the ethernet garp GARP properties gvrp GVRP...

Страница 555: ...ion web auth Shows web authentication configuration Console show The command show interfaces will display the following information Console show interfaces brief Shows brief interface description coun...

Страница 556: ...modify interface parameters or enable certain switching functions These classes are further divided into different modes Available commands depend on the selected mode You can always enter a question...

Страница 557: ...he running configuration only and are not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configurat...

Страница 558: ...ill change to Console config which gives you access privilege to all Global Configuration commands Console configure Console config To enter the other modes at the configuration prompt type one of the...

Страница 559: ...N vlan database Console config vlan 893 Table 40 Configuration Command Modes Continued Mode Command Prompt Page Table 41 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command...

Страница 560: ...HCP requests and replies and discarding invalid ARP responses 715 Access Control List Provides filtering for IPv4 frames based on address protocol TCP UDP port number or TCP control code IPv6 frames b...

Страница 561: ...ring Configures IGMP multicast filtering query profile and proxy parameters specifies ports attached to a multicast router also configures multicast VLAN registration 961 Link Layer Discovery Protocol...

Страница 562: ...CHAPTER 19 Using the Command Line Interface CLI Command Groups 562...

Страница 563: ...arts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history buffe...

Страница 564: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 565: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 566: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Страница 567: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 568: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 565 reload Privileged Exec This command restarts the system NOT...

Страница 569: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 570: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 571: ...version information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port including baud...

Страница 572: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 46 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Страница 573: ...d If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Smartlink Network Systems Limited R...

Страница 574: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Страница 575: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or o...

Страница 576: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Страница 577: ...None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of underscor...

Страница 578: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Страница 579: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Страница 580: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Страница 581: ...ction describes commands used to display system information Table 47 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show memory...

Страница 582: ...r traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when setting an IP Source Guard filter rule for a port the system will also use two PCEs EXAMPLE Console sho...

Страница 583: ...keyword to display configuration data for the specified interface Use this command in conjunction with the show startup config command to compare the information in running memory to the information s...

Страница 584: ...f05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database VLAN 1 name DefaultVlan media ethernet state active spanning tree mst configuration interface ethernet 1 1...

Страница 585: ...e port and Telnet EXAMPLE Refer to the example for the running configuration file RELATED COMMANDS show running config 583 show system This command displays system information DEFAULT SETTING None COM...

Страница 586: ...LE Console show tech support show system System Description DG FS4526E System OID String 1 3 6 1 4 1 36293 1 1 1 16 System Information System Up Time 0 days 2 hours 17 minutes and 6 23 seconds System...

Страница 587: ...admin 0 00 05 192 168 0 6 Console show version This command displays hardware and software version information for the system COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE See Displaying Har...

Страница 588: ...es that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination end...

Страница 589: ...er downloaded to restore switch settings The configuration file can be downloaded under a new file name and then set as the startup file or the current startup configuration file can be specified as t...

Страница 590: ...g Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE A colon...

Страница 591: ...certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See Secure Shell on page 687 running config Keywor...

Страница 592: ...the default user name EXAMPLE The following example shows how to download new firmware from a TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcode 1...

Страница 593: ...certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y This example shows how to copy a public key used by SSH from an TFTP se...

Страница 594: ...LE This example shows how to delete the test2 cfg configuration file from flash memory Console delete test2 cfg Console RELATED COMMANDS dir 594 delete public key 692 dir This command displays a list...

Страница 595: ...cfg Config N 2011 01 07 02 39 38 455 startup1 cfg Config Y 2011 01 07 02 39 51 1482 Free space for compressed user config files 610304 Console whichboot This command displays which files were booted...

Страница 596: ...d is used to enable or disable automatic upgrade of the operational code When the switch starts up and automatic image upgrade is enabled by this command the switch will follow these steps when it boo...

Страница 597: ...and specifies an TFTP server and directory in which the new opcode is stored Use the no form of this command to clear the current setting SYNTAX upgrade opcode path opcode dir url no upgrade opcode pa...

Страница 598: ...r If the user name is omitted Anonymous will be used for the connection If the password is omitted a null string will be used for the connection EXAMPLE This shows how to specify a TFTP server where n...

Страница 599: ...tion method to local console Telnet or SSH connections LC databits Sets the number of data bits per character that are interpreted and generated by hardware LC exec timeout Sets the interval that the...

Страница 600: ...ommand sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value SYNTAX databits 7 8 no databits 7 Seven data bits...

Страница 601: ...he timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using t...

Страница 602: ...ment interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login selects no authentication When using this method the management...

Страница 603: ...th 32 characters plain text or encrypted case sensitive DEFAULT SETTING No password is specified COMMAND MODE Line Configuration COMMAND USAGE When a connection is started on a line with password prot...

Страница 604: ...f allowed password attempts Range 1 120 0 no threshold DEFAULT SETTING The default value is three attempts COMMAND MODE Line Configuration COMMAND USAGE When the logon attempt threshold is reached the...

Страница 605: ...Line Configuration EXAMPLE To set the silent time to 60 seconds enter this command Console config line silent time 60 Console config line RELATED COMMANDS password thresh 604 speed This command sets t...

Страница 606: ...2 no stopbits 1 One stop bit 2 Two stop bits DEFAULT SETTING 1 stop bit COMMAND MODE Line Configuration EXAMPLE To specify 2 stop bits enter this command Console config line stopbits 2 Console config...

Страница 607: ...o set the timeout to two minutes enter this command Console config line timeout login response 120 Console config line disconnect This command terminates an SSH Telnet or console connection SYNTAX dis...

Страница 608: ...out Disabled Silent Time Disabled Baud Rate Auto Data Bits 8 Parity None Stop Bits 1 VTY Configuration Password Threshold 3 times Inactive Timeout 600 seconds Login Timeout 300 sec Silent Time Disable...

Страница 609: ...uration COMMAND USAGE The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by...

Страница 610: ...ash errors level 3 0 RAM debugging level 7 0 COMMAND MODE Global Configuration COMMAND USAGE The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Страница 611: ...s five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of error messages sending debug or error messages to a logging process The no form disables...

Страница 612: ...le on page 610 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Global Configuration COMMAND USAGE Using this command with a specified level enabl...

Страница 613: ...NG None COMMAND MODE Privileged Exec COMMAND USAGE All log messages are retained in RAM and Flash after a warm restart i e power is reset through the command interface All log messages are retained in...

Страница 614: ...ging is enabled the message level for flash memory is errors i e default level 3 0 and the message level for RAM is debugging i e default level 7 0 Console show logging flash Syslog logging Enabled Hi...

Страница 615: ...he logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sys...

Страница 616: ...g DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server To se...

Страница 617: ...D MODE Global Configuration COMMAND USAGE The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7...

Страница 618: ...e default value SYNTAX logging sendmail source email email address no logging sendmail source email email address The source email address used in alert messages Range 1 41 characters DEFAULT SETTING...

Страница 619: ...ommand enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp server command Use the no form to disable SNTP client requests SYNTAX no sntp client...

Страница 620: ...rver 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current Time Dec 23 02 52 44 2002 Poll Interval 60 Current Mode unicast SNTP Status Enabled S...

Страница 621: ...d specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issu...

Страница 622: ...s before UTC 0 13 hours after UTC minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of...

Страница 623: ...Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE...

Страница 624: ...1 30 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE This command sets a time range for use by other functions such as Access Control Lists EXAMPLE Console config time...

Страница 625: ...e Range Configuration COMMAND USAGE If a time range is already configured you must use the no form of this command to remove the current entry prior to configuring a new time range EXAMPLE This exampl...

Страница 626: ...le configures a time range for the periodic occurrence of an event Console config time range sales Console config time range periodic daily 1 1 to 2 1 Console config time range show time range This co...

Страница 627: ...Candidates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate swit...

Страница 628: ...k Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Switch clusters are limited to the same Ethernet broad...

Страница 629: ...pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x DEFAULT SETTING 10 254 254 1 COMMAND MODE Global Confi...

Страница 630: ...tion COMMAND USAGE The maximum number of cluster Members is 36 The maximum number of cluster Candidates is 100 EXAMPLE Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config r...

Страница 631: ...OMMAND MODE Privileged Exec EXAMPLE Console show cluster Role commander Interval Heartbeat 30 Heartbeat Loss Count 3 seconds Number of Members 1 Number of Candidates 2 Console show cluster members Thi...

Страница 632: ...ates This command shows the discovered Candidate switches in the network COMMAND MODE Privileged Exec EXAMPLE Console show cluster candidates Cluster Candidates Role MAC Address Description Active mem...

Страница 633: ...Command Function Mode General SNMP Commands snmp server Enables the SNMP agent GC snmp server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Se...

Страница 634: ...ble port traps atc broadcast control apply Sends a trap when broadcast traffic exceeds the upper threshold for automatic storm control and the apply timer expires IC Port snmp server enable port traps...

Страница 635: ...ts rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects DEFAULT SETTING public Read only access Authorized management stations are only able t...

Страница 636: ...h 255 characters DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config snmp server location WC 19 Console config RELATED COMMANDS snmp server contact 635 show snmp This command...

Страница 637: ...0 Trap PDUs SNMP Logging Disabled Console snmp server enable traps This command enables this device to send Simple Network Management Protocol traps or informs i e SNMP notifications Use the no form t...

Страница 638: ...he recipient of a Simple Network Management Protocol notification operation Use the no form to remove the specified host SYNTAX snmp server host host addr inform retry retries timeout seconds communit...

