manualshive.com logo in svg

Edge-Core Direk Tronik 24/48-Port, Руководство по управлению

Поделиться
Скачать
Edge-Core Direk Tronik 24/48-Port Скачать руководство пользователя страница 392

Access Control List Commands

44-4

44

host 

– Keyword followed by a specific IP address.

precedence

 

– IP precedence level. (Range: 0-7)

tos

 

– Type of Service level. (Range: 0-15)

dscp

 

– DSCP priority level. (Range: 0-63)

sport

 – Protocol

1

 source port number. (Range: 0-65535)

dport

 – Protocol

1

 destination port number. (Range: 0-65535)

port-bitmask

 – Decimal number representing the port bits to match. 

(Range: 0-65535)

control-flags

 – Decimal number (representing a bit string) that specifies flag 

bits in byte 14 of the TCP header. (Range: 0-63)

flag-bitmask

 – Decimal number representing the code bits to match.

Default Setting

None

Command Mode

Extended IPv4 ACL

Command Usage

• All new rules are appended to the end of the list.
• Address bitmasks are similar to a subnet mask, containing four integers from 

0 to 255, each separated by a period. The binary mask uses 1 bits to indicate 
“match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the 
specified source IP address, and then compared with the address for each IP 
packet entering the port(s) to which this ACL has been assigned.

• You can specify both Precedence and ToS in the same rule. However, if   

DSCP is used, then neither Precedence nor ToS can be specified.

• The control-code bitmask is a decimal number (representing an equivalent bit 

mask) that is applied to the control code. Enter a decimal number, where the 
equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. 
The following bits may be specified:

- 1 (fin) – Finish
- 2 (syn) – Synchronize
- 4 (rst) – Reset
- 8 (psh) – Push
- 16 (ack) – Acknowledgement
- 32 (urg) – Urgent pointer

For example, use the code value and mask below to catch packets with the 
following flags set: 

- SYN flag valid, use “control-code 2 2”
- Both SYN and ACK valid, use “control-code 18 18”
- SYN valid and ACK invalid, use “control-code 2 18”

1.  Includes TCP, UDP or other protocol types.

Содержание Direk Tronik 24/48-Port

Страница 1: ...Powered by Accton Management Guide ES4524D ES4548D 24 48 Port Gigabit Ethernet Switch e mail info direktronik se tel 08 52 400 700 fax 08 520 18121...

Страница 2: ......

Страница 3: ...hernet Switch Layer 2 Switch with 20 10 100 1000BASE T RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP ES4548D Gigabit Ethernet Switch Layer 2 Switch with 44 10 100 1000BASE T RJ 45 Ports and 4...

Страница 4: ...ES4524D ES4548D F0 0 0 4 E112006 CS R01 149100030400A...

Страница 5: ...10 Community Strings for SNMP version 1 and 2c clients 2 10 Trap Receivers 2 11 Configuring Access for SNMP Version 3 Clients 2 12 Managing System Files 2 12 Saving Configuration Settings 2 13 Sectio...

Страница 6: ...1 Remote Log Configuration 9 2 Displaying Log Messages 9 4 Sending Simple Mail Transfer Protocol Alerts 9 4 Chapter 10 Setting the System Clock 10 1 Configuring SNTP 10 1 Setting the Time Zone 10 2 C...

Страница 7: ...Port Configuration 16 1 Displaying Connection Status 16 1 Configuring Interface Connections 16 4 Showing Port Statistics 16 6 Chapter 17 Creating Trunk Groups 17 1 Statically Configuring a Trunk 17 2...

Страница 8: ...face to a QinQ Tunnel 23 17 Chapter 24 Configuring Private VLANs 24 1 Enabling Private VLANs 24 1 Configuring Uplink and Downlink Ports 24 2 Chapter 25 Configuring Protocol Based VLANs 25 1 Configurin...

Страница 9: ...Configuration 30 1 Cluster Member Configuration 30 2 Cluster Member Information 30 3 Cluster Candidate Information 30 4 Section III Command Line Interface Chapter 31 Using the Command Line Interface 3...

Страница 10: ...s 35 1 copy 35 2 delete 35 4 dir 35 5 whichboot 35 6 boot system 35 7 Chapter 36 Line Commands 36 1 line 36 1 login 36 2 password 36 3 timeout login response 36 4 exec timeout 36 4 password thresh 36...

Страница 11: ...mp 40 2 snmp server community 40 3 snmp server contact 40 4 snmp server location 40 4 snmp server host 40 5 snmp server enable traps 40 7 snmp server engine id 40 8 show snmp engine id 40 9 snmp serve...

Страница 12: ...19 ip ssh server key size 41 19 delete public key 41 20 ip ssh crypto host key generate 41 20 ip ssh crypto zeroize 41 21 ip ssh save host key 41 21 show ip ssh 41 22 show ssh 41 22 show public key 41...

Страница 13: ...4 12 permit deny MAC ACL 44 13 show mac access list 44 14 mac access group 44 15 show mac access group 44 15 ACL Information 44 16 show access list 44 16 show access group 44 16 Chapter 45 Interface C...

Страница 14: ...nning Tree Commands 51 1 spanning tree 51 2 spanning tree mode 51 2 spanning tree forward time 51 3 spanning tree hello time 51 4 spanning tree max age 51 5 spanning tree priority 51 5 spanning tree p...

Страница 15: ...g 52 13 dot1q tunnel system tunnel control 52 14 switchport dot1q tunnel mode 52 14 switchport dot1q tunnel tpid 52 15 show dot1q tunnel 52 16 Displaying VLAN Information 52 16 show vlan 52 17 Chapter...

Страница 16: ...how policy map 56 8 show policy map interface 56 9 Chapter 57 Multicast Filtering Commands 57 1 IGMP Snooping Commands 57 1 ip igmp snooping 57 1 ip igmp snooping vlan static 57 2 ip igmp snooping ver...

Страница 17: ...v6 address autoconfig 60 6 ipv6 address eui 64 60 7 ipv6 address link local 60 9 show ipv6 interface 60 10 ipv6 default gateway 60 12 show ipv6 default gateway 60 12 ipv6 mtu 60 13 show ipv6 mtu 60 14...

Страница 18: ...dix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interfac...

Страница 19: ...iguration Command Modes 31 8 Table 31 3 Keystroke Commands 31 9 Table 32 1 Command Group Index 32 1 Table 33 1 General Commands 33 1 Table 34 1 System Management Commands 34 1 Table 35 1 Flash File Co...

Страница 20: ...s display description 46 10 Table 46 5 show lacp sysid display description 46 11 Table 47 1 Broadcast Storm Control Commands 47 1 Table 48 1 Mirror Port Commands 48 1 Table 49 1 Rate Limit Commands 49...

Страница 21: ...guration Commands 59 1 Table 60 1 IPv6 Configuration Commands 60 1 Table 60 2 show ipv6 interface display description 60 10 Table 60 3 show ipv6 mtu display description 60 14 Table 60 4 show ipv6 traf...

Страница 22: ...xxii Tables...

Страница 23: ...Startup Configuration Settings 6 5 Figure 7 1 Configuring the Console Port 7 2 Figure 8 1 Configuring the Telnet Interface 8 2 Figure 9 1 System Logs 9 2 Figure 9 2 Remote Logs 9 3 Figure 9 3 Displayi...

Страница 24: ...5 LACP Port Counters Information 17 10 Figure 17 6 LACP Port Internal Information 17 12 Figure 17 7 LACP Port Neighbors Information 17 13 Figure 18 1 Port Broadcast Control 18 1 Figure 19 1 Mirror Po...

