Edge-Core ECS4610-24F Скачать руководство пользователя страница 290

Страница: 290 / 1154

HAPTER

| Security Measures

Access Control Lists

– 290 –

◆

Source/Destination Address Type

– Specifies the source or

destination IP address. Use “Any” to include all possible addresses,

“Host” to specify a specific host address in the Address field, or “IP” to

specify a range of addresses with the Address and Subnet Mask fields.

(Options: Any, Host, IP; Default: Any)

◆

Source/Destination IP Address

– Source or destination IP address.

◆

Source/Destination Subnet Mask

– Subnet mask for source or

destination address. (See the description for Subnet Mask on

page 288

◆

Source/Destination Port

– Source/destination port number for the

specified protocol type. (Range: 0-65535)

◆

Source/Destination Port Bit Mask

– Decimal number representing

the port bits to match. (Range: 0-65535)

◆

Protocol

– Specifies the protocol type to match as TCP, UDP or Others,

where others indicates a specific protocol number (0-255).

(Options: TCP, UDP, Others; Default: TCP)

◆

Service Type

– Packet priority settings based on the following criteria:

■

ToS

– Type of Service level. (Range: 0-15)

■

Precedence

– IP precedence level. (Range: 0-7)

■

DSCP

– DSCP priority level. (Range: 0-63)

◆

Control Code

– Decimal number (representing a bit string) that

specifies flag bits in byte 14 of the TCP header. (Range: 0-63)

◆

Control Code Bit Mask

– Decimal number representing the code bits

to match. (Range: 0-63)

The control bit mask is a decimal number (for an equivalent binary bit

mask) that is applied to the control code. Enter a decimal number,

where the equivalent binary bit “1” means to match a bit and “0”

means to ignore a bit. The following bits may be specified:

■

1 (fin) – Finish

■

2 (syn) – Synchronize

■

4 (rst) – Reset

■

8 (psh) – Push

■

16 (ack) – Acknowledgement

■

32 (urg) – Urgent pointer

For example, use the code value and mask below to catch packets with

the following flags set:

■

SYN flag valid, use control-code 2, control bit mask 2

■

Both SYN and ACK valid, use control-code 18, control bit mask 18

Содержание ECS4610-24F

Страница 1: ...Management Guide www edge core com ECS4610 24F 24 Port Layer 3 Gigabit Ethernet Switch...

Страница 2: ......

Страница 3: ...MANAGEMENT GUIDE ECS4610 24F GIGABIT ETHERNET SWITCH Layer 3 Switch with 22 1000BASE X SFP Ports and 2 Combination Gigabit Ports RJ 45 SFP ECS4610 24F E052010 ST R01 149100000092A...

Страница 4: ......

Страница 5: ...your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard tha...

Страница 6: ...ABOUT THIS GUIDE 6...

Страница 7: ...tion 58 Access Control Lists 59 DHCP 59 Port Configuration 59 Port Mirroring 59 Port Trunking 59 Rate Limiting 60 Broadcast Storm Control 60 Static Addresses 60 IEEE 802 1D Bridge 60 Store and Forward...

Страница 8: ...75 Saving or Restoring Configuration Settings 76 SECTION II WEB CONFIGURATION 79 3 USING THE WEB INTERFACE 81 Connecting to the Web Interface 81 Navigating the Web Browser Interface 82 Home Page 82 Co...

Страница 9: ...Configuring Port Mirroring 130 Showing Port or Trunk Statistics 131 Trunk Configuration 135 Configuring a Static Trunk 136 Configuring a Dynamic Trunk 139 Displaying LACP Port Counters 144 Displaying...

Страница 10: ...g the Dynamic Address Table 192 8 SPANNING TREE ALGORITHM 195 Overview 195 Configuring Loopback Detection 198 Configuring Global Settings for STA 199 Displaying Global Settings for STA 204 Configuring...

Страница 11: ...gs for HTTPS 272 Replacing the Default Secure site Certificate 274 Configuring the Secure Shell 275 Configuring the SSH Server 278 Generating the Host Key Pair 279 Importing User Public Keys 281 Acces...

Страница 12: ...ing Binding Information 332 14 BASIC ADMINISTRATION PROTOCOLS 335 Configuring Event Logging 335 System Log Configuration 335 Remote Log Configuration 337 Sending Simple Mail Transfer Protocol Alerts 3...

Страница 13: ...ltering and Throttling 405 Configuring IGMP Filter Profiles 406 Configuring IGMP Filtering and Throttling for Interfaces 409 Layer 3 IGMP Query used with Multicast Routing 410 Configuring IGMP Proxy R...

Страница 14: ...lobal Statistics 460 Displaying VRRP Group Statistics 461 19 IP SERVICES 463 Domain Name Service 463 Configuring General DNS Service Parameters 463 Configuring a List of Domain Names 464 Configuring a...

Страница 15: ...figuring Stub Settings 516 Displaying Information on NSSA and Stub Areas 518 Configuring Area Ranges Route Summarization for ABRs 519 Redistributing External Routes 521 Configuring Summary Addresses f...

Страница 16: ...Keywords and Arguments 569 Minimum Abbreviation 569 Command Completion 569 Getting Help on Commands 570 Partial Keyword Lookup 571 Negating the Effect of Commands 571 Using Command History 571 Underst...

Страница 17: ...Frame Size 592 jumbo frame 592 File Management 593 boot system 594 copy 595 delete 598 dir 598 whichboot 599 Line 600 line 600 databits 601 exec timeout 602 login 603 parity 604 password 604 password...

Страница 18: ...e 620 sntp client 620 sntp poll 621 sntp server 622 show sntp 622 clock timezone 623 calendar set 624 show calendar 624 Time Range 625 time range 625 absolute 626 periodic 626 25 SNMP COMMANDS 629 snm...

Страница 19: ...654 show rmon history 654 show rmon statistics 655 27 AUTHENTICATION COMMANDS 657 User Accounts 657 enable password 658 username 659 Authentication Sequence 660 authentication enable 660 authenticati...

Страница 20: ...g 677 Web Server 678 ip http port 678 ip http server 679 ip http secure server 679 ip http secure port 681 Telnet Server 681 ip telnet max sessions 682 ip telnet port 682 ip telnet server 683 show ip...

Страница 21: ...management 705 show management 706 28 GENERAL SECURITY MEASURES 707 Port Security 708 mac learning 708 port security 709 Network Access MAC Address Authentication 711 network access aging 712 network...

Страница 22: ...cp snooping database flash 731 show ip dhcp snooping 732 show ip dhcp snooping binding 732 IP Source Guard 733 ip source guard binding 733 ip source guard 735 ip source guard max binding 736 show ip s...

Страница 23: ...ed IPv6 ACL 756 show ipv6 access list 758 ipv6 access group 759 show ipv6 access group 759 MAC ACLs 760 access list mac 760 permit deny MAC ACL 761 mac access group 763 show mac access group 764 show...

Страница 24: ...790 lacp port priority 791 lacp system priority 792 lacp admin key Port Channel 792 show lacp 793 32 PORT MIRRORING COMMANDS 797 Local Port Mirroring Commands 797 port monitor 797 show port monitor 7...

Страница 25: ...panning tree loopback detection release mode 822 spanning tree loopback detection trap 823 spanning tree mst cost 824 spanning tree mst port priority 825 spanning tree port priority 825 spanning tree...

Страница 26: ...el tpid 848 show dot1q tunnel 849 Configuring Port based Traffic Segmentation 850 traffic segmentation 850 show traffic segmentation 851 Configuring Private VLANs 851 private vlan 853 private vlan ass...

Страница 27: ...eue cos map 872 queue mode 873 queue weight 874 switchport priority default 875 show queue cos map 876 show queue mode 876 show queue weight 877 Priority Commands Layer 3 and 4 878 map ip dscp Global...

Страница 28: ...ip igmp snooping tcn query solicit 909 ip igmp snooping unregistered data flood 910 ip igmp snooping unsolicited report interval 911 ip igmp snooping version 911 ip igmp snooping version exclusive 91...

Страница 29: ...ow ip igmp profile 929 show ip igmp throttle interface 929 Multicast VLAN Registration 930 mvr 931 mvr immediate leave 932 mvr type 933 mvr vlan group 934 show mvr 935 IGMP Layer 3 937 ip igmp 937 ip...

Страница 30: ...dp dot1 tlv proto ident 959 lldp dot1 tlv proto vid 959 lldp dot1 tlv pvid 960 lldp dot1 tlv vlan name 960 lldp dot3 tlv link agg 961 lldp dot3 tlv mac phy 961 lldp dot3 tlv max frame 962 lldp notific...

Страница 31: ...6 dns server 986 domain name 987 hardware address 987 host 988 lease 989 netbios name server 990 netbios node type 991 network 991 next server 992 clear ip dhcp binding 993 show ip dhcp binding 993 sh...

Страница 32: ...1014 show arp 1014 UDP Helper Configuration 1015 ip forward protocol udp 1015 ip helper 1016 ip helper address 1017 show ip helper 1018 45 IP ROUTING COMMANDS 1019 Global Routing Configuration 1019 ip...

Страница 33: ...ortest Path First OSPFv2 1042 router ospf 1043 compatible rfc1583 1044 default information originate 1045 router id 1046 timers spf 1047 clear ip ospf process 1048 area default cost 1048 area range 10...

Страница 34: ...ticast routing 1085 show ip mroute 1086 Static Multicast Routing 1088 ip igmp snooping vlan mrouter 1088 show ip igmp snooping mrouter 1089 PIM Multicast Routing 1090 PIM Commands 1090 router pim 1091...

Страница 35: ...w ip pim bsr router 1110 show ip pim rp mapping 1111 show ip pim rp hash 1112 SECTION IV APPENDICES 1113 A SOFTWARE SPECIFICATIONS 1115 Software Features 1115 Management Features 1117 Standards 1117 M...

Страница 36: ...CONTENTS 36...

Страница 37: ...Zone 115 Figure 15 Console Port Settings 116 Figure 16 Telnet Connection Settings 118 Figure 17 Displaying CPU Utilization 119 Figure 18 Displaying Memory Utilization 119 Figure 19 Restarting the Swi...

Страница 38: ...49 Figure 47 Configuring Members for Traffic Segmentation 150 Figure 48 Configuring VLAN Trunking 151 Figure 49 Configuring VLAN Trunking 152 Figure 50 VLAN Compliant and VLAN Non compliant Devices 15...

Страница 39: ...orts 196 Figure 85 MSTP Region Internal Spanning Tree Multiple Spanning Tree 197 Figure 86 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree 197 Figure 87 Configuring Port Loop...

Страница 40: ...ation Server TACACS 251 Figure 122 Configuring AAA Server Groups 252 Figure 123 Showing AAA Server Groups 252 Figure 124 Configuring Global Settings for AAA Accounting 255 Figure 125 Configuring AAA A...

Страница 41: ...289 Figure 157 Configuring an Extended IPv4 ACL 291 Figure 158 Configuring a Standard IPv6 ACL 293 Figure 159 Configuring an Extended IPv6 ACL 295 Figure 160 Configuring a MAC ACL 297 Figure 161 Confi...

Страница 42: ...formation for LLDP Port 347 Figure 191 Displaying Remote Device Information for LLDP Port 351 Figure 192 Displaying Remote Device Information for LLDP Port Details 352 Figure 193 Displaying LLDP Devic...

Страница 43: ...Attached a Multicast Router 396 Figure 230 Showing Current Interfaces Attached a Multicast Router 396 Figure 231 Assigning an Interface to a Multicast Service 398 Figure 232 Showing Static Interfaces...

Страница 44: ...k Device 441 Figure 264 Proxy ARP 442 Figure 265 Configuring General Settings for ARP 443 Figure 266 Configuring Static ARP Entries 445 Figure 267 Displaying Static ARP Entries 445 Figure 268 Displayi...

Страница 45: ...Figure 300 Configuring DHCP Server Address Pools Host 476 Figure 301 Showing Configured DHCP Server Address Pools 477 Figure 302 Shows Addresses Assigned by the DHCP Server 477 Figure 303 Enabling th...

Страница 46: ...SA 513 Figure 337 Configuring Protocol Settings for an NSSA 516 Figure 338 OSPF Stub Area 516 Figure 339 Configuring Protocol Settings for a Stub 518 Figure 340 Displaying Information on NSSA and Stub...

Страница 47: ...isplaying Detailed Entries from the Multicast Routing Table 547 Figure 364 Enabling PIM Multicast Routing 548 Figure 365 Configuring PIM Interface Settings Dense Mode 553 Figure 366 Configuring PIM In...

Страница 48: ...FIGURES 48...

Страница 49: ...tics 307 Table 14 ARP Inspection Log 308 Table 15 802 1X Statistics 320 Table 16 Logging Levels 336 Table 17 Chassis ID Subtype 345 Table 18 System Capabilities 346 Table 19 Port ID Subtype 348 Table...

Страница 50: ...escription 641 Table 48 show snmp group display description 642 Table 49 show snmp user display description 643 Table 50 show snmp view display description 644 Table 51 RMON Commands 649 Table 52 Auth...

Страница 51: ...84 show lacp neighbors display description 795 Table 85 show lacp sysid display description 796 Table 86 Port Mirroring Commands 797 Table 87 Mirror Port Commands 797 Table 88 Rate Limit Commands 801...

Страница 52: ...on 936 Table 119 show mvr members display description 936 Table 120 IGMP Commands Layer 3 937 Table 121 show ip igmp groups display description 945 Table 122 show ip igmp groups detail display descrip...

Страница 53: ...display description 1078 Table 150 show ip ospf interface display description 1079 Table 151 show ip ospf neighbor display description 1080 Table 152 show ip ospf neighbor display description 1082 Tab...

Страница 54: ...TABLES 54...

Страница 55: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 56: ...SECTION I Getting Started 56...

Страница 57: ...HA password Port IEEE 802 1X MAC address filtering General Security Measures Private VLANs Port Authentication Port Security DHCP Snooping IP Source Guard Access Control Lists Supports up to 36 ACLs p...

Страница 58: ...r a web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or IEEE 802 1D Bridge Supports dynamic data switching and addresses...

Страница 59: ...client must physically reside on the same subnet Since it is not practical to have a DHCP server on every subnet DHCP Relay is also supported to allow dynamic configuration of local clients from a DH...

Страница 60: ...ransparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses...

Страница 61: ...restrict traffic to the VLAN groups to which a user has been assigned By segmenting your network into VLANs you can Eliminate broadcast storms which severely degrade performance in a flat network Sim...

Страница 62: ...based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding IP ROUTING The switch pro...

Страница 63: ...resses to forward packets from one hop to the next Either static or dynamic entries can be configured in the ARP cache Proxy ARP allows hosts that do not support routing to determine the MAC address o...

Страница 64: ...ustomer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network SYSTEM DEFAULTS The switch s system defaults are provided in the configura...

Страница 65: ...led Auto negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 500 packets sec Ad...

Страница 66: ...P Client Enabled Relay Disabled Server Disabled DNS Client Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled Unicast Routing RIP Disabled OSPFv2 Disabled Router...

Страница 67: ...andard web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to...

Страница 68: ...on any port for excessive broadcast traffic Display system information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a connection to a PC or terminal for...

Страница 69: ...k and default gateway using a console connection or DHCP protocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignmen...

Страница 70: ...nter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the CLI displays the Console prompt indicating you have...

Страница 71: ...specify a default gateway that resides between this device and management stations that exist on another network segment Valid IPv4 addresses consist of four decimal numbers 0 to 255 separated by per...

Страница 72: ...start broadcasting service requests Note that the ip dhcp restart client command can also be used to start broadcasting service requests for all VLANs configured to obtain address assignments through...

Страница 73: ...ing requested by the managers through trap messages which inform the manager that certain events have occurred The switch includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provid...

Страница 74: ...ngs If there are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled TRAP RECEIVERS You can also specify SNMP stations that are to receive traps from the switch T...

Страница 75: ...l on page 354 or refer to the specific CLI commands for SNMP starting on page 629 MANAGING SYSTEM FILES The switch s flash memory supports three types of system files that can be managed by the CLI pr...

Страница 76: ...save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command New startup configuration files must h...

Страница 77: ...tftp startup config and press Enter 2 Enter the address of the TFTP server Press Enter 3 Enter the name of the startup file stored on the server Press Enter 4 Enter the name for the startup file on th...

Страница 78: ...CHAPTER 2 Initial Switch Configuration Managing System Files 78...

Страница 79: ...VLAN Configuration on page 153 Address Table Settings on page 187 Spanning Tree Algorithm on page 195 Rate Limit Configuration on page 219 Storm Control Configuration on page 221 Class of Service on...

Страница 80: ...SECTION II Web Configuration 80 Unicast Routing on page 483 Multicast Routing on page 541...

Страница 81: ...ateway using an out of band serial connection BOOTP or DHCP protocol See Setting an IP Address on page 71 2 Set user names and passwords using an out of band serial connection Access to the web agent...

Страница 82: ...nistrator has Read Write access to all configuration parameters and statistics The default user name and password for the administrator is admin HOME PAGE When your web browser connects with the switc...

Страница 83: ...Tools Internet Options General Temporary Internet Files Settings the setting for item Check for newer versions of stored pages should be Every visit to the page PANEL DISPLAY The web agent displays a...

Страница 84: ...nual Manually sets the current time 111 SNTP Configures SNTP polling interval 112 Configure Time Server Configures a list of SNTP servers 113 Configure Time Zone Sets the local time zone for the syste...

Страница 85: ...egation group members on the remote side 139 Show Information Counters Displays statistics for LACP protocol messages 144 Internal Displays configuration settings and operational state for the local s...

Страница 86: ...vate Configure VLAN Add Creates primary or community VLANs 167 Show Display configured primary and community VLANs 167 Add Community VLAN Associates a community VLAN with a primary VLAN 168 Show Commu...

Страница 87: ...obal Configure Configures global bridge settings for STP RSTP and MSTP 199 Show Informaton Displays STA values used for the bridge 204 Configure Interface Configure Configures interface settings for S...

Страница 88: ...ice VLAN and VLAN aging time 239 Configure OUI 241 Add Maps the OUI in the source MAC address of ingress packets to the VoIP device manufacturer 241 Show Shows the OUI telephony list 241 Configure Int...

Страница 89: ...lied to specific interfaces 258 User Accounts 261 Add Configures user names passwords and access levels 261 Show Shows authorized users 261 Modify Modifies user attributes 261 Network Access MAC addre...

Страница 90: ...nd other packet attributes 286 Show Rule Shows the rules specified for an ACL 286 Configure Interface Binds a port to the specified ACL and time range 300 ARP Inspection 301 Configure General Enables...

Страница 91: ...Layer Discovery Protocol 340 Configure Global Configures global LLDP timing parameters 340 Configure Interface Sets the message transmission mode enables SNMP notification and sets the LLDP attribute...

Страница 92: ...r Group Assign a local user to a new group 368 Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 370 Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 370 Configure...

Страница 93: ...formation Dynamic Address Shows dynamically learned entries in the IP routing table 445 Other Address Shows internal addresses used by the switch 445 Statistics Shows statistics on ARP requests sent a...

Страница 94: ...ws the name server address list 466 Static Host Table Add Configures static entries for domain name to address mapping 467 Show Shows the list of static mapping entries 467 Modify Modifies the static...

Страница 95: ...ssigns ports that are attached to a neighboring multicast router 395 Show Static Multicast Router Displays ports statically configured as attached to a neighboring multicast router 395 Show Current Mu...

Страница 96: ...for each VLAN 418 Show Detail Shows detailed information on each multicast group associated with a VLAN interface 418 Multicast Routing 541 General Globally enables multicast routing 544 Information 5...