Страница 639: ...host The snmp server host command is used in conjunction with the snmp server enable traps command Use the snmp server enable traps command to enable the sending of traps or informs and to specify whi...

Страница 640: ...5 Allow the switch to send SNMP traps i e notifications page 637 6 Specify the target host that will receive inform messages with the snmp server host command as described in this section The switch c...

Страница 641: ...authenticating and encrypting SNMPv3 packets A remote engine ID is required when using SNMPv3 informs See the snmp server host command The remote engine ID is used to compute the security digest for...

Страница 642: ...e view for write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public10 read only private11 read write readview Every object belon...

Страница 643: ...device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5...

Страница 644: ...er will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s...

Страница 645: ...nfig This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engine id This...

Страница 646: ...tile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read Vie...

Страница 647: ...eld Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view storage type...

Страница 648: ...n log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification logging is enabled by defau...

Страница 649: ...rameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a mechanism...

Страница 650: ...contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network management stat...

Страница 651: ...s command displays the configured notification logs COMMAND MODE Privileged Exec EXAMPLE This example displays the configured notification logs and associated target hosts Console show snmp notify fil...

Страница 652: ...CHAPTER 22 SNMP Commands 652...

Страница 653: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 654: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Страница 655: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Страница 656: ...The number of buckets requested for this entry Range 1 65536 seconds The polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1...

Страница 657: ...nge 1 127 characters DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE By default each index number equates to a port on the switch but can be changed to any number n...

Страница 658: ...id owned by mike Description is urgent Event firing causes log and trap to community last fired 00 00 00 Console show rmon history This command shows the sampling parameters configured for each entry...

Страница 659: ...tistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372 packets 120 broadcast and 2211 multicast packets 0 undersized and 0 oversized packets 0 f...

Страница 660: ...CHAPTER 23 Remote Monitoring Commands 660...

Страница 661: ...uthentication Commands Command Group Function User Accounts Configures the basic user names and passwords for management access Authentication Sequence Defines logon authentication method and preceden...

Страница 662: ...l Maximum length 32 characters plain text or encrypted case sensitive DEFAULT SETTING The default is level 15 The default password is super COMMAND MODE Global Configuration COMMAND USAGE You cannot s...

Страница 663: ...crypted password password password The authentication password for the user Maximum length 32 characters plain text or encrypted case sensitive DEFAULT SETTING The default access level is Normal Exec...

Страница 664: ...fers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RAD...

Страница 665: ...connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and...

Страница 666: ...ting messages Use the no form to restore the default SYNTAX radius server acct port port number no radius server acct port port number RADIUS server UDP port used for accounting messages Range 1 65535...

Страница 667: ...restore the default values SYNTAX no radius server index host host ip address acct port acct port auth port auth port key key retransmit retransmit timeout timeout index Allows you to specify up to f...

Страница 668: ...erver key key string no radius server key key string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters DEFAULT SETTING None...

Страница 669: ...imeout number of seconds no radius server timeout number of seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 DEFAULT SETTING 5 COMMAND MODE Global Config...

Страница 670: ...e management access to a switch tacacs server host This command specifies the TACACS server and other optional parameters Use the no form to remove the server or to restore the default values SYNTAX t...

Страница 671: ...tion port 49 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server host 192 168 1 25 Console config tacacs server key This command sets the TACACS encry...

Страница 672: ...DEFAULT SETTING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config show tacacs server This command displays the current settings for the TACACS server DE...

Страница 673: ...nge 1 255 characters start stop Records accounting from starting point and stopping point Table 72 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands G...

Страница 674: ...nting method s configured on the specified TACACS server and do not actually send any information to the server about the methods to use EXAMPLE Console config aaa accounting commands 15 default start...

Страница 675: ...counting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x defa...

Страница 676: ...ethod name fields are only used to describe the accounting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to us...

Страница 677: ...255 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured wit...

Страница 678: ...XAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Страница 679: ...list name Specifies a method list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config i...

Страница 680: ...name Specifies a method list created with the aaa authorization exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line authorization...

Страница 681: ...Eth 1 1 Method List tps Group List radius Interface Eth 1 2 Accounting Type EXEC Method List default Group List tacacs Interface vty Console WEB SERVER This section describes commands used to configur...

Страница 682: ...nge 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configuration EXAMPLE Console config ip http port 769 Console config RELATED COMMANDS ip http server 682 show system 585 ip http server This command...

Страница 683: ...tablished in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and se...

Страница 684: ...S connection to the switch s web interface Use the no form to restore the default port SYNTAX ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS Range 1 655...

Страница 685: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight sessions can...

Страница 686: ...CP port number to be used by the browser interface Range 1 65535 DEFAULT SETTING 23 COMMAND MODE Global Configuration EXAMPLE Console config ip telnet port 123 Console config ip telnet server This com...

Страница 687: ...authentication retries Specifies the number of retries allowed by a client GC ip ssh server Enables the SSH server on the switch GC ip ssh server key size Sets the SSH server key size GC ip ssh timeo...

Страница 688: ...ts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233...

Страница 689: ...nts that have a private key corresponding to the public keys stored on the switch can access it The following exchanges take place during this process Authenticating SSH v1 5 Clients a The client send...

Страница 690: ...sing any configured IPv4 or IPv6 interface address on the switch ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no f...

Страница 691: ...ling the SSH server EXAMPLE Console ip ssh crypto host key generate dsa Console configure Console config ip ssh server Console config RELATED COMMANDS ip ssh crypto host key generate 693 show ssh 696...

Страница 692: ...e switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty...

Страница 693: ...v1 5 clients and DSA Version 2 for SSHv2 clients This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client...

Страница 694: ...emory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command EXAMPLE Console ip ssh crypto zeroize dsa...

Страница 695: ...leged Exec COMMAND USAGE If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA k...

Страница 696: ...27s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S...

Страница 697: ...port interface IC dot1x re authentication Enables re authentication for all ports IC dot1x timeout quiet period Sets the time that a switch port waits after the Max Request Count has been exceeded bef...

Страница 698: ...Global Configuration COMMAND USAGE When this device is functioning as intermediate node in the network and does not need to perform dot1x authentication the dot1x eapol pass through command can be us...

Страница 699: ...t1x system auth control Console config dot1x intrusion action This command sets the port s response to a failed authentication either to block all traffic or to assign all traffic for the port to a gu...

Страница 700: ...ole config if dot1x max req 2 Console config if dot1x operation mode This command allows hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default t...

Страница 701: ...ss to a port operating in this mode is limited only by the available space in the secure address table i e up to 1024 addresses EXAMPLE Console config interface eth 1 2 Console config if dot1x operati...

Страница 702: ...the process is handled transparently by the dot1x client software Only if re authentication fails is the port blocked The connected client is re authenticated after the interval specified by the dot1x...

Страница 703: ...t1x timeout re authperiod seconds The number of seconds Range 1 65535 DEFAULT 3600 seconds COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout...

Страница 704: ...erface eth 1 2 Console config if dot1x timeout supp timeout 300 Console config if dot1x timeout tx period This command sets the time that an interface on the switch waits during an authentication sess...

Страница 705: ...s SYNTAX dot1x identity profile username username password password no dot1x identity profile username password username Specifies the supplicant user name Range 1 8 characters password Specifies the...

Страница 706: ...icant mode on a port SYNTAX no dot1x pae supplicant DEFAULT Disabled COMMAND MODE Interface Configuration COMMAND USAGE When devices attached to a port must submit requests to another authenticator on...

Страница 707: ...dot1x timeout auth period seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration COMMAND USAGE This command sets the time that the supplicant waits for a...

Страница 708: ...NTAX dot1x timeout start period seconds no dot1x timeout start period seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration EXAMPLE Console config interfa...

Страница 709: ...ich a connected client must be re authenticated page 703 Quiet Period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 702 TX Period Time a port wai...

Страница 710: ...ass Through Disabled Supplicant Parameters Identity Profile Username steve 802 1X Port Summary Port Type Operation Mode Control Mode Authorized Eth 1 1 Disabled Single Host Force Authorized Yes Eth 1...

Страница 711: ...tting SYNTAX no management all client http client snmp client telnet client start address end address all client Adds IP address es to all groups http client Adds IP address es to the web group snmp c...

Страница 712: ...ou cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by spec...

Страница 713: ...Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 16...

Страница 714: ...CHAPTER 24 Authentication Commands Management IP Filter 714...

Страница 715: ...y of execution for these filtering commands is Port Security Port Authentication Network Access Web Authentication Access Control Lists DHCP Snooping and then IP Source Guard Configures secure address...

Страница 716: ...configures port security Use the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation...

Страница 717: ...t The specified maximum address count is effective when port security is enabled or disabled Use the no port security max mac count command to disable port security and reset the maximum number of add...

Страница 718: ...network access link detection Enables the link detection feature IC network access link detection link down Configures the link detection feature to detect and act upon link down events IC network acc...

Страница 719: ...ured by the MAC Address Authentication process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host o...

Страница 720: ...g network access mac filter 1 mac address 11 22 33 44 55 66 Console config mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re authent...

Страница 721: ...on for the port When a user attempts to log into the network with a returned dynamic QoS profile that is different from users already logged on to the same port the user is denied access While a port...

Страница 722: ...ing the VLANs have already been created on the switch GVRP is not used to create the VLANs The VLAN settings specified by the first authenticated MAC address are implemented for a port Other authentic...

Страница 723: ...t VLAN must be defined and set as active See the vlan database command When used with 802 1X authentication the intrusion action must be set for guest vlan to be effective see the dot1x intrusion acti...

