manualshive.com logo in svg

Edge-Core ECS3510-10PD, Руководство по управлению

Management Manual для Edge-Core ECS3510-10PD доступен для скачивания бесплатно на manualshive.com. Этот manual содержит важную информацию по управлению продуктом. Скачайте его сейчас, чтобы получить полное понимание возможностей данного устройства.

Поделиться
Скачать
background image

C

HAPTER

 13

  |  Security Measures

Configuring 802.1X Port Authentication

–  390  –

ports in a network can be centrally controlled from a server, which means 

that authorized users can use the same credentials for authentication from 

any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) 

to exchange authentication protocol messages with the client, and a 

remote RADIUS authentication server to verify user identity and access 

rights. When a client (i.e., Supplicant) connects to a switch port, the switch 

(i.e., Authenticator) responds with an EAPOL identity request. The client 

provides its identity (such as a user name) in an EAPOL response to the 

switch, which it forwards to the RADIUS server. The RADIUS server verifies 

the client identity and sends an access challenge back to the client. The 

EAP packet from the RADIUS server contains not only the challenge, but 
the authentication method to be used. The client can reject the 

authentication method and request another, depending on the 

configuration of the client software and the RADIUS server. The encryption 

method used to pass authentication messages can be MD5 (Message-

Digest 5), TLS (Transport Layer Security), PEAP (Protected Extensible 

Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The 

client responds to the appropriate method with its credentials, such as a 

password or certificate. The RADIUS server verifies the client credentials 

and responds with an accept or reject packet. If authentication is 

successful, the switch allows the client to access the network. Otherwise, 

non-EAP traffic on the port is blocked or assigned to a guest VLAN based on 

the “intrusion-action” setting. In “multi-host” mode, only one host 

connected to a port needs to pass authentication for all other hosts to be 

granted network access. Similarly, a port can become unauthorized for all 

hosts if one attached host fails re-authentication or sends an EAPOL logoff 

message.

Figure 211:  Configuring Port Security

The operation of 802.1X on the switch requires the following:

The switch must have an IP address assigned.

RADIUS authentication must be enabled on the switch and the IP 

address of the RADIUS server specified.

802.1X must be enabled globally for the switch.

Each switch port that will be used must be set to dot1X “Auto” mode.

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

Содержание ECS3510-10PD

Страница 1: ...Management Guide www edge core com 10 Port Layer 2 Fast Ethernet Switch...

Страница 2: ......

Страница 3: ...MANAGEMENT GUIDE ECS3510 10PD FAST ETHERNET SWITCH Layer 2 Switch with 8 10 100BASE TX RJ 45 Ports and 2 Gigabit Combination Ports RJ 45 SFP ECS3510 10PD E032014 ST R03 149100000179A...

Страница 4: ......

Страница 5: ...e used throughout this guide to show information NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could c...

Страница 6: ...page 177 Added sections Displaying Transceiver Data on page 166 Configuring Transceiver Thresholds on page 167 and Configuring Load Balancing on page 187 Added the section Creating CVLAN to SPVLAN Map...

Страница 7: ...under ERPS Ring Configuration on page 502 and added the section ERPS Forced and Manual Mode Operations on page 518 Added the sections Configuring a Remote Loop Back Test on page 564 and Displaying Re...

Страница 8: ...d ip dhcp snooping limit rate on page 910 Added the commands ipv6 dhcp snooping option remote id on page 919 and ipv6 dhcp snooping option remote id policy on page 920 Added MAC and ACL mode options f...

Страница 9: ...faces on page 1158 Updated syntax for class map on page 1188 command Added cos parameter to match on page 1190 command Added commands clear ip igmp snooping groups dynamic on page 1222 and clear ip ig...

Страница 10: ...s clear efm oam event log on page 1374 efm oam remote loopback on page 1375 and efm oam remote loopback test on page 1376 Added the section DHCP Relay Option 82 on page 1397 Updated parameter descript...

Страница 11: ...ptions 79 Required Connections 80 Remote Connections 81 Basic Configuration 82 Console Connection 82 Setting Passwords 82 Disabling PSE Check for Network Connections 83 Setting an IP Address 83 Downlo...

Страница 12: ...System Files 128 Automatic Operation Code Upgrade 129 Setting the System Clock 133 Setting the Time Manually 133 Setting the SNTP Polling Interval 134 Configuring NTP 135 Configuring Time Servers 136...

Страница 13: ...unking 194 6 VLAN CONFIGURATION 197 IEEE 802 1Q VLANs 197 Configuring VLAN Groups 200 Adding Static Members to VLANs 202 Configuring Dynamic VLAN Registration 207 IEEE 802 1Q Tunneling 210 Enabling Qi...

Страница 14: ...Timers 270 Configuring ATC Thresholds and Responses 271 10 CLASS OF SERVICE 275 Layer 2 Queue Settings 275 Setting the Default Priority for Interfaces 275 Selecting the Queue Mode 276 Mapping CoS Val...

Страница 15: ...Port Link Detection 339 Configuring a MAC Address Filter 340 Displaying Secure MAC Address Information 342 Configuring HTTPS 343 Configuring Global Settings for HTTPS 343 Replacing the Default Secure...

Страница 16: ...4 Source Guard 404 Configuring Static Bindings for IPv4 Source Guard 406 Displaying Information for Dynamic IPv4 Source Guard Bindings 408 IPv6 Source Guard 409 Configuring Ports for IPv6 Source Guard...

Страница 17: ...rs 473 Creating SNMP Notification Logs 477 Showing SNMP Statistics 479 Remote Monitoring 481 Configuring RMON Alarms 482 Configuring RMON Events 484 Configuring RMON History Samples 486 Configuring RM...

Страница 18: ...M Event Log 562 Displaying the Status of Remote Interfaces 563 Configuring a Remote Loop Back Test 564 Displaying Results of Remote Loop Back Testing 566 15 IP CONFIGURATION 569 Using the Ping Functio...

Страница 19: ...fying Static Interfaces for a Multicast Router 622 Assigning Interfaces to Multicast Services 624 Setting IGMP Snooping Status per Interface 626 Filtering IGMP Query Packets and Multicast Data 632 Dis...

Страница 20: ...ssigning Static MVR6 Multicast Groups to Interfaces 678 Displaying MVR6 Receiver Groups 679 Displaying MVR6 Statistics 680 SECTION III COMMAND LINE INTERFACE 685 18 USING THE COMMAND LINE INTERFACE 68...

Страница 21: ...nner configure dc power info 711 banner configure department 711 banner configure equipment info 712 banner configure equipment location 713 banner configure ip lan 713 banner configure lp number 714...

Страница 22: ...e Commands 733 upgrade opcode auto 733 upgrade opcode path 734 upgrade opcode reload 735 show upgrade 736 TFTP Configuration Commands 736 ip tftp retry 736 ip tftp timeout 737 show ip tftp 737 Line 73...

Страница 23: ...ion email 757 logging sendmail source email 758 show logging sendmail 758 Time 759 SNTP Commands 760 sntp client 760 sntp poll 761 sntp server 761 show sntp 762 NTP Commands 762 ntp authenticate 762 n...

Страница 24: ...ow power source check 783 show power source status 783 21 SNMP COMMANDS 785 General SNMP Commands 787 snmp server 787 snmp server community 787 snmp server contact 788 snmp server location 788 show sn...

Страница 25: ...ction history 810 rmon collection rmon1 811 show rmon alarms 812 show rmon events 812 show rmon history 812 show rmon statistics 813 23 AUTHENTICATION COMMANDS 815 User Accounts and Privilege Levels 8...

Страница 26: ...update 833 aaa authorization exec 834 aaa group server 835 server 835 accounting dot1x 836 accounting commands 836 accounting exec 837 authorization exec 837 show accounting 838 Web Server 839 ip htt...

Страница 27: ...x max reauth req 857 dot1x max req 858 dot1x operation mode 858 dot1x port control 859 dot1x re authentication 860 dot1x timeout quiet period 860 dot1x timeout re authperiod 861 dot1x timeout supp tim...

Страница 28: ...83 show port security 883 Network Access MAC Address Authentication 885 network access aging 886 network access mac filter 887 mac authentication reauth time 888 network access dynamic qos 888 network...

Страница 29: ...ng verify mac address 910 ip dhcp snooping vlan 911 ip dhcp snooping information option circuit id 912 ip dhcp snooping trust 913 clear ip dhcp snooping binding 914 clear ip dhcp snooping database fla...

Страница 30: ...Inspection 938 ip arp inspection 939 ip arp inspection filter 940 ip arp inspection log buffer logs 941 ip arp inspection validate 942 ip arp inspection vlan 943 ip arp inspection limit 944 ip arp ins...

Страница 31: ...t deny Extended IPv4 ACL 960 ip access group 962 show ip access group 963 show ip access list 963 IPv6 ACLs 964 access list ipv6 964 permit deny Standard IPv6 ACL 965 permit deny Extended IPv6 ACL 966...

Страница 32: ...rfaces status 993 show interfaces switchport 994 Transceiver Threshold Configuration 996 transceiver monitor 996 transceiver threshold auto 996 transceiver threshold current 997 transceiver threshold...

Страница 33: ...21 28 PORT MIRRORING COMMANDS 1023 Local Port Mirroring Commands 1023 port monitor 1023 show port monitor 1025 RSPAN Mirroring Commands 1026 rspan source 1028 rspan destination 1029 rspan remote vlan...

Страница 34: ...ps atc multicast control apply 1049 snmp server enable port traps atc multicast control release 1049 ATC Display Commands 1050 show auto traffic control 1050 show auto traffic control interface 1050 3...

Страница 35: ...panning tree bpdu filter 1083 spanning tree bpdu guard 1084 spanning tree cost 1085 spanning tree edge port 1086 spanning tree link type 1087 spanning tree loopback detection 1087 spanning tree loopba...

Страница 36: ...ve 1109 propagate tc 1113 raps def mac 1114 raps without vc 1114 ring port 1116 rpl neighbor 1117 rpl owner 1118 version 1119 wtr timer 1120 clear erps statistics 1120 erps clear 1121 erps forced swit...

Страница 37: ...itchport dot1q tunnel service match cvid 1149 switchport dot1q tunnel tpid 1151 show dot1q tunnel 1152 Configuring L2CP Tunneling 1153 l2protocol tunnel tunnel dmac 1153 switchport l2protocol tunnel 1...

Страница 38: ...default 1176 show queue mode 1177 show queue weight 1177 Priority Commands Layer 3 and 4 1178 qos map cos dscp 1178 qos map dscp mutation 1180 qos map phb queue 1181 qos map trust mode 1182 show qos...

Страница 39: ...213 ip igmp snooping version 1214 ip igmp snooping version exclusive 1214 ip igmp snooping vlan general query suppression 1215 ip igmp snooping vlan immediate leave 1216 ip igmp snooping vlan last mem...

Страница 40: ...icast data drop 1240 MLD Snooping 1241 ipv6 mld snooping 1242 ipv6 mld snooping querier 1242 ipv6 mld snooping query interval 1243 ipv6 mld snooping query max response time 1243 ipv6 mld snooping robu...

Страница 41: ...w ipv6 mld query drop 1259 show ipv6 mld throttle interface 1259 MVR for IPv4 1260 mvr 1261 mvr associated profile 1262 mvr domain 1262 mvr group 1263 mvr priority 1264 mvr profile 1264 mvr proxy quer...

Страница 42: ...mvr6 groups dynamic 1294 clear mvr6 statistics 1294 show mvr6 1295 show mvr6 associated profile 1296 show mvr6 interface 1296 show mvr6 members 1297 show mvr6 profile 1299 show mvr6 statistics 1299 39...

Страница 43: ...otification 1320 show lldp config 1321 show lldp info local device 1322 show lldp info remote device 1323 show lldp info statistics 1325 40 CFM COMMANDS 1327 Defining CFM Structures 1330 ethernet cfm...

Страница 44: ...1354 ethernet cfm mep crosscheck 1355 show ethernet cfm maintenance points remote crosscheck 1356 Link Trace Operations 1356 ethernet cfm linktrace cache 1356 ethernet cfm linktrace cache hold time 13...

Страница 45: ...how efm oam status remote interface 1380 42 DOMAIN NAME SERVICE COMMANDS 1381 ip domain list 1381 ip domain lookup 1382 ip domain name 1383 ip host 1384 ip name server 1385 ipv6 host 1386 clear dns ca...

Страница 46: ...ARP Configuration 1410 arp timeout 1411 clear arp cache 1411 show arp 1412 IPv6 Interface 1412 Interface Address Configuration and Utilities 1413 ipv6 default gateway 1413 ipv6 address 1414 ipv6 addr...

Страница 47: ...ipv6 nd snooping binding 1445 clear ipv6 nd snooping prefix 1445 show ipv6 nd snooping 1446 show ipv6 nd snooping binding 1446 show ipv6 nd snooping prefix 1446 SECTION IV APPENDICES 1449 A SOFTWARE S...

Страница 48: ...CONTENTS 48...

Страница 49: ...uring NTP 136 Figure 15 Specifying SNTP Time Servers 137 Figure 16 Adding an NTP Time Server 138 Figure 17 Showing the NTP Time Server List 138 Figure 18 Adding an NTP Authentication Key 139 Figure 19...

Страница 50: ...ion Parameters for a Static Trunk 176 Figure 49 Showing Information for Static Trunks 177 Figure 50 Configuring Dynamic Trunks 177 Figure 51 Configuring the LACP Aggregator Admin Key 180 Figure 52 Ena...

Страница 51: ...gure 84 Configuring Protocol VLANs 220 Figure 85 Displaying Protocol VLANs 221 Figure 86 Assigning Interfaces to Protocol VLANs 222 Figure 87 Showing the Interface to Protocol Group Mapping 223 Figure...

Страница 52: ...iguring MSTP Interface Settings 262 Figure 120 Displaying MSTP Interface Settings 263 Figure 121 Configuring Rate Limits 266 Figure 122 Configuring Storm Control 268 Figure 123 Storm Control by Limiti...

Страница 53: ...ing 322 Figure 158 Configuring AAA Accounting Methods 322 Figure 159 Showing AAA Accounting Methods 323 Figure 160 Configuring AAA Accounting Service for 802 1X Service 323 Figure 161 Configuring AAA...

Страница 54: ...ing an ACL 360 Figure 192 Showing a List of ACLs 361 Figure 193 Configuring a Standard IPv4 ACL 362 Figure 194 Configuring an Extended IPv4 ACL 365 Figure 195 Configuring a Standard IPv6 ACL 366 Figur...

Страница 55: ...a VLAN 420 Figure 228 Configuring the Port Mode for DHCP Snooping 421 Figure 229 Displaying the Binding Table for DHCP Snooping 423 Figure 230 Configuring Settings for System Memory Logs 427 Figure 23...

Страница 56: ...Pv1 476 Figure 264 Configuring Trap Managers SNMPv2c 476 Figure 265 Configuring Trap Managers SNMPv3 477 Figure 266 Showing Trap Managers 477 Figure 267 Creating SNMP Notification Logs 479 Figure 268...

Страница 57: ...ains 534 Figure 301 Creating Maintenance Associations 537 Figure 302 Showing Maintenance Associations 538 Figure 303 Configuring Detailed Settings for Maintenance Associations 538 Figure 304 Configuri...

Страница 58: ...336 Configuring an IPv6 Address 587 Figure 337 Showing Configured IPv6 Addresses 588 Figure 338 Showing IPv6 Neighbors 589 Figure 339 Showing IPv6 Statistics IPv6 594 Figure 340 Showing IPv6 Statistic...

Страница 59: ...g and Throttling 639 Figure 373 Creating an IGMP Filtering Profile 640 Figure 374 Showing the IGMP Filtering Profiles Created 640 Figure 375 Adding Multicast Groups to an IGMP Filtering Profile 641 Fi...

Страница 60: ...ng MVR6 Group Address Profiles 674 Figure 405 Assigning an MVR6 Group Address Profile to a Domain 675 Figure 406 Showing MVR6 Group Address Profiles Assigned to a Domain 675 Figure 407 Configuring Int...

Страница 61: ...iority Mapping 279 Table 15 CoS Priority Levels 279 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 280 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 284 Table 18 D...

Страница 62: ...e 47 Device Designation Commands 707 Table 48 Banner Commands 708 Table 49 System Status Commands 717 Table 50 Frame Size Commands 725 Table 51 Flash File Commands 726 Table 52 File Directory Informat...

Страница 63: ...PoE Intermediate Agent Commands 872 Table 85 show pppoe intermediate agent statistics display description 878 Table 86 General Security Commands 879 Table 87 Management IP Filter Commands 880 Table 88...

Страница 64: ...Commands 1037 Table 121 Loopback Detection Commands 1053 Table 122 UniDirectional Link Detection Commands 1059 Table 123 show udld display description 1062 Table 124 Address Table Commands 1065 Table...

Страница 65: ...nds 1228 Table 157 IGMP Filtering and Throttling Commands 1229 Table 158 IGMP Authentication RADIUS Attribute Value Pairs 1233 Table 159 MLD Snooping Commands 1241 Table 160 IGMP Filtering and Throttl...

Страница 66: ...ault notify generator display description 1365 Table 188 OAM Commands 1369 Table 189 Address Table Commands 1381 Table 190 show dns cache display description 1388 Table 191 show hosts display descript...

Страница 67: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 68: ...SECTION I Getting Started 68...

Страница 69: ...ion Powered Device Can be powered over Ethernet cable by IEEE 802 3af PSE Configuration Backup and Restore Using management station or FTP TFTP server Authentication Console Telnet web user name passw...

Страница 70: ...e Supports dynamic data switching and addresses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Algorithm Supports standard STP...

Страница 71: ...e ports While PPPoE Intermediate Agent supports authentication of a client for a service provider ACCESS CONTROL LISTS ACLs provide packet filtering for IP frames based on address protocol TCP UDP por...

Страница 72: ...specific port IP ADDRESS FILTERING Access to insecure ports can be controlled using DHCP Snooping which filters ingress traffic based on static IP addresses and addresses stored in the DHCP Snooping t...

Страница 73: ...n a designated service area by using continuity check messages which can detect faults in maintenance points fault verification through loop back messages and fault isolation with link trace messages...

Страница 74: ...e QUALITY OF SERVICE Differentiated Services DiffServ provides policy based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per ho...

Страница 75: ...DP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory a...

Страница 76: ...Community Strings public read only private read write Traps Authentication traps enabled Link up down events enabled SNMP V3 View defaultview Group public read only private read write Port Configurat...

Страница 77: ...0 Default Gateway 0 0 0 0 DHCP Client Enabled DNS Proxy service Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled Multicast VLAN Registration Disable...

Страница 78: ...CHAPTER 1 Introduction System Defaults 78...

Страница 79: ...andard web browser such as Internet Explorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The switch s web management interface can be accessed from any computer attached to the net...

Страница 80: ...h provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatibl...

Страница 81: ...n IP Address on page 83 NOTE If no user defined configuration files have been set see Managing System Files on page 93 and you remove the startup1 cfg file or set the Factory_Default_Config cfg file a...

Страница 82: ...ation procedure starts 2 At the User Name prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the C...

Страница 83: ...can send IPv4 configuration requests to BOOTP or DHCP address allocation servers on the network or can automatically generate a unique IPv6 host address based on the local subnet address prefix recei...

Страница 84: ...config ip default gateway 192 168 1 254 ASSIGNING AN IPV6 ADDRESS This section describes how to configure a link local address for connectivity within the local subnet only and also how to configure...

Страница 85: ...attempts 3 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND adv...

Страница 86: ...r the network to which the switch belongs type ipv6 default gateway gateway where gateway is the IPv6 address of the default gateway Press Enter Console config interface vlan 1 Console config if ipv6...

Страница 87: ...use this command when DHCP is configured on a VLAN and the member ports which were previously shut down are now enabled If the bootp or dhcp option is saved to the startup config file step 6 then the...

Страница 88: ...local address for the switch complete the following steps 1 From the Global Configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 Type ipv6 enable an...

Страница 89: ...0 CFF FE00 FD 64 subnet is 2001 DB8 2222 7272 64 AUTOCONFIG valid lifetime 2591978 preferred lifetime 604778 Joined group address es FF02 1 FF00 FD FF02 1 FF11 6700 FF02 1 IPv6 link MTU is 1500 bytes...

Страница 90: ...configuration file to the switch the DHCP daemon using a Linux based system for this example must be configured with the following information Options 60 66 and 67 statements can be added to the daemo...

Страница 91: ...ntifier es3510ma cfg option tftp server name 192 168 255 101 option bootfile name test NOTE Use es3510ma cfg for the vendor class identifier in the dhcpd conf file ENABLING SNMP MANAGEMENT ACCESS The...

Страница 92: ...you change the default community strings To configure a community string complete the following steps 1 From the Privileged Exec level global configuration mode prompt type snmp server community stri...

Страница 93: ...he IEEE 802 1d bridge MIB It assigns these respective read and read write views to a group call r d and specifies group authentication via MD5 or SHA In the last step it assigns a v3 user to this grou...

Страница 94: ...st be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that configuration...

Страница 95: ...e to FLASH finish Success Console To restore configuration settings from a backup server enter the following command 1 From the Privileged Exec mode prompt type copy tftp startup config and press Ente...

Страница 96: ...CHAPTER 2 Initial Switch Configuration Managing System Files 96...

Страница 97: ...ement Tasks on page 119 Interface Configuration on page 151 VLAN Configuration on page 197 Address Table Settings on page 229 Spanning Tree Algorithm on page 239 Congestion Control on page 265 Class o...

Страница 98: ...SECTION II Web Configuration 98...

Страница 99: ...page 83 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setti...

Страница 100: ...assword The administrator has Read Write access to all configuration parameters and statistics The default user name and password for the administrator is admin HOME PAGE When your web browser connect...

Страница 101: ...f the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control...

Страница 102: ...ows the transfer and copying files 124 Set Startup Sets the startup file 127 Show Shows the files stored in flash memory allows deletion of files 128 Automatic Operation Code Upgrade Automatically upg...

Страница 103: ...any cable faults short open etc and report the cable length 172 Trunk Static 174 Configure Trunk 174 Add Creates a trunk along with the first port member 174 Show Shows the configured trunk identifier...

Страница 104: ...VLAN groups to pass through the specified interface 194 VLAN Virtual LAN 197 Static Add Creates VLAN groups 200 Show Displays configured VLAN groups 200 Modify Configures group name and administrative...

Страница 105: ...learned entries 232 Show Dynamic MAC Displays dynamic entries in the address table 233 Clear Dynamic MAC Removes any learned entries from the forwarding database and clears the transmit and receive c...

Страница 106: ...traffic thresholds the control response to automatically release a response of rate limiting or to send related SNMP trap messages 271 Priority Default Priority Sets the default priority for each por...

Страница 107: ...igned to the voice traffic 308 Security 311 AAA Authentication Authorization and Accounting 312 System Authentication Configures authentication sequence local RADIUS and TACACS 313 Server 314 Configur...

Страница 108: ...gure Global Enables aging for authenticated MAC addresses and sets the time period after which a connected MAC address must be reauthenticated 336 Configure Interface 337 General Enables MAC authentic...

Страница 109: ...Configure VLAN Enables ARP inspection on specified VLANs 380 Configure Interface Sets the trust mode for ports and sets the rate limit for packet inspection 382 Show Information Show Statistics Displa...

Страница 110: ...s the logging of messages to a remote logging process 428 SMTP Sends an SMTP client message to a participating server 429 LLDP 431 Configure Global Configures global LLDP timing parameters 431 Configu...

Страница 111: ...ured groups and access policies 462 Configure User Add Community Configures community strings and access mode 466 Show Community Shows community strings and access mode 466 Add SNMPv3 Local User Confi...

Страница 112: ...S rings status and settings 502 Configure Details Configures ring parameters 502 CFM Connectivity Fault Management 522 Configure Global Configures global settings including administrative status cross...

Страница 113: ...covered by the CFM protocol 551 Show Remote MEP Shows MEPs located on other devices which have been discovered through continuity check messages or statically configured in the MEP database 551 Show R...

Страница 114: ...switch 595 IP Service 597 DNS Domain Name Service General 597 Configure Global Enables DNS lookup defines the default domain name appended to incomplete host names 597 Add Domain Name Defines a list...

Страница 115: ...router either through static or dynamic configuration 622 IGMP Member 624 Add Static Member Statically assigns multicast addresses to the selected VLAN 624 Show Static Member Shows multicast addresse...

Страница 116: ...tion 646 MLD Member 648 Add Static Member Statically assigns multicast addresses to the selected VLAN 648 Show Static Member Shows multicast addresses statically configured on the selected VLAN 648 Sh...

Страница 117: ...stream addresses 673 Associate Profile 673 Add Maps an address profile to a domain 673 Show Shows addresses profile to domain mapping 673 Configure Interface Configures MVR interface type and immedia...

Страница 118: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 118...

Страница 119: ...files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port Sets console port connection parameters Configuring Telnet Settings...

Страница 120: ...ystem Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To configure general system information 1 Click System General 2 Specify the system n...

Страница 121: ...Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as Master or Slave EPLD Version Version number of EEPROM Programmable Logic De...

Страница 122: ...ystem Management Commands on page 707 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is...

Страница 123: ...st addresses Refer to Setting Static Addresses on page 231 VLAN Version Number Based on IEEE 802 1Q 1 indicates Bridges that support only single spanning tree SST operation and 2 indicates Bridges tha...

