manualshive.com logo in svg

Edge-Core ECS4110-28T, Руководство по управлению, Страница: 388 / 1514

Поделиться
Скачать
Edge-Core ECS4110-28T Скачать руководство пользователя страница 388

C

HAPTER

 13

  |  Security Measures

Configuring 802.1X Port Authentication

–  388  –

users to first submit credentials for authentication. Access to all switch 

ports in a network can be centrally controlled from a server, which means 

that authorized users can use the same credentials for authentication from 

any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) 

to exchange authentication protocol messages with the client, and a 

remote RADIUS authentication server to verify user identity and access 

rights. When a client (i.e., Supplicant) connects to a switch port, the switch 

(i.e., Authenticator) responds with an EAPOL identity request. The client 

provides its identity (such as a user name) in an EAPOL response to the 

switch, which it forwards to the RADIUS server. The RADIUS server verifies 

the client identity and sends an access challenge back to the client. The 
EAP packet from the RADIUS server contains not only the challenge, but 

the authentication method to be used. The client can reject the 

authentication method and request another, depending on the 

configuration of the client software and the RADIUS server. The encryption 

method used to pass authentication messages can be MD5 (Message-

Digest 5), TLS (Transport Layer Security), PEAP (Protected Extensible 

Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The 

client responds to the appropriate method with its credentials, such as a 

password or certificate. The RADIUS server verifies the client credentials 

and responds with an accept or reject packet. If authentication is 

successful, the switch allows the client to access the network. Otherwise, 

non-EAP traffic on the port is blocked or assigned to a guest VLAN based on 

the “intrusion-action” setting. In “multi-host” mode, only one host 

connected to a port needs to pass authentication for all other hosts to be 

granted network access. Similarly, a port can become unauthorized for all 

hosts if one attached host fails re-authentication or sends an EAPOL logoff 

message.

Figure 209:  Configuring Port Authentication

The operation of 802.1X on the switch requires the following:

The switch must have an IP address assigned.

RADIUS authentication must be enabled on the switch and the IP 

address of the RADIUS server specified.

802.1X must be enabled globally for the switch.

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

Содержание ECS4110-28T

Страница 1: ...Management Guide www edge core com ECS4110 28T 28P 52T 52P 28 52 Port Gigabit Ethernet Layer 2 Switch...

Страница 2: ......

Страница 3: ...ITCH Layer 2 Managed Switch with 24 10 100 1000BASE T RJ 45 PoE Ports and 4 Gigabit SFP Ports ECS4110 52T GIGABIT ETHERNET SWITCH Layer 2 Managed Switch with 48 10 100 1000BASE T RJ 45 Ports and 4 Gig...

Страница 4: ......

Страница 5: ...e used throughout this guide to show information NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could c...

Страница 6: ...section Displaying Transceiver Data on page 170 Added Timout Mode under Configuring a Dynamic Trunk on page 179 Added the section Configuring Load Balancing on page 189 Updated information under Traff...

Страница 7: ...ter list under Configuring Port Security on page 385 Added the parameter Re authentication Max Retries under Configuring Port Authenticator Settings for 802 1X on page 390 Updated the parameter list f...

Страница 8: ...section Multicast VLAN Registration for IPv6 on page 621 Added new parameters under Configuring IPv6 Interface Settings on page 644 Added the section Specifying a DHCP Client Identifier on page 669 A...

Страница 9: ...g on page 846 Added the command dot1x max reauth req on page 866 Added the section PPPoE Intermediate Agent on page 880 Added the commands mac learning on page 890 port security mac address as permane...

Страница 10: ...iver Threshold Configuration on page 1009 Added the commands port channel load balance on page 1022 lacp timeout on page 1029 and show port channel load balance on page 1033 Added the commands power m...

Страница 11: ...queue on page 1206 Updated syntax for the commands class map on page 1208 and match on page 1210 Added the commands ip igmp snooping priority on page 1228 clear ip igmp snooping groups dynamic on page...

Страница 12: ...452 ipv6 nd raguard on page 1454 show ipv6 nd raguard on page 1456 and ipv6 nd reachable time on page 1455 Added the section ND Snooping on page 1458 Added the chapter IP Routing Commands on page 1467...

Страница 13: ...tch 85 Configuration Options 85 Required Connections 86 Remote Connections 87 Basic Configuration 87 Console Connection 87 Setting Passwords 88 Setting an IP Address 89 Downloading a Configuration Fil...

Страница 14: ...System Files 132 Automatic Operation Code Upgrade 133 Setting the System Clock 137 Setting the Time Manually 137 Setting the SNTP Polling Interval 138 Configuring NTP 139 Configuring Time Servers 140...

Страница 15: ...IEEE 802 1Q VLANs 199 Configuring VLAN Groups 202 Adding Static Members to VLANs 205 Configuring Dynamic VLAN Registration 209 IEEE 802 1Q Tunneling 212 Enabling QinQ Tunneling on the Switch 216 Crea...

Страница 16: ...ring ATC Thresholds and Responses 269 10 CLASS OF SERVICE 273 Layer 2 Queue Settings 273 Setting the Default Priority for Interfaces 273 Selecting the Queue Mode 274 Mapping CoS Values to Egress Queue...

Страница 17: ...Port Link Detection 336 Configuring a MAC Address Filter 337 Displaying Secure MAC Address Information 339 Configuring HTTPS 341 Configuring Global Settings for HTTPS 341 Replacing the Default Secure...

Страница 18: ...urce Guard 401 Configuring Static Bindings for IPv4 Source Guard 403 Displaying Information for Dynamic IPv4 Source Guard Bindings 405 IPv6 Source Guard 406 Configuring Ports for IPv6 Source Guard 406...

Страница 19: ...mote SNMPv3 Users 469 Specifying Trap Managers 472 Creating SNMP Notification Logs 476 Showing SNMP Statistics 478 Remote Monitoring 480 Configuring RMON Alarms 481 Configuring RMON Events 483 Configu...

Страница 20: ...us of Remote Interfaces 561 Configuring a Remote Loop Back Test 562 Displaying Results of Remote Loop Back Testing 564 15 MULTICAST FILTERING 567 Overview 567 Layer 2 IGMP Snooping and Query for IPv4...

Страница 21: ...nfiguring MVR6 Domain Settings 624 Configuring MVR6 Group Address Profiles 625 Configuring MVR6 Interface Status 628 Assigning Static MVR6 Multicast Groups to Interfaces 630 Displaying MVR6 Receiver G...

Страница 22: ...uting Protocols 682 Configuring IP Routing Interfaces 682 Configuring Local and Remote Interfaces 682 Using the Ping Function 683 Using the Trace Route Function 684 Address Resolution Protocol 686 Pro...

Страница 23: ...ation 710 enable 711 quit 712 show history 712 configure 713 disable 714 reload Privileged Exec 714 show reload 715 end 715 exit 715 21 SYSTEM MANAGEMENT COMMANDS 717 Device Designation 717 hostname 7...

Страница 24: ...show version 734 show watchdog 734 watchdog software 735 Frame Size 735 jumbo frame 735 File Management 736 General Commands 737 boot system 737 copy 738 delete 741 dir 742 whichboot 743 Automatic Cod...

Страница 25: ...logging host 761 logging on 761 logging trap 762 clear log 763 show log 763 show logging 764 SMTP Alerts 766 logging sendmail 766 logging sendmail host 766 logging sendmail level 767 logging sendmail...

Страница 26: ...e 785 Switch Clustering 786 cluster 787 cluster commander 787 cluster ip pool 788 cluster member 789 rcommand 789 show cluster 790 show cluster members 790 show cluster candidates 791 22 SNMP COMMANDS...

Страница 27: ...snmp notify filter 813 Additional Trap Commands 813 memory 813 process cpu 814 23 REMOTE MONITORING COMMANDS 815 rmon alarm 816 rmon event 817 rmon collection history 818 rmon collection rmon1 819 sh...

Страница 28: ...retransmit 836 tacacs server timeout 837 show tacacs server 837 AAA 838 aaa accounting commands 838 aaa accounting dot1x 839 aaa accounting exec 840 aaa accounting update 841 aaa authorization exec 8...

Страница 29: ...n 862 General Commands 863 dot1x default 863 dot1x eapol pass through 864 dot1x system auth control 865 Authenticator Commands 865 dot1x intrusion action 865 dot1x max reauth req 866 dot1x max req 866...

Страница 30: ...poe intermediate agent info 885 show pppoe intermediate agent statistics 886 25 GENERAL SECURITY MEASURES 889 Port Security 890 mac learning 890 port security 891 port security mac address as permanen...

Страница 31: ...ow web auth 914 show web auth interface 914 show web auth summary 915 DHCPv4 Snooping 915 ip dhcp snooping 916 ip dhcp snooping information option 918 ip dhcp snooping information policy 919 ip dhcp s...

Страница 32: ...g blocked 941 show ip source guard 941 show ip source guard binding 942 IPv6 Source Guard 943 ipv6 source guard binding 943 ipv6 source guard 945 ipv6 source guard max binding 946 show ipv6 source gua...

Страница 33: ...ation 963 traffic segmentation session 964 traffic segmentation uplink downlink 965 traffic segmentation uplink to uplink 966 show traffic segmentation 967 26 ACCESS CONTROL LISTS 969 IPv4 ACLs 969 ac...

Страница 34: ...description 998 discard 999 flowcontrol 1000 media type 1001 negotiation 1001 shutdown 1002 speed duplex 1002 clear counters 1004 show discard 1004 show interfaces brief 1005 show interfaces counters...

Страница 35: ...terface 1026 lacp port priority 1027 lacp system priority 1028 lacp admin key Port Channel 1028 lacp timeout 1029 Trunk Status Display Commands 1030 show lacp 1030 show port channel load balance 1033...

Страница 36: ...control auto control release 1066 auto traffic control control release 1067 SNMP Trap Commands 1067 snmp server enable port traps atc broadcast alarm clear 1067 snmp server enable port traps atc broad...

Страница 37: ...dynamic 1087 show mac address table 1087 show mac address table aging time 1088 show mac address table count 1089 35 SPANNING TREE COMMANDS 1091 spanning tree 1092 spanning tree cisco prestandard 109...

Страница 38: ...ree port priority 1112 spanning tree root guard 1113 spanning tree spanning disabled 1114 spanning tree tc prop stop 1114 spanning tree loopback detection release 1115 spanning tree protocol migration...

Страница 39: ...configuration 1154 Editing VLAN Groups 1155 vlan database 1155 vlan 1156 Configuring VLAN Interfaces 1157 interface vlan 1157 switchport acceptable frame types 1158 switchport allowed vlan 1159 switc...

Страница 40: ...vlan protocol group 1181 Configuring IP Subnet VLANs 1182 subnet vlan 1183 show subnet vlan 1184 Configuring MAC Based VLANs 1184 mac vlan 1185 show mac vlan 1186 Configuring Voice VLANs 1186 voice v...

Страница 41: ...1217 set cos 1219 set ip dscp 1220 set phb 1221 service policy 1222 show class map 1223 show policy map 1223 show policy map interface 1224 40 MULTICAST FILTERING COMMANDS 1225 IGMP Snooping 1226 ip...

Страница 42: ...ip igmp snooping statistics 1243 show ip igmp snooping 1243 show ip igmp snooping group 1244 show ip igmp snooping mrouter 1245 show ip igmp snooping statistics 1246 Static Multicast Routing 1249 ip i...

Страница 43: ...dynamic 1269 clear ipv6 mld snooping statistics 1270 show ipv6 mld snooping 1270 show ipv6 mld snooping group 1271 show ipv6 mld snooping group source list 1271 show ipv6 mld snooping mrouter 1272 ML...

Страница 44: ...293 show mvr associated profile 1295 show mvr interface 1295 show mvr members 1296 show mvr profile 1298 show mvr statistics 1298 MVR for IPv6 1303 mvr6 associated profile 1304 mvr6 domain 1305 mvr6 p...

Страница 45: ...asic tlv port description 1330 lldp basic tlv system capabilities 1331 lldp basic tlv system description 1331 lldp basic tlv system name 1332 lldp dot1 tlv proto ident 1332 lldp dot1 tlv proto vid 133...

Страница 46: ...1362 show ethernet cfm ma 1362 show ethernet cfm maintenance points local 1363 show ethernet cfm maintenance points local detail mep 1364 show ethernet cfm maintenance points remote detail 1365 Contin...

Страница 47: ...r 1385 Delay Measure Operations 1386 ethernet cfm delay measure two way 1386 43 OAM COMMANDS 1389 efm oam 1390 efm oam critical link event 1390 efm oam link monitor frame 1391 efm oam link monitor fra...

Страница 48: ...1414 ipv6 dhcp client rapid commit vlan 1414 ipv6 dhcp restart client vlan 1415 show ipv6 dhcp duid 1416 show ipv6 dhcp vlan 1417 DHCP Relay 1417 ip dhcp relay server 1417 ip dhcp restart relay 1418...

Страница 49: ...iscovery 1452 ipv6 nd dad attempts 1452 ipv6 nd ns interval 1453 ipv6 nd raguard 1454 ipv6 nd reachable time 1455 clear ipv6 neighbors 1456 show ipv6 nd raguard 1456 show ipv6 neighbors 1457 ND Snoopi...

Страница 50: ...abase 1470 show ip route summary 1471 SECTION IV APPENDICES 1473 A SOFTWARE SPECIFICATIONS 1475 Software Features 1475 Management Features 1476 Standards 1477 Management Information Bases 1477 B TROUB...

Страница 51: ...uring NTP 140 Figure 15 Specifying SNTP Time Servers 141 Figure 16 Adding an NTP Time Servers 142 Figure 17 Showing the NTP Time Server List 142 Figure 18 Adding an NTP Authentication Key 143 Figure 1...

Страница 52: ...unk 179 Figure 48 Showing Information for Static Trunks 179 Figure 49 Configuring Dynamic Trunks 179 Figure 50 Configuring the LACP Aggregator Admin Key 182 Figure 51 Enabling LACP on a Port 183 Figur...

Страница 53: ...re 84 Displaying Protocol VLANs 222 Figure 85 Assigning Interfaces to Protocol VLANs 224 Figure 86 Showing the Interface to Protocol Group Mapping 224 Figure 87 Configuring IP Subnet VLANs 226 Figure...

Страница 54: ...aying MSTP Interface Settings 262 Figure 120 Configuring Rate Limits 264 Figure 121 Configuring Storm Control 266 Figure 122 Storm Control by Limiting the Traffic Rate 266 Figure 123 Storm Control by...

Страница 55: ...0 Figure 158 Showing AAA Accounting Methods 321 Figure 159 Configuring AAA Accounting Service for 802 1X Service 321 Figure 160 Configuring AAA Accounting Service for Exec Service 322 Figure 161 Displ...

Страница 56: ...Figure 193 Configuring a Standard IPv6 ACL 364 Figure 194 Configuring an Extended IPv6 ACL 366 Figure 195 Configuring a MAC ACL 369 Figure 196 Configuring a ARP ACL 371 Figure 197 Binding a Port to a...

Страница 57: ...228 Configuring Settings for System Memory Logs 423 Figure 229 Showing Error Messages Logged to System Memory 424 Figure 230 Configuring Settings for Remote Logging of Error Messages 425 Figure 231 C...

Страница 58: ...Pv2c 475 Figure 264 Configuring Trap Managers SNMPv3 476 Figure 265 Showing Trap Managers 476 Figure 266 Creating SNMP Notification Logs 478 Figure 267 Showing SNMP Notification Logs 478 Figure 268 Sh...

Страница 59: ...ains 532 Figure 301 Creating Maintenance Associations 535 Figure 302 Showing Maintenance Associations 536 Figure 303 Configuring Detailed Settings for Maintenance Associations 536 Figure 304 Configuri...

Страница 60: ...Figure 337 Displaying IGMP Snooping Statistics VLAN 589 Figure 338 Displaying IGMP Snooping Statistics Port 589 Figure 339 Enabling IGMP Filtering and Throttling 591 Figure 340 Creating an IGMP Filte...

Страница 61: ...Profiles 627 Figure 372 Assigning an MVR6 Group Address Profile to a Domain 627 Figure 373 Showing MVR6 Group Address Profiles Assigned to a Domain 628 Figure 374 Configuring Interface Settings for MV...

Страница 62: ...PPPoE Intermediate Agent 676 Figure 407 Showing PPPoE Intermediate Agent Statistics 677 Figure 408 Virtual Interfaces and Layer 3 Routing 680 Figure 409 Pinging a Network Device 684 Figure 410 Tracing...

Страница 63: ...FIGURES 63 Figure 428 Configuring VLAN Translation 1177...

Страница 64: ...FIGURES 64...

Страница 65: ...77 Table 15 CoS Priority Levels 277 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 278 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 282 Table 18 Default Mapping o...

Страница 66: ...686 Table 46 ARP Statistics 690 Table 47 General Command Modes 702 Table 48 Configuration Command Modes 704 Table 49 Keystroke Commands 705 Table 50 Command Group Index 706 Table 51 General Commands 7...

Страница 67: ...84 Telnet Server Commands 850 Table 85 Secure Shell Commands 853 Table 86 show ssh display description 862 Table 87 802 1X Port Authentication Commands 862 Table 88 Management IP Filter Commands 878...

Страница 68: ...2 Table 119 show lacp sysid display description 1033 Table 120 PoE Commands 1035 Table 121 Maximum Number of Ports Providing Simultaneous Power 1038 Table 122 PoE Shut Down Sequence 1040 Table 123 sho...

Страница 69: ...e 158 Priority Commands Layer 3 and 4 1200 Table 159 Default Mapping of CoS CFI to Internal PHB Drop Precedence 1201 Table 160 Default Mapping of DSCP Values to Internal PHB Drop Values 1202 Table 161...

Страница 70: ...LLDP MED Location CA Types 1337 Table 191 CFM Commands 1347 Table 192 show ethernet cfm configuration traps display description 1361 Table 193 show ethernet cfm maintenance points local detail mep dis...

Страница 71: ...lay description 1443 Table 215 show ipv6 mtu display description 1444 Table 216 show ipv6 traffic display description 1446 Table 217 show ipv6 neighbors display description 1457 Table 218 ND Snooping...

Страница 72: ...TABLES 72...

Страница 73: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 74: ...SECTION I Getting Started 74...

Страница 75: ...HTTPS General Security Measures AAA ARP Inspection DHCP Snooping with Option 82 relay information DoS Protection IP Source Guard PPPoE Intermediate Agent Port Authentication IEEE 802 1X Port Security...

Страница 76: ...esses learning Store and Forward Switching Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanning Tree Protocol RSTP and Mul...

Страница 77: ...ACLs can be used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols PORT CONFIGURATION Y...

Страница 78: ...rce IP MAC address pairs based on static entries or entries stored in the DHCP Snooping table IEEE 802 1D BRIDGE The switch supports IEEE 802 1D transparent bridging The address table facilitates data...

Страница 79: ...fication through loop back messages and fault isolation with link trace messages VIRTUAL LANS The switch supports up to 4094 VLANs A Virtual LAN is a collection of network nodes that share the same co...

Страница 80: ...to the corresponding output queue IP ROUTING The switch provides Layer 3 IP static routing To maintain a high rate of throughput the switch forwards all traffic passing within the same segment and ro...

Страница 81: ...ILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real time delivery by setting the required priorit...

Страница 82: ...Timeout 600 seconds Authentication and Security Measures Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Lev...

Страница 83: ...trol Rate Limiting Disabled Storm Control Broadcast Disabled 500 packets sec Multicast Disabled Unknown Unicast Disabled Auto Traffic Control Disabled Address Table Aging Time 300 seconds Spanning Tre...

Страница 84: ...isabled DNS Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled Multicast VLAN Registr...

Страница 85: ...t Explorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The switch s web management interface can be accessed from any computer attached to the network The CLI program can be access...

Страница 86: ...l for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a terminal emulation program to the switch You can...

Страница 87: ...here within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web bro...

Страница 88: ...ive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the default user name and password admin to access the Privileged Exec level 2 Type conf...

Страница 89: ...d through the DHCPv6 server or manually configured as described in Assigning an IPv6 Address on page 90 MANUAL CONFIGURATION You can manually assign an IP address to the switch You may also need to sp...

Страница 90: ...ss IP Version 6 on page 643 Link Local Address All link local addresses must be configured with a prefix in the range of FE80 FEBF Remember that this address type makes the switch accessible over IPv6...

Страница 91: ...rk address and is expressed as a decimal number For example all IPv6 addresses that start with the first byte of 73 hexadecimal could be expressed as 73 0 0 0 0 0 0 0 8 or 73 8 To generate an IPv6 glo...

Страница 92: ...backoff until IP configuration information is obtained from a BOOTP or DHCP server BOOTP and DHCP values can include the IP address subnet mask and default gateway If the DHCP BOOTP server is slow to...

Страница 93: ...startup config Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success OBTAINING AN IPV6 ADDRESS Link Local Address There are several ways to configure IPv6 a...

Страница 94: ...Global Configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 From the interface prompt type ipv6 address autoconfig and press Enter 3 Type ipv6 enabl...

Страница 95: ...ration file based on information passed by the DHCP server it will not send any further DHCP client requests If the switch does not receive a DHCP response prior to completing the bootup process it wi...

Страница 96: ...name bootfile Default Option 67 class Option66 67_1 DHCP Option 60 Vendor class two match if option vendor class identifier ecs4110 series cfg option tftp server name 192 168 255 101 option bootfile n...

Страница 97: ...s to specified users and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access A...

Страница 98: ...ONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write assign...

Страница 99: ...the switch operations and provides the CLI and web management interfaces See Managing System Files on page 129 for more information Diagnostic Code Software that is run during system boot up also know...

Страница 100: ...rrent configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Ente...

Страница 101: ...gement Tasks on page 123 Interface Configuration on page 155 VLAN Configuration on page 199 Address Table Settings on page 231 Spanning Tree Algorithm on page 239 Congestion Control on page 263 Class...

Страница 102: ...SECTION II Web Configuration 102 General IP Routing on page 679...

Страница 103: ...n page 89 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Sett...

Страница 104: ...er connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main...

Страница 105: ...can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Figure 2 Front Panel Indicator...

Страница 106: ...General Manual Manually sets the current time 137 SNTP Configures SNTP polling interval 138 NTP Configures NTP authentication parameters 139 Configure Time Server Configures a list of SNTP servers 14...

Страница 107: ...d Member Specifies ports to group into static trunks 177 Show Member Shows the port members for the selected trunk 177 Configure General 177 Configure Configures trunk connection settings 177 Show Inf...

Страница 108: ...ify Configures group name and administrative status 202 Edit Member by VLAN Specifies VLAN attributes per VLAN 205 Edit Member by Interface Specifies VLAN attributes per interface 205 Edit Member by I...

Страница 109: ...Dynamic MAC Removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries 236 Mirror 237 Add Mirrors traffic matching...

Страница 110: ...esponse to automatically release a response of rate limiting or to send related SNMP trap messages 269 Priority Default Priority Sets the default priority for each port or trunk 273 Queue Sets queue m...

Страница 111: ...igned to the voice traffic 306 Security 309 AAA Authentication Authorization and Accounting 310 System Authentication Configures authentication sequence local RADIUS and TACACS 311 Server 312 Configur...

Страница 112: ...gure Global Enables aging for authenticated MAC addresses and sets the time period after which a connected MAC address must be reauthenticated 333 Configure Interface 334 General Enables MAC authentic...

Страница 113: ...ACLs mirrored to specified port 372 Show Hardware Counters Shows statistics for ACL hardware counters 374 ARP Inspection 375 Configure General Enables inspection globally configures validation of add...

Страница 114: ...per port 406 Static Binding 409 Add Adds a static addresses to the source guard binding table 409 Show Shows static addresses in the source guard binding table 409 Dynamic Binding Displays the source...

Страница 115: ...switch 456 Add Remote Engine Sets the SNMP v3 engine ID for a remote device 457 Show Remote Engine Shows configured engine ID for remote devices 457 Configure View 458 Add View Adds an SNMP v3 view o...

Страница 116: ...tics on a physical interface 485 Statistics Enables collection of statistics on a physical interface 488 Show History Shows sampling parameters for each entry in the history group 485 Statistics Shows...

Страница 117: ...ows list of configured maintenance associations 532 Configure MEP Configures Maintenance End Points 537 Add Configures MEPs at the domain boundary to provide management access for each maintenance ass...

Страница 118: ...eneral Routing Interface 639 Add Address Configures an IP interface for a VLAN 639 Show Address Shows the IP interfaces assigned to a VLAN 639 Ping Sends ICMP echo request packets to another node on t...

Страница 119: ...efines the default domain name appended to incomplete host names 663 Add Domain Name Defines a list of domain names that can be appended to incomplete host names 664 Show Domain Names Shows the config...

Страница 120: ...d on the selected VLAN 576 Show Current Member Shows multicast addresses associated with the selected VLAN either through static or dynamic configuration 576 Interface 578 Configure VLAN Configures IG...

Страница 121: ...ticast groups member ports the means by which each group was learned and the corresponding source list 602 MVR Multicast VLAN Registration 603 Configure Global Configures proxy switching and robustnes...

Страница 122: ...lays MVR operational and active status 628 Configure Port Configures MVR attributes for a port 628 Configure Trunk Configures MVR attributes for a trunk 628 Configure Static Group Member 630 Add Stati...

Страница 123: ...files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port Sets console port connection parameters Configuring Telnet Settings...

Страница 124: ...1 39 102 ECS4110 28T 1 3 6 1 4 1 259 10 1 39 103 ECS4110 28P 1 3 6 1 4 1 259 10 1 39 104 System Up Time Length of time the management agent has been up System Name Name assigned to the switch system S...

Страница 125: ...Number of built in ports Hardware Version Hardware version of the main board Main Power Status Displays the status of the internal power supply Management Software Information Role Shows that this sw...

Страница 126: ...hat run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields CLI REFERENCES System Management Commands on page 717 USAGE...

Страница 127: ...ters are displayed Extended Multicast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes...

Страница 128: ...maximum number of VLANs supported on this switch Max Supported VLAN ID The maximum configurable VLAN identifier supported on this switch GMRP GARP Multicast Registration Protocol GMRP allows network d...

Страница 129: ...When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note that Anonymous is set as the default user name PARAMETERS The following paramet...

Страница 130: ...tion file name on the switch WEB INTERFACE To copy firmware files 1 Click System then File 2 Select Copy from the Action list 3 Select FTP Upload HTTP Upload or TFTP Upload as the file transfer method...