Страница 724: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Страница 725: ...onse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND...

Страница 726: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Страница 727: ...ype attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter U...

Страница 728: ...e Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addres...

Страница 729: ...xx xx xx xx xx xx interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 26 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console clear netwo...

Страница 730: ...ce interface sort address interface static Specifies static address entries dynamic Specifies dynamic address entries mac address Specifies a MAC address entry Format xx xx xx xx xx xx mask Specifies...

Страница 731: ...MODE Privileged Exec EXAMPLE Consoleshow network access mac filter Filter ID MAC Address MAC Mask 1 00 00 01 02 03 08 FF FF FF FF FF FF Console WEB AUTHENTICATION Web authentication allows stations t...

Страница 732: ...eb auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet period Defines the amount of time to wait after the limit for failed login attempts is exceeded...

Страница 733: ...ation again Range 1 180 seconds DEFAULT SETTING 60 seconds COMMAND MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defin...

Страница 734: ...system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web...

Страница 735: ...ged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Failed to reauth Console web auth re authenticate IP This command ends the web authentication session associated with the desig...

Страница 736: ...mpts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfa...

Страница 737: ...on Mode ip dhcp snooping Enables DHCP snooping globally GC ip dhcp snooping database flash Writes all dynamically learned snooping entries to flash memory GC ip dhcp snooping information option Enable...

Страница 738: ...tered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identi...

Страница 739: ...trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both trusted and untrusted ports in the same VLAN If the DHCP snooping is globally...

Страница 740: ...Option 82 information is generated by the switch Use the no form without any keywords to disable this function or the no form with the remote id keyword to set the remote ID to the switch s MAC addres...

Страница 741: ...essages are then forwarded directly between the server and client without having to flood them to the entire VLAN DHCP snooping must be enabled for the DHCP Option 82 information to be inserted into p...

Страница 742: ...Global Configuration COMMAND USAGE When the switch receives DHCP packets from clients that already include DHCP Option 82 information the switch can be configured to set the action policy for these p...

Страница 743: ...en DHCP snooping enabled globally using the ip dhcp snooping command and enabled on a VLAN with this command DHCP packet filtering will be performed on any untrusted ports within the VLAN as specified...

Страница 744: ...nd all other ports outside the local network or fire wall to untrusted When DHCP snooping ia enabled globally using the ip dhcp snooping command and enabled on a VLAN with ip dhcp snooping vlan comman...

Страница 745: ...sole show ip dhcp snooping Global DHCP Snooping status disable DHCP Snooping Information Option Status disable DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLA...

Страница 746: ...ss interface ethernet unit port no ip source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4093 ip address A valid unicast IP a...

Страница 747: ...there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an entry with same VLAN ID and MAC address and th...

Страница 748: ...d port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC addr...

Страница 749: ...ard if enabled on an interface for which IP source bindings dynamically learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except...

Страница 750: ...nding 1 Console config if show ip source guard This command shows whether source guard is enabled or disabled on each interface COMMAND MODE Privileged Exec EXAMPLE Console show ip source guard Interf...

Страница 751: ...hosts with statically configured IP addresses This section describes commands used to configure ARP Inspection Table 87 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Ins...

Страница 752: ...ction is enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other packets Disabling and then r...

Страница 753: ...not checked DEFAULT SETTING ARP ACLs are not bound to any VLAN Static mode is not enabled COMMAND MODE Global Configuration COMMAND USAGE ARP ACLs are configured with the commands described on page 32...

Страница 754: ...ogging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VLAN the port...

Страница 755: ...e target IP addresses are checked only in ARP responses src mac Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP...

Страница 756: ...ine and their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs When ARP Inspect...

Страница 757: ...arp inspection trust This command sets a port as trusted and thus exempted from ARP Inspection Use the no form to restore the default setting SYNTAX no ip arp inspection trust DEFAULT SETTING Untruste...

Страница 758: ...ge Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspection interface This command shows the trust status a...

Страница 759: ...st IP Address Src MAC Address Dst MAC Address Console show ip arp inspection statistics ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by...

Страница 760: ...HAPTER 25 General Security Measures ARP Inspection 760 COMMAND MODE Privileged Exec EXAMPLE Console show ip arp inspection vlan 1 VLAN ID DAI Status ACL Name ACL Status 1 disabled sales static Console...

Страница 761: ...Pv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header MAC ACLs Con...

Страница 762: ...her more specific criteria acl name Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you cre...

Страница 763: ...one COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated by a...

Страница 764: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Страница 765: ...t mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Preceden...

Страница 766: ...0 255 255 255 0 any destination port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 1...

Страница 767: ...ccess list 767 Time Range 624 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP access l...

Страница 768: ...AX no access list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination...

Страница 769: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address prefi...

Страница 770: ...rce ipv6 address prefix length any destination ipv6 address prefix length dscp dscp next header next header time range time range name no permit deny any host source ipv6 address source ipv6 address p...

Страница 771: ...coded in separate headers that may be placed between the IPv6 header and the upper layer header in a packet There are a small number of such extension headers each identified by a distinct Next Header...

Страница 772: ...v6 ACL acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 access list standard IPv6 standard access list david permit host 2009 DB9 2229 79 pe...

Страница 773: ...with the new one IPv6 ACLs can only be applied to ingress packets EXAMPLE Console config int eth 1 2 Console config if ipv6 access group standard david in Console config if RELATED COMMANDS show ipv6...

Страница 774: ...al Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To remove a rule use...

Страница 775: ...ny host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask time range time range name no permit deny tagged eth2 any...

Страница 776: ...ce MAC address destination Destination MAC address range with bitmask address bitmask14 Bitmask for MAC address in hexadecimal format vid VLAN ID Range 1 4093 vid bitmask14 VLAN bitmask Range 1 4095 p...

Страница 777: ...access group acl name in time range time range name acl name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets time range name Name of the time range...

Страница 778: ...list M5 in Console RELATED COMMANDS mac access group 777 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name acl name Name of the ACL Maxi...

Страница 779: ...OMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To cr...

Страница 780: ...esponse ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac des...

Страница 781: ...mac any any Console config mac acl RELATED COMMANDS access list arp 779 show arp access list This command displays the rules for configured ARP ACLs SYNTAX show arp access list acl name acl name Name...

Страница 782: ...c EXAMPLE Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 255 255 15 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 2...

Страница 783: ...terface IC speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC switchport packet rate Configures broadcast multicast and unknown unicast sto...

Страница 784: ...e is a virtual interface that is always up and can be used to test the functionality of the switch s local IP interfaces including the IP interface of the primary VLAN or the craft port or devices att...

Страница 785: ...ple adds an alias to port 4 Console config interface ethernet 1 4 Console config if alias finance Console config if capabilities This command advertises the port capabilities of a given interface duri...

Страница 786: ...abled you must manually specify the link attributes with the speed duplex and flowcontrol commands EXAMPLE The following example configures Ethernet port 5 capabilities to include 100half and 100full...

Страница 787: ...connection over any 1000BASE T port or trunk Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled...

Страница 788: ...he default mode SYNTAX media type mode no media type mode copper forced Always uses the built in RJ 45 port sfp forced Always uses the SFP port even if module not installed sfp preferred auto Uses SFP...

Страница 789: ...ased on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If auto negotiation is disabled auto MDI...

Страница 790: ...n 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation DEFAULT SETTING Auto negotiation is enabled by default When auto negotiation is disabled the default speed dup...

Страница 791: ...s storm control for multicast traffic unicast Specifies storm control for unknown unicast traffic rate Threshold level as a rate i e kilobits per second Range 64 100000 Kbps for Fast Ethernet ports 64...

Страница 792: ...is therefore not advisable to use both of these commands on the same interface EXAMPLE The following shows how to configure broadcast storm control at 600 kilobits per second Console config interface...

Страница 793: ...1 2 Down 1 0 Auto 100TX None Eth 1 3 Down 1 0 Auto 100TX None Eth 1 4 Down 1 0 Auto 100TX None Eth 1 5 Down 1 0 Auto 100TX None Eth 1 6 Down 1 0 Auto 100TX None show interfaces counters This command...

Страница 794: ...nsmissions 0 Late Collisions 0 Excessive Collisions 0 Internal Mac Transmit Errors 0 Internal Mac Receive Errors 0 Frames Too Long 0 Carrier Sense Errors 0 Symbol Errors RMON Stats 0 Drop Events 16900...

Страница 795: ...laying Connection Status on page 133 EXAMPLE Console show interfaces status ethernet 1 1 Information of Eth 1 1 Basic Information Port Type 100TX MAC Address 00 17 7C 00 00 FE Configuration Name Port...

Страница 796: ...shold Enabled 500 packets second Multicast Threshold Disabled Unknown Unicast Threshold Disabled LACP Status Disabled Ingress Rate Limit Disabled 1000M bits per second Egress Rate Limit Disabled 1000M...

Страница 797: ...mode as Trunk or Hybrid page 898 Ingress Rule Shows if ingress filtering is enabled or disabled page 897 Acceptable Frame Type Shows if acceptable VLAN frames include all types or tagged frames only p...

Страница 798: ...e 0x00 Eth Compliance Codes 1000BASE ZX Baud Rate 1300 MBd Vendor OUI 00 00 5F Vendor Name SumitomoElectric Vendor PN SCP6G94 FN BWH Vendor Rev Z Vendor SN SE08T712Z00006 Date Code 10 09 14 DDM Info T...