Страница 124: ...ystem File Copy page to upload download firmware or configuration settings using FTP TFTP or HTTP By backing up a file to an FTP TFTP server or management station that file can later be downloaded to...

Страница 125: ...access File Type Specify Operation Code to copy firmware File Name The file name should not contain slashes or and the maximum length for file names is 32 characters for files on the switch or 127 ch...

Страница 126: ...gs to a local file on the switch The configuration settings are not automatically saved by the system for subsequent use when the switch is rebooted You must save these settings to the current startup...

Страница 127: ...5 Then click Apply Figure 8 Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file reboot the system via the System Reset menu SETTING...

Страница 128: ...System File Show page to show the files in the system directory or to delete a file NOTE Files designated for start up and the Factory_Default_Config cfg file cannot be deleted CLI REFERENCES dir on...

Страница 129: ...RL The file name of the code stored on the remote server must be es3510ma bix using upper case and lower case letters exactly as indicated here Enter the file name for other switches described in this...

Страница 130: ...e switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image PARAMETERS The following parameters are displayed Automatic Opcode Upgr...

Страница 131: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL Examples The following...

Страница 132: ...3 Mark the check box to enable Automatic Opcode Upgrade 4 Enter the URL of the FTP or TFTP server and the path and directory containing the operation code 5 Click Apply Figure 11 Configuring Automati...

Страница 133: ...time server IP addresses The switch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY Use the System Time Configure General Manual page to set the system time on t...

Страница 134: ...S Time on page 759 PARAMETERS The following parameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time u...

Страница 135: ...between the switch and NTP servers Default Disabled You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers The authentication keys and their a...

Страница 136: ...address for up to three SNTP time servers CLI REFERENCES sntp server on page 761 PARAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three...

Страница 137: ...ll the time servers configured the responses received are filtered and compared to determine the most reliable and accurate time update for the switch Version Specifies the NTP version supported by th...

Страница 138: ...cation key list CLI REFERENCES ntp authentication key on page 763 PARAMETERS The following parameters are displayed Authentication Key Specifies the number of the key in the NTP Authentication Key Lis...

Страница 139: ...ct Add NTP Authentication Key from the Action list 4 Enter the index number and MD5 authentication key string 5 Click Apply Figure 18 Adding an NTP Authentication Key To show the list of configured NT...

Страница 140: ...d time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 770 PARAMETERS The following parameters are displayed Direction Con...

Страница 141: ...ds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface become...

Страница 142: ...to the console connection see login on page 741 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts...

Страница 143: ...rrently opened for Telnet and Secure Shell i e both Telnet and SSH share a maximum number or eight sessions Login Timeout Sets the interval that the system waits for a user to log into the CLI If a lo...

Страница 144: ...le port 1 Click System then Telnet 2 Specify the connection parameters as required 3 Click Apply Figure 22 Telnet Connection Settings DISPLAYING CPU UTILIZATION Use the System CPU Utilization page to...

Страница 145: ...soon as a new setting is selected Figure 23 Displaying CPU Utilization DISPLAYING MEMORY UTILIZATION Use the System Memory Status page to display memory utilization parameters CLI REFERENCES show mem...

Страница 146: ...ys run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command see copy on page 728 PARAMETERS The foll...

Страница 147: ...59 At Specifies a time at which to reload the switch DD The day of the month at which to reload Range 01 31 MM The month at which to reload Range 01 12 YYYY The year at which to reload Range 1970 203...

Страница 148: ...the System 148 3 For any option other than to reset immediately fill in the required parameters 4 Click Apply 5 When prompted confirm that you want reset the switch Figure 25 Restarting the Switch Imm...

Страница 149: ...CHAPTER 4 Basic Management Tasks Resetting the System 149 Figure 27 Restarting the Switch At Figure 28 Restarting the Switch Regularly...

Страница 150: ...CHAPTER 4 Basic Management Tasks Resetting the System 150...

Страница 151: ...Displaying Transceiver Data Displays identifying information and operational parameters for optical transceivers which support DDM Configuring Transceiver Thresholds Configures thresholds for alarm a...

Страница 152: ...the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or trunk If not us...

Страница 153: ...0 Mbps full duplex operation 100h Supports 100 Mbps half duplex operation 100f Supports 100 Mbps full duplex operation 1000f Gigabit ports only Supports 1000 Mbps full duplex operation FC Flow control...

Страница 154: ...dvertise or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page 152 CLI REFERENCES I...

Страница 155: ...splayed Port Port identifier Type Indicates the port type 100BASE FX 100BASE TX 1000BASE T 100BASE SFP 1000BASE SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indi...

Страница 156: ...ng as described in this section or from one or more source ports on remote switches to a destination port on this switch remote port mirroring as described in Configuring Remote Port Mirroring on page...

Страница 157: ...or the traffic on the source port Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Both WEB INTERFACE To configure a local mirror session 1 C...

Страница 158: ...to any RSPAN destination port monitoring the RSPAN VLAN as shown in the figure below Figure 35 Configuring Remote Port Mirroring CLI REFERENCES RSPAN Mirroring Commands on page 1026 COMMAND USAGE Traf...

Страница 159: ...this switch RSPAN Ports Only ports can be configured as an RSPAN source destination or uplink static and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface so...

Страница 160: ...c from one or more sources to one or more destinations Destination Specifies this device as a switch configured with a destination port which is to receive mirrored traffic for this session Remote VLA...

Страница 161: ...d and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the traffic exiting the destination port to the monitoring device car...

Страница 162: ...statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per seco...

Страница 163: ...el protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Received Unknown Packets The number of packets r...

Страница 164: ...ets Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less than 64 octets long e...

Страница 165: ...op down list 4 Use the Clear button to reset statistics or the Refresh button to update the screen Figure 39 Showing Port Statistics Table To show a chart of port statistics 1 Click Interface Port Cha...

Страница 166: ...and operational for optical transceivers which support Digital Diagnostic Monitoring DDM CLI REFERENCES show interfaces transceiver on page 1002 PARAMETERS These parameters are displayed Port Port nu...

Страница 167: ...nctional parameters for optical transceivers 1 Click Interface Port Transceiver 2 Select a port from the scroll down list Figure 41 Displaying Transceiver Data CONFIGURING TRANSCEIVER THRESHOLDS Use t...

Страница 168: ...gital Diagnostic Monitoring DDM provides information on transceiver parameters Trap Sends a trap when any of the transceiver s operation values falls outside of specified thresholds Default Disabled A...

Страница 169: ...eshold and the last sample value was greater than the threshold After a falling event has been generated another such event will not be generated until the sampled value has risen above the low thresh...

Страница 170: ...OMMAND USAGE Cable diagnostics are performed using Time Domain Reflectometry TDR test methods DSP analyses the cable by sending a pulsed signal into the cable and then examining the reflection of that...

Страница 171: ...failures as well as the status and approximate distance to a fault or the approximate cable length if no fault is found To ensure more accurate measurement of the length to a fault first disable powe...

Страница 172: ...t is only accurate for cables 7 140 meters long The test takes approximately 5 seconds The switch displays the results of the test immediately upon completion including common cable failures as well a...

Страница 173: ...was tested WEB INTERFACE To test the cable attached to a port 1 Click Interface Port Cable Test 2 Click Test for any port to start the cable test Figure 44 Performing Cable Tests TRUNK CONFIGURATION T...

Страница 174: ...he devices at both ends When using a port trunk take note of the following points Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating...

Страница 175: ...configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface PARAMETERS These parameters are displayed Trunk ID Tru...

Страница 176: ...port for an additional trunk member 6 Click Apply Figure 47 Adding Static Trunks Members To configure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure General...

Страница 177: ...igure 50 Configuring Dynamic Trunks CLI REFERENCES Link Aggregation Commands on page 1009 COMMAND USAGE To avoid creating a loop in the network be sure you enable LACP before connecting the ports and...

Страница 178: ...he switch Range 0 65535 Timeout Mode The timeout to wait for the next LACP data unit LACPDU Long Timeout Specifies a slow timeout of 90 seconds This is the default setting Short Timeout Specifies a fa...

Страница 179: ...If a link goes down LACP port priority is used to select a backup link Range 0 65535 Default 32768 Setting a lower value indicates a higher effective priority If an active port link goes down the back...

Страница 180: ...ep list 3 Set the Admin Key and timeout mode for the required LACP group 4 Click Apply Figure 51 Configuring the LACP Aggregator Admin Key To enable LACP for a port 1 Click Interface Trunk Dynamic 2 S...

Страница 181: ...st 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 53 Configuring LACP Parameters on a Port To show the active members of a dyna...

Страница 182: ...4 Modify the required interface settings See Configuring by Port List on page 152 for a description of the interface settings 5 Click Apply Figure 55 Configuring Connection Settings for Dynamic Trunk...

Страница 183: ...Table 8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marke...

Страница 184: ...CPDU information Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive m...

Страница 185: ...rnal 5 Select a group member from the Port list Figure 58 Displaying LACP Port Internal Information Admin State Oper State continued Aggregation The system considers this link to be aggregatable i e a...

Страница 186: ...n Information Parameter Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port...

Страница 187: ...IP Address All traffic with the same destination IP address is output on the same link in a trunk This mode works best for switch to router trunk links where traffic through the switch is destined fo...

Страница 188: ...C Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from man...

Страница 189: ...on exists When using power savings mode the switch checks for energy on the circuit to determine if there is a link partner If none is detected the switch automatically turns off the transmitter and m...

Страница 190: ...rs are displayed Port Power saving mode only applies to the Gigabit Ethernet ports using copper media Power Saving Status Adjusts the power provided to ports based on the length of the cable used to c...

Страница 191: ...e access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation...

Страница 192: ...ed on the settings specified by other functions such as VLANs and spanning tree protocol A port cannot be configured in both an uplink and downlink list A port can only be assigned to one traffic segm...

Страница 193: ...erface to the segmented group by setting the direction to uplink or downlink Default Uplink Interface Displays a list of ports or trunks Port Port Identifier Range 1 10 Trunk Trunk Identifier Range 1...

Страница 194: ...ge 1144 COMMAND USAGE Use this feature to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1...

Страница 195: ...instance either STP RSTP or an MSTP instance depending on the selected STA mode If both VLAN trunking and ingress filtering are disabled on an interface packets with unknown VLAN tags will still be al...

Страница 196: ...CHAPTER 5 Interface Configuration VLAN Trunking 196 Figure 66 Configuring VLAN Trunking...

Страница 197: ...each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffi...

Страница 198: ...a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other V...

Страница 199: ...assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When t...

Страница 200: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Страница 201: ...ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows if RSPAN is enabled on this VLAN see Configuring Remote Port Mirroring on page 158 WE...

Страница 202: ...howing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a range of interfaces Use the menus for editing port memb...

Страница 203: ...unk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the...

Страница 204: ...port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is f...

Страница 205: ...re static members by the VLAN index 1 Click VLAN Static 2 Select Edit Member by VLAN from the Action list 3 Set the Interface type to display as Port or Trunk 4 Modify the settings for any interface a...

Страница 206: ...LAN Members by Interface To configure static members by interface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port or...

Страница 207: ...dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend...

Страница 208: ...e for VLAN group participants and the port leaving the group This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Ra...

Страница 209: ...ic 2 Select Configure Interface from the Step list 3 Set the Interface type to display as Port or Trunk 4 Modify the GVRP status or timers for any interface 5 Click Apply Figure 76 Configuring GVRP fo...

Страница 210: ...rvice Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers m...

Страница 211: ...outer tag is stripped for packet processing When the packet exits another trunk port on the same core switch the same SPVLAN tag is again added to the packet When a packet enters the trunk port on the...

Страница 212: ...ith two tags both an outer tag and inner tag 4 The switch sends the packet to the proper egress port 5 If the egress port is an untagged member of the SPVLAN the outer tag will be stripped If it is a...

Страница 213: ...ss port 8 If the egress port is an untagged member of the SPVLAN the outer tag will be stripped If it is a tagged member the outgoing packet will have two tags Configuration Limitations for QinQ The n...

Страница 214: ...ort to join the SPVLAN as a tagged member see Adding Static Members to VLANs on page 202 ENABLING QINQ TUNNELING ON THE SWITCH Use the VLAN Tunnel Configure Global page to configure the switch to oper...

Страница 215: ...tached to a tunnel port is using a non standard ethertype to identify 802 1Q tagged frames 4 Click Apply Figure 80 Enabling QinQ Tunneling CREATING CVLAN TO SPVLAN MAPPING ENTRIES Use the VLAN Tunnel...

Страница 216: ...r to network interface and service provider interfaces as uplink interfaces that is a network to network interface Use the Configure Interface page described in the next section to set an interface to...

Страница 217: ...nel Configure Interface page to set the tunnel mode for any participating interface CLI REFERENCES Configuring IEEE 802 1Q Tunneling on page 1146 COMMAND USAGE Use the Configure Global page to set the...

Страница 218: ...egregate and preserve customer VLAN IDs for traffic crossing the service provider network Uplink Configures QinQ tunneling for an uplink port to another device within the service provider network WEB...

Страница 219: ...y we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to...

Страница 220: ...ng Protocol VLAN rule via the console Alternately the switch can be power cycled however all unsaved configuration changes will be lost WEB INTERFACE To configure a protocol group 1 Click VLAN Protoco...

Страница 221: ...terfaces will admit traffic of any protocol type into the associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is t...

Страница 222: ...onfigure Interface from the Step list 3 Select Add from the Action list 4 Select a port or trunk 5 Enter the identifier for a protocol group 6 Enter the corresponding VLAN to which the protocol traffi...

Страница 223: ...ry If no IP subnet is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID CLI REFERENCES Configuring IP Subnet VLANs on page 1161 COMMAND USAGE Each IP subnet...

Страница 224: ...assigned to untagged ingress traffic Range 0 7 where 7 is the highest priority Default 0 WEB INTERFACE To map an IP subnet to a VLAN 1 Click VLAN IP Subnet 2 Select Add from the Action list 3 Enter an...

Страница 225: ...uring MAC Based VLANs on page 1163 COMMAND USAGE The MAC to VLAN mapping applies to all ports on the switch Source MAC addresses can be mapped to only one VLAN ID Configured MAC addresses cannot be br...

Страница 226: ...s in the MAC Address field 4 Enter an identifier in the VLAN field Note that the specified VLAN need not already be configured 5 Enter a value to assign to untagged frames in the Priority field 6 Clic...

Страница 227: ...bled the target port can receive a mirrored packet twice once from the source mirror port and again from the source mirrored VLAN The target port receives traffic from all monitored source VLANs and c...

Страница 228: ...mirroring 1 Click VLAN Mirror 2 Select Add from the Action list 3 Select the source VLAN and select a target port 4 Click Apply Figure 92 Configuring VLAN Mirroring To show the VLANs to be mirrored 1...

Страница 229: ...ed source address to a target port CONFIGURING MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on pa...

Страница 230: ...ity Status see Configuring Port Security on page 387 is enabled on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range...

Страница 231: ...ress is seen on another interface the address will be ignored and will not be written to the address table Static addresses will not be removed from the address table when a given interface link is do...

Страница 232: ...dresses CHANGING THE AGING TIME Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned fo...

Страница 233: ...source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated...

Страница 234: ...or Interface 5 Click Query Figure 98 Displaying the Dynamic MAC Address Table CLEARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from t...

Страница 235: ...port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner CLI REFERENCES Local...

Страница 236: ...matching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed Source MAC MAC address in the form of xx xx xx xx xx xx or xxxxxxxxxxxx Target P...

Страница 237: ...ess Table Settings Configuring MAC Address Mirroring 237 To show the MAC addresses to be mirrored 1 Click MAC Address Mirror 2 Select Show from the Action list Figure 101 Showing the Source MAC Addres...

Страница 238: ...CHAPTER 7 Address Table Settings Configuring MAC Address Mirroring 238...

Страница 239: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 240: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 241: ...de for communications with STP or RSTP nodes in the global network Figure 104 Spanning Tree Common Internal Common Internal MSTP connects all bridges and LAN segments with a single Common and Internal...

Страница 242: ...loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection wi...

Страница 243: ...e will be automatically enabled when the shutdown interval has expired If an interface is shut down due to a detected loopback and the release mode is set to Manual the interface can be re enabled usi...

Страница 244: ...he RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridg...

Страница 245: ...y is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the...

Страница 246: ...lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconverge All device ports except for desi...

Страница 247: ...ure key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision3 The revision for this MSTI Range 0 65535 Default 0 Region Name3...

Страница 248: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 248 Figure 106 Configuring Global Settings for STA STP Figure 107 Configuring Global Settings for STA RSTP...

Страница 249: ...ing tree on page 1096 show spanning tree mst configuration on page 1098 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique ide...

Страница 250: ...CE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 109 Displaying Global Settings for STA CO...

Страница 251: ...g network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter...

Страница 252: ...ding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to reb...

Страница 253: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Страница 254: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Страница 255: ...bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root whic...

Страница 256: ...Step list 3 Select Show Information from the Action list Figure 112 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 257: ...bridges within the same MSTI Region page 244 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Страница 258: ...lect Configure Global from the Step list 3 Select Add from the Action list 4 Specify the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP...

Страница 259: ...from the Step list 3 Select Show from the Action list Figure 114 Displaying MST Instances To modify the priority for an MST instance 1 Click Spanning Tree MSTP 2 Select Configure Global from the Step...

Страница 260: ...isplaying Global Settings for STA on page 249 Figure 116 Displaying Global Settings for an MST Instance To add additional VLAN groups to an MSTP instance 1 Click Spanning Tree MSTP 2 Select Configure...

Страница 261: ...ands on page 1071 PARAMETERS These parameters are displayed MST ID Instance identifier to configure Default 0 Interface Displays a list of ports or trunks STA Status Displays the current state of this...

Страница 262: ...media and higher values assigned to ports with slower media Path cost takes precedence over port priority Note that when the Path Cost Method is set to short page 244 the maximum path cost is 65 535 B...

Страница 263: ...Interface Settings for MSTP 263 To display MSTP parameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Show Information from the Action list...

Страница 264: ...CHAPTER 8 Spanning Tree Algorithm Configuring Interface Settings for MSTP 264...

Страница 265: ...e Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface Rat...

Страница 266: ...Traffic Storm Control page to configure broadcast multicast and unknown unicast storm control thresholds Traffic storms may occur when a device on your network is malfunctioning or if application prog...

Страница 267: ...y lead to unexpected results It is therefore not advisable to use both of these commands on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Ty...

Страница 268: ...rams Figure 123 Storm Control by Limiting the Traffic Rate Storm Alarm FireTRAP Alarm Fire Threshold 1 255kpps AlarmClear Threshold 1 255kpps Traffic kpps Time Traffic without storm control Traffic wi...

Страница 269: ...ffic Control Release Trap sent and logged Note that if the control action has shut down a port it can only be manually re enabled using Manual Control Release see page 271 The traffic control response...

Страница 270: ...nse it must be manually re enabled using the Manual Control Release see page 271 PARAMETERS These parameters are displayed in the web interface Broadcast Apply Timer The interval after the upper thres...

Страница 271: ...Automatic storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be ap...

Страница 272: ...packets per second Default 128 kpps If rate limiting has been configured as a control response and Auto Control Release is enabled rate limiting will be discontinued after the traffic rate has fallen...

Страница 273: ...to Traffic Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response of...

Страница 274: ...CHAPTER 9 Congestion Control Automatic Traffic Control 274...

Страница 275: ...cessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Страница 276: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 127 Setting the Default Port Priority...

Страница 277: ...rvice time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode applies to al...

Страница 278: ...lected the queue weight can be modified if required 4 If the queue mode that uses a combination of strict and weighted queueing is selected the queues which are serviced first must be specified by ena...

Страница 279: ...ndard as shown in Table 14 The following table indicates the default mapping of internal per hop behavior to the hardware queues The actual mapping may differ if the CoS priorities to internal DSCP va...

Страница 280: ...s 1 Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Select a port 4 Map an internal PHB to a hardware queue Depending on how an ingress packet is processed internally bas...

Страница 281: ...n these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may...

Страница 282: ...rmat Indicator values are used for priority processing if the packet is tagged For an untagged packet the default port priority see page 275 is used for priority processing If the QoS mapping mode is...

Страница 283: ...er per hop behavior and drop precedence for any of the DSCP values 0 63 This map is only used when the priority mapping mode is set to DSCP see page 282 and the ingress packet type is IPv4 Any attempt...

Страница 284: ...PHB Drop Values ingress dscp1 ingress dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3...

Страница 285: ...in Table 18 on page 286 Enter up to eight CoS CFI paired values per hop behavior and drop precedence If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop P...

Страница 286: ...the frame is in canonical format Range 0 1 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for Random Early Detection in controlling traffi...

Страница 287: ...ngs 287 Figure 136 Configuring CoS to DSCP Internal Mapping To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list 3 Select a p...

Страница 288: ...CHAPTER 10 Class of Service Layer 3 4 Priority Settings 288...

Страница 289: ...ferent kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets i...

Страница 290: ...igured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign...

Страница 291: ...cluding standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP value contained in an IPv6 packet Range 0 63 VLAN ID A...

Страница 292: ...edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic f...

Страница 293: ...A policy map is then configured which indicates the boundary parameters used for monitoring inbound traffic and the action to take for conforming and non conforming traffic A policy map may contain on...

Страница 294: ...excess burst size and red otherwise The meter operates in one of two modes In the color blind mode the meter assumes that the packet stream is uncolored In color aware mode the meter assumes that som...

Страница 295: ...eeding the maximum throughput or exceeding the peak burst size The PHB label is composed of five bits three bits for per hop behavior and two bits for the color scheme used to control queue congestion...

Страница 296: ...he trTCM can be used to mark a IP packet stream in a service where different decreasing levels of assurances either absolute or relative are given to packets which are green yellow or red Refer to RFC...

Страница 297: ...Values to Internal PHB Drop Values on page 284 Set IP DSCP Configures the service provided to ingress traffic by setting an IP DSCP value for a matching packet as specified in rule settings for a clas...

Страница 298: ...vice value or drop a packet the switch will also mark the two color bits used to set the drop precedence of a packet for Random Early Detection The color modes include Color Blind which assumes that t...

Страница 299: ...ate In addition to the actions defined by this command to transmit remark the DSCP service value or drop a packet the switch will also mark the two color bits used to set the drop precedence of a pack...

Страница 300: ...l will be reduced Set IP DSCP Decreases DSCP priority for out of conformance traffic Range 0 63 Drop Drops out of conformance traffic Violate Specifies whether the traffic that exceeds the peak inform...

Страница 301: ...p list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigned to the matching...

Страница 302: ...Policies 302 Figure 144 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Страница 303: ...terface Only one policy map can be bound to an interface The switch does not allow a policy map to be bound to an interface for egress traffic PARAMETERS These parameters are displayed Port Specifies...

Страница 304: ...CHAPTER 11 Quality of Service Attaching a Policy Map to a Port 304...

Страница 305: ...acket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP...

Страница 306: ...hip is not set to access mode see Adding Static Members to VLANs on page 202 PARAMETERS These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch p...

Страница 307: ...I REFERENCES Configuring Voice VLANs on page 1164 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 8...

Страница 308: ...affic VoIP 2 Select Configure OUI from the Step list 3 Select Show from the Action list Figure 149 Showing an OUI Telephony List CONFIGURING VOIP TRAFFIC PORTS Use the Traffic VoIP Configure Interface...

Страница 309: ...e VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch Packets received from non VoIP sour...

Страница 310: ...will be removed from voice VLAN when VoIP traffic is no longer received on the port Alternatively if you clear the MAC address table manually then the switch will also start counting down the Remaini...

Страница 311: ...ork Access authentication methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure...

Страница 312: ...ized as follows Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for s...

Страница 313: ...local or remote authentication Local authentication restricts management access based on user names and passwords manually configured on the switch Remote authentication uses a remote access authentic...

Страница 314: ...s 1 Click Security AAA System Authentication 2 Specify the authentication sequence i e one to three methods 3 Click Apply Figure 151 Configuring the Authentication Sequence CONFIGURING REMOTE LOGON AU...

Страница 315: ...rd pair The user name password and privilege level must be configured on the authentication server The encryption methods used for the authentication process must also be configured or negotiated betw...

Страница 316: ...nticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Confirm Authentication Key Re type the string entered in the previous field to ensure no errors were...

Страница 317: ...racters Sequence at Priority Specifies the server and sequence to use for the group Range 1 5 for RADIUS 1 for TACACS When specifying the priority sequence for a sever the server index must already be...

Страница 318: ...te Authentication Server TACACS To configure the RADIUS or TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select...

Страница 319: ...the Action list Figure 156 Showing AAA Server Groups CONFIGURING AAA ACCOUNTING Use the Security AAA Accounting page to enable accounting of requested services for billing or security purposes and al...

Страница 320: ...64 characters Note that the method name is only used to describe the accounting method configured on the specified RADIUS or TACACS servers No information is sent to the servers about the method to u...

Страница 321: ...e accounting service Method Name Displays the user defined or default accounting method Server Group Name Displays the accounting server group Interface Displays the port console or Telnet interface t...

Страница 322: ...ting 2 Select Configure Method from the Step list 3 Select Add from the Action list 4 Select the accounting type 802 1X Command Exec 5 Specify the name of the accounting method and server group name 6...