Страница 131: ...onfig Copies the current configuration settings to a local file on the switch Destination File Name Copy to the currently designated startup file or to a new file The file name should not contain slas...

Страница 132: ...ERFACE To set a file to use for system initialization 1 Click System then File 2 Select Set Start Up from the Action list 3 Mark the operation code or configuration file to be used at startup 4 Then c...

Страница 133: ...GE GUIDELINES If this feature is enabled the switch searches the defined URL once during the bootup sequence FTP port 21 and TFTP port 69 are both supported Note that the TCP UDP port bindings cannot...

Страница 134: ...heck the documentation for your server s operating system if you are unsure of its file system s behavior Note that the switch itself does not distinguish between upper and lower case file names and o...

Страница 135: ...P protocol for the server connection username Defines the user name for the FTP connection If the user name is omitted then anonymous is the assumed user name for the connection password Defines the p...

Страница 136: ...nd the password will be blank The image file is in the FTP root directory ftp switches upgrade 192 168 0 1 The user name is switches and the password is upgrade The image file is in the FTP root ftp s...

Страница 137: ...ful dates and times for event entries You can also manually set the clock If the clock is not set manually or via SNTP the switch will only record the time from the factory default set at the last boo...

Страница 138: ...ng the System Clock SETTING THE SNTP POLLING INTERVAL Use the System Time Configure General SNTP page to set the polling interval at which the switch will query the specified time servers CLI REFERENC...

Страница 139: ...Authentication Status Enables authentication for time requests and updates between the switch and NTP servers Default Disabled You can enable NTP authentication to ensure that reliable updates are rec...

Страница 140: ...er page to specify the IP address for up to three SNTP time servers CLI REFERENCES sntp server on page 772 PARAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv...

Страница 141: ...time servers configured the responses received are filtered and compared to determine the most reliable and accurate time update for the switch Version Specifies the NTP version supported by the serve...

Страница 142: ...key list CLI REFERENCES ntp authentication key on page 774 PARAMETERS The following parameters are displayed Authentication Key Specifies the number of the key in the NTP Authentication Key List to us...

Страница 143: ...ct Add NTP Authentication Key from the Action list 4 Enter the index number and MD5 authentication key string 5 Click Apply Figure 18 Adding an NTP Authentication Key To show the list of configured NT...

Страница 144: ...You can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 780 PARAMETERS The following...

Страница 145: ...ds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface become...

Страница 146: ...E To configure parameters for the console port 1 Click System then Console 2 Specify the connection parameters as required 3 Click Apply Figure 21 Console Port Settings CONFIGURING TELNET SETTINGS Use...

Страница 147: ...detected within the timeout interval the current session is terminated Range 60 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of f...

Страница 148: ...cpu on page 729 PARAMETERS The following parameters are displayed Time Interval The interval at which to update the displayed utilization rate Options 1 5 10 30 60 seconds Default 1 second CPU Utiliza...

Страница 149: ...utilization parameters CLI REFERENCES show memory on page 728 PARAMETERS The following parameters are displayed Free Size The amount of memory currently free for use Used Size The amount of memory al...

Страница 150: ...lays information on the next scheduled reload and selected reload mode as shown in the following example The switch will be rebooted at March 9 12 00 00 2012 Remaining Time 0 days 2 hours 46 minutes 5...

Страница 151: ...ularly Specifies a periodic interval at which to reload the switch Time HH The hour at which to reload Range 00 23 MM The minute at which to reload Range 00 59 Period Daily Every day Weekly Day of the...

Страница 152: ...CHAPTER 4 Basic Management Tasks Resetting the System 152 Figure 25 Restarting the Switch Immediately Figure 26 Restarting the Switch In...

Страница 153: ...CHAPTER 4 Basic Management Tasks Resetting the System 153 Figure 27 Restarting the Switch At Figure 28 Restarting the Switch Regularly...

Страница 154: ...CHAPTER 4 Basic Management Tasks Resetting the System 154...

Страница 155: ...rt form Displaying Transceiver Data Displays identifying information and operational parameters for optical transceivers which support DDM Configuring Transceiver Thresholds Configures thresholds for...

Страница 156: ...operation modes must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over a...

Страница 157: ...0f Supports 1000 Mbps full duplex operation FC Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabl...

Страница 158: ...e or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page 156 CLI REFERENCES Interfac...

Страница 159: ...These parameters are displayed Port Port identifier Type Indicates the port type 100BASE FX 1000BASE T 1000BASE SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indi...

Страница 160: ...ng as described in this section or from one or more source ports on remote switches to a destination port on this switch remote port mirroring as described in Configuring Remote Port Mirroring on page...

Страница 161: ...e traffic on the source port Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Both WEB INTERFACE To configure a local mirror session 1 Click...

Страница 162: ...to any RSPAN destination port monitoring the RSPAN VLAN as shown in the figure below Figure 35 Configuring Remote Port Mirroring CLI REFERENCES RSPAN Mirroring Commands on page 1048 COMMAND USAGE Traf...

Страница 163: ...this switch RSPAN Ports Only ports can be configured as an RSPAN source destination or uplink static and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface so...

Страница 164: ...raffic from one or more sources to one or more destinations Destination Specifies this device as a switch configured with a destination port which is to receive mirrored traffic for this session Remot...

Страница 165: ...d and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the traffic exiting the destination port to the monitoring device car...

Страница 166: ...statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per seco...

Страница 167: ...ed and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Received Unknown Packets The number of packets received via the interface which wer...

Страница 168: ...ets Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less than 64 octets long e...

Страница 169: ...o show a list of port statistics 1 Click Interface Port Statistics 2 Select the statistics mode to display Interface Etherlike RMON or Utilization 3 Select a port from the drop down list 4 Use the Ref...

Страница 170: ...tistics mode is chosen select a port from the drop down list If All ports statistics mode is chosen select the statistics type to display Figure 40 Showing Port Statistics Chart DISPLAYING TRANSCEIVER...

Страница 171: ...tic information for SFP modules which support the SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This information allows administrators to remotely diagnose proble...

Страница 172: ...Information Information on temperature supply voltage laser bias current laser power and received optical power The switch can display diagnostic information for SFP modules which support the SFF 8472...

Страница 173: ...and reaches the low threshold A low threshold alarm or warning message is sent if the current value is less than or equal to the threshold and the last sample value was greater than the threshold Aft...

Страница 174: ...AGE Cable diagnostics are performed using Time Domain Reflectometry TDR test methods TDR analyses the cable by sending a pulsed signal into the cable and then examining the reflection of that pulse Ca...

Страница 175: ...he status and approximate distance to a fault or the approximate cable length if no fault is found To ensure more accurate measurement of the length to a fault first disable power saving mode on the l...

Страница 176: ...be placed in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it COMMAND USAGE Besides balancing the load across each port in the trun...

Страница 177: ...switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the port...

Страница 178: ...t Add Member from the Action list 4 Select a trunk identifier 5 Set the unit and port for an additional trunk member 6 Click Apply Figure 46 Adding Static Trunks Members To configure connection parame...

Страница 179: ...rom the Action list Figure 48 Showing Information for Static Trunks CONFIGURING A DYNAMIC TRUNK Use the Interface Trunk Dynamic pages to set the administrative key for an aggregation group enable LACP...

Страница 180: ...me value for a port to be allowed to join that group NOTE If the LACP admin key is not set when a channel group is formed i e it has a null value of 0 the operational value of this key is set to the s...

Страница 181: ...t timeout value will be used Configure Aggregation Port General Port Port identifier Range 1 28 52 LACP Status Enables or disables LACP on a port Configure Aggregation Port Actor Partner Port Port num...

Страница 182: ...iguring LACP settings for a port only applies to its administrative state not its operational state and will only take effect the next time an aggregate link is established with that port NOTE Configu...

Страница 183: ...83 To enable LACP for a port 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click General 5 Enable LACP on the require...

Страница 184: ...st 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 52 Configuring LACP Parameters on a Port To show the active members of a dyna...

Страница 185: ...of the interface settings 5 Click Apply Figure 54 Configuring Connection Settings for a Dynamic Trunk To show connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configu...

Страница 186: ...Us transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Receiv...

Страница 187: ...min State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using def...

Страница 188: ...artner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number...

Страница 189: ...se the Interface Trunk Load Balance page to set the load distribution method used among ports in aggregated links CLI REFERENCES port channel load balance on page 1022 COMMAND USAGE This command appli...

Страница 190: ...n MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from and destined for many different hosts Source...

Страница 191: ...nificant reduction for cables of 20 meters or less and continue to ensure signal integrity The power saving methods provided by this switch include Power saving when there is no link partner Under nor...

Страница 192: ...Power savings can only be implemented on Gigabit Ethernet ports when using twisted pair cabling Power savings mode on a active link only works when connection speed is 1 Gbps and line length is less t...

Страница 193: ...e access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation...

Страница 194: ...ed on the settings specified by other functions such as VLANs and spanning tree protocol A port cannot be configured in both an uplink and downlink list A port can only be assigned to one traffic segm...

Страница 195: ...face to the segmented group by setting the direction to uplink or downlink Default Uplink Interface Displays a list of ports or trunks Port Port Identifier Range 1 28 52 Trunk Trunk Identifier Range 1...

Страница 196: ...ge 1162 COMMAND USAGE Use this feature to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1...

Страница 197: ...stance either STP RSTP or an MSTP instance depending on the selected STA mode If both VLAN trunking and ingress filtering are disabled on an interface packets with unknown VLAN tags will still be allo...

Страница 198: ...CHAPTER 5 Interface Configuration VLAN Trunking 198 Figure 65 Configuring VLAN Trunking...

Страница 199: ...traffic for each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broa...

Страница 200: ...oup s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate...

Страница 201: ...assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When t...

Страница 202: ...the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it...

Страница 203: ...e type This parameter must be enabled before you can assign an IP address to a VLAN see Setting the Switch s IP Address IP Version 4 on page 639 Show VLAN ID ID of configured VLAN VLAN Name Name of th...

Страница 204: ...Select Modify from the Action list 3 Select the identifier of a configured VLAN 4 Modify the VLAN name operational status or Layer 3 Interface status as required 5 Click Apply Figure 69 Modifying Sett...

Страница 205: ...t of ports or trunks Port Port Identifier Range 1 28 52 Trunk Trunk Identifier Range 1 16 Mode Indicates VLAN membership mode for an interface Default Hybrid Access Sets the port to operate as an unta...

Страница 206: ...nt BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP Membership Type Select VLAN membership for each interface by marking the appropriate radio button for...

Страница 207: ...e specified range must be configured on either the Edit Member by VLAN or Edit Member by Interface page WEB INTERFACE To configure static members by the VLAN index 1 Click VLAN Static 2 Select Edit Me...

Страница 208: ...from the Action list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptable frame type and ingress f...

Страница 209: ...e GVRP must be globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets received on this port will be discarded and no GVRP r...

Страница 210: ...AN Identifier of a VLAN this switch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch...

Страница 211: ...N Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 76 Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN 1 Click V...

Страница 212: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Страница 213: ...tag is copied to the outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags...

Страница 214: ...l to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled If...

Страница 215: ...3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tun...

Страница 216: ...hertype to identify 802 1Q tagged frames For example if 0x1234 is set as the custom 802 1Q ethertype on a trunk port incoming frames containing that ethertype are assigned to the VLAN contained in the...

Страница 217: ...g these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods of queue management at intermediate nodes acr...

Страница 218: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 80 Configuring CVLAN to SPVLAN Mapp...

Страница 219: ...attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set the...

Страница 220: ...s for each required protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets COMMAND USAGE To configure proto...

Страница 221: ...VLAN Group Range 1 2147483647 NOTE Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet tra...

Страница 222: ...he VLAN Protocol Configure Interface Add page to map a protocol group to a VLAN for each interface that will participate in the group CLI REFERENCES protocol vlan protocol group Configuring Interfaces...

Страница 223: ...f ports or trunks Port Port Identifier Range 1 28 52 Trunk Trunk Identifier Range 1 16 Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which...

Страница 224: ...nterfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a po...

Страница 225: ...IP subnet consists of an IP address and a mask The specified VLAN need not be an existing VLAN When an untagged frame is received by a port the source IP address is checked against the IP subnet to VL...

Страница 226: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 227: ...supported concurrently priority is applied in this sequence and then port based VLANs last PARAMETERS These parameters are displayed MAC Address A source MAC address which is to be mapped to a specif...

Страница 228: ...ield and a mask to indicate a range of addresses 4 Enter an identifier in the VLAN field Note that the specified VLAN need not already be configured 5 Enter a value to assign to untagged frames in the...

Страница 229: ...ed the target port can receive a mirrored packet twice once from the source mirror port and again from the source mirrored VLAN The target port receives traffic from all monitored source VLANs and can...

Страница 230: ...mirroring 1 Click VLAN Mirror 2 Select Add from the Action list 3 Select the source VLAN and select a target port 4 Click Apply Figure 91 Configuring VLAN Mirroring To show the VLANs to be mirrored 1...

Страница 231: ...ed source address to a target port CONFIGURING MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on pa...

Страница 232: ...y Status see Configuring Port Security on page 385 is enabled on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range 1...

Страница 233: ...ress is seen on another interface the address will be ignored and will not be written to the address table Static addresses will not be removed from the address table when a given interface link is do...

Страница 234: ...dresses CHANGING THE AGING TIME Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned fo...

Страница 235: ...source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated...

Страница 236: ...s Table CLEARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from the forwarding database CLI REFERENCES clear mac address table dynamic...

Страница 237: ...1045 COMMAND USAGE When mirroring traffic from a MAC address ingress traffic with the specified source address entering any port in the switch other than the target port will be mirrored to the desti...

Страница 238: ...from the source port Range 1 28 52 WEB INTERFACE To mirror packets based on a MAC address 1 Click MAC Address Mirror 2 Select Add from the Action list 3 Specify the source MAC address and destination...

Страница 239: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 240: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 241: ...s a virtual bridge node for communications with STP or RSTP nodes in the global network Figure 103 Spanning Tree Common Internal Common Internal MSTP connects all bridges and LAN segments with a singl...

Страница 242: ...loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection wi...

Страница 243: ...opback detection 1 Click Spanning Tree Loopback Detection 2 Click Port or Trunk to display the required interface type 3 Modify the required loopback detection attributes 4 Click Apply Figure 104 Conf...

Страница 244: ...n delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol MSTP generates a unique spanning tree for each instance This provides m...

Страница 245: ...VLAN Floods BPDUs to all other ports within the receiving port s native VLAN i e as determined by port s PVID This is the default To All Floods BPDUs to all other ports on the switch The setting has n...

Страница 246: ...higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forw...

Страница 247: ...gion Revision and Region Name and are both required to uniquely identify an MST region WEB INTERFACE To configure global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step...

Страница 248: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 248 Figure 106 Configuring Global Settings for STA RSTP Figure 107 Configuring Global Settings for STA MSTP...

Страница 249: ...stance ID 0 for the Common Spanning Tree when spanning tree type is set to MSTP and MAC address where the address is taken from the switch system Designated Root The priority and MAC address of the de...

Страница 250: ...indicate a point to point connection or shared media connection and edge port to indicate if the attached device can support fast forwarding References to ports in this section means interfaces which...

Страница 251: ...em automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the s...

Страница 252: ...s not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled...

Страница 253: ...n administrator must manually enable the port Default Disabled BPDU Filter BPDU filtering allows you to avoid transmitting BPDUs on configured edge ports that are connected to end nodes By default STA...

Страница 254: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Страница 255: ...bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root whic...

Страница 256: ...Step list 3 Select Show Information from the Action list Figure 111 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 257: ...bridges within the same MSTI Region page 243 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Страница 258: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Страница 259: ...e priority for an MSTP Instance 5 Click Apply Figure 114 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Страница 260: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 11...

Страница 261: ...t in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree Th...

Страница 262: ...trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Figure 118 Co...

Страница 263: ...ITING Use the Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an i...

Страница 264: ...n a device on your network is malfunctioning or if application programs are not well designed or properly configured If there is too much traffic on your network performance can be severely degraded o...

Страница 265: ...ands on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Type Indicates interface type 100BASE FX 1000BASE T 1000BASE SFP Unknown Unicast Speci...

Страница 266: ...m Fire Threshold The highest acceptable traffic rate When ingress traffic exceeds the threshold ATC sends a Storm Alarm Fire Trap and logs it Storm Alarm FireTRAP Alarm Fire Threshold 1 255kpps AlarmC...

Страница 267: ...n only be manually re enabled using Manual Control Release see page 269 The traffic control response of rate limiting can be released automatically or manually The control response of shutting down a...

Страница 268: ...trol response it must be manually re enabled using the Manual Control Release see page 269 PARAMETERS These parameters are displayed Broadcast Apply Timer The interval after the upper threshold has be...

Страница 269: ...storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be applied to a...

Страница 270: ...igured by the Auto Release Control attribute Range 1 255 kilo packets per second Default 250 kpps If rate limiting has been configured as a control response and Auto Control Release is enabled rate li...

Страница 271: ...to Traffic Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response of...

Страница 272: ...CHAPTER 9 Congestion Control Automatic Traffic Control 272...

Страница 273: ...cessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Страница 274: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 126 Setting the Default Port Priority...

Страница 275: ...ed at the egress ports by defining scheduling weights for WRR or the queuing mode that uses a combination of strict and weighted queuing The specified queue mode applies to all interfaces PARAMETERS T...

Страница 276: ...lected the queue weight can be modified if required 4 If the queue mode that uses a combination of strict and weighted queueing is selected the queues which are serviced first must be specified by ena...

Страница 277: ...p standard as shown in Table 14 This table indicates the default mapping of internal per hop behavior to the hardware queues The actual mapping may differ if the CoS priorities to internal DSCP values...

Страница 278: ...Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Map an internal PHB to a hardware queue Depending on how an ingress packet is processed internally based on its CoS value...

Страница 279: ...vices are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be containe...

Страница 280: ...priority processing if the packet is tagged For an untagged packet the default port priority see page 273 is used for priority processing If the QoS mapping mode is set to CoS and the ingress packet...

Страница 281: ...ds of forwarding CLI REFERENCES qos map dscp mutation on page 1202 COMMAND USAGE Enter per hop behavior and drop precedence for any of the DSCP values 0 63 This map is only used when the priority mapp...

Страница 282: ...Values to Internal PHB Drop Values ingress dscp1 ingress dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3...

Страница 283: ...with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used to generate priority and drop precedence values for internal processing Note that priority...

Страница 284: ...ow 1 Red WEB INTERFACE To map CoS CFI values to internal PHB drop precedence 1 Click Traffic Priority CoS to DSCP 2 Select Configure from the Action list 3 Set the PHB and drop precedence for any of t...

Страница 285: ...f Service Layer 3 4 Priority Settings 285 To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list Figure 136 Showing CoS to DSCP...

Страница 286: ...CHAPTER 10 Class of Service Layer 3 4 Priority Settings 286...

Страница 287: ...ferent kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets i...

Страница 288: ...ured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign a...

Страница 289: ...ing standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP value contained in an IPv6 packet Range 0 63 VLAN I...

Страница 290: ...edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic f...

Страница 291: ...A policy map is then configured which indicates the boundary parameters used for monitoring inbound traffic and the action to take for conforming and non conforming traffic A policy map may contain on...

Страница 292: ...excess burst size and red otherwise The meter operates in one of two modes In the color blind mode the meter assumes that the packet stream is uncolored In color aware mode the meter assumes that som...

Страница 293: ...eeding the maximum throughput or exceeding the peak burst size The PHB label is composed of five bits three bits for per hop behavior and two bits for the color scheme used to control queue congestion...

Страница 294: ...packet is yellow and Tp is decremented by B else the packet is green and both Tp and Tc are decremented by B The trTCM can be used to mark a IP packet stream in a service where different decreasing le...

Страница 295: ...Internal PHB Drop Values on page 282 Set IP DSCP Configures the service provided to ingress traffic by setting an IP DSCP value for a matching packet as specified in rule settings for a class map Rang...

Страница 296: ...e value or drop a packet the switch will also mark the two color bits used to set the drop precedence of a packet for Random Early Detection The color modes include Color Blind which assumes that the...

Страница 297: ...the peak information rate In addition to the actions defined by this command to transmit remark the DSCP service value or drop a packet the switch will also mark the two color bits used to set the dr...

Страница 298: ...be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority for out of conformance traffic Range 0 63 Drop Drops out of conformance traffic Violate Specifies whether the...

Страница 299: ...p list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigned to the matching...

Страница 300: ...Policies 300 Figure 143 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Страница 301: ...lity of Service Commands on page 1207 COMMAND USAGE First define a class map define a policy map and then bind the service policy to the required interface Only one policy map can be bound to an inter...

Страница 302: ...o bind a policy map to a port 1 Click Traffic DiffServ 2 Select Configure Interface from the Step list 3 Check the box under the Ingress field to enable a policy map for a port 4 Select a policy map f...

Страница 303: ...acket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP...

Страница 304: ...hip is not set to access mode see Adding Static Members to VLANs on page 205 PARAMETERS These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch p...

Страница 305: ...configure this feature CLI REFERENCES Configuring Voice VLANs on page 1186 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Format xx xx xx xx...

Страница 306: ...bers used for VoIP equipment 1 Click Traffic VoIP 2 Select Configure OUI from the Step list 3 Select Show from the Action list Figure 148 Showing an OUI Telephony List CONFIGURING VOIP TRAFFIC PORTS U...

Страница 307: ...e VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch Packets received from non VoIP sour...

Страница 308: ...will be removed from voice VLAN when VoIP traffic is no longer received on the port Alternatively if you clear the MAC address table manually then the switch will also start counting down the Remaini...

Страница 309: ...ork Access authentication methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure...

Страница 310: ...ized as follows Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for s...

Страница 311: ...local or remote authentication Local authentication restricts management access based on user names and passwords manually configured on the switch Remote authentication uses a remote access authentic...

Страница 312: ...s 1 Click Security AAA System Authentication 2 Specify the authentication sequence i e one to three methods 3 Click Apply Figure 150 Configuring the Authentication Sequence CONFIGURING REMOTE LOGON AU...

Страница 313: ...rd pair The user name password and privilege level must be configured on the authentication server The encryption methods used for the authentication process must also be configured or negotiated betw...

Страница 314: ...on access for client Enclose any string containing blank spaces in double quotes Maximum length 48 characters Confirm Authentication Key Re type the string entered in the previous field to ensure no e...

Страница 315: ...ge 1 64 characters Sequence at Priority Specifies the server and sequence to use for the group Range 1 5 for RADIUS 1 for TACACS When specifying the priority sequence for a sever the server index must...

Страница 316: ...te Authentication Server TACACS To configure the RADIUS or TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select...

Страница 317: ...the Action list Figure 155 Showing AAA Server Groups CONFIGURING AAA ACCOUNTING Use the Security AAA Accounting page to enable accounting of requested services for billing or security purposes and al...

Страница 318: ...64 characters Note that the method name is only used to describe the accounting method configured on the specified RADIUS or TACACS servers No information is sent to the servers about the method to u...

Страница 319: ...lays the accounting service Method Name Displays the user defined or default accounting method Server Group Name Displays the accounting server group Interface Displays the port console or Telnet inte...

Страница 320: ...ting 2 Select Configure Method from the Step list 3 Select Add from the Action list 4 Select the accounting type 802 1X Command Exec 5 Specify the name of the accounting method and server group name 6...

Страница 321: ...to specific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3...

Страница 322: ...hods and assigned server groups for specified service types 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Summary Figure 161 Displaying a Summary of Applied AAA...

Страница 323: ...RAMETERS These parameters are displayed Configure Method Authorization Type Specifies the service as Command Administrative authorization to apply to commands entered at specific CLI privilege levels...

Страница 324: ...service Method Name Displays the user defined or default accounting method Server Group Name Displays the authorization server group Interface Displays the console or Telnet interface to which these r...

Страница 325: ...Select Configure Method from the Step list 3 Select Show from the Action list Figure 164 Showing AAA Authorization Methods To configure the authorization method applied to local console Telnet or SSH...

Страница 326: ...ad access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon a...

Страница 327: ...word Type Specifies the following options No Password No password is required for this user to log in Plain Password Plain text unencrypted password Encrypted Password Encrypted password The encrypted...

Страница 328: ...on are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP...

Страница 329: ...e enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Range 300 3600...

Страница 330: ...s for the port Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply En...

Страница 331: ...work properly See Configuring Remote Logon Authentication Servers on page 312 NOTE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access MAC Address Authentication on pa...

Страница 332: ...e VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute The VLAN list can contain multiple VLAN identifiers in the format 1u 2t 3u where u indicates an untagged VLAN and t a...

Страница 333: ...conditions occur Illegal characters found in a profile value for example a non digital character in an 802 1p profile value Failure to configure the received profiles on the authenticated port When t...

Страница 334: ...he reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process traffic through the port remains unaffected Range 120 1000000...

Страница 335: ...02 1X on page 390 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port When enabled any VLAN identifiers returned by the RADIUS server through the 802 1X authentication process are a...

Страница 336: ...when MAC Authentication or 802 1X Authentication fails and the dynamic VLAN and QoS assignments 5 Click Apply Figure 172 Configuring Interface Settings for Network Access CONFIGURING PORT LINK DETECTI...

Страница 337: ...Configure Interface from the Step list 3 Click the Link Detection button 4 Modify the link detection status trigger condition and the response for any port 5 Click Apply Figure 173 Configuring Link D...

Страница 338: ...MAC addresses as defined by the MAC Address Mask MAC Address Mask The filter rule will check for the range of MAC addresses defined by the MAC bit mask If you omit the mask the system will assign the...

Страница 339: ...be displayed and selected entries can be removed from the table CLI REFERENCES Network Access MAC Address Authentication on page 895 PARAMETERS These parameters are displayed Query By Specifies parame...

Страница 340: ...ecurity Network Access 2 Select Show Information from the Step list 3 Use the sort key to display addresses based MAC address interface or attribute 4 Restrict the displayed addresses by entering a sp...

Страница 341: ...pecify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and...

Страница 342: ...t 3 Enable HTTPS and specify the port number if required 4 Click Apply Figure 177 Configuring HTTPS REPLACING THE DEFAULT SECURE SITE CERTIFICATE Use the Security HTTPS Copy Certificate page to replac...

Страница 343: ...tem on page 150 or type reload at the command prompt Console reload CLI REFERENCES Web Server on page 847 PARAMETERS These parameters are displayed TFTP Server IP Address IP address of TFTP server whi...