Страница 799: ...d This message is displayed for any Fast Ethernet ports that are linked up or for any Gigabit Ethernet ports linked up at a speed lower than 1000 Mbps Impedance mismatch Terminating impedance is not i...

Страница 800: ...nclude Power saving when there is no link partner Under normal operation the switch continuously auto negotiates to find a link partner keeping the MAC interface powered up even if no link connection...

Страница 801: ...ng twisted pair cabling Power savings mode on a active link only works when connection speed is 1 Gbps and line length is less than 60 meters EXAMPLE Console config interface ethernet 1 10 Console con...

Страница 802: ...CHAPTER 27 Interface Commands 802...

Страница 803: ...h ends of a connection must be configured as trunk ports All ports in a trunk must be configured in an identical manner including communication mode i e speed and duplex mode VLAN assignments and CoS...

Страница 804: ...thernet Interface used by the interfaces that joined the group However if the port channel admin key is set then the port admin key must be set to the same value for a port to be allowed to join a cha...

Страница 805: ...r switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination IP address is output on the same link in a trun...

Страница 806: ...ove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates trunk 1 and then adds port 10 Console config interface port channel...

Страница 807: ...terfaces status port channel 1 command shows that Trunk1 has been established Console config interface ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if la...

Страница 808: ...only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin...

Страница 809: ...indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP...

Страница 810: ...switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP...

Страница 811: ...e interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3...

Страница 812: ...his channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of...

Страница 813: ...mation Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in re...

Страница 814: ...signed to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin S...

Страница 815: ...an id mac address mac address no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 26 rx Mirror received packets tx Mirror transmitt...

Страница 816: ...monitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monito...

Страница 817: ...dress in the form of xx xx xx xx xx xx or xxxxxxxxxxxx DEFAULT SETTING Shows all sessions COMMAND MODE Privileged Exec COMMAND USAGE This command displays the currently configured source port destinat...

Страница 818: ...to carry this traffic RSPAN Limitations The following limitations apply to the use of RSPAN on this switch RSPAN Ports Only ports can be configured as an RSPAN source destination or uplink static and...

Страница 819: ...be configured to use it Port Security If port security is enabled on any port that port cannot be set as an RSPAN uplink port even though it can still be configured as an RSPAN source or destination...

Страница 820: ...ethernet 1 3 Console config rspan destination Use this command to specify the destination port to monitor the mirrored traffic Use the no form to disable RSPAN on the specified port SYNTAX rspan sess...

Страница 821: ...r destination and the uplink ports Use the no form to disable the RSPAN on the specified VLAN SYNTAX no rspan session session id remote vlan vlan id source intermediate destination uplink interface se...

Страница 822: ...RSPAN VLAN with the switchport allowed vlan command Nor can GVRP dynamically add port members to an RSPAN VLAN Also note that the show vlan command will not display any members for an RSPAN VLAN but...

Страница 823: ...ion session id session id A number identifying this RSPAN session Range 1 2 Only two mirror sessions are allowed including both local and remote mirroring If local mirroring is enabled with the port m...

Страница 824: ...CHAPTER 29 Port Mirroring Commands RSPAN Mirroring Commands 824...

Страница 825: ...disabled SYNTAX rate limit input output rate no rate limit input output input Input rate for specified interface output Output rate for specified interface rate Maximum value in Kbps Range 64 100000 K...

Страница 826: ...control command It is therefore not advisable to use both of these commands on the same interface EXAMPLE Console config interface ethernet 1 1 Console config if rate limit input 64 Console config if...

Страница 827: ...er expires IC Port auto traffic control auto control release Automatically releases a control response IC Port auto traffic control control release Manually releases a control response IC Port SNMP Tr...

Страница 828: ...eneath the lower threshold after a storm control response has been triggered and the release timer expires IC Port ATC Display Commands show auto traffic control Shows global configuration settings fo...

Страница 829: ...nable the port FUNCTIONAL LIMITATIONS Automatic storm control is a software level control function Traffic storms can also be controlled at the hardware level using the switchport packet rate command...

Страница 830: ...s the time at which to release the control response after ingress traffic has fallen beneath the lower threshold Use the no form to restore the default setting SYNTAX auto traffic control broadcast mu...

Страница 831: ...ING Disabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE Automatic storm control can be enabled for either broadcast or multicast traffic It cannot be enabled for both of these traffic...

Страница 832: ...n only be manually re enabled DEFAULT SETTING rate control COMMAND MODE Interface Configuration Ethernet COMMAND USAGE When the upper threshold is exceeded and the apply timer expires a control respon...

Страница 833: ...s COMMAND MODE Interface Configuration Ethernet COMMAND USAGE Once the traffic rate falls beneath the lower threshold a trap message may be sent if configured by the snmp server enable port traps atc...

Страница 834: ...r the apply timer expires Range 1 255 kilo packets per second seconds DEFAULT SETTING 128 kilo packets per seconds COMMAND MODE Interface Configuration Ethernet COMMAND USAGE Once the upper threshold...

Страница 835: ...een triggered and the release timer has expired EXAMPLE Console config interface ethernet 1 1 Console config if auto traffic control broadcast auto control release Console config if auto traffic contr...

Страница 836: ...nable port traps atc broadcast alarm clear Console config if RELATED COMMANDS auto traffic control action 832 auto traffic control alarm clear threshold 833 snmp server enable port traps atc broadcast...

Страница 837: ...MMANDS auto traffic control alarm fire threshold 834 auto traffic control apply timer 829 snmp server enable port traps atc broadcast control release This command sends a trap when broadcast traffic f...

Страница 838: ...nable port traps atc multicast alarm clear Console config if RELATED COMMANDS auto traffic control action 832 auto traffic control alarm clear threshold 833 snmp server enable port traps atc multicast...

Страница 839: ...MMANDS auto traffic control alarm fire threshold 834 auto traffic control apply timer 829 snmp server enable port traps atc multicast control release This command sends a trap when multicast traffic f...

Страница 840: ...and storm control status for the specified port SYNTAX show auto traffic control interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 COMMAND MODE...

Страница 841: ...seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 106 Address Table Commands Command Function Mode mac address...

Страница 842: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Страница 843: ...lasses of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bit...

Страница 844: ...00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPLE Console show mac address table Interface MAC Address VLAN Type Lif...

Страница 845: ...AX show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 port channel channel id Range 1 13 DEFAULT SETTING None COMMAN...

Страница 846: ...CHAPTER 32 Address Table Commands 846...

Страница 847: ...mode GC spanning tree system bpdu flooding Floods BPDUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configu...

Страница 848: ...mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPDUs to ot...

Страница 849: ...o IOS Release 12 2 25 SEC do not fully follow the IEEE standard causing some state machine procedures to function incorrectly The command forces the spanning tree protocol to function in a manner comp...

Страница 850: ...E Console config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore t...

Страница 851: ...onfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becom...

Страница 852: ...delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the mig...

Страница 853: ...ath between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 861 takes precedence over...

Страница 854: ...the lowest MAC address will then become the root device EXAMPLE Console config spanning tree priority 40000 Console config spanning tree mst configuration This command changes to Multiple Spanning Tre...

Страница 855: ...d by port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu flooding command has no effect if BPDU floodin...

Страница 856: ...tance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the ho...

Страница 857: ...ance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs SYNTAX no mst instance id vlan vlan range instance id Instance identifier of the sp...

Страница 858: ...Use the no form to clear the name SYNTAX name name name Name of the spanning tree DEFAULT SETTING Switch s MAC address COMMAND MODE MST Configuration COMMAND USAGE The MST region name and revision num...

Страница 859: ...able this feature SYNTAX no spanning tree bpdu filter DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command filters all Bridge Protocol Data Un...

Страница 860: ...DEFAULT SETTING BPDU Guard Disabled Auto Recovery Disabled Auto Recovery Interval 300 seconds COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE An edge port should only be conn...

Страница 861: ...method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE...

Страница 862: ...enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to th...

Страница 863: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Страница 864: ...detection release mode auto Allows a port to automatically be released from the discarding state when the loopback state ends manual The port can only be released from the discarding state manually D...

Страница 865: ...onsole config interface ethernet 1 5 Console config if spanning tree loopback detection trap spanning tree mst cost This command configures the path cost on a spanning instance in the Multiple Spannin...

Страница 866: ...d higher values assigned to interfaces with slower media Use the no spanning tree mst cost command to specify auto configuration mode Path cost takes precedence over interface priority EXAMPLE Console...

Страница 867: ...mst cost 865 spanning tree port bpdu flooding This command floods BPDUs to other ports when spanning tree is disabled globally or disabled on a specific port Use the no form to restore the default set...

Страница 868: ...port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric id...

Страница 869: ...t could also be used to form a border around part of the network where the root bridge is allowed When spanning tree is initialized globally on the switch or on an interface the switch will wait for 2...

Страница 870: ...EXAMPLE Console spanning tree loopback detection release ethernet 1 1 Console spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface SYN...

Страница 871: ...the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configura...

Страница 872: ...co Prestandard Disabled Eth 1 1 Information Admin Status Enabled Role Root State Forwarding External Admin Path Cost 0 Internal Admin Path Cost 0 External Oper Path Cost 100000 Internal Oper Path Cost...

Страница 873: ...nfiguration This command shows the configuration of the multiple spanning tree COMMAND MODE Privileged Exec EXAMPLE Console show spanning tree mst configuration Mstp Configuration Information Configur...

Страница 874: ...CHAPTER 33 Spanning Tree Commands 874...