Страница 97: ...Redistribute 493 Add Imports external routing information from other routing domains that is protocols into the autonomous system 493 Show Shows the external routing information to be imported from ot...

Страница 98: ...count LSA count and LSA checksum 518 Area Range 519 Add Configures route summaries to advertise at an area boundary 519 Show Shows route summaries advertised at an area boundary 519 Modify Modifies r...

Страница 99: ...lays information neighboring PIM routers 554 PIM SM Protocol Independent Multicasting Sparse Mode Configure Global Configures settings for register messages and use of the SPT 554 BSR Candidate Config...

Страница 100: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 100...

Страница 101: ...system start up files Setting the System Clock Sets the current time manually or through specified SNTP servers Console Port Settings Sets console port connection parameters Telnet Settings Sets Teln...

Страница 102: ...management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To conf...

Страница 103: ...Serial Number The serial number of the switch Number of Ports Number of built in ports Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal po...

Страница 104: ...psulation fields CLI REFERENCES System Management Commands on page 587 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or server must support this fea...

Страница 105: ...ses This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service on page 223 Static Entry Individual Port This switch allows static filtering for unicast and m...

Страница 106: ...g Bridge Extension Configuration MANAGING SYSTEM FILES This section describes how to upgrade the switch operating software or configuration files and set the system start up files COPYING FILES VIA FT...

Страница 107: ...erver FTP TFTP Server IP Address IP address of an FTP or TFTP server User Name The user name for FTP server access Password The password for FTP server access File Type Specify Operation Code to copy...

Страница 108: ...tch to overwrite or specify a new file name 9 Then click Apply Figure 7 Copy Firmware If you replaced a file currently used for startup and want to start using the new file reboot the system via the S...

Страница 109: ...d the maximum length for file names is 31 characters for files on the switch Valid characters A Z a z 0 9 _ NOTE The maximum number of user defined configuration files is limited only by available fla...

Страница 110: ...Up from the Action list 3 Mark the operation code or configuration file to be used at startup 4 Then click Apply Figure 9 Setting Start Up Files To start using the new firmware or configuration setti...

Страница 111: ...actory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP...

Страница 112: ...tem Clock CONFIGURING SNTP Use the System Time Configure General SNTP page to configure the switch to send time synchronization requests to time servers Set the SNTP polling interval SNTP servers and...

Страница 113: ...e Time Server page to specify the IP address for up to three SNTP time servers CLI REFERENCES sntp server on page 622 PARAMETERS The following parameters are displayed in the web interface SNTP Server...

Страница 114: ...of UTC You can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone PARAMETERS The following parameters are displayed in the we...

Страница 115: ...that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the connection is terminated for the session Range 0 300 seconds Default 0 seconds E...

Страница 116: ...aud rate for transmit to terminal and receive from terminal Set the speed to match the baud rate of the device connected to the serial port Range 9600 19200 or 38400 baud Default 115200 baud NOTE The...

Страница 117: ...300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is term...

Страница 118: ...display information on CPU utilization CLI REFERENCES no comparable command PARAMETERS The following parameters are displayed in the web interface Time Interval The interval at which to update the dis...

Страница 119: ...on parameters CLI REFERENCES no comparable command PARAMETERS The following parameters are displayed in the web interface Free Size The amount of memory currently free for use Used Size The amount of...

Страница 120: ...ETERS The following parameters are displayed in the web interface System Reload Configuration Reset Mode Restarts the switch immediately or at the specified time s Immediately Restarts the system imme...

Страница 121: ...d Daily Every day Weekly Day of the week at which to reload Range Sunday Saturday Monthly Day of the month at which to reload Range 1 31 WEB INTERFACE To restart the switch 1 Click System then Reset 2...

Страница 122: ...CHAPTER 4 Basic Management Tasks Resetting the System 122 Figure 20 Restarting the Switch In Figure 21 Restarting the Switch At...

Страница 123: ...CHAPTER 4 Basic Management Tasks Resetting the System 123 Figure 22 Restarting the Switch Regularly...

Страница 124: ...CHAPTER 4 Basic Management Tasks Resetting the System 124...

Страница 125: ...CONFIGURATION This section describes how to configure port connections mirror traffic from one port to another and run cable diagnostics CONFIGURING BY PORT LIST Use the Interface Port General Config...

Страница 126: ...t in RJ 45 port SFP Forced Always uses the SFP port even if a module is not installed This is the default for Ports 3 24 SFP Preferred Auto Uses SFP port if both combination types are functioning and...

Страница 127: ...on enabled on Gigabit ports disabled on 10G ports Advertised capabilities for 1000BASE T 10half 10full 100half 100full 1000full 1000Base SX LX LH 1000full Speed Duplex Allows you to manually set the p...

Страница 128: ...e 125 CLI REFERENCES Interface Commands on page 769 WEB INTERFACE To configure port connection parameters 1 Click Interface Port General 2 Select Configure by Port Range from the Action List 3 Enter t...

Страница 129: ...pe Media type used Options Ports 1 2 Copper Forced SFP Forced or SFP Preferred Auto Ports 3 24 SFP Forced Default Ports 1 2 SFP Preferred Auto Ports 3 24 SFP Forced Autonegotiation Shows if auto negot...

Страница 130: ...d source port speed otherwise traffic may be dropped from the monitor port When mirroring port traffic the target port must be included in the same VLAN as the source port when using MSTP see Spanning...

Страница 131: ...c based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such...

Страница 132: ...discarding such a packet could be to free up buffer space Received Multicast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast addres...

Страница 133: ...rces Jabbers The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS or alignment error Fragments The total number o...

Страница 134: ...The total number of packets including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but including FCS octets Utilization Stati...

Страница 135: ...s where bottlenecks exist as well as providing a fault tolerant link between two devices You can create up to 12 trunks at a time on the switch The switch supports both static trunking and dynamic Lin...

Страница 136: ...at both ends of a connection must be configured as trunk ports When configuring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at b...

Страница 137: ...before removing a static trunk via the configuration interface PARAMETERS These parameters are displayed in the web interface Trunk ID Trunk identifier Range 1 32 Member The initial trunk member Use...

Страница 138: ...onfigure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure General from the Step list 3 Select Configure from the Action list 4 Modify the required interface s...

Страница 139: ...s also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID If more th...

Страница 140: ...1 By default the Actor Admin Key is determined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the Part...

Страница 141: ...om the Step list 3 Set the Admin Key for the required LACP group 4 Click Apply Figure 37 Configuring the LACP Aggregator Admin Key To enable LACP for a port 1 Click Interface Trunk Dynamic 2 Select Co...

Страница 142: ...st 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 39 Configuring LACP Parameters on a Port To show the active members of a dyna...

Страница 143: ...4 Modify the required interface settings See Configuring by Port List on page 125 for a description of the interface settings 5 Click Apply Figure 41 Configuring Connection Settings for Dynamic Trunk...

Страница 144: ...Port list Table 6 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel g...

Страница 145: ...RENCES show lacp on page 793 PARAMETERS These parameters are displayed in the web interface Table 7 LACP Internal Configuration Information Parameter Description LACP System Priority LACP system prior...

Страница 146: ...d in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not e...

Страница 147: ...user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port...

Страница 148: ...P settings and status for the remote side 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Show Information from the Action list 4 Click Neighbors 5 Sele...

Страница 149: ...rts is only forwarded to and from uplink ports ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation CLI REFERENCES Configuring Port...

Страница 150: ...ort based Traffic Segmentation on page 850 PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifier Range 1 24 Trunk Trunk Ident...

Страница 151: ...frames with unknown VLAN group tags However by enabling VLAN trunking on the intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN groups in switches A...

Страница 152: ...nly be enabled on Gigabit ports Trunk Trunk Identifier Range 1 32 VLAN Trunking Status Enables VLAN trunking on the selected interface WEB INTERFACE To enable VLAN trunking on a port or trunk 1 Click...

Страница 153: ...mapping table IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs t...

Страница 154: ...AN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VL...

Страница 155: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Страница 156: ...estination host the switch must first strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag Howe...

Страница 157: ...te VLAN groups 1 Click VLAN Static 2 Select Add from the Action list 3 Enter a VLAN ID or range of IDs 4 Mark Enable to configure the VLAN as operational 5 Click Apply Figure 52 Creating Static VLANs...

Страница 158: ...ces Use the menus for editing port members to configure the VLAN behavior for specific interfaces including the mode of operation Hybrid or 1Q Trunk the default VLAN identifier PVID accepted frame typ...

Страница 159: ...er of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs the PVID must be defined first then the status of the VL...

Страница 160: ...Automatic VLAN Registration on page 155 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface NOTE VLAN 1 is the default untagged VLAN c...

Страница 161: ...hat Membership Type cannot be changed until an interface has been added to another VLAN and the PVID changed to anything other than 1 5 Click Apply Figure 55 Configuring Static Members by VLAN Index T...

Страница 162: ...he Step list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptable frame type and ingress filtering...

Страница 163: ...tatus Enables disables GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets received...

Страница 164: ...tch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch 1 Click VLAN Dynamic 2 Select Co...

Страница 165: ...this switch 1 Click VLAN Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 60 Showing Dynamic VLANs Registered on the Switch To show the members of...

Страница 166: ...t while the community ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each primary VLAN Note...

Страница 167: ...o community ports within secondary or community VLANs Community Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN WEB INTERFACE To configure private...

Страница 168: ...S These parameters are displayed in the web interface Primary VLAN ID of primary VLAN 2 4093 Community VLAN VLAN associated with the selected primary VLAN WEB INTERFACE To associate a community VLAN w...

Страница 169: ...ing Associated VLANs CONFIGURING PRIVATE VLAN INTERFACES Use the VLAN Private Configure Interface page to set the private VLAN interface type and assign the interfaces to a private VLAN CLI REFERENCES...

Страница 170: ...scuous then specify the associated primary VLAN Community VLAN A community VLAN conveys traffic between community ports and from community ports to their designated promiscuous ports Set Port Mode to...

Страница 171: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Страница 172: ...r tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags If the incoming packet is...

Страница 173: ...l to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled If...

Страница 174: ...formation are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tunnel...

Страница 175: ...ort Range hexadecimal 0800 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value This feature allows the switch to interoperate with third party switches that do not use the standard...

Страница 176: ...ed client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Tunnel mode and set the uplin...

Страница 177: ...easily grouped into a common VLAN This may require non standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of...

Страница 178: ...col groups CLI REFERENCES protocol vlan protocol group Configuring Groups on page 858 PARAMETERS These parameters are displayed in the web interface Frame Type Choose either Ethernet RFC 1042 or LLC O...

Страница 179: ...rom the Action list 4 Select an entry from the Frame Type list 5 Select an entry from the Protocol Type list 6 Enter an identifier for the protocol group 7 Click Apply Figure 70 Configuring Protocol V...

Страница 180: ...he frame is tagged it will be processed according to the standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN I...

Страница 181: ...affic will be forwarded 7 Click Apply Figure 72 Assigning Interfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the...

Страница 182: ...VLAN ID An IP subnet consists of an IP address and a mask When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLAN mapping table and if an entry is...

Страница 183: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 184: ...es cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last PAR...

Страница 185: ...tion Configuring MAC based VLANs 185 6 Click Apply Figure 76 Configuring MAC Based VLANs To show the MAC addresses mapped to a VLAN 1 Click VLAN MAC Based 2 Select Show from the Action list Figure 77...

Страница 186: ...CHAPTER 6 VLAN Configuration Configuring MAC based VLANs 186...

Страница 187: ...MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on page 708 COMMAND USAGE When MAC address learning...

Страница 188: ...ee Configuring Port Security on page 311 is enabled on the same interface PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifi...

Страница 189: ...n on another interface the address will be ignored and will not be written to the address table Static addresses will not be removed from the address table when a given interface link is down A static...

Страница 190: ...GING THE AGING TIME Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned forwarding inf...

Страница 191: ...dress for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Othe...

Страница 192: ...EARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from the forwarding database CLI REFERENCES clear mac address table dynamic on page 80...

Страница 193: ...3 Select the method by which to clear the entries i e All MAC Address VLAN or Interface 4 Enter information in the additional fields required for clearing entries by MAC Address VLAN or Interface 5 C...

Страница 194: ...CHAPTER 7 Address Table Settings Clearing the Dynamic Address Table 194...

Страница 195: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 196: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 197: ...idge node for communications with STP or RSTP nodes in the global network Figure 86 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments...

Страница 198: ...s own BPDUs in a forward delay interval NOTE If loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802...

Страница 199: ...ands on page 807 COMMAND USAGE Spanning Tree Protocol1 Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple V...

Страница 200: ...in a specific set of spanning tree instances A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Ch...

Страница 201: ...Switch Becomes Root Hello Time Interval in seconds at which the root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximu...

Страница 202: ...ST Region Revision2 The revision for this MSTI Range 0 65535 Default 0 Region Name2 The name for this MSTI Maximum length 32 characters switch s MAC address Max Hop Count The maximum number of hops al...

Страница 203: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 203 Figure 88 Configuring Global Settings for STA STP Figure 89 Configuring Global Settings for STA RSTP...

Страница 204: ...n page 829 show spanning tree mst configuration on page 830 PARAMETERS The parameters displayed in the web interface are described in the preceding section except for the following items Bridge ID A u...

Страница 205: ...ACE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 91 Displaying Global Settings for STA CO...

Страница 206: ...ower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Also not that path cost takes precedence over port priority Range 0 for auto conf...

Страница 207: ...iguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port sho...

Страница 208: ...n administrator must manually enable the port Default Disabled BPDU Filter BPDU filtering allows you to avoid transmitting BPDUs on configured edge ports that are connected to end nodes By default STA...

Страница 209: ...Tree Shows if STA has been enabled on this interface STA Status Displays current state of this port within the Spanning Tree Discarding Port receives STA configuration messages but does not forward p...

Страница 210: ...mmunicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operationa...

Страница 211: ...Step list 3 Select Show Information from the Action list Figure 94 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 212: ...thin the same MSTI Region page 199 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connectin...

Страница 213: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Страница 214: ...he priority for an MSTP Instance 5 Click Apply Figure 97 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Страница 215: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 99...

Страница 216: ...d for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Sp...

Страница 217: ...trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Figure 101 Co...

Страница 218: ...CHAPTER 8 Spanning Tree Algorithm Configuring Interface Settings for MSTP 218...

Страница 219: ...is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes CLI REFERE...

Страница 220: ...CHAPTER 9 Rate Limit Configuration 220 Figure 103 Configuring Rate Limits...

Страница 221: ...REFERENCES switchport packet rate on page 777 COMMAND USAGE Broadcast Storm Control is enabled by default Broadcast control does not effect IP multicast traffic PARAMETERS These parameters are displa...

Страница 222: ...CHAPTER 10 Storm Control Configuration 222 Figure 104 Configuring Broadcast Storm Control...

Страница 223: ...t kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the...

Страница 224: ...nitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign a policy ma...

Страница 225: ...the lone match command ACL Name of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Prec...

Страница 226: ...aps To edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of tra...

Страница 227: ...ich indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value or a member of specific VLAN A policy map is then configured which indicates the boundary param...

Страница 228: ...lors as described below A packet is marked green if it doesn t exceed the committed information rate and committed burst size yellow if it does exceed the committed information rate and committed burs...

Страница 229: ...peak information rate PIR and their associated burst sizes committed burst size BC or burst rate and peak burst size BP Action may taken for traffic conforming to the maximum throughput exceeding the...

Страница 230: ...ed as red or if Tp t B 0 the packet is red else if the packet has been precolored as yellow or if Tc t B 0 the packet is yellow and Tp is decremented by B else the packet is green and both Tp and Tc a...

Страница 231: ...committed burst size BC or burst rate and the action to take for conforming and non conforming traffic Policing is based on a token bucket where bucket depth that is the maximum burst before the buck...

Страница 232: ...colors The color modes include Color Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional differences between...

Страница 233: ...hroughput exceeding the maximum throughput but within the peak information rate or exceeding the peak information rate In addition to the actions defined by this command to transmit remark the DSCP se...

Страница 234: ...ether traffic that exceeds the maximum rate CIR but is within the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority for out of con...

Страница 235: ...olicy from the Step list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigne...

Страница 236: ...Policies 236 Figure 111 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Страница 237: ...ne policy map can be bound to an interface The switch does not allow a policy map to be bound to an interface for egress traffic PARAMETERS These parameters are displayed in the web interface Port Spe...

Страница 238: ...CHAPTER 11 Quality of Service Attaching a Policy Map to a Port 238...

Страница 239: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Страница 240: ...ady be created on the switch Range 1 4093 Voice VLAN Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port Range 5 43200 minutes Def...

Страница 241: ...layed in the web interface Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 89 AB Mask Identifies a range of MAC addresses Selecting a mask of...

Страница 242: ...ge to configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic priority You can also enable security filtering to ensure that on...

Страница 243: ...the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MAC address OUI numbers are assigned to manufacturers and form the first thr...

Страница 244: ...CHAPTER 12 VoIP Traffic Configuration Configuring VoIP Traffic Ports 244 Figure 117 Configuring Port Settings for a Voice VLAN...

Страница 245: ...e web connection SSH Provide a secure shell for secure Telnet access ACL Access Control Lists provide packet filtering for IP frames based on address protocol Layer 4 protocol port number or TCP contr...

Страница 246: ...ed services For example when the switch attempts to authenticate a user a request is sent to the first server in the defined group if there is no response the second server will be tried and so on If...

Страница 247: ...ote authentication server is used you must specify the authentication sequence Then specify the corresponding parameters for the remote authentication protocol using the Security AAA Server page Local...

Страница 248: ...DIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires managem...

Страница 249: ...ver RADIUS Global Provides globally applicable RADIUS settings Server Index Specifies one of five RADIUS servers that may be configured The switch attempts authentication using the listed sequence of...

Страница 250: ...use blank spaces in the string Maximum length 48 characters Confirm Authentication Key Re type the string entered in the previous field to ensure no errors were made The switch will not change the en...

Страница 251: ...6 Click Apply Figure 120 Configuring Remote Authentication Server RADIUS Figure 121 Configuring Remote Authentication Server TACACS To configure the RADIUS or TACACS server groups to use for accountin...

Страница 252: ...server to use for each priority level 6 Click Apply Figure 122 Configuring AAA Server Groups To show the RADIUS or TACACS server groups used for accounting and authorization 1 Click Security AAA Serve...

Страница 253: ...nutes where 0 means disabled Configure Method Accounting Type Specifies the service as 802 1X Accounting for end users Exec Administrative accounting for local console Telnet or SSH connections Method...

Страница 254: ...unting service Method Name Displays the user defined or default accounting method Server Group Name Displays the accounting server group Interface Displays the port console or Telnet interface to whic...

Страница 255: ...g method applied to various service types and the assigned server group 1 Click Security AAA Accounting 2 Select Configure Method from the Step list 3 Select Add from the Action list 4 Select the acco...

Страница 256: ...e Action list Figure 126 Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces console commands entered at specific privilege levels and local console Telnet...

Страница 257: ...ecified service types 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Summary Figure 129 Displaying a Summary of Applied AAA Accounting Methods To display basic ac...

Страница 258: ...onnections Method Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 255 characters Server Gro...

Страница 259: ...the Exec service type and the assigned server group 1 Click Security AAA Authorization 2 Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name...

Страница 260: ...Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 133 Configuring AAA Authorization Methods for Exec Service To display a the configured authorization...

Страница 261: ...are displayed in the web interface User Name The name of the user Maximum length 8 characters maximum number of users 16 Access Level Specifies the user level Options 0 Normal 15 Privileged Normal pri...

Страница 262: ...r software limitations This is often true for devices such as network printers IP phones and some wireless access points The switch enables network access from these devices to be controlled by authen...