Страница 344: ...ell and rcp remote copy are not secure from hostile attacks Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SSH can als...

Страница 345: ...ear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 7654680172627257...

Страница 346: ...1 5 Clients a The client sends its RSA public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses its secret key to generate...

Страница 347: ...n page 853 PARAMETERS These parameters are displayed SSH Server Status Allows you to enable disable the SSH server on the switch Default Disabled Version The Secure Shell version number Version 2 0 is...

Страница 348: ...After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the section Importing User Public Keys on page 350...

Страница 349: ...select this item prior to generating the host key pair Default Disabled WEB INTERFACE To generate the SSH host key pair 1 Click Security SSH 2 Select Configure Host Key from the Step list 3 Select Gen...

Страница 350: ...rop down box selects the user who s public key you wish to manage Note that you must first create users on the User Accounts page see Configuring User Accounts on page 326 User Key Type The type of pu...

Страница 351: ...name and the public key type from the respective drop down boxes input the TFTP server IP address and the public key source file name 5 Click Apply Figure 182 Copying the SSH User s Public Key To disp...

Страница 352: ...ditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the packet is accepted COMMAND USAGE The follo...

Страница 353: ...n TCAM The above example is an ideal case for compression The worst case would be if no any ACE can be compressed in which case the used number of TCAM entries would be the same as without compression...

Страница 354: ...which to start or end Periodic Specifies a periodic interval Start To Specifies the days of the week hours and minutes at which to start or end WEB INTERFACE To configure a time range 1 Click Security...

Страница 355: ...Select Add Rule from the Action list 4 Select the name of time range from the drop down list 5 Select a mode option of Absolute or Periodic 6 Fill in the required parameters for the selected mode 7 Cl...

Страница 356: ...Access Control Lists ACLs IP Source Guard filter rules Quality of Service QoS processes QinQ MAC based VLANs VLAN translation or traps For example when binding an ACL to a port each rule in an ACL wil...

Страница 357: ...982 PARAMETERS These parameters are displayed ACL Name Name of the ACL Maximum length 32 characters Type The following filter modes are supported IP Standard IPv4 ACL mode filters packets based on th...

Страница 358: ...gs used for ARP inspection see ARP Inspection on page 375 WEB INTERFACE To configure the name and type of an ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add from the Ac...

Страница 359: ...bination of rules which permit or deny a packet Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or I...

Страница 360: ...8 If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range 9 Click Apply Figure 191 Configuring a Standard IPv4 ACL CONFIGURING AN EXTENDED...

Страница 361: ...specify a range of addresses with the Address and Subnet Mask fields Options Any Host IP Default Any Source Destination IP Address Source or destination IP address Source Destination Subnet Mask Subn...

Страница 362: ...ing flags set SYN flag valid use control code 2 control bit mask 2 Both SYN and ACK valid use control code 18 control bit mask 18 SYN valid and ACK invalid use control code 2 control bit mask 18 Time...

Страница 363: ...atching the selected type Action An ACL can contain any combination of rules which permit or deny a packet Source Address Type Specifies the source IP address Use Any to include all possible addresses...

Страница 364: ...es to a Standard IPv6 ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL fr...

Страница 365: ...ress An IPv6 address or network class The address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in...

Страница 366: ...ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e P...

Страница 367: ...o specify an address range with the Address and Bit Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecima...

Страница 368: ...ick Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select MAC from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i...

Страница 369: ...se parameters are displayed Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permit or deny r...

Страница 370: ...tion MAC Bit Mask Hexadecimal mask for source or destination MAC address Log Logs a packet when it matches the access control entry WEB INTERFACE To add rules to an ARP ACL 1 Click Security ACL 2 Sele...

Страница 371: ...assigned to a port CLI REFERENCES ip access group on page 975 show ip access group on page 975 mac access group on page 987 show mac access group on page 988 Time Range on page 782 COMMAND USAGE This...

Страница 372: ...ACL Configure Interface Add Mirror page to mirror traffic matching an ACL from one or more source ports to a target port for real time analysis You can then attach a logic analyzer or RMON probe to th...

Страница 373: ...CL ACL used for ingress packets WEB INTERFACE To bind an ACL to a port 1 Click Security ACL 2 Select Configure Interface from the Step list 3 Select Add Mirror from the Action list 4 Select a port 5 S...

Страница 374: ...type of ACL Direction Displays statistics for ingress ACL Name The ACL bound this port Action Shows if action is to permit or deny specified packets Rules Shows the rules for the ACL bound to this po...

Страница 375: ...ooping binding database see DHCP Snooping Global Configuration on page 415 This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs ARP Inspection c...

Страница 376: ...EFERENCES ARP Inspection on page 948 COMMAND USAGE ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the following validations enables ARP Inspectio...

Страница 377: ...will be replaced with the newest entry PARAMETERS These parameters are displayed ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection Validation Enables extended ARP I...

Страница 378: ...ARP Inspection on page 948 COMMAND USAGE ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disabled ARP Inspection ACLs are configured within the AR...

Страница 379: ...s selected and static mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database When an ARP ACL is selected but static mode is not...

Страница 380: ...P Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limit Sets th...

Страница 381: ...rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP...

Страница 382: ...og page to show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 956 PARAMETERS These parameters...

Страница 383: ...Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the swi...

Страница 384: ...ddress es for the Telnet group All Configures IP address es for all groups Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTERFA...

Страница 385: ...rized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message CLI REFERENCES Port Secur...

Страница 386: ...port that port cannot be set as an RSPAN uplink port source port or destination port Also when a port is configured as an RSPAN uplink port source port or destination port port security cannot be ena...

Страница 387: ...ick Security Port Security 2 Mark the check box in the Security Status column to enable security set the action to take when an invalid address is detected on a port and set the maximum number of MAC...

Страница 388: ...nsport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security The client responds to the appropriate method with its credentials such as a password...

Страница 389: ...s are displayed System Authentication Control Sets the global setting for 802 1X Default Disabled EAPOL Pass Through Passes EAPOL frames through to all ports in STP forwarding state when dot1x is glob...

Страница 390: ...obally for the switch and configure EAPOL Pass Through if required Then set the user name and password to use when the switch responds an MD5 challenge from the authentication server 4 Click Apply Fig...

Страница 391: ...s by the setting the control mode to Force Authorized on this page and enabling the PAE supplicant on the Supplicant configuration page PARAMETERS These parameters are displayed Port Port number Statu...

Страница 392: ...the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Supplicant Timeout Sets the time that a switch port waits f...

Страница 393: ...ge 202 and mapped on each port See Configuring Network Access for Ports on page 334 Supplicant List Supplicant MAC address of authorized client Authenticator PAE State Machine State Current state incl...

Страница 394: ...henticator CONFIGURING PORT SUPPLICANT SETTINGS FOR 802 1X Use the Security Port Authentication Configure Interface Supplicant page to configure 802 1X port settings for supplicant requests issued fro...

Страница 395: ...displayed Port Port number PAE Supplicant Enables PAE supplicant mode Default Disabled If the attached client must be authenticated through another device in the network supplicant status must be enab...

Страница 396: ...w Statistics page to display statistics for dot1x protocol exchanges for any port CLI REFERENCES show dot1x on page 875 PARAMETERS These parameters are displayed Table 24 802 1X Statistics Parameter D...

Страница 397: ...in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Supplicant Rx Last EAPOLVer The protocol version number carried in...

Страница 398: ...y Port Authentication 2 Select Show Statistics from the Step list 3 Click Authenticator Figure 213 Showing Statistics for 802 1X Port Authenticator To display port supplicant statistics for 802 1X 1 C...

Страница 399: ...Default 1000 kbits second Smurf Attack Attacks in which a perpetrator generates a large amount of spoofed ICMP Echo Request traffic to the broadcast destination IP address 255 255 255 255 all of which...

Страница 400: ...Destination Unreachable packet It will be forced to send many ICMP packets eventually leading it to be unreachable by other clients Default Disabled UDP Flooding Attack Rate Maximum allowed rate Rang...

Страница 401: ...curity IP Source Guard Port Configuration page to set the filtering type based on source IP address or source IP address and MAC address pairs IP Source Guard is used to filter traffic on an insecure...

Страница 402: ...C option If a matching entry is found in the binding table and the entry type is static IP source guard binding or dynamic DHCP snooping binding the packet will be forwarded If IP source guard if enab...

Страница 403: ...lease time which is indicated with a value of zero in the table CLI REFERENCES ip source guard binding on page 936 COMMAND USAGE Static addresses entered in the source guard binding table are automati...

Страница 404: ...VLAN to which this entry is bound MAC Address Physical address associated with the entry Interface The port to which this entry is bound IP Address IP address corresponding to the client Lease Time Th...

Страница 405: ...ble for a selected interface CLI REFERENCES show ip source guard binding on page 942 PARAMETERS These parameters are displayed Query by Port A port on this switch VLAN ID of a configured VLAN Range 1...

Страница 406: ...ooping table when either snooping protocol is enabled see the DHCPv6 Snooping commands IPv6 source guard can be used to prevent traffic attacks caused when a host tries to use the IPv6 address of a ne...

Страница 407: ...ed with an infinite lease time Dynamic entries learned via DHCPv6 snooping are configured by the DHCPv6 server itself If IPv6 source guard is enabled an inbound packet s source IPv6 address will be ch...

Страница 408: ...must be set to a value higher than DHCPv6 snooping maximum bindings and ND snooping maximum bindings If IPv6 source guard ND snooping and DHCPv6 snooping are enabled on a port the dynamic bindings use...

Страница 409: ...th same and MAC address and IPv6 address a new entry is added to binding table using static IPv6 source guard binding If there is an entry with same MAC address and IPv6 address and the type of entry...

Страница 410: ...client Type Shows the entry type DHCP Dynamic DHCPv6 binding stateful address ND Dynamic Neighbor Discovery binding stateless address STA Static IPv6 Source Guard binding WEB INTERFACE To configure st...

Страница 411: ...ted interface CLI REFERENCES show ipv6 source guard binding on page 948 PARAMETERS These parameters are displayed Query by Port A port on this switch VLAN ID of a configured VLAN Range 1 4094 MAC Addr...

Страница 412: ...mation to a DHCP server This information can be useful in tracking an IP address back to a physical port COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messag...

Страница 413: ...only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address ve...

Страница 414: ...by the switch and in reply packets sent back from the DHCP server This information may specify the MAC address or IP address of the requesting device that is the switch in this context By default the...

Страница 415: ...fies the MAC address IP address or arbitrary identifier of the requesting device i e the switch in this context MAC Address Inserts a MAC address in the remote ID sub option for the DHCP snooping agen...

Страница 416: ...snooping on specific VLANs CLI REFERENCES ip dhcp snooping vlan on page 921 COMMAND USAGE When DHCP snooping is enabled globally on the switch and enabled on the specified VLAN DHCP packet filtering w...

Страница 417: ...Snooping Configure Interface page to configure switch ports as trusted or untrusted CLI REFERENCES ip dhcp snooping trust on page 923 COMMAND USAGE A trusted interface is an interface that is configu...

Страница 418: ...Range 1 32 characters WEB INTERFACE To configure global settings for DHCP Snooping 1 Click IP Service DHCP Snooping 2 Select Configure Interface from the Step list 3 Set any ports within the local ne...

Страница 419: ...namically learned snooping entries to flash memory This function can be used to store the currently learned dynamic DHCP snooping entries to flash memory These entries will be restored to the snooping...

Страница 420: ...CHAPTER 13 Security Measures DHCP Snooping 420...

Страница 421: ...1 SNMPv2c or SNMPv3 Remote Monitoring RMON Configures local collection of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized manage...

Страница 422: ...sh or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 759 PARAMETERS These parameters are displayed S...

Страница 423: ...source WEB INTERFACE To configure the logging of error messages to system memory 1 Click Administration Log System 2 Select Configure Global from the Step list 3 Enable or disable system logging set...

Страница 424: ...ed by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages see RFC...

Страница 425: ...ogging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients CLI REFERENCES SMTP Alerts on page 766 PARAMETERS These...

Страница 426: ...pond For host name to IP address translation to function properly host name lookup must be enabled Configuring General DNS Service Parameters on page 663 and one or more DNS servers specified see Conf...

Страница 427: ...UTES Use the Administration LLDP Configure Global page to set attributes for general functions such as globally enabling LLDP on the switch setting the message ageout time and setting the frequency fo...

Страница 428: ...on about changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a notification are included in the transmission An SNMP agent s...

Страница 429: ...mission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notifica...

Страница 430: ...t address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifie...

Страница 431: ...which power is delivered can be controlled the port pins selected to deliver power and the power class MAC PHY Configuration Status The MAC PHY configuration and status which includes information abou...

Страница 432: ...ter ISO 3166 country code in capital ASCII letters Example DK DE or US Device entry refers to The type of device to which the location applies Location of DHCP server Location of network element close...

Страница 433: ...ical location of the device attached to an interface including items such as the city street number building and room information The address location is specified as a type and value pair with the ci...

Страница 434: ...specify the physical location of the attached device 1 Click Administration LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interface from th...

Страница 435: ...rt information CLI REFERENCES show lldp info local device on page 1343 PARAMETERS These parameters are displayed Global Settings Chassis Type Identifies the chassis containing the IEEE 802 LAN entity...

Страница 436: ...ss is available the address should be the MAC address for the CPU or for the port sending this advertisement Interface Settings The attributes listed below apply to both port and trunk interface types...

Страница 437: ...863 is implemented the ifDescr object should be used for this field MED Capability The supported set of capabilities that define the primary function s of the interface LLDP MED Capabilities Network P...

Страница 438: ...238 Displaying Local Device Information for LLDP Port Details DISPLAYING LLDP REMOTE DEVICE INFORMATION Use the Administration LLDP Show Remote Device Information page to display information about de...

Страница 439: ...associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chas...

Страница 440: ...d protocol VLANs and whether the port based protocol VLANs are enabled on the given port associated with the remote system Remote VLAN Name List VLAN names associated with a port Remote Protocol Ident...

Страница 441: ...Remote Power MDI Supported Shows whether MDI power is supported on the given port associated with the remote system Remote Power Pair Controllable Indicates whether the pair selection can be controll...

Страница 442: ...c class of endpoint devices Class 2 Endpoint devices that supports media stream capabilities Class 3 Endpoint devices that directly supports end users of the IP communication systems Network Connectiv...

Страница 443: ...in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used...

Страница 444: ...the end point device Manufacture Name The manufacturer of the end point device Asset ID The asset identifier of the end point device End point devices are typically assigned asset identifiers to facil...

Страница 445: ...CHAPTER 14 Basic Administration Protocols Link Layer Discovery Protocol 445 Figure 240 Displaying Remote Device Information for LLDP Port Details...

Страница 446: ...transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1346 PARAMETERS These parameters are displayed General Statistics on Remote Devices Neighbor Entries Li...

Страница 447: ...ed Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recognized by the receiving LLDP local agent TLVs Discarded A count of all LLDPDUs...

Страница 448: ...e automatically turned on and off for connected devices and a per port power priority can be set so that the switch never exceeds its power budget When a device is connected to a switch port its power...

Страница 449: ...y PoE devices connected to the switch Software Version The version of software running on the PoE controller subsystem in the switch Compatible Mode Allows the switch to detect and provide power to po...

Страница 450: ...itch is based on 802 3af to which the 802 3af PDs will respond normally It then sends a second PoE Plus pulse that causes an 802 3at PD to respond as a Class 4 device and draw Class 4 current Afterwar...

Страница 451: ...se the switch to exceed its budget power will not be provided to that port regardless of its priority setting If priority is not set for any ports and PoE consumption exceeds the maximum power provide...

Страница 452: ...oE will be provided to an interface 3 Click Apply Figure 245 Setting a Port s PoE Budget SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol SNMP is a communication protocol designed...

Страница 453: ...l and specified security levels Each group also has a defined security access to set of MIB objects for reading and writing which are known as views The switch has a default view all MIB objects and d...

Страница 454: ...p page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want...

Страница 455: ...established or broken Default Enabled MAC Notification Traps Issues a trap when a dynamic MAC address is added or removed MAC Notification Trap Interval Specifies the interval between issuing two con...

Страница 456: ...e ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users PARAMETERS These parameters are displayed Engine ID A new engine ID can...

Страница 457: ...oritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Configuring Remote SNMPv3 Users on pa...

Страница 458: ...o restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree CLI REFERENCES snmp server view on page 806 PARAMETERS These paramet...

Страница 459: ...e is included or excluded from the SNMP view WEB INTERFACE To configure an SNMP view of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Add Vi...

Страница 460: ...the Action list 4 Select a view name from the list of existing views and specify an additional OID subtree in the switch s MIB database to be included or excluded in the view 5 Click Apply Figure 252...

Страница 461: ...displayed Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security leve...

Страница 462: ...s that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notP...

Страница 463: ...259 10 1 39 2 1 0 77 When ATC is released this trap is fired stpBpduGuardPortShutdownTrap 1 3 6 1 4 1 259 10 1 39 2 1 0 91 This trap will be sent when an interface is shut down because of BPDU guard...

Страница 464: ...ecovery is done by LBD sfpThresholdAlarmWarnTrap 1 3 6 1 4 1 259 10 1 39 2 1 0 189 This trap is sent when the SFP s monitored value is not within alarm warning thresholds udldPortShutdownTrap 1 3 6 1...

Страница 465: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 254 Creating an SN...

Страница 466: ...ssword and permits access to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string...

Страница 467: ...be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view CLI REFERENCES snmp server user on page 805 PARAMETERS T...

Страница 468: ...bit DES is currently available Privacy Password Enter plain text characters for the privacy password Range 8 32 characters WEB INTERFACE To configure a local SNMPv3 user 1 Click Administration SNMP 2...

Страница 469: ...notify view CLI REFERENCES snmp server user on page 805 COMMAND USAGE To grant management access to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent on...

Страница 470: ...for the authentication password Range 8 32 characters Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password Enter plain text character...

Страница 471: ...anagement Protocol 471 Figure 260 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Страница 472: ...received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider th...

Страница 473: ...receive notification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Infor...

Страница 474: ...ange 0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specif...

Страница 475: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Страница 476: ...agers CREATING SNMP NOTIFICATION LOGS Use the Administration SNMP Configure Notify Filter Add page to create an SNMP notification log CLI REFERENCES nlm on page 810 snmp server notify filter on page 8...

Страница 477: ...Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging...

Страница 478: ...inistration SNMP Show Statistics page to show counters for SNMP input and output protocol data units CLI REFERENCES show snmp on page 797 PARAMETERS The following counters are displayed SNMP packets i...

Страница 479: ...the SNMP protocol entity Set request PDUs The total number of SNMP Set Request PDUs which have been accepted and processed or generated by the SNMP protocol entity SNMP packets output The total numbe...

Страница 480: ...it can automatically notify the network administrator of a failure and provide historical information about the event If it cannot connect to the management agent it will continue to perform any speci...

Страница 481: ...y be sampled Note that etherStatsEntry n uniquely defines the MIB variable and etherStatsEntry n n defines the MIB variable plus the etherStatsIndex For example 1 3 6 1 2 1 16 1 1 1 6 1 denotes etherS...

Страница 482: ...lling Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing below the falling threshold If there is no corresponding entry in the event control...

Страница 483: ...ered The response can include logging the alarm or sending a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems CLI REFERENC...

Страница 484: ...and v2c hosts Although the community string can be set on this configuration page it is recommended that it be defined on the SNMP trap configuration page see Setting Community Access Strings on page...

Страница 485: ...RMON Configure Interface Add History page to collect statistics on a physical interface to monitor network utilization packet types and errors A historical record of activity can be used to track down...

Страница 486: ...e Show nor Show Details page for the port to which is normally assigned For example if control entry 15 is assigned to port 5 this index entry will be removed from the Show and Show Details page for p...

Страница 487: ...ration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 274 Showing Configured RMON History Samples To show...

Страница 488: ...bled on an interface the entry must be deleted before any changes can be made The information collected for each entry includes input octets packets broadcast packets multicast packets undersize packe...

Страница 489: ...76 Configuring an RMON Statistical Sample To show configured RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 S...

Страница 490: ...ary unit called the Commander which is used to manage all other Member switches in the cluster The management station can use either Telnet or the web interface to communicate directly with the Comman...

Страница 491: ...Clustering on page 786 COMMAND USAGE First be sure that clustering is enabled on the switch the default is disabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not confl...

Страница 492: ...e Step list 3 Set the required attributes for a Commander or a managed candidate 4 Click Apply Figure 279 Configuring a Switch Cluster CLUSTER MEMBER CONFIGURATION Use the Administration Cluster Confi...

Страница 493: ...idates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 280 Configuring a Cluster Members To show the cluster members 1 Click Administration Cluster 2 Select Conf...

Страница 494: ...The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assigned to the Member switch MAC Address The M...

Страница 495: ...onomical than EAPS in that only one physical link is required between each node in the ring However since it can tolerate only one break in the ring it is not as robust as EAPS ERPS supports up to 255...

Страница 496: ...pt blocked on the nodes adjacent to the recovered link The nodes adjacent to the recovered link transmit R APS NR no request message indicating they have no local request When the RPL owner receives a...

Страница 497: ...restriction on which ring link on an ring may be set as the RPL For example the RPL of ERP1 could be set as the link between ring node C and D Ring nodes C and D that are common to both ERP1 and ERP2...

Страница 498: ...onnectivity among all ring nodes until the failure is recovered 4 Configure ERPS timers Configure Domain Configure Details Set the Guard timer to prevent ring nodes from receiving outdated R APS messa...

Страница 499: ...pply to ERPS One switch supports up to 26 ERPS rings each ring must have one Control VLAN and at most 255 Data VLANs Ring ports can not be a member of a trunk nor an LACP enabled port Dynamic VLANs ar...

Страница 500: ...see ERPS Global Configuration on page 499 before a ring can start running Once enabled the RPL owner node and non owner node state machines will start and the ring will enter the active state Limitat...

Страница 501: ...ed W E Shows information on the west and east ring port for this node West Port Shows the west ring port for this node East Port Shows the east ring port for this node Interface The port or trunk whic...

Страница 502: ...he RPL owner specified and the control VLAN configured Once enabled the RPL owner node and non owner node state machines will start and the ring will enter idle state if no signal failures are detecte...

Страница 503: ...ng a loop in the network or other problems which may occur under some situations The Control VLAN must not be configured as a Layer 3 interface with an IP address a dynamic VLAN with GVRP enabled nor...

Страница 504: ...Idle state through the exchange of protocol messages Non revertive behavior for Protection Forced Switch FS and Manual Switch MS states are basically the same Non revertive behavior requires the RPL t...

Страница 505: ...ly revert when all ring links and ring nodes have recovered and no external requests are active Non revertive operation is handled in the following way a The RPL Owner Node does not generate a respons...

Страница 506: ...ng nodes to unblock any blocked non RPL that does not have an SF condition If it is an R APS NR RB message without a DNF indication all ring nodes flush their FDB This action unblocks the ring port wh...

Страница 507: ...n reception of an R APS NR message and in the absence of any other higher priority request starts the WTB timer and waits for it to expire While the WTB timer is running any latent R APS MS message is...

Страница 508: ...le a node that has one ring port in SF condition and detects that the condition has been cleared will continuously transmit R APS NR messages with its own Node ID as priority information over both rin...

Страница 509: ...tual Channel Under certain circumstances it may not be desirable to use a virtual channel to interconnect the sub ring over an arbitrary Ethernet network In this situation the R APS messages are termi...

Страница 510: ...traffic may flood onto the major ring The data traffic will become stable after the MAC addresses are learned again The major ring will not be broken but the bandwidth of data traffic on the major rin...

Страница 511: ...ermittent link faults Faults will only be reported to the ring protection mechanism if this timer expires Range 0 10000 milliseconds in steps of 100 milliseconds In order to coordinate timing of prote...

Страница 512: ...mer i e WTR or WTB is deactivated when any higher priority request preempts this delay timer The delay timers i e WTR and WTB may be started and stopped by the system A request to start running the de...

Страница 513: ...ce MEP Specifies the CCM MEPs used to monitor the link on a ring node If a MEP is used to monitor the link status of an ERPS node with CFM continuity check messages then the MEG Level parameter on thi...

Страница 514: ...Configure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanning tree protocol cannot be configured on the ring ports nor can these ports be members of a static...

Страница 515: ...et Ring Protection Switching 515 Figure 291 Creating an ERPS Ring To show the configured ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Acti...

Страница 516: ...re the FS command was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s...

Страница 517: ...table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS condition and the node at which an FS command was issue...

Страница 518: ...r higher priority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS messag...

Страница 519: ...teps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remove the forced switch command on the node...

Страница 520: ...ross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messag...

Страница 521: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 294 Single CFM Maintenance Domain The...

Страница 522: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Страница 523: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Страница 524: ...up and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against th...

Страница 525: ...forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has re...

Страница 526: ...ng CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cro...

Страница 527: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Страница 528: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Страница 529: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Страница 530: ...end point MEP is created at some lower MA Level None No MIP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 655...

Страница 531: ...the maintenance domains and authorized maintenance levels thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click...

Страница 532: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Страница 533: ...ut If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or...

Страница 534: ...s The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 1 second 5 10 seconds 6 1 minute 7 10 minutes Connectivity Check Enables t...

Страница 535: ...1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4 Select an entry from the MD Index list 5 Specify the MAs assigned to each domain the VLAN throu...

Страница 536: ...Click Administration CFM 2 Select Configure MA from the Step list 3 Select Configure Details from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the CCM interval enable the tra...

Страница 537: ...EP s MA or the direction it faces first delete the MEP and then create a new one PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 1 2147483647...

Страница 538: ...ts CONFIGURING REMOTE MAINTENANCE END POINTS Use the Administration CFM Configure Remote MEP Add page to specify remote maintenance end points MEPs set on other CFM enabled devices within a common MA...

Страница 539: ...e waits for remote MEPs to come up before starting the cross check operation can be configured on the Configure Global page see Configuring Global Settings for CFM SNMP traps for continuity check even...

Страница 540: ...Trace page to transmit link trace messages LTMs These messages can isolate connectivity faults by tracing the path through a network to the designated target node i e a remote maintenance end point C...

Страница 541: ...er Parameters controlling the link trace cache including operational state entry hold time and maximum size can be configured on the Configure Global page see Configuring Global Settings for CFM PARAM...

Страница 542: ...d isolation after automatic detection of a fault or receipt of some other error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving...