Страница 323: ...to specific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3...

Страница 324: ...rvice Figure 162 Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types 1 Click Security A...

Страница 325: ...to specific interfaces CLI REFERENCES AAA on page 830 COMMAND USAGE This feature performs authorization to determine if a user is allowed to run an Exec shell AAA authentication through a RADIUS or TA...

Страница 326: ...d method name to apply to console connections VTY Method Name Specifies a user defined method name to apply to Telnet connections Show Information Authorization Type Displays the authorization service...

Страница 327: ...signed server group 1 Click Security AAA Authorization 2 Select Configure Method from the Step list 3 Select Show from the Action list Figure 166 Showing AAA Authorization Methods To configure the aut...

Страница 328: ...s to the switch based on manually configured user names and passwords CLI REFERENCES User Accounts and Privilege Levels on page 816 COMMAND USAGE The default guest name is guest with the password gues...

Страница 329: ...access all of the commands assigned to lower privilege levels For example privilege level 8 can access all commands assigned to privilege levels 7 0 according to default settings and to any other com...

Страница 330: ...ntication are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except f...

Страница 331: ...e enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Range 300 3600...

Страница 332: ...s for the port Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply En...

Страница 333: ...ddress authentication feature to work properly See Configuring Remote Logon Authentication Servers on page 314 NOTE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access...

Страница 334: ...e configured on the RADIUS server Tunnel Type VLAN Tunnel Medium Type 802 Tunnel Private Group ID 1u 2t VLAN ID list The VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute...

Страница 335: ...ion result remains unchanged The Filter ID attribute cannot be found to carry the user profile The Filter ID attribute is empty The Filter ID attribute format for dynamic QoS assignment is unrecogniza...

Страница 336: ...ddresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authentication as described on page 392 Authenticated MAC addresses are stored as dynamic e...

Страница 337: ...number of MAC addresses that can be authenticated on a port via MAC authentication that is the Network Access process described in this section Range 1 1024 Default 1024 Network Access Max MAC Count5...

Страница 338: ...assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses mapped to that port are cleared from the secure MAC address table Dynami...

Страница 339: ...RS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condition The link event type which will trigger the port action Link up Onl...

Страница 340: ...e to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port C...

Страница 341: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Страница 342: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Страница 343: ...CES Web Server on page 839 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Страница 344: ...interface is not supported for HTTPS using an IPv6 link local address PARAMETERS These parameters are displayed HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Defaul...

Страница 345: ...nique certificate and a private key and password from a recognized certification authority CAUTION For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earlies...

Страница 346: ...g the certificate to the switch Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not...

Страница 347: ...both password and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentica...

Страница 348: ...Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Setti...

Страница 349: ...ed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks wheth...

Страница 350: ...s the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Server Key Size Specifie...

Страница 351: ...y pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch an...

Страница 352: ...Click Clear Figure 183 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be st...

Страница 353: ...a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version...

Страница 354: ...4 protocol port number or TCP control code IPv6 frames based on address DSCP or next header type or any frames based on MAC address or Ethernet type To filter incoming packets first create an access l...

Страница 355: ...entries in TCAM where n is the fixed number of TCAM entries needed for one ACE When compression is employed before writing the ACE into TCAM the software compresses the ACEs to reduce the number of re...

Страница 356: ...and one of the periodic time ranges PARAMETERS These parameters are displayed Add Time Range Name Name of a time range Range 1 16 characters Add Rule Time Range Name of a time range Mode Absolute Spe...

Страница 357: ...t 3 Select Show from the Action list Figure 187 Showing a List of Time Ranges To configure a rule for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Add Ru...

Страница 358: ...Time Range SHOWING TCAM UTILIZATION Use the Security ACL Configure ACL Show TCAM page to show utilization parameters for TCAM Ternary Content Addressable Memory including the number policy control ent...

Страница 359: ...r of policy control entries available for use Entries Used by System The number of policy control entries used by the operating system Entries Used by User The number of policy control entries used by...

Страница 360: ...P control code IPv6 Standard IPv6 ACL mode filters packets based on the source IPv6 address IPv6 Extended IPv6 ACL mode filters packets based on the source or destination IP address as well as DSCP an...

Страница 361: ...of ACLs matching the selected type Action An ACL can contain any combination of permit or deny rules Address Type Specifies the source IP address Use Any to include all possible addresses Host to spec...

Страница 362: ...Specify the action i e Permit or Deny 7 Select the address type Any Host or IP 8 If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range 9...

Страница 363: ...er for the specified protocol type Range 0 65535 Source Destination Port Bit Mask Decimal number representing the port bits to match Range 0 65535 Protocol Specifies the protocol type to match as TCP...

Страница 364: ...me range WEB INTERFACE To add rules to an IPv4 Extended ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IP Extended from the Type lis...

Страница 365: ...permit or deny rules Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specif...

Страница 366: ...3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type...

Страница 367: ...exadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Source Destination Prefix Length A decimal value indicat...

Страница 368: ...elect IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefix 8 If you select Host enter a...

Страница 369: ...nge with the Address and Bit Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source or de...

Страница 370: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific address e g 11 22 33 44...

Страница 371: ...Default IP Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field or...

Страница 372: ...e Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If you selec...

Страница 373: ...n page 975 Time Range on page 773 COMMAND USAGE This switch supports ACLs for ingress filtering only You only bind one ACL to any port for ingress filtering PARAMETERS These parameters are displayed T...

Страница 374: ...nner CLI REFERENCES Local Port Mirroring Commands on page 1023 COMMAND USAGE ACL based mirroring is only used for ingress traffic To mirror an ACL follow these steps 1 Create an ACL as described in th...

Страница 375: ...st 4 Select a port 5 Select the name of an ACL from the ACL list 6 Click Apply Figure 200 Configuring ACL Mirroring To show the ACLs to be mirrored 1 Select Configure Interface from the Step list 2 Se...

Страница 376: ...for ingress traffic ACL Name The ACL bound this port Action Shows if action is to permit or deny specified packets Rules Shows the rules for the ACL bound to this port Time Range Name of a time range...

Страница 377: ...database see DHCP Snooping Configuration on page 418 This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs ARP Inspection can also validate ARP...

Страница 378: ...EFERENCES ARP Inspection on page 938 COMMAND USAGE ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the following validations enables ARP Inspectio...

Страница 379: ...will be replaced with the newest entry PARAMETERS These parameters are displayed ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection Validation Enables extended ARP I...

Страница 380: ...ARP Inspection on page 938 COMMAND USAGE ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disabled ARP Inspection ACLs are configured within the AR...

Страница 381: ...s selected and static mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database When an ARP ACL is selected but static mode is not...

Страница 382: ...P Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limit Sets th...

Страница 383: ...rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP...

Страница 384: ...og page to show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 946 PARAMETERS These parameters...

Страница 385: ...Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the swi...

Страница 386: ...address es for the Telnet group All Configures IP address es for all groups Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTER...

Страница 387: ...uthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message CLI REFERENCES Port S...

Страница 388: ...tions If port security is enabled on a port that port cannot be set as an RSPAN uplink port source port or destination port Also when a port is configured as an RSPAN uplink port source port or destin...

Страница 389: ...1 Click Security Port Security 2 Mark the check box in the Security Status column to enable security set the action to take when an invalid address is detected on a port and set the maximum number of...

Страница 390: ...ocol or TTLS Tunneled Transport Layer Security The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials an...

Страница 391: ...tion Control Sets the global setting for 802 1X Default Disabled EAPOL Pass Through Passes EAPOL frames through to all ports in STP forwarding state when dot1x is globally disabled Default Disabled Wh...

Страница 392: ...obally for the switch and configure EAPOL Pass Through if required Then set the user name and password to use when the switch responds an MD5 challenge from the authentication server 4 Click Apply Fig...

Страница 393: ...s by the setting the control mode to Force Authorized on this page and enabling the PAE supplicant on the Supplicant configuration page PARAMETERS These parameters are displayed Port Port number Statu...

Страница 394: ...the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Supplicant Timeout Sets the time that a switch port waits f...

Страница 395: ...ge 200 and mapped on each port See Configuring Network Access for Ports on page 337 Supplicant List Supplicant MAC address of authorized client Authenticator PAE State Machine State Current state incl...

Страница 396: ...henticator CONFIGURING PORT SUPPLICANT SETTINGS FOR 802 1X Use the Security Port Authentication Configure Interface Supplicant page to configure 802 1X port settings for supplicant requests issued fro...

Страница 397: ...displayed Port Port number PAE Supplicant Enables PAE supplicant mode Default Disabled If the attached client must be authenticated through another device in the network supplicant status must be enab...

Страница 398: ...X STATISTICS Use the Security Port Authentication Show Statistics page to display statistics for dot1x protocol exchanges for any port CLI REFERENCES show dot1x on page 866 PARAMETERS These parameters...

Страница 399: ...OL frames that have been received by this Supplicant in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Supplicant Rx...

Страница 400: ...rt Authentication 400 WEB INTERFACE To display port authenticator statistics for 802 1X 1 Click Security Port Authentication 2 Select Show Statistics from the Step list 3 Click Authenticator Figure 21...

Страница 401: ...iciently or at all In general DoS attacks are implemented by either forcing the target to reset to consume most of its resources so that it can no longer provide its intended service or to obstruct th...

Страница 402: ...ult Enabled TCP SYN FIN Scan A TCP SYN FIN scan message is used to identify listening TCP ports The scan uses a series of strangely configured TCP packets which contain SYN synchronize and FIN finish...

Страница 403: ...any unsaved data would be lost Microsoft made patches to prevent the WinNuke attack but the OOB packets Default Disabled WinNuke Attack Rate Maximum allowed rate Range 64 2000 kbits second Default 10...

Страница 404: ...USAGE Setting source guard mode to SIP Source IP or SIP MAC Source IP and MAC enables this function on the selected port Use the SIP option to check the VLAN ID source IP address and port number again...

Страница 405: ...ARAMETERS These parameters are displayed Filter Type Configures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address Default None None Disabl...

Страница 406: ...ource guard binding on page 926 COMMAND USAGE Static addresses entered in the source guard binding table are automatically configured with an infinite lease time Dynamic entries learned via DHCP snoop...

Страница 407: ...nd MAC Address Physical address associated with the entry Interface The port to which this entry is bound IP Address IP address corresponding to the client Lease Time The time for which this IP addres...

Страница 408: ...le for a selected interface CLI REFERENCES show ip dhcp snooping binding on page 916 PARAMETERS These parameters are displayed Query by Port A port on this switch VLAN ID of a configured VLAN Range 1...

Страница 409: ...ooping table when either snooping protocol is enabled see the DHCPv6 Snooping commands IPv6 source guard can be used to prevent traffic attacks caused when a host tries to use the IPv6 address of a ne...

Страница 410: ...ured with an infinite lease time Dynamic entries learned via DHCPv6 snooping are configured by the DHCPv6 server itself If IPv6 source guard is enabled an inbound packet s source IPv6 address will be...

Страница 411: ...must be set to a value higher than DHCPv6 snooping maximum bindings and ND snooping maximum bindings If IPv6 source guard ND snooping and DHCPv6 snooping are enabled on a port the dynamic bindings use...

Страница 412: ...th same and MAC address and IPv6 address a new entry is added to binding table using static IPv6 source guard binding If there is an entry with same MAC address and IPv6 address and the type of entry...

Страница 413: ...client Type Shows the entry type DHCP Dynamic DHCPv6 binding stateful address ND Dynamic Neighbor Discovery binding stateless address STA Static IPv6 Source Guard binding WEB INTERFACE To configure st...

Страница 414: ...nding page to display the source guard binding table for a selected interface CLI REFERENCES show ipv6 source guard binding on page 938 PARAMETERS These parameters are displayed Query by Port A port o...

Страница 415: ...mation to a DHCP server This information can be useful in tracking an IP address back to a physical port COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messag...

Страница 416: ...only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address ve...

Страница 417: ...er This information may specify the MAC address or IP address of the requesting device that is the switch in this context By default the switch also fills in the Option 82 circuit id field with inform...

Страница 418: ...HCP Snooping Information Option Sub option Format Enables or disables use of sub type and sub length fields in circuit ID CID and remote ID RID in Option 82 information DHCP Snooping Information Optio...

Страница 419: ...the general DHCP snooping process and for the DHCP snooping information option 4 Click Apply Figure 226 Configuring Global Settings for DHCP Snooping DHCP SNOOPING VLAN CONFIGURATION Use the IP Servic...

Страница 420: ...global settings for DHCP Snooping 1 Click IP Service DHCP Snooping 2 Select Configure VLAN from the Step list 3 Enable DHCP Snooping on any existing VLAN 4 Click Apply Figure 227 Configuring DHCP Snoo...

Страница 421: ...Default Disabled Circuit ID Specifies DHCP Option 82 circuit ID suboption information Mode Specifies the default string VLAN Unit Port or an arbitrary string Default VLAN Unit Port Value An arbitrary...

Страница 422: ...ally configured VLAN VLAN to which this entry is bound Interface Port or trunk to which this entry is bound Store Writes all dynamically learned snooping entries to flash memory This function can be u...

Страница 423: ...CHAPTER 13 Security Measures DHCP Snooping 423 Figure 229 Displaying the Binding Table for DHCP Snooping...

Страница 424: ...CHAPTER 13 Security Measures DHCP Snooping 424...

Страница 425: ...through SNMPv1 SNMPv2c or SNMPv3 Remote Monitoring RMON Configures local collection of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures cent...

Страница 426: ...essages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 749 PARAMETERS Th...

Страница 427: ...rface NOTE All log messages are retained in Flash and purged from RAM after a cold restart i e power is turned off and then on through the power source WEB INTERFACE To configure the logging of error...

Страница 428: ...Memory REMOTE LOG CONFIGURATION Use the Administration Log Remote page to send log messages to syslog servers or other management stations You can also limit the event messages sent to only those mess...

Страница 429: ...Port Specifies the UDP port number used by the remote server Range 1 65535 Default 514 WEB INTERFACE To configure the logging of error messages to remote servers 1 Click Administration Log Remote 2 En...

Страница 430: ...messages You may use a symbolic email address that identifies the switch or the address of an administrator responsible for the switch Email Destination Address Specifies the email recipients of aler...

Страница 431: ...thered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice ove...

Страница 432: ...he probability that multiple rather than single changes are reported in each transmission This attribute must comply with the rule 4 Delay Interval Transmission Interval Reinitialization Delay Configu...

Страница 433: ...4 Click Apply Figure 234 Configuring LLDP Timing Attributes CONFIGURING LLDP INTERFACE ATTRIBUTES Use the Administration LLDP Configure Interface Configure General page to specify the message attribu...

Страница 434: ...t address is available the address should be the MAC address for the CPU or for the port sending this advertisement The management address TLV may also include information about the specific interface...

Страница 435: ...based protocol VLANs configured on this interface see Protocol VLANs on page 219 802 3 Organizationally Specific TLVs Configures IEEE 802 3 information included in the TLV field of advertised messages...

Страница 436: ...of advertised messages including the country and the device type Country The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US Device entry refers to The type of device to...

Страница 437: ...ical location of the device attached to an interface including items such as the city street number building and room information The address location is specified as a type and value pair with the ci...

Страница 438: ...ERFACE To specify the physical location of the attached device 1 Click Administration LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interfa...

Страница 439: ...ng the specific identifier for the particular chassis in this system System Name A string that indicates the system s administratively assigned name see Displaying System Information on page 119 Syste...

Страница 440: ...which this LLDPDU was transmitted Interface Details The attributes listed below apply to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the tru...

Страница 441: ...ct should be used for this field MED Capability The supported set of capabilities that define the primary function s of the interface LLDP MED Capabilities Network Policy Location Identification Exten...

Страница 442: ...the switch s ports which are advertising information through LLDP or to display detailed information about an LLDP enabled device connected to a specific port on the local switch CLI REFERENCES show...

Страница 443: ...ier that is listed in the Port ID field See Table 28 Port ID Subtype on page 440 Port Description A string that indicates the port s description If RFC 2863 is implemented the ifDescr object should be...

Страница 444: ...ith remote system supports auto negotiation Remote Port Auto Neg Adv Capability The value bitmap of the ifMauAutoNegCapAdvertisedBits object defined in IETF RFC 3636 which is associated with a port on...

Страница 445: ...assification is used to tag different terminals on the Power over LAN network according to their power consumption Devices such as IP telephones WLAN access points and others will be classified accord...

Страница 446: ...efine the primary function s of the port LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory Current Capabilities The set of cap...

Страница 447: ...esolution altitude and datum Civic Address LCI8 Includes What Country code CA type CA length and CA value What is described as the field entry Device entry refers to under Configuring LLDP Interface A...

Страница 448: ...EB INTERFACE To display LLDP information for a remote port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or Trunk Details 4 Wh...

Страница 449: ...CHAPTER 14 Basic Administration Protocols Link Layer Discovery Protocol 449 Figure 241 Displaying Remote Device Information for LLDP Port Details...

Страница 450: ...transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1325 PARAMETERS These parameters are displayed General Statistics on Remote Devices Neighbor Entries Li...

Страница 451: ...ed Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recognized by the receiving LLDP local agent TLVs Discarded A count of all LLDPDUs...

Страница 452: ...ce check on page 783 show power source status on page 783 CONFIGURING THE POWER SOURCE CHECK Use the Administration PoE PD Configure page to check for power supplied from PSE on Ports 1 10 PARAMETERS...

Страница 453: ...tatus for all ports 1 Click Administration PoE PD 2 Select Show from the Action list Figure 246 Displaying the PSE Status SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol SNMP is...

Страница 454: ...rity models with each model having it s own security levels There are three security models defined SNMPv1 SNMPv2c and SNMPv3 Users are assigned to groups that are defined by a security model and spec...

Страница 455: ...your management station Configuring SNMPv3 Management Access 1 Use the Administration SNMP Configure Global page to enable SNMP on the switch and to enable trap messages 2 Use the Administration SNMP...

Страница 456: ...ation message to specified IP trap managers whenever an invalid community string is submitted during the SNMP access authentication process Default Enabled Link up and Link down Traps9 Issues a notifi...

Страница 457: ...e ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users PARAMETERS These parameters are displayed Engine ID A new engine ID can...

Страница 458: ...rver engine id on page 794 COMMAND USAGE SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to...

Страница 459: ...Apply Figure 249 Configuring a Remote Engine ID for SNMP To show the remote SNMP engine IDs 1 Click Administration SNMP 2 Select Configure Engine from the Step list 3 Select Show Remote Engine from t...

Страница 460: ...configured in the Add View page Range 1 64 characters OID Subtree Adds an additional object identifier of a branch within the MIB tree to the selected View Wild cards can be used to mask a specific p...

Страница 461: ...ure 252 Showing SNMP Views To add an object identifier to an existing SNMP view of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Add OID Sub...

Страница 462: ...ricting them to specific read write and notify views You can use the pre defined default groups or create new groups to map a set of SNMP users to SNMP views CLI REFERENCES show snmp group on page 800...

Страница 463: ...ing itself such that its configuration is unaltered linkDown 1 3 6 1 6 3 1 1 5 3 A linkDown trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for on...

Страница 464: ...wnTrap 1 3 6 1 4 1 259 10 1 25 2 1 0 91 This trap will be sent when an interface is shut down by BPDU guard swLoopbackDetectionTrap 1 3 6 1 4 1 259 10 1 25 2 1 0 95 This trap is sent when loopback BPD...

Страница 465: ...tiRisingThreshold to memoryUtiFallingThreshold dhcpRougeServerAttackTrap 1 3 6 1 4 1 259 10 1 25 2 1 0 114 This trap is sent when receiving a DHCP packet from a rouge server lbdDetectionTrap 1 3 6 1 4...

Страница 466: ...Step list 3 Select Show from the Action list Figure 256 Showing SNMP Groups SETTING COMMUNITY ACCESS STRINGS Use the Administration SNMP Configure User Add Community page to configure up to five commu...

Страница 467: ...ions are only able to retrieve MIB objects Read Write Authorized management stations are able to both retrieve and modify MIB objects WEB INTERFACE To set a community access string 1 Click Administrat...

Страница 468: ...ERS These parameters are displayed User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characte...

Страница 469: ...ser from the Step list 3 Select Add SNMPv3 Local User from the Action list 4 Enter a name and assign it to a group If the security model is set to SNMPv3 and the security level is authNoPriv or authPr...

Страница 470: ...user resides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and the remote user See Specifying Trap Managers on page...

Страница 471: ...Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a remote SNMPv3 user 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Ad...

Страница 472: ...anagement Protocol 472 Figure 261 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Страница 473: ...received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider t...

Страница 474: ...receive notification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Infor...

Страница 475: ...ange 0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specif...

Страница 476: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Страница 477: ...agers CREATING SNMP NOTIFICATION LOGS Use the Administration SNMP Configure Notify Filter Add page to create an SNMP notification log CLI REFERENCES nlm on page 802 snmp server notify filter on page 8...

Страница 478: ...Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging...

Страница 479: ...inistration SNMP Show Statistics page to show counters for SNMP input and output protocol data units CLI REFERENCES show snmp on page 789 PARAMETERS The following counters are displayed SNMP packets i...

Страница 480: ...the SNMP protocol entity Set request PDUs The total number of SNMP Set Request PDUs which have been accepted and processed or generated by the SNMP protocol entity SNMP packets output The total numbe...

Страница 481: ...it can automatically notify the network administrator of a failure and provide historical information about the event If it cannot connect to the management agent it will continue to perform any speci...

Страница 482: ...y be sampled Note that etherStatsEntry n uniquely defines the MIB variable and etherStatsEntry n n defines the MIB variable plus the etherStatsIndex For example 1 3 6 1 2 1 16 1 1 1 6 1 denotes etherS...

Страница 483: ...lling Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing below the falling threshold If there is no corresponding entry in the event control...

Страница 484: ...the action to take when an alarm is triggered The response can include logging the alarm or sending a message to a trap manager Alarms and corresponding events provide a way of immediately responding...

Страница 485: ...g sent with the trap operation to SNMP v1 and v2c hosts Although the community string can be set on this configuration page it is recommended that it be defined on the SNMP trap configuration page see...

Страница 486: ...RMON Configure Interface Add History page to collect statistics on a physical interface to monitor network utilization packet types and errors A historical record of activity can be used to track down...

Страница 487: ...e Show nor Show Details page for the port to which is normally assigned For example if control entry 15 is assigned to port 5 this index entry will be removed from the Show and Show Details page for p...

Страница 488: ...Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 275 Showing Configured RMON History S...

Страница 489: ...EFERENCES Remote Monitoring Commands on page 807 COMMAND USAGE If statistics collection is already enabled on an interface the entry must be deleted before any changes can be made The information coll...

Страница 490: ...om the Action list 4 Click Statistics 5 Select a port from the list as the data source 6 Enter an index number and the name of the owner for this entry 7 Click Apply Figure 277 Configuring an RMON Sta...

Страница 491: ...d RMON Statistical Samples To show collected RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from the Action list 4 Select a...

Страница 492: ...s for switches which can pass information between the Commander and potential Candidates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automaticall...

Страница 493: ...Commander Default Disabled IP Pool An internal IP address pool that is used to assign IP addresses to Member switches in the cluster Internal cluster IP addresses are in the form 10 x x member ID Only...

Страница 494: ...parameters are displayed Member ID Specify a Member ID number for the selected Candidate switch Range 1 36 MAC Address Select a discovered switch MAC address from the Candidate Table or enter a specif...

Страница 495: ...1 Click Administration Cluster 2 Select Configure Member from the Step list 3 Select Show from the Action list Figure 282 Showing Cluster Members To show cluster candidates 1 Click Administration Clu...

Страница 496: ...ange 1 36 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assigned to the Member switch MAC Address The MAC address of the Member switch Descr...

Страница 497: ...achieved by guaranteeing that at any time traffic may flow on all but one of the ring links This particular link is called the ring protection link RPL and under normal conditions this link is blocked...

Страница 498: ...sts of conjoined rings connected by one or more interconnection points and is based on the following criteria The R APS channels are not shared across Ethernet Ring interconnections On each ring port...

Страница 499: ...ic channel may be transferred over a common Ethernet connection for ERP1 and ERP2 through the interconnection nodes C and D Interconnection nodes C and D have separate ERP Control Processes for each E...

Страница 500: ...dated R APS messages the Hold off timer to filter out intermittent link faults and the WTR timer to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 C...

Страница 501: ...must be added to an ERPS domain as the CVLAN This can be designated as any VLAN other than the management VLAN The CVLAN should only contain ring ports and must not be configured with an IP address E...

Страница 502: ...L owner node and non owner node state machines will start and the ring will enter the active state Limitations When configuring a ring port note that these ports cannot be part of a spanning tree nor...

Страница 503: ...est Port Shows the west ring port for this node East Port Shows the east ring port for this node Interface The port or trunk which is configured as a ring port Port State The operational state Blockin...

Страница 504: ...he RPL owner specified and the control VLAN configured Once enabled the RPL owner node and non owner node state machines will start and the ring will enter idle state if no signal failures are detecte...

Страница 505: ...ons are recommended to avoid creating a loop in the network or other problems which may occur under some situations The Control VLAN must not be configured as a Layer 3 interface with an IP address a...