Страница 263: ...pper case Authenticated MAC addresses are stored as dynamic entries in the switch secure MAC address table and are removed when the aging time expires The maximum number of secure MAC addresses suppor...

Страница 264: ...ne of the following conditions authentication result remains unchanged The Filter ID attribute cannot be found to carry the user profile The Filter ID attribute is empty The Filter ID attribute format...

Страница 265: ...ss Authenticataion process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authenti...

Страница 266: ...Sets the maximum number of MAC addresses that can be authenticated on a port via MAC authentication that is the Network Access process described in this section Range 1 1024 Default 1024 Network Acce...

Страница 267: ...s no VLAN configuration the authentication is still treated as a success and the host is assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenti...

Страница 268: ...which will trigger the port action Link up Only link up events will trigger the port action Link down Only link down events will trigger the port action Link up and down All link up and link down even...

Страница 269: ...er tables can be defined There is no limitation on the number of entries used in a filter table PARAMETERS These parameters are displayed in the web interface Filter ID Adds a filter rule for the spec...

Страница 270: ...ddress Filter Table for Network Access DISPLAYING SECURE MAC ADDRESS INFORMATION Use the Security Network Access Show Information page to display the authenticated MAC addresses stored in the secure M...

Страница 271: ...nticated the MAC address Time The time when the MAC address was last authenticated Attribute Indicates a static or dynamic address WEB INTERFACE To display the authenticated MAC addresses stored in th...

Страница 272: ...CES Web Server on page 678 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Страница 273: ...enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used for HTTPS connection to the switch s web interface Default Port 443 WEB INTERFACE T...

Страница 274: ...ult certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and transfer them to the switch to replace the default unrec...

Страница 275: ...l and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SSH can a...

Страница 276: ...0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 595664104869...

Страница 277: ...he client s public key to those stored in memory c If a match is found the switch uses its secret key to generate a random 256 bit string as a challenge encrypts this string with the user s public key...

Страница 278: ...he web interface SSH Server Status Allows you to enable disable the SSH server on the switch Default Disabled Version The Secure Shell version number Version 2 0 is displayed but the switch supports m...

Страница 279: ...rating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the section Importing User Public Keys on page 281 NOTE A host...

Страница 280: ...select this item prior to generating the host key pair Default Disabled WEB INTERFACE To generate the SSH host key pair 1 Click Security SSH 2 Select Configure Host Key from the Step list 3 Select Gen...

Страница 281: ...ame This drop down box selects the user who s public key you wish to manage Note that you must first create users on the User Accounts page see Configuring User Accounts on page 261 User Key Type The...

Страница 282: ...name and the public key type from the respective drop down boxes input the TFTP server IP address and the public key source file name 5 Click Apply Figure 148 Copying the SSH User s Public Key To disp...

Страница 283: ...other more specific criteria This switch tests ingress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matche...

Страница 284: ...web interface Add Time Range Name Name of a time range Range 1 30 characters Add Rule Time Range Name of a time range Mode Absolute Specifies a specific time or time range Start End Specifies the hour...

Страница 285: ...t 3 Select Show from the Action list Figure 151 Showing a List of Time Ranges To configure a rule for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Add Ru...

Страница 286: ...the Step list 3 Select Show Rule from the Action list Figure 153 Showing the Rules Configured for a Time Range SETTING THE ACL NAME AND TYPE Use the Security ACL Configure ACL Add page to create an A...

Страница 287: ...rs packets based on the source or destination IP address as well as the type of the next header and the flow label i e a request for special handling by IPv6 routers MAC MAC ACL mode filters packets b...

Страница 288: ...bination of permit or deny rules Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a...

Страница 289: ...address and the mask for an address range 9 Click Apply Figure 156 Configuring a Standard IPv4 ACL CONFIGURING AN EXTENDED IPV4 ACL Use the Security ACL Configure ACL Add Rule IP Extended page to con...

Страница 290: ...tes a specific protocol number 0 255 Options TCP UDP Others Default TCP Service Type Packet priority settings based on the following criteria ToS Type of Service level Range 0 15 Precedence IP precede...

Страница 291: ...elect Add Rule from the Action list 4 Select IP Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or...

Страница 292: ...fy a range of addresses Options Any Host IPv6 prefix Default Any Source IPv6 Address An IPv6 source address or network class The address must be formatted according to RFC 2373 IPv6 Addressing Archite...

Страница 293: ...elects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permit or deny rules Destination Address Type Spec...

Страница 294: ...sts special handling by IPv6 routers such as non default quality of service or real time service see RFC 2460 Range 0 1048575 A flow label is assigned to a flow by the flow s source node New flow labe...

Страница 295: ...ct IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefix 8 If you select Host enter a spe...

Страница 296: ...dress range with the Address and Bit Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for sour...

Страница 297: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific address e g 11 22 33 44...

Страница 298: ...ss Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses wi...

Страница 299: ...e list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If you select Host enter a specific address e g 11 22 33 44 55 6...

Страница 300: ...roup on page 759 mac access group on page 763 show mac access group on page 764 Time Range on page 625 COMMAND USAGE This switch supports ACLs for ingress filtering only You only bind one ACL to any p...

Страница 301: ...g database see DHCP Snooping Configuration on page 329 This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs ARP Inspection can also validate ARP...

Страница 302: ...EFERENCES ARP Inspection on page 738 COMMAND USAGE ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the following validations enables ARP Inspectio...

Страница 303: ...e oldest entry will be replaced with the newest entry PARAMETERS These parameters are displayed in the web interface ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspecti...

Страница 304: ...N and to specify the ARP ACL to use CLI REFERENCES ARP Inspection on page 738 COMMAND USAGE ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disable...

Страница 305: ...any configured ARP ACLs Default None Static When an ARP ACL is selected and static mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings...

Страница 306: ...ss all ARP Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limi...

Страница 307: ...nspection rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Cou...

Страница 308: ...o show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 745 PARAMETERS These parameters are displ...

Страница 309: ...lt Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the s...

Страница 310: ...SNMP group Telnet Configures IP address es for the Telnet group Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTERFACE To crea...

Страница 311: ...ess table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can auto...

Страница 312: ...e taken when a port security violation is detected None No action should be taken This is the default Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap messa...

Страница 313: ...enticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verif...

Страница 314: ...nd client also have to support the same EAP authentication type MD5 PEAP TLS or TTLS Native support for these encryption methods is provided in Windows XP and in Windows 2000 with Service Pack 4 To su...

Страница 315: ...ches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the edge of the network When this device is functioning as an edge swit...

Страница 316: ...he web interface Port Port number Status Indicates if authentication is enabled or disabled on the port The status is disabled if the control mode is set to Force Authorized Authorized Displays the 80...

Страница 317: ...Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Supplicant Timeout Sets the time that a switch...

Страница 318: ...unt Number of times connecting state is re entered Current Identifier Identifier sent in each EAP Success Failure or Request packet by the Authentication Server Backend State Machine State Current sta...

Страница 319: ...CHAPTER 13 Security Measures Configuring 802 1X Port Authentication 319 Figure 173 Configuring Interface Settings for 802 1X Port Authenticator...

Страница 320: ...pe that have been received by this Authenticator Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Authenticator Rx Last EAPOLSrc The source MAC addr...

Страница 321: ...d see DHCP Snooping on page 326 IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network This section describes command...

Страница 322: ...9 IP source guard will check the VLAN ID source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is static IP s...

Страница 323: ...ype for each port 3 Click Apply Figure 175 Setting the Filter Type for IP Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Security IP Source Guard Static Configuration page to bin...

Страница 324: ...c IP source guard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed in the web interface Port The port to which a static entry is bound VLAN ID...

Страница 325: ...e CLI REFERENCES show ip dhcp snooping binding on page 732 PARAMETERS These parameters are displayed in the web interface Query by Port A port on this switch VLAN ID of a configured VLAN Range 1 4093...

Страница 326: ...ion to a DHCP server This information can be useful in tracking an IP address back to a physical port COMMAND USAGE DHCP Snooping Process Network traffic may be disrupted when malicious DHCP messages...

Страница 327: ...only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address ve...

Страница 328: ...by the switch and in reply packets sent back from the DHCP server This information may specify the MAC address or IP address of the requesting device that is the switch in this context By default the...

Страница 329: ...Option 82 information relay Default Disabled DHCP Snooping Information Option Policy Specifies how to handle DHCP client request packets which already contain Option 82 information Drop Drops the clie...

Страница 330: ...c VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned...

Страница 331: ...e the network or fire wall When DHCP snooping is enabled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed to...

Страница 332: ...g to the client Lease Time seconds The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN...

Страница 333: ...NTERFACE To display the binding table for DHCP Snooping 1 Click Security IP Source Guard DHCP Snooping 2 Select Show Information from the Step list 3 Use the Store or Clear function if required Figure...

Страница 334: ...CHAPTER 13 Security Measures DHCP Snooping 334...

Страница 335: ...ONFIGURING EVENT LOGGING The switch allows you to control the logging of error messages including the type of events that are recorded in switch memory logging to a remote System Log syslog server and...

Страница 336: ...nge 0 7 Default 7 NOTE The Flash Level must be equal to or less than the RAM Level WEB INTERFACE To configure the logging of error messages to system memory 1 Click Administration Log System 2 Select...

Страница 337: ...ss memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Figure 184 Showing Error Messages Looged to System Memory REMOTE LOG CONFIGURATION Use the Administrati...

Страница 338: ...storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Level Limits log messages that are sent to the remote syslog server for all levels up to the specified level For exa...

Страница 339: ...nts at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Default Level 7 Email Source Address Sets the email...

Страница 340: ...capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers SETTING LLDP TIMING ATTRIBUTES Use the Adminis...

Страница 341: ...nges are reported in each transmission This attribute must comply with the rule 4 Delay Interval Transmission Interval Reinitialization Delay Configures the delay before attempting to re initialize af...

Страница 342: ...he transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the...

Страница 343: ...by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Port Description The port description is taken from the ifDescr objec...

Страница 344: ...gregation capabilities aggregation status of the link and the IEEE 802 3 aggregated port identifier if this interface is currently a link aggregation member Max Frame Size The maximum frame size See C...

Страница 345: ...Identifies the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to i...

Страница 346: ...the local system Interface Settings The attributes listed below apply to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Trunk Des...

Страница 347: ...tion about devices connected directly to the switch s ports which are advertising information through LLDP or to display detailed information about an LLDP enabled device connected to a specific port...

Страница 348: ...stem Description A textual description of the network entity Management Address The IPv4 address of the remote device If no management address is available the address should be the MAC address for th...

Страница 349: ...Identity List Information about particular protocols that are accessible through a port This object represents an arbitrary local integer value used by this agent to identify a particular protocol ide...

Страница 350: ...airs only are in use Remote Power MDI Supported Shows whether MDI power is supported on the given port associated with the remote system Remote Power Pair Controlable Indicates whether the pair select...

Страница 351: ...ggregation state and or it does not support link aggregation this value should be zero Port Details 802 3 Extension Frame Information Remote Max Frame Size An integer value indicating the maximum supp...

Страница 352: ...capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 966 PARAMETERS These parameters a...

Страница 353: ...es as well as any specific usage rules defined for the particular TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Fra...

Страница 354: ...d to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain softw...

Страница 355: ...n as views The switch has a default view all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and levels available and the system def...

Страница 356: ...p page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want...

Страница 357: ...required trap types 4 Click Apply Figure 195 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engin...

Страница 358: ...decimal characters 5 Click Apply Figure 196 Configuring the Local Engine ID for SNMP SPECIFYING A REMOTE ENGINE ID Use the Administration SNMP Configure Engine Add Remote Engine page to configure a en...

Страница 359: ...9 is equivalent to 1234567890 Remote IP Host The IP address of a remote management station which is using the specified engine ID WEB INTERFACE To configure a remote SNMP engine ID 1 Click Administrat...

Страница 360: ...er of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the obj...

Страница 361: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 200 Showing SNMP...

Страница 362: ...an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Страница 363: ...ations This is the default security level AuthNoPriv SNMP communications use authentication but the data is not encrypted AuthPriv SNMP communications use both authentication and encryption Read View...

Страница 364: ...of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be generated RMON Events V2 risingAlarm 1 3 6 1 2 1 16 0 1 The SNMP trap that i...

Страница 365: ...p is sent when a networkAccessPortLinkDetection event is triggered swCpuUtiRisingNotification 1 3 6 1 4 1 259 10 1 5 2 1 0 107 This notification indicates that the CPU utilization crossed cpuUtiRising...

Страница 366: ...SNMP v1 and v2c For security reasons you should consider removing the default strings CLI REFERENCES snmp server community on page 630 PARAMETERS These parameters are displayed in the web interface C...

Страница 367: ...lect Add Community from the Action list 4 Add new community strings as required and select the corresponding access rights from the Access Mode list 5 Click Apply Figure 205 Setting Community Access S...

Страница 368: ...nge 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups assigned to the SNMP security model noAuthNoPriv...

Страница 369: ...or authPriv then an authentication protocol and password must be specified If the security level is authPriv a privacy password must also be specified 5 Click Apply Figure 207 Configuring Local SNMPv...

Страница 370: ...age 372 and Specifying a Remote Engine ID on page 358 PARAMETERS These parameters are displayed in the web interface User Name The name of user connecting to the SNMP agent Range 1 32 characters Group...

Страница 371: ...it to a group Enter the IP address to identify the source of SNMPv3 inform messages sent from the local switch If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv...

Страница 372: ...which include a request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because t...

Страница 373: ...efining it in the Configure User Add Community page UDP Port Specifies the UDP port number used by the trap manager Default 162 SNMP Version 2c IP Address IP address of a new management station to rec...

Страница 374: ...ange 0 2147483647 centiseconds Default 1500 centiseconds Retry times The maximum number of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 3 Local U...

Страница 375: ...P communications use both authentication and encryption WEB INTERFACE To configure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action lis...

Страница 376: ...o specified events on an independent basis This switch is an RMON capable device which can independently perform a wide range of tasks significantly reducing network management traffic It can continuo...

Страница 377: ...rm is triggered it will not be triggered again until the statistical value crosses the opposite bounding threshold and then back across the trigger threshold CLI REFERENCES Remote Monitoring Commands...

Страница 378: ...alue is less than or equal to the falling threshold and the last sample value was greater than this threshold then an alarm will be generated After a falling event has been generated another such even...

Страница 379: ...Monitoring 379 Figure 215 Configuring an RMON Alarm To show configured RMON alarms 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Show from the Action list 4 Click...

Страница 380: ...the web interface Index Index to this entry Range 1 65535 Type Specifies the type of event to initiate None No event is generated Log Generates an RMON log entry when the event is triggered Log messag...

Страница 381: ...list 4 Click Event 5 Enter an index number the type of event to initiate the community string to send with trap messages the name of the person who created this event and a brief description of the ev...

Страница 382: ...nds on page 649 COMMAND USAGE Each index number equates to a port on the switch If history collection is already enabled on an interface the entry must be deleted before any changes can be made The in...

Страница 383: ...Select Add from the Action list 4 Click History 5 Select a port from the list as the data source 6 Enter an index number the sampling interval the number of buckets to use and the name of the owner f...

Страница 384: ...the list 5 Click History Figure 221 Showing Collected RMON History Samples CONFIGURING RMON STATISTICAL SAMPLES Use the Administration RMON Configure Interface Add Statistics page to collect statistic...

Страница 385: ...ntry Range 1 65535 Owner Name of the person who created this entry Range 1 127 characters WEB INTERFACE To enable regular sampling of statistics on a port 1 Click Administration RMON 2 Select Configur...

Страница 386: ...ure 223 Showing Configured RMON Statistical Samples To show collected RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from th...

Страница 387: ...security and data isolation OVERVIEW Multicasting is used to support real time applications such as video conferencing or streaming audio A multicast server does not have to establish a separate conn...

Страница 388: ...embers but also supports the Protocol Independent Multicasting PIM routing protocol required to forward multicast traffic to other subnets page 1090 You can also configure a single network wide multic...

Страница 389: ...ded by IGMPv3 snooping is in keeping track of information about the specific multicast sources which downstream IGMPv3 hosts have requested or refused The switch maintains information about both multi...

Страница 390: ...ached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 391 Static IGMP Router Interface If IGMP snooping cannot locate...

Страница 391: ...ut the VLAN if unregistered flooding is enabled see Unregistered Data Flood in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they...

Страница 392: ...nd all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolicited re...

Страница 393: ...queries that do not contain the Router Alert option Unregistered Data Flooding Floods unregistered multicast traffic into the attached VLAN Default Disabled Once the table used to store multicast ent...

Страница 394: ...less of the snooping version employed Querier Status When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traffic This feature is no...

Страница 395: ...te interfaces within the switch CLI REFERENCES Static Multicast Routing on page 922 PARAMETERS These parameters are displayed in the web interface VLAN Selects the VLAN which is to propagate all multi...

Страница 396: ...ing protocol such as PIM to support IP multicasting across the Internet These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch To show all the i...

Страница 397: ...19 COMMAND USAGE Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within t...

Страница 398: ...Select the VLAN for which to display this information Figure 232 Showing Static Interfaces Assigned to a Multicast Service To display information about all multicast groups IGMP Snooping or multicast...

Страница 399: ...t routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast source and group membership messages MRD...

Страница 400: ...acefully shut down Advertisement and Termination messages are sent to the All Snoopers multicast address Solicitation messages are sent to the All Routers multicast address NOTE MRD messages are flood...

Страница 401: ...able fixed at 2 as defined in RFC 2236 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should only be enabled on an interfac...

Страница 402: ...o proxy general queries Range 10 31744 tenths of a second Default 10 seconds This attribute applies when the switch is serving as the querier page 391 or as a proxy host when IGMP snooping proxy repor...

Страница 403: ...dress in IGMP reports sent to upstream ports Many hosts do not implement RFC 4541 and therefore do not understand query messages with the source address of 0 0 0 0 These hosts will therefore not reply...

Страница 404: ...AMETERS These parameters are displayed in the web interface VLAN An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address Group Address IP mu...

Страница 405: ...or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast gro...

Страница 406: ...nooping Filter Add page to create an IGMP profile and set its access mode Then use the Add Multicast Group Range page to configure the multicast groups to filter CLI REFERENCES IGMP Filtering and Thro...

Страница 407: ...ange of multicast groups End Multicast IP Address Specifies the ending address of a range of multicast groups WEB INTERFACE To create an IGMP filter profile and set its access mode 1 Click Multicast I...

Страница 408: ...ofile to configure and add a multicast group address or range of addresses 4 Click Apply Figure 240 Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an...

Страница 409: ...s are displayed in the web interface Interface Port or trunk identifier An IGMP profile or throttling setting can be applied to a port or trunk When ports are configured as trunk members the trunk use...

Страница 410: ...hich need to forward multicast traffic Layer 3 IGMP Query as described below is used in conjunction with both Layer 2 IGMP Snooping and multicast routing IGMP This protocol includes a form of multicas...

Страница 411: ...n edge switches greatly reduces the processing load on those devices by not having to run more complicated multicast routing protocols such as PIM It also makes the proxy devices independent of the mu...

Страница 412: ...oxy settings described in this section 4 Optional Indicate how often the system will send unsolicited reports to the upstream router using the Multicast IGMP Proxy page as described later in this sect...

Страница 413: ...ould transmit unsolicited IGMP reports Range 1 65535 seconds Default 400 seconds WEB INTERFACE To configure IGMP Proxy Routing 1 Click Multicast IGMP Proxy 2 Select the upstream interface enable the I...

Страница 414: ...web interface VLAN VLAN interface bound to a primary IP address Range 1 4093 IGMP Protocol Status Enables IGMP including IGMP query functions on a VLAN interface Default Disabled When a multicast rou...