Страница 543: ...ess can be entered in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx Count The number of times the loopback message is sent Range 1 1024 Packet Size The size of the loopback message...

Страница 544: ...a frame with DM request information and the receiving MEP responds with a frame with DM reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of...

Страница 545: ...asure messages Range 1 5 seconds Default 1 second Timeout The timeout to wait for a response Range 1 5 seconds Default 5 seconds WEB INTERFACE To transmit delay measure messages 1 Click Administration...

Страница 546: ...the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Up indicates that the MEP faces inward toward the switch cross con...

Страница 547: ...ce point Direction The direction in which the MEP faces on the Bridge port up or down Interface The port to which this MEP is attached CC Status Shows if the MEP will generate CCM messages MAC Address...

Страница 548: ...FM 2 Select Show Information from the Step list 3 Select Show Local MEP Details from the Action list 4 Select an entry from MD Index and MA Index 5 Select a MEP ID Figure 312 Showing Detailed Informat...

Страница 549: ...CFM 2 Select Show Information from the Step list 3 Select Show Local MIP from the Action list Figure 313 Showing Information on Local MIPs DISPLAYING REMOTE MEPS Use the Administration CFM Show Infor...

Страница 550: ...CFM 2 Select Show Information from the Step list 3 Select Show Remote MEP from the Action list Figure 314 Showing Information on Remote MEPs DISPLAYING DETAILS FOR REMOTE MEPS Use the Administration...

Страница 551: ...Up The port is functioning normally Blocked The port has been blocked by the Spanning Tree Protocol No port state Either no CCM has been received or nor port status TLV was received in the last CCM I...

Страница 552: ...from MD Index and MA Index 5 Select a MEP ID Figure 315 Showing Detailed Information on Remote MEPs DISPLAYING THE LINK TRACE CACHE Use the Administration CFM Show Information Show Link Trace Cache pa...

Страница 553: ...locked The ingress port can be identified but the target data frame was not forwarded when received on this port due to active topology management i e the bridge port is not in the forwarding state In...

Страница 554: ...settings for the fault notification generator CLI REFERENCES show ethernet cfm fault notify generator on page 1385 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD...

Страница 555: ...are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote MA...

Страница 556: ...continuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 318 Showing Continuity Check Errors OAM...

Страница 557: ...nterface is not operational Passive Wait This value is returned only by OAM entities in passive mode and indicates the OAM entity is waiting to see if the peer device is OAM capable Active Send Local...

Страница 558: ...events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reached or exceeded within the specified period If reporting is enabled...

Страница 559: ...OAM messages passed across each port CLI REFERENCES show efm oam counters interface on page 1397 clear efm oam counters on page 1394 PARAMETERS These parameters are displayed Port Port identifier Ran...

Страница 560: ...ND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted...

Страница 561: ...ction Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where...

Страница 562: ...an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loop back mode During a remote...

Страница 563: ...ed during the last loopback test on this interface Loss Rate The percentage of packets for which there was no response WEB INTERFACE To initiate a loop back test to the peer device attached to the sel...

Страница 564: ...Loop Back Show Test Result page to display the results of remote loop back testing for each port for which this information is available CLI REFERENCES show efm oam remote loopback interface on page...

Страница 565: ...INTERFACE To display the results of remote loop back testing for each port for which this information is available 1 Click Administration OAM Remote Loop Back 2 Select Show Test Result from the Action...

Страница 566: ...CHAPTER 14 Basic Administration Protocols OAM Configuration 566...

Страница 567: ...r IPv6 Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation OVERVIEW Multicasting is used to support...

Страница 568: ...s only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service The purpose of IP multicast filtering is to...

Страница 569: ...of these sources IGMPv3 hosts may also request that service be forwarded from any source except for those specified In this case traffic is filtered from sources in the Exclude list and forwarded fro...

Страница 570: ...ONFIGURING IGMP SNOOPING AND QUERY PARAMETERS Use the Multicast IGMP Snooping General page to configure the switch to forward multicast traffic intelligently Based on the IGMP query and report message...

Страница 571: ...s command the switch performs IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 including last leave and query suppression Last leave sends out a proxy query when the last m...

Страница 572: ...a spanning tree receives a TCN for a VLAN where IGMP snooping is enabled it issues a global IGMP leave message or query solicitation When a switch receives this solicitation it floods it to all ports...

Страница 573: ...e that is uplink port starts up the switch sends unsolicited reports for all currently learned multicast channels via the new upstream interface This command only applies when proxy reporting is enabl...

Страница 574: ...face and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate i...

Страница 575: ...y is static or dynamic Expire Time until this dynamic entry expires WEB INTERFACE To specify a static interface attached to a multicast router 1 Click Multicast IGMP Snooping Multicast Router 2 Select...

Страница 576: ...nterfaces Attached a Multicast Router ASSIGNING INTERFACES TO MULTICAST SERVICES Use the Multicast IGMP Snooping IGMP Member Add Static Member page to statically assign a multicast service to an inter...

Страница 577: ...cast group Multicast IP The IP address for a specific multicast service WEB INTERFACE To statically assign an interface to a multicast service 1 Click Multicast IGMP Snooping IGMP Member 2 Select Add...

Страница 578: ...ches from different vendors In response to this problem the Multicast Router Discovery MRD protocol has been developed for use by IGMP snooping and multicast routing devices MRD is used to discover wh...

Страница 579: ...erface with IP multicast forwarding and MRD enabled a router will respond with an Advertisement Multicast Router Termination These messages are sent when a router stops IP multicast routing functions...

Страница 580: ...vice if a leave packet is received at that port and immediate leave is enabled for the parent VLAN Default Disabled If immediate leave is not used a multicast router or querier will send a group speci...

Страница 581: ...upstream from the multicast router port If a proxy query address is not configured the switch will use the VLAN s IP address as the IP source address in general and group specific query messages sent...

Страница 582: ...ting is enabled page 570 or IGMP querier is enabled page 570 Last Member Query Count The number of IGMP proxy group specific or group and source specific query messages that are sent out before the sy...

Страница 583: ...igure and update the required parameters 4 Click Apply Figure 332 Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping 1 Click Multicast IGMP Snooping Interface 2 Selec...

Страница 584: ...any IGMP query packets received on the specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Default Disabled Multica...

Страница 585: ...rwarding traffic to downstream ports for the specified multicast group address Group Address IP multicast group address with subscribers directly attached or downstream from the switch or a static mul...

Страница 586: ...TERS These parameters are displayed VLAN VLAN identifier Range 1 4094 Port Port identifier Range 1 28 52 Trunk Trunk identifier Range 1 16 Query Statistics Other Querier IP address of remote querier o...

Страница 587: ...ed for this interface V3 Warning Count The number of times the query version received Version 3 does not match the version configured for this interface VLAN Port and Trunk Statistics Input Statistics...

Страница 588: ...to invalid format rate limiting packet content not allowed or IGMP group report received Group The number of IGMP groups active on this interface WEB INTERFACE To display statistics for IGMP snooping...

Страница 589: ...a VLAN Figure 337 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from...

Страница 590: ...oup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a p...

Страница 591: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Страница 592: ...340 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure...

Страница 593: ...MP FILTERING AND THROTTLING FOR INTERFACES Use the Multicast IGMP Snooping Filter Configure Interface page to assign and IGMP filter profile to interfaces on the switch or to throttle multicast traffi...

Страница 594: ...ge 1 1023 Default 1023 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximum number of multicast group...

Страница 595: ...to IGMPv2 query report and leave messages MLDv2 control packets include MLDv2 query and report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are indep...

Страница 596: ...uery Interval The interval between sending MLD general queries Range 60 125 seconds Default 125 seconds This attribute applies when the switch is serving as the querier An MLD general query message is...

Страница 597: ...ENCES ipv6 mld snooping vlan immediate leave on page 1267 PARAMETERS These parameters are displayed VLAN A VLAN identification number Range 1 4094 Immediate Leave Status Immediately deletes a member p...

Страница 598: ...ctions MLD snooping may not always be able to locate the MLD querier Therefore if the MLD querier is a known multicast router switch connected over the network to an interface port or trunk on the swi...

Страница 599: ...terface for an IPv6 Multicast Router To show the static interfaces attached to a multicast router 1 Click Multicast MLD Snooping Multicast Router 2 Select Show Static Multicast Router from the Action...

Страница 600: ...group CLI REFERENCES ipv6 mld snooping vlan static on page 1269 clear ipv6 mld snooping groups dynamic on page 1269 COMMAND USAGE Static multicast addresses are never aged out When a multicast addres...

Страница 601: ...pecify the interface attached to a multicast service through an MLD enabled switch or multicast router and enter the multicast IP address 4 Click Apply Figure 350 Assigning an Interface to an IPv6 Mul...

Страница 602: ...nformation page to display known multicast groups member ports the means by which each group was learned and the corresponding source list CLI REFERENCES show ipv6 mld snooping group source list on pa...

Страница 603: ...ded on the router s exclude list WEB INTERFACE To display known MLD multicast groups 1 Click Multicast MLD Snooping Group Information 2 Select the port or trunk and then select a multicast service ass...

Страница 604: ...nd assign the profile to an MVR domain see Configuring MVR Group Address Profiles on page 608 3 Set the interfaces that will join the MVR as source ports or receiver ports see Configuring MVR Interfac...

Страница 605: ...eam or router interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be conf...

Страница 606: ...which the source port has dynamically joined Always Forward By default the switch forwards any multicast streams within the address range set by a profile and bound to a domain The multicast streams a...

Страница 607: ...s the channel for streaming multicast services using MVR MVR source ports should be configured as members of the MVR VLAN see Adding Static Members to VLANs on page 205 but MVR receiver ports should n...

Страница 608: ...be assigned to all ingress multicast traffic and set the source IP address for all control packets sent upstream as required 5 Click Apply Figure 356 Configuring Domain Settings for MVR CONFIGURING MV...

Страница 609: ...ng one or more MVR group addresses Range 1 21 characters Start IP Address Starting IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 End IP Address Ending IP address for an MVR mul...

Страница 610: ...cast MVR 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure 358 Displaying MVR Group Address Profiles To assign an MVR group address profile to a domain 1 Click Mu...

Страница 611: ...ly one subscriber attached to an interface is receiving multicast services you can enable the immediate leave function CLI REFERENCES MVR for IPv4 on page 1281 COMMAND USAGE A port configured as an MV...

Страница 612: ...the group list Using immediate leave can speed up leave latency but should only be enabled on a port attached to one multicast subscriber to avoid disrupting services to other group members attached...

Страница 613: ...s an MVR receiver Default Disabled By Group The receiver port is immediately removed from the multicast group identified in the leave message By Host IP The router querier will not send out a group sp...

Страница 614: ...m 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Only IGMP version 2 or 3 hosts can issue multic...

Страница 615: ...ect an MVR domain 5 Select a VLAN and interface to receive the multicast stream and then enter the multicast group address 6 Click Apply Figure 362 Assigning Static MVR Groups to an Interface To show...

Страница 616: ...to the MVR VLAN VLAN Indicates the MVR VLAN receiving the multicast service Note that this may be different from the MVR VLAN if the group address has been statically assigned Port Shows the interface...

Страница 617: ...ange 1 5 VLAN VLAN identifier Range 1 4094 Port Port identifier Range 1 28 52 Trunk Trunk identifier Range 1 16 Query Statistics Querier IP Address The IP address of the querier on this interface Quer...

Страница 618: ...or group and source specific query messages received on this interface Drop The number of times a report leave or query was dropped Packets may be dropped due to invalid format rate limiting packet co...

Страница 619: ...r IPv4 619 WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Страница 620: ...stics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR domain 5 Select a VLAN Figure 366 Displaying MVR Statistics VLAN To display MVR protocol related statistics...

Страница 621: ...VR6 Domain Settings on page 624 2 Create an MVR6 profile by specifying the multicast groups that will stream traffic to attached hosts and assign the profile to an MVR6 domain see Configuring MVR6 Gro...

Страница 622: ...l downstream interfaces which require MVR proxy service When the source port receives report and leave messages it only forwards them to other source ports When receiver ports receive any query messag...

Страница 623: ...domain The multicast streams are sent to all source ports on the switch and to all receiver ports that have elected to receive data on that multicast address Dynamic When dynamic mode is enabled the...

Страница 624: ...ssary conditions in the MVR6 environment are satisfied Running status is Active as long as MVR6 is enabled the specified MVR6 VLAN exists and a source port with a valid link has been configured see Co...

Страница 625: ...t MVR6 Configure Profile and Associate Profile pages to assign the multicast group address for required services to one or more MVR6 domains CLI REFERENCES MVR for IPv6 on page 1303 COMMAND USAGE Use...

Страница 626: ...for an MVR6 multicast group This parameter must be a full IPv6 address including the network prefix and host address bits End IPv6 Address Ending IP address for an MVR6 multicast group This parameter...

Страница 627: ...ile from the Step list 3 Select Show from the Action list Figure 371 Displaying MVR6 Group Address Profiles To assign an MVR6 group address profile to a domain 1 Click Multicast MVR6 2 Select Associat...

Страница 628: ...under MVR6 Receiver ports can belong to different VLANs but should not be configured as a member of the MVR6 VLAN MVR6 allows a receiver port to dynamically join or leave multicast groups sourced thr...

Страница 629: ...pate in the MVR6 VLAN This is the default type Source An uplink port that can send and receive multicast data for the groups assigned to the MVR6 VLAN Note that the source port must be manually config...

Страница 630: ...MVR6 2 Select Configure Interface from the Step list 3 Select Port or Trunk interface 4 Select an MVR6 domain 5 Set each port that will participate in the MVR6 protocol as a source port or receiver p...

Страница 631: ...e displayed Domain ID An independent multicast domain Range 1 5 Interface Port or trunk identifier VLAN VLAN identifier Range 1 4094 Group IPv6 Address Defines a multicast service sent to the selected...

Страница 632: ...eiver groups on each interface CLI REFERENCES show mvr6 members on page 1318 PARAMETERS These parameters are displayed Domain ID An independent multicast domain Range 1 5 Group IPv6 Address Multicast...

Страница 633: ...an MVR6 domain Figure 377 Displaying MVR6 Receiver Groups DISPLAYING MVR6 STATISTICS Use the Multicast MVR6 Show Statistics pages to display MVR6 protocol related statistics for the specified interfa...

Страница 634: ...leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or group and source specific query messages r...

Страница 635: ...IPv6 635 WEB INTERFACE To display statistics for MVR6 query related messages 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Страница 636: ...Pv6 636 To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR6 do...

Страница 637: ...Pv6 637 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 do...

Страница 638: ...CHAPTER 15 Multicast Filtering Multicast VLAN Registration for IPv6 638...

Страница 639: ...itch An IPv4 address is obtained via DHCP by default for VLAN 1 To configure a static address you need to change the switch s default settings to values that are compatible with your network You may a...

Страница 640: ...ses can include the IP address subnet mask and default gateway Default DHCP IP Address Type Specifies a primary or secondary IP address An interface can have only one primary IP address but can have m...

Страница 641: ...face and then enter the IP address and subnet mask 4 Click Apply Figure 381 Configuring a Static IPv4 Address To obtain an dynamic address through DHCP BOOTP for the switch 1 Click IP General Routing...

Страница 642: ...a specific period of time If the address expires or the switch is moved to another network segment you will lose management access to the switch In this case you can reboot the switch or submit a cli...

Страница 643: ...attached to the same local subnet Management traffic using this kind of address cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple...

Страница 644: ...al values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields WEB INTERFACE To configure an IPv6 default gateway for the switc...

Страница 645: ...is to be used for management access or as a standard interface for a subnet By default all ports on the switch are members of VLAN 1 However the management station can be attached to a port belonging...

Страница 646: ...interface before the MTU can be set If an IPv6 address has not been assigned to the switch N A is displayed in the MTU field ND DAD Attempts The number of consecutive neighbor solicitation messages se...

Страница 647: ...imit configured by this parameter allows the router to detect unavailable neighbors During the neighbor discover process an IPv6 node will multicast neighbor solicitation messages to search for neighb...

Страница 648: ...Advertisements RA convey information that enables nodes to auto configure on the network This information may include the default router address taken from the observed source address of the RA messag...

Страница 649: ...nsidered reachable 6 Click Apply Figure 385 Configuring General Settings for an IPv6 Interface To configure RA Guard for the switch 1 Click IP IPv6 Configuration 2 Select Configure Interface from the...

Страница 650: ...by entering the full address with a network prefix in the range of FE80 FEBF To connect to a larger network with multiple subnets you must configure a global unicast address There are several alterna...

Страница 651: ...of the address Note that the value specified in the IPv6 Address field may include some of the high order host bits if the specified prefix length is less than 64 bits If the specified prefix length...

Страница 652: ...cify the VLAN to configure select the address type and then enter an IPv6 address and prefix length 4 Click Apply Figure 387 Configuring an IPv6 Address SHOWING IPV6 ADDRESSES Use the IP IPv6 Configur...

Страница 653: ...dress it is assigned IPv6 addresses that differ only in the high order bits e g due to multiple high order prefixes associated with different aggregations will map to the same solicited node address t...

Страница 654: ...chable Positive confirmation was received within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACH state the device takes no special action when send...

Страница 655: ...t Control Message Protocol for Version 6 addresses is a network layer protocol that transmits message packets to report errors in processing IPv6 packets ICMP is therefore an integral part of the Inte...

Страница 656: ...e for some of the datagrams Truncated Packets The number of input datagrams discarded because datagram frame didn t carry enough data Discards The number of input IPv6 datagrams for which no problems...

Страница 657: ...lly fragmented at this output interface Fragment Failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not be ICMPv6 Stat...

Страница 658: ...sent by the interface Parameter Problem Message The number of ICMP Parameter Problem messages sent by the interface Echo Reply Messages The number of ICMP Echo Reply messages sent by the interface Ro...

Страница 659: ...ting the Switch s IP Address IP Version 6 659 WEB INTERFACE To show the IPv6 statistics 1 Click IP IPv6 Configuration 2 Select Show Statistics from the Action list 3 Click IPv6 ICMPv6 or UDP Figure 39...

Страница 660: ...CHAPTER 16 IP Configuration Setting the Switch s IP Address IP Version 6 660 Figure 391 Showing IPv6 Statistics ICMPv6 Figure 392 Showing IPv6 Statistics UDP...

Страница 661: ...1444 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure 393 Showing Reporte...

Страница 662: ...CHAPTER 16 IP Configuration Setting the Switch s IP Address IP Version 6 662...

Страница 663: ...DOMAIN NAME SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network When a client device des...

Страница 664: ...or DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of domain names to be tried in sequential order CLI REFERENCES ip domain list on page...

Страница 665: ...Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Add...

Страница 666: ...until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status P...

Страница 667: ...MAND USAGE Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are displ...

Страница 668: ...ve been learned via the designated name servers CLI REFERENCES show dns cache on page 1408 COMMAND USAGE Servers or other network devices may support one or more connections via multiple IP addresses...

Страница 669: ...TP or DHCP server you can relay DHCP client requests to a DHCP server on another subnet SPECIFYING A DHCP CLIENT IDENTIFIER Use the IP Service DHCP Client page to specify the DHCP client identifier fo...

Страница 670: ...but the format used by both the client and server must be the same PARAMETERS These parameters are displayed in the web interface VLAN ID of configured VLAN Vendor Class ID The following options are...

Страница 671: ...client is located Then the switch forwards the packet to the DHCP server When the server receives the DHCP request it allocates a free IP address for the DHCP client from its defined scope for the DHC...

Страница 672: ...vers in order of preference 3 Click Apply Figure 404 Configuring DHCP Relay Service CONFIGURING THE PPPOE INTERMEDIATE AGENT This section describes how to configure the PPPoE Intermediate Agent PPPoE...

Страница 673: ...e enabled on an interface Access Node Identifier String identifying this switch as an PPPoE IA to the PPPoE server Range 1 48 ASCII characters Default IP address of first IPv4 interface on the switch...

Страница 674: ...d globally on the switch for this command to take effect Trust Status Sets an interface to trusted mode to indicate that it is connected to a PPPoE server Default Disabled Set any interfaces connectin...

Страница 675: ...which the discovery packet was received entering the switch or access node where the intermediate agent resides Outgoing PAD Offer PADO and Session confirmation PADS packets sent from the PPPoE Serve...

Страница 676: ...splayed Interface Port or trunk selection Received Received PPPoE active discovery messages All All PPPoE active discovery message types PADI PPPoE Active Discovery Initiation messages PADO PPPoE Acti...

Страница 677: ...Agent 677 WEB INTERFACE To show statistics for PPPoE IA protocol messages 1 Click IP Service PPPoE Intermediate Agent 2 Select Show Statistics from the Step list 3 Select Port or Trunk interface type...

Страница 678: ...CHAPTER 17 IP Services Configuring the PPPoE Intermediate Agent 678...

Страница 679: ...switch is first booted default routing can only forward traffic between local IP interfaces As with all traditional routers static and dynamic routing functions must first be configured to work INITI...

Страница 680: ...placing destination source MAC addresses for each hop Incrementing the hop count Decrementing the time to live Verifying and recalculating the Layer 3 checksum If the destination node is on the same s...

Страница 681: ...ready there the switch broadcasts an ARP packet to all the ports on the destination VLAN to find out the destination MAC address After the MAC address is discovered the packet is reformatted and sent...

Страница 682: ...twork prefix number to which the router interface is attached and the router s host number on that network In other words a router interface address defines the network segment that is connected to th...

Страница 683: ...S Service Parameters on page 663 and one or more DNS servers specified see Configuring a List of Name Servers on page 666 or Configuring Static DNS Host to Address Entries on page 667 Probe Count Numb...

Страница 684: ...vice USING THE TRACE ROUTE FUNCTION Use the IP General Trace Route page to show the route packets take to the specified destination CLI REFERENCES traceroute on page 1426 PARAMETERS These parameters a...

Страница 685: ...e If the timer goes off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long sequence of these messages terminating only when the maxi...

Страница 686: ...the destination IP address in the message However if it does match they write their own hardware address into the destination MAC address field and send the message back to the source hardware address...

Страница 687: ...Default Disabled End stations that require Proxy ARP must view the entire network as a single network These nodes must therefore use a smaller subnet mask than that used by the router or other releva...

Страница 688: ...cations may not respond to ARP requests or the response arrives too late causing network operations to time out Static entries will not be aged out or deleted when power is reset You can only remove a...

Страница 689: ...NAMIC OR LOCAL ARP ENTRIES Use the IP ARP Show Information page to display dynamic or local entries in the ARP cache The ARP cache contains static entries and entries for local interfaces including su...

Страница 690: ...e the IP ARP Show Information page to display statistics for ARP messages crossing all interfaces on this router CLI REFERENCES show ip traffic on page 1425 PARAMETERS These parameters are displayed T...

Страница 691: ...automatically change in response to changes in network topology so you should only configure a small number of stable routes to ensure network accessibility CLI REFERENCES ip route on page 1468 ip sw...

Страница 692: ...Next Hop IP address of the next router hop used for this route Distance An administrative distance indicating that this route can be overridden by other routing information Range 1 255 Default 1 WEB...

Страница 693: ...e interface identifier and next hop information for each reachable destination network prefix based on the IP routing table When routing or topology changes occur in the network the routing table is u...

Страница 694: ...icates the default gateway for this router Net Mask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets Next Hop The IP address of...

Страница 695: ...on page 793 Remote Monitoring Commands on page 815 Authentication Commands on page 823 General Security Measures on page 889 Access Control Lists on page 969 Interface Commands on page 995 Link Aggre...

Страница 696: ...s of Service Commands on page 1195 Quality of Service Commands on page 1207 Multicast Filtering Commands on page 1225 LLDP Commands on page 1323 CFM Commands on page 1347 OAM Commands on page 1389 Dom...

Страница 697: ...nsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CL...

Страница 698: ...54 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isola...

Страница 699: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Страница 700: ...table Show collision mac address debug State of each debugging option discard Discard packet dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q t...

Страница 701: ...rmation tech support Technical information time range Time range traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Informatio...

Страница 702: ...the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands...

Страница 703: ...is opened To end the CLI session enter Exit Console Username guest Password guest login password CLI session with the ECS4110 52T is opened To end the CLI session enter Exit Console enable Password pr...

Страница 704: ...ime range for use by other functions such as Access Control Lists VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mode enter the command configure in Pr...

Страница 705: ...ne 749 MSTP spanning tree mst configuration Console config mstp 1098 Policy Map policy map Console config pmap 1211 Time Range time range Console config time range 783 VLAN vlan database Console confi...

Страница 706: ...Delete key or backspace key Erases a mistake when entering a command Table 49 Keystroke Commands Continued Keystroke Function Table 50 Command Group Index Command Group Description Page General Basic...

Страница 707: ...table or sets the aging time 1085 Spanning Tree Configures Spanning Tree settings for the switch 1091 ERPS Configures Ethernet Ring Protection Switching for increased availability of Ethernet rings c...

Страница 708: ...Spanning Tree NE Normal Exec PE Privileged Exec PM Policy Map Configuration VC VLAN Database Configuration IP Interface Configures IP address for the switch interfaces also configures ARP parameters a...

Страница 709: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Страница 710: ...of week monthly day cancel at in regularity reload at A specified time at which to reload the switch hour The hour at which to reload Range 0 23 minute The minute at which to reload Range 0 59 month...

Страница 711: ...02 10 43 2007 Are you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands...

Страница 712: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Страница 713: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 714: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 711 reload Privileged Exec This command restarts the system NOT...

Страница 715: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 716: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 717: ...gers and version information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port includi...

Страница 718: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 54 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Страница 719: ...rted If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company EdgeCore Networks Responsible de...

Страница 720: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Страница 721: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or ot...

Страница 722: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Страница 723: ...None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersco...

Страница 724: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Страница 725: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Страница 726: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Страница 727: ...section describes commands used to display system information Table 55 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show memo...

Страница 728: ...or a port the system will also use two PCEs EXAMPLE Console show access list tcam utilization Total Policy Control Entries 768 Free Policy Control Entries 756 Entries Used by System 12 Entries Used by...

Страница 729: ...ation in the past 60 seconds Average Utilization 36 Maximum Utilization 39 Alarm Status Current Alarm Status Off Last Alarm Start Time Dec 28 11 20 01 2013 Last Alarm Duration Time 13 seconds Alarm Co...

Страница 730: ...Multiple spanning tree instances name and interfaces IP address configured for management VLAN Interface settings Any configured settings for the console port and Telnet EXAMPLE Console show running...