Страница 506: ...efault Enabled Revertive behavior allows the switch to automatically return the RPL from Protection state to Idle state through the exchange of protocol messages Non revertive behavior for Protection...

Страница 507: ...ition If it is an R APS NR RB message without a DNF do not flush indication all ring nodes flush the FDB Recovery with Non revertive Mode In non revertive operation the ring does not automatically rev...

Страница 508: ...tes reversion by blocking the traffic channel over the RPL transmitting an R APS NR RB message over both ring ports informing the ring that the RPL is blocked and flushes the FDB d The acceptance of t...

Страница 509: ...ID it unblocks any ring port which does not have an SF condition and stops transmitting R APS NR message on both ring ports Recovery with revertive mode is handled as follows a The RPL Owner Node upo...

Страница 510: ...d in the format xx xx xx xx xx xx or xxxxxxxxxxxx Default CPU MAC address The ring node identifier is used to identify a node in R APS messages for both automatic and manual switching recovery operati...

Страница 511: ...protection switching time of the sub ring may be affected if R APS messages traverse a long distance over an R APS virtual channel Figure 288 Sub ring with Virtual Channel Sub ring without R APS Virtu...

Страница 512: ...addresses on its ring ports to help the second ay ring restore its connections more quickly through protection switching When the MAC addresses are cleared data traffic may flood onto the major ring...

Страница 513: ...se and unblock previously blocked ports The ring is now returned to Idle state Holdoff Timer The hold off timer is used to filter out intermittent link faults Faults will only be reported to the ring...

Страница 514: ...L owner node initiates the reversion process by transmitting an R APS NR RB message The delay timer i e WTR or WTB is deactivated when any higher priority request preempts this delay timer The delay t...

Страница 515: ...ommand was issued on this interface MEP Specifies the CCM MEPs used to monitor the link on a ring node If a MEP is used to monitor the link status of an ERPS node with CFM continuity check messages th...

Страница 516: ...Configure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanning tree protocol cannot be configured on the ring ports nor can these ports be members of a static...

Страница 517: ...et Ring Protection Switching 517 Figure 291 Creating an ERPS Ring To show the configured ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Acti...

Страница 518: ...re the FS command was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s...

Страница 519: ...table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS condition and the node at which an FS command was issue...

Страница 520: ...r higher priority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS messag...

Страница 521: ...teps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remove the forced switch command on the node...

Страница 522: ...ross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messag...

Страница 523: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 294 Single CFM Maintenance Domain The...

Страница 524: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Страница 525: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Страница 526: ...up and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against th...

Страница 527: ...forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has re...

Страница 528: ...ng CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cro...

Страница 529: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Страница 530: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Страница 531: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Страница 532: ...end point MEP is created at some lower MA Level None No MIP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 655...

Страница 533: ...the maintenance domains and authorized maintenance levels thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click...

Страница 534: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Страница 535: ...ut If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or...

Страница 536: ...s The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 1 second 5 10 seconds 6 1 minute 7 10 minutes Connectivity Check Enables t...

Страница 537: ...1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4 Select an entry from the MD Index list 5 Specify the MAs assigned to each domain the VLAN throu...

Страница 538: ...Click Administration CFM 2 Select Configure MA from the Step list 3 Select Configure Details from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the CCM interval enable the tra...

Страница 539: ...EP s MA or the direction it faces first delete the MEP and then create a new one PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 1 2147483647...

Страница 540: ...ts CONFIGURING REMOTE MAINTENANCE END POINTS Use the Administration CFM Configure Remote MEP Add page to specify remote maintenance end points MEPs set on other CFM enabled devices within a common MA...

Страница 541: ...e waits for remote MEPs to come up before starting the cross check operation can be configured on the Configure Global page see Configuring Global Settings for CFM SNMP traps for continuity check even...

Страница 542: ...Trace page to transmit link trace messages LTMs These messages can isolate connectivity faults by tracing the path through a network to the designated target node i e a remote maintenance end point C...

Страница 543: ...er Parameters controlling the link trace cache including operational state entry hold time and maximum size can be configured on the Configure Global page see Configuring Global Settings for CFM PARAM...

Страница 544: ...d isolation after automatic detection of a fault or receipt of some other error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving...

Страница 545: ...ess can be entered in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx Count The number of times the loopback message is sent Range 1 1024 Packet Size The size of the loopback message...

Страница 546: ...a frame with DM request information and the receiving MEP responds with a frame with DM reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of...

Страница 547: ...asure messages Range 1 5 seconds Default 1 second Timeout The timeout to wait for a response Range 1 5 seconds Default 5 seconds WEB INTERFACE To transmit delay measure messages 1 Click Administration...

Страница 548: ...the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Up indicates that the MEP faces inward toward the switch cross con...

Страница 549: ...cter string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The por...

Страница 550: ...if the specified MEP is currently suppressing sending frames containing AIS information following the detection of defect conditions WEB INTERFACE To show detailed information for the MEPs configured...

Страница 551: ...on name Primary VLAN Service VLAN ID Interface Physical interface of this entry either a port or trunk WEB INTERFACE To show information for the MIPs discovered by the CFM protocol 1 Click Administrat...

Страница 552: ...t to the initial value of all Fs WEB INTERFACE To show information for remote MEPs 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Remote MEP from the Action list...

Страница 553: ...uccessfully and those with errors Port State Port states include Up The port is functioning normally Blocked The port has been blocked by the Spanning Tree Protocol No port state Either no CCM has bee...

Страница 554: ...from MD Index and MA Index 5 Select a MEP ID Figure 315 Showing Detailed Information on Remote MEPs DISPLAYING THE LINK TRACE CACHE Use the Administration CFM Show Information Show Link Trace Cache pa...

Страница 555: ...ed The ingress port can be identified but the target data frame was not forwarded when received on this port due to active topology management i e the bridge port is not in the forwarding state IngVid...

Страница 556: ...settings for the fault notification generator CLI REFERENCES show ethernet cfm fault notify generator on page 1365 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD...

Страница 557: ...are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote MA...

Страница 558: ...continuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 318 Showing Continuity Check Errors OAM...

Страница 559: ...terface is not operational Passive Wait This value is returned only by OAM entities in passive mode and indicates the OAM entity is waiting to see if the peer device is OAM capable Active Send Local T...

Страница 560: ...events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reached or exceeded within the specified period If reporting is enabled...

Страница 561: ...of OAM messages passed across each port CLI REFERENCES show efm oam counters interface on page 1377 clear efm oam counters on page 1374 PARAMETERS These parameters are displayed Port Port identifier R...

Страница 562: ...ND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted...

Страница 563: ...ion Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where tr...

Страница 564: ...1376 COMMAND USAGE You can use this command to perform an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of e...

Страница 565: ...The number of loop back frames transmitted during the last loopback test on this interface Packets Received The number of loop back frames received during the last loopback test on this interface Los...

Страница 566: ...Loop Back Test DISPLAYING RESULTS OF REMOTE LOOP BACK TESTING Use the Administration OAM Remote Loop Back Show Test Result page to display the results of remote loop back testing for each port for whi...

Страница 567: ...INTERFACE To display the results of remote loop back testing for each port for which this information is available 1 Click Administration OAM Remote Loop Back 2 Select Show Test Result from the Action...

Страница 568: ...CHAPTER 14 Basic Administration Protocols OAM Configuration 568...

Страница 569: ...rk Trace Route Sends ICMP echo request packets to another node on the network Address Resolution Protocol Describes how to configure ARP aging time Also shows how to display the ARP cache IPv4 Configu...

Страница 570: ...network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is u...

Страница 571: ...set at one This causes the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round tri...

Страница 572: ...s of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry for an IP address in the ARP cache the switch will broadcast an ARP request packet to...

Страница 573: ...meout Sets the aging time for dynamic entries in the ARP cache Range 300 86400 seconds Default 1200 seconds or 20 minutes The ARP aging timeout can only be set globally for all VLANs The aging time de...

Страница 574: ...VERSION 4 This section describes how to configure an IPv4 interface for management access over the network This switch supports both IPv4 and IPv6 and can be managed through either of these address t...

Страница 575: ...with your network You may also need to a establish a default gateway between the switch and management stations that exist on another network segment You can direct the device to obtain an address fro...

Страница 576: ...ss and the primary address cannot be removed if a secondary address is still present Also if any router or switch in a network segment uses a secondary address all other routers switches in that segme...

Страница 577: ...Configure Interface from the Action list 3 Select Add Address from the Step list 4 Select the VLAN through which the management station is attached set the IP Address Mode to DHCP or BOOTP 5 Click Ap...

Страница 578: ...ress configured for an interface 1 Click System IP 2 Select Configure Interface from the Step list 3 Select Show Address from the Action list 4 Select an entry from the VLAN list Figure 332 Showing th...

Страница 579: ...layed Default Gateway Sets the IPv6 address of the default next hop router An IPv6 address must be configured according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadeci...

Страница 580: ...nodes on the same network segment use Neighbor Discovery to discover each other s presence to determine each other s link layer addresses to find routers and to maintain reachability information about...

Страница 581: ...s The number of consecutive neighbor solicitation messages sent on an interface during duplicate address detection Range 0 600 Default 3 Configuring a value of 0 disables duplicate address detection D...

Страница 582: ...address autoconfiguration If the router advertisements have the other stateful configuration flag set the switch may also attempt to acquire other non address configuration information such as a defa...

Страница 583: ...operational problems for hosts on the network RA Guard can be used to block RAs and Router Redirect RR messages on the specified interface Determine which interfaces are connected to known routers an...

Страница 584: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The switch must always be configured with a link local address Ther...

Страница 585: ...global unicast address is detected on the network the address is disabled on this interface and a warning message displayed on the console When an explicit address is assigned to an interface IPv6 is...

Страница 586: ...vice had an EUI 48 address of 28 9F 18 1C 82 35 the global local bit must first be inverted to meet EUI 64 requirements i e 1 for globally defined addresses and 0 for locally defined addresses changin...

Страница 587: ...ace local scope and FF02 1 link local scope FF01 1 16 is the transient interface local multicast address for all attached IPv6 nodes and FF02 1 16 is the link local multicast address for all attached...

Страница 588: ...o show the configured IPv6 addresses 1 Click IP IPv6 Configuration 2 Select Show IPv6 Address from the Action list 3 Select a VLAN from the list Figure 337 Showing Configured IPv6 Addresses SHOWING TH...

Страница 589: ...e last positive confirmation was received that the forward path was functioning While in STALE state the device takes no action until a packet is sent Delay More than the ReachableTime interval has el...

Страница 590: ...buffering capacity to forward a datagram and when the gateway can direct the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitable routes t...

Страница 591: ...or some of the fragments Reassembly Succeeded The number of IPv6 datagrams successfully reassembled Note that this counter is incremented at the interface to which these datagrams were addressed which...

Страница 592: ...ges The number of ICMP Time Exceeded messages received by the interface Parameter Problem Messages The number of ICMP Parameter Problem messages received by the interface Echo Request Messages The num...

Страница 593: ...Messages The number of ICMP Neighbor Solicit messages sent by the interface Neighbor Advertisement Messages The number of ICMP Router Advertisement messages sent by the interface Redirect Messages Th...

Страница 594: ...Address IP Version 6 594 WEB INTERFACE To show the IPv6 statistics 1 Click IP IPv6 Configuration 2 Select Show Statistics from the Action list 3 Click IPv6 ICMPv6 or UDP Figure 339 Showing IPv6 Statis...

Страница 595: ...w ipv6 mtu on page 1425 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure...

Страница 596: ...CHAPTER 15 IP Configuration Setting the Switch s IP Address IP Version 6 596...

Страница 597: ...E SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network When a client device designates th...

Страница 598: ...DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of domain names to be tried in sequential order CLI REFERENCES ip domain list on page 13...

Страница 599: ...e Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Ad...

Страница 600: ...e until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status...

Страница 601: ...age 1388 COMMAND USAGE Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These paramete...

Страница 602: ...che that have been learned via the designated name servers CLI REFERENCES show dns cache on page 1388 COMMAND USAGE Servers or other network devices may support one or more connections via multiple IP...

Страница 603: ...If a subnet does not already include a BOOTP or DHCP server you can relay DHCP client requests to a DHCP server on another subnet SPECIFYING A DHCP CLIENT IDENTIFIER Use the IP Service DHCP Client pag...

Страница 604: ...RING DHCP RELAY SERVICE Use the IP Service DHCP Relay page to configure DHCP relay service for attached host devices including DHCP option 82 information DHCP provides an option for sending informatio...

Страница 605: ...IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then passes the DHCP response rec...

Страница 606: ...ut is not relayed DHCP reply packets received by the relay agent are handled as follows When the relay agent receives a DHCP reply packet with Option 82 information over the management VLAN it first e...

Страница 607: ...cket onto the VLAN that received it instead of relaying it This is the default Keep Retains the Option 82 information in the client request inserts the relay agent s address and unicasts the packet to...

Страница 608: ...remote ID 6 Enter up to five IP addresses for DHCP servers or relay servers in order of preference 7 Click Apply Figure 11 Configuring DHCP Relay Information Option 82 Service CONFIGURING THE PPPOE IN...

Страница 609: ...lobally before it can be enabled on an interface Access Node Identifier String identifying this switch as an PPPoE IA to the PPPoE server Range 1 48 ASCII characters Default IP address of first IPv4 i...

Страница 610: ...globally on the switch for this command to take effect Trust Status Sets an interface to trusted mode to indicate that it is connected to a PPPoE server Default Disabled Set any interfaces connecting...

Страница 611: ...which the discovery packet was received entering the switch or access node where the intermediate agent resides Outgoing PAD Offer PADO and Session confirmation PADS packets sent from the PPPoE Server...

Страница 612: ...unk selection Received Received PPPoE active discovery messages All All PPPoE active discovery message types PADI PPPoE Active Discovery Initiation messages PADO PPPoE Active Discovery Offer messages...

Страница 613: ...Agent 613 WEB INTERFACE To show statistics for PPPoE IA protocol messages 1 Click IP Service PPPoE Intermediate Agent 2 Select Show Statistics from the Step list 3 Select Port or Trunk interface type...

Страница 614: ...CHAPTER 1 IP Services Configuring the PPPoE Intermediate Agent 614...

Страница 615: ...r IPv6 Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation OVERVIEW Multicasting is used to support...

Страница 616: ...s only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service The purpose of IP multicast filtering is to...

Страница 617: ...be forwarded from any source except for those specified In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources NOTE When the switch is configu...

Страница 618: ...ast traffic only to the ports that request it This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance CLI REFERENCES IGMP Snooping on page 1206...

Страница 619: ...sion means that specific queries are not forwarded from an upstream multicast router to hosts downstream from this device When proxy reporting is disabled all IGMP reports received by the switch are f...

Страница 620: ...e spanning tree change occurred When an upstream multicast router receives this solicitation it immediately issues an IGMP general query A query solicitation can be sent whenever the switch notices a...

Страница 621: ...the new upstream interface This command only applies when proxy reporting is enabled Router Port Expire Time The time the switch waits after the previous querier stops before it considers it to have...

Страница 622: ...erface and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate...

Страница 623: ...ect the VLAN which will forward all the corresponding multicast traffic and select the port or trunk attached to the multicast router 4 Click Apply Figure 359 Configuring a Static Interface for a Mult...

Страница 624: ...g IGMP Snooping and IGMP Query messages see Configuring IGMP Snooping and Query Parameters on page 618 However for certain applications that require tighter control it may be necessary to statically c...

Страница 625: ...ll propagate the multicast service specify the interface attached to a multicast service through an IGMP enabled switch or multicast router and enter the multicast IP address 4 Click Apply Figure 362...

Страница 626: ...re have been many mechanisms used in the past to identify multicast routers This has lead to interoperability issues between multicast routers and snooping switches from different vendors In response...

Страница 627: ...d Upon receiving a solicitation on an interface with IP multicast forwarding and MRD enabled a router will respond with an Advertisement Multicast Router Termination These messages are sent when a rou...

Страница 628: ...vice if a leave packet is received at that port and immediate leave is enabled for the parent VLAN Default Disabled If immediate leave is not used a multicast router or querier will send a group speci...

Страница 629: ...stream from the multicast router port If a proxy query address is not configured the switch will use the VLAN s IP address as the IP source address in general and group specific query messages sent do...

Страница 630: ...te more burst traffic This attribute will take effect only if IGMP snooping proxy reporting is enabled page 618 or IGMP querier is enabled page 618 Last Member Query Count The number of IGMP proxy gro...

Страница 631: ...Select Configure VLAN from the Action list 3 Select the VLAN to configure and update the required parameters 4 Click Apply Figure 365 Configuring IGMP Snooping on a VLAN To show the interface setting...

Страница 632: ...any IGMP query packets received on the specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Default Disabled Multica...

Страница 633: ...18 PARAMETERS These parameters are displayed VLAN An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address Group Address IP multicast group a...

Страница 634: ...tics pages to display IGMP snooping protocol related statistics for the specified interface CLI REFERENCES show ip igmp snooping statistics on page 1226 clear ip igmp snooping statistics on page 1223...

Страница 635: ...ace G Query The number of general query messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The num...

Страница 636: ...essages 1 Click Multicast IGMP Snooping Statistics 2 Select Show Query Statistics from the Action list 3 Select a VLAN Figure 369 Displaying IGMP Snooping Statistics Query To display IGMP snooping pro...

Страница 637: ...igure 370 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Act...

Страница 638: ...oup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a p...

Страница 639: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Страница 640: ...373 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure...

Страница 641: ...MP FILTERING AND THROTTLING FOR INTERFACES Use the Multicast IGMP Snooping Filter Configure Interface page to assign and IGMP filter profile to interfaces on the switch or to throttle multicast traffi...

Страница 642: ...nge 1 255 Default 255 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximum number of multicast groups...

Страница 643: ...ry and report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time CONFIGURING MLD...

Страница 644: ...e multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10 seconds This attribute controls how long the host...

Страница 645: ...d immediate leave is enabled for the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave mess...

Страница 646: ...REFERENCES ipv6 mld snooping vlan mrouter on page 1247 COMMAND USAGE MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 643 before a multica...

Страница 647: ...Select the VLAN for which to display this information Figure 381 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multicas...

Страница 648: ...ace in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN PARAMETERS These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast s...

Страница 649: ...3 Select the VLAN for which to display this information Figure 384 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Страница 650: ...Filter Mode The filter mode is used to summarize the total listening state of a multicast address to a minimum set such that all nodes listening states are respected In Include mode the router only u...

Страница 651: ...h as television channels or video on demand across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers This protocol can significantly reduce to...

Страница 652: ...up to the participating interfaces see Assigning Static MVR Multicast Groups to Interfaces on page 661 Although MVR operates on the underlying mechanism of IGMP snooping the two features operate indep...

Страница 653: ...port and leave messages it only forwards them to other source ports When receiver ports receive any query messages they are dropped When changes occurring in the downstream MVR groups are learned by t...

Страница 654: ...a domain The multicast streams are sent to all source ports on the switch and to all receiver ports that have elected to receive data on that multicast address Dynamic When dynamic mode is enabled th...

Страница 655: ...VLAN see Adding Static Members to VLANs on page 202 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether or not all necessar...

Страница 656: ...MVR CONFIGURING MVR GROUP ADDRESS PROFILES Use the Multicast MVR Configure Profile and Associate Profile pages to assign the multicast group address for required services to one or more MVR domains C...

Страница 657: ...group Range 224 0 1 0 239 255 255 255 End IP Address Ending IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Associate Profile Domain ID An independent multicast domain Range 1 5...

Страница 658: ...To assign an MVR group address profile to a domain 1 Click Multicast MVR 2 Select Associate Profile from the Step list 3 Select Add from the Action list 4 Select a domain from the scroll down list and...

Страница 659: ...eave multicast groups within an MVR VLAN Multicast groups can also be statically assigned to a receiver port see Assigning Static MVR Multicast Groups to Interfaces on page 661 Receiver ports should n...

Страница 660: ...configured as an receiver port will be dynamically added to the MVR VLAN when it forwards an IGMP report or join message from an attached host requesting any of the designated multicast services supp...

Страница 661: ...e the Multicast MVR Configure Static Group Member page to statically bind multicast groups to a port which will receive long term multicast streams associated with a stable set of hosts CLI REFERENCES...

Страница 662: ...RFACE To assign a static MVR group to an interface 1 Click Multicast MVR 2 Select Configure Static Group Member from the Step list 3 Select Add from the Action list 4 Select an MVR domain 5 Select a V...

Страница 663: ...ned to the MVR VLAN VLAN The VLAN through which the service is received Note that this may be different from the MVR VLAN if the group address has been statically assigned Port Shows the interfaces wi...

Страница 664: ...Range 1 5 VLAN VLAN identifier Range 1 4094 Port Port identifier Range 1 10 Trunk Trunk identifier Range 1 5 Query Statistics Querier IP Address The IP address of the querier on this interface Querie...

Страница 665: ...or group and source specific query messages received on this interface Drop The number of times a report leave or query was dropped Packets may be dropped due to invalid format rate limiting packet co...

Страница 666: ...r IPv4 666 WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Страница 667: ...IPv4 667 To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR dom...

Страница 668: ...t MULTICAST VLAN REGISTRATION FOR IPV6 MVR6 functions in a manner similar to that described for MRV see Multicast VLAN Registration for IPv4 on page 651 COMMAND USAGE General Configuration Guidelines...

Страница 669: ...as the querier The source port performs only the host portion of MVR by sending summarized membership reports and automatically disables MVR router functions Receiver ports are known as downstream or...

Страница 670: ...ithin the parameters set by a profile or to only forward multicast streams which the source port has dynamically joined Always Forward By default the switch forwards any multicast streams within the a...

Страница 671: ...the channel for streaming multicast services using MVR6 MVR6 source ports should be configured as members of the MVR6 VLAN see Adding Static Members to VLANs on page 202 but MVR6 receiver ports should...

Страница 672: ...separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is res...

Страница 673: ...eros required to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 group address range assigned to a profile cannot overlap with the group address range of any other profi...

Страница 674: ...and specify a multicast group that will stream traffic to participating hosts 5 Click Apply Figure 403 Configuring an MVR6 Group Address Profile To show the configured MVR6 group address profiles 1 C...

Страница 675: ...ticast MVR6 Configure Interface page to configure each interface that participates in the MVR6 protocol as a source port or receiver port If you are sure that only one subscriber attached to an interf...

Страница 676: ...group specific query to the receiver port and waiting for a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using imm...

Страница 677: ...diate Leave Configures the switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group This option only applies to an interface configured a...

Страница 678: ...te the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 VLAN cannot be specified as the receiver VLAN for static bindings PARAMETE...

Страница 679: ...5 Select the port or trunk for which to display this information Figure 409 Showing the Static MVR6 Groups Assigned to a Port DISPLAYING MVR6 RECEIVER GROUPS Use the Multicast MVR6 Show Member page t...

Страница 680: ...been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active or new clients Count The number of multicast services currently being...

Страница 681: ...e Number of Reports Sent The number of reports sent from this interface Number of Leaves Sent The number of leaves sent from this interface VLAN Port and Trunk Statistics Input Statistics Report The n...

Страница 682: ...The number of general query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface WEB INTERFACE To display sta...

Страница 683: ...Pv6 683 To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR6 do...

Страница 684: ...Pv6 684 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 do...

Страница 685: ...n page 785 Remote Monitoring Commands on page 807 Authentication Commands on page 815 General Security Measures on page 879 Access Control Lists on page 957 Interface Commands on page 981 Link Aggrega...

Страница 686: ...1173 Quality of Service Commands on page 1187 Multicast Filtering Commands on page 1205 LLDP Commands on page 1303 CFM Commands on page 1327 OAM Commands on page 1369 Domain Name Service Commands on...

Страница 687: ...nsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CL...

Страница 688: ...54 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isola...

Страница 689: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Страница 690: ...n discard Discard packet dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile feature erps Disp...

Страница 691: ...port Technical information time range Time range traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users lo...

Страница 692: ...ation commands you can enter the prefix keyword no to cancel the effect of a command or reset the configuration to the default value For example the logging command will log system messages to a host...

Страница 693: ...prompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open...

Страница 694: ...t filtering CFM Configuration Configures connectivity monitoring using continuity check messages fault verification through loopback messages and fault isolation by examining end to end connections be...

Страница 695: ...Console config interface ethernet 1 5 Console config if exit Console config Table 42 Configuration Command Modes Mode Command Prompt Page Access Control List access list arp access list ip standard ac...

Страница 696: ...tart of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor...

Страница 697: ...address authentication filtering DHCP requests and replies and discarding invalid ARP responses 879 Access Control List Provides filtering for IPv4 frames based on address protocol TCP UDP port number...

Страница 698: ...s IGMP multicast filtering query profile and proxy parameters specifies ports attached to a multicast router also configures multicast VLAN registration and IPv6 MLD snooping 1205 Link Layer Discovery...

Страница 699: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Страница 700: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 701: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 702: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Страница 703: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 704: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 701 reload Privileged Exec This command restarts the system NOT...

Страница 705: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 706: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 707: ...Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port including baud rate and console time out E...

Страница 708: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 48 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Страница 709: ...ported If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Sample Networks Responsible de...

Страница 710: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Страница 711: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or ot...

Страница 712: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Страница 713: ...G None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersc...

Страница 714: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Страница 715: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Страница 716: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Страница 717: ...ion describes commands used to display system information Table 49 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show memory S...