Страница 25: ...26 11 Figure 26 9 IP Port Priority 26 11 Figure 27 1 Configuring Class Maps 27 3 Figure 27 2 Configuring Policy Maps 27 6 Figure 27 3 Service Policy Settings 27 7 Figure 28 1 IGMP Configuration 28 3 F...

Страница 26: ...xxvi Figures...

Страница 27: ...is section provides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface Introduction 1...

Страница 28: ...Getting Started...

Страница 29: ...up to 32 ACLs 96 MAC rules 96 IP rules and 96 IPv6 rules DHCP Client Supported DNS Proxy service Port Configuration Speed and duplex mode and flow control Rate Limiting Input and output rate limiting...

Страница 30: ...also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the...

Страница 31: ...ss any connection and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 24 trunks Broadcast Storm Control Broadcast suppression prevents broadcast...

Страница 32: ...A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network The switch supports tagged VLANs based on...

Страница 33: ...provides policy based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis Each packet is classified upon entry into the...

Страница 34: ...Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Pass...

Страница 35: ...Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Enabled RSTP Defaults All valu...

Страница 36: ...VLAN configured with an IP address IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled DNS Disabled BOOTP Disabled IGMP Snooping Snooping Enabled Querier Disabled Sys...

Страница 37: ...al console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch...

Страница 38: ...follows Select the appropriate serial port COM port 1 or COM port 2 Set to any of the following baud rates 9600 19200 38400 57600 115200 Note Set to 9600 baud if want to view all the system initializa...

Страница 39: ...ion and use basic utilities To fully configure the switch parameters you must access the CLI at the Privileged Exec level Access to both CLI levels are controlled by user names and passwords The switc...

Страница 40: ...ce and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be accepted by t...

Страница 41: ...hitecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields For detailed information on t...

Страница 42: ...For most networks that encompass several different subnets it s easier to first define a network prefix and then configure the host address for the switch An IPv6 network prefix is composed of an IPv...

Страница 43: ...ipv6 address bits The remaining bits are assigned to the host interface Press Enter 4 Type exit to return to the global configuration mode prompt Press Enter 5 To set the IP address of the IPv6 defaul...

Страница 44: ...ccess the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To...

Страница 45: ...etwork containing more than one subnet the switch can be configured to automatically generate a unique host address based on the local subnet address prefix received in router advertisement messages D...

Страница 46: ...ublic community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However you may assig...

Страница 47: ...are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure...

Страница 48: ...et as a start up file The three types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files c...

Страница 49: ...e start up configuration file using the copy command New startup configuration files must have a name specified File names on the switch are case sensitive can be from 1 to 31 characters must not cont...

Страница 50: ...Initial Configuration 2 14 2...

Страница 51: ...9 1 Setting the System Clock 10 1 Simple Network Management Protocol 11 1 User Authentication 12 1 Configuring Port Security 13 1 Configuring 802 1X Port Authentication 14 1 Access Control Lists 15 1...

Страница 52: ...Switch Management Configuring Domain Name Service 29 1 Switch Clustering 30 1...

Страница 53: ...2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwo...

Страница 54: ...cts with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu lin...

Страница 55: ...t to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent dis...

Страница 56: ...General Prefix Configures IPv6 general prefix for network portion of addresses 5 10 IPv6 Neighbor Configures IPv6 neighbor discover protocol and static neighbors 5 11 Jumbo Frames Enables support for...

Страница 57: ...the host key pair public and private 12 10 Port Security Configures per port security including status response for security breach and maximum allowed MAC addresses 13 1 802 1X Port authentication 1...

Страница 58: ...e output rate limit for each port 20 1 Output Trunk Configuration Sets the output rate limit for each trunk 20 1 Port Statistics Lists Ethernet and RMON port statistics 16 6 Address Table 21 1 Static...

Страница 59: ...23 10 Tunnel Configuration Adds ports to a QinQ tunnel 23 17 Tunnel Trunk Configuration Adds trunks to a QinQ tunnel 23 17 Private VLAN Status Enables or disables the private VLAN 24 1 Link Status Con...

Страница 60: ...ticast router for each VLAN ID 28 4 Static Multicast Router Port Configuration Assigns ports that are attached to a neighboring multicast router 28 5 IP Multicast Registration Table Displays all multi...

Страница 61: ...of time the management agent has been up These additional parameters are displayed for the CLI System Description Brief description of device type MAC Address The physical layer address for this swit...

Страница 62: ...tem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line In...

Страница 63: ...rsion Version number of loader code Console config hostname R D 5 34 1 Console config snmp server location WC 9 40 4 Console config snmp server contact Ted 40 4 Console config exit Console show system...

Страница 64: ...er in stack Redundant Power Status Displays the status of the redundant power supply Web Click System Switch Information Figure 4 2 Switch Information CLI Use the following command to display version...

Страница 65: ...static filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 21 1 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filt...

Страница 66: ...between the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames Command Attributes Jumbo...

Страница 67: ...the stack For a line topology the stack is numbered from top to bottom with the first unit in the stack designated at unit 1 For a ring topology the Master unit taken as the top of the stack and is nu...

Страница 68: ...Basic System Settings 4 8 4...

Страница 69: ...be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4093 By default all ports on the switch are members of VLAN 1 However the management station can be attach...

Страница 70: ...ic Enter the IP address subnet mask and gateway then click Apply Figure 5 1 IPv4 Interface Configuration Manual CLI Specify the management interface IP address and default gateway Console config Conso...

Страница 71: ...n make a console connection to the switch and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then ent...

Страница 72: ...either be manually configured or dynamically assigned Command Usage All IPv6 addresses must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal v...

Страница 73: ...terface and a warning message displayed on the console Command Attributes Management VLAN ID of the configured VLAN 1 4093 By default all ports on the switch are members of VLAN 1 However the manageme...

Страница 74: ...also be set by selecting a preconfigured general prefix for the network portion of the address from the Based on General Prefix scroll down list and marking the check box next to this field to enable...

Страница 75: ...l take precedence over the interface identifier IPv6 addresses are 16 bytes long of which the bottom 8 bytes typically form a unique host identifier based on the device s MAC address The EUI 64 specif...

Страница 76: ...elow A node is also required to compute and join the associated solicited node multicast addresses for every unicast and anycast address it is assigned IPv6 addresses that differ only in the high orde...

Страница 77: ...Click System IPv6 Configuration IPv6 Configuration Set the IPv6 default gateway specify the VLAN to configure enable IPv6 and set the MTU Then enter a global unicast or link local address and click Ad...

Страница 78: ...t be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of ze...

Страница 79: ...scovery to discover each other s presence to determine each other s link layer addresses to find routers and to maintain reachability information about the paths to active neighbors The key parameters...

Страница 80: ...an interface is changed duplicate address detection is performed on the new link local address but not for any of the IPv6 global unicast addresses already associated with the interface Current Neigh...

Страница 81: ...interface from which the address was reached Adding Static Neighbors IPv6 Neighbor Add IPv6 Address The IPv6 address of a neighbor device that can be reached through one of the network interfaces con...

Страница 82: ...entries click Add fill in the IPv6 address VLAN interface and hardware address Then click Add Figure 5 5 IPv6 Neighbor Detection and Neighbor Cache CLI This example maps a static entry for a global u...

Страница 83: ...y assigning it a new name file to tftp Copies a file from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another...

Страница 84: ...address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you repla...

Страница 85: ...as the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmware...

Страница 86: ...a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a fil...

Страница 87: ...ion Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a file on the switch to overwrite or specify a new file na...

Страница 88: ...as the start up configuration use the boot system command and then restart the switch Console copy tftp startup config 35 2 TFTP server ip address 192 168 1 19 Source configuration file name config 1...

Страница 89: ...ts the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the number of data bits per charac...