Страница 415: ...bursty as host responses are spread out over a larger interval The number of seconds represented by the maximum response interval must be less than the Query Interval Last Member Query Interval The f...

Страница 416: ...tatically mapped this group to a specific source address Also if an address outside of the SSM address range is specified and a specific source address is included in the command the request to join t...

Страница 417: ...1 Click Multicast IGMP Static Group 2 Select Add from the Action list 3 Select a VLAN interface to be assigned as a static multicast group member and then specify the multicast group If source specifi...

Страница 418: ...AN identifier The selected entry must be a configured IP interface Range 1 4093 Group Address IP multicast group address with subscribers directly attached or downstream from the switch Last Reporter...

Страница 419: ...ed in the source list parameter and for any other sources where the source timer status has expired Group Source List A list of zero or more IP unicast addresses from which multicast reception is desi...

Страница 420: ...ross a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers This protocol can significantly reduce to processing overhead required to dynamically m...

Страница 421: ...the multicast group to the participating interfaces see Assigning Static Multicast Groups to Interfaces on page 427 Although MVR operates on the underlying mechanism of IGMP snooping the two features...

Страница 422: ...members of the MVR VLAN see Adding Static Members to VLANs on page 158 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether o...

Страница 423: ...ayed in the web interface MVR Group IP IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default no groups are assigned to the MVR VLAN Any multicast data sent to this address is s...

Страница 424: ...ulticast groups assigned to the MVR VLAN 1 Click Multicast MVR 2 Select Configure Group Range from the Step list 3 Select Show from the Action list Figure 253 Showing the Configured Group Range for MV...

Страница 425: ...e ports Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled t...

Страница 426: ...switch MVR status for receiver ports is Active only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface I...

Страница 427: ...ess Defines a multicast service sent to the selected port Multicast groups must be assigned from the MVR group range configured on the Configure General page WEB INTERFACE To assign a static MVR group...

Страница 428: ...interface Group IP Address Multicast groups assigned to the MVR VLAN Source IP Address Indicates the source address of the multicast service or displays an asterisk if the group address has been stat...

Страница 429: ...CHAPTER 15 Multicast Filtering Multicast VLAN Registration 429 Figure 257 Showing All MVR Groups Assigned to a Port...

Страница 430: ...CHAPTER 15 Multicast Filtering Multicast VLAN Registration 430...

Страница 431: ...can direct the device to obtain an address from a BOOTP or DHCP server or manually configure a static IP address Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anythi...

Страница 432: ...ore than one IP subnet can be accessed through this interface For initial configuration set this parameter to Primary Options Primary Secondary Default Primary Note that a secondary address cannot be...

Страница 433: ...3 Select any configured VLAN and set IP Address Mode to BOOTP or DHCP 4 Click Apply to save your changes IP will be enabled but will not function until a BOOTP or DHCP reply is received Requests are b...

Страница 434: ...t you will lose management access to the switch In this case you can reboot the switch or submit a client request to restart DHCP service via the CLI If the address assigned by DHCP is no longer funct...

Страница 435: ...g traffic between VLANs with different IP interfaces and routing traffic to external IP networks However when the switch is first booted default routing can only forward traffic between local IP inter...

Страница 436: ...placing destination source MAC addresses for each hop Incrementing the hop count Decrementing the time to live Verifying and recalculating the Layer 3 checksum If the destination node is on the same s...

Страница 437: ...ready there the switch broadcasts an ARP packet to all the ports on the destination VLAN to find out the destination MAC address After the MAC address is discovered the packet is reformatted and sent...

Страница 438: ...ted to that interface and allows you to send IP packets to or from the router You can specify the IP subnets connected directly to this router by manually assigning an IP address to each VLAN or using...

Страница 439: ...unt Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 512 bytes The actual packet size will be eight bytes larger than the size specified because the switch adds he...

Страница 440: ...the maximum timeout TTL is exceeded or the maximum number of hops is exceeded The trace route function first sends probe datagrams with the TTL value set at one This causes the first router to discard...

Страница 441: ...hop to the next ARP is used to map an IP address to a physical layer i e MAC address When an IP frame is received by this router or any standards based router it first looks up the MAC address corresp...

Страница 442: ...st for its own IP address it will send back a response and also cache the MAC of the source device s IP address BASIC ARP CONFIGURATION Use the IP ARP Configure General page to specify the timeout for...

Страница 443: ...specified VLAN interfaces allowing a non routing device to determine the MAC address of a host on another subnet or network Default Disabled End stations that require Proxy ARP must view the entire n...

Страница 444: ...used if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Static en...

Страница 445: ...NAMIC OR LOCAL ARP ENTRIES The ARP cache contains static entries and entries for local interfaces including subnet host and broadcast addresses However most entries will be dynamically learned through...

Страница 446: ...P Show Information page to display statistics for ARP messages crossing all interfaces on this router CLI REFERENCES show ip traffic on page 1023 PARAMETERS These parameters are displayed in the web i...

Страница 447: ...to a subnet rather than using dynamic routing Static routes do not automatically change in response to changes in network topology so you should only configure a small number of stable routes to ensur...

Страница 448: ...P address of the next router hop used for this route Distance An administrative distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic rout...

Страница 449: ...e interface identifier and next hop information for each reachable destination network prefix based on the IP routing table When routing or topology changes occur in the network the routing table is u...

Страница 450: ...isplay the routing table 1 Click IP Routing Routing Table 2 Select Show Information from the Action List Figure 273 Displaying the Routing Table EQUAL COST MULTIPATH ROUTING Use the IP Routing Routing...

Страница 451: ...paths have the same lowest cost the static paths have precedence over dynamic paths Each path toward the same destination with equal cost takes up one entry in the routing table to record routing inf...

Страница 452: ...he maximum ECMP number 1 Click IP Routing Routing Table 2 Select Configure ECMP Number from the Action List 3 Enter the maximum number of equal cost paths used to route traffic to the same destination...

Страница 453: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Страница 454: ...has a higher priority than the currently active master router CLI REFERENCES VRRP Commands on page 995 COMMAND USAGE Address Assignment To designate a specific router as the VRRP master the IP addres...

Страница 455: ...e virtual IP address Owner is the highest the original master router will always become the active master router when it recovers If two or more routers are configured with the same VRRP priority the...

Страница 456: ...rmation about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be proces...

Страница 457: ...n the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded State VRRP router role Values M...

Страница 458: ...nfigure Group ID from the Step List 3 Select Show from the Action List Figure 279 Showing Configured VRRP Groups To configure the virtual router address for a VRRP group 1 Click IP VRRP 2 Select Confi...

Страница 459: ...Configure Group ID from the Step List 3 Select Show IP Addresses from the Action List Figure 281 Showing the Virtual Addresses Assigned to VRRP Groups To configure detailed settings for a VRRP group...

Страница 460: ...e parameters are displayed in the web interface VRRP Packets with Invalid Checksum The total number of VRRP packets received with an invalid VRRP checksum value VRRP Packets with Unknown Error The tot...

Страница 461: ...to master Received Advertisement Packets Number of VRRP advertisements received by this router Received Error Advertisement Interval Packets Number of VRRP advertisements received for which the advert...

Страница 462: ...n the type field Received Error Address List VRRP Packets Number of packets received for which the address list does not match the locally configured list for the virtual router Received Invalid Authe...

Страница 463: ...tion to other name servers on the network When a client device designates this switch as a DNS server the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the s...

Страница 464: ...the default domain name 4 Click Apply Figure 285 Configuring General Settings for DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of dom...

Страница 465: ...466 PARAMETERS These parameters are displayed in the web interface Domain Name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters...

Страница 466: ...l a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status PARAME...

Страница 467: ...Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are displayed in th...

Страница 468: ...ACHE Use the IP Service DNS Cache page to display entries in the DNS cache that have been learned via the designated name servers CLI REFERENCES show dns cache on page 976 COMMAND USAGE Servers or oth...

Страница 469: ...N PROTOCOL Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they boot up If a subnet does not already include...

Страница 470: ...erver to the client Figure 293 Layer 3 DHCP Relay Service CLI REFERENCES ip dhcp relay server on page 980 ip dhcp restart relay on page 981 COMMAND USAGE You must specify the IP address for at least o...

Страница 471: ...er code or MAC address Figure 295 DHCP Server COMMAND USAGE First configure any excluded addresses including the address for this switch Then configure address pools for the network interfaces You can...

Страница 472: ...ling the DHCP Server SETTING EXCLUDED ADDRESSES Use the IP Service DHCP Server Configure Excluded Addresses Add page to specify the IP addresses that should not be assigned to clients CLI REFERENCES i...

Страница 473: ...7 Configuring Excluded Addresses on the DHCP Server To show the IP addresses excluded for DHCP clients 1 Click IP Service DHCP Server 2 Select Configure Excluded Addresses from the Step list 3 Select...

Страница 474: ...ddress pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hardware address for DHCP cli...

Страница 475: ...WINS name server used for Microsoft DHCP clients Netbios Type NetBIOS node type for Microsoft DHCP clients Options Broadcast Hybrid Mixed Peer to Peer Default Hybrid Domain Name The domain name of the...

Страница 476: ...otocol 476 6 Click Apply Figure 299 Configuring DHCP Server Address Pools Network Figure 300 Configuring DHCP Server Address Pools Host To show the configured DHCP address pools 1 Click IP Service DHC...

Страница 477: ...s DHCP server CLI REFERENCES show ip dhcp binding on page 993 PARAMETERS These parameters are displayed in the web interface IP Address IP address assigned to host MAC Address MAC address of host Lea...

Страница 478: ...o forward broadcast packets for specified UDP application ports to remote servers located in another network segment To configure UDP helper enable it globally see Configuring General DNS Service Para...

Страница 479: ...ce Destination UDP Port UDP application port for which UDP service requests are forwarded Range 1 65535 The following UDP ports are inlcuded in the forwarding list when the UDP helper is enabled and a...

Страница 480: ...ed UDP broadcast packets are forwarded CLI REFERENCES ip helper address on page 1017 COMMAND USAGE Up to 20 helper addresses can be specified To forward UDP packets with the UDP helper the clients mus...

Страница 481: ...by default as described on page 479 PARAMETERS These parameters are displayed in the web interface VLAN ID VLAN identifier Range 1 4093 IP Address Host address or directed broadcast address to which U...

Страница 482: ...CHAPTER 19 IP Services Forwarding UDP Service Requests 482 Figure 307 Showing the Target Server or Subnet for UDP Requests...

Страница 483: ...ate of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to learn consistent tables of n...

Страница 484: ...Just as Layer 2 switches use the Spanning Tree Algorithm to prevent loops routers also use methods for preventing loops that would cause endless retransmission of data traffic RIP utilizes the follow...

Страница 485: ...mation Protocol RIP on page 1024 COMMAND USAGE RIP is used to specify how routers exchange routing information When RIP is enabled on this router it sends RIP messages to all devices in the network ev...

Страница 486: ...and the router learns about the same external network with a better metric from a redistribution point other than that derived from the original source The default metric does not override the metric...

Страница 487: ...outing protocol less sensitive to changes in the network configuration Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessib...

Страница 488: ...ntire RIP network redistribute connected routes using the Routing Protocol RIP Redistribute screen page 493 to make the RIP network a connected route To delete the RIP routes learned from neighbors bu...

Страница 489: ...l 2 Select Clear Route from the Action list 3 When clearing routes by type select the required type from the drop down list When clearing routes by network enter a valid network address and prefix len...

Страница 490: ...the network portion of the address This mask identifies the network address bits used for the associated routing entries By VLAN Adds a Layer 3 VLAN to the RIP routing process The VLAN must be config...

Страница 491: ...n interface the attached subnet will still continue to be advertised to other interfaces and updates from other routers on the specified interface will continue to be received and processed This featu...

Страница 492: ...h a static neighbor specifically for point to point links rather than relying on broadcast or multicast messages generated by the RIP protocol This feature can be used in conjunction with the passive...

Страница 493: ...ing Protocol RIP Redistribute Add page to import external routing information from other routing domains that is directly connected routes protocols or static routes into this autonomous system CLI RE...

Страница 494: ...ed to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follow an imported route the maximum number of hops allowed with...

Страница 495: ...rding to the IP address of the router supplying the routing information For example to filter out unreliable routing information from routers not under your administrative control The administrative d...

Страница 496: ...ion 4 Click Apply Figure 319 Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols 1 Click Routing Protocol RIP Distanc...

Страница 497: ...d by RIPv2 including subnet mask next hop and authentication information This is the default setting Use Do Not Send to passively monitor route information advertised by other routers attached to the...

Страница 498: ...se parameters are displayed in the web interface VLAN ID Layer 3 VLAN interface This interface must be configured with an IP address and have an active link Range 1 4093 Send Version The RIP version t...

Страница 499: ...ame password Range 1 16 characters case sensitive Instability Prevention Specifies the method used to reduce the convergence time when the network topology changes and to prevent RIP protocol messages...

Страница 500: ...S Use the Routing Protocol RIP Statistics Show Interface Information page to display information about RIP interface configuration settings CLI REFERENCES show ip rip on page 1041 PARAMETERS These par...

Страница 501: ...rmation page to display information on neighboring RIP routers CLI REFERENCES show ip protocols rip on page 1040 PARAMETERS These parameters are displayed in the web interface Peer Address IP address...

Страница 502: ...OSPF is more suited for large area networks which experience frequent changes in the links It also handles subnets much better than RIP OSPF protocol actively tests the status of each link to its neig...

Страница 503: ...protocol message authentication and the addition of a point to multipoint interface which allows OSPF to run over non broadcast networks as well as support for overlapping area ranges When using OSPF...

Страница 504: ...d areas and external links to other areas Use the Routing Protocol OSPF Network Area Add page to define an OSPF area and the interfaces that operate within this area An autonomous system must be confi...

Страница 505: ...responding address range forms a routing interface and can be configured to aggregate LSAs from all of its subnetwork addresses and exchange this information with other routers in the network as descr...

Страница 506: ...at is contiguous with all the other areas in the network and configure an area for all of the other OSPF interfaces 4 Click Apply Figure 328 Defining OSPF Network Areas Based on Addresses To to show t...

Страница 507: ...OSPF this router should use RFC 1583 early OSPFv2 compatibility mode to ensure that all routers are using the same RFC for calculating summary route costs Enable this field to force the router to cal...

Страница 508: ...h faster but uses more CPU processing time Default Metric The default metric for external routes imported from other protocols Range 0 16777214 Default 20 A default metric must be used to resolve the...

Страница 509: ...advertisements add the internal cost to the external route metric Type 2 routes do not add the internal cost metric When comparing Type 2 routes the internal cost is only used as a tie breaker if seve...

Страница 510: ...eter Description Router ID Type Indicates if the router ID was manually configured or automatically generated by the system Rx LSAs The number of link state advertisements that have been received Orig...

Страница 511: ...a separate routing database for each area ASBR Status Autonomous System Boundary Router Indicates if this router exchanges routing information with boundary routers in other autonomous systems to whic...

Страница 512: ...col OSPF Network Area Add page Range 1 65535 Area ID Identifier for a not so stubby area NSSA or stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from...

Страница 513: ...BR An NSSA is similar to a stub It blocks most external routing information and can be configured to advertise a single default route for traffic passing between the NSSA and other areas within the au...

Страница 514: ...own area and then leaked to adjacent areas Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned through OSPF the default route static routes route...

Страница 515: ...BR it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using this option Metric Type Type 1 or Type 2 external routes W...

Страница 516: ...icantly reduce the amount of topology data that has to be exchanged over the network Figure 338 OSPF Stub Area By default a stub can only pass traffic to other areas in the autonomous system through t...

Страница 517: ...ched stub Summary Controls the use of summary routes Summary Allows an Area Border Router ABR to send a summary link advertisement into the stub area No Summary Stops an ABR from sending a summary lin...

Страница 518: ...en see page 504 Area ID Identifier for a not so stubby area NSSA or stub SPF Runs The number of times the Shortest Path First algorithim has been run for this area ABR Count The number of Area Border...

Страница 519: ...Route Summarization for ABRs CLI REFERENCES router ospf on page 1043 area range on page 1049 COMMAND USAGE Use the Area Range configuration page to summarize intra area routes and advertise this info...

Страница 520: ...es whether or not to advertise the summary route If the routes are set to be advertised the router will issue a Type 3 summary LSA for each specified address range If the summary is not advertised the...

Страница 521: ...orts redistribution for all currently connected routes entries learned through RIP and static routes When you redistribute external routes into an OSPF autonomous system AS the router automatically be...

Страница 522: ...signed to all external routes for the specified protocol Range 1 65535 Default 10 The metric value specified for redistributed routes supersedes the Default External Metric specified in the Routing Pr...

Страница 523: ...ute individually in an external LSA as described in the preceding section The reduce the numer of protocol messages required to redistribute these external routes an Autonomous System Boundary Router...

Страница 524: ...rtising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 519 This router supports up 20 Type 5 summary routes PARAMETERS These parameters...

Страница 525: ...assign an interface address range to an OSPF area After assigning a routing interface to an OSPF area use the Routing Protocol OSPF Interface Configure by VLAN or Configure by Address page to configur...

Страница 526: ...o prevent a router from being elected as a DR or BDR If set to any value other than zero the router with the highest priority becomes the DR and the router with the next highest priority becomes the B...

Страница 527: ...d trip delay between any two routers on the attached network to avoid unnecessary retransmissions Authentication Type Specifies the authentication type used for an interface Options None Simple MD5 De...

Страница 528: ...incoming packets Neighbor routers must use the same key identifier and key value When changing to a new key the router will send multiple copies of all protocol messages one with the old key and anot...

Страница 529: ...s for All Interfaces Assigned to a VLAN To configure interface settings for a specific area assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by Address from the Action lis...

Страница 530: ...LAN To show the configuration settings for OSPF interfaces 1 Click Routing Protocol OSPF Interface 2 Select Show from the Action list 3 Select the VLAN ID Figure 351 Showing OSPF Interfaces To show th...

Страница 531: ...kbone area i e transit area to reach the backbone To define this path you must configure an ABR that serves as an endpoint connecting the isolated area to the common transit area and specify a neighbo...

Страница 532: ...ee page 504 Area ID Identifies the transit area for the virtual link The area ID must be in the form of an IPv4 address or also as a four octet unsigned integer ranging from 0 4294967295 Neighbor Rout...

Страница 533: ...settings for a virtual link 1 Click Routing Protocol OSPF Virtual Link 2 Select Configure Detailed Settings from the Action list 3 Specify the process ID then modify the protocol timers and authentica...

Страница 534: ...zed with neighboring routers through a process called reliable flooding You can show information about different LSAs stored in this router s database which may include any of the following types Rout...

Страница 535: ...s to be displayed Link ID Network portion described by an LSA The Link ID is either An IP network number for Type 3 Summary and Type 5 AS External LSAs When an Type 5 AS External LSA is describing a d...

Страница 536: ...to show the Link State Advertisements LSAs stored in the link state database for virtual links CLI REFERENCES show ip ospf virtual links on page 1081 PARAMETERS These parameters are displayed in the...

Страница 537: ...o message is due This time is determined by the Hello Interval which must be the same for all router attached to a common network Adjacency State The state of the virtual neighbor relationship Down Co...

Страница 538: ...s include Down Connection down Attempt Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional commun...

Страница 539: ...CHAPTER 20 Unicast Routing Configuring the Open Shortest Path First Protocol Version 2 539 3 Select the process identifier Figure 360 Displaying Neighbor Routers Stored in the Link State Database...

Страница 540: ...CHAPTER 20 Unicast Routing Configuring the Open Shortest Path First Protocol Version 2 540...

Страница 541: ...ability of multicast group members is low such as the Internet Also note that if PIM is not enabled on this router or another multicast routing protocol is used on the network the switch ports attache...