Страница 718: ...ter rule for a port the system will also use two PCEs EXAMPLE Console show access list tcam utilization Total Policy Control Entries 512 Free Policy Control Entries 352 Entries Used by System 160 Entr...

Страница 719: ...ilization in the past 60 seconds Average Utilization 16 Maximum Utilization 19 Alarm Status Current Alarm Status Off Last Alarm Start Time Sep 26 01 39 04 2011 Last Alarm Duration Time 4 seconds Alarm...

Страница 720: ...panning tree instances name and interfaces IP address configured for management VLAN Interface settings Any configured settings for the console port and Telnet EXAMPLE Console show running config Buil...

Страница 721: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for the switch SNMP community stri...

Страница 722: ...ist of system settings designed to help technical support resolve configuration or functional problems COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command generates a long list of info...

Страница 723: ...Accounts User Name Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online Users Line User Name Idle time h m s Remote IP addr console admin 0 00 01 VTY 0 admin 0 00 03 192 168 0 99 SSH 1...

Страница 724: ...ersion 0 0 0 1 Operation Code Version 1 4 0 1 Console show watchdog This command shows if watchdog debugging is enabled COMMAND MODE Privileged Exec EXAMPLE Console show watchdog Software Watchdog Inf...

Страница 725: ...Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and de...

Страница 726: ...a new file name and then set as the startup file or the current startup configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg...

Страница 727: ...lon is required after the specified file type If the file contains an error it cannot be set as the default file EXAMPLE Console config boot system config startup Console config RELATED COMMANDS dir 7...

Страница 728: ...to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you...

Страница 729: ...and When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note that anonymous is set as the default user name EXAMPLE The following example...

Страница 730: ...his example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19...

Страница 731: ...filename filename Name of configuration file or code image DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE If the file type is used for system startup then this file cannot be deleted...

Страница 732: ...nsole dir File Name Type Startup Modify Time Size bytes Unit 1 es3510ma_v1 4 0 1 bix OpCode Y 2012 06 14 10 11 11 13084748 Factory_Default_Config cfg Config N 2010 04 20 09 15 19 455 startup1 cfg Conf...

Страница 733: ...restore the default setting SYNTAX no upgrade opcode auto DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE This command is used to enable or disable automatic upgrade of the o...

Страница 734: ...image detected current version 1 1 1 0 new version 1 1 1 2 Image upgrade in progress The switch will restart after upgrade succeeds Downloading new image Flash programming started Flash programming co...

Страница 735: ...anonymous will be used for the connection If the password is omitted a null string will be used for the connection EXAMPLE This shows how to specify a TFTP server where new code is stored Console con...

Страница 736: ...ommands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP server after waiting for the configured timeout period and receiving no response...

Страница 737: ...o ip tftp timeout seconds The the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out Range 1 65535 seconds DEFAULT SETTING 5 seconds COMMAND MODE...

Страница 738: ...the number of data bits per character that are interpreted and generated by hardware LC exec timeout Sets the interval that the command interpreter waits until user input is detected LC login Enables...

Страница 739: ...nfig line RELATED COMMANDS show line 748 show users 723 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to resto...

Страница 740: ...r that specifies the timeout interval Range 60 65535 seconds 0 no timeout DEFAULT SETTING 10 minutes COMMAND MODE Line Configuration COMMAND USAGE If user input is detected within the timeout interval...

Страница 741: ...mmand When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default sett...

Страница 742: ...as terminals and modems often require a specific parity bit setting EXAMPLE To specify no parity enter this command Console config line parity none Console config line password This command specifies...

Страница 743: ...There is no need for you to manually configure encrypted passwords EXAMPLE Console config line password 0 secret Console config line RELATED COMMANDS login 741 password thresh 743 password thresh Thi...

Страница 744: ...ime value SYNTAX silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 where 0 means disabled DEFAULT SETTING Disabled COMMAND MODE Line Configurat...

Страница 745: ...icates if the speed you selected is not supported EXAMPLE To specify 57600 bps enter this command Console config line speed 57600 Console config line stopbits This command sets the number of the stop...

Страница 746: ...ion This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting EXAMPLE...

Страница 747: ...h width escape character The keyboard character used to escape from current line input ASCII number ASCII decimal equivalent Range 0 255 character Any valid keyboard character history The number of li...

Страница 748: ...access i e Telnet DEFAULT SETTING Shows all lines COMMAND MODE Normal Exec Privileged Exec EXAMPLE To show all lines enter this command Console show line Terminal Configuration for this session Length...

Страница 749: ...64 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding database EXAMPLE Consol...

Страница 750: ...ash errors level 3 0 RAM debugging level 7 0 COMMAND MODE Global Configuration COMMAND USAGE The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Страница 751: ...to build up a list of host IP addresses The maximum number of host IP addresses allowed is five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of...

Страница 752: ...logging trap level level One of the syslog severity levels listed in the table on page 750 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Globa...

Страница 753: ...history stored in temporary RAM i e memory flushed on power reset DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE All log messages are retained in RAM and Flash after a warm restart i...

Страница 754: ...or the trap function DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE The following example shows that system logging is enabled the message level for flash memory is errors i e default level...

Страница 755: ...nabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages...

Страница 756: ...ndling DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server...

Страница 757: ...D MODE Global Configuration COMMAND USAGE The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7...

Страница 758: ...e default value SYNTAX logging sendmail source email email address no logging sendmail source email email address The source email address used in alert messages Range 1 41 characters DEFAULT SETTING...

Страница 759: ...nt SNTP configuration settings NE PE NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables the NTP client...

Страница 760: ...itch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp server comm...

Страница 761: ...which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Use the no form to clear all time servers from the current list or to clear...

Страница 762: ...time synchronization requests and the current SNTP mode i e unicast EXAMPLE Console show sntp Current Time Nov 5 18 51 22 2006 Poll Interval 16 seconds Current Mode Unicast SNTP Status Enabled SNTP Se...

Страница 763: ...he NTP authentication key ID number Range 1 65535 md5 Specifies that authentication is provided by using the message digest algorithm 5 key An MD5 authentication key string The key string can be up to...

Страница 764: ...MMAND USAGE The SNTP and NTP clients cannot be enabled at the same time First disable the SNTP client before using this command The time acquired from time servers is used to record accurate dates and...

Страница 765: ...ent mode It issues time synchronization requests based on the interval set with the ntp poll command The client will poll all the time servers configured the responses received are filtered and compar...

Страница 766: ...rver 192 168 4 22 version 3 key 19 NTP Authentication Key 19 md5 42V68751663T6K11P2J307210R885 Console Manual Configuration Commands clock summer time date This command sets the start end and offset t...

Страница 767: ...tion COMMAND USAGE In some countries or regions clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less This is known as Summer Time or Daylight Savi...

Страница 768: ...the start of spring and then adjusted backward in autumn This command sets the summer time time relative to the configured time zone To specify the time corresponding to your local time when summer ti...

Страница 769: ...l may june july august september october november december b hour The hour when summer time will begin Range 0 23 hours b minute The minute when summer time will begin Range 0 59 minutes e week The we...

Страница 770: ...for the switch s internal clock SYNTAX clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 30 characters hours Number of hours before af...

Страница 771: ...lect the city associated with the chosen GMT offset After the offset has been entered use the tab complete function to display the available city options DEFAULT SETTING GMT Greenwich Mean Time Dublin...

Страница 772: ...ch april may june july august september october november december year Year 4 digit Range 1970 2037 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Note that when SNTP is enabled the s...

Страница 773: ...1 16 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE This command sets a time range for use by other functions such as Access Control Lists EXAMPLE Console config time...

Страница 774: ...ear Year 4 digit Range 2009 2109 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured you must use the no form of this command to remove the c...

Страница 775: ...Weekdays weekend Weekends hour Hour in 24 hour format Range 0 23 minute Minute Range 0 59 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured...

Страница 776: ...are connected to the same local network Using Switch Clustering A switch cluster has a primary unit called the Commander which is used to manage all other Member switches in the cluster The management...

Страница 777: ...ipating ports to this VLAN see Configuring VLAN Interfaces on page 1139 and set them to hybrid mode tagged members PVID 1 and acceptable frame type all NOTE Cluster Member switches can be managed eith...

Страница 778: ...h as cluster Commander SYNTAX no cluster commander DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Once a switch has been configured to be a cluster Commander it automatically...

Страница 779: ...Member IDs can only be between 1 and 36 Set a Cluster IP Pool that does not conflict with addresses in the network IP subnet Cluster IP addresses are assigned to switches when they become Members and...

Страница 780: ...luster Member CLI for configuration SYNTAX rcommand id member id member id The ID number of the Member switch Range 1 36 COMMAND MODE Privileged Exec COMMAND USAGE This command only operates through a...

Страница 781: ...shows the current switch cluster members COMMAND MODE Privileged Exec EXAMPLE Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 E0 0C 00 00 F...

Страница 782: ...D USAGE If power is supplied from more than one PSE the switch will draw power from the numerically lowest numbered port with an attached PSE Other ports with an attached PSE will only be used as back...

Страница 783: ...PLE Console show power source check PSE Check Status Enabled Console show power source status This command shows if power is being supplied to any of the Fast Ethernet ports COMMAND MODE Privileged Ex...

Страница 784: ...CHAPTER 20 System Management Commands Powered Device 784...

Страница 785: ...s up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Displays t...

Страница 786: ...n multicast traffic exceeds the upper threshold for automatic storm control IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper thre...

Страница 787: ...nity string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number o...

Страница 788: ...tact string Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length...

Страница 789: ...input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication E...

Страница 790: ...page 1327 mac notification Keyword to issue trap when a dynamic MAC address is added or removed interval Specifies the interval between issuing two consecutive traps Range 1 3600 seconds Default 1 se...

Страница 791: ...of the host targeted recipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for version 2c and...

Страница 792: ...mp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notif...

Страница 793: ...ing is interpreted as an SNMP user name The user name must first be defined with the snmp server user command Otherwise an SNMPv3 group will be automatically created by the snmp server host command us...

Страница 794: ...Range 1 5 COMMAND MODE Privileged Exec EXAMPLE Console show snmp server enable port traps interface Interface MAC Notification Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine...

Страница 795: ...en the switch and a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need...

Страница 796: ...write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public15 read only private16 read write readview Every object belonging to the...

Страница 797: ...remote device ip address IPv4 or IPv6 address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha...

Страница 798: ...emote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote...

Страница 799: ...nsole config This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engine...

Страница 800: ...ype volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1...

Страница 801: ...ion Field Description Group Name Name of an SNMP group Security Model The SNMP version Read View The associated read view Write View The associated write view Notify View The associated notify view St...

Страница 802: ...the specified notification log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification l...

Страница 803: ...host parameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a m...

Страница 804: ...ation log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network ma...

Страница 805: ...X memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 falling threshold...

Страница 806: ...in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 DEFAULT SETTING Rising Threshold 90 Falling Threshold 70 COMMAND MODE Globa...

Страница 807: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 808: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Страница 809: ...dex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Eve...

Страница 810: ...he polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 10 Buckets 50 Interval 30...

Страница 811: ...24 interval 60 Console config if rmon collection rmon1 This command enables the collection of statistics on a physical interface Use the no form to disable statistics collection SYNTAX rmon collection...

Страница 812: ...t 0 show rmon events This command shows the settings for all configured events COMMAND MODE Privileged Exec EXAMPLE Console show rmon events Event 2 is valid owned by mike Description is urgent Event...

Страница 813: ...entries in the statistics group COMMAND MODE Privileged Exec EXAMPLE Console show rmon statistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372...

Страница 814: ...CHAPTER 22 Remote Monitoring Commands 814...

Страница 815: ...cified command groups or individual commands Authentication Sequence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS...

Страница 816: ...nd administrators top level access The other levels can be used to configured specialized access profiles Level 0 7 provide the same default access privileges all within Normal Exec mode under the Con...

Страница 817: ...enable 701 authentication enable 820 username This command adds named users requires authentication at login specifies or changes a user s password or specify that no password is required or specifie...

Страница 818: ...command nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 32 ch...

Страница 819: ...pecifies any command contained within the specified mode DEFAULT SETTING Privilege level 0 provides access to a limited number of the commands which display the current status of the switch as well as...

Страница 820: ...c command mode with the enable command Use the no form to restore the default SYNTAX authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS...

Страница 821: ...nging command modes 816 authentication login This command defines the login authentication method and precedence Use the no form to restore the default SYNTAX authentication login local radius tacacs...

Страница 822: ...ase of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch radius server acct port This command sets the RADIUS server...

Страница 823: ...t 181 Console config radius server host This command specifies primary and backup RADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a spec...

Страница 824: ...1812 acct port 1813 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 port 181 timeout 10 retransmit 5 key green Console config...

Страница 825: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Страница 826: ...Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on the network An authentication ser...

Страница 827: ...P port used for authentication messages Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 timeout Number of seconds the switch...

Страница 828: ...TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server re...

Страница 829: ...s Number of seconds the switch waits for a reply before resending a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console conf...

Страница 830: ...able 76 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x Enables accounting of 802 1X services GC aaa accounting exec Enables...

Страница 831: ...e that the default and method name fields are only used to describe the accounting method s configured on the specified TACACS server and do not actually send any information to the server about the m...

Страница 832: ...counting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x defa...

Страница 833: ...thod name fields are only used to describe the accounting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use...

Страница 834: ...64 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured wit...

Страница 835: ...XAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Страница 836: ...d list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config if accounting dot1x tps Cons...

Страница 837: ...a method list created with the aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console con...

Страница 838: ...dot1x statistics username user name interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable com...

Страница 839: ...s command specifies the TCP port number used by the web browser interface Use the no form to use the default port SYNTAX ip http port port number no ip http port port number The TCP port to be used by...

Страница 840: ...ttp server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip http server Console config RELATED COMMANDS ip http port 839 show system 721 ip http secure port This com...

Страница 841: ...e an encrypted connection to the switch s web interface Use the no form to disable this function SYNTAX no ip http secure server DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAG...

Страница 842: ...S ip http secure port 840 copy tftp https certificate 728 show system 721 TELNET SERVER This section describes commands used to configure Telnet management access to the switch Table 78 HTTPS System S...

Страница 843: ...et max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight sessions can be concu...

Страница 844: ...disable this function SYNTAX no ip telnet server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip telnet server Console config show ip telnet This command displays...

Страница 845: ...have to generate authentication keys on the switch and enable the SSH server Table 80 Secure Shell Commands Command Function Mode ip ssh authentication retries Specifies the number of retries allowed...

Страница 846: ...tch Note that these clients must be configured locally on the switch with the username command The clients are subsequently authenticated using these keys The current firmware only accepts public key...

Страница 847: ...the switch e The switch compares the checksum sent from the client against that computed for the original string it sent If the two check sums match this means that the client s private key correspon...

Страница 848: ...ires 2 Console config RELATED COMMANDS show ip ssh 852 ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service SYNTAX no ip ssh server DEF...

Страница 849: ...size key size The size of server key Range 512 896 bits DEFAULT SETTING 768 bits COMMAND MODE Global Configuration COMMAND USAGE The server key is a private key that is never shared outside the switc...

Страница 850: ...config RELATED COMMANDS exec timeout 740 show ip ssh 852 delete public key This command deletes the specified user s public key SYNTAX delete public key username dsa rsa username Name of an SSH user...

Страница 851: ...you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to...

Страница 852: ...ey from RAM to flash memory SYNTAX ip ssh save host key DEFAULT SETTING Saves both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console ip ssh save host key dsa Console RELATED COMMANDS ip...

Страница 853: ...last string is the encoded modulus EXAMPLE Console show public key host Host RSA 1024 65537 13236940658254764031382795526536375927835525327972629521130241 071942106165575942459093923609695405036277525...

Страница 854: ...ication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Table 82 802 1X Port Authentication Commands Command Function Mode Gene...

Страница 855: ...an authentication session that the switch waits before re transmitting an EAP packet IC dot1x re authenticate Forces re authentication on specific ports PE Supplicant Commands dot1x identity profile...

Страница 856: ...to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the edge of the network When this device is functioning as an edge switch but d...

Страница 857: ...nfiguration COMMAND USAGE For guest VLAN assignment to be successful the VLAN must be configured and set as active see the vlan database command and assigned as the guest VLAN for the port see the net...

Страница 858: ...onfig if dot1x max req 2 Console config if dot1x operation mode This command allows hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to sin...

Страница 859: ...ss to a port operating in this mode is limited only by the available space in the secure address table i e up to 1024 addresses EXAMPLE Console config interface eth 1 2 Console config if dot1x operati...

Страница 860: ...the process is handled transparently by the dot1x client software Only if re authentication fails is the port blocked The connected client is re authenticated after the interval specified by the dot1x...

Страница 861: ...t1x timeout re authperiod seconds The number of seconds Range 1 65535 DEFAULT 3600 seconds COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout...

Страница 862: ...erface eth 1 2 Console config if dot1x timeout supp timeout 300 Console config if dot1x timeout tx period This command sets the time that an interface on the switch waits during an authentication sess...

Страница 863: ...identity settings SYNTAX dot1x identity profile username username password password no dot1x identity profile username password username Specifies the supplicant user name Range 1 8 characters passwor...

Страница 864: ...dot1x supplicant mode on a port SYNTAX no dot1x pae supplicant DEFAULT Disabled COMMAND MODE Interface Configuration COMMAND USAGE When devices attached to a port must submit requests to another auth...

Страница 865: ...dot1x timeout auth period seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration COMMAND USAGE This command sets the time that the supplicant waits for a...

Страница 866: ...eout start period seconds no dot1x timeout start period seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Con...

Страница 867: ...face including the following items Reauthentication Periodic re authentication page 860 Reauth Period Time after which a connected client must be re authenticated page 861 Quiet Period Time a port wai...

Страница 868: ...Failure or Request packet received from the Authentication Server Reauthentication State Machine State Current state including initialize reauthenticate EXAMPLE Console show dot1x Global 802 1X Param...

Страница 869: ...e allowed management access to the switch through various protocols A list of up to 15 IP addresses or IP address groups can be specified Use the no form to restore the default setting SYNTAX no manag...

Страница 870: ...ing addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ra...

Страница 871: ...vileged Exec EXAMPLE Console show management all client Management Ip Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP ad...

Страница 872: ...op information from the client s PPPoE Active Discovery Request and forwards this information to all trusted ports Table 84 PPPoE Intermediate Agent Commands Command Function Mode pppoe intermediate a...

Страница 873: ...SYNTAX pppoe intermediate agent format type access node identifier id string generic error message error message no pppoe intermediate agent format type access node identifier generic error message id...

Страница 874: ...rface ethernet 1 5 Console config if pppoe intermediate agent port enable Console config if pppoe intermediate agent port format type This command sets the circuit id or remote id for an interface Use...

Страница 875: ...sent from the PPPoE Server include the Circuit ID tag inserted by the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients using the pppoe in...

Страница 876: ...SAGE This command only applies to trusted interfaces It is used to strip off vendor specific tags which carry subscriber and line identification information in PPPoE Discovery packets received from an...

Страница 877: ...gent info PPPoE Intermediate Agent Global Status Enabled PPPoE Intermediate Agent Admin Access Node Identifier 192 168 0 2 PPPoE Intermediate Agent Oper Access Node Identifier 192 168 0 2 PPPoE Interm...

Страница 878: ...nge 1 5 COMMAND MODE Privileged Exec EXAMPLE Console show pppoe intermediate agent statistics interface ethernet 1 1 Eth 1 1 statistics Received All PADI PADO PADR PADS PADT 3 0 0 0 0 3 Dropped Respon...

Страница 879: ...figures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control List...

Страница 880: ...d sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enabled...

Страница 881: ...nsole config interface ethernet 1 2 Console config if no mac learning Console config if RELATED COMMANDS show interfaces status 993 port security This command enables or configures port security Use t...

Страница 882: ...s received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port using the mac add...

Страница 883: ...has learned as static entries SYNTAX port security mac address as permanent interface interface interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 10...

Страница 884: ...n detected or port security is disabled The MAC Filter ID field is configured by the network access port mac filter command If this field displays Disabled then any unknown source MAC address can be l...

Страница 885: ...om a specific MAC address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RADIUS server While authentication for a MAC address is in progress all t...

Страница 886: ...access link detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac count Sets the maximum number of MAC address...

Страница 887: ...es a MAC address filter table Range 1 64 mac address Specifies a MAC address entry Format xx xx xx xx xx xx mask Specifies a MAC address bit mask for a range of addresses DEFAULT SETTING Disabled COMM...

Страница 888: ...tion time is a global setting and applies to all ports When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process...

Страница 889: ...n file EXAMPLE The following example enables the dynamic QoS feature on port 1 Console config interface ethernet 1 1 Console config if network access dynamic qos Console config if network access dynam...

Страница 890: ...ion the authentication is still treated as a success and the host assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cle...

Страница 891: ...ction DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection Console config if network access link...

Страница 892: ...port send an SNMP trap or both Use the no form of this command to disable this feature SYNTAX network access link detection link up action shutdown trap trap and shutdown no network access link detect...

Страница 893: ...able the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link up down action trap Conso...

Страница 894: ...erver PAP user name and passwords must be configured in the MAC address format XX XX XX XX XX XX all in upper case Authenticated MAC addresses are stored as dynamic entries in the switch secure MAC ad...

Страница 895: ...port mac filter filter id no network access port mac filter filter id Specifies a MAC address filter table Range 1 64 DEFAULT SETTING None COMMAND MODE Interface Configuration COMMAND MODE Entries in...

Страница 896: ...ation max mac count count The maximum number of MAC authenticated MAC addresses allowed Range 1 1024 DEFAULT SETTING 1024 COMMAND MODE Interface Configuration EXAMPLE Console config if mac authenticat...

Страница 897: ...it Unit identifier Range 1 port Port number Range 1 10 DEFAULT SETTING Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface ethernet 1 1...

Страница 898: ...ange 1 port Port number Range 1 10 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit mask...

Страница 899: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user nam...

Страница 900: ...ole config web auth system auth control Enables web authentication globally for the switch GC web auth Enables web authentication for an interface IC web auth re authenticate Port Ends all web authent...

Страница 901: ...MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid W...

Страница 902: ...and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web auth This command enables web auth...

Страница 903: ...OMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the des...

Страница 904: ...mpts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfa...

Страница 905: ...y GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping information policy Sets the informat...

Страница 906: ...namic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identifier When DHCP snoo...

Страница 907: ...is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server...

Страница 908: ...rmation mac address Inserts a MAC address in the remote ID sub option for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub opti...

Страница 909: ...dd option 82 information to the packet If an incoming packet is a DHCP reply packet with option 82 information enabling the DHCP snooping information option will remove option 82 information from the...

Страница 910: ...ts that can be trapped by the switch for DHCP snooping Use the no form to restore the default setting SYNTAX ip dhcp snooping limit rate rate no dhcp snooping limit rate rate The maximum number of DHC...

Страница 911: ...VLAN Use the no form to restore the default setting SYNTAX no ip dhcp snooping vlan vlan id vlan id ID of a configured VLAN Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COM...

Страница 912: ...thernet Port Channel COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server DHCP Option 82 allows compatible DHCP servers to use...

Страница 913: ...option string Console config interface ethernet 1 1 Console config if ip dhcp snooping information option circuit id string 3510 Console config if ip dhcp snooping trust This command configures the sp...

Страница 914: ...thernet 1 5 Console config if no ip dhcp snooping trust Console config if RELATED COMMANDS ip dhcp snooping 906 ip dhcp snooping vlan 911 clear ip dhcp snooping binding This command clears DHCP snoopi...

Страница 915: ...EXAMPLE Console config ip dhcp snooping database flash Console config show ip dhcp snooping This command shows the DHCP snooping configuration settings COMMAND MODE Privileged Exec EXAMPLE Console sh...

Страница 916: ...snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy Sets the information option policy for DHCPv6 client packets that in...

Страница 917: ...d via DHCPv6 snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IPv6 address lease time binding type VLAN identifier and port identifier When DHCPv6 snoop...

Страница 918: ...yes continue to C If not check failed and forward packet to trusted port C Check status code in IA option If successful and entry is in binding table update lease time and forward to original destinat...

Страница 919: ...echanism for sending information about the switch and its DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning IP add...

Страница 920: ...ion 37 information in DHCPv6 client request packets the switch s MAC address hexadecimal is used for the remote ID EXAMPLE This example enables the DHCPv6 Snooping Remote ID Option Console config ipv6...

Страница 921: ...e default setting SYNTAX no ipv6 dhcp snooping vlan vlan id vlan range vlan id ID of a configured VLAN Range 1 4094 vlan range A consecutive range of VLANs indicated by the use a hyphen or a random gr...

Страница 922: ...v6 dhcp snooping max binding count no ipv6 dhcp snooping max binding count Maximum number of entries Range 1 5 DEFAULT SETTING 5 COMMAND MODE Interface Configuration Ethernet Port Channel EXAMPLE This...

Страница 923: ...Pv6 snooping bindings associated with this port are removed Additional considerations when the switch itself is a DHCPv6 client The port s through which it submits a client request to the DHCPv6 serve...

Страница 924: ...MODE Privileged Exec EXAMPLE Console config clear ipv6 dhcp snooping database flash Console config show ipv6 dhcp snooping This command shows the DHCPv6 snooping configuration settings COMMAND MODE P...