Страница 731: ...d in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This comman...

Страница 732: ...0 seconds System Name System Location System Contact MAC Address Unit 1 00 E0 0C 00 00 FD Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enabl...

Страница 733: ...ort 23 Jumbo Frame Disabled show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet client DEFAULT SETTING None COMMAND MODE Normal Exec Privileg...

Страница 734: ...on on the items displayed by this command EXAMPLE Console show version Serial Number S123456 Hardware Version R0A EPLD Version 0 00 Number of Ports 52 Main Power Status Up Role Master Loader Version 0...

Страница 735: ...and enables support for Layer 2 jumbo frames for Gigabit Ethernet ports Use the no form to disable it SYNTAX no jumbo frame DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Thi...

Страница 736: ...ing runtime code the destination file name can be specified to replace the current image or the file can be first downloaded using a different name from the current runtime code file and then the new...

Страница 737: ...booted PE Automatic Code Upgrade Commands upgrade opcode auto Automatically upgrades the current image when a new version is detected on the indicated server GC upgrade opcode path Specifies an FTP T...

Страница 738: ...tings listed in the specified file to the running configuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certificate Keyword...

Страница 739: ...tch to use HTTPS for a secure connection see the ip http secure server command When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note t...

Страница 740: ...his example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19...

Страница 741: ...sole delete This command deletes a file or image SYNTAX delete file name filename filename Name of configuration file or code image DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE If t...

Страница 742: ...ystem displays all files File information is shown below EXAMPLE The following example shows how to display all file information Console dir File Name Type Startup Modify Time Size bytes Unit 1 ECS411...

Страница 743: ...05 08 08 59 03 1588 Console Automatic Code Upgrade Commands upgrade opcode auto This command automatically upgrades the current operational code when a new version is detected on the server indicated...

Страница 744: ...running config or show startup config commands EXAMPLE Console config upgrade opcode auto Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config If a new image is found at the specifi...

Страница 745: ...the following syntax must be used where filedir indicates the path to the directory containing the new image ftp username password 192 168 0 1 filedir If the user name is omitted anonymous will be use...

Страница 746: ...ed Path File Name ecs4110 series bix Console TFTP Configuration Commands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP server after wai...

Страница 747: ...o ip tftp timeout seconds The the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out Range 1 65535 seconds DEFAULT SETTING 5 seconds COMMAND MODE...

Страница 748: ...generated by hardware LC exec timeout Sets the interval that the command interpreter waits until user input is detected LC login Enables password checking at login LC parity Defines the generation of...

Страница 749: ...own as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections EXAMPLE To enter console line mode enter the following comman...

Страница 750: ...ntil user input is detected Use the no form to restore the default SYNTAX exec timeout seconds no exec timeout seconds Integer that specifies the timeout interval Range 60 65535 seconds 0 no timeout D...

Страница 751: ...mmand When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default sett...

Страница 752: ...as terminals and modems often require a specific parity bit setting EXAMPLE To specify no parity enter this command Console config line parity none Console config line password This command specifies...

Страница 753: ...There is no need for you to manually configure encrypted passwords EXAMPLE Console config line password 0 secret Console config line RELATED COMMANDS login 751 password thresh 753 password thresh Thi...

Страница 754: ...ime value SYNTAX silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 where 0 means disabled DEFAULT SETTING Disabled COMMAND MODE Line Configurat...

Страница 755: ...icates if the speed you selected is not supported EXAMPLE To specify 57600 bps enter this command Console config line speed 57600 Console config line stopbits This command sets the number of the stop...

Страница 756: ...ion This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting EXAMPLE...

Страница 757: ...h width escape character The keyboard character used to escape from current line input ASCII number ASCII decimal equivalent Range 0 255 character Any valid keyboard character history The number of li...

Страница 758: ...cess i e Telnet DEFAULT SETTING Shows all lines COMMAND MODE Normal Exec Privileged Exec EXAMPLE To show all lines enter this command Console show line Terminal Configuration for this session Length 2...

Страница 759: ...64 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding database EXAMPLE Consol...

Страница 760: ...ash errors level 3 0 RAM debugging level 7 0 COMMAND MODE Global Configuration COMMAND USAGE The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Страница 761: ...to build up a list of host IP addresses The maximum number of host IP addresses allowed is five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of...

Страница 762: ...se the no form to disable remote logging SYNTAX logging trap level level no logging trap level level One of the syslog severity levels listed in the table on page 760 Messages sent include the selecte...

Страница 763: ...COMMANDS show log 763 show log This command displays the log messages stored in local memory SYNTAX show log flash ram flash Event history stored in flash memory i e permanent memory ram Event histor...

Страница 764: ...dmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power reset s...

Страница 765: ...gging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message...

Страница 766: ...that will be sent alert messages Use the no form to remove an SMTP server SYNTAX no logging sendmail host host host IPv4 or IPv6 address of an SMTP server that will be sent alert messages for event ha...

Страница 767: ...n If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection EXAMPLE Console config logging sendmail host...

Страница 768: ...ers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient EX...

Страница 769: ...resses ted this company com SMTP Source Email Address bill this company com SMTP Status Enabled Console TIME The system clock can be dynamically set by polling a set of specified time servers NTP or S...

Страница 770: ...p poll command NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables the NTP client for time updates from...

Страница 771: ...0 0 0 0 0 0 Current Server 137 92 140 80 Console RELATED COMMANDS sntp server 772 sntp poll 771 show sntp 772 sntp poll This command sets the interval between sending time requests when the switch is...

Страница 772: ...servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchroni...

Страница 773: ...e the no form to disable authentication SYNTAX no ntp authenticate DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE You can enable NTP authentication to ensure that reliable up...

Страница 774: ...figuration COMMAND USAGE The key number specifies a key value in the NTP authentication key list Up to 255 keys can be configured on the switch Re enter this command for each server you want to config...

Страница 775: ...uests based on the interval set via the ntp poll command EXAMPLE Console config ntp client Console config RELATED COMMANDS sntp client 770 ntp server 775 ntp server This command sets the IP addresses...

Страница 776: ...e config ntp server 192 168 3 21 Console config ntp server 192 168 5 23 key 19 Console config RELATED COMMANDS ntp client 774 show ntp 776 show ntp This command displays the current time and configura...

Страница 777: ...l begin b hour The hour summer time will begin Range 0 23 hours b minute The minute summer time will begin Range 0 59 minutes e date Day of the month when summer time will end Range 1 31 e month The m...

Страница 778: ...predefined australia europe new zealand usa no clock summer time name Name of the timezone while summer time is in effect usually an acronym Range 1 30 characters DEFAULT SETTING Disabled COMMAND MOD...

Страница 779: ...day The day of the week when summer time will begin Options sunday monday tuesday wednesday thursday friday saturday b month The month when summer time will begin Options january february march april...

Страница 780: ...afternoons have more daylight and mornings have less This is known as Summer Time or Daylight Savings Time DST Typically clocks are adjusted forward one hour at the start of spring and then adjusted b...

Страница 781: ...a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC EXAMPLE Console config clock timezone Japan hours 8 minute...

Страница 782: ...Privileged Exec EXAMPLE Console show calendar Current Time Dec 28 18 14 47 2013 Time Zone UTC 00 00 Summer Time Not configured Summer Time in Effect No Console TIME RANGE This section describes the co...

Страница 783: ...of seven rules can be configured for a time range EXAMPLE Console config time range r d Console config time range RELATED COMMANDS Access Control Lists 969 absolute This command sets the time range fo...

Страница 784: ...ngle occurrence of an event Console config time range r d Console config time range absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console config time range periodic This command sets the time r...

Страница 785: ...ent time is within the absolute time range and one of the periodic time ranges EXAMPLE This example configures a time range for the periodic occurrence of an event Console config time range sales Cons...

Страница 786: ...automatically discovers other cluster enabled switches in the network These Candidate switches only become cluster Members when manually selected by the administrator through the management station T...

Страница 787: ...a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member...

Страница 788: ...o reset to the default address SYNTAX cluster ip pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x DEFAU...

Страница 789: ...r switch Range 1 36 DEFAULT SETTING No Members COMMAND MODE Global Configuration COMMAND USAGE The maximum number of cluster Members is 36 The maximum number of cluster Candidates is 100 EXAMPLE Conso...

Страница 790: ...e switch clustering configuration COMMAND MODE Privileged Exec EXAMPLE Console show cluster Role commander Interval Heartbeat 30 Heartbeat Loss Count 3 seconds Number of Members 1 Number of Candidates...

Страница 791: ...hows the discovered Candidate switches in the network COMMAND MODE Privileged Exec EXAMPLE Console show cluster candidates Cluster Candidates Role MAC Address Description Active member 00 E0 0C 00 00...

Страница 792: ...CHAPTER 21 System Management Commands Switch Clustering 792...

Страница 793: ...Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Display...

Страница 794: ...n multicast traffic exceeds the upper threshold for automatic storm control IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper thre...

Страница 795: ...nity string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number o...

Страница 796: ...tact string Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length...

Страница 797: ...input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication E...

Страница 798: ...page 1347 mac notification Keyword to issue trap when a dynamic MAC address is added or removed interval Specifies the interval between issuing two consecutive traps Range 1 3600 seconds Default 1 se...

Страница 799: ...ion 1 2c 3 auth noauth priv udp port port no snmp server host host addr host addr IPv4 or IPv6 address of the host the targeted recipient Maximum host addresses 5 trap destination IP address entries i...

Страница 800: ...raps or informs and to specify which SNMP notifications are sent globally For a host to receive notifications at least one snmp server enable traps command and the snmp server host command for that ho...

Страница 801: ...r host command does not specify the SNMP version the default is to send SNMP version 1 notifications If you specify an SNMP Version 3 host then the community string is interpreted as an SNMP user name...

Страница 802: ...p server enable port traps mac notification Console config show snmp server enable port traps This command shows if SNMP traps are enabled or disabled for the specified interfaces SYNTAX show snmp ser...

Страница 803: ...ine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A remote engine ID is required when using SNMPv3 informs See the s...

Страница 804: ...ith authentication and privacy See Simple Network Management Protocol on page 452 for further information about these authentication and encryption options readview Defines the view for read access 1...

Страница 805: ...ord priv des56 priv password no snmp server user username v1 v2c v3 remote username Name of user connecting to the SNMP agent Range 1 32 characters groupname Name of an SNMP group to which the user is...

Страница 806: ...is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remote user will fail SNMP password...

Страница 807: ...MIB 2 interfaces table ifDescr The wild card is used to select all the index values in this table Console config snmp server view ifEntry 2 1 3 6 1 2 1 2 2 1 2 included Console config This view inclu...

Страница 808: ...efaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type vola...

Страница 809: ...atus active Console Table 71 show snmp group display description Field Description Group Name Name of an SNMP group Security Model The SNMP version Read View The associated read view Write View The as...

Страница 810: ...ommand enables or disables the specified notification log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled Row Status The row status of this en...

Страница 811: ...ile name Range 1 32 characters ip address IPv4 or IPv6 address of a remote device The specified target host must already have been configured using the snmp server host command NOTE The notification l...

Страница 812: ...rmation until a logging profile specified with this command is enabled with the nlm command Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entr...

Страница 813: ...X memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 falling threshold...

Страница 814: ...in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 DEFAULT SETTING Rising Threshold 90 Falling Threshold 70 COMMAND MODE Globa...

Страница 815: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 816: ...ue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered If...

Страница 817: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Страница 818: ...polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 28 52 Buckets 50 Interval 3...

Страница 819: ...terval 60 owner mike Console config if rmon collection rmon1 This command enables the collection of statistics on a physical interface Use the no form to disable statistics collection SYNTAX rmon coll...

Страница 820: ...t 0 show rmon events This command shows the settings for all configured events COMMAND MODE Privileged Exec EXAMPLE Console show rmon events Event 2 is valid owned by mike Description is urgent Event...

Страница 821: ...entries in the statistics group COMMAND MODE Privileged Exec EXAMPLE Console show rmon statistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372...

Страница 822: ...CHAPTER 23 Remote Monitoring Commands 822...

Страница 823: ...cified command groups or individual commands Authentication Sequence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS...

Страница 824: ...nd administrators top level access The other levels can be used to configured specialized access profiles Level 0 7 provide the same default access privileges all within Normal Exec mode under the Con...

Страница 825: ...enable 711 authentication enable 828 username This command adds named users requires authentication at login specifies or changes a user s password or specify that no password is required or specifie...

Страница 826: ...command nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 32 ch...

Страница 827: ...pecifies any command contained within the specified mode DEFAULT SETTING Privilege level 0 provides access to a limited number of the commands which display the current status of the switch as well as...

Страница 828: ...c command mode with the enable command Use the no form to restore the default SYNTAX authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS...

Страница 829: ...nging command modes 824 authentication login This command defines the login authentication method and precedence Use the no form to restore the default SYNTAX authentication login local radius tacacs...

Страница 830: ...ase of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch radius server acct port This command sets the RADIUS server...

Страница 831: ...t 181 Console config radius server host This command specifies primary and backup RADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a spec...

Страница 832: ...812 acct port 1813 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 acct port 181 timeout 10 retransmit 5 key green Console con...

Страница 833: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Страница 834: ...Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on the network An authentication ser...

Страница 835: ...P port used for authentication messages Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 timeout Number of seconds the switch...

Страница 836: ...TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server re...

Страница 837: ...Number of seconds the switch waits for a reply before resending a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console confi...

Страница 838: ...able 81 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x Enables accounting of 802 1X services GC aaa accounting exec Enables...

Страница 839: ...e that the default and method name fields are only used to describe the accounting method s configured on the specified TACACS server and do not actually send any information to the server about the m...

Страница 840: ...information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x default start stop group radius Console config aaa accounting exec This command enables the accounting o...

Страница 841: ...to the servers about the methods to use EXAMPLE Console config aaa accounting exec default start stop group tacacs Console config aaa accounting update This command enables the sending of periodic upd...

Страница 842: ...Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured with the aaa group server command Range 1 64 characters DEFAULT...

Страница 843: ...XAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Страница 844: ...d list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config if accounting dot1x tps Cons...

Страница 845: ...a method list created with the aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console con...

Страница 846: ...ot1x statistics username user name interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable comma...

Страница 847: ...s command specifies the TCP port number used by the web browser interface Use the no form to use the default port SYNTAX ip http port port number no ip http port port number The TCP port to be used by...

Страница 848: ...ttp server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip http server Console config RELATED COMMANDS ip http port 847 show system 732 ip http secure port This com...

Страница 849: ...e an encrypted connection to the switch s web interface Use the no form to disable this function SYNTAX no ip http secure server DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAG...

Страница 850: ...S ip http secure port 848 copy tftp https certificate 738 show system 732 TELNET SERVER This section describes commands used to configure Telnet management access to the switch Table 83 HTTPS System S...

Страница 851: ...n count no ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight ses...

Страница 852: ...se the no form to disable this function SYNTAX no ip telnet server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip telnet server Console config show ip telnet This...

Страница 853: ...have to generate authentication keys on the switch and enable the SSH server Table 85 Secure Shell Commands Command Function Mode ip ssh authentication retries Specifies the number of retries allowed...

Страница 854: ...tch Note that these clients must be configured locally on the switch with the username command The clients are subsequently authenticated using these keys The current firmware only accepts public key...

Страница 855: ...the switch e The switch compares the checksum sent from the client against that computed for the original string it sent If the two check sums match this means that the client s private key correspon...

Страница 856: ...ires 2 Console config RELATED COMMANDS show ip ssh 860 ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service SYNTAX no ip ssh server DEF...

Страница 857: ...size key size The size of server key Range 512 896 bits DEFAULT SETTING 768 bits COMMAND MODE Global Configuration COMMAND USAGE The server key is a private key that is never shared outside the switc...

Страница 858: ...config RELATED COMMANDS exec timeout 750 show ip ssh 860 delete public key This command deletes the specified user s public key SYNTAX delete public key username dsa rsa username Name of an SSH user...

Страница 859: ...you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to...

Страница 860: ...ey from RAM to flash memory SYNTAX ip ssh save host key DEFAULT SETTING Saves both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console ip ssh save host key dsa Console RELATED COMMANDS ip...

Страница 861: ...last string is the encoded modulus EXAMPLE Console show public key host Host RSA 1024 65537 13236940658254764031382795526536375927835525327972629521130241 071942106165575942459093923609695405036277525...

Страница 862: ...ication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Table 87 802 1X Port Authentication Commands Command Function Mode Gene...

Страница 863: ...the interval for a supplicant to respond IC dot1x timeout tx period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet IC dot1x re authent...

Страница 864: ...DE Global Configuration COMMAND USAGE When this device is functioning as intermediate node in the network and does not need to perform dot1x authentication the dot1x eapol pass through command can be...

Страница 865: ...either to block all traffic or to assign all traffic for the port to a guest VLAN Use the no form to reset the default SYNTAX dot1x intrusion action block traffic guest vlan no dot1x intrusion action...

Страница 866: ...T 2 COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x max reauth req 2 Console config if dot1x max req This command sets the maximum number of times...

Страница 867: ...s multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAGE The max count parameter specified by this com...

Страница 868: ...force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enables...

Страница 869: ...ault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console config...

Страница 870: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Страница 871: ...terface SYNTAX dot1x re authenticate interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 COMMAND MODE Privileged Exec COMMAND USAGE The re authentication...

Страница 872: ...name and password are used to identify this switch as a supplicant when responding to an MD5 challenge from the authenticator These parameters must be set when this switch passes client authentication...

Страница 873: ...tity profile command which identify this switch as a supplicant and enable dot1x supplicant mode for those ports which must authenticate clients through a remote authenticator using this command In th...

Страница 874: ...upplicant waits for a response from the authenticator for packets other than EAPOL Start EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout auth period 60 Console config if dot1x...

Страница 875: ...config if dot1x timeout start period 60 Console config if Information Display Commands show dot1x This command shows general port authentication related settings on the switch or a specific interface...

Страница 876: ...transmitting EAP packet page 870 Supplicant Timeout Supplicant timeout Server Timeout Server timeout A RADIUS server must be set before the correct operational value of 10 seconds will be displayed i...

Страница 877: ...ummary Port Type Operation Mode Control Mode Authorized Eth 1 1 Disabled Single Host Force Authorized Yes Eth 1 2 Disabled Single Host Force Authorized Yes Eth 1 49 Disabled Single Host Force Authoriz...

Страница 878: ...d address all client Adds IP address es to all groups http client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet gr...

Страница 879: ...range and re enter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address EXAMPLE This example restricts management...

Страница 880: ...rmediate agent Enables the PPPoE IA globally on the switch GC pppoe intermediate agent format type Sets the access node identifier and generic error message for the switch GC pppoe intermediate agent...

Страница 881: ...ID tag inserted by the switch during the PPPoE discovery phase and sends this tag as a NAS port ID attribute in PPP authentication and AAA accounting requests to a RADIUS server PPPoE IA must be enab...

Страница 882: ...ackets These messages are forwarded to all trusted ports designated by the pppoe intermediate agent trust command EXAMPLE Console config pppoe intermediate agent format type access node identifier bil...

Страница 883: ...stage messages and uses the Circuit ID field of that tag as a NAS Port ID attribute in AAA access and accounting requests The switch intercepts PPPoE discovery frames from the client and inserts a uni...

Страница 884: ...rface must be configured on the switch for the PPPoE IA to function EXAMPLE Console config interface ethernet 1 5 Console config if pppoe intermediate agent trust Console config if pppoe intermediate...

Страница 885: ...AND MODE Privileged Exec EXAMPLE Console clear pppoe intermediate agent statistics Console show pppoe intermediate agent info This command displays configuration settings for the PPPoE Intermediate Ag...

Страница 886: ...s command displays statistics for the PPPoE Intermediate Agent SYNTAX show pppoe intermediate agent statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port n...

Страница 887: ...ped Response from untrusted Response from an interface which not been configured as trusted Request towards untrusted Request sent to an interface which not been configured as trusted Malformed Corrup...

Страница 888: ...CHAPTER 24 Authentication Commands PPPoE Intermediate Agent 888...

Страница 889: ...figures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control List...

Страница 890: ...d sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enabled...

Страница 891: ...ole config interface ethernet 1 2 Console config if no mac learning Console config if RELATED COMMANDS show interfaces status 1007 port security This command enables or configures port security Use th...

Страница 892: ...frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port using the ma...

Страница 893: ...as learned as static entries SYNTAX port security mac address as permanent interface interface interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 5...

Страница 894: ...n detected or port security is disabled The MAC Filter ID field is configured by the network access port mac filter command If this field displays Disabled then any unknown source MAC address can be l...

Страница 895: ...each host that attempts to connect to a switch port Traffic received from a specific MAC address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RA...

Страница 896: ...upon link up events IC network access link detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac count Sets th...

Страница 897: ...mask address filter id Specifies a MAC address filter table Range 1 64 mac address Specifies a MAC address entry Format xx xx xx xx xx xx mask Specifies a MAC address bit mask for a range of addresses...

Страница 898: ...tion time is a global setting and applies to all ports When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process...

Страница 899: ...n file EXAMPLE The following example enables the dynamic QoS feature on port 1 Console config interface ethernet 1 1 Console config if network access dynamic qos Console config if network access dynam...

Страница 900: ...hentication is still treated as a success and the host assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from t...

Страница 901: ...ction DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection Console config if network access link...

Страница 902: ...ake when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND MODE Int...

Страница 903: ...authenticated on a port interface via all forms of authentication Use the no form of this command to restore the default SYNTAX network access max mac count count no network access max mac count coun...

Страница 904: ...aging time expires The maximum number of secure MAC addresses supported for the switch system is 1024 Configured static MAC addresses are added to the secure address table when seen on a switch port S...

Страница 905: ...s filter table can be configured with the network access mac filter command Only one filter table can be assigned to a port EXAMPLE Console config interface ethernet 1 1 Console config if network acce...

Страница 906: ...erface Configuration EXAMPLE Console config if mac authentication max mac count 32 Console config if clear network access Use this command to clear entries from the secure MAC addresses table SYNTAX c...

Страница 907: ...ING Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface ethernet 1 1 Global secure port information Reauthentication Time 1800 MAC Addre...

Страница 908: ...nge 1 port Port number Range 1 28 52 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit ma...

Страница 909: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user nam...

Страница 910: ...ole config web auth system auth control Enables web authentication globally for the switch GC web auth Enables web authentication for an interface IC web auth re authenticate Port Ends all web authent...

Страница 911: ...MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid W...

Страница 912: ...and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web auth This command enables web auth...

Страница 913: ...OMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the des...

Страница 914: ...pts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfac...

Страница 915: ...y GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping information policy Sets the informat...

Страница 916: ...namic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identifier When DHCP snoo...

Страница 917: ...is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server...

Страница 918: ...rmation mac address Inserts a MAC address in the remote ID sub option for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub opti...

Страница 919: ...ill add option 82 information to the packet If an incoming packet is a DHCP reply packet with option 82 information enabling the DHCP snooping information option will remove option 82 information from...

Страница 920: ...ch for DHCP snooping Use the no form to restore the default setting SYNTAX ip dhcp snooping limit rate rate no dhcp snooping limit rate rate The maximum number of DHCP packets that may be trapped for...

Страница 921: ...orm to restore the default setting SYNTAX no ip dhcp snooping vlan vlan id vlan id ID of a configured VLAN Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE When DH...

Страница 922: ...thernet Port Channel COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server DHCP Option 82 allows compatible DHCP servers to use...

Страница 923: ...boption string Console config interface ethernet 1 1 Console config if ip dhcp snooping information option circuit id string mv2 Console config if ip dhcp snooping trust This command configures the sp...

Страница 924: ...rface ethernet 1 5 Console config if no ip dhcp snooping trust Console config if RELATED COMMANDS ip dhcp snooping 916 ip dhcp snooping vlan 921 clear ip dhcp snooping binding This command clears DHCP...

Страница 925: ...EXAMPLE Console ip dhcp snooping database flash Console show ip dhcp snooping This command shows the DHCP snooping configuration settings COMMAND MODE Privileged Exec EXAMPLE Console show ip dhcp sno...

Страница 926: ...snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy Sets the information option policy for DHCPv6 client packets that in...

Страница 927: ...d via DHCPv6 snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IPv6 address lease time binding type VLAN identifier and port identifier When DHCPv6 snoop...

Страница 928: ...yes continue to C If not check failed and forward packet to trusted port C Check status code in IA option If successful and entry is in binding table update lease time and forward to original destinat...

Страница 929: ...echanism for sending information about the switch and its DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning IP add...

Страница 930: ...ion 37 information in DHCPv6 client request packets the switch s MAC address hexadecimal is used for the remote ID EXAMPLE This example enables the DHCPv6 Snooping Remote ID Option Console config ipv6...

Страница 931: ...e default setting SYNTAX no ipv6 dhcp snooping vlan vlan id vlan range vlan id ID of a configured VLAN Range 1 4094 vlan range A consecutive range of VLANs indicated by the use a hyphen or a random gr...

Страница 932: ...v6 dhcp snooping max binding count no ipv6 dhcp snooping max binding count Maximum number of entries Range 1 5 DEFAULT SETTING 5 COMMAND MODE Interface Configuration Ethernet Port Channel EXAMPLE This...

Страница 933: ...Pv6 snooping bindings associated with this port are removed Additional considerations when the switch itself is a DHCPv6 client The port s through which it submits a client request to the DHCPv6 serve...

Страница 934: ...AMPLE Console config clear ipv6 dhcp snooping database flash Console config show ipv6 dhcp snooping This command shows the DHCPv6 snooping configuration settings COMMAND MODE Privileged Exec EXAMPLE C...

Страница 935: ...1 5 NA Link layer Address 00 12 cf 01 02 03 IPv6 Address Lifetime VLAN Port Type 2001 b000 1 2591912 1 Eth 1 3 NA Console show ipv6 dhcp snooping statistics This command shows statistics for DHCPv6 sn...

Страница 936: ...Specifies the binding mode acl Adds binding to ACL table mac Adds binding to MAC address mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ip address A valid unicast...

Страница 937: ...tatic bindings are processed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an ent...

Страница 938: ...selected port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source M...

Страница 939: ...ly learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except for DHCP packets Only unicast addresses are accepted for static bindi...

Страница 940: ...onfig interface ethernet 1 5 Console config if ip source guard max binding 1 Console config if ip source guard mode This command sets the source guard learning mode to search for addresses in the ACL...