Страница 90: ...onfig line login local 36 2 Console config line password 0 secret 36 3 Console config line timeout login response 0 36 4 Console config line exec timeout 0 36 4 Console config line password thresh 5 3...

Страница 91: ...detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold...

Страница 92: ...ne command from the Normal Exec level Console config line vty 36 1 Console config line login local 36 2 Console config line password 0 secret 36 3 Console config line timeout login response 300 36 4 C...

Страница 93: ...disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specified l...

Страница 94: ...eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sen...

Страница 95: ...rver host IP address choose the facility type and set the logging trap Console config logging host 10 1 0 9 37 3 Console config logging facility 23 37 3 Console config logging trap 4 37 4 Console conf...

Страница 96: ...vers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used f...

Страница 97: ...s You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Web Click System Log SMTP Enable SMTP specify a source email a...

Страница 98: ...y the current SMTP configuration Console config logging sendmail host 192 168 1 4 38 1 Console config logging sendmail level 3 38 2 Console config logging sendmail source email big wheels matel com 38...

Страница 99: ...ree time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time servers...

Страница 100: ...s 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone S...

Страница 101: ...the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its po...

Страница 102: ...w Notify View Security v1 noAuthNoPriv public read only defaultview none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPri...

Страница 103: ...g that acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the acc...

Страница 104: ...receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is...

Страница 105: ...y available for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The nu...

Страница 106: ...adds a trap manager and enables authentication traps Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch follow these steps 1 If you want to change the default eng...

Страница 107: ...ne ID Enter an ID of up to 26 hexadecimal characters and then click Save Figure 11 4 Setting the SNMPv3 Engine ID CLI This example sets an SNMPv3 engine ID Specifying a Remote Engine ID To send inform...

Страница 108: ...SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The s...

Страница 109: ...Actions Enables the user to be assigned to another SNMPv3 group Web Click SNMP SNMPv3 Users Click New to configure a user name In the New User page define a name and assign it to a group then click A...

Страница 110: ...t on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 11 7 Remote I...

Страница 111: ...inimum of eight plain text characters is required Web Click SNMP SNMPv3 Remote Users Click New to configure a user name In the New User page define a name and assign it to a group then click Add to sa...

Страница 112: ...SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication a...

Страница 113: ...he SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent s...

Страница 114: ...with the master board version This trap binds two objects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 25...

Страница 115: ...hen click Delete Figure 11 8 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read...

Страница 116: ...in the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view W...

Страница 117: ...erver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 40 10 Console config exit Console show snmp view 40 11 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile...

Страница 118: ...Simple Network Management Protocol 11 18 11...

Страница 119: ...read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soo...

Страница 120: ...ecified user names and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Remote Authentication D...

Страница 121: ...specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server...

Страница 122: ...2 Timeout for a reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Server IP Address Address of the T...

Страница 123: ...he connection Console config authentication login radius 41 3 Console config radius server port 181 41 6 Console config radius server key green 41 7 Console config radius server retransmit 5 41 7 Cons...

Страница 124: ...12 3 HTTPS Settings CLI This example enables the HTTP secure server and modifies the port number Replacing the Default Secure site Certificate When you log onto the web interface using HTTPS for secu...

Страница 125: ...ss of a TFTP server Source Certificate File Name The file name of the unique certificate file as provided by the recognized certification authority Source Private File Name The file name of the privat...

Страница 126: ...authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settings page page 12 2 If public key authentication is specified by the client...

Страница 127: ...es the client s password to those stored in memory c If a match is found the connection is allowed Note To use SSH with only password authentication the host public key must still be given to the clie...

Страница 128: ...ributes Public Key of Host Key The public key for the host RSA The first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string...

Страница 129: ...947448320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 6032591968369705343933643844522333518828717389689451172929...

Страница 130: ...120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authe...

Страница 131: ...roup i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an in...

Страница 132: ...example restricts management access for Telnet clients Console config management telnet client 192 168 1 19 41 24 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit...

Страница 133: ...resses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from a...

Страница 134: ...allowed on a port and click Apply Figure 13 1 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address coun...

Страница 135: ...nt provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back...

Страница 136: ...and client also have to support the same EAP authentication type MD5 Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1...

Страница 137: ...are described in this section Command Attributes Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connec...

Страница 138: ...period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds TX Period Sets the time period during an authentication session that the switch waits before r...

Страница 139: ...ontrol enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 23 disabled Single Host ForceAuthorize...

Страница 140: ...he number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenti...

Страница 141: ...4 4 802 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 43 6 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logo...

Страница 142: ...Configuring 802 1X Port Authentication 14 8 14...

Страница 143: ...ding Standard and Extended ACLs IPv6 Standard ACLs and IPv6 Extended ACLs For the ES4524D all ports share this quota For the ES4548D ports 1 24 share a quota of 96 rules and ports 25 50 share another...

Страница 144: ...page for the new list Figure 15 1 Selecting ACL Type CLI This example creates a standard IP ACL named bill Configuring a Standard IPv4 ACL Command Attributes Action An ACL can contain any combination...

Страница 145: ...ny to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default...

Страница 146: ...The control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means...

Страница 147: ...incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes t...

Страница 148: ...sk for source or destination MAC address VID VLAN ID Range 1 4093 VID Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 ff...

Страница 149: ...Ethernet type is 0800 Configuring a Standard IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Address Type Specifies the source IP address Use Any t...

Страница 150: ...229 5 64 Configuring an Extended IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Destination Address Type Specifies the destination IP address Use Any to...

Страница 151: ...63 Flow Label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of service or real time service see...

Страница 152: ...uration Extended IPv6 CLI This example adds three rules 1 Accepts any incoming packets for the destination 2009 DB9 2229 79 48 2 Allows packets to any destination address when the DSCP value is 5 3 Al...

Страница 153: ...s the MAC ACL to bind to a port IPv6 Specifies the IPv6 ACL to bind to a port IN ACL for ingress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port...

Страница 154: ...Access Control Lists 15 12 15...

Страница 155: ...cates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Bac...

Страница 156: ...Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Shows the broadcast storm t...

Страница 157: ...ddress 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast storm Enabled Broadcast storm limit 500 packets second Flow co...

Страница 158: ...led you can force the settings for speed duplex mode and flow control The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operati...

Страница 159: ...t 1 13 45 1 Console config if description RD SW 13 45 2 Console config if shutdown 45 6 Console config if no shutdown Console config if no negotiation 45 3 Console config if speed duplex 100half 45 2...

Страница 160: ...t this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Pac...

Страница 161: ...articular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one colli...

Страница 162: ...r of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than...

Страница 163: ...rt Statistics 16 9 16 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 16 3 Port S...

Страница 164: ...t errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Interna...

Страница 165: ...the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by takin...

Страница 166: ...ts and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fie...

Страница 167: ...ic load is distributed evenly across all links in a trunk the source or destination addresses used in the load balance calculation can be selected to provide the best result for trunk connections The...

Страница 168: ...stination MAC Address All traffic with the same source and destination MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the...

Страница 169: ...tch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full...

Страница 170: ...45 1 Console config if lacp 46 4 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console config if end Console show interfaces status port channel 1 45 8 Informati...

Страница 171: ...tem Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports mus...

Страница 172: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggrega...

Страница 173: ...rity 512 Console config if end Console show lacp sysid 46 8 Channel Group System Priority System MAC Address 1 3 00 00 E9 31 31 31 2 32768 00 00 E9 31 31 31 3 32768 00 00 E9 31 31 31 Console show lacp...

Страница 174: ...net Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry t...

Страница 175: ...ational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not...

Страница 176: ...he LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 46 8 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP S...

Страница 177: ...er s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigne...