Страница 925: ...1 5 NA Link layer Address 00 12 cf 01 02 03 IPv6 Address Lifetime VLAN Port Type 2001 b000 1 2591912 1 Eth 1 3 NA Console show ipv6 dhcp snooping statistics This command shows statistics for DHCPv6 sn...

Страница 926: ...de Specifies the binding mode acl Adds binding to ACL table mac Adds binding to MAC address mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ip address A valid unic...

Страница 927: ...tatic bindings are processed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an ent...

Страница 928: ...selected port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source M...

Страница 929: ...ly learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except for DHCP packets Only unicast addresses are accepted for static bindi...

Страница 930: ...onfig interface ethernet 1 5 Console config if ip source guard max binding 1 Console config if ip source guard mode This command sets the source guard learning mode to search for addresses in the ACL...

Страница 931: ...witch overwrites the oldest record with new blocked records Use the clear ip source guard binding blocked command to clear this table EXAMPLE This command clears the blocked record table Console confi...

Страница 932: ...c Shows static entries configured with the ip source guard binding command see page 926 acl Shows static entries in the ACL binding table mac Shows static entries in the MAC address binding table bloc...

Страница 933: ...ource guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ipv6 address Corresponding IPv6 address This address must be entered a...

Страница 934: ...ings are processed as follows If there is no entry with same and MAC address and IPv6 address a new entry is added to binding table using static IPv6 source guard binding If there is an entry with sam...

Страница 935: ...Pv6 packets allowed by DHCPv6 snooping A port access control list ACL is applied to the interface Traffic is then filtered based upon dynamic entries learned via ND snooping or DHCPv6 snooping or stat...

Страница 936: ...esses are accepted for static bindings EXAMPLE This example enables IP source guard on port 5 Console config interface ethernet 1 5 Console config if ipv6 source guard sip Console config if RELATED CO...

Страница 937: ...lower value precedence is given to deleting entries learned through DHCPv6 snooping ND snooping and then manually configured IPv6 source guard static bindings until the number of entries in the bindi...

Страница 938: ...ing each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination dropping any invalid ARP packets ARP Inspection determines the validity of an...

Страница 939: ...their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs ip arp inspection limit...

Страница 940: ...ndom group of VLANs with each entry separated by a comma static ARP packets are only validated against the specified ACL address bindings in the DHCP snooping database is not checked DEFAULT SETTING A...

Страница 941: ...nspection command before this command will be accepted by the switch By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log...

Страница 942: ...ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and response...

Страница 943: ...ction is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP...

Страница 944: ...command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Console config in...

Страница 945: ...on Global IP ARP Inspection status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspe...

Страница 946: ...cs ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0...

Страница 947: ...he echo service repeats anything sent to it and the chargen character generator service generates a continuous stream of data When used together they create an infinite loop and result in a denial of...

Страница 948: ...se packets Use the no form to disable this feature SYNTAX no dos protection smurf DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection smurf Console config d...

Страница 949: ...NULL scan Use the no form to disable this feature SYNTAX no dos protection tcp null scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp null scan C...

Страница 950: ...tcp xmas scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp xmas scan Console config dos protection udp flooding This command protects against DoS...

Страница 951: ...tack but the OOB packets still put the service in a tight loop that consumed all available CPU time Use the no form to disable this feature SYNTAX dos protection win nuke bit rate in kilo rate no dos...

Страница 952: ...traffic segmentation This command enables traffic segmentation Use the no form to disable traffic segmentation SYNTAX no traffic segmentation DEFAULT SETTING Disabled COMMAND MODE Global Configuratio...

Страница 953: ...configuration settings for segmented groups EXAMPLE This example enables traffic segmentation globally on the switch Console config traffic segmentation Console config traffic segmentation session Th...

Страница 954: ...or a segmented group of ports Use the no form to remove a port from the segmented group SYNTAX no traffic segmentation session session id uplink interface list downlink interface list downlink interfa...

Страница 955: ...as the uplink and ports 5 8 as downlinks Console config traffic segmentation Console config traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink...

Страница 956: ...ntation This command displays the configured traffic segments COMMAND MODE Privileged Exec EXAMPLE Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding Sessio...

Страница 957: ...Pv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header type MAC ACL...

Страница 958: ...her more specific criteria acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you cre...

Страница 959: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Страница 960: ...address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags f...

Страница 961: ...ied source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedence and ToS in the same rule However if...

Страница 962: ...nation port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 a...

Страница 963: ...ccess list 963 Time Range 773 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP access l...

Страница 964: ...list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP address an...

Страница 965: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address prefi...

Страница 966: ...ipv6 address source ipv6 address prefix length any destination ipv6 address prefix length dscp dscp next header next header time range time range name no permit deny any host source ipv6 address sourc...

Страница 967: ...oded in separate headers that may be placed between the IPv6 header and the upper layer header in a packet There are a small number of such extension headers each identified by a distinct Next Header...

Страница 968: ...v6 access group acl name in acl name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets time range name Name of the time range Range 1 16 characters co...

Страница 969: ...command displays the rules for configured IPv6 ACLs SYNTAX show ipv6 access list standard extended acl name standard Specifies a standard IPv6 ACL extended Specifies an extended IPv6 ACL acl name Nam...

Страница 970: ...t mac acl name acl name Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new AC...

Страница 971: ...source ip network mask any host destination ip destination ip network mask ipv6 any host source ipv6 source ipv6 prefix length any host destination ipv6 destination ipv6 prefix length protocol protoco...

Страница 972: ...rt sport port bitmask l4 destination port dport port bitmask permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype protocol protoc...

Страница 973: ...mask19 Bitmask for MAC address in hexadecimal format network mask Network mask for IP subnet This mask identifies the host address bits used for routing to specific subnets prefix length Length of IPv...

Страница 974: ...on address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 Console config mac acl RELATED COMMANDS access list mac 970 Time Ra...

Страница 975: ...s list 975 Time Range 773 show mac access group This command shows the ports assigned to MAC ACLs COMMAND MODE Privileged Exec EXAMPLE Console show mac access group Interface ethernet 1 5 MAC access l...

Страница 976: ...ACL Maximum length 16 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny c...

Страница 977: ...bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask...

Страница 978: ...mac any any Console config mac acl RELATED COMMANDS access list arp 976 show access list arp This command displays the rules for configured ARP ACLs SYNTAX show access list arp acl name acl name Name...

Страница 979: ...Unit identifier Range 1 port Port number Range 1 10 acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware counters Console show...

Страница 980: ...ss rules for Standard IPv6 ACLs mac Shows ingress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Name of the ACL Maxi...

Страница 981: ...lear counters Clears statistics on an interface PE show discard Displays if CDP and PVST packets are being discarded PE show interfaces brief Displays a summary of key information including operationa...

Страница 982: ...eiver power level of the transmitted signal which can be used to trigger an alarm or warning message IC transceiver threshold voltage Sets thresholds for the transceiver voltage which can be used to t...

Страница 983: ...le An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following example adds an alias...

Страница 984: ...n command the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex...

Страница 985: ...description RD SW 3 Console config if discard This command discards CDP or PVST packets Use the no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cd...

Страница 986: ...led back pressure is used for half duplex operation and IEEE 802 3 2002 formally IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command us...

Страница 987: ...he SFP port has a valid link DEFAULT SETTING RJ 45 copper forced Combination sfp preferred auto COMMAND MODE Interface Configuration Ethernet Ports 9 10 COMMAND USAGE Ports 1 8 are fixed at copper for...

Страница 988: ...EXAMPLE The following example configures port 10 to use auto negotiation Console config interface ethernet 1 10 Console config if negotiation Console config if RELATED COMMANDS capabilities 983 speed...

Страница 989: ...nterface Configuration Ethernet Port Channel COMMAND USAGE The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T por...

Страница 990: ...nel channel id Range 1 5 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Statistics are only initialized for a power reset This command sets the base value for displayed statistics to...

Страница 991: ...fault Default Eth 1 5 Default Default Eth 1 6 Default Default show interfaces brief This command displays a summary of key information including operational status native VLAN ID default priority spee...

Страница 992: ...ee Showing Port or Trunk Statistics on page 162 EXAMPLE Console show interfaces counters ethernet 1 1 Ethernet 1 1 IF table Stats 2166458 Octets Input 14734059 Octets Output 14707 Unicast Input 19806...

Страница 993: ...Input in kbits per second 0 Packets Input per second 0 00 Input Utilization 6 Octets Output in kbits per second 1 Packets Output per second 0 00 Output Utilization Console show interfaces status This...

Страница 994: ...ed LACP Disabled MAC Learning Enabled Media Type None Current Status Link Status Up Port Operation Status Up Operation Speed duplex 100full Up Time 0w 0d 0h 25m 30s 1530 seconds Flow Control Type None...

Страница 995: ...n is enabled or disabled if enabled it also shows the threshold level page 1036 Unknown unicast Threshold Shows if unknown unicast storm suppression is enabled or disabled if enabled it also shows the...

Страница 996: ...threshold auto This command uses default threshold settings obtained from the transceiver to determine when an alarm or warning message should be sent Use the no form to disable this feature SYNTAX tr...

Страница 997: ...ow Alarm 6 mA COMMAND MODE Interface Configuration Ethernet COMMAND USAGE If trap messages are enabled with the transceiver monitor command and a high threshold alarm or warning message is sent if the...

Страница 998: ...to trigger an alarm or warning message SYNTAX transceiver threshold rx power high alarm high warning low alarm low warning threshold value high alarm Sets the high power threshold for an alarm message...

Страница 999: ...alarm high warning low alarm low warning threshold value high alarm Sets the high temperature threshold for an alarm message high warning Sets the high temperature threshold for a warning message low...

Страница 1000: ...old for an alarm message high warning Sets the high power threshold for a warning message low alarm Sets the low power threshold for an alarm message low warning Sets the low power threshold for a war...

Страница 1001: ...larm Sets the high voltage threshold for an alarm message high warning Sets the high voltage threshold for a warning message low alarm Sets the low voltage threshold for an alarm message low warning S...

Страница 1002: ...orts 9 10 DEFAULT SETTING Shows all SFP interfaces COMMAND MODE Privileged Exec COMMAND USAGE The switch can display diagnostic information for SFP modules which support the SFF 8472 Specification for...

Страница 1003: ...port Port number Range 1 10 DEFAULT SETTING Shows all SFP interfaces COMMAND MODE Privileged Exec COMMAND USAGE The switch can display diagnostic information for SFP modules which support the SFF 8472...

Страница 1004: ...med using Digital Signal Processing DSP test methods DSP analyses the cable by sending a pulsed signal into the cable and then examining the reflection of that pulse This cable test is only accurate f...

Страница 1005: ...iagnostics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 COMMAND MODE Privileged Exec COMMAND USAGE The results include common cable failure...

Страница 1006: ...ngs mode the switch checks for energy on the circuit to determine if there is a link partner If none is detected the switch automatically turns off the transmitter and most of the receive circuitry en...

Страница 1007: ...an 60 meters EXAMPLE Console config interface ethernet 1 10 Console config if power save Console config if show power save This command shows the configuration settings for power savings SYNTAX show p...

Страница 1008: ...CHAPTER 26 Interface Commands Power Savings 1008...

Страница 1009: ...connection must be configured as trunk ports Table 109 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface conf...

Страница 1010: ...med i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel ad...

Страница 1011: ...or many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination...

Страница 1012: ...ove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates trunk 1 and then adds port 10 Console config interface port channel...

Страница 1013: ...e ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if lacp Console config if interface ethernet 1 3 Console config if lacp Console config if end Console show...

Страница 1014: ...COMMAND USAGE Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chan...

Страница 1015: ...s selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already...

Страница 1016: ...mbined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been e...

Страница 1017: ...reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3 Console config if lacp timeout This command configures the timeout to wait for the next LACP data unit LA...

Страница 1018: ...terface port channel 1 Console config if lacp timeout short Console config if Trunk Status Display Commands show lacp This command displays LACP information SYNTAX show lacp port channel counters inte...

Страница 1019: ...r of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addr...

Страница 1020: ...llection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to...

Страница 1021: ...Load Balance Mode Destination IP address Console Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol p...

Страница 1022: ...CHAPTER 27 Link Aggregation Commands Trunk Status Display Commands 1022...

Страница 1023: ...ess mac address access list acl name no port monitor interface vlan vlan id mac address mac address interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 10 rx...

Страница 1024: ...face configuration command and then use the port monitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match...

Страница 1025: ...xample configures port 2 to monitor packets matching the MAC address 00 12 CF XX XX XX received by port 1 Console config access list mac m1 Console config mac acl permit 00 12 cf 00 00 00 ff ff ff 00...

Страница 1026: ...he following steps to configure an RSPAN session 1 Use the vlan rspan command to configure a VLAN to use for RSPAN Default VLAN 1 is prohibited 2 Use the rspan source command to specify the interfaces...

Страница 1027: ...ic Only one mirror session is allowed including both local and remote mirroring If local mirroring is enabled then no session can be configured for RSPAN Spanning Tree If the spanning tree is disabled...

Страница 1028: ...te a consecutive list of ports or a comma between non consecutive ports ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 rx Mirror received packets tx Mirror transmitted pac...

Страница 1029: ...tag untagged Traffic exiting the destination port is untagged DEFAULT SETTING Traffic exiting the destination port is untagged COMMAND MODE Global Configuration COMMAND USAGE Only one destination por...

Страница 1030: ...intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations destination Specifies this device as a switch configured with a destination port which...

Страница 1031: ...ession is allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then no session can be configured for RSPAN COMMAND MODE Global Configuration CO...

Страница 1032: ...nsole show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Switch Role Dest...

Страница 1033: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Страница 1034: ...Output rate for specified interface rate Maximum value in Kbps Range 64 100000 Kbps for Fast Ethernet ports 64 1000000 Kbps for Gigabit Ethernet ports DEFAULT SETTING Disabled COMMAND MODE Interface C...

Страница 1035: ...rate to be either kilobits per second or packets per second SYNTAX storm sample type octet packet octet Threshold in kbit second packet Threshold in packets second DEFAULT SETTING packets second COMM...

Страница 1036: ...DEFAULT SETTING Broadcast Storm Control Enabled packet rate limit 64 kbps Multicast Storm Control Disabled Unknown Unicast Storm Control Disabled COMMAND MODE Interface Configuration Ethernet Port Ch...

Страница 1037: ...eneath the lower threshold GC auto traffic control Enables automatic traffic control for broadcast or multicast storms IC Port auto traffic control action Sets the control action to limit ingress traf...

Страница 1038: ...nd the apply timer expires IC Port snmp server enable port traps atc multicast control release Sends a trap when multicast traffic falls beneath the lower threshold after a storm control response has...

Страница 1039: ...ll be stopped and a Traffic Control Release Trap sent and logged Note that if the control action has shut down a port it can only be manually re enabled using the auto traffic control control release...

Страница 1040: ...tion COMMAND USAGE After the apply timer expires a control action may be triggered as specified by the auto traffic control action command and a trap message sent as specified by the snmp server enabl...

Страница 1041: ...nsole config auto traffic control broadcast release timer 800 Console config auto traffic control This command enables automatic traffic control for broadcast or multicast storms Use the no form to di...

Страница 1042: ...threshold configured by the auto traffic control alarm clear threshold command shutdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic c...

Страница 1043: ...omatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The lower threshold for ingress traffic beneath which a cleared storm control tra...

Страница 1044: ...rm control for multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second...

Страница 1045: ...as been triggered and the release timer has expired To release a control response which has shut down a port after the specified action has been triggered and the release timer has expired use the aut...

Страница 1046: ...bled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast alarm clear Console config if RELATED COM...

Страница 1047: ...MAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast control apply Console config if RELATED COMMANDS...

Страница 1048: ...ed Use the no form to disable this trap SYNTAX no snmp server enable port traps atc multicast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config...

Страница 1049: ...ps atc multicast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Страница 1050: ...ontrol This command shows global configuration settings for automatic storm control COMMAND MODE Privileged Exec EXAMPLE Console show auto traffic control Storm control Broadcast Apply timer sec 300 r...

Страница 1051: ...ation Storm Control Broadcast Multicast State Disabled Disabled Action rate control rate control Auto Release Control Disabled Disabled Alarm Fire Threshold Kpps 128 128 Alarm Clear Threshold Kpps 128...

Страница 1052: ...CHAPTER 29 Congestion Control Commands Automatic Traffic Control Commands 1052...

Страница 1053: ...interface or when a interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Страница 1054: ...e protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no spanning tree loopback detec...

Страница 1055: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Страница 1056: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Страница 1057: ...detection feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection...

Страница 1058: ...n Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of...

Страница 1059: ...erval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT SETTING 15 seconds COMMAN...

Страница 1060: ...detection process is always based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by...

Страница 1061: ...E UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to be taken Wh...

Страница 1062: ...1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 Disabled Normal Disabled 7 s Unknown 5 s Console show udld interface ethernet 1 1 Interface UDLD...

Страница 1063: ...e link is down or not connected to a UDLD capable device The state is Bidirectional if the link has a normal two way connection to a UDLD capable device All other states indicate mis wiring Msg Invl T...

Страница 1064: ...CHAPTER 31 UniDirectional Link Detection Commands 1064...

Страница 1065: ...seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 124 Address Table Commands Command Function Mode mac address...

Страница 1066: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Страница 1067: ...mac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interf...

Страница 1068: ...ans to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPLE Console show mac address...

Страница 1069: ...AX show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 port channel channel id Range 1 5 DEFAULT SETTING None COMMAND...

Страница 1070: ...CHAPTER 32 Address Table Commands 1070...

Страница 1071: ...ystem bpdu flooding Floods BPDUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission li...

Страница 1072: ...ing tree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPD...

Страница 1073: ...co IOS Release 12 2 25 SEC do not fully follow the IEEE standard causing some state machine procedures to function incorrectly The command forces the spanning tree protocol to function in a manner com...

Страница 1074: ...sole config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the de...

Страница 1075: ...onverge All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message become...

Страница 1076: ...1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and rec...

Страница 1077: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 1085 takes precedence over...

Страница 1078: ...e lowest MAC address will then become the root device EXAMPLE Console config spanning tree priority 40000 Console config spanning tree mst configuration This command changes to Multiple Spanning Tree...

Страница 1079: ...port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu flooding command has no effect if BPDU flooding is...

Страница 1080: ...stance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the h...

Страница 1081: ...tance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs SYNTAX no mst instance id vlan vlan range instance id Instance identifier of the s...

Страница 1082: ...Use the no form to clear the name SYNTAX name name name Name of the spanning tree DEFAULT SETTING Switch s MAC address COMMAND MODE MST Configuration COMMAND USAGE The MST region name and revision num...

Страница 1083: ...the no form to disable this feature SYNTAX no spanning tree bpdu filter DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command stops all Bridge...

Страница 1084: ...s DEFAULT SETTING BPDU Guard Disabled Auto Recovery Disabled Auto Recovery Interval 300 seconds COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE An edge port should only be con...

Страница 1085: ...th cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 COMMAND MODE Interface Configuration Ethernet Port Channel COMMA...

Страница 1086: ...enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to t...

Страница 1087: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Страница 1088: ...on action block shutdown duration no spanning tree loopback detection action block Blocks user traffic shutdown Shuts down the interface duration The duration to shut down the interface Range 60 86400...

Страница 1089: ...hen the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes to lin...

Страница 1090: ...nce identifier of the spanning tree Range 0 4094 cost Path cost for an interface Range 0 for auto configuration 1 65535 for short path cost method24 1 200 000 000 for long path cost method The recomme...

Страница 1091: ...panning Tree Use the no form to restore the default SYNTAX spanning tree mst instance id port priority priority no spanning tree mst instance id port priority instance id Instance identifier of the sp...

Страница 1092: ...n the receiving port s native VLAN as specified by the spanning tree system bpdu flooding command The spanning tree system bpdu flooding command has no effect if BPDU flooding is disabled on a port by...

Страница 1093: ...Port Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch recei...

Страница 1094: ...t Channel EXAMPLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree t...

Страница 1095: ...nge 1 5 COMMAND MODE Privileged Exec COMMAND USAGE Use this command to release an interface from discarding state if loopback detection release mode is set to manual by the spanning tree loopback dete...

Страница 1096: ...ic instance within the multiple spanning tree MST SYNTAX show spanning tree interface mst instance id brief stp enabled only interface ethernet unit port unit Unit identifier Range 1 port Port number...

Страница 1097: ...panning Tree Enabled Disabled Enabled Instance 0 VLANs Configured 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec...

Страница 1098: ...gnated Root 32768 0000E89382A0 Current Root Port 0 Current Root Cost 0 Interface Pri Designated Designated Oper STP Role State Oper Bridge ID Port ID Cost Status Edge Eth 1 1 128 32768 0000E89382A0 12...

Страница 1099: ...ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS non revertive Enables non revertive mode which require...

Страница 1100: ...t link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVLAN Use the control vlan...

Страница 1101: ...specific ring erps This command enables ERPS on the switch Use the no form to disable this feature SYNTAX no erps DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS must be...

Страница 1102: ...for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configur...

Страница 1103: ...exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This command activates the current ERPS ring Use the no form to disable the current ring SYNTAX no en...

Страница 1104: ...aximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard timer is that during its duration a node will be unaware of new or existing ring requests trans...

Страница 1105: ...kets Use the no form to remove the current setting SYNTAX major domain name no major domain name Name of the ERPS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMA...

Страница 1106: ...continuity check messages are used to monitor the link status of an ERPS ring node as specified by the mep monitor command then the MEG level set by the meg level command must match the authorized mai...

Страница 1107: ...own this information is passed to ERPS which in turn processes it as a ring node failure For more information on how ERPS recovers from a node failure refer to Ethernet Ring Protection Switching on pa...

Страница 1108: ...packets when an owner node enters protection state without any link down event having been detected through SF messages Use the no form to disable this feature SYNTAX no non erps dev protect DEFAULT S...

Страница 1109: ...the RPL the owner node will still transmit an R APS NR RB ring blocked message ERPS compliant nodes receiving this message flush their forwarding database and unblock previously blocked ports The rin...

Страница 1110: ...ther higher priority request is received Recovery with Revertive Mode When all ring links and ring nodes have recovered and no external requests are active reversion is handled in the following way a...

Страница 1111: ...ge on both ring ports informing other nodes that no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another highe...

Страница 1112: ...ocked until the RPL is blocked as a result of ring protection reversion or until there is another higher priority request e g an SF condition in the ring The Ethernet Ring Node where the Manual Switch...

Страница 1113: ...ndication all ring nodes flush their FDB This action unblocks the ring port which was blocked as result of an operator command EXAMPLE Console config erps non revertive Console config erps propagate t...

Страница 1114: ...ing nodes running ERPSv1 and ERPSv2 co exist on the same ring the Ring ID of each ring node must be configured as 1 If this command is disabled the following strings are used as the node identifier ER...

Страница 1115: ...the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can be achieved by for...

Страница 1116: ...essary to take precautions against forming a loop which is potentially composed of a whole interconnected network Figure 418 Sub ring without Virtual Channel EXAMPLE Console config erps raps without v...

Страница 1117: ...any member ports spanning tree will be disabled for the first member port assigned to the static trunk EXAMPLE Console config erps ring port east interface ethernet 1 12 Console config erps rpl neighb...

Страница 1118: ...ink RPL owner Use the no form to restore the default setting SYNTAX rpl owner no rpl DEFAULT SETTING None that is neither owner nor neighbor COMMAND MODE ERPS Configuration COMMAND USAGE Only one RPL...

Страница 1119: ...mount of flush FDB operations in the ring Support of multiple ERP instances on a single ring Version 2 is backward compatible with Version 1 If version 2 is specified the inputs and commands are forwa...

Страница 1120: ...ion COMMAND USAGE If the switch goes into ring protection state due to a signal failure after the failure condition is cleared the RPL owner will start the wait to restore timer and wait until it expi...

Страница 1121: ...ual switch state 1 Issue an erps clear command to remove the forced switch command on the node where a local forced switch command is active 2 Issue an erps clear command on the RPL owner node to trig...

Страница 1122: ...R APS messages e The ring node receiving an R APS FS message flushes its FDB Protection switching on a forced switch request is completed when the above actions are performed by each ring node At thi...

Страница 1123: ...ng a FS command at the ring node under maintenance in order to avoid falling into the above mentioned unrecoverable situation EXAMPLE Console erps forced switch domain r d west Console erps manual swi...

Страница 1124: ...ch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without any local higher priority requests unblocks any blocked ring port which does not have an S...

Страница 1125: ...tatus information for all configured rings or for a specified ring SYNTAX show erps domain ring name statistics domain Keyword to display ERPS ring configuration settings ring name Name of a specific...

Страница 1126: ...link failure has occurred This state will switch to idle state if all the failed links recover Type Shows ERPS node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertiv...

Страница 1127: ...this ring node R APS with VC The R APS Virtual Channel is the R APS channel connection used to tunnel R APS messages between two interconnection nodes of a sub ring in another Ethernet ring or network...

Страница 1128: ...to block timer expires WTR Expire The time before the wait to restore timer expires Table 132 show erps statistics detailed display description Field Description Interface The direction and port or t...