Страница 941: ...witch overwrites the oldest record with new blocked records Use the clear ip source guard binding blocked command to clear this table EXAMPLE This command clears the blocked record table Console confi...

Страница 942: ...ic Shows static entries configured with the ip source guard binding command see page 936 acl Shows static entries in the ACL binding table mac Shows static entries in the MAC address binding table blo...

Страница 943: ...rce guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ipv6 address Corresponding IPv6 address This address must be entered acc...

Страница 944: ...ings are processed as follows If there is no entry with same and MAC address and IPv6 address a new entry is added to binding table using static IPv6 source guard binding If there is an entry with sam...

Страница 945: ...Pv6 packets allowed by DHCPv6 snooping A port access control list ACL is applied to the interface Traffic is then filtered based upon dynamic entries learned via ND snooping or DHCPv6 snooping or stat...

Страница 946: ...esses are accepted for static bindings EXAMPLE This example enables IP source guard on port 5 Console config interface ethernet 1 5 Console config if ipv6 source guard sip Console config if RELATED CO...

Страница 947: ...lower value precedence is given to deleting entries learned through DHCPv6 snooping ND snooping and then manually configured IPv6 source guard static bindings until the number of entries in the bindi...

Страница 948: ...ng each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination dropping any invalid ARP packets ARP Inspection determines the validity of an A...

Страница 949: ...heir manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs ip arp inspection limit S...

Страница 950: ...range of VLANs indicated by the use a hyphen or a random group of VLANs with each entry separated by a comma static ARP packets are only validated against the specified ACL address bindings in the DH...

Страница 951: ...he ip arp inspection command before this command will be accepted by the switch By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry...

Страница 952: ...ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and response...

Страница 953: ...ction is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP...

Страница 954: ...AND USAGE This command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Co...

Страница 955: ...n Global IP ARP Inspection status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspec...

Страница 956: ...cs ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0...

Страница 957: ...mmunicate adequately This section describes commands used to protect against DoS attacks Table 103 DoS Protection Commands Command Function Mode dos protection echo chargen Protects against DoS echo c...

Страница 958: ...ge 64 2000 kbits second DEFAULT SETTING Disabled 1000 kbits second COMMAND MODE Global Configuration EXAMPLE Console config dos protection echo chargen 65 Console config dos protection smurf This comm...

Страница 959: ...2000 kbits second DEFAULT SETTING Disabled 1000 kbits second COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp flooding 65 Console config dos protection tcp null scan This c...

Страница 960: ...d COMMAND MODE Global Configuration EXAMPLE Console config dos protection syn fin scan Console config dos protection tcp udp port zero This command protects against DoS attacks in which the UDP or TCP...

Страница 961: ...tion EXAMPLE Console config dos protection tcp xmas scan Console config dos protection udp flooding This command protects against DoS UDP flooding attacks in which a perpetrator sends a large number o...

Страница 962: ...available CPU time Use the no form to disable this feature SYNTAX dos protection win nuke bit rate in kilo rate no dos protection udp flooding rate Maximum allowed rate Range 64 2000 kbits second DEFA...

Страница 963: ...X no traffic segmentation DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Traffic segmentation provides port based security and isolation between ports within the VLAN Data tr...

Страница 964: ...n globally on the switch Console config traffic segmentation Console config traffic segmentation session This command creates a traffic segmentation client session Use the no form to remove a client s...

Страница 965: ...raffic segmentation session session id uplink interface list downlink interface list downlink interface list session id Traffic segmentation session Range 1 4 uplink Specifies an uplink interface down...

Страница 966: ...onfig traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink to uplink This command specifies whether or not traffic can be forwarded between upli...

Страница 967: ...ntation This command displays the configured traffic segments COMMAND MODE Privileged Exec EXAMPLE Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding Sessio...

Страница 968: ...CHAPTER 25 General Security Measures Port based Traffic Segmentation 968...

Страница 969: ...v4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header type MAC ACLs...

Страница 970: ...her more specific criteria acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you cre...

Страница 971: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Страница 972: ...address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags f...

Страница 973: ...specify both Precedence and ToS in the same rule However if DSCP is used then neither Precedence nor ToS can be specified The control code bitmask is a decimal number representing an equivalent bit m...

Страница 974: ...through Console config ext acl permit 10 7 1 1 255 255 255 0 any Console config ext acl This allows TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination...

Страница 975: ...bles counter for ACL statistics DEFAULT SETTING None COMMAND MODE Interface Configuration Ethernet COMMAND USAGE Only one ACL can be bound to a port If an ACL is already bound to a port and you bind a...

Страница 976: ...configure ACLs based on IPv6 addresses DSCP traffic class or next header type To configure IPv6 ACLs first create an access list containing the required permit or deny rules and then bind the access...

Страница 977: ...e ACL Maximum length 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny...

Страница 978: ...rated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating h...

Страница 979: ...lon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields destination ipv6 address An IPv6 d...

Страница 980: ...ting RFC 2460 44 Fragment RFC 2460 51 Authentication RFC 2402 50 Encapsulating Security Payload RFC 2406 60 Destination Options RFC 2460 EXAMPLE This example accepts any incoming packets if the destin...

Страница 981: ...TTING None COMMAND MODE Interface Configuration Ethernet COMMAND USAGE A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will repla...

Страница 982: ...name standard Specifies a standard IPv6 ACL extended Specifies an extended IPv6 ACL acl name Name of the ACL Maximum length 32 characters COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 access...

Страница 983: ...t mac acl name acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new AC...

Страница 984: ...source ip network mask any host destination ip destination ip network mask ipv6 any host source ipv6 source ipv6 prefix length any host destination ipv6 destination ipv6 prefix length protocol protoco...

Страница 985: ...rt sport port bitmask l4 destination port dport port bitmask permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype ethertype ether...

Страница 986: ...mask23 Bitmask for MAC address in hexadecimal format network mask Network mask for IP subnet This mask identifies the host address bits used for routing to specific subnets prefix length Length of IPv...

Страница 987: ...on address 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 Console config mac acl RELATED COMMANDS access list mac 983 Time Ra...

Страница 988: ...s list 988 Time Range 782 show mac access group This command shows the ports assigned to MAC ACLs COMMAND MODE Privileged Exec EXAMPLE Console show mac access group Interface ethernet 1 5 MAC access l...

Страница 989: ...ACL Maximum length 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny c...

Страница 990: ...ss bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitma...

Страница 991: ...mac any any Console config mac acl RELATED COMMANDS access list arp 989 show access list arp This command displays the rules for configured ARP ACLs SYNTAX show access list arp acl name acl name Name...

Страница 992: ...nit identifier Range 1 port Port number Range 1 28 52 acl name Name of the ACL Maximum length 32 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware counters Console sho...

Страница 993: ...ss rules for Standard IPv6 ACLs mac Shows ingress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Name of the ACL Maxi...

Страница 994: ...CHAPTER 26 Access Control Lists ACL Information 994...

Страница 995: ...clear counters Clears statistics on an interface PE show discard Displays if CDP and PVST packets are being discarded PE show interfaces brief Displays a summary of key information including operation...

Страница 996: ...C transceiver threshold tx power Sets thresholds for the transceiver power level of the transmitted signal which can be used to trigger an alarm or warning message IC transceiver threshold voltage Set...

Страница 997: ...configuration file An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following exampl...

Страница 998: ...ill negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol comma...

Страница 999: ...description RD SW 3 Console config if discard This command discards CDP or PVST packets Use the no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cd...

Страница 1000: ...essure is used for half duplex operation and IEEE 802 3 2002 formally IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no ne...

Страница 1001: ...rced 1000sfp Console config if negotiation This command enables auto negotiation for a given interface Use the no form to disable auto negotiation SYNTAX no negotiation DEFAULT SETTING Enabled COMMAND...

Страница 1002: ...command allows you to disable a port due to abnormal behavior e g excessive collisions and then re enable it after the problem has been resolved You may also want to disable a port for security reason...

Страница 1003: ...process cannot be guaranteed when connecting to other types of switches To force operation to the speed and duplex mode specified in a speed duplex command use the no negotiation command to disable au...

Страница 1004: ...the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset EXAMPLE The f...

Страница 1005: ...uto 1000BASE T None Eth 1 4 Down 1 0 Auto 1000BASE T None Eth 1 5 Down 1 0 Auto 1000BASE T None Eth 1 6 Down 1 0 Auto 1000BASE T None show interfaces counters This command displays interface statistic...

Страница 1006: ...erred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal Mac Transmit Errors 0 Internal Mac Receive Errors 0 Frames Too Long 0 Carrier Sense Errors 0 Symbol Errors RMON Stats 0 Drop Eve...

Страница 1007: ...us on page 159 EXAMPLE Console show interfaces status ethernet 1 21 Information of Eth 1 21 Port Type 1000BASE T MAC Address B4 0E DC 34 E6 3D Configuration Name Port Admin Up Speed Duplex Auto Capabi...

Страница 1008: ...faces is displayed EXAMPLE This example shows the configuration setting for port 21 Console show interfaces switchport ethernet 1 21 Information of Eth 1 21 Broadcast Threshold Enabled 500 packets sec...

Страница 1009: ...ess Egress Rate Limit Shows if rate limiting is enabled and the current rate limit page 783 VLAN Membership Mode Indicates membership mode as Trunk or Hybrid page 1161 Ingress Rule Shows if ingress fi...

Страница 1010: ...sole config if transceiver threshold auto Console transceiver threshold current This command sets thresholds for transceiver current which can be used to trigger an alarm or warning message SYNTAX tra...

Страница 1011: ...reshold events are triggered as described above to avoid a hysteresis effect which would continuously trigger event messages if the power level were to fluctuate just above and below either the high t...

Страница 1012: ...nagement station configured by the snmp server host command EXAMPLE The following example sets alarm thresholds for the signal power received at port 1 Console config interface ethernet 1 52 Console c...

Страница 1013: ...esholds for the transceiver temperature at port 1 Console config interface ethernet 1 52 Console config if transceiver threshold temperature low alarm 97 Console config if transceiver threshold temper...

Страница 1014: ...g example sets alarm thresholds for the signal power transmitted at port 1 Console config interface ethernet 1 52 Console config if transceiver threshold tx power low alarm 8 Console config if transce...

Страница 1015: ...face ethernet 1 52 Console config if transceiver threshold voltage low alarm 4 Console config if transceiver threshold voltage high alarm 2 Console show interfaces transceiver This command displays id...

Страница 1016: ...PN SMC1GSFP SX Vendor Rev V1 1 Vendor SN A492101711 Date Code 09 05 19 DDM Information Temperature 35 64 degree C Vcc 3 25 V Bias Current 12 13 mA TX Power 2 36 dBm RX Power 24 20 dBm DDM Thresholds L...

Страница 1017: ...nsceiver threshold ethernet 1 52 Information of Eth 1 52 DDM Thresholds Transceiver monitor Disabled Transceiver threshold auto Enabled Low Alarm Low Warning High Warning High Alarm Temperature Celsiu...

Страница 1018: ...e reference range Ports are linked down while running cable diagnostics To ensure more accurate measurement of the length to a fault first disable power saving mode using the no power save command on...

Страница 1019: ...save This command enables power savings mode on the specified port SYNTAX no power save COMMAND MODE Interface Configuration Ethernet Ports 1 24 48 COMMAND USAGE IEEE 802 3 defines the Ethernet stand...

Страница 1020: ...ength is shorter When cable length is shorter power consumption can be reduced since signal attenuation is proportional to cable length When power savings mode is enabled the switch analyzes cable len...

Страница 1021: ...connection must be configured as trunk ports Table 115 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface con...

Страница 1022: ...med i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel ad...

Страница 1023: ...or many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination...

Страница 1024: ...ove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates trunk 1 and then adds port 10 Console config interface port channel...

Страница 1025: ...fig if interface ethernet 1 11 Console config if lacp Console config if interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information o...

Страница 1026: ...the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a ch...

Страница 1027: ...s selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already...

Страница 1028: ...mbined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been e...

Страница 1029: ...ult value the operational key is based upon LACP PDUs received from the partner and the channel admin key is reset to the default value The trunk identifier will also be changed by this process EXAMPL...

Страница 1030: ...c port channel is constructed again that timeout value will be used EXAMPLE Console config interface port channel 1 Console config if lacp timeout short Console config if Trunk Status Display Commands...

Страница 1031: ...PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocol...

Страница 1032: ...llection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to...

Страница 1033: ...Load Balance Mode Destination IP address Console Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol p...

Страница 1034: ...CHAPTER 28 Link Aggregation Commands Trunk Status Display Commands 1034...

Страница 1035: ...nd provide power to powered devices that were designed prior to the IEEE 802 3af PoE standard Use the no form to disable this feature SYNTAX no power inline compatible DEFAULT SETTING Enabled Table 12...

Страница 1036: ...rs connected to the RJ 45 ports EXAMPLE Console config power inline compatible Console config end Console show power inline status Unit 1 Unit 1 Compatible mode Disabled Time Max Used Interface Admin...

Страница 1037: ...y detect if a PoE compliant device is connected to the specified port and turn power on or off accordingly Use the no form to turn off power for a port or the no form with the time range keyword to re...

Страница 1038: ...Configuration COMMAND USAGE For the ECS4110 28P the total PoE power delivered by all ports cannot exceed the maximum power budget of 390W For the ECS4110 52P the total PoE power delivered by all port...

Страница 1039: ...rity settings to control the supplied power For example A device connected to a low priority port that causes the switch to exceed its budget is not supplied power If a device is connected to a critic...

Страница 1040: ...move this binding SYNTAX power inline time range time range name no power inline time range time range name Name of the time range Range 1 30 characters DEFAULT SETTING None COMMAND MODE Interface Con...

Страница 1041: ...00 mW 0 mW Low Eth 1 5 Enabled Off 34200 mW 0 mW Low Eth 1 6 Enabled Off 34200 mW 0 mW Low Eth 1 7 Enabled Off 34200 mW 0 mW Low Eth 1 8 Enabled Off 34200 mW 0 mW Low Eth 1 9 Enabled Off 34200 mW 0 mW...

Страница 1042: ...e show power inline time range ethernet 1 5 Interface Time Range Name Status Eth 1 5 r d Inactive Console RELATED COMMANDS power inline 1037 show power mainpower Use this command to display the curren...

Страница 1043: ...PoE Maximum Allocation Power The overall maximum power which is currently allocated by the power mainpower maximum allocation command System Operation Status The current operating power status displa...

Страница 1044: ...CHAPTER 29 Power over Ethernet Commands 1044...

Страница 1045: ...id mac address mac address access list acl name no port monitor interface vlan vlan id mac address mac address access list acl name interface ethernet unit port source port unit Unit identifier Range...

Страница 1046: ...net interface with the interface configuration command and then use the port monitor command to specify the source of the traffic to mirror Note that the destination port cannot be a trunk or trunk me...

Страница 1047: ...ethernet 1 6 both Console config if This example configures port 2 to monitor packets matching the MAC address 00 12 CF XX XX XX received by port 1 Console config access list mac m1 Console config ma...

Страница 1048: ...for analysis on a local destination port Configuration Guidelines Take the following steps to configure an RSPAN session 1 Use the vlan rspan command to configure a VLAN to use for RSPAN Default VLAN...

Страница 1049: ...command cannot be used as the destination for RSPAN traffic Only one mirror session is allowed including both local and remote mirroring If local mirroring is enabled then no session can be configured...

Страница 1050: ...e a consecutive list of ports or a comma between non consecutive ports ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 rx Mirror received packets tx Mirror transmitted p...

Страница 1051: ...N tag untagged Traffic exiting the destination port is untagged DEFAULT SETTING Traffic exiting the destination port is untagged COMMAND MODE Global Configuration COMMAND USAGE Only one destination po...

Страница 1052: ...intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations destination Specifies this device as a switch configured with a destination port which i...

Страница 1053: ...ession is allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then no session can be configured for RSPAN COMMAND MODE Global Configuration CO...

Страница 1054: ...nsole show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Switch Role Dest...

Страница 1055: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Страница 1056: ...fied interface output Output rate for specified interface rate Maximum value in kbps Range 64 1000000 kbps DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND U...

Страница 1057: ...adcast multicast unknown unicast broadcast Specifies storm control for broadcast traffic multicast Specifies storm control for multicast traffic unicast Specifies storm control for unknown unicast tra...

Страница 1058: ...MMANDS show interfaces switchport 1008 AUTOMATIC TRAFFIC CONTROL COMMANDS Automatic Traffic Control ATC configures bounding thresholds for broadcast and multicast storms which can be used to trigger c...

Страница 1059: ...res IC Port snmp server enable port traps atc multicast alarm clear Sends a trap when multicast traffic falls beneath the lower threshold after a storm control response has been triggered IC Port snmp...

Страница 1060: ...hreshold after the release timer expires traffic control for rate limiting will be stopped and a Traffic Control Release Trap sent and logged Note that if the control action has shut down a port it ca...

Страница 1061: ...n be applied to a port Enabling automatic storm control on a port will disable hardware level storm control on that port Threshold Commands auto traffic control apply timer This command sets the time...

Страница 1062: ...st multicast release timer seconds no auto traffic control broadcast multicast release timer broadcast Specifies automatic storm control for broadcast traffic multicast Specifies automatic storm contr...

Страница 1063: ...packet rate command However only one of these control types can be applied to a port Enabling automatic storm control on a port will disable hardware level storm control on that port EXAMPLE This exa...

Страница 1064: ...re enabled by automatic traffic control It can only be manually re enabled using the auto traffic control control release command EXAMPLE This example sets the control response for broadcast traffic o...

Страница 1065: ...nd EXAMPLE This example sets the clear threshold for automatic storm control for broadcast traffic on port 1 Console config interface ethernet 1 1 Console config if auto traffic control broadcast alar...

Страница 1066: ...ole config if auto traffic control auto control release This command automatically releases a control response of rate limiting after the time specified in the auto traffic control release timer comma...

Страница 1067: ...en triggered EXAMPLE Console config interface ethernet 1 1 Console config if auto traffic control broadcast control release Console config if SNMP Trap Commands snmp server enable port traps atc broad...

Страница 1068: ...roadcast alarm fire Console config if RELATED COMMANDS auto traffic control alarm fire threshold 1065 snmp server enable port traps atc broadcast control apply This command sends a trap when broadcast...

Страница 1069: ...roadcast control release Console config if RELATED COMMANDS auto traffic control alarm clear threshold 1064 auto traffic control action 1063 auto traffic control release timer 1062 snmp server enable...

Страница 1070: ...ulticast alarm fire Console config if RELATED COMMANDS auto traffic control alarm fire threshold 1065 snmp server enable port traps atc multicast control apply This command sends a trap when multicast...

Страница 1071: ...Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc multicast control release Console config if RELATED COMMANDS auto tra...

Страница 1072: ...tifier Range 1 port Port number Range 1 28 52 COMMAND MODE Privileged Exec EXAMPLE Console show auto traffic control interface ethernet 1 1 Eth 1 1 Information Storm Control Broadcast Multicast State...

Страница 1073: ...nterface or when an interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Страница 1074: ...e protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no spanning tree loopback detec...

Страница 1075: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Страница 1076: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Страница 1077: ...etection feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection...

Страница 1078: ...n Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of...

Страница 1079: ...erval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT SETTING 15 seconds COMMAN...

Страница 1080: ...detection process is always based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by...

Страница 1081: ...E UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to be taken Wh...

Страница 1082: ...th 1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 Disabled Normal Disabled 7 s Unknown 5 s Console show udld interface ethernet 1 1 Interface UDL...

Страница 1083: ...e link is down or not connected to a UDLD capable device The state is Bidirectional if the link has a normal two way connection to a UDLD capable device All other states indicate mis wiring Msg Invl T...

Страница 1084: ...CHAPTER 33 UniDirectional Link Detection Commands 1084...

Страница 1085: ...seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 135 Address Table Commands Command Function Mode mac address...

Страница 1086: ...he switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address fo...

Страница 1087: ...c address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interfac...

Страница 1088: ...bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPLE Console show...

Страница 1089: ...e SYNTAX show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 16 DEFAULT SETTING No...

Страница 1090: ...CHAPTER 34 Address Table Commands 1090...

Страница 1091: ...ystem bpdu flooding Floods BPDUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission li...

Страница 1092: ...ing tree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPD...

Страница 1093: ...co IOS Release 12 2 25 SEC do not fully follow the IEEE standard causing some state machine procedures to function incorrectly The command forces the spanning tree protocol to function in a manner com...

Страница 1094: ...sole config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the de...

Страница 1095: ...onverge All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message become...

Страница 1096: ...1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and rec...

Страница 1097: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 1105 takes precedence over...

Страница 1098: ...e lowest MAC address will then become the root device EXAMPLE Console config spanning tree priority 40000 Console config spanning tree mst configuration This command changes to Multiple Spanning Tree...

Страница 1099: ...port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu flooding command has no effect if BPDU flooding is...

Страница 1100: ...stance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the h...

Страница 1101: ...tance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs SYNTAX no mst instance id vlan vlan range instance id Instance identifier of the s...

Страница 1102: ...Use the no form to clear the name SYNTAX name name name Name of the spanning tree DEFAULT SETTING Switch s MAC address COMMAND MODE MST Configuration COMMAND USAGE The MST region name and revision num...

Страница 1103: ...the no form to disable this feature SYNTAX no spanning tree bpdu filter DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command stops all Bridge...

Страница 1104: ...s DEFAULT SETTING BPDU Guard Disabled Auto Recovery Disabled Auto Recovery Interval 300 seconds COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE An edge port should only be con...

Страница 1105: ...the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 COMMAND MODE Interface Configuration Ethernet Port C...

Страница 1106: ...e is an edge port DEFAULT SETTING Auto COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE You can enable this option if an interface is attached to a LAN segment that is at the e...

Страница 1107: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Страница 1108: ...block shutdown duration no spanning tree loopback detection action block Blocks user traffic shutdown Shuts down the interface duration The duration to shut down the interface Range 60 86400 seconds...

Страница 1109: ...hen the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes to lin...

Страница 1110: ...nce identifier of the spanning tree Range 0 4094 cost Path cost for an interface Range 0 for auto configuration 1 65535 for short path cost method28 1 200 000 000 for long path cost method The recomme...

Страница 1111: ...panning Tree Use the no form to restore the default SYNTAX spanning tree mst instance id port priority priority no spanning tree mst instance id port priority instance id Instance identifier of the sp...

Страница 1112: ...n the receiving port s native VLAN as specified by the spanning tree system bpdu flooding command The spanning tree system bpdu flooding command has no effect if BPDU flooding is disabled on a port by...

Страница 1113: ...Port Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch recei...

Страница 1114: ...t Channel EXAMPLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree t...

Страница 1115: ...ge 1 16 COMMAND MODE Privileged Exec COMMAND USAGE Use this command to release an interface from discarding state if loopback detection release mode is set to manual by the spanning tree loopback dete...

Страница 1116: ...instance within the multiple spanning tree MST SYNTAX show spanning tree interface mst instance id brief stp enabled only interface ethernet unit port unit Unit identifier Range 1 port Port number Ra...

Страница 1117: ...panning Tree Enabled Disabled Enabled Instance 0 VLANs Configured 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec...

Страница 1118: ...Disabled Enabled Designated Root 32768 0000E89382A0 Current Root Port 0 Current Root Cost 0 Interface Pri Designated Designated Oper STP Role State Oper Bridge ID Port ID Cost Status Edge Eth 1 1 128...

Страница 1119: ...ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS non revertive Enables non revertive mode which require...

Страница 1120: ...t link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVLAN Use the control vlan...

Страница 1121: ...specific ring erps This command enables ERPS on the switch Use the no form to disable this feature SYNTAX no erps DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS must be...

Страница 1122: ...d for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configu...

Страница 1123: ...d 2 tagged Console config if exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This command activates the current ERPS ring Use the no form to disable t...

Страница 1124: ...aximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard timer is that during its duration a node will be unaware of new or existing ring requests trans...

Страница 1125: ...kets Use the no form to remove the current setting SYNTAX major domain name no major domain name Name of the ERPS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMA...

Страница 1126: ...check messages are used to monitor the link status of an ERPS ring node as specified by the mep monitor command then the MEG level set by the meg level command must match the authorized maintenance l...

Страница 1127: ...how ERPS recovers from a node failure refer to Ethernet Ring Protection Switching on page 495 EXAMPLE Console config erps mep monitor east mep 1 Console config erps RELATED COMMANDS ethernet cfm domai...

Страница 1128: ...re SYNTAX no non erps dev protect DEFAULT SETTING Disabled COMMAND MODE ERPS Configuration COMMAND USAGE The RPL owner node detects a failed link when it receives R APS SF signal fault messages from n...

Страница 1129: ...le state EXAMPLE Console config erps non erps dev protect Console config erps non revertive This command enables non revertive mode which requires the protection state on the RPL to manually cleared U...

Страница 1130: ...he RPL Owner Node c When the WTR timer expires without the presence of any other higher priority request the RPL Owner Node initiates reversion by blocking its traffic channel over the RPL transmittin...

Страница 1131: ...mode is handled in the following way a The reception of an R APS NR message causes the RPL Owner Node to start the WTB timer b The WTB timer is cancelled if during the WTB period a higher priority re...

Страница 1132: ...its own Node ID it unblocks any ring port which does not have an SF condition and stops transmitting R APS NR message on both ring ports Recovery with revertive mode is handled in the following way a...

Страница 1133: ...disable this feature SYNTAX no propagate tc DEFAULT SETTING Disabled COMMAND MODE ERPS Configuration COMMAND USAGE When a secondary ring detects a topology change it can pass a message about this even...

Страница 1134: ...sole config erps raps def mac Console config erps raps without vc This command terminates the R APS channel at the primary ring to sub ring interconnection nodes Use the no form to restore the default...

Страница 1135: ...tance over an R APS virtual channel Figure 424 Sub ring with Virtual Channel Sub ring without R APS Virtual Channel Under certain circumstances it may not be desirable to use a virtual channel to inte...

Страница 1136: ...ge 1 port Port number Range 1 12 port channel channel id Range 1 12 DEFAULT SETTING Not associated COMMAND MODE ERPS Configuration COMMAND USAGE Each node must be connected to two neighbors on the rin...

Страница 1137: ...Configuration COMMAND USAGE The RPL neighbor node when configured is a ring node adjacent to the RPL that is responsible for blocking its end of the RPL under normal conditions i e the ring is establ...