Страница 542: ...al network segment to which the host is attached However when the multicast load from a particular source is heavy enough to justify it PIM SM can be configured to construct a Shortest Path Tree SPT d...

Страница 543: ...PIM SM the multicast flow is confined to the shared tree Also note that more than one flow can be carried over the same shared tree but only one RP is responsible for each flow Shortest Path Tree SPT...

Страница 544: ...s IP multicast routing Default Disabled WEB INTERFACE To enable multicast routing 1 Click Multicast Multicast Routing General 2 Enable Multicast Forwarding Status 3 Click Apply Figure 361 Enabling Mul...

Страница 545: ...gister to indicate that a pseudo interface is being used to receive PIM SM register packets This can occur for the Rendezvous Point RP which is the root of the Reverse Path Tree RPT In this case any V...

Страница 546: ...f traffic arriving over the shared tree has exceeded the SPT threshold for this group If the SPT flag is set for G entries the next S G packet received will cause the router to join the shortest path...

Страница 547: ...ticast Routing Table To display detailed information on a specific flow in multicast routing table 1 Click Multicast Multicast Routing Information 2 Select Show Details from the Action List 3 Select a...

Страница 548: ...ssary to the multicast protocol parameters To use PIM multicast routing must be enabled on the switch see Enabling Multicast Routing Globally on page 544 WEB INTERFACE To enable PIM multicast routing...

Страница 549: ...received from a downstream router or if group members are directly connected to the interface When routers want to receive a multicast flow they periodically send join messages to the RP and are subs...

Страница 550: ...prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry PIM SM The multicast interface that first receives a multicast stream from...

Страница 551: ...e hello delay is set to random value between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also...

Страница 552: ...a priority in its hello messages it is assumed to have the highest priority and is elected as the DR If more than one router is not advertising its priority then the router with the highest IP address...

Страница 553: ...CHAPTER 21 Multicast Routing Configuring PIM for IPv4 553 Figure 365 Configuring PIM Interface Settings Dense Mode Figure 366 Configuring PIM Interface Settings Sparse Mode...

Страница 554: ...G GLOBAL PIM SM SETTINGS Use the Routing Protocol PIM SM Configure Global page to configure the rate at which register messages are sent the source of register messages and switchover to the Shortest...

Страница 555: ...gh the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree...

Страница 556: ...ge This router will continue to be the BSR until it receives a bootstrap message from another candidate with a higher priority or a higher IP address if the priorities are the same To improve failover...

Страница 557: ...ge 0 255 Default 0 WEB INTERFACE To configure the switch as a BSR candidate 1 Click Multicast Multicast Routing SM 2 Select BSR Candidate from the Step list 3 Specify the VLAN interface for which this...

Страница 558: ...over the one statically configured All routers within the same PIM SM domain must be configured with the same RP s Selecting an RP through the dynamic election process is therefore preferable for most...

Страница 559: ...RENCES ip pim rp candidate on page 1105 COMMAND USAGE When this router is configured as an RP candidate it periodically sends PIMv2 messages to the BSR advertising itself as a candidate RP for the spe...

Страница 560: ...one of these routers as both the primary BSR and RP PARAMETERS These parameters are displayed in the web interface VLAN Identifier of configured VLAN interface Range 1 4093 Interval The interval at w...

Страница 561: ...Select an interface from the VLAN list Figure 373 Showing Settings for an RP Candidate DISPLAYING THE BSR ROUTER Use the Routing Protocol PIM SM Show Information Show BSR Router page to display Infor...

Страница 562: ...the new BSR s identity and the RP set Accept Preferred The router knows the identity of the current BSR and is using the RP set provided by that BSR Only bootstrap messages from that BSR or from a C B...

Страница 563: ...yed in the web interface Groups A multicast group address RP Address IP address of the RP for the listed multicast group Information Source RP that advertised the mapping how the RP was selected Stati...

Страница 564: ...CHAPTER 21 Multicast Routing Configuring PIM for IPv4 564 Figure 375 Showing RP Mapping...

Страница 565: ...Commands on page 649 Authentication Commands on page 657 General Security Measures on page 707 Access Control Lists on page 747 Interface Commands on page 769 Link Aggregation Commands on page 787 Po...

Страница 566: ...Line Interface 566 Domain Name Service Commands on page 969 DHCP Commands on page 979 VRRP Commands on page 995 IP Interface Commands on page 1005 IP Routing Commands on page 1019 Multicast Routing Co...

Страница 567: ...nsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CL...

Страница 568: ...54 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isola...

Страница 569: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Страница 570: ...ion history Shows history information hosts Host information interfaces Shows interface information ip IP information ipv6 IPv6 information lacp LACP statistics line TTY line information lldp LLDP log...

Страница 571: ...mand and question mark For example s shows all the keywords starting with s Console show s snmp sntp spanning tree ssh startup config subnet vlan system Console show s NEGATING THE EFFECT OF COMMANDS...

Страница 572: ...rompt Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a...

Страница 573: ...ommunity Access Control List Configuration These commands are used for packet filtering Class Map Configuration Creates a DiffServ class map for a specified traffic type IGMP Profile Sets a profile gr...

Страница 574: ...ethernet 1 5 Console config if exit Console config Table 28 Configuration Command Modes Mode Command Prompt Page Access Control List access list ip standard access list ip extended access list mac ac...

Страница 575: ...tart of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor...

Страница 576: ...ltering DHCP requests and replies and discarding invalid ARP responses 707 Access Control List Provides filtering for IPv4 frames based on address protocol TCP UDP port number or TCP control code IPv6...

Страница 577: ...arameters specifies ports attached to a multicast router also configures multicast VLAN registration 903 Link Layer Discovery Protocol Configures LLDP settings to enable information discovery about ne...

Страница 578: ...CHAPTER 22 Using the Command Line Interface CLI Command Groups 578...

Страница 579: ...arts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history buffe...

Страница 580: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 581: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 582: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Страница 583: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 584: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 581 reload Privileged Exec This command restarts the system NOT...

Страница 585: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 586: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 587: ...ersion information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port including baud ra...

Страница 588: ...rmation currently in use COMMAND MODE Privileged Exec COMMAND USAGE Use this command in conjunction with the show startup config command to compare the information in running memory to the information...

Страница 589: ...0000000000000 stackingDB stackingMac 01_00 00 e8 93 82 a0_01 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 00_00 stackingMac stackingMac 00_00 00 00 00 00 0...

Страница 590: ...d displays the following information MAC address for the switch SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration setting...

Страница 591: ...ed Console show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet client DEFAULT SETTING None COMMAND MODE Normal Exec Privileged Exec COMMAND U...

Страница 592: ...rsion 1 00 Number of Ports 24 Main Power Status Up Redundant Power Status Not present Role Master Loader Version 0 0 1 1 Linux Kernel Version 2 6 19 2 0 1 Boot ROM Version 0 0 0 1 Operation Code Versi...

Страница 593: ...system command EXAMPLE Console config jumbo frame Console config FILE MANAGEMENT Managing Firmware Firmware can be uploaded and downloaded to or from an FTP TFTP server By saving runtime code to a fil...

Страница 594: ...equired DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE A colon is required after the specified file type If the file contains an error it cannot be set as the default file EXAMPL...

Страница 595: ...certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See Secure Shell on page 684 running config Keywor...

Страница 596: ...t as the default user name EXAMPLE The following example shows how to download new firmware from a TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcod...

Страница 597: ...certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y This example shows how to copy a public key used by SSH from an TFTP se...

Страница 598: ...LE This example shows how to delete the test2 cfg configuration file from flash memory Console delete test2 cfg Console RELATED COMMANDS dir 598 delete public key 689 dir This command displays a list...

Страница 599: ...onsole whichboot This command displays which files were booted when the system powered up DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the information displayed by the...

Страница 600: ...console Telnet or SSH connections LC databits Sets the number of data bits per character that are interpreted and generated by hardware LC exec timeout Sets the interval that the command interpreter...

Страница 601: ...nfig line RELATED COMMANDS show line 609 show users 591 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to resto...

Страница 602: ...cifies the timeout interval Range 0 65535 seconds 0 no timeout DEFAULT SETTING CLI No timeout Telnet 10 minutes COMMAND MODE Line Configuration COMMAND USAGE If user input is detected within the timeo...

Страница 603: ...mmand When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default sett...

Страница 604: ...as terminals and modems often require a specific parity bit setting EXAMPLE To specify no parity enter this command Console config line parity none Console config line password This command specifies...

Страница 605: ...There is no need for you to manually configure encrypted passwords EXAMPLE Console config line password 0 secret Console config line RELATED COMMANDS login 603 password thresh 605 password thresh Thi...

Страница 606: ...lent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 30 seconds DEFAULT SETTING The default value is no silent time COMMAND MODE Line Configuratio...

Страница 607: ...tion the switch will automatically detect the baud rate configured on the attached terminal and adjust the speed accordingly EXAMPLE To specify 57600 bps enter this command Console config line speed 5...

Страница 608: ...minated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the defa...

Страница 609: ...al for remote console access i e Telnet DEFAULT SETTING Shows all lines COMMAND MODE Normal Exec Privileged Exec EXAMPLE To show all lines enter this command Console show line Console Configuration Pa...

Страница 610: ...64 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding database EXAMPLE Consol...

Страница 611: ...ash errors level 3 0 RAM debugging level 7 0 COMMAND MODE Global Configuration COMMAND USAGE The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Страница 612: ...wed is five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of error messages sending debug or error messages to a logging process The no form disa...

Страница 613: ...le on page 611 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Global Configuration COMMAND USAGE Using this command with a specified level enabl...

Страница 614: ...ry stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE The following examp...

Страница 615: ...ging is enabled the message level for flash memory is errors i e default level 3 0 and the message level for RAM is debugging i e default level 7 0 Console show logging flash Syslog logging Enabled Hi...

Страница 616: ...he logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sys...

Страница 617: ...g DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server To se...

Страница 618: ...D MODE Global Configuration COMMAND USAGE The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7...

Страница 619: ...default value SYNTAX logging sendmail source email email address no logging sendmail source email email address The source email address used in alert messages Range 1 41 characters DEFAULT SETTING N...

Страница 620: ...command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp server command Use the no form to disable SNTP client requests SYNTAX no sntp client...

Страница 621: ...rver 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current Time Dec 23 02 52 44 2002 Poll Interval 60 Current Mode unicast SNTP Status Enabled S...

Страница 622: ...ommand specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It...

Страница 623: ...3 hours after UTC minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of UTC DEFAULT SETT...

Страница 624: ...Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE...

Страница 625: ...of the time range Range 1 30 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE This command sets a time range for use by other functions such as Access Control Lists EXAM...

Страница 626: ...e Range Configuration COMMAND USAGE If a time range is already configured you must use the no form of this command to remove the current entry prior to configuring a new time range EXAMPLE This exampl...

Страница 627: ...weekdays Weekdays weekend Weekends hour Hour in 24 hour format Range 0 23 minute Minute Range 0 59 DEFAULT SETTING None COMMAND MODE Time Range Configuration EXAMPLE This example configures a time ran...

Страница 628: ...CHAPTER 24 System Management Commands Time Range 628...

Страница 629: ...Command Function Mode General SNMP Commands snmp server Enables the SNMP agent GC snmp server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Se...

Страница 630: ...ver community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read...

Страница 631: ...Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 charac...

Страница 632: ...t and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication Enabl...

Страница 633: ...n order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down...

Страница 634: ...conds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string s...

Страница 635: ...t informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to...

Страница 636: ...es an SNMP engine on a remote device ip address The Internet address of the remote device engineid string String identifying the engine ID Range 1 26 hexadecimal characters DEFAULT SETTING A unique en...

Страница 637: ...ineID remote 9876543210 192 168 1 19 Console config RELATED COMMANDS snmp server host 634 snmp server group This command adds an SNMP group mapping SNMP users to SNMP views Use the no form to remove a...

Страница 638: ...rithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages support...

Страница 639: ...password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with pri...

Страница 640: ...nfig snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config snmp server user mark group r d remote 192 168 1 19 v3 auth md5 greenpeace priv des56 einstien Console c...

Страница 641: ...show snmp engine id This command shows the SNMP engine ID COMMAND MODE Privileged Exec EXAMPLE This example shows the default engine ID Console show snmp engine id Local SNMP EngineID 8000002a8000000...

Страница 642: ...latile Row Status active Group Name public Security Model v2c Read View defaultview Write View No writeview specified Notify View No notifyview specified Storage Type volatile Row Status active Group...

Страница 643: ...active Console Notify View The associated notify view Storage Type The storage type for this entry Row Status The row status of this entry Table 48 show snmp group display description Continued Field...

Страница 644: ...on log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification logging is enabled by defa...

Страница 645: ...rameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a mechanism...

Страница 646: ...tain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network management station...

Страница 647: ...s command displays the configured notification logs COMMAND MODE Privileged Exec EXAMPLE This example displays the configured notification logs and associated target hosts Console show snmp notify fil...

Страница 648: ...CHAPTER 25 SNMP Commands 648...

Страница 649: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 650: ...ue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 1 65535 event index The index of the event to use if an alarm is triggered If there...

Страница 651: ...Log messages are processed based on the current configuration settings for event logging see Event Logging on page 610 trap Sends a trap message to all configured trap managers see snmp server host o...

Страница 652: ...rmon collection history index index Index to this entry Range 1 65535 number The number of buckets requested for this entry Range 1 65536 seconds The polling interval Range 1 3600 seconds name Name o...

Страница 653: ...on who created this entry Range 1 127 characters DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE By default each index number equates to a port on the swich but can...

Страница 654: ...ed by steve Description is for r d Event firing causes log and trap to community public last fired 00 00 00 Console show rmon history This command shows the sampling parameters configured for each ent...

Страница 655: ...tistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372 packets 120 broadcast and 2211 multicast packets 0 undersized and 0 oversized packets 0 f...

Страница 656: ...CHAPTER 26 Remote Monitoring Commands 656...

Страница 657: ...uthentication Commands Command Group Function User Accounts Configures the basic user names and passwords for management access Authentication Sequence Defines logon authentication method and preceden...

Страница 658: ...el Maximum length 8 characters plain text 32 encrypted case sensitive DEFAULT SETTING The default is level 15 The default password is super COMMAND MODE Global Configuration COMMAND USAGE You cannot s...

Страница 659: ...encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive DEFAULT SETTING The default access level is Normal Exe...

Страница 660: ...offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS e...

Страница 661: ...e TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to...

Страница 662: ...t port This command sets the RADIUS server network port for accounting messages Use the no form to restore the default SYNTAX radius server acct port port number no radius server acct port port number...

Страница 663: ...ADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a specified server or to restore the default values SYNTAX no radius server index host ho...

Страница 664: ...Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 port 181 timeout 10 retransmit 5 key green Console config radius server key This command sets the RADIUS encryption key Us...

Страница 665: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Страница 666: ...e TACACS CLIENT Terminal Access Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on t...

Страница 667: ...ss for the client Do not use blank spaces in the string Maximum length 48 characters port number TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 10 11 12 13 COMMA...

Страница 668: ...ring Maximum length 48 characters DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config tacacs server key green Console config tacacs server port This command specifies the TAC...

Страница 669: ...uire the use of configured RADIUS or TACACS servers in the network Table 58 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x...

Страница 670: ...rver group to use tacacs Specifies all TACACS hosts configure with the tacacs server host command server group Specifies the name of a server group configured with the aaa group server command Range 1...

Страница 671: ...s accounting from starting point and stopping point group Specifies the server group to use radius Specifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS...

Страница 672: ...ecifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS hosts configure with the tacacs server host command server group Specifies the name of a server group...

Страница 673: ...interim interval enables updates but does not change the current interval setting EXAMPLE Console config aaa accounting update periodic 30 Console config aaa authorization exec This command enables t...

Страница 674: ...zation type applies except those that have a named method explicitly defined EXAMPLE Console config aaa authorization exec default group tacacs Console config aaa group server Use this command to name...

Страница 675: ...host command When specifying the index for a TACACS server that server index must already be defined by the tacacs server host command EXAMPLE Console config aaa group server radius tps Console confi...

Страница 676: ...he aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console config line exit Console config...

Страница 677: ...e user name interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable command level dot1x Displays...

Страница 678: ...efault port SYNTAX ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configuration EXAMPLE Cons...

Страница 679: ...590 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web in...

Страница 680: ...Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 274 Als...

Страница 681: ...nnect to the HTTPS server must specify the port number in the URL in this format https device port_number EXAMPLE Console config ip http secure port 1000 Console config RELATED COMMANDS ip http secure...

Страница 682: ...n count no ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 4 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of four sess...

Страница 683: ...se the no form to disable this function SYNTAX no ip telnet server DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config ip telnet server Console config show ip telnet This...

Страница 684: ...have to generate authentication keys on the switch and enable the SSH server Table 62 Secure Shell Commands Command Function Mode ip ssh authentication retries Specifies the number of retries allowed...

Страница 685: ...e public key for all the SSH client s granted management access to the switch Note that these clients must be configured locally on the switch with the username command The clients are subsequently au...

Страница 686: ...he challenge string computes the MD5 checksum and sends the checksum back to the switch e The switch compares the checksum sent from the client against that computed for the original string it sent If...

Страница 687: ...tires 2 Console config RELATED COMMANDS show ip ssh 691 ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service SYNTAX no ip ssh server DE...

Страница 688: ...size key size The size of server key Range 512 896 bits DEFAULT SETTING 768 bits COMMAND MODE Global Configuration COMMAND USAGE The server key is a private key that is never shared outside the switc...

Страница 689: ...config RELATED COMMANDS exec timeout 602 show ip ssh 691 delete public key This command deletes the specified user s public key SYNTAX delete public key username dsa rsa username Name of an SSH user...

Страница 690: ...you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to...

Страница 691: ...ey from RAM to flash memory SYNTAX ip ssh save host key DEFAULT SETTING Saves both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console ip ssh save host key dsa Console RELATED COMMANDS ip...

Страница 692: ...last string is the encoded modulus EXAMPLE Console show public key host Host RSA 1024 65537 13236940658254764031382795526536375927835525327972629521130241 071942106165575942459093923609695405036277525...

Страница 693: ...r State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Table 64 802 1X Port Authentication Commands Command...

Страница 694: ...through command can be used to forward EAPOL frames from other switches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the...

Страница 695: ...802 1X port authentication globally on the switch Use the no form to restore the default SYNTAX no dot1x system auth control DEFAULT SETTING Disabled COMMAND MODE Global Configuration EXAMPLE Console...

Страница 696: ...Console config if dot1x intrusion action guest vlan Console config if dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the...

Страница 697: ...s multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAGE The max count parameter specified by this com...

Страница 698: ...force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enables...

Страница 699: ...ault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console config...

Страница 700: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Страница 701: ...c interface SYNTAX dot1x re authenticate interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 COMMAND MODE Privileged Exec COMMAND USAGE The re authentication pro...

Страница 702: ...ype Administrative state for port access control Enabled Authenticator or Supplicant Operation Mode Allows single or multiple hosts page 697 Control Mode Dot1x port control mode page 698 Authorized Au...

Страница 703: ...ckend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response...

Страница 704: ...ifier 0 Authenticator PAE State Machine State Authenticated Reauth Count 0 Current Identifier 3 Backend State Machine State Idle Request Count 0 Identifier Server 2 Reauthentication State Machine Stat...

Страница 705: ...nvalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access re...

Страница 706: ...esses for all groups http client Displays IP addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Displays IP addresses for the Telnet group COMMAND MODE Priv...

Страница 707: ...Function Port Security The priority of execution for these filtering commands is Port Security Port Authentication Network Access Access Control Lists DHCP Snooping and then IP Source Guard Configures...

Страница 708: ...ally take action by disabling the port and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTA...