Страница 1129: ...Commands 1129 EVENT Any request state message excluding FS SF MS and NR HEALTH The number of non standard health check messages Table 132 show erps statistics detailed display description Continued Fi...

Страница 1130: ...CHAPTER 34 ERPS Commands 1130...

Страница 1131: ...ID and state Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups...

Страница 1132: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 1133: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 1134: ...in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN...

Страница 1135: ...rivileged Exec COMMAND USAGE See Displaying Bridge Extension Capabilities on page 123 for a description of the displayed items EXAMPLE Console show bridge ext Maximum Supported VLAN Numbers 4094 Maxim...

Страница 1136: ...eave All Timer 1000 centiseconds Console RELATED COMMANDS garp timer 1133 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit...

Страница 1137: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 1138: ...AN used for mirroring traffic from remote switches The VLAN used for RSPAN cannot include VLAN 1 the switch s default VLAN Nor should it include VLAN 4093 which is used for switch clustering Configuri...

Страница 1139: ...0 Console config if Table 136 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchport acceptable frame typ...

Страница 1140: ...t Channel COMMAND USAGE When set to receive all frame types any received frames that are untagged are assigned to the default VLAN EXAMPLE The following example shows how to restrict the traffic recei...

Страница 1141: ...keep or remove the tag from a frame on egress If none of the intermediate network devices nor the host at the other end of the connection supports VLANs the interface should be added to these VLANs a...

Страница 1142: ...1 and then enable ingress filtering Console config interface ethernet 1 1 Console config if switchport ingress filtering Console config if switchport mode This command configures the VLAN membership m...

Страница 1143: ...ort Use the no form to restore the default SYNTAX switchport native vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4094 DEFAULT SETTING VLAN 1 COMMAND MODE Interface...

Страница 1144: ...itches would drop any frames with unknown VLAN group tags However by enabling VLAN trunking on the intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN...

Страница 1145: ...n show vlan This command shows VLAN information SYNTAX show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4094 name Keyword to be fo...

Страница 1146: ...inQ mode dot1q tunnel system tunnel control 2 Create a SPVLAN vlan 3 Configure the QinQ tunnel access port to dot1Q tunnel access mode switchport dot1q tunnel mode 4 Set the Tag Protocol Identifier TP...

Страница 1147: ...tunnel access port If the spanning tree protocol is enabled be aware that a tunnel access or tunnel uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcom...

Страница 1148: ...ontrol command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a packet from a customer the customer tag regardless of whether there are on...

Страница 1149: ...When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods...

Страница 1150: ...ethernet 1 1 Console config if switchport allowed vlan add 100 200 300 untagged Console config if switchport dot1q tunnel mode access 5 Configure the following selective QinQ mapping entries Console...

Страница 1151: ...Interface Configuration Ethernet Port Channel COMMAND USAGE Use the switchport dot1q tunnel tpid command to set a custom 802 1Q ethertype value on the selected interface This feature allows the switc...

Страница 1152: ...ot1q tunnel system tunnel control Console config interface ethernet 1 1 Console config if switchport dot1q tunnel mode access Console config if interface ethernet 1 2 Console config if switchport dot1...

Страница 1153: ...mains in the customer s network L2PT can be used to pass various types of protocol packets belonging to the same customer transparently across a service provider s network In this way normally segrega...

Страница 1154: ...tag it is filtered decapsulated and processed locally by the switch if the protocol is supported When a protocol packet is received on an access port i e an 802 1Q trunk port connecting the edge swit...

Страница 1155: ...T protocol packet i e having the destination address 01 00 0C CD CD D0 and L2PT is enabled on this port it is forwarded to other access ports in the same S VLAN for which L2PT is enabled L2PT is disab...

Страница 1156: ...the dot1q tunnel system tunnel control command and the interface configured to 802 1Q tunnel mode using the switchport dot1q tunnel mode command EXAMPLE Console config dot1q tunnel system tunnel contr...

Страница 1157: ...e protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 1138 Although not mandatory we suggest configuring a separate VLAN for each major protoco...

Страница 1158: ...ion EXAMPLE The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame type ethernet protocol type ip C...

Страница 1159: ...ocessed in the following manner If the frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is...

Страница 1160: ...tocol groups to VLANs for the selected interfaces SYNTAX show interfaces protocol vlan protocol group interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 po...

Страница 1161: ...address mask vlan vlan id priority priority no subnet vlan subnet ip address mask all ip address The IP address that defines the subnet Valid IP addresses consist of four decimal numbers 0 to 255 sepa...

Страница 1162: ...bnet 192 168 12 192 255 255 255 224 vlan 4 Console config show subnet vlan This command displays IP Subnet VLAN assignments COMMAND MODE Privileged Exec COMMAND USAGE Use this command to display subne...

Страница 1163: ...remove an assignment SYNTAX mac vlan mac address mac address vlan vlan id priority priority no mac vlan mac address mac address all mac address The source MAC address to be matched Configured MAC add...

Страница 1164: ...ddress VLAN ID Priority 00 00 00 11 22 33 10 0 Console CONFIGURING VOICE VLANS The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic VoIP traffic ca...

Страница 1165: ...on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically...

Страница 1166: ...g time to 30 seconds and voice VLAN aging time to 5 minutes then after 5 5 minutes a port will be removed from the voice VLAN when VoIP traffic is no longer received on the port Alternatively if you c...

Страница 1167: ...estrict the MAC address range Selecting FF FF FF FF FF FF specifies a single MAC address EXAMPLE The following example adds a MAC OUI to the OUI Telephony list Console config voice vlan mac address 00...

Страница 1168: ...oice vlan auto Console config if switchport voice vlan priority This command specifies a CoS priority for VoIP traffic on a port Use the no form to restore the default priority on a port SYNTAX switch...

Страница 1169: ...s in the Telephony OUI list see the voice vlan mac address command MAC address OUI numbers must be configured in the Telephony OUI list so that the switch recognizes the traffic as being from a VoIP d...

Страница 1170: ...oice vlan security Console config if show voice vlan This command displays the Voice VLAN settings on the switch and the OUI Telephony list SYNTAX show voice vlan oui status oui Displays the OUI Telep...

Страница 1171: ...1171 Eth 1 10 Disabled Disabled OUI 6 NA Console show voice vlan oui OUI Address Mask Description 00 12 34 56 78 9A FF FF FF 00 00 00 old phones 00 11 22 33 44 55 FF FF FF 00 00 00 new phones 00 98 7...

Страница 1172: ...CHAPTER 35 VLAN Commands Configuring Voice VLANs 1172...

Страница 1173: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 1174: ...icates a strict queue DEFAULT SETTING WRR COMMAND MODE Global Configuration COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of strict and w...

Страница 1175: ...igns weights to the four class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore t...

Страница 1176: ...ty mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged fra...

Страница 1177: ...default 5 Console config if RELATED COMMANDS show interfaces switchport 994 show queue mode This command shows the current queue mode COMMAND MODE Privileged Exec EXAMPLE Console show queue mode Queu...

Страница 1178: ...al format Range 0 1 Table 146 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal...

Страница 1179: ...ernal processing Note that priority tags in the original packet are not modified by this command The internal DSCP consists of three bits for per hop behavior PHB which determines the queue to which a...

Страница 1180: ...os map trust mode command and the ingress packet type is IPv4 Two QoS domains can have different DSCP definitions so the DSCP to PHB Drop Precedence mutation map can be used to modify one set of DSCP...

Страница 1181: ...g interface ethernet 1 5 Console config if qos map dscp mutation 3 1 from 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per hop...

Страница 1182: ...l be based on the DSCP value in the ingress packet If the QoS mapping mode is set to DSCP and a non IP packet is received the packet s CoS and CFI Canonical Format Indicator values are used for priori...

Страница 1183: ...ion of Eth 1 5 CoS DSCP map x y x PHB y drop precedence CoS CFI 0 1 0 0 0 0 0 1 1 0 1 0 2 2 0 2 0 3 3 0 3 0 4 4 0 4 0 5 5 0 5 0 6 6 0 6 0 7 7 0 7 0 Console show qos map dscp mutation This command show...

Страница 1184: ...6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3 3 4 0 4 1 4 0 4 3 4 0 4 1 4 0 4 3 4 5 0 5 1 5 0 5 3 5 0 5...

Страница 1185: ...SYNTAX show qos map trust mode interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 COMMAND MODE Privileged Exec EXAMPLE The following shows that...

Страница 1186: ...CHAPTER 36 Class of Service Commands Priority Commands Layer 3 and 4 1186...

Страница 1187: ...er for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an en...

Страница 1188: ...dscp command to modify the per hop behavior the class of service value in the VLAN tag or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the police comm...

Страница 1189: ...ass maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packe...

Страница 1190: ...USAGE First enter the class map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qual...

Страница 1191: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 32 characters COMMAND MODE Class Map Configur...

Страница 1192: ...rd policy Console config pmap class rd class Console config pmap c set cos 0 Console config pmap c police flow 10000 4000 conform action transmit violate action drop Console config pmap c class This...

Страница 1193: ...low 10000 4000 conform action transmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no form to r...

Страница 1194: ...ze The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else Tc...

Страница 1195: ...st Excess burst size BE in bytes Range 0 1600000 at a granularity of 4k bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service the packe...

Страница 1196: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Страница 1197: ...rtcm color blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit exceed action drop new dscp violate action drop new dscp trtcm color blind Two rate three...

Страница 1198: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Страница 1199: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service tha...

Страница 1200: ...receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate to 4000 bytes and configure the response to drop any violating packets Console config polic...

Страница 1201: ...action drop Console config pmap c set phb This command services IP traffic by setting a per hop behavior value for a matching packet as specified by the match command for internal processing Use the...

Страница 1202: ...licy map defined by the policy map command to the ingress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map name input Apply to the input...

Страница 1203: ...Match ip dscp 10 Match access list rd access Match ip dscp 0 Class Map match any rd class 2 Match ip precedence 5 Class Map match any rd class 3 Match vlan 1 Console show policy map This command displ...

Страница 1204: ...ss rd class set PHB 3 Console show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit por...

Страница 1205: ...ing displays current snooping settings and displays the multicast service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicast traffi...

Страница 1206: ...ed IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a v...

Страница 1207: ...p snooping Console config ip igmp snooping vlan static Adds an interface as a member of a multicast group GC ip igmp snooping vlan version Configures the IGMP version for snooping GC ip igmp snooping...

Страница 1208: ...fic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Console config ip igmp snooping priority 6 Console config RELATED COMMANDS show ip...

Страница 1209: ...ip igmp snooping proxy reporting Console config ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it SYNTAX no ip igmp snooping querier DEFAULT SE...

Страница 1210: ...outer Alert option 2 Also when the switch is acting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert option...

Страница 1211: ...ived and all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolici...

Страница 1212: ...When a switch receives this solicitation it floods it to all ports in the VLAN where the spanning tree change occurred When an upstream multicast router receives this solicitation it will also immedia...

Страница 1213: ...command specifies how often the upstream interface should transmit unsolicited IGMP reports when proxy reporting is enabled Use the no form to restore the default value SYNTAX ip igmp snooping unsolic...

Страница 1214: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Страница 1215: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Страница 1216: ...cific query message when an IGMPv2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the time out period The tim...

Страница 1217: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 1218: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Страница 1219: ...proxy address source address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Страница 1220: ...address of the last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for pro...

Страница 1221: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval T...

Страница 1222: ...GE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EXAMPLE T...

Страница 1223: ...port channel channel id Range 1 5 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ip igmp snooping statistics Console show ip igmp snooping This command sh...

Страница 1224: ...Leave Disabled Last Member Query Interval 10 unit 1 10s Last Member Query Count 2 General Query Suppression Disabled Query Interval 125 Query Response Interval 100 unit 1 10s Proxy Query Address 0 0...

Страница 1225: ...ag R Router port M Group member port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h m s Expire Group remaining ti...

Страница 1226: ...e SYNTAX show ip igmp snooping statistics input interface interface output interface interface query vlan vlan id interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10...

Страница 1227: ...is interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or group and...

Страница 1228: ...ip igmp snooping statistics vlan query display description Field Description Querier IP Address The IP address of the querier on this interface Querier Expire Time The time after which this querier is...

Страница 1229: ...n The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a p...

Страница 1230: ...ofile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP filtering and throttling onl...

Страница 1231: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Страница 1232: ...TTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE Console config ip i...

Страница 1233: ...ejoins the same group the join report needs to again be authenticated When receiving an IGMP v3 report message the switch will send the access request to the RADIUS server only when the record type is...

Страница 1234: ...er An IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Interface Configuration COMMAND USAGE The IGMP filtering profile must first be created with the ip igmp profile co...

Страница 1235: ...o actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it wi...

Страница 1236: ...and drops any received IGMP query packets Use the no form to restore the default setting SYNTAX no ip igmp query drop vlan vlan id vlan id A VLAN identification number Range 1 4094 DEFAULT SETTING Dis...

Страница 1237: ...fig if show ip igmp authentication This command displays the interface settings for IGMP authentication SYNTAX show ip igmp authentication interface interface interface ethernet unit port unit Unit id...

Страница 1238: ...EXAMPLE Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239 2...

Страница 1239: ...mber Range 1 10 port channel channel id Range 1 5 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Con...

Страница 1240: ...lticast Groups 0 Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets SYNTAX show ip igmp throttle interface interface interfa...

Страница 1241: ...act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configures the m...

Страница 1242: ...e SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected The querier is responsible for ask...

Страница 1243: ...G 125 seconds COMMAND MODE Global Configuration COMMAND USAGE This command applies when the switch is serving as the querier An MLD general query message is sent by the switch at the interval specifie...

Страница 1244: ...command configures the MLD Snooping robustness variable Use the no form to restore the default value SYNTAX ipv6 mld snooping robustness value no ipv6 mld snooping robustness value The number of the...

Страница 1245: ...rt i e the interface that had been receiving query packets to have expired EXAMPLE Console config ipv6 mld snooping router port expire time 300 Console config ipv6 mld snooping unknown multicast mode...

Страница 1246: ...AND MODE Global Configuration EXAMPLE Console config ipv6 mld snooping version 1 Console config ipv6 mld snooping vlan immediate leave This command immediately deletes a member port of an IPv6 multica...

Страница 1247: ...ipv6 mld snooping vlan mrouter This command statically configures an IPv6 multicast router port Use the no form to remove the configuration SYNTAX no ipv6 mld snooping vlan vlan id mrouter interface...

Страница 1248: ...ipv6 address interface vlan VLAN ID Range 1 4094 ipv6 address An IPv6 address of a multicast group Format X X X X X interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 10 por...

Страница 1249: ...face ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 port channel channel id Range 1 5 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Consol...

Страница 1250: ...IPv6 Address Member port Type 1 FF02 01 01 01 01 Eth 1 1 MLD Snooping 1 FF02 01 01 01 02 Eth 1 1 Multicast Data 1 FF02 01 01 01 02 Eth 1 1 User Console show ipv6 mld snooping group source list This co...

Страница 1251: ...pe Expire 1 Eth 1 2 Static Console MLD FILTERING AND THROTTLING In certain switch applications the administrator may want to control the multicast services that are available to end users For example...

Страница 1252: ...ltering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups The MLD filtering feature operates in the same manner when MVR is used to...

Страница 1253: ...USAGE A profile defines the multicast groups that a subscriber is permitted or denied to join The same profile can be applied to many interfaces but only one profile can be assigned to one interface E...

Страница 1254: ...e low ipv6 address high ipv6 address low ipv6 address A valid IPv6 address X X X X X of a multicast group or start of a group range high ipv6 address A valid IPv6 address X X X X X for the end of a mu...

Страница 1255: ...hat an interface can join Use the no form restore the default setting SYNTAX ipv6 mld max groups number no ipv6 mld max groups number The maximum number of multicast groups an interface can join at th...

Страница 1256: ...deny The new multicast group join report is dropped replace The new multicast group replaces an existing group DEFAULT SETTING Deny COMMAND MODE Interface Configuration Ethernet COMMAND USAGE When th...

Страница 1257: ...multicast data drop Use this command to enable multicast data guard mode on a port interface Use the no form of the command to disable multicast data guard SYNTAX no ipv6 multicast data drop DEFAULT...

Страница 1258: ...e ff05 101 ff05 103 Console show ipv6 mld profile This command displays MLD filtering profiles created on the switch SYNTAX show ipv6 mld profile profile number profile number An existing MLD filter p...

Страница 1259: ...DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Console show ipv6 mld query drop interface ethernet...

Страница 1260: ...VLANs to which the subscribers belong Table 161 Multicast VLAN Registration for IPv4 Commands Command Function Mode mvr Globally enables MVR GC mvr associated profile Binds the MVR group addresses sp...

Страница 1261: ...pecified interface within the receiver VLAN IC show mvr Shows information about MVR domain settings including MVR operational status the multicast VLAN the current number of group addresses and the up...

Страница 1262: ...1 5 profile name The name of a profile containing one or more MVR group addresses Range 1 21 characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration EXAMPLE The following an MVR group a...

Страница 1263: ...255 255 count The number of contiguous MVR group addresses Range 1 255 DEFAULT SETTING No MVR group address is defined COMMAND MODE Global Configuration COMMAND USAGE Use this command to statically c...

Страница 1264: ...COMMAND USAGE This command can be used to set a high priority for low latency multicast traffic such as a video conference or to set a low priority for normal multicast traffic not sensitive to laten...

Страница 1265: ...streams received in excess of this limitation will be flooded to all ports in the associated domain EXAMPLE The following example maps a range of MVR group addresses to a profile Console config mvr p...

Страница 1266: ...ownstream or router interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore b...

Страница 1267: ...e default setting SYNTAX mvr robustness value value no mvr robustness value value The robustness used for all interfaces Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE T...

Страница 1268: ...switch only forwards multicast streams which the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a multicast stream...

Страница 1269: ...is also the VLAN to which all source ports must be assigned Range 1 4094 DEFAULT SETTING VLAN 1 COMMAND MODE Global Configuration COMMAND USAGE This command specifies the VLAN through which MVR multic...

Страница 1270: ...g for a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list If the by host ip option is used the router querier will not...

Страница 1271: ...MVR VLAN IGMP snooping can also be used to allow a receiver port to dynamically join or leave multicast groups not sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports c...

Страница 1272: ...receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically assigned to a receiver port usi...

Страница 1273: ...ics This command clears MRV statistics SYNTAX clear mrv statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 port channel channel id Ran...

Страница 1274: ...proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enabled MVR Proxy Query Interval The interval at which the receiver port sen...

Страница 1275: ...8 1 23 10 testing 228 2 23 1 228 2 23 10 Console show mvr interface This command shows MVR configuration settings for interfaces attached to the MVR VLAN SYNTAX show mvr domain domain id interface dom...

Страница 1276: ...IP addresses igmp Entry created by IGMP protocol sort by port The multicast groups associated with an interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 po...

Страница 1277: ...Port Up time Expire Count 234 5 6 7 1 00 00 09 17 2 P 1 Eth 1 1 S 2 Eth 1 2 R Console The following example shows detailed information about a specific multicast address Console show mvr domain 1 mem...

Страница 1278: ...input interface interface output interface interface query summary interface interface mvr vlan domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Ra...

Страница 1279: ...0 1 0 Eth 1 2 5 1 4 1 DVLAN 1 7 2 3 0 MVLAN 1 7 2 3 0 Console Table 165 show mvr statistics input display description Field Description Interface Shows interfaces attached to the MVR Report The numbe...

Страница 1280: ...ace G S S Query The number of group specific or group and source specific query messages sent from this interface Table 167 show mvr statistics query display description Field Description Other Querie...

Страница 1281: ...of Groups Number of groups learned on this port Querier Transmit General Number of general queries transmitted Group Specific Number of group specific queries transmitted Received General Number of ge...

Страница 1282: ...erface mvr vlan description Field Description Domain An independent multicast domain Number of Groups Number of groups learned on this port Querier Other Querier Other IGMP querier s IP address Other...

Страница 1283: ...p Number of report leave messages dropped by MVR source port Others Drop Number of report leave messages dropped for other reasons Table 169 show mvr statistics summary interface mvr vlan description...

Страница 1284: ...or source port IC mvr6 vlan group Statically binds a multicast group to a port IC clear mvr6 groups dynamic Clears multicast group information dynamically learned through MVR6 PE clear mvr6 statistics...

Страница 1285: ...rce ports to all receiver ports that have registered to receive data from that multicast group EXAMPLE The following example enables MVR6 for domain 1 Console config mvr6 domain 1 Console config mvr6...

Страница 1286: ...separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is res...

Страница 1287: ...source port serves as the upstream or host interface and the MVR receiver port serves as the querier The source port performs only the host portion of MVR by sending summarized membership reports and...

Страница 1288: ...command configures the expected packet loss and thereby the number of times to generate report and group specific queries Use the no form to restore the default setting SYNTAX mvr6 robustness value v...

Страница 1289: ...ich the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a multicast stream is forwarded to any attached client Note...

Страница 1290: ...cast data is received Use the no form of this command to restore the default MVR VLAN SYNTAX mvr6 domain domain id vlan vlan id no mvr6 domain domain id vlan domain id An independent multicast domain...

Страница 1291: ...or a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only...

Страница 1292: ...receiver port to dynamically join or leave multicast groups not sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to access mode see the switchport mode...

Страница 1293: ...address bits DEFAULT SETTING No receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically...

Страница 1294: ...vr6 groups dynamic Console clear mvr6 statistics Use this command to clear the MVR6 statistics SYNTAX clear mvr6 statistics interface ethernet unit port port channel channel id vlan vlan id ethernet u...

Страница 1295: ...Source IP FF05 25 Console Table 171 show mvr6 display description Field Description MVR6 802 1p Forwarding Priority Priority assigned to multicast traffic forwarded into the MVR6 VLAN MVR6 Proxy Swit...

Страница 1296: ...d profile Domain ID 1 MVR Profile Name Start IPv6 Addr End IPv6 Addr rd ff01 fe ff01 ff Console show mvr6 interface This command shows MVR configuration settings for interfaces attached to the MVR VLA...

Страница 1297: ...multicast domain Range 1 5 ip address IPv6 address for an MVR multicast group DEFAULT SETTING Displays configuration settings for all domains and all forwarding entries COMMAND MODE Privileged Exec T...

Страница 1298: ...ormation about a specific multicast address Console show mvr6 domain 1 members ff00 1 MVR6 Domain 1 MVR6 Forwarding Entry Count 1 Flag S Source port R Receiver port H Host counts number of hosts join...

Страница 1299: ...MVR protocol related statistics for the specified interface SYNTAX show mvr6 statistics input output interface interface show mvr6 domain domain id statistics input interface interface output interfac...

Страница 1300: ...aces attached to the MVR Report The number of IGMP membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general query messa...

Страница 1301: ...ce Table 176 show mvr6 statistics query display description Field Description Other Querier Address The IPv6 address of the querier on this interface Other Querier Uptime Other querier s time up Other...

Страница 1302: ...CHAPTER 38 Multicast Filtering Commands MVR for IPv6 1302...

Страница 1303: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Страница 1304: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Страница 1305: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Страница 1306: ...integral to the rapid availability of Emergency Call Service EXAMPLE Console config lldp med fast start count 6 Console config lldp notification interval This command configures the allowed interval...

Страница 1307: ...fault setting SYNTAX lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval at which LLDP advertisements are sent Range 5 32768 seconds DEFAULT SETTING 30 seconds...

Страница 1308: ...restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Configuration COMMAND...

Страница 1309: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Страница 1310: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Страница 1311: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Страница 1312: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Страница 1313: ...age 1157 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its d...

Страница 1314: ...e 1158 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise lin...

Страница 1315: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command confi...

Страница 1316: ...escription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywo...

Страница 1317: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Страница 1318: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Страница 1319: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Страница 1320: ...k policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificati...

Страница 1321: ...Unit identifier Range 1 port Port number Range 1 10 port channel channel id Range 1 5 COMMAND MODE Privileged Exec EXAMPLE Console show lldp config LLDP Global Configuation LLDP Enabled Yes LLDP Trans...

Страница 1322: ...labama CA Type 2 CA Value Tuscaloosa Console show lldp info local device This command shows LLDP global and interface specific configuration settings for this device SYNTAX show lldp info local device...

Страница 1323: ...nfo remote device This command shows LLDP global and interface specific configuration settings for remote devices attached to an LLDP enabled port SYNTAX show lldp info remote device detail interface...

Страница 1324: ...lass PSE Remote power MDI supported Yes Remote power MDI enabled Yes Remote power pair controllable No Remote power pairs Spare Remote power classification Class1 Link Aggregation Link Aggregation Cap...

Страница 1325: ...ows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 10 port channel channel id Range 1 5 COMMAND MODE Privileged Exec EXAMPLE Console show lldp...

Страница 1326: ...CHAPTER 39 LLDP Commands 1326 Frames Invalid 0 Frames Received 759 Frames Sent 761 TLVs Unrecognized 0 TLVs Discarded 0 Neighbor Ageouts 0 Console...

Страница 1327: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Страница 1328: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Страница 1329: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Страница 1330: ...events discovered by continuity check messages page 1349 or cross check messages page 1353 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm...

Страница 1331: ...aintenance association name Range 1 43 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Each MA name must be unique within the CFM domain Frames with AI...

Страница 1332: ...numeric characters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm a...