Страница 178: ...neighbors Eth 1 2 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 78 AE C0 Partner Admin Port Number 2 Partner Oper Port Number 2 Port Admin Priority 32768 Port...

Страница 179: ...ropped Command Usage Broadcast control does not effect IP multicast traffic The resolution is 1 packet per second pps i e any setting between 500 262143 is acceptable Command Attributes Port1 Port num...

Страница 180: ...nfig interface ethernet 1 2 Console config if switchport broadcast packet rate 600 47 1 Console config if end Console show interfaces switchport ethernet 1 2 45 10 Information of Eth 1 2 Broadcast thr...

Страница 181: ...ic the target port must be included in the same VLAN as the source port when using MSTP see Spanning Tree Algorithm Configuration on page 22 1 Command Attributes Mirror Sessions Displays a list of cur...

Страница 182: ...ck Add Figure 19 1 Mirror Port Configuration CLI Use the interface command to select the monitor port then use the port monitor command to specify the source port Note that default mirroring under the...

Страница 183: ...vidual ports or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is...

Страница 184: ...s example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps Console config interface ethernet 1 1 45 1 Console config if rate limit input 600 49 1 Console config if r...

Страница 185: ...are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attribute...

Страница 186: ...are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this in...

Страница 187: ...kbox select the method of sorting the displayed addresses and then click Query Figure 21 2 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac addres...

Страница 188: ...es disables the aging function Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging tim...

Страница 189: ...signated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as de...

Страница 190: ...STP builds a separate Multiple Spanning Tree MST for each instance to maintain connectivity among each of the assigned VLAN groups MSTP then builds a Internal Spanning Tree IST for the Region containi...

Страница 191: ...ttached LAN If it is a root port a new root port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunk...

Страница 192: ...except for designated ports should receive configuration messages at regular intervals If the root port ages out STA information provided in the last configuration message a new root port is selected...

Страница 193: ...de MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4093 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Ma...

Страница 194: ...sages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1...

Страница 195: ...oot device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then...

Страница 196: ...assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maxi...

Страница 197: ...Configuring Global Settings 22 9 22 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 22 2 STA Global Configuration...

Страница 198: ...here is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then some of them chan...

Страница 199: ...tached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge...

Страница 200: ...arding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port You can enable this option if an interface is a...

Страница 201: ...onal information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay paramete...

Страница 202: ...Gigabit Ethernet 2 000 200 000 Default Ethernet Half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet Half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet Full duple...

Страница 203: ...ts all bridges and LANs within the MST region This switch supports up to 33 instances You should try to group VLANs which cover the same general area of your network However remember that you must con...

Страница 204: ...32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 VLANs in MST Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign t...

Страница 205: ...t root port 7 Current root cost 10000 Number of topology changes 2 Last topology changes time sec 85 Transmission limit 3 Path Cost Method long Eth 1 7 information Admin status enabled Role master Sta...

Страница 206: ...I This displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 22 3 the settings for other instances only app...

Страница 207: ...llowing interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If...

Страница 208: ...ccording to the values shown below Path cost 0 is used to indicate auto configuration mode Range Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default Ether...

Страница 209: ...rovide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs based on th...

Страница 210: ...e VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VL...

Страница 211: ...the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple t...

Страница 212: ...AN 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 23 1 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informati...

Страница 213: ...Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all t...

Страница 214: ...default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID I...

Страница 215: ...ship by Port page to configure VLAN groups based on the port index page 23 9 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged V...

Страница 216: ...tagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from a...

Страница 217: ...lect a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 23 6 VLAN Stat...

Страница 218: ...cluding tagged or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress...

Страница 219: ...ning the group Range 500 18000 centiseconds Default 1000 Mode Indicates VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a dir...

Страница 220: ...ers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer specific VLAN...

Страница 221: ...en the egress process transmits the packet Packets entering a QinQ tunnel port are processed in the following manner 1 New SPVLAN tags are added to all incoming packets no matter how many tags they al...

Страница 222: ...der s network The TPID must be configured on a per port basis and the verification cannot be disabled 3 If the ether type of an incoming packet single or double tagged is equal to the TPID of the upli...

Страница 223: ...Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode see Enabling QinQ Tunnel...

Страница 224: ...23 1 802 1Q Tunnel Status CLI This example sets the switch to operate in QinQ mode Console config dot1q tunnel system tunnel control 52 14 Console config exit Console show dot1q tunnel 52 16 Current...

Страница 225: ...he VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as untagged frames a...

Страница 226: ...Console show dot1q tunnel 52 16 Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x9100 The dot1q tunnel mode of the set int...

Страница 227: ...Ns can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN function Web Click VLAN Private VLAN Status Select Enable...

Страница 228: ...esignated downlink ports Web Click VLAN Private VLAN Link Status Mark the ports that will serve as uplinks and downlinks for the private VLAN then click Apply Figure 24 2 Private VLAN Link Status CLI...

Страница 229: ...these steps 1 First configure VLAN groups for the protocols you want to use page 23 6 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do n...

Страница 230: ...mit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be...

Страница 231: ...ID the corresponding VLAN ID and click Apply Figure 25 2 Protocol VLAN Port Configuration CLI The following maps the traffic entering Port 1 which matches the protocol type specified in protocol grou...

Страница 232: ...Configuring Protocol Based VLANs 25 4 25...

Страница 233: ...then sorted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage...

Страница 234: ...ult 5 55 3 Console config if end Console show interfaces switchport ethernet 1 3 45 10 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP status Disabled Ingress rate limit Dis...

Страница 235: ...plications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes P...

Страница 236: ...ity queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for eac...

Страница 237: ...WRR algorithm to determine the frequency at which it services each priority queue As described in Mapping CoS Values to Egress Queues on page 26 3 the traffic classes are mapped to one of the eight e...

Страница 238: ...hen click Apply Figure 26 4 Queue Scheduling CLI The following example shows how to assign WRR weights to each of the priority queues Console config queue bandwidth 1 3 5 7 9 11 13 15 55 4 Console con...

Страница 239: ...tput queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be...

Страница 240: ...application types ToS bits are defined in the following table Command Attributes IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Service Value Maps a CoS value to the selecte...

Страница 241: ...for different kinds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Prio...

Страница 242: ...rt 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switc...

Страница 243: ...IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note Up...

Страница 244: ...pping specific values for IP Port Priority is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip port 55 7 Console c...

Страница 245: ...ze the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should...

Страница 246: ...onfigures the name and a brief description of a class map Range 1 16 characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class e...

Страница 247: ...1 4093 Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Web Click QoS DiffServ then click Add Class to create a new...

Страница 248: ...gs page 27 7 You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6...

Страница 249: ...r second Burst byte Burst in bytes Exceed Action Specifies whether the traffic that exceeds the specified rate will be dropped or the DSCP service level will be reduced Remove Class Deletes a class Po...

Страница 250: ...27 6 27 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 27 2 Conf...

Страница 251: ...gress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate poli...

Страница 252: ...Quality of Service 27 8 27...

Страница 253: ...2 IGMP Query can be used to actively ask the attached hosts if they want to receive a specific multicast service IGMP Query thereby identifies the ports containing hosts requesting to join the servic...

Страница 254: ...assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast serv...

Страница 255: ...ple modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 57 1 Console config ip igmp snooping querier 57 4 Console config ip igmp snooping...

Страница 256: ...attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch...

Страница 257: ...scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Unit Stack unit Range Always 1 Port or Trunk Specifies the interface attached to...

Страница 258: ...Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propa...

Страница 259: ...erface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to...

Страница 260: ...lays all the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 57 2 Console config exit Console show mac address table multicast vlan...

Страница 261: ...If there is no domain list the default domain name is used If there is a domain list the default domain name is not used When an incomplete host name is received by the DNS service on this switch and...