Страница 709: ...o restore the default settings for a response to security violation or for the maximum number of allowed addresses SYNTAX port security action shutdown trap trap and shutdown max mac count address cou...

Страница 710: ...mand to disable port security and reset the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the follow...

Страница 711: ...s guest vlan Specifies the guest VLAN IC network access link detection Enables the link detection feature IC network access link detection link down Configures the link detection feature to detect and...

Страница 712: ...ured by the MAC Address Authenticataion process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host...

Страница 713: ...g network access mac filter 1 mac address 11 22 33 44 55 66 Console config mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re authent...

Страница 714: ...QoS configuration for the port When a user attempts to log into the network with a returned dynamic QoS profile that is different from users already logged on to the same port the user is denied acce...

Страница 715: ...VLAN configuration or they are treated as an authentication failure If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still trea...

Страница 716: ...e effective see the dot1x intrusion action command EXAMPLE Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if network access link detection Use this...

Страница 717: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Страница 718: ...onse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND...

Страница 719: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Страница 720: ...ype attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter U...

Страница 721: ...e Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addres...

Страница 722: ...nit port unit Stack unit Range 1 port Port number Range 1 24 DEFAULT SETTING Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface etherne...

Страница 723: ...ge 1 port Port number Range 1 24 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit mask t...

Страница 724: ...Snooping Commands Command Function Mode ip dhcp snooping Enables DHCP snooping globally GC ip dhcp snooping database flash Writes all dynamically learned snooping entries to flash memory GC ip dhcp s...

Страница 725: ...tered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identi...

Страница 726: ...trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both trusted and untrusted ports in the same VLAN If the DHCP snooping is globally...

Страница 727: ...n option DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server Known...

Страница 728: ...ying it keep Retains the Option 82 information in the client request and forwards the packets to trusted ports replace Replaces the Option 82 information circuit id and remote id fields in the client...

Страница 729: ...acket is dropped EXAMPLE This example enables MAC address verification Console config ip dhcp snooping verify mac address Console config RELATED COMMANDS ip dhcp snooping 725 ip dhcp snooping vlan 729...

Страница 730: ...d Use the no form to restore the default setting SYNTAX no ip dhcp snooping trust DEFAULT SETTING All interfaces are untrusted COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE...

Страница 731: ...lient request to the DHCP server must be configured as trusted EXAMPLE This example sets port 5 to untrusted Console config interface ethernet 1 5 Console config if no ip dhcp snooping trust Console c...

Страница 732: ...le DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Address enable Interface Trusted Eth 1 1 No Eth 1 2 No Eth 1 3 No Eth 1 4 No Eth 1 5...

Страница 733: ...dress interface no ip source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4093 ip address A valid unicast IP address including...

Страница 734: ...ed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guard binding If there is an entry with same VLAN ID and M...

Страница 735: ...d port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC addr...

Страница 736: ...ard if enabled on an interface for which IP source bindings dynamically learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except...

Страница 737: ...nding 1 Console config if show ip source guard This command shows whether source guard is enabled or disabled on each interface COMMAND MODE Privileged Exec EXAMPLE Console show ip source guard Interf...

Страница 738: ...hosts with statically configured IP addresses This section describes commands used to configure ARP Inspection Table 72 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Ins...

Страница 739: ...ction is enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other packets Disabling and then r...

Страница 740: ...not checked DEFAULT SETTING ARP ACLs are not bound to any VLAN Static mode is not enabled COMMAND MODE Global Configuration COMMAND USAGE ARP ACLs are configured with the commands described on page 29...

Страница 741: ...ogging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VLAN the port...

Страница 742: ...e target IP addresses are checked only in ARP responses src mac Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP...

Страница 743: ...ine and their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs When ARP Inspect...

Страница 744: ...pted from ARP Inspection Use the no form to restore the default setting SYNTAX no ip arp inspection trust DEFAULT SETTING Untrusted COMMAND MODE Interface Configuration Port COMMAND USAGE Packets arri...

Страница 745: ...interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 COMMAND MODE Privileged Exec EXAMPLE Console show ip arp inspection interface ethernet 1 1 Port Nu...

Страница 746: ...AC address 0 ARP packets dropped by additional validation destination MAC address 0 ARP packets dropped by additional validation IP address 0 ARP packets dropped by ARP ACLs 0 ARP packets dropped by D...

Страница 747: ...oup Function IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses or DSCP traffic class MAC ACLs C...

Страница 748: ...er more specific criteria acl name Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you crea...

Страница 749: ...one COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated by a...

Страница 750: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Страница 751: ...tmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedenc...

Страница 752: ...0 255 255 255 0 any destination port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 1...

Страница 753: ...ccess list 753 Time Range 625 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP access l...

Страница 754: ...ess list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP addres...

Страница 755: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address prefi...

Страница 756: ...mit deny any destination ipv6 address prefix length dscp dscp flow label flow label next header next header time range time range name any Any IP address an abbreviation for the IPv6 prefix 0 destinat...

Страница 757: ...handling might be conveyed to the routers by a control protocol such as a resource reservation protocol or by information within the flow s packets themselves e g in a hop by hop option A flow is uniq...

Страница 758: ...ext ipv6 acl permit 2009 DB9 2229 79 48 flow label 43 Console config ext ipv6 acl RELATED COMMANDS access list ipv6 754 Time Range 625 show ipv6 access list This command displays the rules for config...

Страница 759: ...DE Interface Configuration Ethernet COMMAND USAGE A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding wi...

Страница 760: ...ial characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new...

Страница 761: ...bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask NOTE The default is for Ethernet II packets permit deny tagged eth2 any host source sou...

Страница 762: ...bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source...

Страница 763: ...MANDS access list mac 760 Time Range 625 mac access group This command binds a MAC ACL to a port Use the no form to remove the port SYNTAX mac access group acl name in time range time range name acl n...

Страница 764: ...ace ethernet 1 5 MAC access list M5 in Console RELATED COMMANDS mac access group 763 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name a...

Страница 765: ...LT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom...

Страница 766: ...esponse ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac des...

Страница 767: ...mac any any Console config mac acl RELATED COMMANDS access list arp 765 show arp access list This command displays the rules for configured ARP ACLs SYNTAX show arp access list acl name acl name Name...

Страница 768: ...es COMMAND MODE Privileged Exec EXAMPLE Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0 255 255 15 0 IP extended access list bob permit 10 7 1 1 255 255...

Страница 769: ...egotiation Enables autonegotiation of a given interface IC shutdown Disables an interface IC speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disable...

Страница 770: ...Port number Range 1 24 port channel channel id Range 1 32 vlan vlan id Range 1 4093 DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE To specify port 4 enter the following command Consol...

Страница 771: ...s 1 Gbps full duplex operation 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps hal...

Страница 772: ...o remove the description SYNTAX description string no description string Comment or a description to help you remember what is attached to this interface Range 1 64 characters DEFAULT SETTING None COM...

Страница 773: ...low control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable a...

Страница 774: ...Ports 1 2 EXAMPLE This forces the switch to use the built in RJ 45 port for the combination port 25 Console config interface ethernet 1 25 Console config if media type copper forced Console config if...

Страница 775: ...ig if RELATED COMMANDS capabilities 771 speed duplex 776 shutdown This command disables an interface To restart a disabled interface use the no form SYNTAX no shutdown DEFAULT SETTING All interfaces a...

Страница 776: ...tion COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over...

Страница 777: ...rate falls back down beneath the threshold Using both rate limiting and storm control on the same interface may lead to unexpected results For example suppose broadcast storm control is set to 500 pps...

Страница 778: ...played statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the l...

Страница 779: ...ti cast Input 1342 Multi cast Output 210 Broadcast Input 2 Broadcast Output Ether like Stats 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 D...

Страница 780: ...s for all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displayed For a description of the items displayed by this com...

Страница 781: ...GE If no interface is specified information on all interfaces is displayed EXAMPLE This example shows the configuration setting for port 21 Console show interfaces switchport ethernet 1 21 Information...

Страница 782: ...page 841 Acceptable Frame Type Shows if acceptable VLAN frames include all types or tagged frames only page 839 Native VLAN Indicates the default Port VLAN ID page 843 Priority for Untagged Traffic I...

Страница 783: ...r Not Supported This message is displayed for any Fast Ethernet ports that are linked up or for any Gigabit Ethernet ports linked up at a speed lower than 1000 Mbps Impedance mismatch Terminating impe...

Страница 784: ...agnostics This command shows the results of a cable diagnostics test SYNTAX show cable diagnostics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range...

Страница 785: ...CHAPTER 30 Interface Commands 785 EXAMPLE Console show loop internal interface ethernet 1 1 Port Test Result Last Update Eth 1 1 Succeeded 2024 07 15 15 26 56 Console...

Страница 786: ...CHAPTER 30 Interface Commands 786...

Страница 787: ...A trunk can have up to 8 ports The ports at both ends of a connection must be configured as trunk ports All ports in a trunk must be configured in an identical manner including communication mode i e...

Страница 788: ...it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key...

Страница 789: ...ned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target...

Страница 790: ...an aggregate link key The port admin key must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 DEFAULT SETTING 0 COMMAND MODE Interface Configuratio...

Страница 791: ...uration Ethernet COMMAND USAGE Setting a lower value indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed...

Страница 792: ...switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP...

Страница 793: ...e interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3...

Страница 794: ...his channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of...

Страница 795: ...mation Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in re...

Страница 796: ...signed to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin S...

Страница 797: ...n SYNTAX port monitor interface rx tx both no port monitor interface interface ethernet unit port source port unit Stack unit Range 1 port Port number Range 1 24 rx Mirror received packets tx Mirror t...

Страница 798: ...onitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor...

Страница 799: ...tion port and mirror mode i e RX TX RX TX EXAMPLE The following shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 Con...

Страница 800: ...CHAPTER 32 Port Mirroring Commands Local Port Mirroring Commands 800...

Страница 801: ...lt rate Use the no form to restore the default status of disabled SYNTAX rate limit input output rate no rate limit input output input Input rate for specified interface output Output rate for specifi...

Страница 802: ...the storm control command It is therefore not advisable to use both of these commands on the same interface EXAMPLE Console config interface ethernet 1 1 Console config if rate limit input 64 Console...

Страница 803: ...ng DEFAULT SETTING 300 seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information EXAMPLE Console config mac address table agi...

Страница 804: ...e default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add stati...

Страница 805: ...address interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 sort Sort by address vlan or interface DEFAULT...

Страница 806: ...ss table Interface MAC Address VLAN Type Life Time Eth 1 1 00 E0 29 94 34 DE 1 Config Delete on Reset Eth 1 21 00 01 EC F8 D8 D9 1 Learn Delete on Timeout Console show mac address table aging time Thi...

Страница 807: ...e maximum number of hops allowed in the region before a BPDU is discarded MST mst priority Configures the priority of a spanning tree instance MST mst vlan Adds VLANs to a spanning tree instance MST n...

Страница 808: ...s down EXAMPLE This example shows how to enable the Spanning Tree Algorithm for the switch Console config spanning tree Console config spanning tree port priority Configures the spanning tree priority...

Страница 809: ...evice must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discard...

Страница 810: ...of 40 or 2 x forward time 1 DEFAULT SETTING 20 seconds COMMAND MODE Global Configuration COMMAND USAGE This command sets the maximum time in seconds a device can wait without receiving a configuration...

Страница 811: ...P supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP M...

Страница 812: ...method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535...

Страница 813: ...electing the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority the device...

Страница 814: ...ole config spanning tree transmission limit 4 Console config max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to restore the default...

Страница 815: ...e Range 0 61440 in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 DEFAULT SETTING 32768 COMMAND MODE MST Configuration COMMAND USAGE MS...

Страница 816: ...allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST regi...

Страница 817: ...on This command configures the revision number for this multiple spanning tree configuration of this switch Use the no form to restore the default SYNTAX revision number number Revision number of the...

Страница 818: ...ng port connected to another switch or bridging device is mistakenly configured as an edge port and BPDU filtering is enabled on this port this might cause a loop in the spanning tree Before enabling...

Страница 819: ...onfig interface ethernet ethernet 1 5 Console config if spanning tree edge port Console config if spanning tree bpdu guard Console config if RELATED COMMANDS spanning tree edge port 820 spanning tree...

Страница 820: ...a and higher values assigned to ports with slower media Path cost takes precedence over port priority When the path cost method page 812 is set to short the maximum value for path cost is 65 535 EXAMP...

Страница 821: ...figures the link type for Rapid Spanning Tree and Multiple Spanning Tree Use the no form to restore the default SYNTAX spanning tree link type auto point to point shared no spanning tree link type aut...

Страница 822: ...BPDU according to IEEE Standard 802 1W 2001 9 3 4 Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch EXAMPLE Console config interface ethernet 1 5 Console co...

Страница 823: ...Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch When configured for manual release mode then a link down up event will not release the port from the discar...

Страница 824: ...auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 The default path costs...

Страница 825: ...ple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the spanning tree Wh...

Страница 826: ...ort Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch receiv...

Страница 827: ...AMPLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree loopback dete...

Страница 828: ...ort number Range 1 24 port channel channel id Range 1 32 COMMAND MODE Privileged Exec COMMAND USAGE If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification...

Страница 829: ...for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree...

Страница 830: ...1 Designated Root 32768 0 0001ECF8D8C6 Designated Bridge 32768 0 123412341234 Fast Forwarding Disabled Forward Transitions 4 Admin Edge Port Disabled Oper Edge Port Disabled Admin Link Type Auto Oper...

Страница 831: ...rfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addre...

Страница 832: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 833: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 834: ...NG No VLANs are included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified int...

Страница 835: ...Console show bridge ext Maximum Supported VLAN Numbers 4093 Maximum Supported VLAN ID 4093 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurable PVID...

Страница 836: ...erface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 32 DEFAULT SETTING Shows both global and interface specific configuration COMMAN...

Страница 837: ...u can display this file by entering the show running config command EXAMPLE Console config vlan database Console config vlan RELATED COMMANDS show vlan 845 vlan This command configures a VLAN Use the...

Страница 838: ...URING VLAN INTERFACES Table 96 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN GC switchport acceptable frame typ...

Страница 839: ...configuration for the desired VLAN enter any Layer 3 configuration commands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command EXAM...

Страница 840: ...ce Use the no form to restore the default SYNTAX switchport allowed vlan add vlan list tagged untagged remove vlan list no switchport allowed vlan add vlan list List of VLAN identifiers to add remove...

Страница 841: ...and 6 to the allowed list as tagged VLANs for port 1 Console config interface ethernet 1 1 Console config if switchport allowed vlan add 1 2 5 6 tagged Console config if switchport ingress filtering...

Страница 842: ...r untagged frames trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that fram...

Страница 843: ...to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an untagged member before you can assign its PVID to that group If acceptable frame types is set to all or...

Страница 844: ...AN trunking ports The following restrictions apply to this feature VLAN trunking can only be enabled on Gigabit Ethernet ports or trunks VLAN trunking is mutually exclusive with the access switchport...

Страница 845: ...ec Privileged Exec EXAMPLE The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Et...

Страница 846: ...ifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100...

Страница 847: ...nel control This command sets the switch to operate in QinQ mode Use the no form to disable QinQ operating mode SYNTAX no dot1q tunnel system tunnel control DEFAULT SETTING Disabled COMMAND MODE Globa...

Страница 848: ...d the packet passed on to the VLAN indicated by the inner tag If no inner tag is found the packet is passed onto the native VLAN defined for the uplink port EXAMPLE Console config interface ethernet 1...

Страница 849: ...tch will be set to the same ethertype EXAMPLE Console config interface ethernet 1 1 Console config if switchport dot1q tunnel tpid 9100 Console config if RELATED COMMANDS show interfaces switchport 78...

Страница 850: ...OMMAND MODE Global Configuration COMMAND USAGE Traffic segmentation provides port based security and isolation between ports within the VLAN Data traffic on the downlink ports can only be forwarded to...

Страница 851: ...ide port based security and isolation of local ports contained within different private VLAN groups This switch supports two types of private VLANs primary and community groups A primary VLAN contains...

Страница 852: ...port to a community VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan command to verify your configuration settings Table 100 P...

Страница 853: ...tween community VLANs and other locations DEFAULT SETTING None COMMAND MODE VLAN Configuration COMMAND USAGE Private VLANs are used to restrict traffic to ports within the same community and channel t...

Страница 854: ...provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports...

Страница 855: ...tchport private vlan host association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association SYNTAX switchport private vlan host association second...

Страница 856: ...a primary VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs EXAMPLE Console config interface ethernet 1 2 Console...

Страница 857: ...on the protocol type in use by the inbound packets To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 837 Although not mandatory...

Страница 858: ...MAND MODE Global Configuration EXAMPLE The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame type...

Страница 859: ...ames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the d...

Страница 860: ...for the selected interfaces SYNTAX show interfaces protocol vlan protocol group interface interface ethernet unit port unit Stack unit Range 1 port Port number ES3526MA 1 26 ES4524MA 1 24 port channe...

Страница 861: ...ask vlan vlan id priority priority no subnet vlan subnet ip address mask all ip address The IP address that defines the subnet Valid IP addresses consist of four decimal numbers 0 to 255 separated by...

Страница 862: ...24 vlan 4 Console config show subnet vlan This command displays IP Subnet VLAN assignments COMMAND MODE Privileged Exec COMMAND USAGE Use this command to display subnet to VLAN mappings The last match...

Страница 863: ...remove an assignment SYNTAX mac vlan mac address mac address vlan vlan id priority priority no mac vlan mac address mac address all mac address The source MAC address to be matched Configured MAC add...

Страница 864: ...dress VLAN ID Priority 00 00 00 11 22 33 10 0 Console CONFIGURING VOICE VLANS The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic VoIP traffic can...

Страница 865: ...n switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically a...

Страница 866: ...gures the Voice VLAN aging time as 3000 minutes Console config voice vlan aging 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Us...

Страница 867: ...Telephony list Console config voice vlan mac address 00 12 34 56 78 90 mask ff ff ff 00 00 00 description A new phone Console config switchport voice vlan This command specifies the Voice VLAN mode fo...

Страница 868: ...MMAND USAGE Specifies a CoS priority to apply to the port VoIP traffic on the Voice VLAN The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is ac...

Страница 869: ...ing VoIP traffic Console config interface ethernet 1 1 Console config if switchport voice vlan rule oui Console config if switchport voice vlan security This command enables security filtering for VoI...

Страница 870: ...tatus Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Au...

Страница 871: ...unction Priority Commands Layer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Maps TCP ports IP precedence tags or IP DSCP tags to...

Страница 872: ...ueuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below COMMAND...

Страница 873: ...ted Round Robin for the rest of the queues queue type list Indicates if the queue is a normal or strict type Options 0 indicates a normal queue 1 indicates a strict queue DEFAULT SETTING Weighted Roun...

Страница 874: ...queue mode strict Console config if RELATED COMMANDS queue weight 874 show queue mode 876 queue weight This command assigns weights to the eight class of service CoS priority queues when using weighte...

Страница 875: ...r priority mapping is IP Port IP Precedence or IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e rece...

Страница 876: ...rvice priority map SYNTAX show queue cos map interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 32 DEFAULT SETTING None COMMAND MODE Privi...

Страница 877: ...ole show queue weight This command displays the weights used for the weighted queues SYNTAX show queue mode interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 p...

Страница 878: ...DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type EXAMPLE The following example shows how to enable IP DSCP mapping globally Console config ma...

Страница 879: ...ort priority EXAMPLE The following example shows how to enable TCP UDP port mapping globally Console config map ip port Console config map ip precedence Global Configuration This command enables IP pr...

Страница 880: ...SETTING The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 COMMAND MODE Interface Configuration Ethernet Port Cha...

Страница 881: ...cos value no map ip port port number port number 16 bit TCP UDP port number Range 0 65535 cos value Class of Service value Range 0 7 DEFAULT SETTING None COMMAND MODE Interface Configuration Ethernet...

Страница 882: ...tion Ethernet Port Channel COMMAND USAGE The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Ser...

Страница 883: ...1 32 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show map ip dscp ethernet 1 1 DSCP mapping status Disabled Port DSCP CoS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1...

Страница 884: ...precedence This command shows the IP precedence priority map SYNTAX show map ip precedence interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel chan...

Страница 885: ...olicy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color m...

Страница 886: ...he matching traffic class and use one of the police commands to monitor parameters such as the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP...

Страница 887: ...ommands EXAMPLE This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console config class map rd class match any Console config cmap match ip dsc...

Страница 888: ...map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qualify for this class map If an...

Страница 889: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 16 characters COMMAND MODE Class Map Configur...

Страница 890: ...o drop any violating packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set ip dscp 3 Console config pmap c police flow 10000 4000 conform action tran...

Страница 891: ...ice flow 10000 4000 conform action transmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no form...

Страница 892: ...d Burst Size The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by on...

Страница 893: ...burst Excess burst size BE in bytes Range 4000 1600000 at a granularity of 4k bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service th...

Страница 894: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Страница 895: ...olor blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit new dscp exceed action drop new dscp violate action drop new dscp trtcm color blind Two rate th...

Страница 896: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Страница 897: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service that...

Страница 898: ...op any violating packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set cos 3 Console config pmap c police flow 10000 4000 conform action transmit vio...

Страница 899: ...licy map defined by the policy map command to the ingress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map name input Apply to the input...

Страница 900: ...ss list rd access Match ip dscp 0 Class Map match any rd class 2 Match ip precedence 5 Class Map match any rd class 3 Match vlan 1 Console show policy map This command displays the QoS policy maps whi...

Страница 901: ...sole show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Stack unit Range 1...

Страница 902: ...CHAPTER 38 Quality of Service Commands 902...

Страница 903: ...oups via IGMP snooping or static assignment sets the IGMP version enables proxy reporting displays current snooping settings and displays the multicast service and group members Static Multicast Routi...

Страница 904: ...Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a version different to that currently configured GC ip igmp snooping vlan gene...

Страница 905: ...VLAN interface but the interface settings will not take effect until snooping is re enabled globally EXAMPLE The following example enables IGMP snooping globally Console config ip igmp snooping Conso...

Страница 906: ...IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 including report suppression last leave and query suppression Report suppression intercepts absorbs and summarizes IGMP re...

Страница 907: ...ING Disabled COMMAND MODE Global Configuration COMMAND USAGE As described in Section 9 1 of RFC 3376 for IGMP Version 3 the Router Alert Option can be used to protect against DOS attacks One common me...

Страница 908: ...flood This command enables flooding of multicast traffic if a spanning tree topology change notification TCN occurs Use the no form to disable flooding SYNTAX no ip igmp snooping tcn flood DEFAULT SE...

Страница 909: ...t bridge sends a proxy query to quickly re learn the host membership port relations for multicast channels The root bridge also sends an unsolicited Multicast Router Discover MRD request to quickly lo...

Страница 910: ...p igmp snooping tcn query solicit Console config ip igmp snooping unregistered data flood This command floods unregistered multicast traffic into the attached VLAN Use the no form to drop unregistered...

Страница 911: ...l Configuration COMMAND USAGE When a new upstream interface that is uplink port starts up the switch sends unsolicited reports for all currently learned multicast channels out through the new upstream...

Страница 912: ...clusive This command discards any received IGMP messages except for multicast protocol packets which use a version different to that currently configured by the ip igmp snooping version command Use th...

Страница 913: ...es are forwarded only to downstream ports which have joined a multicast service EXAMPLE Console config ip igmp snooping vlan 1 general query suppression Console config ip igmp snooping vlan immediate...

Страница 914: ...ediate leave Console config ip igmp snooping vlan last memb query count This command configures the number of IGMP proxy group specific or group and source specific query messages that are sent out be...

Страница 915: ...ved by the switch it checks to see if this host is the last to leave the group by sending out an IGMP group specific or group and source specific query message and starts a timer If no reports are rec...

Страница 916: ...timer as a part of a router s start up procedure during the restart of a multicast forwarding interface and on receipt of a solicitation message When the multicast services provided to a VLAN is relat...

Страница 917: ...placed with any valid unicast address other than the router s own address using this command EXAMPLE The following example sets the source address for proxied IGMP query messages to 10 0 1 8 Console c...

Страница 918: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4093 interval T...

Страница 919: ...D USAGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EXAM...

Страница 920: ...ng global status Disabled Immediate leave Disabled Last member query interval 10 1 10s Last member query count 2 General query suppression Disabled Query interval 125 Query response interval 100 1 10s...

Страница 921: ...mand shows known multicast addresses SYNTAX show mac address table multicast vlan vlan id user igmp snp user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast ent...

Страница 922: ...multicast router ports are configured COMMAND MODE Global Configuration COMMAND USAGE Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore i...

Страница 923: ...In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service based on a specific subscription plan The IGMP...

Страница 924: ...ecked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP f...

Страница 925: ...o many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profil...

Страница 926: ...p range DEFAULT SETTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE C...

Страница 927: ...p max groups number no ip igmp max groups number The maximum number of multicast groups an interface can join at the same time Range 0 64 DEFAULT SETTING 64 COMMAND MODE Interface Configuration Ethern...

Страница 928: ...witch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing...

Страница 929: ...mp profile profile number profile number An existing IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ip igmp profile IGMP Profile 1...

Страница 930: ...ocessing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN seg...

Страница 931: ...must be assigned vlan id MVR VLAN ID Range 1 4093 DEFAULT SETTING MVR is disabled No MVR group address is defined The default number of contiguous addresses is 0 MVR VLAN ID is 1 COMMAND MODE Global...

Страница 932: ...t Port Channel COMMAND USAGE Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediat...

Страница 933: ...used to allow a receiver port to dynamically join or leave multicast groups sourced through the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to trunk mode see the switc...

Страница 934: ...AULT SETTING No receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically assigned to a re...

Страница 935: ...ivileged Exec COMMAND USAGE Enter this command without any keywords to display the global settings for MVR Use the interface keyword to display information about interfaces attached to the MVR VLAN Or...

Страница 936: ...mber of contiguous MVR group addresses Table 118 show mvr interface display description Field Description Port Shows interfaces attached to the MVR Type Shows the MVR port type Status Shows the MVR st...

Страница 937: ...ferent from the MVR VLAN if the group address has been statically assigned Table 119 show mvr members display description Continued Field Description Table 120 IGMP Commands Layer 3 Command Function M...

Страница 938: ...sec Last Member Query Interval 10 resolution in 0 1 sec Querier 0 0 0 0 Joined Groups Static Groups Console RELATED COMMANDS ip igmp snooping 905 show ip igmp snooping 919 ip igmp last member query in...

Страница 939: ...d to restore the default SYNTAX ip igmp max resp interval seconds no ip igmp max resp interval seconds The report delay advertised in IGMP queries Range 0 255 tenths of a second DEFAULT SETTING 100 10...

Страница 940: ...send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service Only the designated multicast router for a subnet sends host query m...

Страница 941: ...o indicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the max...

Страница 942: ...multicast group will also fail if the next node up the reverse path tree has enabled the PIM SSM protocol If a static group is configured for an any source multicast G a source address cannot subseque...

Страница 943: ...e IGMP versions 1 3 If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts which are members of the group for which it heard the report If th...

Страница 944: ...ticast group address interface vlan vlan id VLAN ID Range 1 4093 detail Displays detailed information about the multicast process and source addresses when available COMMAND MODE Privileged Exec COMMA...

Страница 945: ...is multicast group address on this interface Uptime The time elapsed since this entry was created Expire The time remaining before this entry will be aged out The default is 260 seconds This field dis...

Страница 946: ...ed in the source list parameter In EXCLUDE mode reception of packets sent to the given multicast address is requested from all IP source addresses except for those listed in the source list parameter...

Страница 947: ...Use the ip igmp proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ip igmp proxy This command enables IGMP proxy service fo...

Страница 948: ...k then the proxy device will act as an IGMPv1 or IGMPv2 host on the upstream interface accordingly Otherwise it will act as an IGMPv3 host Multicast routing protocols are not supported on interfaces w...

Страница 949: ...T SETTING 400 seconds COMMAND MODE Interface Configuration VLAN EXAMPLE The following example sets the interval for sending unsolicited IGMP reports to 5 seconds Console config interface vlan Console...

Страница 950: ...CHAPTER 39 Multicast Filtering Commands IGMP Proxy Routing 950...

Страница 951: ...g to re initialize after LLDP ports are disabled or the link goes down GC lldp tx delay Configures a delay between the successive transmission of advertisements initiated by a change in local LLDP MIB...

Страница 952: ...ion capabilities IC lldp dot3 tlv mac phy Configures an LLDP enabled port to advertise its MAC and physical layer specifications IC lldp dot3 tlv max frame Configures an LLDP enabled port to advertise...

Страница 953: ...ds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Range 5 3600 seconds DEFAULT SETTING 5 seconds COMMAND MODE Global Configuration COMMAND U...

Страница 954: ...e following rule refresh interval holdtime multiplier 65536 EXAMPLE Console config lldp refresh interval 60 Console config lldp reinit delay This command configures the delay before attempting to re i...

Страница 955: ...ent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in...

Страница 956: ...port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardwa...

Страница 957: ...des information about the manufacturer the product name and the version of the interface hardware software EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv port descripti...

Страница 958: ...RFC 3418 which includes the full name and version identification of the system s hardware type software operating system and networking software EXAMPLE Console config interface ethernet 1 1 Console...

Страница 959: ...es the protocols that are accessible through this interface EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto ident Console config if lldp dot1 tlv proto vid This...

Страница 960: ...h which untagged or priority tagged frames are associated see the switchport native vlan command EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv pvid Console config if...

Страница 961: ...tatus of the link and the 802 3 aggregated port identifier if this interface is currently a link aggregation member EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv lin...

Страница 962: ...size for this switch EXAMPLE Console config interface ethernet 1 1 Console config if lldp dot3 tlv max frame Console config if lldp notification This command enables the transmission of SNMP trap noti...

Страница 963: ...ethernet 1 1 Console config if lldp notification Console config if show lldp config This command shows LLDP configuration settings for all ports SYNTAX show lldp config detail interface detail Shows...

Страница 964: ...x frame Console show lldp info local device This command shows LLDP global and interface specific configuration settings for this device SYNTAX show lldp info local device detail interface detail Show...

Страница 965: ...Ethernet Port on unit 1 port 1 Console show lldp info remote device This command shows LLDP global and interface specific configuration settings for remote devices attached to an LLDP enabled port SYN...

Страница 966: ...ink Aggregation Remote link aggregation capable Yes Remote link aggragation enable No Remote link aggragation port id 0 Remote Max Frame Size 1518 Console show lldp info statistics This command shows...

Страница 967: ...0 11 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail PortName Eth 1 1 Frames Discarded 0 Frames Invalid 0 Fr...

Страница 968: ...CHAPTER 40 LLDP Commands 968...

Страница 969: ...ist name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters Table 125 Address Table Commands Command Function Mode ip domain l...

Страница 970: ...main name command is used If there is a domain list the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip doma...

Страница 971: ...192 168 1 55 10 1 0 55 Console RELATED COMMANDS ip domain name 971 ip name server 973 ip domain name This command defines the default domain name appended to incomplete host names i e host names pass...

Страница 972: ...ve an entry SYNTAX no ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMA...

Страница 973: ...servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list is reach...

Страница 974: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 975: ...ear host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all static entries from the DNS table Console config clear host Console config s...

Страница 976: ...sole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yahoo...

Страница 977: ...tored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address as...

Страница 978: ...CHAPTER 41 Domain Name Service Commands 978...

Страница 979: ...address information ip dhcp restart client This command submits a BOOTP or DHCP client request DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE This command issues a BOOTP or DHCP clie...

Страница 980: ...34 12 34 Index 1001 MTU 1500 Bandwidth 1g Address Mode is DHCP IP Address 192 168 0 9 Mask 255 255 255 0 Proxy ARP is disabled Console RELATED COMMANDS ip address 1006 DHCP RELAY This section describ...

Страница 981: ...host devices attached to the switch If DHCP relay service is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the request so the DHCP server will know the subn...

Страница 982: ...servers available to a DHCP client DC domain name Specifies the domain name for a DHCP client DC hardware address Specifies the hardware address of a DHCP client DC host These commands are used for m...

Страница 983: ...s pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool SYNTAX no ip dhcp pool name name A string or integer Range 1 8 characters DEFAULT SETTING DHCP address pools ar...

Страница 984: ...If the DHCP server is running you must restart it to implement any configuration changes EXAMPLE Console config service dhcp Console config bootfile This command specifies the name of the default boot...

Страница 985: ...l value DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration COMMAND USAGE This command identifies a DHCP client to bind to an address specified in the host command If both a client identifier an...

Страница 986: ...to two routers Routers are listed in order of preference starting with address1 as the most preferred router EXAMPLE Console config dhcp default router 10 1 0 54 10 1 0 64 Console config dhcp dns serv...

Страница 987: ...nt Range 1 32 characters DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration EXAMPLE Console config dhcp domain name sample com Console config dhcp hardware address This command specifies the ha...

Страница 988: ...ess for the client SYNTAX host address mask no host address Specifies the IP address of a client mask Specifies the network mask of the client DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration...

Страница 989: ...currently in use by the host EXAMPLE Console config dhcp host 10 1 0 21 255 255 255 0 Console config dhcp RELATED COMMANDS client identifier 985 hardware address 987 lease This command configures the...

Страница 990: ...to remove the NetBIOS name server list SYNTAX netbios name server address1 address2 no netbios name server address1 Specifies IP address of primary NetBIOS WINS name server address2 Specifies IP addr...

Страница 991: ...r 990 network This command configures the subnet number and mask for a DHCP address pool Use the no form to remove the subnet number and mask SYNTAX network network number mask no network network numb...

Страница 992: ...st field nnn determines the class 0 127 is class A only uses the first field in the network address 128 191 is class B uses the first two fields in the network address 192 223 is class C uses the firs...

Страница 993: ...d as the address parameter the DHCP server clears all automatic bindings Use the no host command to delete a manual binding This command is normally used after modifying the address pool or after movi...

Страница 994: ...1 3 21 00 00 e8 98 73 21 86400 Dec 25 08 01 57 2002 Console show ip dhcp This command displays DHCP address pools configured on the switch COMMAND MODE Privileged Exec EXAMPLE Console show ip dhcp Na...

Страница 995: ...ch allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Table 132 VRRP Commands Command Function Mode vrrp authen...

Страница 996: ...the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded Plain text authentication does not provide any real security It is supported only to pr...

Страница 997: ...customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP EXAMPLE This example creates VRRP gr...

Страница 998: ...p priority 998 vrrp priority This command sets the priority of this router in a VRRP group Use the no form to restore the default setting SYNTAX vrrp group priority level no vrrp group priority group...

Страница 999: ...nterval at which the master virtual router sends advertisements communicating its state as the master Use the no form to restore the default interval SYNTAX vrrp group timers advertise interval no vrr...

Страница 1000: ...roup Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console clear vrrp 1 interface 1 counters Con...

Страница 1001: ...uthentication SimpleText Authentication Key bluebird Master Router 192 168 1 6 Master Priority 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 133 show vrrp display descr...

Страница 1002: ...r Master priority The priority of the router currently acting as the VRRP group master Master Advertisement interval The advertisement interval configured on the VRRP master Master down interval The d...

Страница 1003: ...ies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4093 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console show vrrp 1 interface vlan 1 counters Total Numbe...

Страница 1004: ...MMAND MODE Privileged Exec EXAMPLE Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Страница 1005: ...by default You must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway between...

Страница 1006: ...edia that will be assigned to a specific subnet then you must create a router interface for each VLAN that will support routing The router interface consists of an IP address and subnet mask This inte...

Страница 1007: ...ress cannot be removed if a secondary address is still present Also if any router in a network segment uses a secondary address all other routers in that segment must also use a secondary address from...

Страница 1008: ...ic to the designated address or subnet passes through a preferred gateway A default gateway can only be successfully set when a network interface that directly connects to the gateway has been configu...

Страница 1009: ...ackets take to the specified destination SYNTAX traceroute host host IP address or alias of the host DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the traceroute command to deter...

Страница 1010: ...ther node on the network SYNTAX ping host count count size size host IP address or IP alias of the host count Number of packets to send Range 1 16 size Number of bytes in a packet Range 32 512 The act...

Страница 1011: ...transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 ms Maximum 10 ms Average 8 ms Console RELATED COMMANDS interface 770 ARP CONFIGURATION This section describe...

Страница 1012: ...there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to time out Static entries w...

Страница 1013: ...rp This command enables proxy Address Resolution Protocol ARP Use the no form to disable proxy ARP SYNTAX no ip proxy arp DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USA...

Страница 1014: ...Exec Privileged Exec COMMAND USAGE This command displays information about the ARP cache The first line shows the cache timeout It also shows each cache entry including the IP address MAC address typ...

Страница 1015: ...d in the forwarding list when UDP helper is enabled with the ip helper command and a remote server address is configured with the ip helper address command BOOTP client port 67 BOOTP server port 68 Do...

Страница 1016: ...roadcast all ones broadcast 255 255 255 255 or a directed subnet broadcast such as 10 10 10 255 To reduce the number of application servers deployed in a multi segment network UDP helper can be used t...

Страница 1017: ...igured with an IP address The UDP packets to be forwarded must be specifed by the ip forward protocol udp command and the packets meet the following criteria The MAC address of the received frame must...

Страница 1018: ...settings for UDP helper COMMAND MODE Privileged Exec COMMAND USAGE This command displays all configuration settings for UDP helper including its functional status the UDP ports for which broadcast tra...

Страница 1019: ...ct the router to the enterprise network GLOBAL ROUTING CONFIGURATION Table 139 IP Routing Commands Command Group Function Global Routing Configuration Configures global parameters for static and dynam...

Страница 1020: ...used by the dynamic unicast routing protocols is 110 for OSPF and 120 for RIP Range 1 255 Default 1 Removes all static routing table entries DEFAULT SETTING No static routes are configured COMMAND MO...

Страница 1021: ...led 4 paths COMMAND MODE Global Configuration EXAMPLE switch config maximum paths 8 switch config show ip route This command displays information in the Forwarding Information Base FIB SYNTAX show ip...

Страница 1022: ...tes which are currently accessible for forwarding The router must be able to directly reach the next hop so the VLAN interface associated with any dynamic or static route entry must be up Note that ro...

Страница 1023: ...UDP TCP and ARP protocols COMMAND MODE Privileged Exec EXAMPLE Console show ip traffic IP Statistics IP received 4877 total received header errors unknown protocols address errors discards 4763 delive...

Страница 1024: ...tric assigned to external routes imported from other protocols RC distance Defines an administrative distance for external routes learned from other routing protocols RC maximum prefix Sets the maximu...

Страница 1025: ...COMMANDS network 1029 ip rip receive version Sets the RIP receive version to use on a network interface IC ip rip receive packet Configures the interface to receive of RIP packets IC ip rip send versi...

Страница 1026: ...address 0 0 0 0 EXAMPLE Console config router default information originate Console config router RELATED COMMANDS ip route 1020 redistribute 1031 default metric This command sets the default metric a...

Страница 1027: ...ernal network with a better metric from a redistribution point other than that derived from the original source EXAMPLE This example sets the default metric to 5 Console config router default metric 5...