Страница 1333: ...P resumes loss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Con...

Страница 1334: ...n between the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that mak...

Страница 1335: ...main index 1 name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1336 ethernet cfm enable This command enables CFM processing globally on the switch Use the...

Страница 1336: ...a maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance doma...

Страница 1337: ...2147483647 character string IEEE 802 1ag defined character string format This is an IETF RFC 2579 DisplayString icc based ITU T SG13 SG15 Y 1731 defined ICC based format DEFAULT SETTING character str...

Страница 1338: ...ance domain at the same level as the MEP to be configured using the ethernet cfm domain command 2 maintenance association within the domain using the ma index name command and 3 finally the MEP using...

Страница 1339: ...le config interface ethernet 1 1 Console config if ethernet cfm port enable Console config if clear ethernet cfm ais mpid This command clears AIS defect information for the specified MEP SYNTAX clear...

Страница 1340: ...ifier Range 1 port Port number Range 1 10 port channel channel id Range 1 5 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the global settings for CFM Console show ethern...

Страница 1341: ...received from a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a...

Страница 1342: ...rimary VID CC Interval MIP Creation steve 1 voip 1 4 Default Console show ethernet cfm maintenance points local This command displays the maintenance points configured on this device SYNTAX show ether...

Страница 1343: ...rd Console show ethernet cfm maintenance points local mep MPID MD Name Level Direct VLAN Port CC Status MAC Address 1 rd 0 UP 1 Eth 1 1 Enabled 00 12 CF 3A A8 C0 Console show ethernet cfm maintenance...

Страница 1344: ...format of the Maintenance Association name including primary VID character string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction...

Страница 1345: ...AULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mpid keyword with this command to display information about a specific maintenance point or use the mac keyword to display informat...

Страница 1346: ...he last CCM message about this MEP has been in the CCM database Frame Loss Percentage of transmitted frames lost CC Packet Statistics received error The number of CCM packets received successfully and...

Страница 1347: ...ute 7 10 minutes DEFAULT SETTING 4 100 ms COMMAND MODE Global Configuration COMMAND USAGE CCMs provide a means to discover other MEPs and to detect connectivity failures in an MA If any MEP fails to r...

Страница 1348: ...connectivity to all other MEPs MIPs in the MA Each CCM received is checked to verify that the MEP identifier field sent in the message does not match its own MEPID which would indicate a duplicate MEP...

Страница 1349: ...trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which has recovered from an error condition mep up Sends a trap if a remote MEP is discovere...

Страница 1350: ...ts the aging time for missing MEPs in the CCM database to 30 minutes Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep archive hold time 30 Console config ether...

Страница 1351: ...AND MODE Privileged Exec COMMAND USAGE Use this command without any keywords to clear all entries in the error database Use the domain keyword to clear the error database for a specific domain or the...

Страница 1352: ...ude LEAK MA x is associated with a specific VID list one or more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and som...

Страница 1353: ...eck operations between statically configured MEPs and those learned via continuity check messages CCMs Use the no form to restore disable these traps SYNTAX no snmp server enable traps ethernet cfm cr...

Страница 1354: ...eck mpid mpid ma ma name mpid Identifier for a maintenance end point which exists on another CFM enabled device within the same MA Range 1 8191 ma name Maintenance association name Range 1 43 alphanum...

Страница 1355: ...ain name ma ma name enable Starts the cross check process disable Stops the cross check process domain name Domain name Range 1 43 alphanumeric characters ma name MA name Range 1 43 alphanumeric chara...

Страница 1356: ...k MPID MA Name Level VLAN MEP Up Remote MAC 2 downtown 4 2 Yes 00 0D 54 FC A2 73 Console Link Trace Operations ethernet cfm linktrace cache This command enables caching of CFM data learned through lin...

Страница 1357: ...time minutes minutes The aging time for entries stored in the link trace cache Range 1 65535 minutes DEFAULT SETTING 100 minutes COMMAND MODE Global Configuration COMMAND USAGE Before setting the agin...

Страница 1358: ...Console config ethernet cfm linktrace This command sends CFM link trace messages to the MAC address of a remote MEP SYNTAX ethernet cfm linktrace dest mep destination mpid src mep source mpid dest me...

Страница 1359: ...isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Fault isolation is even more challenging since the MAC address of th...

Страница 1360: ...could be returned for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be fals...

Страница 1361: ...nce association name Range 1 43 alphanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes DE...

Страница 1362: ...NTAX mep fault notify alarm time alarm time no fault notify alarm time alarm time The time that one or more defects must be present before a fault alarm is generated Range 3 10 seconds DEFAULT SETTING...

Страница 1363: ...mand The state machine transmits no further fault alarms until it is reset by the passage of a configured time period see the mep fault notify reset time command without a defect indication The normal...

Страница 1364: ...generated Range 3 10 seconds DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration EXAMPLE This example sets the reset time after which another fault alarm can be generated Console config e...

Страница 1365: ...rm Time Reset Time voip rd none macRemErrXcon 3sec 10sec Console Table 187 show fault notify generator display description Field Description MD Name The maintenance domain for this entry MA Name The m...

Страница 1366: ...xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to retry...

Страница 1367: ...p at the time of transmitting a frame with DM reply information Frame Delay RxTimeStampb TxTimeStampf TxTimeStampb RxTimeStampf The MEP can also make two way frame delay variation measurements based o...

Страница 1368: ...CHAPTER 40 CFM Commands Delay Measure Operations 1368...

Страница 1369: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Страница 1370: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Страница 1371: ...itical link event dying gasp Console config if efm oam link monitor frame This command enables reporting of errored frame link events Use the no form to disable this function SYNTAX no efm oam link mo...

Страница 1372: ...LV includes the number of errored frames detected during the specified period EXAMPLE Console config interface ethernet 1 1 Console config if efm oam link monitor frame threshold 5 Console config if e...

Страница 1373: ...sets the OAM mode on the specified port Use the no form to restore the default setting SYNTAX efm oam mode active passive no efm oam mode active All OAM functions are enabled passive All OAM functions...

Страница 1374: ...of ports Range 1 10 COMMAND MODE Privileged Exec EXAMPLE Console clear efm oam counters Console RELATED COMMANDS show efm oam counters interface 1377 clear efm oam event log This command clears all e...

Страница 1375: ...to start OAM remote loop back test mode on the specified port Afterwards use the efm oam remote loopback test command page 1376 to start sending test packets Then use the efm oam remote loopback stop...

Страница 1376: ...ommand to perform an OAM remote loopback test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loopback mode...

Страница 1377: ...ification 0 0 1 1 Loopback Control 1 0 1 1 Organization Specific 76 0 Console show efm oam event log interface This command displays the OAM event log for the specified port s or for all ports that ha...

Страница 1378: ...nsole clear efm oam event log Use he clear efm oam event log command to clear the event log Console show efm oam event log interface 1 1 Console This command can show OAM dying gasp changes for link p...

Страница 1379: ...9 0 01 Console show efm oam status interface This command displays OAM configuration settings and event counters SYNTAX show efm oam status interface interface list brief interface unit port unit Unit...

Страница 1380: ...information about attached OAM enabled devices SYNTAX show efm oam status remote interface interface list interface list unit port unit Unit identifier Range 1 port Port number or list of ports To en...

Страница 1381: ...me Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 127 characters DEFAULT SETTING None Table 189 Address Table Commands Command Function Mode...

Страница 1382: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Страница 1383: ...83 ip name server 1385 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use...

Страница 1384: ...ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use the no ip...

Страница 1385: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Страница 1386: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 1387: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Страница 1388: ...nsole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yaho...

Страница 1389: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1390: ...CHAPTER 42 Domain Name Service Commands 1390...

Страница 1391: ...roup Function DHCP Client Allows interfaces to dynamically acquire IP address information DHCP Relay Option 82 Relays DHCP requests from local hosts to a remote DHCP server Table 193 DHCP Client Comma...

Страница 1392: ...the default setting This command is used to identify the vendor class and configuration of the switch to the DHCP server which then uses this information to decide on how to service the client or the...

Страница 1393: ...me address Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip interface VLAN 1 is Administrative Up Link Up Address...

Страница 1394: ...YNTAX ipv6 dhcp restart client vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated by commas Range 1 4094 DEFAU...

Страница 1395: ...f servers by sending a solicit message and collecting advertised message replies These servers are then ranked based on their advertised preference value If the client needs to acquire prefixes from s...

Страница 1396: ...how ipv6 dhcp vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated by commas Range 1 4094 Maximum command length...

Страница 1397: ...erts its own IP address into the request so that the DHCP server will know the subnet where the client is located Then the switch forwards the packet to a DHCP server on another network When the serve...

Страница 1398: ...d ip address encode ascii hex mac address encode ascii hex string string no ip dhcp rely information option encode no subtype remote id ip address encode mac address encode encode no subtype Disables...

Страница 1399: ...client server exchange messages to be forwarded between the server and client without having to flood them onto the entire VLAN DHCP request packets received by the switch are handled as follows If a...

Страница 1400: ...ce connected to the requesting client and unicasts the reply packet to the client DHCP packets are flooded onto the VLAN which received them if DHCP relay service is enabled on the switch and any of t...

Страница 1401: ...e VLAN that received it instead of relaying it keep Retains the Option 82 information in the client request inserts the relay agent s address and unicasts the packet to the DHCP server replace Replace...

Страница 1402: ...tion option 1398 ip dhcp relay server 1397 ip dhcp snooping 906 show ip dhcp relay This command displays the configuration settings for DHCP relay service COMMAND MODE Privileged Exec EXAMPLE Console...

Страница 1403: ...must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and...

Страница 1404: ...efault gateway Refer to the ip default gateway command which provides the same function bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP DEFAULT SETTING DHCP COMMAND MODE Interfac...

Страница 1405: ...ss space If bootp or dhcp options are selected the system will immediately start broadcasting service requests for all VLANs configured to obtain address assignments through BOOTP or DHCP IP is enable...

Страница 1406: ...an only be successfully set when a network interface that directly connects to the gateway has been configured on the switch A gateway must be defined if the management station is located in a differe...

Страница 1407: ...255 255 0 Console RELATED COMMANDS ip address 1404 show ipv6 interface 1423 show ip traffic This command displays statistics for IP ICMP UDP TCP and ARP protocols COMMAND MODE Privileged Exec EXAMPLE...

Страница 1408: ...mp request messages timestamp reply messages source quench messages address mask request messages address mask reply messages UDP Statistics input no port errors other errors output TCP Statistics 784...

Страница 1409: ...the target device If the target device does not respond or other errors are detected the switch will indicate this by one of the following messages No Response H Host Unreachable N Network Unreachable...

Страница 1410: ...e page 1382 If necessary local devices can also be specified in the DNS static host table see page 1384 EXAMPLE Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packe...

Страница 1411: ...acket is sent to re establish the MAC address The aging time determines how long dynamic entries remain in the cache If the timeout is too short the switch may tie up resources by repeating ARP reques...

Страница 1412: ...tal entry 4 Console IPV6 INTERFACE This switch supports the following IPv6 interface commands Table 199 IPv6 Configuration Commands Command Function Mode Interface Address Configuration and Utilities...

Страница 1413: ...cs about IPv6 traffic NE PE clear ipv6 traffic Resets IPv6 traffic counters PE ping6 Sends IPv6 ICMP echo request packets to another node on the network PE traceroute6 Shows the route packets take to...

Страница 1414: ...fully set when a network interface that directly connects to the gateway has been configured on the switch EXAMPLE The following example defines a default gateway for this device Console config ipv6 d...

Страница 1415: ...prefix of FE80 and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console EXAMPLE This example specifies a...

Страница 1416: ...and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console When DHCPv6 is restarted the switch may attempt...

Страница 1417: ...how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address DEFAULT SETTING No IPv6 addresses are defined COMMAND MODE Interface Configuration VLA...

Страница 1418: ...sulting in a modified EUI 64 interface identifier of 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device as...

Страница 1419: ...exadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields And the address prefix must be in the range of FE80 FEBF...

Страница 1420: ...t has not been configured with an explicit IPv6 address Use the no form to disable IPv6 on an interface that has not been configured with an explicit IPv6 address SYNTAX no ipv6 enable DEFAULT SETTING...

Страница 1421: ...of DAD attempts 3 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds...

Страница 1422: ...d on an interface before the MTU can be set EXAMPLE The following example sets the MTU for VLAN 1 to 1280 bytes Console config interface vlan 1 Console config if ipv6 mtu 1280 Console config if RELATE...

Страница 1423: ...d to fill the undefined fields prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address COMMAND...

Страница 1424: ...k transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1...

Страница 1425: ...ssing through this switch COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows statistics for all IPv6 unicast and multicast traffic as well as ICMP UDP and TCP statistics Cons...

Страница 1426: ...solicit messages neighbor advertisement messages redirect messages group membership query messages group membership response messages group membership reduction messages multicast listener discovery...

Страница 1427: ...truncated packets The number of input datagrams discarded because datagram frame didn t carry enough data discards The number of input IPv6 datagrams for which no problems were encountered to prevent...

Страница 1428: ...Pv6 datagrams that have been successfully fragmented at this output interface fragment failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output...

Страница 1429: ...e exceeded messages The number of ICMP Time Exceeded messages sent by the interface parameter problem message The number of ICMP Parameter Problem messages sent by the interface echo request messages...

Страница 1430: ...ddress to indicate the appropriate number of zeros required to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain name server count Numb...

Страница 1431: ...IPv6 address before trying to resolve it into an IPv4 address EXAMPLE Console ping6 FE80 2E0 CFF FE00 FC 1 64 Type ESC to abort PING to FE80 2E0 CFF FE00 FC 1 64 by 5 32 byte payload ICMP packets time...

Страница 1432: ...exceeded or the maximum number of hops is exceeded The traceroute command first sends probe datagrams with the TTL value set at one This causes the first router to discard the datagram and return an e...

Страница 1433: ...t interface are placed in a pending state Duplicate address detection is automatically restarted when the interface is administratively re activated An interface that is re activated restarts duplicat...

Страница 1434: ...TU is 1500 bytes ND DAD is enabled number of DAD attempts 5 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND a...

Страница 1435: ...net is 2009 db9 2229 0 64 Joined group address es ff01 1 16 ff02 1 16 ff02 1 ff00 79 104 ff02 1 ff90 0 104 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 5 ND retransmit interval...

Страница 1436: ...1 Console config if pv6 nd raguard Console config if ipv6 nd reachable time This command configures the amount of time that a remote IPv6 node is considered reachable after some reachability confirmat...

Страница 1437: ...ort unit Unit identifier Range 1 port Port number Range 1 10 port channel channel id Range 1 5 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd raguard interface ethernet 1 1 Interface RA Gua...

Страница 1438: ...apping RFC 4293 R Reachable Positive confirmation was received within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACH state the device takes no spe...

Страница 1439: ...ding This section describes commands used to configure ND Snooping Table 204 ND Snooping Commands Command Function Mode ipv6 nd snooping Enables ND snooping globally or on a specified VLAN or range of...

Страница 1440: ...le according to the Prefix Information option in the RA message The prefix table records prefix prefix length valid lifetime as well as the VLAN and port interface which received the message If an RA...

Страница 1441: ...e enables ND snooping globally and on VLAN 1 Console config ipv6 nd snooping Console config ipv6 nd snooping vlan 1 Console config ipv6 nd snooping auto detect This command enables automatic validatio...

Страница 1442: ...f no RA message is received is set to the retransmit count x the retransmit interval see the ipv6 nd snooping auto detect retransmit interval command Based on the default settings this is 3 seconds EX...

Страница 1443: ...le Use the no form to restore the default setting SYNTAX ipv6 nd snooping prefix timeout timeout no ipv6 nd snooping prefix timeout timeout The time to wait for an RA message to confirm that a prefix...

Страница 1444: ...nfig ipv6 nd snooping trust This command configures a port as a trusted interface from which prefix information in RA messages can be added to the prefix table or NS messages can be forwarded without...

Страница 1445: ...d Exec EXAMPLE Console clear ipv6 nd snooping binding Console show ipv6 nd snooping binding MAC Address IPv6 Address Lifetime VLAN Interface Console clear ipv6 nd snooping prefix This command clears a...

Страница 1446: ...VLANs VLAN 1 Interface Trusted Max binding Eth 1 1 Yes 1 Eth 1 2 No 5 Eth 1 3 No 5 Eth 1 4 No 5 Eth 1 5 No 5 show ipv6 nd snooping binding This command shows all entries in the dynamic user binding t...

Страница 1447: ...D Snooping 1447 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd snooping prefix Prefix entry timeout 100 second Prefix Len Valid Time Expire VLAN Interface 2001 b000 64 2592000 100 1 Eth 1 1...

Страница 1448: ...CHAPTER 44 IP Interface Commands ND Snooping 1448...

Страница 1449: ...DICES This section provides additional information and includes these items Troubleshooting on page 1457 Software Specifications on page 1451 License Information on page 1459 Compliances and Safety St...

Страница 1450: ...SECTION IV Appendices 1450...

Страница 1451: ...1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttl...

Страница 1452: ...yer 2 IPv4 Multicast VLAN Registration ADDITIONAL FEATURES BOOTP Client Connectivity Fault Management DHCP Client DNS Client Proxy ERPS Ethernet Ring Protection Switching LLDP Link Layer Discover Prot...

Страница 1453: ...2 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO I...

Страница 1454: ...tion MIB IEEE 802 3ad MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 partial implementation for...

Страница 1455: ...APPENDIX A Software Specifications Management Information Bases 1455 UDP MIB RFC 2013...

Страница 1456: ...APPENDIX A Software Specifications Management Information Bases 1456...

Страница 1457: ...connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting a...

Страница 1458: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1459: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1460: ...ded that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work th...

Страница 1461: ...am is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so lon...

Страница 1462: ...you may choose any version ever published by the Free Software Foundation 11 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write...

Страница 1463: ...022 2006 EMC Limit class A for harmonic current emission according to EN 61000 3 2 2000 A2 2005 Limitation of voltage fluctuation and flicker in low voltage supply system according to EN 61000 3 3 199...

Страница 1464: ...APPENDIX D Compliances and Safety Statements CE Mark Declaration of Conformance for EMI and Safety EEC 1464...

Страница 1465: ...by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce p...

Страница 1466: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 1467: ...allows switches to assign endstations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks IEEE 802 1P An IEEE standard for providing quality of servi...

Страница 1468: ...g to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IN BAND MANAGEMENT Management of the network from a...

Страница 1469: ...is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers This process allows IGMP enabled devices to determine where to send m...

Страница 1470: ...tunneling is designed for service providers carrying traffic for multiple customers across their networks It is used to maintain customer specific VLAN and Layer 2 protocol configurations even when d...

Страница 1471: ...k systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network TACACS Terminal Access Controller Access Control System Plus...

Страница 1472: ...al LAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup...

Страница 1473: ...nfigure note 716 boot system 727 bridge ext gvrp 1132 C calendar set 772 capabilities 983 channel group 1012 class 1192 class map 1188 clear access list hardware counters 979 clear arp cache 1411 clea...

Страница 1474: ...riod 860 dot1x timeout re authperiod 861 dot1x timeout start period 866 dot1x timeout supp timeout 861 dot1x timeout tx period 862 E efm oam 1370 efm oam critical link event 1370 efm oam link monitor...

Страница 1475: ...nooping tcn flood 1211 ip igmp snooping tcn query solicit 1212 ip igmp snooping unregistered data flood 1212 ip igmp snooping unsolicited report interval 1213 ip igmp snooping version 1214 ip igmp sno...

Страница 1476: ...16 lacp timeout 1017 line 738 lldp 1305 lldp admin status 1309 lldp basic tlv management ip address 1309 lldp basic tlv port description 1310 lldp basic tlv system capabilities 1311 lldp basic tlv sys...

Страница 1477: ...890 network access link detection 891 network access link detection link down 891 network access link detection link up 892 network access link detection link up down 893 network access mac filter 88...

Страница 1478: ...ge ext 1135 show cable diagnostics 1005 show calendar 772 show class map 1203 show cluster 781 show cluster candidates 781 show cluster members 781 show discard 991 show dns 1387 show dns cache 1388 s...

Страница 1479: ...ow ipv6 source guard 937 show ipv6 source guard binding 938 show ipv6 traffic 1425 show l2protocol tunnel 1156 show lacp 1018 show line 748 show lldp config 1321 show lldp info local device 1322 show...

Страница 1480: ...server enable port traps atc multicast control release 1049 snmp server enable port traps mac notification 793 snmp server enable traps 790 snmp server engine id 794 snmp server group 796 snmp server...

Страница 1481: ...traffic segmentation 952 traffic segmentation session 953 traffic segmentation uplink downlink 954 traffic segmentation uplink to uplink 955 transceiver monitor 996 transceiver threshold current 997 t...

Страница 1482: ...COMMAND LIST 1482...

Страница 1483: ...ended 360 367 964 966 IPv6 Standard 360 365 964 965 MAC 360 369 970 Standard IPv6 964 time range 356 773 Address Resolution Protocol See ARP address table 229 1065 aging time 232 1065 aging time displ...

Страница 1484: ...ment access 492 777 command line interface See CLI committed burst size QoS policy 297 298 299 1193 1195 1197 committed information rate QoS policy 297 298 299 1193 1195 1197 community string 92 466 7...

Страница 1485: ...ng traffic configuring response 300 1193 1195 1197 DNS default domain name 597 1383 displaying the cache 602 1388 domain name list 597 1384 1386 enabling lookup 597 1382 name server list 597 1385 stat...

Страница 1486: ...snooping 616 1207 snooping query parameters 618 1206 snooping configuring 618 1206 snooping immediate leave 628 1216 IGMP services displaying 633 1224 IGMP snooping configuring 626 1206 enabling per...

Страница 1487: ...lay device information 439 442 1323 displaying remote information 442 1323 interface attributes configuring 433 1309 1320 local device information displaying 439 1322 message attributes 433 1303 messa...

Страница 1488: ...ticast block on specified ports 1236 multicast filtering 615 1205 enabling IGMP snooping 628 1207 enabling IGMP snooping per interface 626 1207 enabling MLD snooping 643 1242 router configuration 622...

Страница 1489: ...QoS policy 293 297 policy map description 1189 DiffServ 293 1191 port authentication 389 854 856 port power inline 452 maximum allocation 452 PSE from attached devices 452 port priority configuring 2...

Страница 1490: ...8 812 statistics collection 489 811 statistics displaying 490 813 RSA encryption 351 352 850 RSTP 239 1075 global settings configuring 244 1075 global settings displaying 249 1096 interface settings c...

Страница 1491: ...ystem logs 426 751 system software downloading from server 124 728 T TACACS logon authentication 314 826 settings 316 826 TCN flood 619 1211 general query solicitation 620 1212 Telnet configuring 143...

Страница 1492: ...face configuration 221 1158 protocol system configuration 219 1158 PVID 203 1143 tunneling unknown groups 194 1144 voice 305 1164 voice VLANs 305 1164 detecting VoIP devices 306 1165 enabling for port...

Страница 1493: ......

Страница 1494: ...ECS3510 10PD E032014 ST R03 149100000179A...

Отзывы:

Нет отзывов

Похожие инструкции для ECS3510-10PD

D-Link DXS-5000-54S Quick Installation Manual preview
DXS-5000-54S
Бренд: D-Link Страницы: 17
H3C S5560S-EI Series Troubleshooting Manual preview
S5560S-EI Series
Бренд: H3C Страницы: 37
3Com OfficeConnect WX4400 Reference Manual preview
OfficeConnect WX4400
Бренд: 3Com Страницы: 528
IMC Networks iMcV-Giga-FiberLinX-II Operation Manual preview
iMcV-Giga-FiberLinX-II
Бренд: IMC Networks Страницы: 60
PureLink HDS-21R Owner'S Manual preview
HDS-21R
Бренд: PureLink Страницы: 10
TAXON TOOLS Scart Switch Manual preview
Scart Switch
Бренд: TAXON TOOLS Страницы: 9
Televes 719601 User Manual preview
719601
Бренд: Televes Страницы: 24
Black Box LB9007A-SC-R Installation preview
LB9007A-SC-R
Бренд: Black Box Страницы: 2
NewStar NS-211KA User Manual preview
NS-211KA
Бренд: NewStar Страницы: 10
Lantech IPES-2208CA User Manual preview
IPES-2208CA
Бренд: Lantech Страницы: 146
Kramer VS-211X Quick Start Manual preview
VS-211X
Бренд: Kramer Страницы: 2
DANLERS CESFPIRSV Installation Notes preview
CESFPIRSV
Бренд: DANLERS Страницы: 2
Gefen HDMI-341 User Manual preview
HDMI-341
Бренд: Gefen Страницы: 12
D+H GE 650 Set Original Instructions Manual preview
GE 650 Set
Бренд: D+H Страницы: 16
Kinesis JSB User Manual preview
JSB
Бренд: Kinesis Страницы: 12
AMERITRON RCS-12 Instruction Manual preview
RCS-12
Бренд: AMERITRON Страницы: 16
Honeywell Home 50027910-001 Installation Instructions preview
50027910-001
Бренд: Honeywell Home Страницы: 4
Hama 00 012190 Operating Instructions Manual preview
00 012190
Бренд: Hama Страницы: 36

Бренды по названию

Популярные бренды

Загрузить еще бренды