Страница 262: ...me and a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 58 3 Console config ip domain list sample com uk 5...

Страница 263: ...rk devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a...

Страница 264: ...ck Apply Figure 29 2 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0...

Страница 265: ...4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are...

Страница 266: ...51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POIN...

Страница 267: ...4 to connect to the Member switch Cluster Configuration To create a switch cluster first be sure that clustering is enabled on the switch the default is enabled then set the switch as a Cluster Comma...

Страница 268: ...luster Member Configuration Adds Candidate switches to the cluster as Members Command Attributes Member ID Specify a Member ID number for the selected Candidate switch Range 1 36 MAC Address Select a...

Страница 269: ...information Command Attributes Member ID The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assign...

Страница 270: ...h Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 30 4 Cluster Candidate Information CLI This example shows information about cluster C...

Страница 271: ...Commands 38 1 Time Commands 39 1 SNMP Commands 40 1 User Authentication Commands 41 1 Port Security Commands 42 1 802 1X Port Authentication 43 1 Access Control List Commands 44 1 Interface Commands 4...

Страница 272: ...Command Line Interface Domain Name Service Commands 58 1 IPv4 Interface Commands 59 1 IPv6 Interface Commands 60 1 Switch Cluster Commands 61 1...

Страница 273: ...rivileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your de...

Страница 274: ...ress of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access m...

Страница 275: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username a...

Страница 276: ...Show LACP statistic line TTY line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Set configuration of the address table management Sh...

Страница 277: ...to the default value For example the logging command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all appli...

Страница 278: ...Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new...

Страница 279: ...figuration These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such...

Страница 280: ...s Control List access list ip standard access list ip extended access list mac access list ipv6 standard access list ipv6 extended Console config std acl Console config ext acl Console config mac acl...

Страница 281: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Страница 282: ...Using the Command Line Interface 31 10 31...

Страница 283: ...stricts port access based on source MAC addresses 42 1 IEEE 802 1X Configures IEEE 802 1X port access control 43 1 Access Control List Provides filtering for IPv4 frames based on address protocol TCP...

Страница 284: ...strict priority or weighted round robin relative weight for each priority queue also sets priority for TCP UDP traffic types IP precedence and DSCP 55 1 Quality of Service Configures Differentiated S...

Страница 285: ...change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 41 2 The character is appended to the end of the prompt to indicate that the s...

Страница 286: ...er is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 33 1 configure This command activates Global Configuration mode You must en...

Страница 287: ...d history buffer The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer w...

Страница 288: ...This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree C...

Страница 289: ...configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to...

Страница 290: ...General Commands 33 6 33...

Страница 291: ...mmand Function Mode Page hostname Specifies the host name for the switch GC 34 1 reload Restarts the system PE 34 2 switch renumber Renumbers stack units PE 34 2 jumbo frame Enables support for jumbo...

Страница 292: ...how to reset the switch switch renumber This command resets the switch unit identification numbers in the stack All stack members are numbered sequentially starting from the top unit for a non loop s...

Страница 293: ...frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two...

Страница 294: ...LAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address Layer 4 precedence settings Spanning tree settings An...

Страница 295: ...mbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP server settings SNMP communit...

Страница 296: ...private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable pa...

Страница 297: ...ddress of Telnet client Default Setting None Console show system System Description 24 48 L2 L4 IPV4 IPV6 GE Switch System OID String 1 3 6 1 4 1 259 6 10 84 System information System Up time 0 days 1...

Страница 298: ...Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 4 3 for detailed information on the items displayed by this command Console show users Username acco...

Страница 299: ...t1 Serial Number 0000E8900000 Hardware Version R01 EPLD Version 1 02 Number of Ports 24 Main Power Status Up Redundant Power Status Not present Agent master Unit ID 1 Loader Version 0 0 0 2 Boot ROM V...

Страница 300: ...System Management Commands 34 10 34...

Страница 301: ...guration Settings Configuration settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded to restore switch settings The configuration file can b...

Страница 302: ...system initialization tftp Keyword that allows you to copy to from a TFTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you...

Страница 303: ...cure connection see ip http secure server on page 41 12 Example The following example shows how to download new firmware from a TFTP server The following example shows how to upload the configuration...

Страница 304: ...r code image unit Stack unit Range Always 1 Default Setting None Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file...

Страница 305: ...lash memory Syntax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time op...

Страница 306: ...by this command Table 35 2 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file...

Страница 307: ...n file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range Always 1 The colon is required Default Setting None Command Mode Global Configuration Comm...

Страница 308: ...File Management Commands 35 8 35...

Страница 309: ...assword on a line LC 36 3 timeout login response Sets the interval that the system waits for a login attempt LC 36 4 exec timeout Sets the interval that the command interpreter waits until user input...

Страница 310: ...r name specified with the username command Default Setting login local Command Mode Line Configuration Command Usage There are three authentication modes provided by the switch itself at login login s...

Страница 311: ...ecified Command Mode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system s...

Страница 312: ...ogin attempt is not detected within the timeout interval the connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet canno...

Страница 313: ...ber of failed logon attempts Use the no form to remove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no thresh...

Страница 314: ...35 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration console only Example To set the silent time to 60 seconds enter this command Related Commands pa...

Страница 315: ...y 36 7 parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity De...

Страница 316: ...the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported If you select the auto option the swit...

Страница 317: ...will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 41 22 show users 34 7 show...

Страница 318: ...w line Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent time Disabled Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Passw...

Страница 319: ...se the logging trap command to control the type of error messages that are sent to specified syslog servers Example Table 37 1 Event Logging Commands Command Function Mode Page logging on Controls log...

Страница 320: ...lt Setting Flash errors level 3 0 RAM warnings level 7 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower th...

Страница 321: ...to build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example logging facility This command sets the facility type for remote logging of syslog messages Use t...

Страница 322: ...thout a specified level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no logging trap level One of the syslog severity levels listed in the table on page...

Страница 323: ...command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Display...

Страница 324: ...e message level s reported based on the logging history command Console show logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugg...

Страница 325: ...tored in temporary RAM i e memory flushed on power reset Default Setting None Command Mode Privileged Exec Example The following example shows the event message stored in RAM Console show log ram 1 00...

Страница 326: ...Event Logging Commands 37 8 37...

Страница 327: ...d finally closes the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fai...

Страница 328: ...l or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from...

Страница 329: ...mail address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must...

Страница 330: ...ler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destinati...

Страница 331: ...ervers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This com...

Страница 332: ...is command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is receive...

Страница 333: ...16 16384 seconds Default Setting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 39 1 show sntp This command displays the current time and configuration settings for...

Страница 334: ...ne Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime m...

Страница 335: ...cond Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command M...

Страница 336: ...Time Commands 39 6 39...

Страница 337: ...ommand Function Mode Page snmp server Enables the SNMP agent GC 40 2 show snmp Displays the status of SNMP communications NE PE 40 2 snmp server community Sets up the community access string to permit...

Страница 338: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Страница 339: ...t stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent en...

Страница 340: ...hat describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 40 4 snmp server locatio...

Страница 341: ...55 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like com...

Страница 342: ...nsure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to net...

Страница 343: ...uthentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Страница 344: ...nd Usage An SNMP engine is an independent SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also us...

Страница 345: ...server engine id local 12345 Console config snmp server engineID remote 54321 192 168 1 19 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBo...

Страница 346: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefi...

Страница 347: ...no authentication or with authentication and privacy See Simple Network Management Protocol on page 11 1 for further information about these authentication and encryption options readview Defines the...

Страница 348: ...d users When authentication is selected the MD5 or SHA algorithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For...

Страница 349: ...iew defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volati...

Страница 350: ...P version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain t...