Страница 1028: ...dministrative control The administrative distance is applied to all routes learned for the specified network EXAMPLE Console config router distance 2 192 168 3 0 255 255 255 0 Console config router ma...

Страница 1029: ...lticast messages generated by the RIP protocol Use this command in conjunction with the passive interface command to control the routing updates sent to specific neighbors EXAMPLE Console config route...

Страница 1030: ...g routing updates on the specified interface Use the no form to disable this feature SYNTAX no passive interface vlan vlan id vlan id VLAN ID Range 1 4093 DEFAULT SETTING Disabled COMMAND MODE Router...

Страница 1031: ...ic value to be used for all imported external routes A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric...

Страница 1032: ...240 seconds DEFAULT SETTING Update 30 seconds Timeout 180 seconds Garbage collection 120 seconds COMMAND MODE Router Configuration COMMAND USAGE The update timer sets the rate at which updates are sen...

Страница 1033: ...RIPv1 or RIPv2 packets Send Route information is broadcast to other routers with RIPv2 COMMAND MODE Router Configuration COMMAND USAGE When this command is used to specify a global RIP version any VL...

Страница 1034: ...n string command This command requires the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For authentication...

Страница 1035: ...at this command does not apply to RIPv1 For authentication to function properly both the sending and receiving interface must be configured with the same password and authentication enabled by the ip...

Страница 1036: ...e are still some older routers using RIPv1 EXAMPLE This example sets the interface version for VLAN 1 to receive RIPv1 packets Console config interface vlan 1 Console config if ip rip receive version...

Страница 1037: ...TING 1 compatible Route information is broadcast to other routers with RIPv2 COMMAND MODE Interface Configuration VLAN COMMAND USAGE Use this command to override the global setting specified by the RI...

Страница 1038: ...DE Interface Configuration VLAN DEFAULT SETTING Enabled COMMAND USAGE The no form of this command allows the router to passively monitor route information advertised by other routers attached to the n...

Страница 1039: ...med unreachable EXAMPLE This example propagates routes back to the source using poison reverse Console config interface vlan 1 Console config if ip split horizon poison reverse Console config if clear...

Страница 1040: ...ip protocols rip This command displays RIP process parameters COMMAND MODE Privileged Exec EXAMPLE Console show ip protocols rip Routing Protocol is rip Sending updates every 30 seconds with 5 seconds...

Страница 1041: ...ied interface vlan id VLAN ID Range 1 4093 COMMAND MODE Privileged Exec EXAMPLE Console show ip rip Codes R RIP Rc RIP connected Rs RIP static C Connected S Static O OSPF Network Next Hop Metric From...

Страница 1042: ...ult metric for external routes imported from other protocols RC redistribute Redistribute routes from one routing domain to another RC summary address Summarizes routes advertised by an ASBR RC Area C...

Страница 1043: ...l Specifies the time between resending a link state advertisement IC ip ospf transmit delay Estimates time to send a link state update packet over an interface IC passive interface Suppresses OSPF rou...

Страница 1044: ...e destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF routi...

Страница 1045: ...vertise a default external route into the AS if it has been configured to import external routes through other routing protocols or static routing and such a route is known See the redistribute comman...

Страница 1046: ...fault information originate metric 20 metric type 2 Console config router RELATED COMMANDS ip route 1020 redistribute 1052 router id This command assigns a unique router ID for this device within the...

Страница 1047: ...ge and starting the shortest path first SPF calculation and the hold time between making two consecutive SPF calculations Use the no form to restore the default values SYNTAX timers spf spf delay spf...

Страница 1048: ...ommand specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assigned default cost SYNTAX area area id default cost cost...

Страница 1049: ...s remain hidden from the rest of the network COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command can be used to summarize intra area routes and advertise this informa...

Страница 1050: ...lculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By default the cost is 1 Mbps for all port types including 100 Mbps ports 1 Gigabit ports and 10 Gigab...

Страница 1051: ...ols Range 0 16777214 COMMAND MODE Router Configuration DEFAULT SETTING 20 COMMAND USAGE The default metric must be used to resolve the problem of redistributing external routes from other protocols th...

Страница 1052: ...ternal route metric tag value A tag placed in the AS external LSA to identify a specific external routing domain or to pass additional information between routers Range 0 4294967295 COMMAND MODE Route...

Страница 1053: ...earned from RIP as Type 1 external routes Console config router redistribute rip metric type 1 Console config router RELATED COMMANDS default information originate 1045 summary address This command ag...

Страница 1054: ...ates NSSA ABR translator role for Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never translates NSSA LSAs to Type 5 external LSAs always R...

Страница 1055: ...yword External routes advertised into an NSSA can include network destinations outside the AS learned via OSPF the default route static routes routes imported from other routing protocols such as RIP...

Страница 1056: ...able space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that adverti...

Страница 1057: ...or as a four octet unsigned integer ranging from 0 4294967295 router id Router ID of the virtual link neighbor This specifies the Area Border Router ABR at the other end of the virtual link To create...

Страница 1058: ...Specifies message digest MD5 authentication null Indicates that no authentication is used authentication key key Sets a plain text password up to 8 characters that is used by neighboring routers on a...

Страница 1059: ...ple creates a virtual link using the defaults for all optional parameters Console config router network 10 4 0 0 0 255 255 0 0 area 10 4 0 0 Console config router area 10 4 0 0 virtual link 10 4 3 254...

Страница 1060: ...as been specified EXAMPLE This example creates the backbone 0 0 0 0 covering class B addresses 10 1 x x and a normal transit area 10 2 9 0 covering the class C addresses 10 2 9 x Console config router...

Страница 1061: ...arn the authentication key by snooping on routing protocol packets When using Message Digest 5 MD5 authentication the router uses the MD5 algorithm to verify data integrity by creating a 128 bit messa...

Страница 1062: ...No password COMMAND USAGE Before specifying plain text password authentication for an interface with the ip ospf authentication command configure a password with this command This command creates a pa...

Страница 1063: ...etric for this interface Use higher values to indicate slower ports Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 1 COMMAND USAGE The interface cost indicates the overhead re...

Страница 1064: ...ed to the current interface seconds The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down This interval must be set to the same value for all...

Страница 1065: ...hat the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic EXAMPLE Console config inte...

Страница 1066: ...administrator time to update all the routers on the network without affecting the network connectivity Once all the network routers have been updated with the new key the old key should be removed for...

Страница 1067: ...segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the election process is initiated Configure rou...

Страница 1068: ...SYNTAX ip ospf ip address transmit delay seconds no ip ospf ip address transmit delay ip address This parameter can be used to indicate a specific IP address connected to the current interface If not...

Страница 1069: ...NG None COMMAND USAGE You can configure an OSPF interface as passive to prevent OSPF routing traffic from exiting or entering that interface No OSPF adjacency can be formed if one of the interfaces in...

Страница 1070: ...OSPF process ID and router ID The router ID uniquely identifies the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The...

Страница 1071: ...mber of new link state advertisements that have been originated Number of LSA received The number of link state advertisements that have been received Number of areas attached to this router The numbe...

Страница 1072: ...ation about all advertising routers is displayed ip address IP address of the specified router If no address is entered information about the local router is displayed link state id The network portio...

Страница 1073: ...d Console show ip os database asbr summary OSPF Router with ID 0 0 0 0 Process ID 1 ASBR Summary Link States Area 0 0 0 1 LS age 0 Options 0x2 E LS Type ASBR summary LSA Table 144 show ip ospf databas...

Страница 1074: ...ask 24 Metric Type 2 Larger than any link state path TOS 0 Metric 20 Forward Address 10 10 11 50 External Route Tag 0 Table 145 show ip ospf database summary display description Field Description OSPF...

Страница 1075: ...d with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Number Advert...

Страница 1076: ...rocess ID 1 Router Link States Area 0 0 0 0 LS age 0 Options 0x2 E Flags 0x2 ASBR LS Type router LSA Table 147 show ip ospf database network display description Field Description OSPF Router ID Router...

Страница 1077: ...associated with the LSA Flags Indicate if this router is a virtual link endpoint an ASBR or an ABR LS Type Router Link LSA describes the router s interfaces Link State ID Router ID of the router that...

Страница 1078: ...ddress 192 168 0 2 Backup Designated Router ID 192 168 0 3 Interface Address 192 168 0 3 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 10 Neighbor Count is 1 Adja...

Страница 1079: ...his interface but interface is down Loopback This is a loopback interface Waiting Router is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a mu...

Страница 1080: ...iption Neighbor ID Neighbor s router ID Pri Neighbor s router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for n...

Страница 1081: ...10 11 0 24 10 is directly connected fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 vlan1 IA 172 16 10 0 24 30 via 10 10 11 50 vlan2...

Страница 1082: ...virtual link crosses to reach the target router Local address The IP address of ABR that serves as an endpoint connecting the isolated area to the common transit area Remote address The IP address thi...

Страница 1083: ...ting for Summary Address Shows the networks for which route summarization is in effect Distance The administrative distance used for external routes learned by OSPF see the ip route command Table 153...

Страница 1084: ...CHAPTER 45 IP Routing Commands Open Shortest Path First OSPFv2 1084...

Страница 1085: ...ing DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE This command is used to enable IP multicast routing globally for the router A specific multicast routing protocol also need...

Страница 1086: ...known multicast source summary Displays summary information for each entry in the IP multicast routing table COMMAND MODE Privileged Exec COMMAND USAGE This command displays information for multicast...

Страница 1087: ...the SPT flag is set for S G the router immediately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a requested...

Страница 1088: ...st routes on the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration SYNTAX ip igmp snooping vlan vlan id mroute...

Страница 1089: ...hin VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned...

Страница 1090: ...pagation delay required for a LAN prune delay message to reach downstream routers IC ip pim trigger hello delay Configures the trigger hello delay IC show ip pim interface Displays information about i...

Страница 1091: ...ig router pim Console config exit Console show ip pim interface PIM is enabled Vlan 1 is up PIM Mode Dense Mode IP Address 192 168 0 2 Hello Interval 30 sec Hello HoldTime 105 sec Triggered Hello Dela...

Страница 1092: ...eived from directly connected LAN interfaces Dense mode interfaces are always added to the multicast routing table Sparse mode interfaces are added only when periodic join messages are received from d...

Страница 1093: ...n Delay 500 ms Override Interval 2500 ms Graft Retry Interval 3 sec Max Graft Retries 3 State Refresh Ori Int 60 sec Console ip pim hello holdtime This command configures the interval to wait for hell...

Страница 1094: ...mbers of the multicast tree EXAMPLE Console config if ip pim hello interval 60 Console config if ip pim join prune holdtime This command configures the hold time for the prune state Use the no form to...

Страница 1095: ...st they must send a Join to override the prune before the prune delay expires if they want to continue receiving the flow The message generated by this command effectively prompts any downstream neigh...

Страница 1096: ...ation delay command are used to calculate the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the overri...

Страница 1097: ...onfig if ip pim propagation delay 600 Console config if RELATED COMMANDS ip pim override interval 1096 ip pim lan prune delay 1095 ip pim trigger hello delay This command configures the maximum time b...

Страница 1098: ...command displays the PIM settings for the specified interface as described in the preceding pages It also shows the address of the designated PIM router and the number of neighboring PIM routers EXAM...

Страница 1099: ...l seconds The time before resending a Graft Range 1 10 seconds DEFAULT SETTING 3 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE A graft message is sent by a router to cancel a prune s...

Страница 1100: ...AN EXAMPLE Console config if ip pim max graft retries 5 Console config if ip pim state refresh origination interval This command sets the interval between sending PIM DM state refresh control messages...

Страница 1101: ...k length Hash mask length in bits used for RP selection see ip pim rp candidate and ip pim rp address The portion of the hash specified by the mask length is ANDed with the group address Therefore whe...

Страница 1102: ...ferable to set up one of these routers as both the primary BSR and RP EXAMPLE The following example configures the router to start sending bootstrap messages out of the interface for VLAN 1 to all of...

Страница 1103: ...rendezvous point RP Use the no form to restore the default setting SYNTAX ip pim register source interface vlan vlan id no ip pim register source vlan id VLAN ID Range 1 4094 DEFAULT SETTING The IP a...

Страница 1104: ...IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by more than one entr...

Страница 1105: ...mmand configures the router to advertise itself as a Rendezvous Point RP candidate to the bootstrap router BSR Use the no form to remove this router as an RP candidate SYNTAX ip pim rp candidate inter...

Страница 1106: ...d on the group address RP address priority and hash mask included in the bootstrap messages If there is a tie use the candidate RP with the highest IP address This distributed election process provide...

Страница 1107: ...ce to a receiver is through the RP However the path through the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its r...

Страница 1108: ...le election process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with...

Страница 1109: ...ce will be adversely affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested t...

Страница 1110: ...on changes to the RP Use the show ip pim rp mapping command to display active RPs that are cached with associated multicast groups EXAMPLE This example clears the RP map Console clear ip pim bsr rp se...

Страница 1111: ...umber of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before this entry will be removed Role...

Страница 1112: ...ia null Console Table 161 show ip pim rp mapping display description Field Description Groups The multicast group address mask length managed by the RP RP address IP address of the RP used for the lis...

Страница 1113: ...1113 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1115 Troubleshooting on page 1121 License Information on page 1123...

Страница 1114: ...SECTION IV Appendices 1114...

Страница 1115: ...duplex 1000BASE SX LX LH LHX ZX 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast traffic throttled above a critical threshold POR...

Страница 1116: ...nd service policies MULTICAST FILTERING IGMP Snooping Layer 2 IGMP Layer 3 IGMP Proxy Multicast VLAN Registration IP ROUTING ARP Proxy ARP Static routes CIDR Classless Inter Domain Routing RIP RIPv2 O...

Страница 1117: ...er Discovery Protocol IEEE 802 1D 2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802 1p Priority tags IEEE...

Страница 1118: ...6 TFTP RFC 1350 VRRP RFC 3768 MANAGEMENT INFORMATION BASES Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 DNS Resolver MIB RFC 1612 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridg...

Страница 1119: ...n Client MIB RFC 2619 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMP Community MIB RFC 3584 SNMP Fr...

Страница 1120: ...APPENDIX A Software Specifications Management Information Bases 1120...

Страница 1121: ...t Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Страница 1122: ...ssages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages 6 Repeat the sequence of commands or other actions that lead...

Страница 1123: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1124: ...notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any...

Страница 1125: ...ired to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if y...

Страница 1126: ...ibution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exc...

Страница 1127: ...TFTP server that contains the devices system files and the name of the boot file COS Class of Service is supported by prioritizing packets based on the required level of service and then placing them...

Страница 1128: ...of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues EAPOL Extensible Authentication Protocol over LAN EAPOL is a client authentication protocol u...

Страница 1129: ...thod for the operation of MAC bridges including the Spanning Tree Protocol IEEE 802 1Q VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign endstations to...

Страница 1130: ...oup membership information onto the upstream interface based on IGMP messages monitored on downstream interfaces and forwards multicast traffic based on that information There is no need for multicast...

Страница 1131: ...tion meaning that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Information Base An acronym for Management Information Base It is a set o...

Страница 1132: ...ls such as RIP It includes features such as unlimited hop count authentication of routing updates and Variable Length Subnet Masks VLSM OUT OF BAND MANAGEMENT Management of the network from a station...

Страница 1133: ...et alarms on a variety of traffic conditions including specific error types RSTP Rapid Spanning Tree Protocol RSTP reduces the convergence time for network topology changes to about 10 of that require...

Страница 1134: ...hen TCP would be too complex too slow or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accur...

Страница 1135: ...r ip igmp group 943 clear ip ospf process 1048 clear ip pim bsr rp set 1110 clear ip rip route 1039 clear log 613 clear mac address table dynamic 805 clear vrrp interface counters 1000 clear vrrp rout...

Страница 1136: ...gmp max groups 927 ip igmp max groups action 928 ip igmp max resp interval 939 ip igmp profile 925 ip igmp proxy 947 ip igmp proxy unsolicited report interval 948 ip igmp query interval 940 ip igmp ro...

Страница 1137: ...access group 759 ipv6 host 974 J interface 770 jumbo frame 592 L lacp 789 lacp admin key Ethernet Interface 790 lacp admin key Port Channel 792 lacp port priority 791 lacp system priority 792 lease 9...

Страница 1138: ...password 604 password thresh 605 periodic 626 permit deny 925 permit deny ARP ACL 766 permit deny Extended IPv4 ACL 750 permit deny Extended IPv6 ACL 756 permit deny MAC ACL 761 permit deny Standard...

Страница 1139: ...f virtual links 1081 show ip pim bsr router 1110 show ip pim interface 1098 show ip pim neighbor 1098 show ip pim rp mapping 1111 show ip pim rp hash 1112 show ip protocols ospf 1082 show ip protocols...

Страница 1140: ...0 spanning tree mode 811 spanning tree mst configuration 813 spanning tree mst cost 824 spanning tree mst port priority 825 spanning tree pathcost method 812 spanning tree port priority 825 spanning t...

Страница 1141: ...COMMAND LIST 1141 vrrp authentication 996 vrrp ip 996 vrrp preempt 997 vrrp priority 998 vrrp timers advertise 999 W whichboot 599...

Страница 1142: ...COMMAND LIST 1142...

Страница 1143: ...v6 Extended 287 293 754 756 IPv6 Standard 287 292 754 755 MAC 287 296 760 time range 284 625 Address Resolution Protocol See ARP address table 187 803 aging time 190 803 aging time displaying 190 806...

Страница 1144: ...on rate 231 232 233 891 893 895 configuring 223 885 conforming traffic configuring response 231 891 893 895 description 887 excess burst size 232 893 metering configuring 227 228 229 891 peak burst si...

Страница 1145: ...ast member query interval 415 938 Layer 2 389 904 Layer 3 410 937 maximum response time 415 939 multicast groups displaying 418 944 proxy 411 947 proxy routing 410 947 proxy routing configuring 411 94...

Страница 1146: ...splay device information 345 347 965 displaying remote information 347 965 interface attributes configuring 342 955 962 local device information displaying 345 964 message attributes 342 951 message s...

Страница 1147: ...eave 426 932 N network access authentication 262 711 dynamic QoS assignment 267 714 dynamic VLAN assignment 267 715 guest VLAN 266 715 port configuration 266 719 reauthentication 265 713 secure MAC in...

Страница 1148: ...iguring 311 708 ports autonegotiation 126 774 broadcast storm threshold 221 777 capabilities 126 771 configuring 125 769 duplex mode 127 776 flow control 127 773 forced selection on combo ports 126 77...

Страница 1149: ...arm setting 380 651 statistics history collection 382 652 statistics history displaying 383 654 statistics collection 384 653 statistics displaying 385 655 root guard 207 826 router redundancy protoco...

Страница 1150: ...accounting 254 677 switch settings restoring 108 593 saving 108 593 system clock setting 111 620 setting manually 111 624 setting the time zone 114 623 setting with SNTP 112 620 622 system logs 335 61...

Страница 1151: ...protocol interface configuration 180 858 PVID 159 843 tunneling unknown groups 151 843 voice 239 864 voice VLANs 239 864 detecting VoIP devices 240 865 enabling for ports 242 867 869 identifying clie...

Страница 1152: ...INDEX 1152...

Страница 1153: ......

Страница 1154: ...ECS4610 24F E052010 ST R01 149100000092A...

Результаты поиска

Содержание ECS4610-24F

Отзывы:

Похожие инструкции для ECS4610-24F

Бренды по названию

Популярные бренды

Edge-Core ECS4610-24F, Руководство по управлению

Результаты поиска

Содержание ECS4610-24F

Отзывы:

Похожие инструкции для ECS4610-24F

Бренды по названию

Популярные бренды