Страница 1138: ...it during Protection state that is when a signal fault is detected on the ring or the protection state is enabled with the erps forced switch or erps manual switch command The east and west connectio...

Страница 1139: ...he version number is automatically set to 1 when a ring node supporting only the functionalities of G 8032v1 exists on the same ring with other nodes that support G 8032v2 When ring nodes running G 80...

Страница 1140: ...and clears statistics including SF NR NR RB FS MS Event and Health protocol messages SYNTAX clear erps statistics domain ring name ring name Name of a specific ERPS ring Range 1 12 characters COMMAND...

Страница 1141: ...ort SYNTAX erps forced switch domain ring name east west ring name Name of a specific ERPS ring Range 1 12 characters east East ring port west West ring port COMMAND MODE Privileged Exec COMMAND USAGE...

Страница 1142: ...ed except on a ring node having a prior local forced switch request The ring nodes where further forced switch commands are issued block the traffic channel and R APS channel on the ring port at which...

Страница 1143: ...omain r d west Console erps manual switch This command blocks the specified ring port in the absence of a failure or an erps forced switch command SYNTAX erps manual switch domain ring name east west...

Страница 1144: ...Protection switching on a manual switch request is completed when the above actions are performed by each ring node At this point traffic flows around the ring are resumed From this point on the foll...

Страница 1145: ...ertive r d 1 Yes 2 1 1 Idle RPL Owner Yes W E Interface Port State Local SF Local FS Local MS MEP RPL West Eth 1 1 Blocking No No No Yes East Eth 1 3 Forwarding No No No No Console Table 141 show erps...

Страница 1146: ...pe Shows ERPS node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertive recovery is selected Interface Information W E Shows information on the west and east ring port...

Страница 1147: ...f a sub ring in another Ethernet ring or network R APS Def MAC Indicates if the switch s MAC address is used to identify the node in R APS messages Propagate TC Shows if the ring is configured to prop...

Страница 1148: ...ured as a ring port Local SF A signal fault generated on a link to the local node Local Clear SF The number of times a clear command was issued to terminate protection state entered through a forced s...

Страница 1149: ...ng ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Configures 8...

Страница 1150: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 1151: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 1152: ...in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN...

Страница 1153: ...c COMMAND USAGE See Displaying Bridge Extension Capabilities on page 127 for a description of the displayed items EXAMPLE Console show bridge ext Maximum Supported VLAN Numbers 4094 Maximum Supported...

Страница 1154: ...ve All Timer 1000 centiseconds Console RELATED COMMANDS garp timer 1151 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit p...

Страница 1155: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 1156: ...AN used for mirroring traffic from remote switches The VLAN used for RSPAN cannot include VLAN 1 the switch s default VLAN Nor should it include VLAN 4093 which is used for switch clustering Configuri...

Страница 1157: ...mands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command Table 147 Commands for Configuring VLAN Interfaces Command Function Mode i...

Страница 1158: ...estore the default SYNTAX switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged fram...

Страница 1159: ...ommand If a VLAN list is specified only the last VLAN in the list will be added to the interface A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged...

Страница 1160: ...Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports...

Страница 1161: ...ID are also transmitted as tagged frames DEFAULT SETTING All ports are in hybrid mode with the PVID set to VLAN 1 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Access mode i...

Страница 1162: ...EXAMPLE The following example shows how to set the PVID for port 1 to VLAN 3 Console config interface ethernet 1 1 Console config if switchport native vlan 3 Console config if vlan trunking This comm...

Страница 1163: ...e command If VLAN trunking is enabled on an interface then that interface cannot be set to access mode and vice versa To prevent loops from forming in the spanning tree all unknown VLANs will be bound...

Страница 1164: ...tive Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1...

Страница 1165: ...ol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Страница 1166: ...el uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcome a break in the tree It is therefore advisable to disable spanning tree on these ports dot1q tunn...

Страница 1167: ...ntrol command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a packet from a customer the customer tag regardless of whether there are one...

Страница 1168: ...When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods...

Страница 1169: ...ethernet 1 1 Console config if switchport allowed vlan add 100 200 300 untagged Console config if switchport dot1q tunnel mode access 5 Configure the following selective QinQ mapping entries Console...

Страница 1170: ...ce Configuration Ethernet Port Channel COMMAND USAGE Use the switchport dot1q tunnel tpid command to set a custom 802 1Q ethertype value on the selected interface This feature allows the switch to int...

Страница 1171: ...dot1q tunnel system tunnel control Console config interface ethernet 1 1 Console config if switchport dot1q tunnel mode access Console config if interface ethernet 1 2 Console config if switchport do...

Страница 1172: ...mains in the customer s network L2PT can be used to pass various types of protocol packets belonging to the same customer transparently across a service provider s network In this way normally segrega...

Страница 1173: ...tag it is filtered decapsulated and processed locally by the switch if the protocol is supported When a protocol packet is received on an access port i e an 802 1Q trunk port connecting the edge swit...

Страница 1174: ...t it is forwarded to the following ports in the same S VLAN a other access ports for which L2PT is disabled and b all uplink ports recognized as a GBPT protocol packet i e having the destination addre...

Страница 1175: ...E Refer to the Command Usage section for the l2protocol tunnel tunnel dmac command For L2PT to function properly QinQ must be enabled on the switch using the dot1q tunnel system tunnel control command...

Страница 1176: ...inal vlan new vlan no switchport vlan translation original vlan original vlan The original VLAN ID Range 1 4094 new vlan The new VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Interface Co...

Страница 1177: ...s If VLAN translation is set on an interface with this command and the same interface is also configured as a QinQ access port with the switchport dot1q tunnel mode command VLAN tag assignments will b...

Страница 1178: ...pating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including security and easy accessibility To avoid these problems you can configure this switch w...

Страница 1179: ...ols to a group Use the no form to remove a protocol group SYNTAX protocol vlan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group group id group...

Страница 1180: ...D MODE Interface Configuration Ethernet Port Channel COMMAND USAGE When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN comm...

Страница 1181: ...group group id group id Group identifier for a protocol group Range 1 2147483647 DEFAULT SETTING All protocol groups are displayed COMMAND MODE Privileged Exec EXAMPLE This shows protocol group 1 conf...

Страница 1182: ...ssification all untagged frames received by a port are classified as belonging to the VLAN whose VID PVID is associated with that port When IP subnet based VLAN classification is enabled the source ad...

Страница 1183: ...ty 0 COMMAND MODE Global Configuration COMMAND USAGE Each IP subnet can be mapped to only one VLAN ID An IP subnet consists of an IP address and a subnet mask The specified VLAN need not be an existin...

Страница 1184: ...192 168 12 252 255 255 255 254 8 0 192 168 12 254 255 255 255 255 9 0 192 168 12 255 255 255 255 255 10 0 Console CONFIGURING MAC BASED VLANS When using IEEE 802 1Q port based VLAN classification all...

Страница 1185: ...gress traffic Range 0 7 where 7 is the highest priority DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The MAC to VLAN mapping applies to all ports on the switch Source MAC addre...

Страница 1186: ...VLAN for the network and set a CoS priority for the VoIP traffic VoIP traffic can be detected on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover conne...

Страница 1187: ...a single VLAN VoIP traffic can be detected on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on...

Страница 1188: ...the port The VoIP aging time starts to count down when the OUI s MAC address expires from the MAC address table Therefore the MAC address aging time should be added to the overall aging time For examp...

Страница 1189: ...devices Range 1 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE VoIP devices attached to the switch can be identified by the manufacturer s Organizational Unique Id...

Страница 1190: ...tchport voice vlan rule command When OUI is selected be sure to configure the MAC address ranges in the Telephony OUI list using the voice vlan mac address command All ports are set to VLAN hybrid mod...

Страница 1191: ...Use the no form to disable the detection method on the port SYNTAX no switchport voice vlan rule oui lldp oui Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the...

Страница 1192: ...port that are tagged with the voice VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch P...

Страница 1193: ...to Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 100 Eth 1 4 Auto Enabled OUI 6 100 Eth 1 5 Disabled Disabled OUI 6 NA Eth 1 6 Disabled Disabled OUI 6 NA Eth 1 7 Di...

Страница 1194: ...CHAPTER 37 VLAN Commands Configuring Voice VLANs 1194...

Страница 1195: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 1196: ...cates a strict queue DEFAULT SETTING WRR COMMAND MODE Global Configuration COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of strict and we...

Страница 1197: ...igns weights to the four class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore t...

Страница 1198: ...ty mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged fra...

Страница 1199: ...default 5 Console config if RELATED COMMANDS show interfaces switchport 1008 show queue mode This command shows the current queue mode COMMAND MODE Privileged Exec EXAMPLE Console show queue mode Queu...

Страница 1200: ...al format Range 0 1 Table 158 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal...

Страница 1201: ...n the CoS CFI to PHB Drop Precedence mapping table is used to generate priority and drop precedence values for internal processing Note that priority tags in the original packet are not modified by th...

Страница 1202: ...ode command and the ingress packet type is IPv4 Two QoS domains can have different DSCP definitions so the DSCP to PHB Drop Precedence mutation map can be used to modify one set of DSCP values to matc...

Страница 1203: ...hardware output queues to use based on the internal per hop behavior value Use the no form to restore the default settings SYNTAX qos map phb queue queue id from phb0 phb7 no map phb queue phb0 phb7...

Страница 1204: ...n the DSCP value in the ingress packet If the QoS mapping mode is set to DSCP and a non IP packet is received the packet s CoS and CFI Canonical Format Indicator values are used for priority processin...

Страница 1205: ...is set to DSCP by the qos map trust mode command and the ingress packet type is IPv4 EXAMPLE The ingress DSCP is composed of d1 most significant digit in the left column and d2 least significant digi...

Страница 1206: ...0 1 2 3 4 5 6 7 Queue 1 0 0 1 2 2 3 3 Console show qos map trust mode This command shows the QoS mapping mode SYNTAX show qos map trust mode interface interface interface ethernet unit port unit Unit...

Страница 1207: ...classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an enforcer...

Страница 1208: ...dscp command to modify the per hop behavior the class of service value in the VLAN tag or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the police comm...

Страница 1209: ...ass maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packe...

Страница 1210: ...ND USAGE First enter the class map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to q...

Страница 1211: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 32 characters COMMAND MODE Class Map Configur...

Страница 1212: ...rd policy Console config pmap class rd class Console config pmap c set cos 3 Console config pmap c police flow 100000 4000 conform action transmit violate action drop Console config pmap c class This...

Страница 1213: ...ow 100000 4000 conform action transmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no form to r...

Страница 1214: ...ze The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else Tc...

Страница 1215: ...st Excess burst size BE in bytes Range 0 1600000 at a granularity of 4k bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service the packe...

Страница 1216: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Страница 1217: ...e trtcm color blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit exceed action drop new dscp violate action drop new dscp trtcm color blind Two rate th...

Страница 1218: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Страница 1219: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service that...

Страница 1220: ...average bandwidth to 100 000 Kbps the burst rate to 4000 bytes and configure the response to drop any violating packets Console config policy map rd policy Console config pmap class rd class Console c...

Страница 1221: ...vices IP traffic by setting a per hop behavior value for a matching packet as specified by the match command for internal processing Use the no form to remove this setting SYNTAX no set phb phb value...

Страница 1222: ...es a policy map defined by the policy map command to the ingress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map name input Apply to the...

Страница 1223: ...Match ip dscp 10 Match access list rd access Match ip dscp 0 Class Map match any rd class 2 Match ip precedence 5 Class Map match any rd class 3 Match vlan 1 Console show policy map This command displ...

Страница 1224: ...ap rd policy class rd class set PHB 3 Console show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input in...

Страница 1225: ...ing displays current snooping settings and displays the multicast service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicast traffi...

Страница 1226: ...ed IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a v...

Страница 1227: ...p snooping Console config ip igmp snooping vlan static Adds an interface as a member of a multicast group GC ip igmp snooping vlan version Configures the IGMP version for snooping GC ip igmp snooping...

Страница 1228: ...fic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Console config ip igmp snooping priority 6 Console config RELATED COMMANDS show ip...

Страница 1229: ...guration EXAMPLE Console config ip igmp snooping proxy reporting Console config ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it SYNTAX no ip i...

Страница 1230: ...ption 2 Also when the switch is acting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert option EXAMPLE Cons...

Страница 1231: ...ived and all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolici...

Страница 1232: ...When a switch receives this solicitation it floods it to all ports in the VLAN where the spanning tree change occurred When an upstream multicast router receives this solicitation it will also immedia...

Страница 1233: ...command specifies how often the upstream interface should transmit unsolicited IGMP reports when proxy reporting is enabled Use the no form to restore the default value SYNTAX ip igmp snooping unsolic...

Страница 1234: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Страница 1235: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Страница 1236: ...ssage is received The router querier stops forwarding traffic for that group only if no host replies to the query within the time out period The time out for this release is currently defined by Last...

Страница 1237: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 1238: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Страница 1239: ...proxy address source address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Страница 1240: ...e address of the last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for p...

Страница 1241: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval T...

Страница 1242: ...SAGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EXAMPLE...

Страница 1243: ...port channel channel id Range 1 16 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ip igmp snooping statistics Console show ip igmp snooping This command...

Страница 1244: ...eave Disabled Last Member Query Interval 10 unit 1 10s Last Member Query Count 2 General Query Suppression Disabled Query Interval 125 Query Response Interval 100 unit 1 10s Proxy Query Address 0 0 0...

Страница 1245: ...ag R Router port M Group member port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h m s Expire Group remaining ti...

Страница 1246: ...SYNTAX show ip igmp snooping statistics input interface interface output interface interface query vlan vlan id interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52...

Страница 1247: ...p The number of times a report leave or query was dropped Packets may be dropped due to invalid format rate limiting or packet content not allowed Join Succ The number of times a multicast group was s...

Страница 1248: ...terface Self Querier Expire Time after which local querier is assumed to have expired Self Querier Uptime Time local querier has been up General Query Received The number of general queries received o...

Страница 1249: ...AULT SETTING No static multicast router ports are configured COMMAND MODE Global Configuration COMMAND USAGE Depending on your network connections IGMP snooping may not always be able to locate the IG...

Страница 1250: ...P filter profile configuration mode GC permit deny Sets a profile access mode to permit or deny IPC range Specifies one or a range of multicast addresses for a profile IPC ip igmp authentication Enabl...

Страница 1251: ...eived on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join...

Страница 1252: ...IGMP Profile Configuration COMMAND USAGE Each profile has only one access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multicast group falls...

Страница 1253: ...n Ethernet Port Channel COMMAND USAGE If IGMP authentication is enabled on an interface and a join report is received on the interface the switch will send an access request to the RADIUS server to pe...

Страница 1254: ...to EXCLUDE filter mode for the specified multicast address The Source Address fields in this Group Record contain the interface s new source list for the specified multicast address if not empty When...

Страница 1255: ...rface A profile can also be assigned to a trunk interface When ports are configured as trunk members the trunk uses the filtering profile assigned to the first port member in the trunk EXAMPLE Console...

Страница 1256: ...x groups 10 Console config if ip igmp max groups action This command sets the IGMP throttling action for an interface on the switch SYNTAX ip igmp max groups action deny replace deny The new multicast...

Страница 1257: ...Querier this prevents it from being affected by messages received from another Querier EXAMPLE Console config interface ethernet 1 1 Console config if ip igmp query drop vlan 2 Console config if ip mu...

Страница 1258: ...AND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays information for all interfaces EXAMPLE Console show ip igmp authentication Ethernet 1 1 Enabled Ether...

Страница 1259: ...1 1 Range 239 2 3 1 239 2 3 100 Console show ip igmp profile This command displays IGMP filtering profiles created on the switch SYNTAX show ip igmp profile profile number profile number An existing I...

Страница 1260: ...6 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Console show ip igmp query drop interface ethernet...

Страница 1261: ...Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets SYNTAX show ip igmp throttle interface interface interface ethernet unit...

Страница 1262: ...s without source list Table 171 MLD Snooping Commands Command Function Mode ipv6 mld snooping Enables MLD Snooping globally GC ipv6 mld snooping querier Allows the switch to act as the querier for MLD...

Страница 1263: ...the no form to disable this feature SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected...

Страница 1264: ...gures the interval between sending MLD general queries Use the no form to restore the default SYNTAX ipv6 mld snooping query interval interval no ipv6 mld snooping query interval interval The interval...

Страница 1265: ...d to an MLD Query message before the switch deletes the group if it is the last member EXAMPLE Console config ipv6 mld snooping query max response time seconds 15 Console config ipv6 mld snooping robu...

Страница 1266: ...The router port expire time is the time the switch waits after the previous querier stops before it considers the router port i e the interface that had been receiving query packets to have expired E...

Страница 1267: ...ipv6 mld snooping version This command configures the MLD snooping version Use the no form to restore the default SYNTAX ipv6 mld snooping version 1 2 1 MLD version 1 2 MLD version 2 DEFAULT SETTING...

Страница 1268: ...le MLD immediate leave Console config interface vlan 1 Console config if ipv6 mld snooping immediate leave Console config if ipv6 mld snooping vlan mrouter This command statically configures an IPv6 m...

Страница 1269: ...v6 address interface vlan VLAN ID Range 1 4094 ipv6 address An IPv6 address of a multicast group Format X X X X X interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 po...

Страница 1270: ...ce ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 16 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Cons...

Страница 1271: ...IPv6 Address Member port Type 1 FF02 01 01 01 01 Eth 1 1 MLD Snooping 1 FF02 01 01 01 02 Eth 1 1 Multicast Data 1 FF02 01 01 01 02 Eth 1 1 User Console show ipv6 mld snooping group source list This co...

Страница 1272: ...pe Expire 1 Eth 1 2 Static Console MLD FILTERING AND THROTTLING In certain switch applications the administrator may want to control the multicast services that are available to end users For example...

Страница 1273: ...ltering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups The MLD filtering feature operates in the same manner when MVR is used to...

Страница 1274: ...USAGE A profile defines the multicast groups that a subscriber is permitted or denied to join The same profile can be applied to many interfaces but only one profile can be assigned to one interface E...

Страница 1275: ...e low ipv6 address high ipv6 address low ipv6 address A valid IPv6 address X X X X X of a multicast group or start of a group range high ipv6 address A valid IPv6 address X X X X X for the end of a mu...

Страница 1276: ...hat an interface can join Use the no form restore the default setting SYNTAX ipv6 mld max groups number no ipv6 mld max groups number The maximum number of multicast groups an interface can join at th...

Страница 1277: ...deny The new multicast group join report is dropped replace The new multicast group replaces an existing group DEFAULT SETTING Deny COMMAND MODE Interface Configuration Ethernet COMMAND USAGE When th...

Страница 1278: ...ulticast data drop Use this command to enable multicast data guard mode on a port interface Use the no form of the command to disable multicast data guard SYNTAX no ipv6 multicast data drop DEFAULT SE...

Страница 1279: ...e ff05 101 ff05 103 Console show ipv6 mld profile This command displays MLD filtering profiles created on the switch SYNTAX show ipv6 mld profile profile number profile number An existing MLD filter p...

Страница 1280: ...DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Console show ipv6 mld query drop interface ethernet...

Страница 1281: ...hich the subscribers belong Table 173 Multicast VLAN Registration for IPv4 Commands Command Function Mode mvr Globally enables MVR GC mvr associated profile Binds the MVR group addresses specified in...

Страница 1282: ...oup Statically binds a multicast group to a port IC clear mrv groups dynamic Clears multicast group information dynamically learned through MVR PE clear mrv statistics Clears MRV statistics PE show mv...

Страница 1283: ...iguration EXAMPLE The following an MVR group address profile to domain 1 Console config mvr domain 1 associated profile rd Console config RELATED COMMANDS mvr profile 1284 mvr domain This command enab...

Страница 1284: ...This command can be used to set a high priority for low latency multicast traffic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Con...

Страница 1285: ...streams received in excess of this limitation will be flooded to all ports in the associated domain EXAMPLE The following example maps a range of MVR group addresses to a profile Console config mvr p...

Страница 1286: ...ownstream or router interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore b...

Страница 1287: ...e default setting SYNTAX mvr robustness value value no mvr robustness value value The robustness used for all interfaces Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE T...

Страница 1288: ...switch only forwards multicast streams which the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a multicast stream...

Страница 1289: ...is also the VLAN to which all source ports must be assigned Range 1 4094 DEFAULT SETTING VLAN 1 COMMAND MODE Global Configuration COMMAND USAGE This command specifies the VLAN through which MVR multic...

Страница 1290: ...g for a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list If the by host ip option is used the router querier will not...

Страница 1291: ...MVR VLAN IGMP snooping can also be used to allow a receiver port to dynamically join or leave multicast groups not sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports c...

Страница 1292: ...receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically assigned to a receiver port usi...

Страница 1293: ...s This command clears MRV statistics SYNTAX clear mrv statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Ra...

Страница 1294: ...proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enabled MVR Proxy Query Interval The interval at which the receiver port sen...

Страница 1295: ...8 1 23 10 testing 228 2 23 1 228 2 23 10 Console show mvr interface This command shows MVR configuration settings for interfaces attached to the MVR VLAN SYNTAX show mvr domain domain id interface dom...

Страница 1296: ...eated by IGMP protocol sort by port The multicast groups associated with an interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id R...

Страница 1297: ...rt Up time Expire Count 234 5 6 7 1 00 00 09 17 2 P 1 Eth 1 1 S 2 Eth 1 2 R Console The following example shows detailed information about a specific multicast address Console show mvr domain 1 member...

Страница 1298: ...put interface interface output interface interface query summary interface interface mvr vlan domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Rang...

Страница 1299: ...0 1 0 Eth 1 2 5 1 4 1 DVLAN 1 7 2 3 0 MVLAN 1 7 2 3 0 Console Table 177 show mvr statistics input display description Field Description Interface Shows interfaces attached to the MVR Report The numbe...

Страница 1300: ...ace G S S Query The number of group specific or group and source specific query messages sent from this interface Table 179 show mvr statistics query display description Field Description Other Querie...

Страница 1301: ...of Groups Number of groups learned on this port Querier Transmit General Number of general queries transmitted Group Specific Number of group specific queries transmitted Received General Number of ge...

Страница 1302: ...erface mvr vlan description Field Description Domain An independent multicast domain Number of Groups Number of groups learned on this port Querier Other Querier Other IGMP querier s IP address Other...

Страница 1303: ...p Number of report leave messages dropped by MVR source port Others Drop Number of report leave messages dropped for other reasons Table 181 show mvr statistics summary interface mvr vlan description...

Страница 1304: ...igures an interface as an MVR receiver or source port IC mvr6 vlan group Statically binds a multicast group to a port IC clear mvr6 groups dynamic Clears multicast group information dynamically learne...

Страница 1305: ...en MVR6 is enabled on a domain any multicast data associated with an MVR6 group is sent from all designated source ports to all receiver ports that have registered to receive data from that multicast...

Страница 1306: ...s bits end ip address Ending IPv6 address for an MVR multicast group This parameter must be a full IPv6 address including the network prefix and host address bits DEFAULT SETTING No profiles are defin...

Страница 1307: ...val interval The interval at which the receiver port sends out general queries Range 2 31744 seconds DEFAULT SETTING 125 seconds COMMAND MODE Global Configuration COMMAND USAGE This command sets the g...

Страница 1308: ...re MVR proxy service When the source port receives report and leave messages it only forwards them to other source ports When receiver ports receive any query messages they are dropped When changes oc...

Страница 1309: ...umber of times group specific queries are sent to downstream receiver ports This command only takes effect when MVR6 proxy switching is enabled EXAMPLE Console config mvr6 robustness value 5 Console c...

Страница 1310: ...to all MVR control packets sent upstream on the specified domain Use the no form to restore the default setting SYNTAX mvr6 domain domain id upstream source ip source ip address no mvr6 domain domain...

Страница 1311: ...of the MVR VLAN using the switchport allowed vlan command and switchport native vlan command but MVR receiver ports should not be statically configured as members of this VLAN EXAMPLE The following ex...

Страница 1312: ...deleted Using immediate leave can speed up leave latency but should only be enabled on a port attached to only one multicast subscriber to avoid disrupting services to other group members attached to...

Страница 1313: ...as joined through the MVR6 protocol or which have been assigned through the mvr6 vlan group command All source ports must belong to the MVR6 VLAN Subscribers should not be directly connected to source...

Страница 1314: ...IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined f...

Страница 1315: ...E If the interface option is not used then all MVR6 statistics are cleared Otherwise using the interface option will only clear the MVR6 statistics of the specified interface EXAMPLE The following sho...

Страница 1316: ...ast traffic forwarded into the MVR6 VLAN MVR6 Proxy Switching Shows if MVR proxy switching is enabled MVR6 Robustness Value Shows the number of reports or query messages sent when proxy switching is e...

Страница 1317: ...ivileged Exec EXAMPLE The following displays information about the interfaces attached to the MVR6 VLAN in domain 1 Console show mvr6 domain 1 interface MVR6 Domain 1 Port Type Status Immediate Leave...

Страница 1318: ...lowing shows information about the number of multicast forwarding entries currently active in domain 1 Console show mvr6 domain 1 members MVR6 Domain 1 MVR6 Forwarding Entry Count 1 Flag S Source port...

Страница 1319: ...f05 101 2 00 00 03 18 2 P 2 Eth1 2 S 1 Eth1 4 R 0 H Console show mvr6 profile This command shows all configured MVR profiles COMMAND MODE Privileged Exec EXAMPLE The following shows all configured MVR...

Страница 1320: ...r all domains COMMAND MODE Privileged Exec EXAMPLE The following shows MVR6 protocol related statistics received Console show mvr6 domain 1 statistics input MVR6 Domain 1 MVR6 VLAN 2 Input Statistics...

Страница 1321: ...ved 0 Specific Query Sent 0 Console Drop The number of times a report leave or query was dropped Packets may be dropped due to invalid format rate limiting packet content not allowed or MVR group repo...

Страница 1322: ...this querier is assumed to have expired Self Querier Address This querier s IPv6 address Self Querier Uptime This querier s time up Self Querier Expire Time This querier s expire time General Query R...

Страница 1323: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Страница 1324: ...sion of SNMP trap notifications about LLDP MED changes IC lldp med tlv ext poe2 Configures an LLDP MED enabled port to advertise its extended Power over Ethernet configuration and usage information IC...

Страница 1325: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Страница 1326: ...the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service EXAMPLE Console config lldp med fast start count 6 Con...