Страница 351: ...e user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote age...

Страница 352: ...r Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Storage Type The storage ty...

Страница 353: ...ssword 0 7 password no username name name The name of the user Maximum length 8 characters case sensitive Maximum users 16 Table 41 1 Authentication Commands Command Group Function Page User Accounts...

Страница 354: ...figuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This example shows how the set the access level and password for a user enable password Af...

Страница 355: ...le 33 1 authentication enable 41 4 Authentication Sequence Three authentication methods can be specified to authenticate users logging into the system for management access The commands in this sectio...

Страница 356: ...uence For example if you enter authentication login radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is a...

Страница 357: ...he TACACS server is not available the local user name and password is checked Example Related Commands enable password sets the password for changing command modes 41 2 RADIUS Client Remote Authentica...

Страница 358: ...on messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access vi...

Страница 359: ...ing None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_ret...

Страница 360: ...fault Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example...

Страница 361: ...tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server netw...

Страница 362: ...not use blank spaces in the string Maximum length 48 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TAC...

Страница 363: ...ample Related Commands ip http server 41 11 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http serve...

Страница 364: ...the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_nu...

Страница 365: ...secure port port_number The UDP port used for HTTPS Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same po...

Страница 366: ...he no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port number used by the Telnet interface port number The TCP port t...

Страница 367: ...enerate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair Table 41 10 Secure Shell Commands Command Function Mode Page ip ssh server Enables the...

Страница 368: ...05553616163105177594083868631109291232226828519254374603100937187721199 69631781366277414168985132049117204830339254324101637997592371449011938 0060902539484084827178194372288402533115952134861022902...

Страница 369: ...he request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whether the supplied key is acceptable for authentication and...

Страница 370: ...nge 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation p...

Страница 371: ...uration Example Related Commands show ip ssh 41 22 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key siz...

Страница 372: ...Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients This command stores the...

Страница 373: ...e host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related...

Страница 374: ...t key dsa Console Console show ip ssh SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username...

Страница 375: ...d by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options fo...

Страница 376: ...41 0719421061655759424590939236096954050362775257556251003866130989393834523 1033280214988866192159556859887989191950588394018138744046890877916030583 7768185490002831341625008348718449522087429212255...

Страница 377: ...u cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by speci...

Страница 378: ...Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 TELN...

Страница 379: ...ut any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresse...

Страница 380: ...nt command to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the...

Страница 381: ...dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 43 2 dot1x port control Sets...

Страница 382: ...x dot1x max req count no dot1x max req count The maximum number of requests Range 1 10 Default 2 Command Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a p...

Страница 383: ...ation mode multi host max count single host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts...

Страница 384: ...ent software Only if re authentication fails is the port blocked Example dot1x re authentication This command enables periodic re authentication for a specified port Use the no form to disable re auth...

Страница 385: ...ult Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re...

Страница 386: ...5 Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x sta...

Страница 387: ...on session before re transmitting EAP packet page 43 6 supplicant timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts max req Maximum number...

Страница 388: ...d 1 1 disabled Single Host ForceAuthorized n a 1 2 disabled Single Host ForceAuthorized n a 1 23 disabled Single Host ForceAuthorized yes 1 24 enabled Single Host Auto yes 802 1X Port Details 802 1X i...

Страница 389: ...ion Page IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code 44 1 IPv6 ACLs Configures ACLs based on IPv6 addresses next header type and flow label...

Страница 390: ...ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed...

Страница 391: ...sets a filter condition for packets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no...

Страница 392: ...ary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering th...

Страница 393: ...st This command displays the rules for configured IPv4 ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Na...

Страница 394: ...age A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show i...

Страница 395: ...Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you mu...

Страница 396: ...ed in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address compr...

Страница 397: ...dscp DSCP priority level Range 0 63 flow label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of...

Страница 398: ...Authentication RFC 2402 50 Encapsulating Security Payload RFC 2406 60 Destination Options RFC 2460 Example This example accepts any incoming packets if the destination address is 2009 DB9 2229 79 48...

Страница 399: ...net Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one IPv6 ACLs can onl...

Страница 400: ...eate a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To...

Страница 401: ...address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask no permit deny untagged eth2 any host source source address bitmask any host de...

Страница 402: ...ter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rul...

Страница 403: ...ce Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new...

Страница 404: ...sole Table 44 5 ACL Information Commands Command Function Mode Page show access list Show all IPv4 ACLs and associated rules PE 44 16 show access group Shows the IPv4 ACLs assigned to each port PE 44...

Страница 405: ...ACL Information 44 17 44 Example Console show access group Interface ethernet 1 2 IP standard access list david MAC access list jerry Console...

Страница 406: ...Access Control List Commands 44 18 44...

Страница 407: ...45 1 description Adds a description to an interface configuration IC 45 2 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 45 2 negotiat...

Страница 408: ...The following example adds a description to port 4 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the d...

Страница 409: ...he required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiation 45 3 capabil...

Страница 410: ...tion 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives...

Страница 411: ...the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal...

Страница 412: ...fp preferred auto Uses SFP port if both combination types are functioning and the SFP port has a valid link Default Setting sfp preferred auto Command Mode Interface Configuration Ethernet Example Thi...

Страница 413: ...e Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This comm...

Страница 414: ...isplayed by this command see Displaying Connection Status on page 16 1 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1...

Страница 415: ...utput 5 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcas...

Страница 416: ...00 packets second LACP status Disabled Ingress rate limit Disable 1000M bits per second Egress rate limit Disable 1000M bits per second VLAN membership mode Hybrid Ingress rule Disabled Acceptable fra...

Страница 417: ...ge 55 3 GVRP status Shows if GARP VLAN Registration Protocol is enabled or disabled page 52 2 Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged p...

Страница 418: ...Interface Commands 45 12 45...

Страница 419: ...cluding communication mode i e speed and duplex mode VLAN assignments and CoS settings Any of the Gigabit ports on the front panel can be trunked together including ports of different media types Tabl...

Страница 420: ...if the port channel admin key is set then the port admin key must be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority is used to select th...

Страница 421: ...enly across all links in a trunk select the source and destination addresses used in the load balance calculation to provide the best result for trunk connections dst ip All traffic with the same dest...

Страница 422: ...source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from many different hosts Example lacp This...

Страница 423: ...G membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 10 Console config if lacp Console config if e...

Страница 424: ...key Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggrega...

Страница 425: ...al LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority m...

Страница 426: ...h the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP set...

Страница 427: ...d Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to...

Страница 428: ...to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the corre...

Страница 429: ...Administrative values of the partner s state parameters See preceding table Oper State Operational values of the partner s state parameters See preceding table Console show lacp sysid Port Channel Sys...

Страница 430: ...Link Aggregation Commands 46 12 46 Example Console show port channel load balance Source and destination IP address Console...

Страница 431: ...s per second Range 500 262143 Default Setting Enabled for all ports Packet rate limit 500 pps Command Mode Interface Configuration Ethernet Command Usage When broadcast traffic exceeds the specified t...

Страница 432: ...Broadcast Storm Control Commands 47 2 47...

Страница 433: ...nfiguration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the d...

Страница 434: ...nd Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from...

Страница 435: ...nforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the...

Страница 436: ...Rate Limit Commands 49 2 49...

Страница 437: ...Range 1 24 48 port channel channel id Range 1 24 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No sta...

Страница 438: ...another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this comm...

Страница 439: ...MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted...

Страница 440: ...0000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show ma...

Страница 441: ...tance MST 51 9 name Configures the name for the multiple spanning tree MST 51 9 revision Configures the revision number for the multiple spanning tree MST 51 10 max hops Configures the maximum number...

Страница 442: ...t switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes d...

Страница 443: ...STP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate...