Страница 875: ...ing port is set as being connected to the RPL Under normal operations Idle state the RPL is blocked to ensure that a loop cannot form in the ring If a signal failure Table 110 ERPS Commands Command Fu...

Страница 876: ...N must be tagged Failure to observe these restrictions can result in a loop in the network 6 Enable ERPS Before enabling a ring as described in the next step first use the erps command to globally ena...

Страница 877: ...in r d Console config erps control vlan This command specifies a dedicated VLAN used for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan...

Страница 878: ...config vlan exit Console config interface ethernet 1 12 Console config if switchport allowed vlan add 2 tagged Console config if interface ethernet 1 11 Console config if switchport allowed vlan add...

Страница 879: ...f 10 milliseconds DEFAULT SETTING 500 milliseconds COMMAND MODE ERPS Configuration COMMAND USAGE The guard timer duration should be greater than the maximum expected forwarding delay for an R APS mess...

Страница 880: ...ll be checked If one does exist that defect will be reported to the protection switching mechanism The reported defect need not be the same one that started the timer EXAMPLE Console config erps holdo...

Страница 881: ...ish messages when a node is connected to more than one ring EXAMPLE Console config erps node id 00 17 7C 61 24 2D Console config erps ring port This command configures a node s connection to the ring...

Страница 882: ...during Idle state and unblocks it during Protection state that is when a signal fault is detected on the ring The east and west connections to the ring must be specified for all ring nodes using the...

Страница 883: ...ecified ring SYNTAX show erps domain ring name ring name Name of a specific ERPS ring Range 1 32 characters COMMAND MODE Privileged Exec EXAMPLE This example displays a summary of all the ERPS rings c...

Страница 884: ...ate it means that a link failure has occurred This state will switch to idle state if all the failed links recover MEL The maintenance entity group MEG level providing a communication channel for ring...

Страница 885: ...is not in a known state East Port Shows the west ring port for this node and the interface state as described in the preceding item RPL Port If node is connected to the RPL this shows by which interf...

Страница 886: ...CHAPTER 34 ERPS Commands 886...

Страница 887: ...s including ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Con...

Страница 888: ...USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 889: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 890: ...NG No VLANs are included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified int...

Страница 891: ...nsole show bridge ext Maximum Supported VLAN Numbers 4093 Maximum Supported VLAN ID 4093 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurable PVID T...

Страница 892: ...ace interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 port channel channel id Range 1 13 DEFAULT SETTING Shows both global and interface specific configuration COMM...

Страница 893: ...mmand EXAMPLE Console config vlan database Console config vlan RELATED COMMANDS show vlan 901 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN SYNTA...

Страница 894: ...TE The switch allows 256 user manageable VLANs EXAMPLE The following example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Console config vlan database Console config vla...

Страница 895: ...and then assign an IP address to the VLAN Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if RELATED COMMANDS shutdown 789 interface 784 vlan 8...

Страница 896: ...gned to the default VLAN EXAMPLE The following example shows how to restrict the traffic received on port 1 to tagged frames Console config interface ethernet 1 1 Console config if switchport acceptab...

Страница 897: ...he host at the other end of the connection supports VLANs the interface should be added to these VLANs as an untagged member Otherwise it is only necessary to add at most one VLAN as untagged and this...

Страница 898: ...fig if switchport mode This command configures the VLAN membership mode for a port Use the no form to restore the default SYNTAX switchport mode access hybrid trunk no switchport mode access Specifies...

Страница 899: ...d Default VLAN ID for a port Range 1 4093 no leading zeroes DEFAULT SETTING VLAN 1 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE When using Access mode and an interface is a...

Страница 900: ...itches would drop any frames with unknown VLAN group tags However by enabling VLAN trunking on the intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN...

Страница 901: ...ion show vlan This command shows VLAN information SYNTAX show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes n...

Страница 902: ...agging This section describes commands used to configure QinQ tunneling General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode dot1q tunnel system tunnel control 2 Create a SPVL...

Страница 903: ...l uplink ports and tunnel access ports cannot be the same However the same service VLANs can be set on both tunnel port types IGMP Snooping should not be enabled on a tunnel access port If the spannin...

Страница 904: ...ng the dot1q tunnel system tunnel control command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a packet from a customer the customer tag...

Страница 905: ...the default VID of the edge router s ingress port This process is performed in a transparent manner as described under IEEE 802 1Q Tunneling on page 181 When priority bits are found in the inner tag t...

Страница 906: ...ingress vlan translation Inject double tagged frame SVID 101 CVID 10 to Port 2 then Port 1 exits single tagged frame VID 10 switching 3 Port 1 switchport dot1q tunnel service 101 match cvid 10 remove...

Страница 907: ...d upon as untagged frames and assigned to the native VLAN of that port All ports on the switch will be set to the same ethertype EXAMPLE Console config interface ethernet 1 1 Console config if switchp...

Страница 908: ...port dot1q tunnel mode 904 CONFIGURING L2CP TUNNELING This section describes the commands used to configure Layer 2 Protocol Tunneling L2PT l2protocol tunnel tunnel dmac This command configures the de...

Страница 909: ...a forwarding them across to the tunnel s egress port The egress port decapsulates these packets restores the proper protocol and MAC address information and then floods them onto the same VLANs at the...

Страница 910: ...s a Generic Bridge PDU Tunneling GBPT protocol packet i e having the destination address 01 00 0C CD CD D0 it is forwarded to the following ports in the same S VLAN other access ports for which L2PT i...

Страница 911: ...ocol Use the no form to disable L2PT for the specified protocol SYNTAX switchport l2protocol tunnel cdp lldp pvst spanning tree vtp cdp Cisco Discovery Protocol lldp Link Layer Discotry Protocol pvst...

Страница 912: ...orts to the service provider port based traffic segmentation can be used to isolate traffic for individual clients traffic segmentation This command enables traffic segmentation globally or configures...

Страница 913: ...n uplink ports in segmented groups and ports in normal VLANs Enter the traffic segmentation command without any parameters to enable traffic segmentation Then set the interface members for segmented g...

Страница 914: ...e protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 893 Although not mandatory we suggest configuring a separate VLAN for each major protocol...

Страница 915: ...COMMAND MODE Global Configuration EXAMPLE The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame ty...

Страница 916: ...ames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the d...

Страница 917: ...VLANs for the selected interfaces SYNTAX show interfaces protocol vlan protocol group interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 port channel chan...

Страница 918: ...ask vlan vlan id priority priority no subnet vlan subnet ip address mask all ip address The IP address that defines the subnet Valid IP addresses consist of four decimal numbers 0 to 255 separated by...

Страница 919: ...24 vlan 4 Console config show subnet vlan This command displays IP Subnet VLAN assignments COMMAND MODE Privileged Exec COMMAND USAGE Use this command to display subnet to VLAN mappings The last match...

Страница 920: ...remove an assignment SYNTAX mac vlan mac address mac address vlan vlan id priority priority no mac vlan mac address mac address all mac address The source MAC address to be matched Configured MAC add...

Страница 921: ...dress VLAN ID Priority 00 00 00 11 22 33 10 0 Console CONFIGURING VOICE VLANS The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic VoIP traffic can...

Страница 922: ...n switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically a...

Страница 923: ...gures the Voice VLAN aging time as 3000 minutes Console config voice vlan aging 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Us...

Страница 924: ...Telephony list Console config voice vlan mac address 00 12 34 56 78 90 mask ff ff ff 00 00 00 description A new phone Console config switchport voice vlan This command specifies the Voice VLAN mode fo...

Страница 925: ...MMAND USAGE Specifies a CoS priority to apply to the port VoIP traffic on the Voice VLAN The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is ac...

Страница 926: ...ing VoIP traffic Console config interface ethernet 1 1 Console config if switchport voice vlan rule oui Console config if switchport voice vlan security This command enables security filtering for VoI...

Страница 927: ...tatus Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Au...

Страница 928: ...CHAPTER 35 VLAN Commands Configuring Voice VLANs 928...

Страница 929: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 930: ...DEFAULT SETTING Strict and WRR with Queue 3 using strict mode COMMAND MODE Global Configuration COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combina...

Страница 931: ...queue weight This command assigns weights to the four class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing...

Страница 932: ...mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frame...

Страница 933: ...default 5 Console config if RELATED COMMANDS show interfaces switchport 796 show queue mode This command shows the current queue mode COMMAND MODE Privileged Exec EXAMPLE Console show queue mode Queue...

Страница 934: ...l format Range 0 1 Table 127 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal...

Страница 935: ...riority tags in the original packet are not modified by this command The internal DSCP consists of three bits for per hop behavior PHB which determines the queue to which a packet is sent and two bits...

Страница 936: ...DSCP by the qos map trust mode command and the ingress packet type is IPv4 Two QoS domains can have different DSCP definitions so the DSCP to PHB Drop Precedence mutation map can be used to modify one...

Страница 937: ...rface ethernet 1 5 Console config if qos map dscp mutation 3 1 from 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per hop behavi...

Страница 938: ...essing will be based on the DSCP value in the ingress packet If the QoS mapping mode is set to DSCP and a non IP packet is received the packet s CoS and CFI Canonical Format Indicator values are used...

Страница 939: ...in the top row in other words ingress DSCP d1 10 d2 and the corresponding Internal DSCP and drop precedence is shown at the intersecting cell in the table Console show qos map dscp mutation interface...

Страница 940: ...os dscp This command shows ingress CoS CFI to internal DSCP map SYNTAX show qos map cos dscp interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 p...