Страница 1327: ...e periodic transmit interval for LLDP advertisements Use the no form to restore the default setting SYNTAX lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval a...

Страница 1328: ...se the no form to restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Conf...

Страница 1329: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Страница 1330: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Страница 1331: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Страница 1332: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Страница 1333: ...age 1178 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its d...

Страница 1334: ...E Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link aggregation...

Страница 1335: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command confi...

Страница 1336: ...EXAMPLE Console config interface ethernet 1 1 Console config if lldp dot3 tlv poe Console config if lldp med location civic addr This command configures an LLDP MED enabled port to advertise its loca...

Страница 1337: ...ation as long as the total does not exceed 250 characters For the location options defined for device type normally option 2 is used to specify the location of the client device In situations where th...

Страница 1338: ...cations about LLDP MED changes Use the no form to disable LLDP MED notifications SYNTAX no lldp med notification DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COM...

Страница 1339: ...or backup power the Endpoint Device could use this information to decide to enter power conservation mode Note that this device does not support PoE capabilities This command only applies to the ES41...

Страница 1340: ...This option advertises location identification details EXAMPLE Console config interface ethernet 1 1 Console config if lldp med tlv location Console config if lldp med tlv med cap This command configu...

Страница 1341: ...network policy configurations frequently result in voice quality degradation or complete service disruption EXAMPLE Console config interface ethernet 1 1 Console config if lldp med tlv network policy...

Страница 1342: ...sole config if show lldp config This command shows LLDP configuration settings for all ports SYNTAX show lldp config detail interface detail Shows configuration summary interface ethernet unit port un...

Страница 1343: ...g max frame MED Notification Status Enabled MED Enabled TLVs Advertised med cap network policy location ext poe inventory MED Location Identification Location Data Format Civic Address LCI Country Nam...

Страница 1344: ...00 1A 7E AC 2B 16 Ethernet Port on unit 1 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Local Port Information Detail Port Eth 1 1 Port ID Type MAC Address Port ID B4 0E DC 34 96...

Страница 1345: ...C 0A 81 B7 C7 E1 Time To Live 120 seconds Port Description Ethernet Port on unit 1 port 1 System Description ECS3510 28P System Capabilities Bridge Enabled Capabilities Bridge Management Address 192 1...

Страница 1346: ...switch show lldp info statistics LLDP Global Statistics Neighbor Entries List Last Updated 49 seconds New Neighbor Entries Count 4 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Ne...

Страница 1347: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Страница 1348: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Страница 1349: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Страница 1350: ...events discovered by continuity check messages page 1369 or cross check messages page 1373 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm...

Страница 1351: ...43 alphanumeric characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Each MA name must be unique within the CFM domain Frames with AIS information can be issued at the cl...

Страница 1352: ...numeric characters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm a...

Страница 1353: ...P resumes loss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Con...

Страница 1354: ...n between the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that mak...

Страница 1355: ...main index 1 name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1356 ethernet cfm enable This command enables CFM processing globally on the switch Use the...

Страница 1356: ...a maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance doma...

Страница 1357: ...d or ITU T SG13 SG15 Y 1731 defined ICC based format Use the no form to restore the default setting SYNTAX ma index index name format character string icc based no ma index index name format index MA...

Страница 1358: ...d then the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium DEFAULT SETTING No MEPs are configured The MEP faces outwar...

Страница 1359: ...ed on that interface When CFM is disabled hardware resources previously used for CFM processing on that interface are released and all CFM frames entering that interface are forwarded as normal data t...

Страница 1360: ...aps interface interface global Displays global settings including CFM global status cross check start delay and link trace parameters traps Displays the status of all continuity check and cross check...

Страница 1361: ...remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which...

Страница 1362: ...ion Archive Hold Time m 1 rd 0 default 100 Console show ethernet cfm ma This command displays the configured maintenance associations SYNTAX show ethernet cfm ma level level level Maintenance level Ra...

Страница 1363: ...umber Range 1 28 52 port channel channel id Range 1 16 level id Maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mep keyword with thi...

Страница 1364: ...Range 1 port Port number Range 1 28 52 port channel channel id Range 1 16 level id Maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example sh...

Страница 1365: ...vel Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The port to which this MEP is attached CC Status Shows if th...

Страница 1366: ...Port State Up Interface State Up Crosscheck Status Enabled Console Table 194 show ethernet cfm maintenance points remote detail display Field Description MAC Address MAC address of the remote maintena...

Страница 1367: ...vity failures in an MA If any MEP fails to receive three consecutive CCMs from any other MEPs in its MA a connectivity failure Port State Port states include Up The port is functioning normally Blocke...

Страница 1368: ...ission of continuity check messages CCMs within a specified maintenance association Use the no form to disable the transmission of these messages SYNTAX no ethernet cfm cc enable md domain name ma ma...

Страница 1369: ...CCM with the same MPID as its own but with a different source MAC address indicating that a CFM configuration error exists loop Sends a trap if this device receives a CCM with the same source MAC addr...

Страница 1370: ...MEP Range 1 65535 minutes DEFAULT SETTING 100 minutes COMMAND MODE CFM Domain Configuration COMMAND USAGE A change to the hold time only applies to entries stored in the database after this command i...

Страница 1371: ...t cfm errors This command clears continuity check errors logged for the specified maintenance domain or maintenance level SYNTAX clear ethernet cfm errors domain domain name level level id domain name...

Страница 1372: ...r more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher maintenance level and associated...

Страница 1373: ...he MEPs learned through CCMs The cross check start delay should be configured to a value greater than or equal to the continuity check message interval to avoid generating unnecessary traps EXAMPLE Th...

Страница 1374: ...emote MEP that is not configured in the static list A ma up trap is sent if cross checking is enabled and a CCM is received from all remote MEPs configured in the static list for this maintenance asso...

Страница 1375: ...x 1 name rd vlan 1 Console config ether cfm mep crosscheck mpid 2 ma rd Console config ether cfm ethernet cfm mep crosscheck This command enables cross checking between the static list of MEPs assigne...

Страница 1376: ...rnet cfm maintenance points remote crosscheck domain domain name mpid mpid domain name Domain name Range 1 43 alphanumeric characters mpid Maintenance end point identifier Range 1 8191 DEFAULT SETTING...

Страница 1377: ...rom each MIP along the path and from the target MEP Information stored in the cache includes the maintenance domain name MA name MEPID sequence number and TTL value EXAMPLE This example enables link t...

Страница 1378: ...cache Range 1 4095 entries DEFAULT SETTING 100 entries COMMAND MODE Global Configuration COMMAND USAGE Before setting the cache size the cache must first be enabled with the ethernet cfm linktrace ca...

Страница 1379: ...ps DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Link trace messages can be targeted to MEPs not MIPs Before sending a link trace message be sure you have configured the target MEP f...

Страница 1380: ...ethernet cfm linktrace cache This command displays the contents of the link trace cache COMMAND MODE Privileged Exec EXAMPLE Console show ethernet cfm linktrace cache Hops MA IP Alias Ingress MAC Ing...

Страница 1381: ...operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be false IngBlocked The ingress port can b...

Страница 1382: ...matic detection of a fault or receipt of some other error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving maintenance point sho...

Страница 1383: ...setting SYNTAX mep fault notify lowest priority priority no fault notify lowest priority priority Lowest priority default allowed to generate a fault alarm Range 1 6 DEFAULT SETTING Priority level 2...

Страница 1384: ...Def All defects 2 macRemErrXcon DefMACstatus DefRemoteCCM DefErrorCCM or DefXconCCM 3 remErrXcon DefErrorCCM DefXconCCM or DefRemoteCCM 4 errXcon DefErrorCCM or DefXconCCM 5 xcon DefXconCCM 6 noXcon N...

Страница 1385: ...example sets the reset time after which another fault alarm can be generated Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep fault notify reset time 7 Consol...

Страница 1386: ...association name Range 1 43 alphanumeric characters count The number of times to retry sending the message if no response is received before the specified timeout Range 1 5 interval The transmission...

Страница 1387: ...P responds with a frame with DM reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTim...

Страница 1388: ...CHAPTER 42 CFM Commands Delay Measure Operations 1388...

Страница 1389: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Страница 1390: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Страница 1391: ...itical link event dying gasp Console config if efm oam link monitor frame This command enables reporting of errored frame link events Use the no form to disable this function SYNTAX no efm oam link mo...

Страница 1392: ...LV includes the number of errored frames detected during the specified period EXAMPLE Console config interface ethernet 1 1 Console config if efm oam link monitor frame threshold 5 Console config if e...

Страница 1393: ...sets the OAM mode on the specified port Use the no form to restore the default setting SYNTAX efm oam mode active passive no efm oam mode active All OAM functions are enabled passive All OAM functions...

Страница 1394: ...ports Range 1 28 52 COMMAND MODE Privileged Exec EXAMPLE Console clear efm oam counters Console RELATED COMMANDS show efm oam counters interface 1397 clear efm oam event log This command clears all e...

Страница 1395: ...d to start OAM remote loop back test mode on the specified port Afterwards use the efm oam remote loopback test command page 1396 to start sending test packets Then use the efm oam remote loopback sto...

Страница 1396: ...command to perform an OAM remote loopback test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loopback mod...

Страница 1397: ...ification 0 0 1 1 Loopback Control 1 0 1 1 Organization Specific 76 0 Console show efm oam event log interface This command displays the OAM event log for the specified port s or for all ports that ha...

Страница 1398: ...nsole clear efm oam event log Use he clear efm oam event log command to clear the event log Console show efm oam event log interface 1 1 Console This command can show OAM dying gasp changes for link p...

Страница 1399: ...9 0 01 Console show efm oam status interface This command displays OAM configuration settings and event counters SYNTAX show efm oam status interface interface list brief interface unit port unit Unit...

Страница 1400: ...nformation about attached OAM enabled devices SYNTAX show efm oam status remote interface interface list interface list unit port unit Unit identifier Range 1 port Port number or list of ports To ente...

Страница 1401: ...ame Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters DEFAULT SETTING None Table 201 Address Table Commands Command Function Mode...

Страница 1402: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Страница 1403: ...03 ip name server 1405 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use...

Страница 1404: ...ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use the no ip...

Страница 1405: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Страница 1406: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 1407: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Страница 1408: ...nsole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yaho...

Страница 1409: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1410: ...CHAPTER 44 Domain Name Service Commands 1410...

Страница 1411: ...and Group Function DHCP Client Allows interfaces to dynamically acquire IP address information DHCP Relay Relays DHCP requests from local hosts to a remote DHCP server Table 205 DHCP Client Commands C...

Страница 1412: ...2132 Option 60 This information is used to convey configuration settings or other identification information about a client but the specific string to use should be supplied by your service provider...

Страница 1413: ...client This command submits a BOOTP or DHCP client request DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE This command issues a BOOTP or DHCP client request for any IP interface that...

Страница 1414: ...pecified interface Use the no form to disable this option SYNTAX no ipv6 dhcp client rapid commit vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by...

Страница 1415: ...configuration flag set the switch may also attempt to acquire other non address configuration information such as a default gateway or DNS server when DHCPv6 is restarted Prior to submitting a client...

Страница 1416: ...commit vlan command and on the DHCPv6 server message exchange can be reduced from the normal four step process to a two step exchange of only solicit and reply messages EXAMPLE The following command...

Страница 1417: ...F FEF9 A494 DUID 0001 0001 48CFB0D5 F48F2A006801 Server address FE80 250 FCFF FEF9 A405 DUID 0001 0001 38CF5AB0 F48F2A003917 Console DHCP RELAY This section describes commands used to the switch to re...

Страница 1418: ...IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server Up to five DHCP servers can be specified in order of preference If any...

Страница 1419: ...client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcasts the DHCP response received from the server to the client EXAMPLE In the following ex...

Страница 1420: ...CHAPTER 45 DHCP Commands DHCP Relay 1420...

Страница 1421: ...must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and...

Страница 1422: ...efault gateway Refer to the ip default gateway command which provides the same function bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP DEFAULT SETTING DHCP COMMAND MODE Interfac...

Страница 1423: ...s In other words secondary addresses need to be specified if more than one IP subnet can be accessed through this interface Note that a secondary address cannot be configured prior to setting the prim...

Страница 1424: ...is established COMMAND MODE Global Configuration COMMAND USAGE The default gateway can also be defined using the following Global configuration command ip route 0 0 0 0 0 0 0 0 gateway address Static...

Страница 1425: ...VLAN 1 is Administrative Up Link Up Address is 70 72 CF 94 22 34 Index 1001 MTU 1500 Address Mode is DHCP IP Address 192 168 0 5 Mask 255 255 255 0 Proxy ARP is disabled DHCP relay server 0 0 0 0 Con...

Страница 1426: ...ress mask request messages address mask reply messages ICMP sent output errors destination unreachable messages time exceeded messages parameter problem message echo request messages echo reply messag...

Страница 1427: ...e timer goes off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long sequence of these messages terminating only when the maximum tim...

Страница 1428: ...ination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table When pinging...

Страница 1429: ...ontrol addresses This cache includes entries for hosts and other routers on local network interfaces defined on this router The maximum number of static entries allowed in the ARP cache is 128 You may...

Страница 1430: ...rk These nodes must therefore use a smaller subnet mask than that used by the router or other relevant network devices Extensive use of Proxy ARP can degrade router performance because it may lead to...

Страница 1431: ...ach cache entry including the IP address MAC address type static dynamic other and VLAN interface Note that entry type other indicates local addresses for this router EXAMPLE This example displays all...

Страница 1432: ...ateway Displays the current IPv6 default gateway NE PE show ipv6 interface Displays the usability and configured settings for IPv6 interfaces NE PE show ipv6 mtu Displays maximum transmission unit MTU...

Страница 1433: ...e colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The same link local address may be used by different interfaces nodes in different...

Страница 1434: ...ress to indicate the appropriate number of zeros required to fill the undefined fields To connect to a larger network with multiple subnets you must configure a global unicast address This address can...

Страница 1435: ...tion is based on the modified EUI 64 form of the interface identifier i e the switch s MAC address Use the no form to remove the address generated by this command SYNTAX no ipv6 address autoconfig DEF...

Страница 1436: ...t interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised router lifetime...

Страница 1437: ...precedence over the interface identifier If a duplicate address is detected a warning message is sent to the console IPv6 addresses are 16 bytes long of which the bottom 8 bytes typically form a uniq...

Страница 1438: ...nds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised router lifetime is 1800 seconds Console RELATED COMMANDS ipv6 address autoconfig 1435 show ipv6...

Страница 1439: ...config interface vlan 1 Console config if ipv6 address FE80 269 3EF9 FE19 6779 link local Console config if end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link local address fe80 269 3e...

Страница 1440: ...IPv6 for an interface that has been explicitly configured with an IPv6 address EXAMPLE In this example IPv6 is enabled on VLAN 1 and the link local address FE80 2E0 CFF FE00 FD 64 is automatically gen...

Страница 1441: ...advertisements sent from this device The maximum value set by this command cannot exceed the MTU of the physical interface which is currently fixed at 1500 bytes IPv6 routers do not fragment IPv6 pac...

Страница 1442: ...refix The IPv6 network portion of the address assigned to the interface The prefix must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal value...

Страница 1443: ...of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as d...

Страница 1444: ...with an acceptable MTU to this switch COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows the MTU cache for this device Console show ipv6 mtu MTU Since Destination Address 140...

Страница 1445: ...0 forwarded datagrams 22 requests 0 discards 0 no routes 0 generated fragments 0 fragment succeeded 0 fragment failed ICMPv6 Statistics ICMPv6 received 0 input 0 errors 0 destination unreachable messa...

Страница 1446: ...d because the destination address was not a local address unknown protocols The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol...

Страница 1447: ...tagrams if any such packets met this discretionary discard criterion no routes The number of input datagrams discarded because no route could be found to transmit them to their destination generated f...

Страница 1448: ...number of ICMP Destination Unreachable messages sent by the interface packet too big messages The number of ICMP Packet Too Big messages sent by the interface time exceeded messages The number of ICM...

Страница 1449: ...e number of zeros required to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain name server count Number of packets to send Range 1 16...

Страница 1450: ...n IPv6 address before trying to resolve it into an IPv4 address EXAMPLE Console ping6 FE80 2E0 CFF FE00 FC 1 64 Type ESC to abort PING to FE80 2E0 CFF FE00 FC 1 64 by 5 32 byte payload ICMP packets ti...

Страница 1451: ...erminates when the destination responds when the maximum timeout TTL is exceeded or the maximum number of hops is exceeded The traceroute command first sends probe datagrams with the TTL value set at...

Страница 1452: ...hat interface are placed in a pending state Duplicate address detection is automatically restarted when the interface is administratively re activated An interface that is re activated restarts duplic...

Страница 1453: ...s enabled number of DAD attempts 5 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time...

Страница 1454: ...nterface vlan 1 Console config pv6 nd ns interval 30000 Console config end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link local address fe80 200 e8ff fe90 0 64 Global unicast address es...

Страница 1455: ...nsole config if ipv6 nd reachable time This command configures the amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred SYNTAX ipv6 nd...

Страница 1456: ...ig interface vlan 1 Console config pv6 nd reachable time 1000 Console config clear ipv6 neighbors This command deletes all dynamic entries in the IPv6 neighbor discovery cache COMMAND MODE Privileged...

Страница 1457: ...on may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING All IPv6 neighbor discovery cache entries are displayed COMMAND MODE Pri...

Страница 1458: ...target but it has not yet returned a neighbor advertisement message I2 Invalid An invalidated mapping Setting the state to invalid dis associates the interface identified with this entry from the ind...

Страница 1459: ...to detect retransmit count Sets the number of times to send an NS message to determine if a binding is still valid GC ipv6 nd snooping auto detect retransmit interval Sets the interval between sending...

Страница 1460: ...ther security filtering protocols e g IPv6 Source Guard as described below If an NS message is received on an trusted interface it is forwarded without further processing If an NS message is received...

Страница 1461: ...he dynamic binding table still exists If it does not receive an RA message in response after the configured timeout the entry is dropped If the switch receives an RA message before the timeout expires...

Страница 1462: ...to determine if a dynamic user binding is still valid Use the no form to restore the default setting SYNTAX ipv6 nd snooping auto detect retransmit interval retransmit interval no ipv6 nd snooping aut...

Страница 1463: ...usted interface the switch will add an entry in the prefix table based upon the Prefix Information contained in the message If an RA message is not received for a table entry with the same prefix for...

Страница 1464: ...COMMAND USAGE In general interfaces facing toward to the network core or toward routers supporting the Network Discovery protocol are configured as trusted interfaces RA messages received from a trus...

Страница 1465: ...ping prefix Console show ipv6 nd snooping prefix Prefix entry timeout seconds Prefix Len Valid Time Expire VLAN Interface Console show ipv6 nd snooping This command shows the configuration settings fo...

Страница 1466: ...face 0013 49aa 3926 2001 b001 211 95ff fe84 cb9e 100 1 Eth 1 1 0012 cf01 0203 2001 1 3400 2 Eth 1 2 Console show ipv6 nd snooping prefix This command shows all entries in the address prefix table SYNT...

Страница 1467: ...namic routing These commands are used to connect between different local subnetworks or to connect the router to the enterprise network GLOBAL ROUTING CONFIGURATION Table 203 IP Routing Commands Comma...

Страница 1468: ...mic route is less than that configured for the static route Range 1 255 Default 1 Removes all static routing table entries DEFAULT SETTING No static routes are configured COMMAND MODE Global Configura...

Страница 1469: ...L3 switch in this mode for light routing requirements EXAMPLE Console config ip sw route Console config show ip route This command displays information in the Forwarding Information Base FIB SYNTAX s...

Страница 1470: ...rwarding may still be displayed by using the show ip route database command EXAMPLE Console show ip route Codes C connected S static R RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1...

Страница 1471: ...ummary This command displays summary information for the routing table COMMAND MODE Privileged Exec EXAMPLE In the following example the numeric identifier following the named routing table that is th...

Страница 1472: ...CHAPTER 46 IP Routing Commands IPv4 Commands 1472...

Страница 1473: ...1473 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1475 Troubleshooting on page 1479 License Information on page 1481...

Страница 1474: ...SECTION IV Appendices 1474...

Страница 1475: ...full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a cri...

Страница 1476: ...olicies MULTICAST FILTERING IGMP Snooping Layer 2 Multicast VLAN Registration ADDITIONAL FEATURES BOOTP Client DHCP Client DNS Client Proxy LLDP Link Layer Discover Protocol RMON Remote Monitoring gro...

Страница 1477: ...duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging DHCP Client RFC 2131 DHCPv6 Client RFC 3315 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2 RFC 2236 IGMPv3 RFC 3376 partial support IPv4 IGMP RFC...

Страница 1478: ...P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RADIUS Authentication C...

Страница 1479: ...t Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Страница 1480: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1481: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1482: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Страница 1483: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 1484: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Страница 1485: ...aintenance points fault verification through loop back messages and fault isolation with link trace messages COS Class of Service is supported by prioritizing packets based on the required level of se...

Страница 1486: ...he switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard ERPS Ethernet Ring Protection Switching c...

Страница 1487: ...otocol is a network layer protocol that reports errors in processing IP packets ICMP is also used by routers to feed back information about better routing choices IEEE 802 1D Specifies a general metho...

Страница 1488: ...the lowest IP address in the subnetwork IGMP PROXY Proxies multicast group membership information onto the upstream interface based on IGMP messages monitored on downstream interfaces and forwards mu...

Страница 1489: ...ng that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Information Base An acronym for Management Information Base It is a set of database...

Страница 1490: ...nd displaying remote device information OUT OF BAND MANAGEMENT Management of the network from a station not attached to the network PORT AUTHENTICATION See IEEE 802 1X PORT MIRRORING A method whereby...

Страница 1491: ...based on periodic updates from a Network Time Protocol NTP server Updates can be requested from a specific NTP server or can be received via broadcasts sent by NTP servers SSH Secure Shell is a secur...

Страница 1492: ...ow or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not ha...

Страница 1493: ...re note 726 boot system 737 bridge ext gvrp 1150 C calendar set 781 capabilities 997 channel group 1024 class 1212 class map 1208 clear access list hardware counters 992 clear arp cache 1430 clear cou...

Страница 1494: ...period 869 dot1x timeout re authperiod 869 dot1x timeout start period 875 dot1x timeout supp timeout 870 dot1x timeout tx period 870 E efm oam 1390 efm oam critical link event 1390 efm oam link monit...

Страница 1495: ...cn query solicit 1232 ip igmp snooping unregistered data flood 1232 ip igmp snooping unsolicited report interval 1233 ip igmp snooping version 1234 ip igmp snooping version exclusive 1234 ip igmp snoo...

Страница 1496: ...system priority 1028 lacp timeout 1029 line 749 lldp 1325 lldp admin status 1329 lldp basic tlv management ip address 1329 lldp basic tlv port description 1330 lldp basic tlv system capabilities 1331...

Страница 1497: ...n 899 network access guest vlan 900 network access link detection 901 network access link detection link down 901 network access link detection link up 902 network access link detection link up down 9...

Страница 1498: ...cam utilization 728 show accounting 846 show arp 1431 show auto traffic control 1071 show auto traffic control interface 1072 show banner 727 show bridge ext 1153 show cable diagnostics 1018 show cale...

Страница 1499: ...rface 1280 show ipv6 mtu 1444 show ipv6 nd raguard 1456 show ipv6 nd snooping 1465 show ipv6 nd snooping binding 1466 show ipv6 nd snooping prefix 1466 show ipv6 neighbors 1457 show ipv6 source guard...

Страница 1500: ...trol release 1069 snmp server enable port traps atc multicast alarm clear 1069 snmp server enable port traps atc multicast alarm fire 1070 snmp server enable port traps atc multicast control apply 107...

Страница 1501: ...e diagnostics 1017 timeout login response 756 time range 783 traceroute 1426 traceroute6 1450 traffic segmentation 963 traffic segmentation session 964 traffic segmentation uplink downlink 965 traffic...

Страница 1502: ...COMMAND LIST 1502...

Страница 1503: ...57 359 969 971 IPv6 Extended 357 365 976 979 IPv6 Standard 357 363 976 978 MAC 358 367 983 time range 353 782 Address Resolution Protocol See ARP address table 231 1085 aging time 234 1085 aging time...

Страница 1504: ...87 command line interface See CLI committed burst size QoS policy 295 296 297 1213 1215 1217 committed information rate QoS policy 295 296 297 1213 1215 1217 community string 97 466 795 configuration...

Страница 1505: ...68 1408 domain name list 663 1404 enabling lookup 663 1402 name server list 663 1405 static entries IPv4 667 1404 static entries IPv6 1406 Domain Name Service See DNS domain service access point CFM 5...

Страница 1506: ...ofile 591 1251 1252 filtering creating profile 591 1251 filtering group range 591 1252 groups displaying 577 1244 Layer 2 568 1226 query 568 570 1229 query enabling 573 services displaying 585 1244 sn...

Страница 1507: ...237 layer 2 protocol tunnel 1175 license information GNU 1481 Link Layer Discovery Protocol Media Endpoint Discovery See LLDP MED Link Layer Discovery Protocol See LLDP link trace cache CFM 552 1377 1...

Страница 1508: ...ic router port 598 1268 querier 596 1263 querier enabling 596 1263 query interval 596 1264 query maximum response time 596 1265 robustness value 596 1265 static port assignment 600 1269 static router...

Страница 1509: ...tem clock 141 773 776 O OAM active mode 557 1393 displaying settings and status 556 1397 1400 enabling on switch ports 556 1390 errored frame link events 1391 1392 event log displaying 560 1397 messag...

Страница 1510: ...rTCM police meter 296 1215 trTCM 293 1217 trTCM police meter 297 1217 QoS policy committed information rate 295 296 297 1213 1215 1217 QoS policy peak information rate 297 1217 Quality of Service See...

Страница 1511: ...iguring 250 1103 1114 interface settings displaying 254 1116 link type 251 255 1107 loopback detection 242 1107 maximum age 246 1095 MSTP interface settings configuring 261 1110 1111 MSTP path cost 26...

Страница 1512: ...ring port members by interface 1158 1161 configuring port members VLAN index 207 creating 202 1156 description 199 displaying port members 207 1164 displaying port members by interface 208 displaying...

Страница 1513: ......

Страница 1514: ...ECS4110 28T ECS4110 28P ECS4110 52T ECS4110 52P E072014 ST R02 150200000929A...

Отзывы:

Нет отзывов