Страница 444: ...loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree he...

Страница 445: ...s except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port f...

Страница 446: ...t method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifi...

Страница 447: ...de Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configurati...

Страница 448: ...balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all V...

Страница 449: ...g the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same prior...

Страница 450: ...panning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Con...

Страница 451: ...nstances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the...

Страница 452: ...h cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ether...

Страница 453: ...ith the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifie...

Страница 454: ...spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the fast spanning tree mode for the sele...

Страница 455: ...point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the switch derives the...

Страница 456: ...to indicate auto configuration mode Ethernet half duplex 2 000 000 full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex...

Страница 457: ...interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link i...

Страница 458: ...nterface mst instance_id interface ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 instance_id Instance identifier of the multiple s...

Страница 459: ...sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time...

Страница 460: ...figuration This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configura...

Страница 461: ...guration for bridge extension MIB 52 1 Editing VLAN Groups Sets up VLAN groups including name VID and state 52 5 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and...

Страница 462: ...switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information...

Страница 463: ...if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setti...

Страница 464: ...Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media...

Страница 465: ...garp timer 52 4 Editing VLAN Groups vlan database This command enters VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration...

Страница 466: ...elete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed...

Страница 467: ...lan Table 52 4 Commands for Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 52 7 switchport mode Configures VLAN membe...

Страница 468: ...link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as t...

Страница 469: ...xample The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 52 8 switchport ingress filtering This command enables ingress filte...

Страница 470: ...ange 1 4093 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this...

Страница 471: ...nk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used w...

Страница 472: ...signate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Страница 473: ...This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 See switchport dot1q tunnel tpid page 52 1...

Страница 474: ...terfaces switchport 45 10 switchport dot1q tunnel mode This command configures an interface as a QinQ tunnel port Use the no form to disable QinQ on the interface Syntax switchport dot1q tunnel mode a...

Страница 475: ...custom 802 1Q ethertype value on the selected interface This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged...

Страница 476: ...TPID is 0x8100 The dot1q tunnel mode of the set interface 1 2 is Uplink mode TPID is 0x8100 The dot1q tunnel mode of the set interface 1 3 is Normal mode TPID is 0x8100 The dot1q tunnel mode of the s...

Страница 477: ...m 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1...

Страница 478: ...VLAN Commands 52 18 52...

Страница 479: ...e VLAN provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to and from the uplink port Private VLANs and normal VLANs can...

Страница 480: ...an This command displays the configured private VLAN Command Mode Privileged Exec Example Console show pvlan Private VLAN status Enabled Up link port Ethernet 1 12 Down link port Ethernet 1 5 Ethernet...

Страница 481: ...protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protocol...

Страница 482: ...roup identifier of this protocol group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4093 Default Setting No protocol groups are mapped for any interface Comm...

Страница 483: ...2 show protocol vlan protocol group This command shows the frame and protocol type associated with protocol groups Syntax show protocol vlan protocol group group id group id Group identifier for a pr...

Страница 484: ...ce ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting The mapping for all interfaces is displayed Command Mode Privileg...

Страница 485: ...r 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 55 1 Priority Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags t...

Страница 486: ...d Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed b...

Страница 487: ...ames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight...

Страница 488: ...s port by defining scheduling weights Example This example shows how to assign WRR weights to each of the priority queues Related Commands show queue bandwidth 55 6 queue cos map This command assigns...

Страница 489: ...iority for all interfaces Example The following example shows how to change the CoS assignments to a one to one mapping Related Commands show queue cos map 55 6 show queue mode This command shows the...

Страница 490: ...vice priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting None...

Страница 491: ...mple The following example shows how to enable TCP UDP port mapping globally Table 55 4 Priority Commands Layer 3 and 4 Command Function Mode Page map ip port Enables TCP UDP class of service mapping...

Страница 492: ...an be specified for IP Port priority mapping This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Glob...

Страница 493: ...ion Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Serv...

Страница 494: ...t switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable...

Страница 495: ...802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP val...

Страница 496: ...ip port Interface Configuration 55 8 show map ip precedence This command shows the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Stack unit Range...

Страница 497: ...ys 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Default Setting None Command Mode Privileged Exec Example Console show map ip precedence ethernet 1 5 Precedence mapping status d...

Страница 498: ...Class of Service Commands 55 14 55 Related Commands map ip dscp Global Configuration 55 10 map ip dscp Interface Configuration 55 10...

Страница 499: ...mmand to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the...

Страница 500: ...a class map class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter...

Страница 501: ...ration mode Then use the match command to specify the fields within ingress packets that must match to qualify for this class map Only one match command can be entered per class map Example This examp...

Страница 502: ...must create a Class Map page 56 4 before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the...

Страница 503: ...class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and c...

Страница 504: ...2 bytes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of profile packets Command Mode Policy Map Class Conf...

Страница 505: ...map name input Apply to the input traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interfa...

Страница 506: ...QoS policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map nam...

Страница 507: ...unit port unit Stack unit Range Always 1 port Port number Range 1 24 48 port channel channel id Range 1 24 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_c...

Страница 508: ...Quality of Service Commands 56 10 56...

Страница 509: ...owing example enables IGMP snooping Table 57 1 Multicast Filtering Commands Command Groups Function Page IGMP Snooping Configures multicast groups via IGMP snooping or static assignment sets the IGMP...

Страница 510: ...configure a multicast group on a port ip igmp snooping version This command configures the IGMP snooping version Use the no form to restore the default Syntax ip igmp snooping version 1 2 no ip igmp s...

Страница 511: ...known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Displ...

Страница 512: ...is responsible for asking hosts if they want to receive multicast traffic Example Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1...

Страница 513: ...by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping query max response time If the countdown finishes and the client still has not re...

Страница 514: ...ct This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a c...

Страница 515: ...r the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global...

Страница 516: ...n Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over th...

Страница 517: ...lan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include St...

Страница 518: ...Multicast Filtering Commands 57 10 57...

Страница 519: ...rresponding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 58 1 DNS Commands Command Function Mode Page ip...

Страница 520: ...get device Example This example maps two address to a host name clear host This command deletes entries from the DNS table Syntax clear host name name Name of the host Range 1 64 characters Removes al...

Страница 521: ...ration Example Related Commands ip domain list 58 3 ip name server 58 4 ip domain lookup 58 5 ip domain list This command defines a list of domain names that can be appended to incomplete host names i...

Страница 522: ...names to the current list and then displays the list Related Commands ip domain name 58 3 ip name server This command specifies the address of one or more domain name servers to use for name to addre...

Страница 523: ...nables DNS host name to address translation Use the no form to disable DNS Syntax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server...

Страница 524: ...Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end...

Страница 525: ...8 71 81 298 www yahoo akadns net 5 4 CNAME 66 218 71 80 298 www yahoo akadns net 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7...

Страница 526: ...e Service Commands 58 8 58 clear dns cache This command clears all entries in the DNS cache Command Mode Privileged Exec Example Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMA...

Страница 527: ...s mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configura...

Страница 528: ...itch If you assign an IP address to any other VLAN the new IP address overrides the original IP address and this becomes the new management VLAN 2 Before you can change the IP address you must first c...

Страница 529: ...P interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to...

Страница 530: ...show ip redirects This command shows the IPv4 default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 59 2 show ipv6 de...

Страница 531: ...nd Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination...

Страница 532: ...IPv4 Interface Commands 59 6 59...

Страница 533: ...IPv6 on the interface IC 60 7 ipv6 address link local Configures an IPv6 link local address for an interface and enables IPv6 on the interface IC 60 9 show ipv6 interface Displays the usability and c...

Страница 534: ...devices attached to the same local subnet If a duplicate address is detected on the local segment this interface will be disabled and a warning message displayed on the console The no ipv6 enable comm...