Страница 941: ...ap trust mode interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 port channel channel id Range 1 13 COMMAND MODE Privileged Exec EXAMPLE The foll...

Страница 942: ...CHAPTER 36 Class of Service Commands Priority Commands Layer 3 and 4 942...

Страница 943: ...classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an enforcer...

Страница 944: ...or set ip dscp command to modify the per hop behavior the class of service value in the VLAN tag or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the p...

Страница 945: ...ss maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packet...

Страница 946: ...mand to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qualify for this class map If an ingres...

Страница 947: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 16 characters COMMAND MODE Class Map Configur...

Страница 948: ...rd policy Console config pmap class rd class Console config pmap c set cos 0 Console config pmap c police flow 10000 4000 conform action transmit violate action drop Console config pmap c class This c...

Страница 949: ...10000 4000 conform action transmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no form to remo...

Страница 950: ...e The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else Tc i...

Страница 951: ...st Excess burst size BE in bytes Range 4000 1600000 at a granularity of 4k bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service the pa...

Страница 952: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Страница 953: ...color blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit exceed action drop new dscp violate action drop new dscp trtcm color blind Two rate three col...

Страница 954: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Страница 955: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service that...

Страница 956: ...receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate to 4000 bytes and configure the response to drop any violating packets Console config polic...

Страница 957: ...action drop Console config pmap c set phb This command services IP traffic by setting a per hop behavior value for a matching packet as specified by the match command for internal processing Use the...

Страница 958: ...licy map defined by the policy map command to the ingress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map name input Apply to the input...

Страница 959: ...ss list rd access Match ip dscp 0 Class Map match any rd class 2 Match ip precedence 5 Class Map match any rd class 3 Match vlan 1 Console show policy map This command displays the QoS policy maps whi...

Страница 960: ...le show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Unit identifier Rang...

Страница 961: ...ard all inbound multicast traffic to the attached VLANs IGMP Filtering and Throttling Configures IGMP filtering and throttling Multicast VLAN Registration Configures a single network wide multicast VL...

Страница 962: ...e the system assumes there are no local members GC ip igmp snooping vlan last memb query intvl Configures the last member query interval GC ip igmp snooping vlan mrd Sends multicast router solicitatio...

Страница 963: ...nterface settings will not take effect until snooping is re enabled globally EXAMPLE The following example enables IGMP snooping globally Console config ip igmp snooping Console config ip igmp snoopin...

Страница 964: ...e specified VLAN DEFAULT SETTING Global Enabled VLAN Based on global setting COMMAND MODE Global Configuration COMMAND USAGE When proxy reporting is enabled with this command the switch performs IGMP...

Страница 965: ...o not include the Router Alert option Use the no form to ignore the Router Alert Option when receiving IGMP messages SYNTAX no ip igmp snooping router alert option check DEFAULT SETTING Disabled COMMA...

Страница 966: ...ing router port expire time seconds The time the switch waits after the previous querier stops before it considers it to have expired Range 1 65535 Recommended Range 300 500 DEFAULT SETTING 300 second...

Страница 967: ...ds unsolicited reports for all current learned channels out through the new uplink port By default the switch immediately enters into multicast flooding mode when a spanning tree topology change occur...

Страница 968: ...l also immediately issues an IGMP general query The ip igmp snooping tcn query solicit command can be used to send a query solicitation whenever it notices a topology change even if the switch is not...

Страница 969: ...no form to restore the default value SYNTAX ip igmp snooping unsolicited report interval seconds no ip igmp snooping version exclusive seconds The interval at which to issue unsolicited reports Range...

Страница 970: ...nd versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting t...

Страница 971: ...oping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for th...

Страница 972: ...sage is received The router querier stops forwarding traffic for that group only if no host replies to the query within the time out period The time out for this release is currently defined by Last M...

Страница 973: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 974: ...an id VLAN ID Range 1 4093 DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation and...

Страница 975: ...proxy address source address vlan id VLAN ID Range 1 4093 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Страница 976: ...nterval no ip igmp snooping vlan vlan id proxy query interval vlan id VLAN ID Range 1 4093 interval The interval between sending IGMP proxy general queries Range 10 31744 seconds DEFAULT SETTING 100 1...

Страница 977: ...ths of a second DEFAULT SETTING 100 10 seconds COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting is enabled page 964 EXAMPLE Console c...

Страница 978: ...See Configuring IGMP Snooping and Query Parameters on page 520 for a description of the displayed items EXAMPLE The following shows the current IGMP snooping configuration Console show ip igmp snoopin...

Страница 979: ...user igmpsnp user igmpsnp vlan id VLAN ID 1 4093 user Display only the user configured multicast entries igmpsnp Display only entries learned through IGMP snooping DEFAULT SETTING None COMMAND MODE Pr...

Страница 980: ...tic multicast router ports are configured COMMAND MODE Global Configuration COMMAND USAGE Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefor...

Страница 981: ...switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service based on a specific subscription plan The IGMP filtering...

Страница 982: ...ecked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP f...

Страница 983: ...o many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profil...

Страница 984: ...p range DEFAULT SETTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE C...

Страница 985: ...max groups number no ip igmp max groups number The maximum number of multicast groups an interface can join at the same time Range 1 255 DEFAULT SETTING 255 COMMAND MODE Interface Configuration Ether...

Страница 986: ...ch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing gro...

Страница 987: ...profile profile number profile number An existing IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ip igmp profile IGMP Profile 19...

Страница 988: ...the distribution tree for a normal multicast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to w...

Страница 989: ...nsole config mvr group This command statically configures MVR multicast group IP address es Use the no form of this command to remove a specific address or range of addresses SYNTAX no mvr group ip ad...

Страница 990: ...onfig mvr group 228 1 23 1 10 Console config mvr priority This command assigns a priority to all multicast traffic in the MVR VLAN Use the no form of this command to restore the default setting SYNTAX...

Страница 991: ...8 0 3 Console config mvr vlan This command specifies the VLAN through which MVR multicast data is received Use the no form of this command to restore the default MVR VLAN SYNTAX mvr vlan vlan id no mv...

Страница 992: ...iately removed from the multicast group identified in the leave message When immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port an...

Страница 993: ...also be used to allow a receiver port to dynamically join or leave multicast groups not sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to trunk mode...

Страница 994: ...member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically assigned to a receiver port using this command The...

Страница 995: ...plays global configuration settings for MVR when no keywords are used COMMAND MODE Privileged Exec COMMAND USAGE Enter this command without any keywords to display the global settings for MVR Use the...

Страница 996: ...VR environment are satisfied Running status is true as long as MVR Status is enabled and the specified MVR VLAN exists MVR Multicast VLAN Shows the VLAN used to transport all MVR multicast traffic MVR...

Страница 997: ...from the MVR VLAN Up time Time this service has been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active or new clients Group...

Страница 998: ...CHAPTER 38 Multicast Filtering Commands Multicast VLAN Registration 998...

Страница 999: ...Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many m...

Страница 1000: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Страница 1001: ...form to restore the default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on holdtime multiplier refresh interval 65536 Range 2 1...

Страница 1002: ...ice EXAMPLE Console config lldp med fast start count 6 Console config lldp notification interval This command configures the allowed interval for sending SNMP notifications about LLDP MIB changes Use...

Страница 1003: ...seconds Specifies the periodic interval at which LLDP advertisements are sent Range 5 32768 seconds DEFAULT SETTING 30 seconds COMMAND MODE Global Configuration COMMAND USAGE This attribute must comp...

Страница 1004: ...se the no form to restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Conf...

Страница 1005: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Страница 1006: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Страница 1007: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Страница 1008: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Страница 1009: ...tocol based VLANs on page 914 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled po...

Страница 1010: ...e 915 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link...

Страница 1011: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command confi...

Страница 1012: ...scription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywor...

Страница 1013: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Страница 1014: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Страница 1015: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Страница 1016: ...k policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificati...

Страница 1017: ...X show lldp config detail interface detail Shows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 26 port channel channel id Range 1 13 COMMAND...

Страница 1018: ...ication Status Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Civic Address Status Enabled Country Nam...

Страница 1019: ...ress 00 17 7C DA FC EC Ethernet Port on unit 0 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MAC Address Port ID 00 17 7C DA FC E9...

Страница 1020: ...unit 0 port 1 SystemCapSupported Bridge SystemCapEnabled Bridge Remote Management Address 192 168 0 5 IPv4 Remote Port VID 1 Remote Port Protocol VLAN VLAN 3 supported enabled Remote VLAN Name VLAN 1...

Страница 1021: ...LE Console show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Co...

Страница 1022: ...CHAPTER 39 LLDP Commands 1022...

Страница 1023: ...pported through loop back messages and fault isolation through link trace messages Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when conne...

Страница 1024: ...ts the transmission delay between continuity check messages GC ethernet cfm cc enable Enables transmission of continuity check messages within a specified maintenance association GC snmp server enable...

Страница 1025: ...s GC ethernet cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktra...

Страница 1026: ...the cross check operation page 1049 You can also enable SNMP traps for events discovered by continuity check messages page 1045 or cross check messages page 1049 ethernet cfm ais level This command co...

Страница 1027: ...ers ma name Maintenance association name Range 1 45 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Frames with AIS information can be issued at the cl...

Страница 1028: ...acters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm ais period 60...

Страница 1029: ...ss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Console config...

Страница 1030: ...the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that make up all p...

Страница 1031: ...name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name vlan 1032 ethernet cfm enable This command enables CFM processing globally on the switch Use the no for...

Страница 1032: ...maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance domai...

Страница 1033: ...G13 SG15 Y 1731 defined ICC based format Use the no form to restore the default setting SYNTAX ma index index name format character string icc based no ma index index name format index MA identifier R...

Страница 1034: ...is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium DEFAULT SETTING No MEPs are configured The MEP faces outward down COMMAND...

Страница 1035: ...nterface When CFM is disabled hardware resources previously used for CFM processing on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic EXAMP...

Страница 1036: ...ce interface global Displays global settings including CFM global status cross check start delay and link trace parameters traps Displays the status of all continuity check and cross check traps inter...

Страница 1037: ...EP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which has reco...

Страница 1038: ...Hold Time m 1 rd 0 default 100 Console show ethernet cfm ma This command displays the configured maintenance associations SYNTAX show ethernet cfm ma level level level Maintenance level Range 0 7 DEFA...

Страница 1039: ...26 port channel channel id Range 1 13 level id Maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mep keyword with this command to dis...

Страница 1040: ...1 port Port number Range 1 26 port channel channel id Range 1 13 level id Maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows deta...

Страница 1041: ...N ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The port to which this MEP is attached CC Status Show...

Страница 1042: ...p Interface State Up Crosscheck Status Enabled Console Table 145 show ethernet cfm maintenance points remote detail display Field Description MAC Address MAC address of the remote maintenance point If...

Страница 1043: ...Ms from any other MEPs in its MA a connectivity failure is registered The interval at which CCMs are issued should therefore be Port State Port states include Up The port is functioning normally Block...

Страница 1044: ...specified maintenance association Use the no form to disable the transmission of these messages SYNTAX no ethernet cfm cc enable md domain name ma ma name domain name Domain name Range 1 43 alphanumer...

Страница 1045: ...ame MPID as its own but with a different source MAC address indicating that a CFM configuration error exists loop Sends a trap if this device receives a CCM with the same source MAC address and MPID a...

Страница 1046: ...5535 minutes DEFAULT SETTING 100 minutes COMMAND MODE CFM Domain Configuration COMMAND USAGE A change to the hold time only applies to entries stored in the database after this command is entered EXAM...

Страница 1047: ...his command clears continuity check errors logged for the specified maintenance domain or maintenance level SYNTAX clear ethernet cfm errors domain domain name level level id domain name Domain name R...

Страница 1048: ...VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher maintenance level and associated with at least...

Страница 1049: ...elay should be configured to a value greater than or equal to the continuity check message interval to avoid generating unnecessary traps EXAMPLE This example sets the maximum delay before starting th...

Страница 1050: ...static list A ma up trap is sent if cross checking is enabled and a CCM is received from all remote MEPs configured in the static list for this maintenance association EXAMPLE This example enables SNM...

Страница 1051: ...vlan 1 Console config ether cfm mep crosscheck mpid 2 ma rd Console config ether cfm ethernet cfm mep crosscheck This command enables cross checking between the static list of MEPs assigned to other...

Страница 1052: ...cfm maintenance points remote crosscheck domain domain name mpid mpid domain name Domain name Range 1 43 alphanumeric characters mpid Maintenance end point identifier Range 1 8191 DEFAULT SETTING Non...

Страница 1053: ...P along the path and from the target MEP Information stored in the cache includes the maintenance domain name MA name MEPID sequence number and TTL value EXAMPLE This example enables link trace cachin...

Страница 1054: ...e 1 4095 entries DEFAULT SETTING 100 entries COMMAND MODE Global Configuration COMMAND USAGE Before setting the cache size the cache must first be enabled with the ethernet cfm linktrace cache command...

Страница 1055: ...1 255 hops DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Link trace messages can be targeted to MEPs not MIPs Before sending a link trace message be sure you have configured the tar...

Страница 1056: ...ged Exec EXAMPLE Console show ethernet cfm linktrace cache Hops MA IP Alias Ingress MAC Ing Action Relay Forwarded Egress MAC Egr Action 2 rd 192 168 0 6 00 17 7C 12 12 2D ingOk Hit Not Forwarded Cons...

Страница 1057: ...for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be false IngBlocked The...

Страница 1058: ...ther error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving maintenance point should respond to the loop back message with a loo...

Страница 1059: ...been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected is reported in the fault alarm Priority defects include the following items Table 148...

Страница 1060: ...time The time that one or more defects must be present before a fault alarm is generated Range 3 10 seconds DEFAULT SETTING 3 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE A fault alarm...

Страница 1061: ...the reset time after which another fault alarm can be generated Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep fault notify reset time 7 Console config ether...

Страница 1062: ...45 alphanumeric characters count The number of times to retry sending the message if no response is received before the specified timeout Range 1 5 interval The transmission delay between delay measu...

Страница 1063: ...th a frame with DM reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTimeStampb Times...

Страница 1064: ...CHAPTER 40 CFM Commands 1064...

Страница 1065: ...efm oam link monitor frame window Sets the monitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical...

Страница 1066: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Страница 1067: ...s Use the no form to disable this function SYNTAX no efm oam link monitor frame DEFAULT SETTING Enabled COMMAND MODE Interface Configuration COMMAND USAGE An errored frame is a frame in which one or m...

Страница 1068: ...he no form to restore the default setting SYNTAX no efm oam link monitor frame window size size The period of time in which to check the reporting threshold for errored frame link events Range 10 6553...

Страница 1069: ...will initiate the OAM discovery process When in passive mode it can only respond to discovery messages EXAMPLE Console config interface ethernet 1 1 Console config if efm oam mode active Console conf...

Страница 1070: ...ote loopback start command to start OAM remote loop back test mode on the specified port Afterwards use the efm oam remote loopback test command page 1071 to start sending test packets Then use the ef...

Страница 1071: ...ommand to perform an OAM remote loopback test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loopback mode...

Страница 1072: ...ification 0 0 1 1 Loopback Control 1 0 1 1 Organization Specific 76 0 Console show efm oam event log interface This command displays the OAM event log for the specified port s or for all ports that ha...

Страница 1073: ...o spaces use a hyphen to designate a range of ports Range 1 26 COMMAND MODE Normal Exec Privileged Exec EXAMPLE Console show efm oam remote loopback interface 1 1 Port OAM loopback Tx OAM loopback Rx...

Страница 1074: ...e Loopback Gasp Event Frame 1 1 Enabled Active Disabled Enabled Enabled Enabled Console show efm oam status remote interface This command displays information about attached OAM enabled devices SYNTAX...

Страница 1075: ...ame Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters DEFAULT SETTING None Table 152 Address Table Commands Command Function Mode...

Страница 1076: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Страница 1077: ...77 ip name server 1079 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use...

Страница 1078: ...ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use the no ip...

Страница 1079: ...servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list is reache...

Страница 1080: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 1081: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Страница 1082: ...sole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yahoo...

Страница 1083: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1084: ...CHAPTER 42 Domain Name Service Commands 1084...

Страница 1085: ...acquire other non address configuration information such as a default gateway from a DHCPv6 server Table 155 DHCP Commands Command Group Function DHCP Client Allows interfaces to dynamically acquire I...

Страница 1086: ...tion of the switch to the DHCP server which then uses this information to decide on how to service the client or the type of information to return The general framework for this DHCP option is set out...

Страница 1087: ...s Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip interface Vlan 1 is Administrative Up Link Up Address is 12 34...

Страница 1088: ...rs by sending a solicit message and collecting advertised message replies These servers are then ranked based on their advertised preference value If the client needs to acquire prefixes from servers...

Страница 1089: ...ange of consecutive numbers separated by a hyphen or multiple numbers separated by commas Range 1 4093 no leading zeroes COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 dhcp vlan 1 VLAN 1 is in...

Страница 1090: ...CHAPTER 43 DHCP Commands DHCP Client 1090...

Страница 1091: ...segment IPV4 INTERFACE There are no IP addresses assigned to this switch by default You must manually configure a new address to manage the switch over your network or to connect the switch to existin...

Страница 1092: ...m DHCP DEFAULT SETTING DHCP COMMAND MODE Interface Configuration VLAN COMMAND USAGE An IP address must be assigned to this device to gain management access over the network or to connect the switch to...

Страница 1093: ...enabled but will not function until a BOOTP or DHCP reply has been received Requests are broadcast periodically by the router in an effort to learn its IP address BOOTP and DHCP values can include th...

Страница 1094: ...ED COMMANDS ip address 1092 ipv6 default gateway 1100 show ip default gateway This command shows the IPv4 default gateway configured for this device DEFAULT SETTING None COMMAND MODE Privileged Exec E...

Страница 1095: ...ed The traceroute command first sends probe datagrams with the TTL value set at one This causes the first router to discard the datagram and return an error message The trace function then sends sever...

Страница 1096: ...her site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does...

Страница 1097: ...SYNTAX arp timeout seconds no arp timeout seconds The time a dynamic entry remains in the ARP cache Range 300 86400 86400 seconds is one day DEFAULT SETTING 1200 seconds 20 minutes COMMAND MODE Global...

Страница 1098: ...is command displays entries in the Address Resolution Protocol ARP cache COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command displays information about the ARP cache The first line sho...

Страница 1099: ...ze of the maximum transmission unit MTU for IPv6 packets sent on an interface IC show ipv6 default gateway Displays the current IPv6 default gateway NE PE show ipv6 interface Displays the usability an...

Страница 1100: ...ress to indicate the appropriate number of zeros required to fill the undefined fields The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when...

Страница 1101: ...te the appropriate number of zeros required to fill the undefined fields To connect to a larger network with multiple subnets you must configure a global unicast address This address can be manually c...

Страница 1102: ...I 64 form of the interface identifier i e the switch s MAC address Use the no form to remove the address generated by this command SYNTAX no ipv6 address autoconfig DEFAULT SETTING No IPv6 addresses a...

Страница 1103: ...al is 1000 milliseconds Console RELATED COMMANDS ipv6 address 1101 show ipv6 interface 1109 ipv6 address eui 64 This command configures an IPv6 address for an interface using an EUI 64 interface ID in...

Страница 1104: ...address The EUI 64 specification is designed for devices that use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also known as EUI 48 format it must be converted into...

Страница 1105: ...th a specific address to remove it from the interface SYNTAX ipv6 address ipv6 address link local no ipv6 address ipv6 address link local ipv6 address The IPv6 address assigned to the interface DEFAUL...

Страница 1106: ...0 72 FF02 1 FF00 FD FF02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds Console RELATED COMMANDS ipv6 enable 1106 show ipv6 interf...

Страница 1107: ...le show ipv6 interface Vlan 1 is up IPv6 is enable Link local address FE80 217 7CFF FE00 FD 64 Global unicast address es 2001 DB8 2222 7273 72 96 subnet is 2001 DB8 2222 7273 96 Joined group address e...

Страница 1108: ...ust use the same MTU in order to operate correctly IPv6 must be enabled on an interface before the MTU can be set EXAMPLE The following example sets the MTU for VLAN 1 to 1280 bytes Console config int...

Страница 1109: ...work portion of the address COMMAND MODE Normal Exec Privileged Exec EXAMPLE This example displays all the IPv6 addresses configured for the switch Console show ipv6 interface Vlan 1 is up IPv6 is ena...

Страница 1110: ...interface local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all...

Страница 1111: ...received total received header errors too big errors no routes address errors unknown protocols truncated packets discards delivers reassembly request datagrams reassembly succeeded reassembly failed...

Страница 1112: ...show ipv6 traffic display description Field Description IPv6 Statistics IPv6 recived total received The total number of input datagrams received by the interface including those received in error hea...

Страница 1113: ...of discarded IPv6 fragments since some algorithms notably the algorithm in RFC 815 can lose track of the number of fragments by combining them as they are received This counter is incremented at the i...

Страница 1114: ...ICMPv6 Group Membership Query messages received by the interface group membership response messages The number of ICMPv6 Group Membership Response messages received by the interface group membership r...

Страница 1115: ...ber of Redirect messages sent For a host this object will always be zero since hosts do not send redirects group membership response messages The number of ICMPv6 Group Membership Response messages se...

Страница 1116: ...tes COMMAND MODE Privileged Exec COMMAND USAGE Use the ping6 command to see if another site on the network can be reached or to evaluate delays over the path The same link local address may be used by...

Страница 1117: ...lready exists on the network before it is assigned to an interface Duplicate address detection is stopped on any interface that has been suspended see the vlan command While an interface is suspended...

Страница 1118: ...cal address FE80 200 E8FF FE90 0 64 Global unicast address es 2009 DB9 2229 79 subnet is 2009 DB9 2229 0 64 Joined group address es FF01 1 16 FF02 1 16 FF02 1 FF00 79 104 FF02 1 FF90 0 104 IPv6 link M...

Страница 1119: ...obal unicast address es 2009 DB9 2229 79 subnet is 2009 DB9 2229 0 64 Joined group address es FF01 1 16 FF02 1 16 FF02 1 FF00 79 104 FF02 1 FF90 0 104 IPv6 link MTU is 1500 bytes ND DAD is enabled num...

Страница 1120: ...mic entries in the IPv6 neighbor cache Console clear ipv6 neighbors Console show ipv6 neighbors This command displays information in the IPv6 neighbor discovery cache SYNTAX show ipv6 neighbors vlan v...

Страница 1121: ...eceived within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACH state the device takes no special action when sending packets S Stale More than the...

Страница 1122: ...CHAPTER 44 IP Interface Commands IPv6 Interface 1122...

Страница 1123: ...1123 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1125 Troubleshooting on page 1131 License Information on page 1133...

Страница 1124: ...SECTION IV Appendices 1124...

Страница 1125: ...1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttl...

Страница 1126: ...IGMP Snooping Layer 2 Multicast VLAN Registration ADDITIONAL FEATURES BOOTP Client DHCP Client DNS Client Proxy ERPS Ethernet Ring Protection Switching LLDP Link Layer Discover Protocol OAM Operation...

Страница 1127: ...Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC...

Страница 1128: ...B RFC2054 Link Aggregation MIB IEEE 802 3ad MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Priv...

Страница 1129: ...APPENDIX A Software Specifications Management Information Bases 1129 Trap RFC 1215 UDP MIB RFC 2013...

Страница 1130: ...APPENDIX A Software Specifications Management Information Bases 1130...

Страница 1131: ...permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Tr...

Страница 1132: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1133: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1134: ...notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any...

Страница 1135: ...ired to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if y...

Страница 1136: ...ibution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exc...

Страница 1137: ...by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce p...

Страница 1138: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 1139: ...ANs to communicate across switched networks IEEE 802 1P An IEEE standard for providing quality of service QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes...

Страница 1140: ...g to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IN BAND MANAGEMENT Management of the network from a...

Страница 1141: ...is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers This process allows IGMP enabled devices to determine where to send m...

Страница 1142: ...to provide better service to selected traffic flows using features such as data prioritization queuing congestion avoidance and traffic shaping These features effectively provide preferential treatmen...

Страница 1143: ...tion protocol that uses software running on a central server to control access to TACACS compliant devices on the network TCP IP Transmission Control Protocol Internet Protocol Protocol suite that inc...

Страница 1144: ...s of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on...

Страница 1145: ...ion exec 680 auto traffic control 831 auto traffic control action 832 auto traffic control alarm clear threshold 833 auto traffic controlalarm fire threshold 834 auto traffic control apply timer 829 a...

Страница 1146: ...07 dot1x timeout quiet period 702 dot1x timeout re authperiod 703 dot1x timeout start period 708 dot1x timeout supp timeout 703 dot1x timeout tx period 704 efm oam 1066 efm oam critical link event 106...

Страница 1147: ...proxy address 975 ip igmp snooping vlan proxy query interval 976 ip igmp snooping vlan proxy query resp intvl 977 ip igmp snooping vlan static 977 ip name server 1079 ip source guard 748 ip source gua...

Страница 1148: ...ork access dynamic qos 721 network access dynamic vlan 722 network access guest vlan 723 network access link detection 723 network access link detection link down 724 network access link detection lin...

Страница 1149: ...ethernet cfm maintenance points remote detail 1041 show ethernet cfm md 1038 show garp timer 891 show gvrp configuration 892 show history 566 show hosts 1082 show interfaces brief 793 show interfaces...

Страница 1150: ...munity 635 snmp server contact 635 snmp server enable port traps atc broadcast alarm clear 836 snmp server enable port traps atc broadcast alarm fire 836 snmp server enable port traps atc broadcast co...

Страница 1151: ...e 898 switchport native vlan 899 switchport packet rate 791 switchport priority default 932 switchport voice vlan 924 switchport voice vlan priority 925 switchport voice vlan rule 925 switchport voice...

Страница 1152: ...COMMAND LIST 1152...

Страница 1153: ...17 323 768 769 MAC 317 326 774 Standard IP 768 time range 313 624 Address Resolution Protocol See ARP address table 199 841 aging time 201 841 aging time displaying 201 844 aging time setting 201 841...

Страница 1154: ...CP download reference 73 configuration files restoring defaults 106 589 configuration settings restoring 78 108 109 589 591 saving 78 108 589 591 Connectivity Fault Management See CFM console port req...

Страница 1155: ...36 DSCP ingress map drop precedence 244 936 DSCP to PHB drop precedence 244 936 dynamic addresses clearing 203 dynamic addresses displaying 202 843 Dynamic Host Configuration Protocol See DHCP dynamic...

Страница 1156: ...519 977 static multicast routing 524 980 static port assignment 525 977 static router interface 519 980 static router port configuring 524 980 TCN flood 521 966 unregistered data flooding 522 968 ver...

Страница 1157: ...tion settings 276 logon banner configuring 572 loop back messages CFM 437 439 460 1023 1057 loopback detection STA 210 863 M MAC address authentication 292 718 ports configuring 295 718 726 reauthenti...

Страница 1158: ...ort authentication 344 697 699 port priority configuring 235 929 default ingress 235 932 STA 218 868 port security configuring 342 716 port statistics 140 793 ports autonegotiation 130 789 broadcast s...

Страница 1159: ...t handling 373 615 sending log events 373 615 SNMP 389 633 community string 401 635 enabling traps 408 637 filtering IP addresses 340 711 global settings configuring 392 trap manager 408 638 users con...

Страница 1160: ...software 106 591 596 user account 661 663 user password 287 662 663 V VLAN trunking 164 900 VLANs 167 196 887 927 802 1Q tunnel mode 187 904 acceptable frame type 173 896 adding static members 172 89...

Страница 1161: ......

Страница 1162: ...DG FS4526E 042012 HW R01...

Результаты поиска

Содержание DG-FS4526E

Отзывы:

Бренды по названию

Популярные бренды

Digisol DG-FS4526E, Руководство по управлению

Результаты поиска

Содержание DG-FS4526E

Отзывы:

Бренды по названию

Популярные бренды