Страница 535: ...al value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Default Setting No general prefix is defined Command Mode Gl...

Страница 536: ...full IPv6 address if no general prefix is used or the subsequent bits following the general prefix if one is used followed by the host address bits The address must be formatted according to RFC 2373...

Страница 537: ...at If a duplicate address is detected a warning message is sent to the console Example This example uses the general network prefix of 2009 DB9 2229 48 used in an earlier example and then specifies th...

Страница 538: ...ith an address prefix of FE80 and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console If the router adve...

Страница 539: ...refix i e the network portion of the address Default Setting No IPv6 addresses are defined Command Mode Interface Configuration VLAN Command Usage If a link local address has not yet been assigned to...

Страница 540: ...er to be used on multiple IP interfaces of a single device as long as those interfaces are attached to different subnets Example This example uses the general network prefix of 2001 0DB8 0 1 64 used i...

Страница 541: ...uration VLAN Command Usage The address specified with this command replaces a link local address that was automatically generated for the interface You can configure multiple IPv6 global unicast addre...

Страница 542: ...elds prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Command Mode Normal Exec Privilege...

Страница 543: ...Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as described below A nod...

Страница 544: ...to indicate the appropriate number of zeros required to fill the undefined fields Default Setting No default gateway is defined Command Mode Global Configuration Command Usage A IPv6 default gateway...

Страница 545: ...tion VLAN Command Usage IPv6 routers do not fragment IPv6 packets forwarded from other routers However traffic originating from an end station connected to an IPv6 router may be fragmented All devices...

Страница 546: ...tics about IPv6 traffic passing through this switch Command Mode Normal Exec Privileged Exec Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6...

Страница 547: ...eassembly failures 0 Ipv6 sent sent generated 1435 forwarded 0 fragmented 0 generated fragments 0 Fragmented failed 0 encapsulation failed 0 no route 0 too big 0 Ipv6 mcast mcast received 0 mcast sent...

Страница 548: ...checksum errors 0 length errors 0 no port 1 dropped 0 output 1 TCP Statistics input 1911 checksum errors 0 output 4339 retransmitted 0 Console Table 60 4 show ipv6 traffic display description Field De...

Страница 549: ...te that this is not necessarily a count of discarded IPv6 fragments since some algorithms notably the algorithm in RFC 815 can lose track of the number of fragments by combining them as they are recei...

Страница 550: ...may be a local site or the destination may not have a route back to the source unreach address The number of times that an address is unreachable unreach port The number of times that a port is unrea...

Страница 551: ...eader The number of Send ICMP parameter problem messages caused by an unrecognized header error parameter option The number of Send ICMP parameter problem messages caused by an unrecognized option err...

Страница 552: ...s the system encounter an error when trying to queue the received packet output The total number of UDP datagrams sent from this entity TCP Statistics input The total number of segments received inclu...

Страница 553: ...ress assigned to the interface sending the ping seconds The timeout interval Range 0 to 3600 seconds verbose Displays detailed output Default Setting repeat 5 timeout 2 seconds Command Mode Normal Exe...

Страница 554: ...e undefined fields vlan id VLAN ID Range 1 4093 hardware address The 48 bit MAC layer address for the neighbor device This address must be formatted as six hexadecimal pairs separated by hyphens Defau...

Страница 555: ...n Use the no form to restore the default setting Syntax ipv6 nd dad attempts count no ipv6 nd dad attempts count The number of neighbor solicitation messages sent to determine whether or not a duplica...

Страница 556: ...icate address remain configured while the address is in duplicate state If the link local address for an interface is changed duplicate address detection is performed on the new link local address but...

Страница 557: ...licitation messages when resolving an address or when probing the reachability of a neighbor Therefore avoid using very short intervals for normal IPv6 operations Example The following sets the interv...

Страница 558: ...to fill the undefined fields Default Setting All IPv6 neighbor discovery cache entries are displayed Command Mode Normal Exec No command options are available Privileged Exec All command options are...

Страница 559: ...he forward path was functioning While in STALE state the device takes no action until a packet is sent DELAY More than the ReachableTime interval has elapsed since the last positive confirmation was r...

Страница 560: ...IPv6 Interface Commands 60 28 60...

Страница 561: ...switch the default is enabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to swi...

Страница 562: ...itches only become cluster Members when manually selected by the administrator through the management station Cluster Member switches can be managed through only using a Telnet connection to the Comma...

Страница 563: ...ge the cluster IP pool when the switch is currently in Commander mode Commander mode must first be disabled Example cluster member This command configures a Candidate switch as a cluster Member Use th...

Страница 564: ...g cluster Members using the local console CLI on the Commander is not supported There is no need to enter the username and password for access to the Member switch CLI Example show cluster This comman...

Страница 565: ...network Command Mode Privileged Exec Example Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 12 cf 23 49 c0 Description 24 48 L2 L4 IPV4 IP...

Страница 566: ...Switch Cluster Commands 61 6 61...

Страница 567: ...Section IV Appendices This section provides additional information on the following topics Software Specifications A 1 Troubleshooting B 1 Glossary Index...

Страница 568: ...Appendices...

Страница 569: ...n port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm...

Страница 570: ...P in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protoc...

Страница 571: ...GMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP MIB RFC 2011 IP Multicasting related MIBs IPV6 MIB RFC 2065 IPV6 ICMP MIB RFC 2066 IPV6 TCP MIB RFC 2052 IPV6 UDP MIB...

Страница 572: ...Software Specifications A 4 A TACACS Authentication Client MIB TCP MIB RFC 2012 Trap RFC 1215 UDP MIB RFC 2013...

Страница 573: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Страница 574: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 575: ...ks by employing a well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particul...

Страница 576: ...word is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard GARP VLAN Registrat...

Страница 577: ...ons for VLAN tagging IEEE 802 3x Defines Ethernet frame start stop requests and timers used for flow control on full duplex links IGMP Snooping Listening to IGMP Query and IGMP Report packets transfer...

Страница 578: ...on another device Management Information Base MIB An acronym for Management Information Base It is a set of database objects that contains information about a specific device MD5 Message Digest Algor...

Страница 579: ...ferential treatment to specific flows either by raising the priority of one flow or limiting the priority of another flow Quality of Service QoS QoS refers to the capability of a network to provide be...

Страница 580: ...your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance a...

Страница 581: ...targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of thei...

Страница 582: ...Glossary Glossary 8...

Страница 583: ...10 IP port priority 26 11 55 7 IP precedence 26 8 55 8 layer 3 4 priorities 26 7 55 7 queue mapping 26 3 55 4 queue mode 26 4 55 2 traffic class weights 26 5 55 4 D default IPv4 gateway configuration...

Страница 584: ...es 26 8 55 9 IPv4 address BOOTP DHCP 5 3 59 1 59 3 dynamic configuration 2 8 manual configuration 2 4 setting 2 4 5 1 59 1 IPv6 configuring static neighbors 5 11 60 22 displaying neighbors 5 11 60 22...

Страница 585: ...duplex mode 16 4 45 2 forced selection on combo ports 45 6 speed 16 4 45 2 ports configuring 16 1 45 1 ports mirroring 19 1 48 1 priority default port ingress 26 1 55 3 problems troubleshooting B 1 pr...

Страница 586: ...6 2 35 2 T TACACS logon authentication 12 2 41 9 time setting 10 1 39 1 TPID 23 17 52 15 traffic class weights 26 5 55 4 trap manager 2 11 11 4 40 5 troubleshooting B 1 trunk configuration 17 1 46 1 L...

Страница 587: ......

Страница 588: ...ES4524D ES4548D E112006 CS R01 149100030400A...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды