manualshive.com logo in svg

Edge-Core ECS4660-28F, Руководство по управлению, Страница: 423 / 2020

Поделиться
Скачать
Edge-Core ECS4660-28F Скачать руководство пользователя страница 423

C

HAPTER

 13

  |  Security Measures

Configuring 802.1X Port Authentication

–  423  –

C

ONFIGURING

 802.1X P

ORT

 A

UTHENTICATION

 

Network switches can provide open and easy access to network resources 

by simply attaching a client PC. Although this automatic configuration and 

access is a desirable feature, it also allows unauthorized personnel to easily 

intrude and possibly gain access to sensitive network data.

The IEEE 802.1X (dot1X) standard defines a port-based access control 

procedure that prevents unauthorized access to a network by requiring 

users to first submit credentials for authentication. Access to all switch 

ports in a network can be centrally controlled from a server, which means 

that authorized users can use the same credentials for authentication from 

any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) 

to exchange authentication protocol messages with the client, and a 

remote RADIUS authentication server to verify user identity and access 

rights. When a client (i.e., Supplicant) connects to a switch port, the switch 

(i.e., Authenticator) responds with an EAPOL identity request. The client 

provides its identity (such as a user name) in an EAPOL response to the 

switch, which it forwards to the RADIUS server. The RADIUS server verifies 

the client identity and sends an access challenge back to the client. The 

EAP packet from the RADIUS server contains not only the challenge, but 

the authentication method to be used. The client can reject the 

authentication method and request another, depending on the 

configuration of the client software and the RADIUS server. The encryption 

method used to pass authentication messages can be MD5 (Message-

Digest 5), TLS (Transport Layer Security), PEAP (Protected Extensible 

Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The 

client responds to the appropriate method with its credentials, such as a 

password or certificate. The RADIUS server verifies the client credentials 

and responds with an accept or reject packet. If authentication is 

successful, the switch allows the client to access the network. Otherwise, 

non-EAP traffic on the port is blocked or assigned to a guest VLAN based on 

the “intrusion-action” setting. In “multi-host” mode, only one host 

connected to a port needs to pass authentication for all other hosts to be 

granted network access. Similarly, a port can become unauthorized for all 

hosts if one attached host fails re-authentication or sends an EAPOL logoff 

message.

Figure 220:  Configuring Port Security

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

Содержание ECS4660-28F

Страница 1: ...Management Guide www edge core com ECS4660 28F Layer 3 Gigabit Ethernet Switch...

Страница 2: ......

Страница 3: ...AGEMENT GUIDE ECS4660 28F GIGABIT ETHERNET SWITCH Layer 3 Switch with 24 Gigabit Ethernet Ports SFP 2 10G Ethernet Ports XSFP and 2 Slots for Optional 10G Modules ECS4660 28F E102013 ST R03 1491000001...

Страница 4: ......

Страница 5: ...e used throughout this guide to show information NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could c...

Страница 6: ...raffic Flows Updated Parameters section under Enabling QinQ Tunneling on the Switch on page 247 Added Creating CVLAN to SPVLAN Mapping Entries on page 248 Added Mapping Ingress DSCP Values to Internal...

Страница 7: ...ands on page 1025 Updated syntax for the command ip source guard binding on page 1134 ip source guard max binding on page 1137 and show ip source guard binding on page 1139 Added the commands ip sourc...

Страница 8: ...ort dscp on page 1403 Added the command ip igmp snooping priority on page 1428 Added the commands ip igmp authentication on page 1451 and show ip igmp authentication on page 1456 Added MLD Filtering a...

Страница 9: ...Configuring VLAN Groups on page 228 Added Configuring VLAN Translation on page 259 Added parameters under Configuring Loopback Detection on page 274 Added parameters under Configuring a Class Map on p...

Страница 10: ...PIMv6 Interface Settings on page 850 Added Configuring Global PIM6 SM Settings on page 856 Added Configuring a PIM6 BSR Candidate on page 858 Added Configuring a PIM6 Static Rendezvous Point on page 8...

Страница 11: ...6 Updated parameter description for show ip route on page 1726 Added tunnel parameter to ipv6 route on page 1730 Added Border Gateway Protocol BGPv4 on page 1818 Added Policy based Routing for BGP on...

Страница 12: ...ABOUT THIS GUIDE 12...

Страница 13: ...rotocol 100 System Defaults 102 2 INITIAL SWITCH CONFIGURATION 105 Connecting to the Switch 105 Configuration Options 105 Required Connections 106 Remote Connections 107 Basic Configuration 108 Consol...

Страница 14: ...Files via FTP TFTP or HTTP 155 Saving the Running Configuration to a Local File 157 Setting The Start Up File 158 Showing System Files 159 Automatic Operation Code Upgrade 160 Setting the System Cloc...

Страница 15: ...on 219 Enabling Traffic Segmentation 219 Configuring Uplink and Downlink Ports 220 VLAN Trunking 222 6 VLAN CONFIGURATION 225 IEEE 802 1Q VLANs 225 Configuring VLAN Groups 228 Adding Static Members to...

Страница 16: ...ON CONTROL 295 Rate Limiting 295 Storm Control 296 Automatic Traffic Control 298 Setting the ATC Timers 300 Configuring ATC Thresholds and Responses 301 10 CLASS OF SERVICE 305 Layer 2 Queue Settings...

Страница 17: ...366 Configuring Interface Settings for Web Authentication 367 Network Access MAC Address Authentication 368 Configuring Global Settings for Network Access 371 Configuring Network Access for Ports 372...

Страница 18: ...802 1X Global Settings 424 Configuring Port Authenticator Settings for 802 1X 425 Displaying 802 1X Statistics 429 DoS Protection 431 IPv4 Source Guard 432 Configuring Ports for IP Source Guard 433 Co...

Страница 19: ...89 Setting Community Access Strings 494 Configuring Local SNMPv3 Users 495 Configuring Remote SNMPv3 Users 497 Specifying Trap Managers 500 Creating SNMP Notification Logs 504 Showing SNMP Statistics...

Страница 20: ...on 585 Enabling OAM on Local Ports 585 Displaying Statistics for OAM Messages 588 Displaying the OAM Event Log 589 Displaying the Status of Remote Interfaces 590 Configuring a Remote Loop Back Test 59...

Страница 21: ...nfiguring IGMP Proxy Routing 647 Configuring IGMP Interface Parameters 650 Configuring Static IGMP Group Membership 652 Displaying Multicast Group Information 654 Multicast VLAN Registration for IPv4...

Страница 22: ...splaying the DNS Cache 718 Dynamic Host Configuration Protocol 719 Specifying a DHCP Client Identifier 720 Configuring DHCP Relay Service 721 Configuring the DHCP Server 723 Forwarding UDP Service Req...

Страница 23: ...771 Clearing Entries from the Routing Table 774 Specifying Network Interfaces 775 Specifying Passive Interfaces 777 Specifying Static Neighbors 778 Configuring Route Redistribution 779 Specifying an...

Страница 24: ...IM Globally 833 Configuring PIM Interface Settings 834 Displaying PIM Neighbor Information 839 Configuring Global PIM SM Settings 840 Configuring a PIM BSR Candidate 842 Configuring a PIM Static Rende...

Страница 25: ...okup 874 Negating the Effect of Commands 874 Using Command History 874 Understanding Command Modes 874 Exec Commands 875 Configuration Commands 876 Command Line Processing 878 CLI Command Groups 879 2...

Страница 26: ...anner configure note 900 show banner 901 System Status 901 show access list tcam utilization 902 show alarm status 902 show memory 903 show process cpu 904 show running config 904 show startup config...

Страница 27: ...29 silent time 929 speed 930 stopbits 931 timeout login response 931 disconnect 932 show line 932 Event Logging 933 logging facility 934 logging history 934 logging host 935 logging on 936 logging tra...

Страница 28: ...ock summer time predefined 953 clock summer time recurring 954 clock timezone 955 calendar set 956 show calendar 957 Time Range 957 time range 957 absolute 958 periodic 959 show time range 960 Precisi...

Страница 29: ...selecting 983 synce force clock source selecting 984 synce ssm ethernet 985 synce clk src ssm 986 show synce 987 Switch Clustering 989 cluster 990 cluster commander 990 cluster ip pool 991 cluster me...

Страница 30: ...server notify filter 1013 show nlm oper status 1014 show snmp notify filter 1015 Additional Trap Commands 1015 memory 1015 process cpu 1016 26 REMOTE MONITORING COMMANDS 1017 rmon alarm 1018 rmon eve...

Страница 31: ...TACACS Client 1040 tacacs server host 1041 tacacs server key 1041 tacacs server port 1042 tacacs server retransmit 1042 tacacs server timeout 1043 show tacacs server 1043 AAA 1044 aaa accounting dot1x...

Страница 32: ...ssh 1065 show public key 1065 show ssh 1066 802 1X Port Authentication 1067 General Commands 1068 dot1x default 1068 dot1x eapol pass through 1068 dot1x system auth control 1069 Authenticator Command...

Страница 33: ...0 mac learning 1090 port security 1091 port security mac address as permanent 1093 show port security 1093 Network Access MAC Address Authentication 1095 network access aging 1096 network access mac f...

Страница 34: ...information option 1118 ip dhcp snooping information policy 1119 ip dhcp snooping verify mac address 1120 ip dhcp snooping vlan 1121 ip dhcp snooping information option circuit id 1122 ip dhcp snoopi...

Страница 35: ...pection 1145 ip arp inspection 1146 ip arp inspection filter 1147 ip arp inspection log buffer logs 1148 ip arp inspection validate 1149 ip arp inspection vlan 1150 ip arp inspection limit 1151 ip arp...

Страница 36: ...1170 access list ipv6 1170 permit deny Standard IPv6 ACL 1171 permit deny Extended IPv6 ACL 1172 ipv6 access group 1174 show ipv6 access group 1175 show ipv6 access list 1175 MAC ACLs 1176 access lis...

Страница 37: ...on 1205 transceiver threshold auto 1205 transceiver threshold monitor 1206 transceiver threshold current 1206 transceiver threshold rx power 1207 transceiver threshold temperature 1208 transceiver thr...

Страница 38: ...ort packet rate 1241 switchport block 1242 Automatic Traffic Control Commands 1243 Threshold Commands 1246 auto traffic control apply timer 1246 auto traffic control release timer 1246 auto traffic co...

Страница 39: ...val 1262 loopback detection trap 1262 loopback detection release 1263 show loopback detection 1263 36 UNIDIRECTIONAL LINK DETECTION COMMANDS 1265 udld message interval 1265 udld aggressive 1266 udld p...

Страница 40: ...ck detection release mode 1294 spanning tree loopback detection trap 1295 spanning tree mst cost 1295 spanning tree mst port priority 1296 spanning tree port bpdu flooding 1297 spanning tree port prio...

Страница 41: ...ch 1329 show erps 1331 40 VLAN COMMANDS 1337 GVRP and Bridge Extension Commands 1338 bridge ext gvrp 1338 garp timer 1339 switchport forbidden vlan 1340 switchport gvrp 1340 show bridge ext 1341 show...

Страница 42: ...ation 1364 show vlan translation 1366 Configuring Private VLANs 1366 private vlan 1367 private vlan association 1368 switchport mode private vlan 1369 switchport private vlan host association 1370 swi...

Страница 43: ...ueue weight 1391 Priority Commands Layer 3 and 4 1392 qos map cos dscp 1393 qos map default drop precedence 1394 qos map dscp cos 1395 qos map dscp mutation 1396 qos map ip port dscp 1398 qos map ip p...

Страница 44: ...lood 1431 ip igmp snooping tcn query solicit 1432 ip igmp snooping unregistered data flood 1432 ip igmp snooping unsolicited report interval 1433 ip igmp snooping version 1434 ip igmp snooping version...

Страница 45: ...profile 1457 show ip igmp query drop 1458 show ip igmp throttle interface 1458 show ip multicast data drop 1459 MLD Snooping 1460 ipv6 mld snooping 1461 ipv6 mld snooping querier 1461 ipv6 mld snoopi...

Страница 46: ...ile 1476 show ipv6 mld query drop 1476 show ipv6 mld throttle interface 1477 MVR for IPv4 1478 mvr 1479 mvr associated profile 1479 mvr domain 1480 mvr profile 1481 mvr proxy query interval 1481 mvr p...

Страница 47: ...clear mvr6 statistics 1507 show mvr6 1507 show mvr6 associated profile 1508 show mvr6 interface 1509 show mvr6 members 1510 show mvr6 profile 1511 show mvr6 statistics 1511 IGMP Layer 3 1513 ip igmp...

Страница 48: ...37 lldp 1539 lldp holdtime multiplier 1539 lldp med fast start count 1540 lldp notification interval 1540 lldp refresh interval 1541 lldp reinit delay 1541 lldp tx delay 1542 lldp admin status 1543 ll...

Страница 49: ...t cfm domain 1567 ethernet cfm enable 1569 ma index name 1570 ma index name format 1571 ethernet cfm mep 1571 ethernet cfm port enable 1572 clear ethernet cfm ais mpid 1573 show ethernet cfm configura...

Страница 50: ...linktrace cache 1594 Loopback Operations 1595 ethernet cfm loopback 1595 Fault Generator Operations 1596 mep fault notify alarm time 1596 mep fault notify lowest priority 1597 mep fault notify reset t...

Страница 51: ...dns cache 1622 show hosts 1622 48 DHCP COMMANDS 1625 DHCP Client 1625 DHCP for IPv4 1625 ip dhcp client class id 1625 ip dhcp restart client 1627 DHCP for IPv6 1628 ipv6 dhcp client rapid commit vlan...

Страница 52: ...S 1647 IPv4 Interface 1647 Basic IPv4 Configuration 1648 ip address 1648 ip default gateway 1650 show ip interface 1651 show ip traffic 1652 traceroute 1653 ping 1654 ARP Configuration 1655 arp 1655 a...

Страница 53: ...empts 1684 ipv6 nd managed config flag 1685 ipv6 nd other config flag 1686 ipv6 nd ns interval 1687 ipv6 nd raguard 1688 ipv6 nd reachable time 1689 ipv6 nd prefix 1690 ipv6 nd ra interval 1691 ipv6 n...

Страница 54: ...ipv6 nd snooping binding 1711 show ipv6 nd snooping prefix 1711 50 VRRP COMMANDS 1713 vrrp authentication 1714 vrrp ip 1714 vrrp preempt 1715 vrrp priority 1716 vrrp timers advertise 1717 clear vrrp i...

Страница 55: ...ntication mode 1742 ip rip authentication string 1743 ip rip receive version 1744 ip rip receive packet 1745 ip rip send version 1745 ip rip send packet 1746 ip rip split horizon 1747 clear ip rip rou...

Страница 56: ...o interval 1772 ip ospf message digest key 1773 ip ospf priority 1774 ip ospf retransmit interval 1775 ip ospf transmit delay 1776 passive interface 1777 Display Information 1777 show ip ospf 1777 sho...

Страница 57: ...y 1808 ipv6 ospf retransmit interval 1809 ipv6 ospf transmit delay 1810 passive interface 1811 Display Information 1812 show ipv6 ospf 1812 show ipv6 ospf database 1813 show ipv6 ospf interface 1814 s...

Страница 58: ...8 redistribute 1849 timers bgp 1850 clear ip bgp 1851 clear ip bgp dampening 1852 Route Metrics and Selection 1853 bgp always compare med 1853 bgp bestpath as path ignore 1853 bgp bestpath compare con...

Страница 59: ...bers 1872 neighbor port 1872 neighbor prefix list 1873 neighbor remote as 1874 neighbor remove private as 1874 neighbor route map 1875 neighbor route reflector client 1876 neighbor route server client...

Страница 60: ...list 1895 show ip prefix list 1896 show ip prefix list detail 1896 show ip prefix list summary 1897 Policy based Routing for BGP 1897 route map 1899 call 1900 continue 1901 description 1901 match as p...

Страница 61: ...t routing 1922 show ipv6 mroute 1923 Static Multicast Routing 1925 ip igmp snooping vlan mrouter 1925 show ip igmp snooping mrouter 1926 PIM Multicast Routing 1927 IPv4 PIM Commands 1927 PIM Shared Mo...

Страница 62: ...hash 1949 IPv6 PIM Commands 1950 PIM6 Shared Mode Commands 1951 router pim6 1951 ipv6 pim 1951 ipv6 pim hello holdtime 1953 ipv6 pim hello interval 1953 ipv6 pim join prune holdtime 1954 ipv6 pim lan...

Страница 63: ...show ipv6 pim rp mapping 1971 show ipv6 pim rp hash 1972 SECTION IV APPENDICES 1973 A SOFTWARE SPECIFICATIONS 1975 Software Features 1975 Management Features 1977 Standards 1977 Management Information...

Страница 64: ...CONTENTS 64...

Страница 65: ...uring NTP 167 Figure 15 Specifying SNTP Time Servers 168 Figure 16 Adding an NTP Time Server 169 Figure 17 Showing the NTP Time Server List 169 Figure 18 Adding an NTP Authentication Key 170 Figure 19...

Страница 66: ...eiver Thresholds 203 Figure 48 Configuring Static Trunks 205 Figure 49 Creating Static Trunks 206 Figure 50 Adding Static Trunks Members 206 Figure 51 Configuring Connection Parameters for a Static Tr...

Страница 67: ...ivate VLANs 241 Figure 84 Showing Associated VLANs 241 Figure 85 Configuring Interfaces for Private VLANs 243 Figure 86 QinQ Operational Concept 244 Figure 87 Enabling QinQ Tunneling 248 Figure 88 Con...

Страница 68: ...for STA 288 Figure 119 Creating an MST Instance 290 Figure 120 Displaying MST Instances 290 Figure 121 Modifying the Priority for an MST Instance 291 Figure 122 Displaying Global Settings for an MST I...

Страница 69: ...to a Policy Map 338 Figure 157 Showing the Rules for a Policy Map 338 Figure 158 Attaching a Policy Map to a Port 339 Figure 159 Configuring a Voice VLAN 343 Figure 160 Configuring an OUI Telephony L...

Страница 70: ...sses Authenticated for Network Access 378 Figure 190 Configuring HTTPS 379 Figure 191 Downloading the Secure Site Certificate 381 Figure 192 Configuring the SSH Server 385 Figure 193 Generating the SS...

Страница 71: ...urce Guard Binding Table 438 Figure 229 Setting the Filter Type for IPv6 Source Guard 440 Figure 230 Configuring Static Bindings for IPv6 Source Guard 442 Figure 231 Displaying Static Bindings for IPv...

Страница 72: ...4 Figure 263 Showing Community Access Strings 495 Figure 264 Configuring Local SNMPv3 Users 496 Figure 265 Showing Local SNMPv3 Users 497 Figure 266 Configuring Remote SNMPv3 Users 499 Figure 267 Show...

Страница 73: ...gure 301 Configuring Global Settings for CFM 554 Figure 302 Configuring Interfaces for CFM 555 Figure 303 Configuring Maintenance Domains 559 Figure 304 Showing Maintenance Domains 559 Figure 305 Conf...

Страница 74: ...re 337 Displaying PTP Neighbor Information 608 Figure 338 Multicast Filtering Concept 610 Figure 339 IGMP Protocol 611 Figure 340 Configuring General Settings for IGMP Snooping 617 Figure 341 Configur...

Страница 75: ...Configuring IGMP Interface Settings 652 Figure 371 Configuring Static IGMP Groups 653 Figure 372 Showing Static IGMP Groups 654 Figure 373 Displaying Multicast Groups Learned from IGMP Information 656...

Страница 76: ...Interface 700 Figure 407 Configuring RA Guard for an IPv6 Interface 700 Figure 408 Configuring an IPv6 Address 703 Figure 409 Showing Configured IPv6 Addresses 704 Figure 410 Showing IPv6 Neighbors 7...

Страница 77: ...Layer 3 Routing 742 Figure 443 Pinging a Network Device 746 Figure 444 Tracing the Route to a Network Device 747 Figure 445 Proxy ARP 749 Figure 446 Configuring General Settings for ARP 750 Figure 44...

Страница 78: ...istance Assigned to External Routes 782 Figure 479 Configuring a Network Interface for RIP 785 Figure 480 Showing RIP Network Interface Settings 786 Figure 481 Showing RIP Interface Settings 787 Figur...

Страница 79: ...e Database 822 Figure 517 Displaying Neighbor Routers Stored in the Link State Database 824 Figure 518 Enabling IPv4 Multicast Routing 828 Figure 519 Enabling IPv6 Multicast Routing 829 Figure 520 Dis...

Страница 80: ...P Candidate 863 Figure 546 Showing Information About the PIM6 BSR 864 Figure 547 Showing PIM6 RP Mapping 865 Figure 548 Storm Control by Limiting the Traffic Rate 1244 Figure 549 Storm Control by Shut...

Страница 81: ...pping 309 Table 15 CoS Priority Levels 310 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 310 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 315 Table 18 Default Ma...

Страница 82: ...tion 705 Table 46 Show IPv6 Statistics display description 707 Table 47 Show MTU display description 712 Table 48 Options 60 66 and 67 Statements 720 Table 49 Options 55 and 124 Statements 720 Table 5...

Страница 83: ...isplay description for boundary clock 977 Table 84 show ptp information display description for transparent clock 979 Table 85 Sync E Commands 979 Table 86 Synchronous Ethernet Standards 980 Table 87...

Страница 84: ...2 information 1122 Table 120 DHCP Snooping Commands 1126 Table 121 IPv4 Source Guard Commands 1133 Table 122 IPv6 Source Guard Commands 1140 Table 123 ARP Inspection Commands 1145 Table 124 DoS Protec...

Страница 85: ...32 Table 157 show erps domain detailed display description 1333 Table 158 show erps statistics detailed display description 1334 Table 159 VLAN Commands 1337 Table 160 GVRP and Bridge Extension Comman...

Страница 86: ...s 1460 Table 191 MLD Filtering and Throttling Commands 1469 Table 192 Multicast VLAN Registration for IPv4 Commands 1478 Table 193 show mvr display description 1490 Table 194 show mvr interface displa...

Страница 87: ...w hosts display description 1623 Table 227 DHCP Commands 1625 Table 228 DHCP Client Commands 1625 Table 229 Options 60 66 and 67 Statements 1626 Table 230 Options 55 and 124 Statements 1626 Table 231...

Страница 88: ...y description 1790 Table 264 Open Shortest Path First Commands Version 3 1790 Table 265 show ip ospf display description 1812 Table 266 show ip ospf database display description 1814 Table 267 show ip...

Страница 89: ...Table 287 show ip pim rp hash display description 1949 Table 288 PIM DM and PIM SM Multicast Routing Commands 1950 Table 289 show ipv6 pim neighbor display description 1958 Table 290 show ip pim bsr...

Страница 90: ...TABLES 90...

Страница 91: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 92: ...SECTION I Getting Started 92...

Страница 93: ...r name password RADIUS TACACS Port IEEE 802 1X MAC address filtering SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Telnet SSH Web HTTPS General Security Measures AAA ARP inspection D...

Страница 94: ...Port Qualify of Service Supports Differentiated Services DiffServ Link Layer Discovery Protocol Used to discover basic information about neighboring devices Switch Clustering Supports up to 36 member...

Страница 95: ...thentication is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the E...

Страница 96: ...port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity PORT TRUNKING Ports can be combined into an aggreg...

Страница 97: ...ks SPANNING TREE ALGORITHM The switch supports these spanning tree protocols Spanning Tree Protocol STP IEEE 802 1D This protocol provides loop detection When there are multiple physical paths between...

Страница 98: ...restricting all traffic to the originating VLAN except where a connection is explicitly defined via the switch s routing service Use private VLANs to restrict traffic to pass only between data ports a...

Страница 99: ...nodes in the ring structure It can also function with IEEE 802 1ag to support link monitoring when non participating devices exist within the Ethernet ring OPERATION ADMINISTRATION AND MAINTENANCE The...

Страница 100: ...CMP uses either equal cost unicast multipaths manually configured in the static routing table or equal cost multipaths dynamically detected by the Open Shortest Path Algorithm OSPF In other words it u...

Страница 101: ...rs Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration set...

Страница 102: ...Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication D...

Страница 103: ...thm Status Enabled RSTP Defaults RSTP standard Edge Ports Disabled ERPS Status Disabled LLDP Status Enabled Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Swit...

Страница 104: ...Router Redundancy VRRP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled MLD Snooping Layer 2 IPv6 Snooping Enabled Querier Disabled Multicast VLAN Registration Disa...

Страница 105: ...lay statistics using a standard web browser such as Internet Explorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The switch s web management interface can be accessed from any com...

Страница 106: ...rol on any port for excessive broadcast multicast or unknown unicast traffic Display system information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a con...

Страница 107: ...rotocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignment via DHCP see Setting an IP Address on page 109 NOTE This...

Страница 108: ...each level To log into the CLI at the Privileged Exec level using the default user name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification...

Страница 109: ...IPv4 configuration requests to BOOTP or DHCP address allocation servers on the network or can automatically generate a unique IPv6 host address based on the local subnet address prefix received in rou...

Страница 110: ...config ip default gateway 192 168 1 254 ASSIGNING AN IPV6 ADDRESS This section describes how to configure a link local address for connectivity within the local subnet only and also how to configure...

Страница 111: ...enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time i...

Страница 112: ...onsole config interface vlan 1 Console config if ipv6 address 2001 DB8 2222 7272 64 Console config if exit Console config ipv6 default gateway 2001 DB8 2222 7272 254 Console config end Console show ip...

Страница 113: ...ddress assignments through BOOTP or DHCP It may be necessary to use this command when DHCP is configured on a VLAN and the member ports which were previously shut down are now enabled If the bootp or...

Страница 114: ...efix of FE80 This address type makes the switch accessible over IPv6 for all devices attached to the same local subnet To generate an IPv6 link local address for the switch complete the following step...

Страница 115: ...uration file based on information passed by the DHCP server it will not send any further DHCP client requests If the switch does not receive a DHCP response prior to completing the bootup process it w...

Страница 116: ...Default Option 66 option bootfile name bootfile Default Option 67 class Option66 67_1 DHCP Option 60 Vendor class two match if option vendor class identifier ecs4660 28f cfg option tftp server name 19...

Страница 117: ...need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects...

Страница 118: ...onfig CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write...

Страница 119: ...the switch operations and provides the CLI and web management interfaces See Managing System Files on page 155 for more information Diagnostic Code Software that is run during system boot up also kno...

Страница 120: ...rrent configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Ente...

Страница 121: ...n page 181 VLAN Configuration on page 225 Address Table Settings on page 263 Spanning Tree Algorithm on page 271 Congestion Control on page 295 Class of Service on page 305 Quality of Service on page...

Страница 122: ...SECTION II Web Configuration 122 Multicast Routing on page 825...

Страница 123: ...page 109 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Sett...

Страница 124: ...nfiguration parameters and statistics The default user name and password for the administrator is admin HOME PAGE When your web browser connects with the switch s web agent the home page is displayed...

Страница 125: ...f the switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control...

Страница 126: ...eral Manual Manually sets the current time 164 SNTP Configures SNTP polling interval 165 NTP Configures NTP authentication parameters 166 Configure Time Server Configures a list of NTP or SNTP servers...

Страница 127: ...igure Trunk 205 Add Creates a trunk along with the first port member 205 Show Shows the configured trunk identifiers 205 Add Member Specifies ports to group into static trunks 205 Show Member Shows th...

Страница 128: ...ts for a segmented group of ports 220 Add Assign the downlink and uplink ports to use in a segmented group 220 Show Shows the assigned ports and direction uplink downlink 220 VLAN Trunking Allows unkn...

Страница 129: ...IP Subnet 256 Add Maps IP subnet traffic to a VLAN 256 Show Shows IP subnet to VLAN mapping 256 MAC Based 258 Add Maps traffic with specified source MAC address to a VLAN 258 Show Shows source MAC add...

Страница 130: ...ast storm threshold for each interface 296 Auto Traffic Control Sets thresholds for broadcast and multicast storms which can be used to trigger configured rate limits or to shut down a port 298 Config...

Страница 131: ...326 Add Creates a class map for a type of traffic 326 Show Shows configured class maps 326 Modify Modifies the name of a class map 326 Add Rule Configures the criteria used to classify ingress traffi...

Страница 132: ...accounting settings used for various service types 355 Configure Service Sets the accounting method applied to specific interfaces for 802 1X CLI command privilege levels for the console port and for...

Страница 133: ...S Secure HTTP 378 Configure Global Enables HTTPs and specifies the UDP port to use 378 Copy Certificate Replaces the default secure site certificate 380 SSH Secure Shell 381 Configure Global Configure...

Страница 134: ...ed MAC addresses 420 Port Authentication IEEE 802 1X 423 Configure Global Enables authentication and EAPOL pass through 424 Configure Interface Sets authentication parameters for individual ports 425...

Страница 135: ...n about a remote device connected to this switch 470 Show Device Statistics 478 General Displays statistics for all connected remote devices 478 Port Trunk Displays statistics for remote devices on a...

Страница 136: ...s 506 RMON Remote Monitoring 508 Configure Global Add Alarm Sets threshold bounds for a monitored variable 509 Event Creates a response event for an alarm 511 Show Alarm Shows all configured alarms 50...

Страница 137: ...ure Maintenance Associations 560 Add Defines a unique CFM service instance identified by its parent MD the MA index the VLAN assigned to the MA and the MIP creation method 560 Configure Details Config...

Страница 138: ...fied port sets the mode to active or passive and enables the reporting of critical events or errored frame events 585 Counters Displays statistics on OAM PDUs 588 Event Log Displays the log for record...

Страница 139: ...RP protocol packet errors 766 Group Statistics Displays statistics for VRRP protocol events and errors on the specified VRRP group and interface 767 IPv6 Configuration 695 Configure Global Sets an IPv...

Страница 140: ...signated name servers 718 DHCP Dynamic Host Configuration Protocol Client Specifies the DHCP client identifier for an interface 720 Relay Specifies DHCP relay servers 721 Snooping 444 Configure Global...

Страница 141: ...t snooping 613 Multicast Router 617 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 617 Show Static Multicast Router Displays ports statically configured...

Страница 142: ...y configured as attached to a neighboring multicast router 641 Show Current Multicast Router Displays ports attached to a neighboring multicast router either through static or dynamic configuration 64...

Страница 143: ...st stream addresses 662 Show Shows multicast stream addresses 662 Associate Profile 662 Add Maps an address profile to a domain 662 Show Shows addresses profile to domain mapping 662 Configure Interfa...

Страница 144: ...assigned to an MVR VLAN the source address of the multicast services and the interfaces with active subscribers 685 Show Statistics 686 Show Query Statistics Shows statistics for query related message...

Страница 145: ...the RIP parameters set for each interface 782 Modify Modifies RIP parameters for an interface 782 Statistics Show Interface Information Shows RIP settings and statistics on RIP protocol messages 786 S...

Страница 146: ...Configures OSPF protocol settings and authentication for specified VLAN 811 Configure by Address Configures OSPF protocol settings and authentication for specified interface address 811 Show MD5 Key S...

Страница 147: ...didate 858 RP Address 859 Add Sets a static address for an RP and the associated multicast group s 859 Show Shows the static addresses configured for each RP and the associated multicast groups 859 RP...

Страница 148: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 148...

Страница 149: ...files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port Sets console port connection parameters Configuring Telnet Settings...

Страница 150: ...ubsystem System Up Time Length of time the management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator respon...

Страница 151: ...ersion Hardware version of the main board Main Power Status Displays the status of the internal power supply Redundant Power Status Displays the status of the redundant power supply Management Softwar...

Страница 152: ...process protocol encapsulation fields CLI REFERENCES jumbo frame on page 911 switchport mtu on page 1195 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a comput...

Страница 153: ...can access these extensions to display default settings for the key variables CLI REFERENCES GVRP and Bridge Extension Commands on page 1338 PARAMETERS The following parameters are displayed Extended...

Страница 154: ...status VLAN Tagged or Untagged on each port Refer to VLAN Configuration on page 225 Max Supported VLAN Numbers The maximum number of VLANs supported on this switch Max Supported VLAN ID The maximum co...

Страница 155: ...sion and then set the new file as the startup file CLI REFERENCES copy on page 914 COMMAND USAGE When logging into an FTP server the interface prompts for a user name and password configured on the re...

Страница 156: ...imited only by available flash memory space NOTE The file Factory_Default_Config cfg can be copied to a file server or management station but cannot be used as the destination file name on the switch...

Страница 157: ...or to another file which can be subsequently set as the startup file CLI REFERENCES copy on page 914 PARAMETERS The following parameters are displayed Copy Type The copy operation includes this optio...

Страница 158: ...uration If you replaced a file currently used for startup and want to start using the new file reboot the system via the System Reset menu SETTING THE START UP FILE Use the System File Set Start Up pa...

Страница 159: ...System File Show page to show the files in the system directory or to delete a file NOTE Files designated for start up and the Factory_Default_Config cfg file cannot be deleted CLI REFERENCES dir on...

Страница 160: ...name of the code stored on the remote server must be ECS4660_28F bix using upper case and lower case letters exactly as indicated here Enter the file name for other switches described in this manual e...

Страница 161: ...switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image PARAMETERS The following parameters are displayed Automatic Opcode Upgrad...

Страница 162: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL Examples The following...

Страница 163: ...3 Mark the check box to enable Automatic Opcode Upgrade 4 Enter the URL of the FTP or TFTP server and the path and directory containing the operation code 5 Click Apply Figure 11 Configuring Automati...

Страница 164: ...time server IP addresses The switch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY Use the System Time Configure General Manual page to set the system time on t...

Страница 165: ...S Time on page 944 PARAMETERS The following parameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time u...

Страница 166: ...between the switch and NTP servers Default Disabled You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers The authentication keys and their a...

Страница 167: ...address for up to three SNTP time servers CLI REFERENCES sntp server on page 946 PARAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three...

Страница 168: ...time servers configured the responses received are filtered and compared to determine the most reliable and accurate time update for the switch Version Specifies the NTP version supported by the serve...

Страница 169: ...key list CLI REFERENCES ntp authentication key on page 948 PARAMETERS The following parameters are displayed Authentication Key Specifies the number of the key in the NTP Authentication Key List to us...

Страница 170: ...ct Add NTP Authentication Key from the Action list 4 Enter the index number and MD5 authentication key string 5 Click Apply Figure 18 Adding an NTP Authentication Key To show the list of configured NT...

Страница 171: ...ou can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 955 PARAMETERS The following p...

Страница 172: ...ds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface become...

Страница 173: ...to the console connection see login on page 926 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts...

Страница 174: ...rrently opened for Telnet and Secure Shell i e both Telnet and SSH share a maximum number of eight sessions Login Timeout Sets the interval that the system waits for a user to log into the CLI If a lo...

Страница 175: ...le port 1 Click System then Telnet 2 Specify the connection parameters as required 3 Click Apply Figure 22 Telnet Connection Settings DISPLAYING CPU UTILIZATION Use the System CPU Utilization page to...

Страница 176: ...soon as a new setting is selected Figure 23 Displaying CPU Utilization DISPLAYING MEMORY UTILIZATION Use the System Memory Status page to display memory utilization parameters CLI REFERENCES show mem...

Страница 177: ...ys run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command see copy on page 914 PARAMETERS The foll...

Страница 178: ...59 At Specifies a time at which to reload the switch DD The day of the month at which to reload Range 01 31 MM The month at which to reload Range 01 12 YYYY The year at which to reload Range 1970 203...

Страница 179: ...the System 179 3 For any option other than to reset immediately fill in the required parameters 4 Click Apply 5 When prompted confirm that you want reset the switch Figure 25 Restarting the Switch Imm...

Страница 180: ...CHAPTER 4 Basic Management Tasks Resetting the System 180 Figure 27 Restarting the Switch At Figure 28 Restarting the Switch Regularly...

Страница 181: ...RMON port statistics in table or chart form Configuring History Sampling Configures statistical sampling for the specified interfaces Displaying Transceiver Data Displays identifying information and o...

Страница 182: ...ch can be advertised include speed duplex mode flow control and symmetric pause frames Using Jumbo Frames Use the jumbo frame attribute on the System Capability page to enable or disable jumbo frames...

Страница 183: ...P ports SFP Forced 100FX Always uses 1000BASE FX mode SFP Forced 1000SFP Always uses 1000BASE SFP mode SFP Forced 10GSFP Always uses 10GBASE SFP mode Autonegotiation Port Capabilities Allows auto nego...

Страница 184: ...18 bytes WEB INTERFACE To configure port connection parameters 1 Click Interface Port General 2 Select Configure by Port List from the Action List 3 Modify the required interface settings 4 Click Appl...

Страница 185: ...y Port Range DISPLAYING CONNECTION STATUS Use the Interface Port General Show Information page to display the current connection status including link state speed duplex mode flow control and auto neg...

Страница 186: ...t Figure 31 Displaying Port Information CONFIGURING LOCAL PORT MIRRORING Use the Interface Port Mirror page to mirror traffic from any source port to a target port for real time analysis You can then...

Страница 187: ...ort cannot be a trunk or trunk member port Note that Spanning Tree BPDU packets are not mirrored to the target port PARAMETERS These parameters are displayed Source Port The port whose traffic will be...

Страница 188: ...over a user specified VLAN dedicated to that RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSPAN VLAN through IEEE 802 1Q trunk or hybrid p...

Страница 189: ...g the mirror session the switch s role Destination the destination port whether or not the traffic exiting this port will be tagged or untagged and the RSPAN VLAN Then specify each uplink port where t...

Страница 190: ...ffic Intermediate Specifies this device as an intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations Destination Specifies this device as a swi...

Страница 191: ...r the same session Also note that a destination port can still send and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the...

Страница 192: ...rnet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy traffi...

Страница 193: ...s The number of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Transmitted Multicast Packets The total number of packets that h...

Страница 194: ...ss than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error Collisions The best estimate of the total number of collisions on this Ethernet seg...

Страница 195: ...t Statistics Table Utilization Statistics Input Octets in kbits per second Number of octets entering this interface in kbits second Input Packets per second Number of packets entering this interface p...

Страница 196: ...ode is chosen select a port from the drop down list If All ports statistics mode is chosen select the statistics type to display Figure 40 Showing Port Statistics Chart CONFIGURING HISTORY SAMPLING Us...

Страница 197: ...mber Range 1 28 History Name Name of sample interval Default settings 15min 1day Interval The interval for sampling statistics Requested Buckets The number of samples to take Show Details Mode Status...

Страница 198: ...ck Interface Port Statistics or Interface Trunk Statistics 2 Select Show from the Action menu 3 Select an interface from the Port or Trunk list Figure 42 Showing Entries for History Sampling To show t...

Страница 199: ...rent interval of a sample entry 1 Click Interface Port Statistics or Interface Trunk Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options for Mode 4 Select an...

Страница 200: ...ory Sample DISPLAYING TRANSCEIVER DATA Use the Interface Port Transceiver page to display identifying information and operational for optical transceivers which support Digital Diagnostic Monitoring D...

Страница 201: ...Figure 46 Displaying Transceiver Data CONFIGURING TRANSCEIVER THRESHOLDS Use the Interface Port Transceiver page to configure thresholds for alarm and warning messages for optical transceivers which s...

Страница 202: ...nsceiver s operation values falls outside of specified thresholds Default Disabled Auto Mode Uses default threshold settings obtained from the transceiver to determine when an alarm or trap message sh...

Страница 203: ...n generated another such event will not be generated until the sampled value has risen above the low threshold and reaches the high threshold Threshold events are triggered as described above to avoid...

Страница 204: ...aced in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it COMMAND USAGE Besides balancing the load across each port in the trunk the...

Страница 205: ...is switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the p...

Страница 206: ...t Add Member from the Action list 4 Select a trunk identifier 5 Set the unit and port for an additional trunk member 6 Click Apply Figure 50 Adding Static Trunks Members To configure connection parame...

Страница 207: ...Select Show Information from the Action list Figure 52 Showing Information for Static Trunks CONFIGURING A DYNAMIC TRUNK Use the Interface Trunk Dynamic pages to set the administrative key for an aggr...

Страница 208: ...rt admin key matches and 3 the LAG admin key matches if configured However if the LAG admin key is set then the port admin key must be set to the same value for a port to be allowed to join that group...

Страница 209: ...ermined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the Partner System Priority LACP system priorit...

Страница 210: ...he command attributes have the same meaning as those used for the port actor WEB INTERFACE To configure the admin key for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Aggregator...

Страница 211: ...o configure LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Partner 5...

Страница 212: ...gure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Trunk from the Step List 3 Select Configure from the Action List 4 Modify the required interface setti...

Страница 213: ...nters 5 Select a group member from the Port list Table 8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of va...

Страница 214: ...CPDU information Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive m...

Страница 215: ...ist 4 Click Internal 5 Select a group member from the Port list Figure 61 Displaying LACP Port Internal Information Aggregation The system considers this link to be aggregatable i e a potential candid...

Страница 216: ...on Information Parameter Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Por...

Страница 217: ...IP Address All traffic with the same destination IP address is output on the same link in a trunk This mode works best for switch to router trunk links where traffic through the switch is destined fo...

Страница 218: ...C Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from man...

Страница 219: ...rd traffic through the uplink ports used by other clients allowing different clients to share access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION...

Страница 220: ...ownlink ports assigned to different client sessions is shown below When traffic segmentation is disabled all ports operate in normal forwarding mode based on the settings specified by other functions...

Страница 221: ...These parameters are displayed Session ID Traffic segmentation session Range 1 4 Direction Adds an interface to the segmented group by setting the direction to uplink or downlink Default Uplink Interf...

Страница 222: ...ge 1350 COMMAND USAGE Use this feature to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1...

Страница 223: ...instance either STP RSTP or an MSTP instance depending on the selected STA mode If both VLAN trunking and ingress filtering are disabled on an interface packets with unknown VLAN tags will still be al...

Страница 224: ...CHAPTER 5 Interface Configuration VLAN Trunking 224 Figure 68 Configuring VLAN Trunking...

Страница 225: ...ound in the IP MAC address to VLAN mapping table VLAN Translation Maps VLAN IDs between the customer and the service provider IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast...

Страница 226: ...oup s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate...

Страница 227: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Страница 228: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Страница 229: ...3 configuration and reserves memory space required to maintain additional information about this interface type This parameter must be enabled before you can assign an IP address to a VLAN Show VLAN...

Страница 230: ...fy the configuration settings for VLAN groups 1 Click VLAN Static 2 Select Modify from the Action list 3 Select the identifier of a configured VLAN 4 Modify the VLAN name operational status or Layer 3...

Страница 231: ...ces or untagged they are not connected to any VLAN aware devices Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol CLI REFERENCES Conf...

Страница 232: ...ed for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives f...

Страница 233: ...shown below Port Range Displays a list of ports Range 1 28 Trunk Range Displays a list of ports Range 1 8 NOTE The PVID acceptable frame type and ingress filtering parameters for each interface withi...

Страница 234: ...VLAN Static 2 Select Edit Member by Interface from the Action list 3 Select a port or trunk configure 4 Modify the settings for any interface as required 5 Click Apply Figure 75 Configuring Static VLA...

Страница 235: ...switch or to enable GVRP and adjust the protocol timers per interface CLI REFERENCES GVRP and Bridge Extension Commands on page 1338 Configuring VLAN Interfaces on page 1345 PARAMETERS These paramete...

Страница 236: ...s can rejoin before the port actually leaves the group Range 60 3000 centiseconds Default 60 LeaveAll The interval between sending out a LeaveAll query message for VLAN group participants and the port...

Страница 237: ...ic 2 Select Configure Interface from the Step list 3 Set the Interface type to display as Port or Trunk 4 Modify the GVRP status or timers for any interface 5 Click Apply Figure 78 Configuring GVRP fo...

Страница 238: ...oups A primary VLAN contains promiscuous ports that can communicate with all other ports in the associated private VLAN groups while a community or secondary VLAN contains community ports that can onl...

Страница 239: ...to a primary VLAN and any host ports a community VLAN CREATING PRIVATE VLANS Use the VLAN Private Configure VLAN Add page to create primary or community VLANs CLI REFERENCES private vlan on page 1367...

Страница 240: ...wing Private VLANs NOTE All member ports must be removed from the VLAN before it can be deleted ASSOCIATING PRIVATE VLANS Use the VLAN Private Configure VLAN Add Community VLAN page to associate each...

Страница 241: ...elect an entry from the Community VLAN list to associate it with the selected primary VLAN Note that a community VLAN can only be associated with one primary VLAN 6 Click Apply Figure 83 Associating P...

Страница 242: ...promiscuous port s Promiscuous A promiscuous port can communicate with all interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and co...

Страница 243: ...re intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 QinQ tunneling uses a single Service Provider VLAN SPVLAN for customers who have multiple VLANs Cu...

Страница 244: ...the egress process transmits the packet Packets entering a QinQ tunnel port are processed in the following manner 1 An SPVLAN tag is added to all outbound packets on the SPVLAN interface no matter ho...

Страница 245: ...native tag is added to the packet This outer tag is used for learning and switching packets within the service provider s network The TPID must be configured on a per port basis and the verification...

Страница 246: ...provider network There are some inherent incompatibilities between Layer 2 and Layer 3 switching Tunnel ports do not support IP Access Control Lists Layer 3 Quality of Service QoS and other QoS featur...

Страница 247: ...e hexadecimal 8000 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value for the 802 1Q Tunnel TPID This feature allows the switch to interoperate with third party switches that do n...

Страница 248: ...ag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods of queue management at intermediate nodes ac...

Страница 249: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 88 Configuring CVLAN to SPVLAN Mapp...

Страница 250: ...e attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set t...

Страница 251: ...ired protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets COMMAND USAGE To configure protocol based VLANs...

Страница 252: ...VLAN Group Range 1 2147483647 NOTE Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet tra...

Страница 253: ...he VLAN Protocol Configure Interface Add page to map a protocol group to a VLAN for each interface that will participate in the group CLI REFERENCES protocol vlan protocol group Configuring Interfaces...

Страница 254: ...r this interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range 1 28 Trunk Trunk Identifier Range 1 8 Protocol Group ID Protocol Grou...

Страница 255: ...nterfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a po...

Страница 256: ...P subnet consists of an IP address and a mask The specified VLAN need not be an existing VLAN When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLA...

Страница 257: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 258: ...resses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last...

Страница 259: ...g VLAN Translation on page 1364 COMMAND USAGE QinQ tunneling uses double tagging to preserve the customer s VLAN tags on traffic crossing the service provider s network However if any switch in the pa...

Страница 260: ...uality of Service QoS processes QinQ MAC based VLANs VLAN translation or traps If VLAN translation is set on an interface and the same interface is also configured as a QinQ access port on the VLAN Tu...

Страница 261: ...figuring VLAN Translation 261 Figure 100 Configuring VLAN Translation To show the mapping entries for VLANs translation 1 Click VLAN Translation 2 Select Show from the Action list Figure 101 Showing t...

Страница 262: ...CHAPTER 6 VLAN Configuration Configuring VLAN Translation 262...

Страница 263: ...MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on page 1090 COMMAND USAGE When MAC address learnin...

Страница 264: ...ity Status see Configuring Port Security on page 420 is enabled on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range...

Страница 265: ...ollowing characteristics Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be writt...

Страница 266: ...the Action list 3 Specify the VLAN the port or trunk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 103 Configuring Static MAC Addresses...

Страница 267: ...ess table aging time on page 1271 PARAMETERS These parameters are displayed Aging Status Enables disables the function Aging Time The time after which a learned entry is discarded Range 10 1000000 sec...

Страница 268: ...RENCES show mac address table on page 1273 PARAMETERS These parameters are displayed Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk MAC Address Ph...

Страница 269: ...parameters are displayed Clear by All entries can be cleared or you can clear the entries for a specific MAC address all the entries in a VLAN or all the entries associated with a port or trunk WEB I...

Страница 270: ...CHAPTER 7 Address Table Settings Clearing the Dynamic Address Table 270 Figure 107 Clearing Entries in the Dynamic MAC Address Table...

Страница 271: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 272: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 273: ...cations with STP or RSTP nodes in the global network Figure 110 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a single Commo...

Страница 274: ...loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection wi...

Страница 275: ...e will be automatically enabled when the shutdown interval has expired If an interface is shut down due to a detected loopback and the release mode is set to Manual the interface can be re enabled usi...

Страница 276: ...he RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridg...

Страница 277: ...oot device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 R...

Страница 278: ...rovided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Referenc...

Страница 279: ...Region Name2 The name for this MSTI Maximum length 32 characters switch s MAC address Max Hop Count The maximum number of hops allowed in the MST region before a BPDU is discarded Range 1 40 Default 2...

Страница 280: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 280 Figure 112 Configuring Global Settings for STA STP Figure 113 Configuring Global Settings for STA RSTP...

Страница 281: ...ing tree on page 1302 show spanning tree mst configuration on page 1304 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique ide...

Страница 282: ...CE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 115 Displaying Global Settings for STA CO...

Страница 283: ...Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter is used by the...

Страница 284: ...Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild addre...

Страница 285: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Страница 286: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Страница 287: ...designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tre...

Страница 288: ...Step list 3 Select Show Information from the Action list Figure 118 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 289: ...bridges within the same MSTI Region page 276 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Страница 290: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Страница 291: ...e priority for an MSTP Instance 5 Click Apply Figure 121 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Страница 292: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 12...

Страница 293: ...t in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree Th...

Страница 294: ...trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Figure 125 Co...

Страница 295: ...se the Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interfac...

Страница 296: ...e the Traffic Storm Control page to configure broadcast multicast and unknown unicast storm control thresholds Traffic storms may occur when a device on your network is malfunctioning or if applicatio...

Страница 297: ...interface may lead to unexpected results It is therefore not advisable to use both of these commands on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports...

Страница 298: ...grams Figure 129 Storm Control by Limiting the Traffic Rate Storm Alarm FireTRAP Alarm Fire Threshold 1 255kpps AlarmClear Threshold 1 255kpps Traffic kpps Time Traffic without storm control Traffic w...

Страница 299: ...ffic Control Release Trap sent and logged Note that if the control action has shut down a port it can only be manually re enabled using Manual Control Release see page 301 The traffic control response...

Страница 300: ...e it must be manually re enabled using the Manual Control Release see page 301 PARAMETERS These parameters are displayed in the web interface Broadcast Apply Timer The interval after the upper thresho...

Страница 301: ...d Automatic storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be a...

Страница 302: ...packets per second Default 128 Kpps If rate limiting has been configured as a control response and Auto Control Release is enabled rate limiting will be discontinued after the traffic rate has fallen...

Страница 303: ...matic Traffic Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response...

Страница 304: ...CHAPTER 9 Congestion Control Automatic Traffic Control 304...

Страница 305: ...cessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Страница 306: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 133 Setting the Default Port Priority...

Страница 307: ...rity value Service time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode...

Страница 308: ...ned to queues 0 7 respectively WEB INTERFACE To configure the queue mode 1 Click Traffic Priority Queue 2 Select a port or trunk 3 Set the queue mode 4 If the weighted queue mode is selected the queue...

Страница 309: ...riority Weighted Round Robin WRR or a combination of strict and weighted queuing Up to eight separate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to re...

Страница 310: ...ange 0 7 where 7 is the highest priority Queue Output queue buffer Range 0 7 where 7 is the highest CoS priority queue WEB INTERFACE To map internal PHB to hardware queues 1 Click Traffic Priority PHB...

Страница 311: ...assigned output queue the mapping done on this page can effectively determine the service priority for different traffic classes 5 Click Apply Figure 137 Mapping CoS Values to Egress Queues To show t...

Страница 312: ...used to determine the hardware queues used for egress traffic not to replace the priority values These defaults are designed to optimize priority services for the majority of network applications It...

Страница 313: ...METERS These parameters are displayed Interface Specifies a port or trunk Trust Mode CoS Maps layer 3 4 priorities using Class of Service values This is the default setting DSCP Maps layer 3 4 priorit...

Страница 314: ...ity mapping mode is set to DSCP see page 312 and the ingress packet type is IPv4 Any attempt to configure the DSCP mutation map will not be accepted by the switch unless the trust mode has been set to...

Страница 315: ...s dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3 3 4 0 4 1 4 0 4 3 4 0 4 1 4 0 4 3 4 5...

Страница 316: ...p to eight CoS CFI paired values per hop behavior and drop precedence If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used...

Страница 317: ...ed for controlling traffic congestion Range 0 Green 3 Yellow 1 Red WEB INTERFACE To map CoS CFI values to internal PHB drop precedence 1 Click Traffic Priority CoS to DSCP 2 Select Configure from the...

Страница 318: ...er 2 interface CLI REFERENCES qos map dscp cos on page 1395 COMMAND USAGE Enter any per hop behavior and drop precedence pair within the internal priority map and then enter the corresponding CoS CFI...

Страница 319: ...values in the web interface 1 Click Traffic Priority DSCP to CoS 1 Select Configure from the Action list 2 Select a port 3 Select any PHB and drop precedence pair within the internal priority map and...

Страница 320: ...rocessing The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest p...

Страница 321: ...rt Specifies a port IP Precedence IP Precedence value in ingress packets Range 0 7 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for cont...

Страница 322: ...ng IP Precedence to DSCP Internal Mapping To show the IP Precedence to internal PHB drop precedence map in the web interface 1 Click Traffic Priority IP Precedence to DSCP 2 Select Show from the Actio...

Страница 323: ...t 23 and POP3 110 No default mapping is defined for ingress TCP UDP port types PARAMETERS These parameters are displayed in the web interface Port Specifies a port IP Protocol TCP Transport Control Pr...

Страница 324: ...Port Number to DSCP Internal Mapping To show the TCP UDP port number to per hop behavior and drop precedence map in the web interface 1 Click Traffic Priority IP Port to DSCP 2 Select Show from the A...

Страница 325: ...ferent kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets i...

Страница 326: ...configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to as...

Страница 327: ...ntrol list Any type of ACL can be specified including standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP v...

Страница 328: ...edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic f...

Страница 329: ...A policy map is then configured which indicates the boundary parameters used for monitoring inbound traffic and the action to take for conforming and non conforming traffic A policy map may contain on...

Страница 330: ...size and red otherwise The meter operates in one of two modes In the color blind mode the meter assumes that the packet stream is uncolored In color aware mode the meter assumes that some preceding en...

Страница 331: ...throughput exceeding the maximum throughput or exceeding the peak burst size The PHB label is composed of five bits three bits for per hop behavior and two bits for the color scheme used to control qu...

Страница 332: ...Tp is decremented by B else the packet is green and both Tp and Tc are decremented by B The trTCM can be used to mark a IP packet stream in a service where different decreasing levels of assurances ei...

Страница 333: ...ximum throughput burst rate and the action that results from a policy violation Meter Mode Selects one of the following policing methods Flow Police Flow Defines the committed information rate CIR or...

Страница 334: ...ts are pre colored The functional differences between these modes is described at the beginning of this section under srTCM Police Meter Committed Information Rate CIR Rate in kilobits per second Rang...

Страница 335: ...op precedence of a packet The color modes include Color Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional d...

Страница 336: ...t of conformance traffic Violate Specifies whether the traffic that exceeds the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority...

Страница 337: ...p list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigned to the matching...

Страница 338: ...Policies 338 Figure 156 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Страница 339: ...ervice policy to the required interface PARAMETERS These parameters are displayed Port Specifies a port Ingress Applies the selected rule to ingress traffic Egress Applies the selected rule to egress...

Страница 340: ...CHAPTER 11 Quality of Service Attaching a Policy Map to a Port 340...

Страница 341: ...acket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP...

Страница 342: ...hip is not set to access mode see Adding Static Members to VLANs on page 231 PARAMETERS These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch p...

Страница 343: ...I REFERENCES Configuring Voice VLANs on page 1379 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 8...

Страница 344: ...fine a MAC address range 6 Enter a description for the devices 7 Click Apply Figure 160 Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment 1 Click Traffic VoIP 2 Sel...

Страница 345: ...Auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port You must select a method for detecting VoIP traffic either OUI or 802 1ab LLDP When OUI is se...

Страница 346: ...ning Age starts to count down when the OUI s MAC address expires from the MAC address table Therefore the MAC address aging time should be added to the overall aging time For example if you configure...

Страница 347: ...ork Access authentication methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure...

Страница 348: ...Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for services that us...

Страница 349: ...access based on user names and passwords manually configured on the switch Remote authentication uses a remote access authentication server based on RADIUS or TACACS protocols to verify management ac...

Страница 350: ...urity AAA Server page to configure the message exchange parameters for RADIUS or TACACS remote access authentication servers Remote Authentication Dial in User Service RADIUS and Terminal Access Contr...

Страница 351: ...the authentication server The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client This switch can pass authe...

Страница 352: ...pecifies the index number of the server to be configured The switch currently supports only one TACACS server Server IP Address Address of the TACACS server A Server Index entry must be selected to di...

Страница 353: ...fined see Configuring Local Remote Logon Authentication on page 349 WEB INTERFACE To configure the parameters for RADIUS or TACACS authentication 1 Click Security AAA Server 2 Select Configure Server...

Страница 354: ...TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server...

Страница 355: ...accounting methods the methods applied to specific interfaces and basic accounting information recorded for user sessions CLI REFERENCES AAA on page 1044 COMMAND USAGE AAA authentication through a RAD...

Страница 356: ...ame refers to a server group configured on the Security AAA Server Configure Group page Configure Service Accounting Type Specifies the service as 802 1X Command or Exec as described in the preceding...

Страница 357: ...Displays the receive port number through which this user accessed the switch Time Elapsed Displays the length of time this entry has been active WEB INTERFACE To configure global settings for AAA acc...

Страница 358: ...elect Add from the Action list 4 Select the accounting type 802 1X Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 170 Configuring AAA Accounting Methods To...

Страница 359: ...fic privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3 Select the accounting type 802 1X Exec 4 Enter the requ...

Страница 360: ...nformation and statistics recorded for user sessions 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Statistics Figure 175 Displaying Statistics for AAA Accounting...

Страница 361: ...cal Remote Logon Authentication on page 349 Any other group name refers to a server group configured on the TACACS Group Settings page Authorization is only supported for TACACS servers Configure Serv...

Страница 362: ...nd server group name 4 Click Apply Figure 176 Configuring AAA Authorization Methods To show the authorization method applied to the EXEC service type and the assigned server group 1 Click Security AAA...

Страница 363: ...ation Method CONFIGURING USER ACCOUNTS Use the Security User Accounts page to control management access to the switch based on manually configured user names and passwords CLI REFERENCES User Accounts...

Страница 364: ...word is required for this user to log in Plain Password Plain text unencrypted password Encrypted Password Encrypted password The encrypted password is required for compatibility with legacy password...

Страница 365: ...on are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP...

Страница 366: ...e enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Range 300 3600...

Страница 367: ...s for the port Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply En...

Страница 368: ...ork properly See Configuring Remote Logon Authentication Servers on page 350 NOTE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access MAC Address Authentication on pag...

Страница 369: ...the RADIUS server Tunnel Type VLAN Tunnel Medium Type 802 Tunnel Private Group ID 1u 2t VLAN ID list The VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute The VLAN list...

Страница 370: ...ion result remains unchanged The Filter ID attribute cannot be found to carry the user profile The Filter ID attribute is empty The Filter ID attribute format for dynamic QoS assignment is unrecogniza...

Страница 371: ...addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authentication as described on page 425 Authenticated MAC addresses are stored as dynamic...

Страница 372: ...number of MAC addresses that can be authenticated on a port via MAC authentication that is the Network Access process described in this section Range 1 1024 Default 1024 Network Access Max MAC Count4...

Страница 373: ...assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses mapped to that port are cleared from the secure MAC address table Dynami...

Страница 374: ...ERS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condition The link event type which will trigger the port action Link up On...

Страница 375: ...e to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port C...

Страница 376: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Страница 377: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Страница 378: ...ES Web Server on page 1051 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Страница 379: ...ARAMETERS These parameters are displayed HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used for HTTPS connec...

Страница 380: ...efault certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them on your TFTP server and transfer them to the switch to replace the default un...

Страница 381: ...ell and rcp remote copy are not secure from hostile attacks Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SSH can als...

Страница 382: ...appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 765468017262...

Страница 383: ...1 5 Clients a The client sends its RSA public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses its secret key to generate...

Страница 384: ...page 1057 PARAMETERS These parameters are displayed SSH Server Status Allows you to enable disable the SSH server on the switch Default Disabled Version The Secure Shell version number Version 2 0 is...

Страница 385: ...After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the section Importing User Public Keys on page 387 N...

Страница 386: ...emory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Default Disabled WEB INTERFACE To generate the S...

Страница 387: ...r the user to be able to log in using the public key authentication mechanism If the user s public key does not exist on the switch SSH will revert to the interactive password authentication mechanism...

Страница 388: ...on 2 for SSHv2 clients TFTP Server IP Address The IP address of the TFTP server that contains the public key file you wish to import Source File Name The public key file to upload WEB INTERFACE To cop...

Страница 389: ...ocol port number or TCP control code IPv6 frames based on address DSCP next header type or flow label or any frames based on MAC address or Ethernet type To filter incoming packets first create an acc...

Страница 390: ...yed before writing the ACE into TCAM the software compresses the ACEs to reduce the number of required TCAM entries For example one ACL may include 128 ACEs which classify a continuous IP address rang...

Страница 391: ...and one of the periodic time ranges PARAMETERS These parameters are displayed Add Time Range Name Name of a time range Range 1 30 characters Add Rule Time Range Name of a time range Mode Absolute Spe...

Страница 392: ...t 3 Select Show from the Action list Figure 198 Showing a List of Time Ranges To configure a rule for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Add Ru...

Страница 393: ...3 Figure 199 Add a Rule to a Time Range To show the rules configured for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Show Rule from the Action list Figu...

Страница 394: ...s VLAN translation or traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when setting an IP Source Guard filter rule for a port the system will also use two PCEs...

Страница 395: ...s packets based on the source or destination IPv4 address as well as the protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP contr...

Страница 396: ...CL 2 Select Configure ACL from the Step list 3 Select Add from the Action list 4 Fill in the ACL Name field and select the ACL type 5 Click Apply Figure 202 Creating an ACL To show a list of ACLs 1 Cl...

Страница 397: ...Address and Subnet Mask fields Options Any Host IP Default Any Source IP Address Source IP address Source Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period Th...

Страница 398: ...matching the selected type Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address type Use Any to include all...

Страница 399: ...bits to match Range 0 63 The control bit mask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means t...

Страница 400: ...l type or control code 10 Click Apply Figure 205 Configuring an Extended IPv4 ACL CONFIGURING A STANDARD IPV6 ACL Use the Security ACL Configure ACL Add Rule IPv6 Standard page to configure a Standard...

Страница 401: ...e appropriate number of zeros required to fill the undefined fields Source Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the ne...

Страница 402: ...ation of permit or deny rules Destination Address Type Specifies the destination IP address type Use Any to include all possible addresses or IPv6 Prefix to specify a range of addresses Options Any IP...

Страница 403: ...t be chosen pseudo randomly and uniformly from the range 1 to FFFFF hexadecimal The purpose of the random allocation is to make any set of bits within the Flow Label field suitable for use as a hash k...

Страница 404: ...type or flow label 10 Click Apply Figure 207 Configuring an Extended IPv6 ACL CONFIGURING A MAC ACL Use the Security ACL Configure ACL Add Rule MAC page to configure a MAC ACL based on hardware addres...

Страница 405: ...802 3 packets Tagged eth2 Tagged Ethernet II packets Tagged 802 3 Tagged Ethernet 802 3 packets VID VLAN ID Range 1 4094 VID Bit Mask VLAN bit mask Range 0 4095 Ethernet Type This option can only be...

Страница 406: ...to configure ACLs based on ARP message addresses ARP Inspection can then use these ACLs to filter suspicious traffic see Configuring Global Settings for ARP Inspection on page 411 CLI REFERENCES permi...

Страница 407: ...MAC to specify an address range with the Address and Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination MAC Bit Mask Hexad...

Страница 408: ...REFERENCES ip access group on page 1168 show ip access group on page 1169 mac access group on page 1179 show mac access group on page 1180 Time Range on page 957 PARAMETERS These parameters are displa...

Страница 409: ...CLI REFERENCES show access list on page 1185 PARAMETERS These parameters are displayed Port Port identifier Range 1 12 Type ACL type IP Standard IP Extended MAC IPv6 Standard or IPv6 Extended Directi...

Страница 410: ...the middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appr...

Страница 411: ...not affect the ARP Inspection configuration of any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration changes will...

Страница 412: ...e controlled basis After the system message is generated the entry is cleared from the log buffer Each log entry contains flow information such as the receiving VLAN the port number the source and des...

Страница 413: ...ACE To configure global settings for ARP Inspection 1 Click Security ARP Inspection 2 Select Configure General from the Step list 3 Enable ARP inspection globally enable any of the address validation...

Страница 414: ...database determines their validity PARAMETERS These parameters are displayed ARP Inspection VLAN ID Selects any configured VLAN Default 1 ARP Inspection VLAN Status Enables ARP Inspection for the sele...

Страница 415: ...ports are subject to ARP packet rate limiting and all trusted ports are exempt from ARP packet rate limiting Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Valida...

Страница 416: ...asons CLI REFERENCES show ip arp inspection statistics on page 1153 PARAMETERS These parameters are displayed Table 24 ARP Inspection Statistics Parameter Description Received ARP packets before ARP i...

Страница 417: ...VLAN port and address components CLI REFERENCES show ip arp inspection log on page 1153 PARAMETERS These parameters are displayed ARP packets dropped by additional validation IP Count of ARP packets...

Страница 418: ...to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch f...

Страница 419: ...th the start address and end address PARAMETERS These parameters are displayed Mode Web Configures IP address es for the web group SNMP Configures IP address es for the SNMP group Telnet Configures IP...

Страница 420: ...hen port security is enabled on a port the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number Only incoming traffic with source addresses alr...

Страница 421: ...aximum number of allowed addresses are set to a non zero value any device not in the address table that attempts to use the port will be prevented from accessing the switch If a port is disabled shut...

Страница 422: ...dress filtering has been set under Security Network Access Configure MAC Filter as described on page 375 MAC Filter ID The identifier for a MAC address filter Last Intrusion MAC The last unauthorized...

Страница 423: ...he client The EAP packet from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending o...

Страница 424: ...er comparable client software CONFIGURING 802 1X GLOBAL SETTINGS Use the Security Port Authentication Configure Global page to configure IEEE 802 1X port authentication The 802 1X protocol must be ena...

Страница 425: ...2 1X port settings for the switch as the local authenticator When 802 1X is enabled you need to configure the parameters for the authentication process that runs between the client and the switch i e...

Страница 426: ...deny access to all clients either dot1x aware or otherwise Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Default Single Host Single Host Allows only a...

Страница 427: ...to the client during an active connection as required for reauthentication Server Timeout Sets the time that a switch port waits for a response to an EAP request from an authentication server before r...

Страница 428: ...cation Server Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without recei...

Страница 429: ...Statistics Parameter Description Authenticator Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that hav...

Страница 430: ...he number of valid EAPOL frames of any type that have been received by this Supplicant Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Supplicant R...

Страница 431: ...e most of its resources so that it can no longer provide its intended service or to obstruct the communication media between the intended users and the target so that they can no longer communicate ad...

Страница 432: ...igured TCP packets which contain a sequence number of 0 and the URG PSH and FIN flags If the target s TCP port is closed the target replies with a TCP RST packet If the target TCP port is open it simp...

Страница 433: ...ooping on page 444 or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address SIP option or both its IP address and corresponding MAC...

Страница 434: ...ored in the binding table Max Binding Entry The maximum number of entries that can be bound to an interface Range 1 5 Default 5 This parameter sets the maximum number of address entries that can be ma...

Страница 435: ...the same VLAN ID and MAC address a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entr...

Страница 436: ...ure static bindings for IP Source Guard 1 Click Security IP Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 Click Apply Figure 226 Con...

Страница 437: ...VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Dynamic Binding List VLAN VLAN to which this entry is bound MAC Addre...

Страница 438: ...ration page to filter inbound traffic based on the source IPv6 address stored in the binding table IPv6 Source Guard is used to filter traffic on an insecure port which receives messages from outside...

Страница 439: ...ry is found in the binding table and the entry type is static IPv6 source guard binding the packet will be forwarded If ND snooping or DHCP snooping is enabled IPv6 source guard will check the VLAN ID...

Страница 440: ...ded to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries lear...

Страница 441: ...eplace the old one If there is an entry with same MAC address and IPv6 address and the type of the entry is either a dynamic ND snooping binding or DHCPv6 snooping binding then the new entry will repl...

Страница 442: ...B INTERFACE To configure static bindings for IPv6 Source Guard 1 Click Security IPv6 Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 C...

Страница 443: ...D of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IPv6 Address A valid global unicast IPv6 address Dynamic Binding List VLAN VLAN to which this entry is bound MAC Address Phy...

Страница 444: ...aces An entry is added or removed dynamically to the DHCP snooping table when a client receives or releases an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLA...

Страница 445: ...lf to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any m...

Страница 446: ...on CLI REFERENCES DHCPv4 Snooping on page 1115 PARAMETERS These parameters are displayed DHCP Snooping Status Enables DHCP snooping globally Default Disabled DHCP Snooping MAC Address Verification Ena...

Страница 447: ...s to trusted ports Replace Replaces the Option 82 information circuit id and remote id fields in the client s request with information about the relay agent itself inserts the relay agent s address wh...

Страница 448: ...g is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table PARAMETERS Th...

Страница 449: ...a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other...

Страница 450: ...this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN to which this entry is bound Interface Port or trunk...

Страница 451: ...1 WEB INTERFACE To display the binding table for DHCP Snooping 1 Click IP Service DHCP Snooping 2 Select Show Information from the Step list 3 Use the Store or Clear function if required Figure 236 Di...

Страница 452: ...CHAPTER 13 Security Measures DHCP Snooping 452...

Страница 453: ...ion of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized management by a single unit over a group of switches connected to the sam...

Страница 454: ...sh or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 933 PARAMETERS These parameters are displayed S...

Страница 455: ...source WEB INTERFACE To configure the logging of error messages to system memory 1 Click Administration Log System 2 Select Configure Global from the Step list 3 Enable or disable system logging set...

Страница 456: ...ages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facili...

Страница 457: ...ggered by logging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients CLI REFERENCES SMTP Alerts on page 940 PARAM...

Страница 458: ...the minimum severity level Specify the source and destination email addresses and one or more SMTP servers 3 Click Apply Figure 240 Configuring SMTP Alert Messages LINK LAYER DISCOVERY PROTOCOL Link L...

Страница 459: ...ult 30 seconds Hold Time Multiplier Configures the time to live TTL value sent in LLDP advertisements as shown in the formula below Range 2 10 Default 4 The time to live tells the receiving LLDP agent...

Страница 460: ...astChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss MED Fast Start Count Configures the amount of LLDP MED Fast Start LLDPDUs to transmit...

Страница 461: ...fying Trap Managers on page 500 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a trap noti...

Страница 462: ...full name and version identification of the system s hardware type software operating system and networking software System Name The system name is taken from the sysName object in RFC 3418 which con...

Страница 463: ...advertises device details useful for inventory management such as manufacturer model software version and other pertinent information Location This option advertises location identification details Ne...

Страница 464: ...GURING LLDP INTERFACE CIVIC ADDRESS Use the Administration LLDP Configure Interface Add CA Type page to specify the physical location of the device attached to an interface CLI REFERENCES lldp med loc...

Страница 465: ...n LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interface from the Port or Trunk list 5 Specify a CA Type and CA Value pair 6 Click Apply T...

Страница 466: ...al ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field Chassis ID An octet string indicating the speci...

Страница 467: ...ly to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Trunk Description A string that indicates the port or trunk description If R...

Страница 468: ...the interface LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory WEB INTERFACE To display LLDP information for the local devic...

Страница 469: ...tocols Link Layer Discovery Protocol 469 Figure 244 Displaying Local Device Information for LLDP General Figure 245 Displaying Local Device Information for LLDP Port Figure 246 Displaying Local Device...

Страница 470: ...e system s administratively assigned name Port Details Port Port identifier on local switch Remote Index Index of remote device attached to this port Local Port The local port to which a remote LLDP c...

Страница 471: ...ed frames are associated Remote Port Protocol VLAN List The port based protocol VLANs configured on this interface whether the given port associated with the remote system supports port based protocol...

Страница 472: ...re in use and Spare means that the spare pairs only are in use Remote Power MDI Supported Shows whether MDI power is supported on the given port associated with the remote system Remote Power Pair Con...

Страница 473: ...in octets on the port component associated with the remote system Port Details LLDP MED Capability 6 Device Class Any of the following categories of endpoint devices Class 1 The most basic class of e...

Страница 474: ...ired by the device but is currently unknown VLAN ID The VLAN identifier VID for the port as defined in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that...

Страница 475: ...n PSE Local PSE and Local PSE Unknown Primary Power Source Backup Power Source Power conservation mode Power Value The total power in watts required by a PD device from a PSE device or the total power...

Страница 476: ...port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or Trunk Details 4 When the next page opens select a port on this switch a...

Страница 477: ...CHAPTER 14 Basic Administration Protocols Link Layer Discovery Protocol 477 Figure 248 Displaying Remote Device Information for LLDP Port Details...

Страница 478: ...P capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1560 PARAMETERS These parameter...

Страница 479: ...TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count...

Страница 480: ...nt as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A de...

Страница 481: ...ups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings NOTE The predefined default groups and view can be deleted...

Страница 482: ...page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want t...

Страница 483: ...rap types 4 Click Apply Figure 252 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engine ID An SNM...

Страница 484: ...ed WEB INTERFACE To configure the local SNMP engine ID 1 Click Administration SNMP 2 Select Configure Engine from the Step list 3 Select Set Engine ID from the Action list 4 Enter an ID of a least 9 h...

Страница 485: ...l format If an odd number of characters are specified a trailing zero is added to the value to fill in the last octet For example the value 123456789 is equivalent to 1234567890 Remote IP Host The IP...

Страница 486: ...anch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the object identi...

Страница 487: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 257 Showing SNMP...

Страница 488: ...an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Страница 489: ...of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the group...

Страница 490: ...dicated by the included value of ifOperStatus linkUp 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its c...

Страница 491: ...0 75 When multicast storm is detected as normal traffic this trap is fired swAtcMcastStormTcApplyTrap 1 3 6 1 4 1 259 10 1 10 2 1 0 76 When ATC is activated this trap is fired swAtcMcastStormTcRelease...

Страница 492: ...D lbdRecoveryTrap 1 3 6 1 4 1 259 10 1 10 2 1 0 142 This trap is sent when a recovery is done by LBD sfpThresholdAlarmWarnTrap 1 3 6 1 4 1 259 10 1 10 2 1 0 189 This trap is sent when the sfp s A D qu...

Страница 493: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 260 Creating an SN...

Страница 494: ...ssword and permits access to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string...

Страница 495: ...be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view CLI REFERENCES snmp server user on page 1007 PARAMETERS T...

Страница 496: ...t DES is currently available Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a local SNMPv3 user 1 Click Administration SNMP 2 Select Configure User fr...

Страница 497: ...notify view CLI REFERENCES snmp server user on page 1007 COMMAND USAGE To grant management access to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent...

Страница 498: ...minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text...

Страница 499: ...anagement Protocol 499 Figure 266 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Страница 500: ...s received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider...

Страница 501: ...receive notification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Infor...

Страница 502: ...ange 0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specif...

Страница 503: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Страница 504: ...ers CREATING SNMP NOTIFICATION LOGS Use the Administration SNMP Configure Notify Filter Add page to create an SNMP notification log CLI REFERENCES nlm on page 1012 snmp server notify filter on page 10...

Страница 505: ...ed Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry agi...

Страница 506: ...inistration SNMP Show Statistics page to show counters for SNMP input and output protocol data units CLI REFERENCES show snmp on page 999 PARAMETERS The following counters are displayed SNMP packets i...

Страница 507: ...the SNMP protocol entity Set request PDUs The total number of SNMP Set Request PDUs which have been accepted and processed or generated by the SNMP protocol entity SNMP packets output The total numbe...

Страница 508: ...automatically notify the network administrator of a failure and provide historical information about the event If it cannot connect to the management agent it will continue to perform any specified ta...

Страница 509: ...ay be sampled Note that etherStatsEntry n uniquely defines the MIB variable and etherStatsEntry n n defines the MIB variable plus the etherStatsIndex For example 1 3 6 1 2 1 16 1 1 1 6 1 denotes ether...

Страница 510: ...lling Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing below the falling threshold If there is no corresponding entry in the event control...

Страница 511: ...red The response can include logging the alarm or sending a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems CLI REFERENCE...

Страница 512: ...and v2c hosts Although the community string can be set on this configuration page it is recommended that it be defined on the SNMP trap configuration page see Setting Community Access Strings on page...

Страница 513: ...MON Configure Interface Add History page to collect statistics on a physical interface to monitor network utilization packet types and errors A historical record of activity can be used to track down...

Страница 514: ...e Show nor Show Details page for the port to which is normally assigned For example if control entry 15 is assigned to port 5 this index entry will be removed from the Show and Show Details page for p...

Страница 515: ...Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 280 Showing Configured RMON History S...

Страница 516: ...istics collection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each entry includes input octets packets broadcast packets m...

Страница 517: ...index number and the name of the owner for this entry 7 Click Apply Figure 282 Configuring an RMON Statistical Sample To show configured RMON statistical samples 1 Click Administration RMON 2 Select C...

Страница 518: ...t Switches that support clustering can be grouped together regardless of physical location or switch type as long as they are connected to the same local network COMMAND USAGE A switch cluster has a p...

Страница 519: ...AGE First be sure that clustering is enabled on the switch the default is disabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with the network IP subnet Cl...

Страница 520: ...e Step list 3 Set the required attributes for a Commander or a managed candidate 4 Click Apply Figure 285 Configuring a Switch Cluster CLUSTER MEMBER CONFIGURATION Use the Administration Cluster Confi...

Страница 521: ...ep list 3 Select Add from the Action list 4 Select one of the cluster candidates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 286 Configuring a Cluster Member...

Страница 522: ...Cluster Show Member page to manage another switch in the cluster CLI REFERENCES Switch Clustering on page 989 PARAMETERS These parameters are displayed Member ID The ID number of the Member switch Ra...

Страница 523: ...h would fatally affect network operation and service availability The G 8032 recommendation also referred to as Ethernet Ring Protection Switching ERPS can be used to increase the availability and rob...

Страница 524: ...31 is received which has a higher priority than any other local request A link node failure is detected by the nodes adjacent to the failure These nodes block the failed link and report the failure to...

Страница 525: ...owner node for ERP1 and ring node E is the RPL owner node for ERP2 These ring nodes A and E are responsible for blocking the traffic channel on the RPL for ERP1 and ERP2 respectively There is no restr...

Страница 526: ...onnectivity among all ring nodes until the failure is recovered 4 Configure ERPS timers Configure Domain Configure Details Set the Guard timer to prevent ring nodes from receiving outdated R APS messa...

Страница 527: ...switch supports up to six ERPS rings each ring must have one Control VLAN and at most 255 Data VLANs Ring ports can not be a member of a trunk nor an LACP enabled port Dynamic VLANs are not supported...

Страница 528: ...tion An ERPS ring containing one Control VLAN and one or more protected Data VLANs must be configured and the global ERPS function enabled on the switch see ERPS Global Configuration on page 527 befor...

Страница 529: ...nk failure has occurred This state will switch to idle state if all the failed links recover Type Shows node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertive recove...

Страница 530: ...ddress is disabled for the R APS Def MAC parameter then the Domain ID will be used in R APS PDUs Admin Status Activates the current ERPS ring Default Disabled Before enabling a ring the global ERPS fu...

Страница 531: ...ed VLAN used for sending and receiving E APS protocol messages Range 1 4094 Configure one control VLAN for each ERPS ring First create the VLAN to be used as the control VLAN see Configuring VLAN Grou...

Страница 532: ...itch is set as the RPL neighbor for an ERPS domain the east ring port is set as the other end of the RPL The east and west connections to the ring must be specified for all ring nodes When this switch...

Страница 533: ...igher priority request the RPL Owner Node initiates reversion by blocking its traffic channel over the RPL transmitting an R APS NR RB message over both ring ports informing the ring that the RPL is b...

Страница 534: ...Owner Node to start the WTB timer b The WTB timer is cancelled if during the WTB period a higher priority request than NR is accepted by the RPL Owner Node or is declared locally at the RPL Owner Nod...

Страница 535: ...t no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another higher priority request is received If the ring node...

Страница 536: ...al port on a secondary ring must be the west port In other words if a domain has two physical ring ports this ring can only be a major ring not a secondary ring or sub domain which can have only one p...

Страница 537: ...l RAPS messages of the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can...

Страница 538: ...ust be configured as 1 If this command is disabled the following strings are used as the node identifier ERPSv1 01 19 A7 00 00 01 ERPSv2 01 19 A7 00 00 Ring ID Propagate TC Enables propagation of topo...

Страница 539: ...It does not use the normal procedure of waiting to receive an R APS NR no request message from nodes adjacent to the recovered link Instead it waits to see if the non standard health check packets loo...

Страница 540: ...ering from an FS or MS command the delay timer must be long enough to receive any latent remote FS or MS commands This delay timer called the WTB timer is defined to be 5 seconds longer than the guard...

Страница 541: ...is allowed transmission reception and forwarding of R APS messages is allowed Unknown The interface is not in a known state Local SF Shows if a signal fault exists on a link to the local node Local FS...

Страница 542: ...eters for a ring 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Configure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanni...

Страница 543: ...et Ring Protection Switching 543 Figure 296 Creating an ERPS Ring To show the configure ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Actio...

Страница 544: ...ommand was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s highest pri...

Страница 545: ...table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS condition and the node at which an FS command was issue...

Страница 546: ...riority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without...

Страница 547: ...teps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remove the forced switch command on the node...

Страница 548: ...ross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messag...

Страница 549: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 299 Single CFM Maintenance Domain The...

Страница 550: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Страница 551: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Страница 552: ...up and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against th...

Страница 553: ...a forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has...

Страница 554: ...g CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cros...

Страница 555: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Страница 556: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Страница 557: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Страница 558: ...IP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 65535 MEP Archive Hold Time The time that data from a missin...

Страница 559: ...thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click Apply Figure 303 Configuring Maintenance Domains To show...

Страница 560: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Страница 561: ...ut If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or...

Страница 562: ...s The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 1 second 5 10 seconds 6 1 minute 7 10 minutes Connectivity Check Enables t...

Страница 563: ...sables suppression of the AIS Default Disabled WEB INTERFACE To create a maintenance association 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4...

Страница 564: ...y from the MD Index list Figure 307 Showing Maintenance Associations To configure detailed settings for maintenance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 S...

Страница 565: ...g order 1 maintenance domain at the same level as the MEP to be configured see Configuring CFM Maintenance Domains 2 maintenance association within the domain see Configuring CFM Maintenance Associati...

Страница 566: ...nk WEB INTERFACE To configure a maintenance end point 1 Click Administration CFM 2 Select Configure MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Inde...

Страница 567: ...ther devices inside a maintenance association should be statically configured to ensure full connectivity through the cross check process Remote MEPs can only be configured if local domain service acc...

Страница 568: ...1 Click Administration CFM 2 Select Configure Remote MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the remote MEPs which exist on othe...

Страница 569: ...been learned for the target MEP LTMs are sent as multicast CFM frames and forwarded from MIP to MIP with each MIP generating a link trace reply up to the point at which the LTM reaches its destination...

Страница 570: ...target of a link trace message This address can be entered in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx TTL The time to live of the link trace message Range 0 255 hops WEB INT...

Страница 571: ...DSAP and the target maintenance point must be within the same MA If the continuity check database does not have an entry for the specified maintenance point an error message will be displayed When usi...

Страница 572: ...k Messages TRANSMITTING DELAY MEASURE REQUESTS Use the Administration CFM Transmit Delay Measure page to send periodic delay measure requests to a specified MEP within a maintenance association CLI RE...

Страница 573: ...erence between two subsequent two way frame delay measurements PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 1 2147483647 Source MEP ID The...

Страница 574: ...identifier or MAC address set the number of times the delay measure message is to be sent the interval and the timeout 5 Click Apply Figure 315 Transmitting Delay Measure Messages DISPLAYING LOCAL MEP...

Страница 575: ...entry either a port or trunk CC Status Shows administrative status of CCMs MAC Address MAC address of this MEP entry WEB INTERFACE To show information for the MEPs configured on this device 1 Click A...

Страница 576: ...ion Shows the defect detected on the MEP Received RDI Receive status of remote defect indication RDI messages on the MEP AIS Status Shows if MEPs within the specified MA are enabled to send frames wit...

Страница 577: ...e discovered by the CFM protocol For a description of MIPs refer to the Command Usage section under Configuring CFM Maintenance Domains CLI REFERENCES show ethernet cfm maintenance points local on pag...

Страница 578: ...or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1579 clear ethernet cfm maintenance poi...

Страница 579: ...gh continuity check messages or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1579 PARAM...

Страница 580: ...n received or no interface status TLV was received in the last CCM Up The interface is ready to pass packets Down The interface cannot pass packets Testing The interface is in some test mode Unknown T...

Страница 581: ...cfm linktrace cache on page 1594 clear ethernet cfm linktrace cache on page 1593 PARAMETERS These parameters are displayed Hops The number hops taken to reach the target MEP MA Maintenance associatio...

Страница 582: ...nabled so the target data frame was filtered by ingress filtering Egress Action Action taken on the egress port EgrOk The targeted data frame was forwarded EgrDown The Egress Port can be identified bu...

Страница 583: ...age 1599 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD Name Maintenance domain name MA Name Maintenance association name Highest Defect The highest defect that w...

Страница 584: ...are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote MA...

Страница 585: ...continuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 323 Showing Continuity Check Errors OAM...

Страница 586: ...terface is not operational Passive Wait This value is returned only by OAM entities in passive mode and indicates the OAM entity is waiting to see if the peer device is OAM capable Active Send Local T...

Страница 587: ...are faults Errored Frame Controls reporting of errored frame link events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reache...

Страница 588: ...se the Administration OAM Counters page to display statistics for the various types of OAM messages passed across each port CLI REFERENCES show efm oam counters interface on page 1610 PARAMETERS These...

Страница 589: ...ND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted...

Страница 590: ...ion Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where tr...

Страница 591: ...1609 COMMAND USAGE You can use this command to perform an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of e...

Страница 592: ...The number of loop back frames transmitted during the last loopback test on this interface Packets Received The number of loop back frames received during the last loopback test on this interface Los...

Страница 593: ...Loop Back Test DISPLAYING RESULTS OF REMOTE LOOP BACK TESTING Use the Administration OAM Remote Loop Back Show Test Result page to display the results of remote loop back testing for each port for whi...

Страница 594: ...area network PTP uses a hierarchical master slave architecture for clock distribution where the distribution system consists of one or more network segments and one or more clocks An ordinary clock ha...

Страница 595: ...boundary clock can have multiple network connections and can accurately bridge synchronization from one network segment to another Setting the switch to boundary mode allows it to participate in the...

Страница 596: ...ge and link delay on the port receiving the Sync message Adjust When this parameter is enabled the switch will adjust the time of the local clock to match that of the master clock based on information...

Страница 597: ...TP clock synchronization domain to which the switch belongs Range 0 255 Default 0 A domain is a set of clocks that synchronize to one another using PTP Multiple independent PTP clocking domains can be...

Страница 598: ...on page 966 ptp log min pdelay request interval on page 969 ptp log min delay request interval on page 969 ptp port release on page 973 COMMAND USAGE When the PTP mode is set to boundary clock under G...

Страница 599: ...of these delay times Transport Sets the message transport method to one of the following options Ethernet PTP messages are transmitted using Ethernet format When using Ethernet as the transport mecha...

Страница 600: ...st master clock algorithm Log Announce Interval Sets the PTP announcement message transmit interval Range 0 4 in log base 2 The log base 2 settings equate to the following values 0 1 packet every seco...

Страница 601: ...This parameter is only applicable for interfaces which are set to use the peer to peer delay mechanism Log Min Delay Req Interval Sets the delay request message transmit interval This parameter indica...

Страница 602: ...lated data CLI REFERENCES show ptp information on page 975 PARAMETERS These parameters are displayed Default Data Two Step Flag Shows if this device is a two step clock A two step clock sends a time s...

Страница 603: ...n Clock Identity A unique 8 octet array based on the IEEE EUI 64 assigned numbers Port Number Port connected to the parent clock This attribute indicates a number from the sequence of ports supporting...

Страница 604: ...ndicates if the frequency determining the time scale is traceable to a primary reference PTP Timescale Indicates if the clock time scale of the grand master clock is PTP Time Source The source of time...

Страница 605: ...nism Time delay measurement method end to end or peer to peer Log Min Pdelay Req Interval Peer delay request message transmit interval Version Number PTP version number 1 or 2 WEB INTERFACE To display...

Страница 606: ...4 Basic Administration Protocols PTP Configuration 606 Figure 333 Displaying PTP Information Current Data Figure 334 Displaying PTP Information Parent Data Figure 335 Displaying PTP Information Time P...

Страница 607: ...tet array based on the IEEE EUI 64 assigned clock identifier numbers and the port number Master Clock Quality The reported clock quality components include Class Clock class defines the clock s Intern...

Страница 608: ...Administration Protocols PTP Configuration 608 WEB INTERFACE To show PTP announcements from neighbors 1 Click Sync PTP 2 Select Show PTP Foreign Master from the Step list Figure 337 Displaying PTP Nei...

Страница 609: ...isolation Multicast VLAN Registration for IPv6 Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation...

Страница 610: ...e ports only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service The purpose of IP multicast filtering...

Страница 611: ...with a multicast routing protocol such as Protocol Independent Multicasting PIM to support IP multicasting across the Internet Note that IGMP neither alters nor routes IP multicast packets A multicas...

Страница 612: ...depending on the version of the IGMP query packets detected on each VLAN NOTE IGMP snooping will not function unless a multicast router port is enabled on the switch This can accomplished in one of t...

Страница 613: ...adcasting the traffic to all ports and possibly disrupting network performance CLI REFERENCES IGMP Snooping on page 1426 COMMAND USAGE IGMP Snooping This switch can passively snoop on IGMP Query and R...

Страница 614: ...means that specific queries are not forwarded from an upstream multicast router to hosts downstream from this device When proxy reporting is disabled all IGMP reports received by the switch are forwa...

Страница 615: ...e spanning tree change occurred When an upstream multicast router receives this solicitation it immediately issues an IGMP general query A query solicitation can be sent whenever the switch notices a...

Страница 616: ...the new upstream interface This command only applies when proxy reporting is enabled Router Port Expire Time The time the switch waits after the previous querier stops before it considers it to have...

Страница 617: ...the switch the interface and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to a...

Страница 618: ...ping Multicast Router 2 Select Add Static Multicast Router from the Action list 3 Select the VLAN which will forward all the corresponding multicast traffic and select the port or trunk attached to th...

Страница 619: ...the VLAN for which to display this information Ports in the selected VLAN which are attached to a neighboring multicast router switch are displayed Figure 343 Showing Current Interfaces Attached an I...

Страница 620: ...ce Range 1 4094 Interface Activates the Port or Trunk scroll down list Port or Trunk Specifies the interface assigned to a multicast group Multicast IP The IP address for a specific multicast service...

Страница 621: ...been many mechanisms used in the past to identify multicast routers This has lead to interoperability issues between multicast routers and snooping switches from different vendors In response to this...

Страница 622: ...d Upon receiving a solicitation on an interface with IP multicast forwarding and MRD enabled a router will respond with an Advertisement Multicast Router Termination These messages are sent when a rou...

Страница 623: ...vice if a leave packet is received at that port and immediate leave is enabled for the parent VLAN Default Disabled If immediate leave is not used a multicast router or querier will send a group speci...

Страница 624: ...hen this message is received by downstream hosts all receivers build an IGMP report for the multicast groups they have joined This attribute applies when the switch is serving as the querier page 613...

Страница 625: ...sending traffic to them To resolve this problem the source address in proxied IGMP query messages can be replaced with any valid unicast address other than the router s own address Rules Used for Pro...

Страница 626: ...y for IPv4 626 Figure 346 Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping 1 Click Multicast IGMP Snooping Interface 2 Select Show VLAN Information from the Action...

Страница 627: ...query packets received on the specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Multicast Data Drop Configures a...

Страница 628: ...at is forwarding traffic to downstream ports for the specified multicast group address Group Address IP multicast group address with subscribers directly attached or downstream from the switch or a st...

Страница 629: ...display IGMP snooping protocol related statistics for the specified interface CLI REFERENCES show ip igmp snooping statistics on page 1444 PARAMETERS These parameters are displayed VLAN VLAN identifie...

Страница 630: ...ry messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query...

Страница 631: ...essages 1 Click Multicast IGMP Snooping Statistics 2 Select Show Query Statistics from the Action list 3 Select a VLAN Figure 350 Displaying IGMP Snooping Statistics Query To display IGMP snooping pro...

Страница 632: ...igure 351 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Act...

Страница 633: ...oup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a p...

Страница 634: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Страница 635: ...and set its access mode 5 Click Apply Figure 354 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step li...

Страница 636: ...list 4 Select the profile for which to display this information Figure 357 Showing the Groups Assigned to an IGMP Filtering Profile CONFIGURING IGMP FILTERING AND THROTTLING FOR INTERFACES Use the Mu...

Страница 637: ...ulticast Groups Sets the maximum number of multicast groups an interface can join at the same time Range 1 1024 Default 1024 Current Multicast Groups Displays the current multicast groups the interfac...

Страница 638: ...nd report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time CONFIGURING MLD SNO...

Страница 639: ...e multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10 seconds This attribute controls how long the host...

Страница 640: ...d immediate leave is enabled for the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave mess...

Страница 641: ...REFERENCES ipv6 mld snooping vlan mrouter on page 1474 COMMAND USAGE MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 638 before a multica...

Страница 642: ...Select the VLAN for which to display this information Figure 362 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multicas...

Страница 643: ...corresponding traffic can only be forwarded to ports within that VLAN PARAMETERS These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast service Range 1 4094 Multic...

Страница 644: ...3 Select the VLAN for which to display this information Figure 365 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Страница 645: ...s used to summarize the total listening state of a multicast address to a minimum set such that all nodes listening states are respected In Include mode the router only uses the request list indicatin...

Страница 646: ...or IGMP service requests from multicast clients and dynamically configure the switch ports which need to forward multicast traffic IGMP Query Multicast query is used to poll each known multicast group...

Страница 647: ...vice to learn multicast requirements from its downstream interfaces and proxy this group membership information to the upstream router Multicast packets can then be forwarded downstream based solely u...

Страница 648: ...ultiple sources a more robust failover mechanism should be used If more than one administrative domain is involved a multicast routing protocol should be used instead of IGMP proxy To enable IGMP prox...

Страница 649: ...roxy service is enabled Only one upstream interface is supported on the system A maximum of 1024 multicast entries are supported PARAMETERS These parameters are displayed VLAN VLAN interface on which...

Страница 650: ...st router to ensure that it will continue to receive the multicast service The parameters described in this section are used to control Layer 3 IGMP and query functions NOTE IGMP Protocol Status shoul...

Страница 651: ...es Range 0 255 tenths of a second Default 10 seconds IGMPv1 does not support a configurable maximum response time for query messages It is fixed at 10 seconds for IGMPv1 By varying the Query Maximum R...

Страница 652: ...rce specific multicast SSM address range default 232 8 is specified but no source address is included the request to join the multicast group will fail unless the next node up the reverse path tree ha...

Страница 653: ...server transmitting traffic to the specified multicast group address WEB INTERFACE To configure static IGMP groups 1 Click Multicast IGMP Static Group 2 Select Add from the Action list 3 Select a VLA...

Страница 654: ...650 and multicast routing must be enabled globally on the system see Configuring Global Settings for Multicast Routing on page 828 CLI REFERENCES show ip igmp groups on page 1520 PARAMETERS These para...

Страница 655: ...ry was created Depending on the elapsed time information may displayed for w weeks d days h hours m minutes or s seconds Group Mode In INCLUDE mode reception of packets sent to the specified multicast...

Страница 656: ...3 Select a VLAN The selected entry must be a configured IP interface Figure 373 Displaying Multicast Groups Learned from IGMP Information To display detailed information about the current multicast g...

Страница 657: ...VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN users in different IEEE 802 1Q or private VLANs cannot exchange any i...

Страница 658: ...port acts as an MVR router with querier service enabled Default Enabled When MVR proxy switching is enabled an MVR source port serves as the upstream or host interface and the MVR receiver port serves...

Страница 659: ...uery interval at which active receiver ports send out general queries This interval is only effective when proxy switching is enabled Source Port Mode Configures the switch to forward any multicast st...

Страница 660: ...r IPv4 on page 1478 PARAMETERS These parameters are displayed Domain ID An independent multicast domain Range 1 5 MVR Status When MVR is enabled on the switch any multicast data associated with an MVR...

Страница 661: ...ce or to set a low priority for normal multicast traffic not sensitive to latency Upstream Source IP The source IP address assigned to all MVR control packets sent upstream on the specified domain By...

Страница 662: ...0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x IGMP snooping and MVR share a maximum number of 1024...

Страница 663: ...list 4 Enter the name of a group profile to be assigned to one or more domains and specify a multicast group that will stream traffic to participating hosts 5 Click Apply Figure 378 Configuring an MVR...

Страница 664: ...the Action list 4 Select a domain from the scroll down list and enter the name of a group profile 5 Click Apply Figure 380 Assigning an MVR Group Address Profile to a Domain To show the MVR group add...

Страница 665: ...a member of the MVR VLAN If so configured its MVR status will be inactive One or more interfaces may be configured as MVR source ports A source port is able to both receive and send data for configure...

Страница 666: ...ces on page 667 Non MVR An interface that does not participate in the MVR VLAN This is the default type Forwarding Status Shows if MVR traffic is being forwarded or discarded MVR Status Shows the MVR...

Страница 667: ...m 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Only IGMP version 2 or 3 hosts can issue multic...

Страница 668: ...a VLAN and interface to receive the multicast stream and then enter the multicast group address 6 Click Apply Figure 383 Assigning Static MVR Groups to a Port To show the static MVR groups assigned to...

Страница 669: ...the service is received Note that this may be different from the MVR VLAN if the group address has been statically assigned Port Shows the interfaces with subscribers for multicast services provided...

Страница 670: ...time after which this querier is assumed to have expired General Query Received The number of general queries received on this interface General Query Sent The number of general queries sent from thi...

Страница 671: ...t content not allowed or MVR group report received Join Success The number of times a multicast group was successfully joined Group The number of MVR groups active on this interface Output Statistics...

Страница 672: ...r IPv4 672 WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Страница 673: ...IPv4 673 To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR dom...

Страница 674: ...r similar to that described for MRV see Multicast VLAN Registration for IPv4 on page 657 COMMAND USAGE General Configuration Guidelines for MVR6 1 Enable MVR6 for a domain on the switch and select the...

Страница 675: ...uter interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be configured on...

Страница 676: ...efault the switch forwards any multicast streams within the address range set by a profile and bound to a domain The multicast streams are sent to all source ports on the switch and to all receiver po...

Страница 677: ...the channel for streaming multicast services using MVR6 MVR6 source ports should be configured as members of the MVR6 VLAN see Adding Static Members to VLANs on page 231 but MVR6 receiver ports should...

Страница 678: ...eros required to fill the undefined fields Note that the IP address ff02 X is reserved WEB INTERFACE To configure settings for an MVR6 domain 1 Click Multicast MVR6 2 Select Configure Domain from the...

Страница 679: ...nge assigned to a profile cannot overlap with the group address range of any other profile MRV6 domains can be associated with more than one MVR6 profile But since MVR6 domains cannot share the group...

Страница 680: ...p Address Profile To show the configured MVR6 group address profiles 1 Click Multicast MVR6 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure 392 Displaying MVR6...

Страница 681: ...d to an interface is receiving multicast services you can enable the immediate leave function CLI REFERENCES MVR for IPv6 on page 1496 COMMAND USAGE A port configured as an MVR6 receiver or source por...

Страница 682: ...determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only be enabled on a...

Страница 683: ...h to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group This option only applies to an interface configured as an MVR6 receiver WEB INTERFACE...

Страница 684: ...te the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 VLAN cannot be specified as the receiver VLAN for static bindings PARAMETE...

Страница 685: ...5 Select the port or trunk for which to display this information Figure 397 Showing the Static MVR6 Groups Assigned to a Port DISPLAYING MVR6 RECEIVER GROUPS Use the Multicast MVR6 Show Member page t...

Страница 686: ...been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active or new clients Count The number of multicast services currently being...

Страница 687: ...e Number of Reports Sent The number of reports sent from this interface Number of Leaves Sent The number of leaves sent from this interface VLAN Port and Trunk Statistics Input Statistics Report The n...

Страница 688: ...The number of general query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface WEB INTERFACE To display sta...

Страница 689: ...Pv6 689 To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR6 do...

Страница 690: ...Pv6 690 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 do...

Страница 691: ...etwork or for creating an interface to multiple subnets This switch supports both IPv4 and IPv6 and can be managed through either of these address types For information on configuring the switch with...

Страница 692: ...tion User Specified Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broad...

Страница 693: ...ss has yet been configured for this interface and then enter the IP address and subnet mask 4 Click Apply Figure 402 Configuring a Static IPv4 Address To obtain an dynamic IPv4 address through DHCP BO...

Страница 694: ...itch address Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network segment you will lose mana...

Страница 695: ...Pv6 includes two distinct address types link local unicast and global unicast A link local address makes the switch accessible over IPv6 for all devices attached to the same local subnet Management tr...

Страница 696: ...enabled page 769 you can still define a static route page 753 to ensure that traffic to the designated address or subnet passes through a preferred gateway An IPv6 default gateway can only be success...

Страница 697: ...duplicate address exists on the same network segment and the interval between neighbor solicitations used to verify reachability information PARAMETERS These parameters are displayed VLAN Mode VLAN ID...

Страница 698: ...duplicate address detection for all unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a t...

Страница 699: ...rmation that enables nodes to auto configure on the network This information may include the default router address taken from the observed source address of the RA message as well as on link prefix i...

Страница 700: ...t Configure Interface from the Action list 3 Select RA Guard mode 4 Enable RA Guard for untrusted interfaces 5 Click Apply Figure 407 Configuring RA Guard for an IPv6 Interface CONFIGURING AN IPV6 ADD...

Страница 701: ...etwork prefix and prefix length and using the EUI 64 form of the interface identifier to automatically create the low order 64 bits in the host portion of the address You can also manually configure t...

Страница 702: ...ce s MAC address The EUI 64 specification is designed for devices that use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also known as EUI 48 format it must be convert...

Страница 703: ...tation can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4094 IPv6 Address Type The address type Global EUI 64 Link Local IPv6 Address An IPv...

Страница 704: ...lticast address which is formed by taking the low order 24 bits of the address and appending those bits to the prefix Note that the solicited node multicast address link local scope FF02 is used to re...

Страница 705: ...ableTime interval that the forward path to the neighbor was functioning While in Reachable state the device takes no special action when sending packets Stale More than the ReachableTime interval has...

Страница 706: ...ry for transmission through small packet networks ICMPv6 Internet Control Message Protocol for Version 6 addresses is a network layer protocol that transmits message packets to report errors in proces...

Страница 707: ...ce for some of the datagrams Truncated Packets The number of input datagrams discarded because datagram frame didn t carry enough data Discards The number of input IPv6 datagrams for which no problems...

Страница 708: ...ssfully fragmented at this output interface Fragment Failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not be ICMPv6...

Страница 709: ...interface Parameter Problem Message The number of ICMP Parameter Problem messages sent by the interface Echo Request Messages The number of ICMP Echo request messages sent by the interface Echo Reply...

Страница 710: ...wing IPv6 Statistics IPv6 No Port Errors The total number of received UDP datagrams for which there was no application at the destination port Other Errors The number of received UDP datagrams that co...

Страница 711: ...CHAPTER 16 IP Configuration Setting the Switch s IP Address IP Version 6 711 Figure 412 Showing IPv6 Statistics ICMPv6 Figure 413 Showing IPv6 Statistics UDP...

Страница 712: ...1674 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure 414 Showing Reporte...

Страница 713: ...thentication messages between a client and broadband remote access servers DOMAIN NAME SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or b...

Страница 714: ...main name Range 1 127 alphanumeric characters WEB INTERFACE To configure general settings for DNS 1 Click IP Service DNS 2 Select Configure Global from the Action list 3 Enable domain lookup and set t...

Страница 715: ...ecified the switch will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a match see Configuring a List of Name Ser...

Страница 716: ...p status see Configuring General DNS Service Parameters on page 713 When more than one name server is specified the servers are queried in the specified sequence until a response is received or the en...

Страница 717: ...st Table Add page to manually configure static entries in the DNS table that are used to map domain names to IP addresses CLI REFERENCES ip host on page 1618 show hosts on page 1622 COMMAND USAGE Stat...

Страница 718: ...1 Click IP Service DNS Static Host Table 2 Select Show from the Action list Figure 421 Showing Static Entries in the DNS Table DISPLAYING THE DNS CACHE Use the IP Service DNS Cache page to display en...

Страница 719: ...e DNS Cache DYNAMIC HOST CONFIGURATION PROTOCOL Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they boot up...

Страница 720: ...DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter request list asking for this information Besides the client req...

Страница 721: ...ue is used enter a text string or hexadecimal value 3 Click Apply Figure 423 Specifying A DHCP Client Identifier CONFIGURING DHCP RELAY SERVICE Use the IP Service DHCP Relay page to configure DHCP rel...

Страница 722: ...ration will be disabled if an active DHCP server is detected on the same network segment PARAMETERS These parameters are displayed VLAN ID ID of configured VLAN Server IP Address Addresses of DHCP ser...

Страница 723: ...be assigned to hosts based on the client identifier code or MAC address Figure 426 DHCP Server COMMAND USAGE First configure any excluded addresses including the address for this switch Then configure...

Страница 724: ...ct Configure Global from the Step list 3 Mark the Enabled box 4 Click Apply Figure 427 Enabling the DHCP Server SETTING EXCLUDED ADDRESSES Use the IP Service DHCP Server Configure Excluded Addresses A...

Страница 725: ...2 Select Configure Excluded Addresses from the Step list 3 Select Add from the Action list 4 Enter a single address or an address range 5 Click Apply Figure 428 Configuring Excluded Addresses on the...

Страница 726: ...nterface through which the client request was received It then searches for a manually configured host address that falls within the matching network pool If no manually configured host address is fou...

Страница 727: ...ould be on the same subnet as the client DNS Server The IP address of the primary and alternate DNS server DNS servers must be configured for a DHCP client to map host names to IP addresses Netbios Se...

Страница 728: ...r Host 5 Enter the IP address and subnet mask for a network pool or host If configuring a static binding for a host enter the client identifier or hardware address for the host device Configure the op...

Страница 729: ...Figure 431 Configuring DHCP Server Address Pools Host To show the configured DHCP address pools 1 Click IP Service DHCP Server 2 Select Configure Pool from the Step list 3 Select Show from the Action...

Страница 730: ...ents 1 Click IP Service DHCP Server 2 Select Show IP Binding from the Step list Figure 433 Shows Addresses Assigned by the DHCP Server FORWARDING UDP SERVICE REQUESTS This section describes how this s...

Страница 731: ...UDP HELPER Use the IP Service UDP Helper General page to enable the UDP helper globally on the switch CLI REFERENCES ip helper on page 1660 PARAMETERS These parameters are displayed UDP Helper Status...

Страница 732: ...Service port 53 IEN 116 Name Service port 42 NetBIOS Datagram Server port 138 NetBIOS Name Server port 137 NTP port 37 TACACS service port 49 TFTP port 69 WEB INTERFACE To specify UDP destination por...

Страница 733: ...specified in the IP Service UDP Helper Forwarding page and the packets meet the following criteria The MAC address of the received frame must be the all ones broadcast address ffff ffff ffff The IP d...

Страница 734: ...rver or subnet for forwarding UDP request packets 1 Click IP Service UDP Helper Address 2 Select Add from the Action list 3 Enter the address of the remote server or subnet where UDP request packets a...

Страница 735: ...Configure Interface page The BRAS detects the presence of the subscriber s circuit ID tag inserted by the switch during the PPPoE discovery phase and sends this tag as a NAS port ID attribute in PPP...

Страница 736: ...PoE Intermediate Agent Configure Interface page to enable PPPoE IA on an interface set trust status enable vendor tag stripping and set the circuit ID and remote ID CLI REFERENCES PPPoE Intermediate A...

Страница 737: ...identifier using the PPPoE Vendor Specific tag 0x0105 to PPPoE Active Discovery Initiation PADI and Request PADR packets The switch then forwards these packets to the PPPoE server The tag contains th...

Страница 738: ...runk selection Received Received PPPoE active discovery messages All All PPPoE active discovery message types PADI PPPoE Active Discovery Initiation messages PADO PPPoE Active Discovery Offer messages...

Страница 739: ...e Agent 739 WEB INTERFACE To show statistics for PPPoE IA protocol messages 1 Click IP Service PPPoE Intermediate Agent 2 Select Show Statistics from the Step list 3 Select Port or Trunk interface typ...

Страница 740: ...CHAPTER 17 IP Services Configuring the PPPoE Intermediate Agent 740...

Страница 741: ...this switch acts as a wire speed router passing traffic between VLANs with different IP interfaces and routing traffic to external IP networks However when the switch is first booted default routing...

Страница 742: ...orward packets for both Layer 2 and Layer 3 as well as traditional routing These functions include Layer 2 forwarding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing...

Страница 743: ...packet follows the Layer 3 routing process The destination IP address is checked against the Layer 3 address table If the address is not already there the switch broadcasts an ARP packet to all the p...

Страница 744: ...h the network prefix number to which the router interface is attached and the router s host number on that network In other words a router interface address defines the network segment that is connect...

Страница 745: ...RAMETERS These parameters are displayed Host Name IP Address IPv4 IPv6 address or alias of the host Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 14...

Страница 746: ...se the IP General Trace Route page to show the route packets take to the specified destination CLI REFERENCES traceroute on page 1653 PARAMETERS These parameters are displayed Destination IP Address I...

Страница 747: ...unreachable message If the timer goes off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long sequence of these messages terminating...

Страница 748: ...ntains the following fields similar to that shown in this example When devices receive this request they discard it if their address does not match the destination IP address in the message However if...

Страница 749: ...uter may tie up resources by repeating ARP requests for addresses recently flushed from the table When a ARP entry expires it is deleted from the cache and an ARP request packet is sent to re establis...

Страница 750: ...ts and other routers on local network interfaces defined on this router You can define up to 128 static entries in the ARP cache A static entry may need to be used if there is no response to an ARP br...

Страница 751: ...ing physical address in the ARP cache using the web interface 1 Click IP ARP 2 Select Configure Static Address from the Step List 3 Select Add from the Action List 4 Enter the IP address and the corre...

Страница 752: ...cast addresses However most entries will be dynamically learned through replies to broadcast messages CLI REFERENCES show arp on page 1658 WEB INTERFACE To display all dynamic entries in the ARP cache...

Страница 753: ...rk segments using dynamic routing protocols i e RIP OSPF BGP However you can also manually enter static routes in the routing table using the IP Routing Static Routes Add page Static routes may be req...

Страница 754: ...es are included in RIP and OSPF updates periodically sent by the router if this feature is enabled see page 779 or 807 respectively PARAMETERS These parameters are displayed Destination IP Address IP...

Страница 755: ...of these methods the priority for route selection is local static and then dynamic except when the distance parameter of a dynamic route is set to a value that makes its priority exceed that of a sta...

Страница 756: ...ectly reach the next hop so the VLAN interface associated with any dynamic or static route entry must be up Note that routes currently not accessible for forwarding may still be displayed by using the...

Страница 757: ...F entries not both Normal unicast routing simply selects the path to the destination that has the lowest cost Multipath routing still selects the path with the lowest cost but can forward traffic over...

Страница 758: ...f the multiple paths Because the hash algorithm is calculated based upon the packet header information which can identify specific traffic flows this technique minimizes the number of times a path is...

Страница 759: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Страница 760: ...has a higher priority than the currently active master router CLI REFERENCES VRRP Commands on page 1713 COMMAND USAGE Address Assignment To designate a specific router as the VRRP master the IP addre...

Страница 761: ...ority of the virtual IP address Owner is the highest the original master router will always become the active master router when it recovers If two or more routers are configured with the same VRRP pr...

Страница 762: ...rmation about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 8 Using a multicast address reduces the amount of traffic that has to be proces...

Страница 763: ...n the group its authentication string is compared to the string configured on this router If the strings match the message is accepted Otherwise the packet is discarded State VRRP router role Values M...

Страница 764: ...ure Group ID from the Step List 3 Select Show from the Action List Figure 460 Showing Configured VRRP Groups To configure the virtual router address for a VRRP group 1 Click IP VRRP 2 Select Configure...

Страница 765: ...om the Step List 3 Select Show IP Addresses from the Action List 4 Select a VLAN and a VRRP group identifier Figure 462 Showing the Virtual Addresses Assigned to VRRP Groups To configure detailed sett...

Страница 766: ...ETERS These parameters are displayed VRRP Packets with Invalid Checksum The total number of VRRP packets received with an invalid VRRP checksum value VRRP Packets with Unknown Error The total number o...

Страница 767: ...sement Packets Number of VRRP advertisements received by this router Received Error Advertisement Interval Packets Number of VRRP advertisements received for which the advertisement interval is differ...

Страница 768: ...lue in the type field Received Error Address List VRRP Packets Number of packets received for which the address list does not match the locally configured list for the virtual router Received Invalid...

Страница 769: ...te of transmission cost Each router broadcasts its advertisement every 30 seconds together with any updates to its routing table This allows all routers on the network to learn consistent tables of ne...

Страница 770: ...ds to prevent loops from occurring Split horizon Never propagate routes back to an interface port from which they have been acquired Poison reverse Propagate routes back to an interface port from whic...

Страница 771: ...rk every 30 seconds by default and updates its own routing table when RIP messages are received from other routers To communicate properly with other routers using RIP you need to specify the RIP vers...

Страница 772: ...efault metric does not override the metric value set in the Redistribute screen see Configuring Route Redistribution on page 779 When a metric value has not been configured in the Redistribute screen...

Страница 773: ...k configuration Timeout Sets the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unr...

Страница 774: ...ting the entire RIP network redistribute connected routes using the Routing Protocol RIP Redistribute screen page 779 to make the RIP network a connected route To delete the RIP routes learned from ne...

Страница 775: ...l 2 Select Clear Route from the Action list 3 When clearing routes by type select the required type from the drop down list When clearing routes by network enter a valid network address and prefix len...

Страница 776: ...rk portion of the address This mask identifies the network address bits used for the associated routing entries By VLAN Adds a Layer 3 VLAN to the RIP routing process The VLAN must be configured with...

Страница 777: ...locked on an interface the attached subnet will still continue to be advertised to other interfaces and updates from other routers on the specified interface will continue to be received and processed...

Страница 778: ...rmation with a static neighbor specifically for point to point links rather than relying on broadcast or multicast messages generated by the RIP protocol This feature can be used in conjunction with t...

Страница 779: ...e the Routing Protocol RIP Redistribute Add page to import external routing information from other routing domains that is directly connected routes protocols or static routes into this autonomous sys...

Страница 780: ...ed to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follow an imported route the maximum number of hops allowed with...

Страница 781: ...is applied to all routes learned for the specified network PARAMETERS These parameters are displayed Distance Administrative distance for external routes External routes are routes for which the best...

Страница 782: ...ttings and the loopback prevention method for each interface that participates in the RIP routing process CLI REFERENCES ip rip receive version on page 1744 ip rip send version on page 1745 ip rip aut...

Страница 783: ...le when only static routes are to be allowed for a specific interface Protocol Message Authentication RIPv1 is not a secure protocol Any device sending protocol messages from UDP port 520 will be cons...

Страница 784: ...2 packets RIPv1 and RIPv2 Accepts RIPv1 and RIPv2 packets Do Not Receive Does not accept incoming RIP packets This option does not add any dynamic entries to the routing table for an interface The def...

Страница 785: ...thod propagates routes back to an interface from which they have been acquired but sets the distance vector metrics to infinity This provides faster convergence This is the default setting None No loo...

Страница 786: ...ings CLI REFERENCES show ip rip on page 1749 PARAMETERS These parameters are displayed Interface Source IP address of RIP router interface Auth Type The type of authentication used for exchanging RIPv...

Страница 787: ...parameters are displayed Peer Address IP address of a neighboring RIP router Update Time Last time a route update was received from this peer Version Shows whether RIPv1 or RIPv2 packets were received...

Страница 788: ...for large area networks which experience frequent changes in the links It also handles subnets much better than RIP OSPF protocol actively tests the status of each link to its neighbors to generate a...

Страница 789: ...protocol message authentication and the addition of a point to multipoint interface which allows OSPF to run over non broadcast networks as well as support for overlapping area ranges When using OSPF...

Страница 790: ...d areas and external links to other areas Use the Routing Protocol OSPF Network Area Add page to define an OSPF area and the interfaces that operate within this area An autonomous system must be confi...

Страница 791: ...and the corresponding address range forms a routing interface and can be configured to aggregate LSAs from all of its subnetwork addresses and exchange this information with other routers in the netwo...

Страница 792: ...at is contiguous with all the other areas in the network and configure an area for all of the other OSPF interfaces 4 Click Apply Figure 486 Defining OSPF Network Areas Based on Addresses To to show t...

Страница 793: ...e using the same RFC for calculating summary route costs Enable this field to force the router to calculate summary route costs using RFC 1583 Default Disabled When RFC 1583 compatibility is enabled o...

Страница 794: ...orted from other protocols Range 0 16777214 Default 20 A default metric must be used to resolve the problem of redistributing external routes from other protocols that use incompatible metrics This de...

Страница 795: ...advertisements add the internal cost to the external route metric Type 2 routes do not add the internal cost metric When comparing Type 2 routes the internal cost is only used as a tie breaker if seve...

Страница 796: ...iption Router ID Type Indicates if the router ID was manually configured or automatically generated by the system Rx LSAs The number of link state advertisements that have been received Originate LSAs...

Страница 797: ...a separate routing database for each area ASBR Status Autonomous System Boundary Router Indicates if this router exchanges routing information with boundary routers in other autonomous systems to whic...

Страница 798: ...twork Area Add page Range 1 65535 Area ID Identifier for a not so stubby area NSSA or stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 42949672...

Страница 799: ...BR An NSSA is similar to a stub It blocks most external routing information and can be configured to advertise a single default route for traffic passing between the NSSA and other areas within the au...

Страница 800: ...ed into its own area and then leaked to adjacent areas Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned through OSPF the default route static r...

Страница 801: ...R it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using this option Metric Type Type 1 or Type 2 external routes Wh...

Страница 802: ...icantly reduce the amount of topology data that has to be exchanged over the network Figure 496 OSPF Stub Area By default a stub can only pass traffic to other areas in the autonomous system through t...

Страница 803: ...ummary Controls the use of summary routes Summary Allows an Area Border Router ABR to send a summary link advertisement into the stub area No Summary Stops an ABR from sending a summary link advertise...

Страница 804: ...e 790 Area ID Identifier for a not so stubby area NSSA or stub SPF Runs The number of times the Shortest Path First algorithm has been run for this area ABR Count The number of Area Border Routers att...

Страница 805: ...Route Summarization for ABRs CLI REFERENCES router ospf on page 1751 area range on page 1757 COMMAND USAGE Use the Area Range configuration page to summarize intra area routes and advertise this info...

Страница 806: ...or not to advertise the summary route If the routes are set to be advertised the router will issue a Type 3 summary LSA for each specified address range If the summary is not advertised the specified...

Страница 807: ...outer supports redistribution for all currently connected routes entries learned through RIP and static routes When you redistribute external routes into an OSPF autonomous system AS the router automa...

Страница 808: ...signed to all external routes for the specified protocol Range 1 65535 Default 10 The metric value specified for redistributed routes supersedes the Default External Metric specified in the Routing Pr...

Страница 809: ...ute individually in an external LSA as described in the preceding section The reduce the number of protocol messages required to redistribute these external routes an Autonomous System Boundary Router...

Страница 810: ...es for advertising into the local domain To summarize routes sent between OSPF areas use the Area Range Configuration screen page 805 This router supports up 20 Type 5 summary routes PARAMETERS These...

Страница 811: ...n page to assign an interface address range to an OSPF area After assigning a routing interface to an OSPF area use the Routing Protocol OSPF Interface Configure by VLAN or Configure by Address page t...

Страница 812: ...o prevent a router from being elected as a DR or BDR If set to any value other than zero the router with the highest priority becomes the DR and the router with the next highest priority becomes the B...

Страница 813: ...d trip delay between any two routers on the attached network to avoid unnecessary retransmissions Authentication Type Specifies the authentication type used for an interface Options None Simple MD5 De...

Страница 814: ...Normally only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming packets Neighbor routers must use the same key identifier and key v...

Страница 815: ...E To configure OSPF interface for all areas assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by VLAN from the Action list 3 Specify the VLAN ID and configure the required...

Страница 816: ...for a specific area assigned to a VLAN 1 Click Routing Protocol OSPF Interface 2 Select Configure by Address from the Action list 3 Specify the VLAN ID enter the address assigned to an area and confi...

Страница 817: ...thentication Keys CONFIGURING VIRTUAL LINKS Use the Routing Protocol OSPF Virtual Link Add and Configure Detailed Settings pages to configure a virtual link from an area that does not have a direct ph...

Страница 818: ...ospf on page 1751 area virtual link on page 1765 COMMAND USAGE Use the Add page to create a virtual link and then use the Configure Detailed Settings page to set the protocol timers and authentication...

Страница 819: ...virtual link 1 Click Routing Protocol OSPF Virtual Link 2 Select Add from the Action list 3 Specify the process ID the Area ID and Neighbor router ID 4 Click Apply Figure 512 Adding a Virtual Link To...

Страница 820: ...N Use the Routing Protocol OSPF Information LSDB page to show the Link State Advertisements LSAs sent by OSPF routers advertising routes The full collection of LSAs collected by a router interface fro...

Страница 821: ...NSSA External Type 7 An ASBR within an NSSA generates an NSSA external link state advertisement for each known network destination outside the AS CLI REFERENCES show ip ospf database on page 1780 PAR...

Страница 822: ...um of the complete contents of the LSA WEB INTERFACE To display information in the link state database 1 Click Routing Protocol OSPF Information 2 Click LSDB 3 Select the process identifier 4 Specify...

Страница 823: ...Down Connection down Attempt Connection down but attempting contact non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications e...

Страница 824: ...CHAPTER 20 Unicast Routing Configuring the Open Shortest Path First Protocol Version 2 824 3 Select the process identifier Figure 517 Displaying Neighbor Routers Stored in the Link State Database...

Страница 825: ...is designed for networks where the probability of multicast group members is high such as a local network PIM SM is designed for networks where the probability of multicast group members is low such...

Страница 826: ...a Reverse Path Tree RPT that channels the multicast traffic from each source through a single Rendezvous Point RP within the local PIM SM domain and then forwards this traffic to the Designated Router...

Страница 827: ...ters along the RP Tree are replicated wherever the RP Tree branches and eventually reach all the receivers for that multicast group Because all routers along the shared tree are using PIM SM the multi...

Страница 828: ...erface but both PIMv4 and PIMv6 can be enabled on the same interface ENABLING MULTICAST ROUTING GLOBALLY Use the Multicast Multicast Routing General page or the Multicast IPv6 Multicast Routing Genera...

Страница 829: ...s processed multicast traffic from any particular source listed in the table It uses these routes to forward multicast traffic only if group members appear on directly attached subnetworks or on subne...

Страница 830: ...s IP group address for a multicast service Source Address Subnetwork containing the IP multicast source Source Mask Network mask for the IP multicast source Upstream Neighbor The multicast router RPF...

Страница 831: ...ream interface indicate Forward Traffic received from the upstream interface is being forwarded to this interface Local Downstream interface has received IGMP report message from host in this subnet P...

Страница 832: ...uting table 1 Click Multicast IPv6 Multicast Routing Information 2 Select Show Summary from the Action List Figure 522 Displaying the IPv6 Multicast Routing Table To display detailed information on a...

Страница 833: ...er CLI REFERENCES router pim on page 1928 COMMAND USAGE This feature enables PIM DM and PIM SM globally for the router You also need to enable PIM DM or PIM SM for each interface that will support mul...

Страница 834: ...etermine the presence of multicast group members The main difference is that it uses the router s unicast routing table to determine if the interface through which a packet is received provides the sh...

Страница 835: ...message and then sets its Hello timer to the configured value If a router does not hear from a neighbor for the period specified by the Hello Holdtime that neighbor is dropped This hold time is inclu...

Страница 836: ...mbers which want to continue receiving the flow referenced in a LAN prune delay message then the override interval represents the time required for the downstream router to process the message and the...

Страница 837: ...nges sources joining or leaving a multicast group before the default three minute state timeout expires This command is only effectively for interfaces of first hop PIM DM routers that are directly co...

Страница 838: ...particular source forwards this traffic only to those interfaces on the router that have requests to join this group When there are no longer any requesting groups on that interface the leaf node send...

Страница 839: ...Neighbor page to display all neighboring PIM routers CLI REFERENCES show ip pim neighbor on page 1936 PARAMETERS These parameters are displayed Address IP address of the next hop router VLAN VLAN tha...

Страница 840: ...seconds in which register messages are sent from bursty sources Register Source Configures the IP source address of a register message to an address other than the outgoing interface address of the D...

Страница 841: ...electing Reset to force the router to use the shared tree for all multicast groups or just for the specified multicast groups This is the default setting Group Address An IP multicast group address If...

Страница 842: ...It is also preferable to set up one of these routers as both the primary BSR and RP PARAMETERS These parameters are displayed BSR Candidate Status Configures the switch as a Bootstrap Router BSR candi...

Страница 843: ...e router will act as an RP for all multicast groups in the local PIM SM domain if no groups are specified A static RP can either be configured for the whole multicast group range 224 4 or for specific...

Страница 844: ...be an RP for the specified multicast group s Group Address An IP multicast group address If a group address is not specified the RP is used for all multicast groups Group Mask Subnet mask that is use...

Страница 845: ...ter that receives the list of RP candidates from the BSR also elects an active RP for each group range using the same election process The election process for each group is based on the following cri...

Страница 846: ...ity to zero means that this router is not eligible to server as the RP Range 0 255 Default 0 Group Address An IP multicast group address If not defined the default address is 224 0 0 0 4 or the entire...

Страница 847: ...ion about the bootstrap router BSR CLI REFERENCES show ip pim bsr router on page 1947 PARAMETERS These parameters are displayed IP Address IP address of interface configured as the BSR Uptime The time...

Страница 848: ...router is a candidate to be the BSR for the RP set Currently no other router is the preferred BSR but this router is not yet the elected BSR Elected BSR Elected to serve as BSR WEB INTERFACE To displ...

Страница 849: ...Select Show RP Mapping from the Action list Figure 535 Showing PIM RP Mapping CONFIGURING PIMV6 FOR IPV6 This section describes how to configure PIM DM and PIM SM for IPv6 ENABLING PIMV6 GLOBALLY Use...

Страница 850: ...o the selected mode An IPv6 address must first be assigned to the required routing interface before PIMv6 can be configured on this page PIMv6 and MLD proxy cannot be used at the same time When an int...

Страница 851: ...ess assigned to the selected VLAN Hello Holdtime Sets the interval to wait for hello messages from a neighboring PIM router before declaring it dead Note that the hello holdtime should be greater than...

Страница 852: ...ing a prune request Default Disabled When other downstream routers on the same VLAN are notified that this upstream router has received a prune request they must send a Join to override the prune befo...

Страница 853: ...ust respond with an graft acknowledgement message If this acknowledgement message is lost the router that sent the graft message will resend it a number of times as defined by Max Graft Retries Max Gr...

Страница 854: ...t which join prune messages are sent Range 1 65535 seconds Default 60 seconds By default the switch sends join prune messages every 60 seconds to inform other PIM SM routers about clients who want to...

Страница 855: ...CHAPTER 21 Multicast Routing Configuring PIMv6 for IPv6 855 Figure 537 Configuring PIMv6 Interface Settings Dense Mode Figure 538 Configuring PIMv6 Interface Settings Sparse Mode...

Страница 856: ...ending periodic Join Prune messages toward a group specific RP for each group WEB INTERFACE To display neighboring PIMv6 routers 1 Click Routing Protocol PIM6 Neighbor Figure 539 Showing PIMv6 Neighbo...

Страница 857: ...source to a receiver is through the RP However the path through the RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to...

Страница 858: ...ontinue to be the BSR until it receives a bootstrap message from another candidate with a higher priority or a higher IP address if the priorities are the same To improve failover recovery it is advis...

Страница 859: ...igure the switch as a BSR candidate 1 Click Routing Protocol PIM6 PIM6 SM 2 Select BSR Candidate from the Step list 3 Specify the VLAN interface for which this router is bidding to become the BSR the...

Страница 860: ...ver the one statically configured All routers within the same PIM6 SM domain must be configured with the same RP s Selecting an RP through the dynamic election process is therefore preferable for most...

Страница 861: ...GE When this router is configured as an RP candidate it periodically sends PIMv2 messages to the BSR advertising itself as a candidate RP for the specified group addresses The IP address of the design...

Страница 862: ...yed VLAN Identifier of configured VLAN interface Range 1 4094 Interval The interval at which this device advertises itself as an RP candidate Range 60 16383 seconds Default 60 seconds Priority Priorit...

Страница 863: ...RP Candidate DISPLAYING THE PIM6 BSR ROUTER Use the Routing Protocol PIM6 SM Show Information Show BSR Router page to display Information about the bootstrap router BSR CLI REFERENCES show ipv6 pim b...

Страница 864: ...d is using the RP set provided by that BSR Only bootstrap messages from that BSR or from a C BSR with higher weight than the current BSR will be accepted Candidate BSR Bidding in election process Pend...

Страница 865: ...p address RP Address IP address of the RP for the listed multicast group Information Source RP that advertised the mapping how the RP was selected Static or Bootstrap and the priority used in the bidd...

Страница 866: ...CHAPTER 21 Multicast Routing Configuring PIMv6 for IPv6 866...

Страница 867: ...995 Remote Monitoring Commands on page 1017 Flow Sampling Commands on page 1025 Authentication Commands on page 1031 General Security Measures on page 1089 Access Control Lists on page 1163 Interface...

Страница 868: ...page 1407 Multicast Filtering Commands on page 1425 LLDP Commands on page 1537 CFM Commands on page 1561 OAM Commands on page 1603 Domain Name Service Commands on page 1615 DHCP Commands on page 1625...

Страница 869: ...nsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CL...

Страница 870: ...54 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isola...

Страница 871: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Страница 872: ...ch debugging option discard Discard packet dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile...

Страница 873: ...Time range traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users logged in version System hardware and so...

Страница 874: ...tion effect for all applicable commands USING COMMAND HISTORY The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arro...

Страница 875: ...ng the enable command followed by the privileged level password super To enter Privileged Exec mode enter the following user names and passwords Username admin Password admin login password CLI sessio...

Страница 876: ...ation Creates a DiffServ class map for a specified traffic type DHCP Configuration These commands are used to configure the DHCP server ERPS Configuration These commands configure Ethernet Ring Protec...

Страница 877: ...ended access list mac Console config arp acl Console config std acl Console config ext acl Console config std ipv6 acl Console config ext ipv6 acl Console config mac acl 1181 1164 1164 1170 1170 1176...

Страница 878: ...for command line processing Table 56 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current ta...

Страница 879: ...dynamic addresses web authentication MAC address authentication filtering DHCP requests and replies and discarding invalid ARP responses 1089 Access Control List Provides filtering for IPv4 frames bas...

Страница 880: ...icast router also configures multicast VLAN registration and IPv6 MLD snooping 1425 Link Layer Discovery Protocol Configures LLDP settings to enable information discovery about neighbor devices 1537 C...

Страница 881: ...LI Command Groups 881 IPC IGMP Profile Configuration LC Line Configuration MST Multiple Spanning Tree NE Normal Exec PE Privileged Exec PM Policy Map Configuration RC Router Configuration RM Route Map...

Страница 882: ...CHAPTER 22 Using the Command Line Interface CLI Command Groups 882...

Страница 883: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Страница 884: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 885: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 886: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verifi...

Страница 887: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 888: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 885 reload Privileged Exec This command restarts the system NOT...

Страница 889: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 890: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 891: ...ment Manages code image or switch configuration files Line Sets communication parameters for the serial port including baud rate and console time out Event Logging Controls logging of error messages S...

Страница 892: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 61 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Страница 893: ...ted If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Edge Core Networks Responsible de...

Страница 894: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Страница 895: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or ot...

Страница 896: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Страница 897: ...G None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersc...

Страница 898: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Страница 899: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Страница 900: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Страница 901: ...d to display system information Table 62 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show alarm status Shows information for...

Страница 902: ...sed by System 0 Entries Used by User 0 TCAM Utilization 0 0 Console show alarm status This command displays information on predefined alarms i e non configurable and on the link down alarm which is di...

Страница 903: ...are active and another example when both minor and major alarms occur Console show alarm status Unit 1 Asserted Alarm Input NONE Current Major Alarm Status NONE Current Minor Alarm Status NONE Current...

Страница 904: ...ss cpu 1016 show running config This command displays the configuration information currently in use SYNTAX show running config COMMAND MODE Privileged Exec COMMAND USAGE Use this command in conjuncti...

Страница 905: ...rw snmp server enable traps authentication username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0...

Страница 906: ...SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and...

Страница 907: ...k Fan 2 Ok Fan 3 Ok System Temperature Unit 1 Temperature 1 29 degrees Temperature 2 32 degrees Main Power Status Up Redundant Power Status Not present Main Power Type AC100 240V to 12V Module Redunda...

Страница 908: ...and IP address of Telnet client DEFAULT SETTING None COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE The session used to execute this command is indicated by a symbol next to the Line i e sess...

Страница 909: ...sion 13 08 Number of Ports 28 Main Power Status Up Redundant Power Status Not present Role Master Loader Version 1 3 2 3 Linux Kernel Version 2 6 19 2 0 1 Boot ROM Version 0 0 0 1 Operation Code Versi...

Страница 910: ...d SYNTAX no fan speed force full DEFAULT SETTING Normal speed COMMAND MODE Global Configuration EXAMPLE Console config fan speed force full Console config FRAME SIZE This section describes commands us...

Страница 911: ...required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is oper...

Страница 912: ...startup file or the current startup configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the FTP TFTP serv...

Страница 913: ...ROM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAG...

Страница 914: ...figuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certificate Keyword that allows you to copy the HTTPS secure site certifi...

Страница 915: ...ch to use HTTPS for a secure connection see the ip http secure server command When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note th...

Страница 916: ...s example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19 So...

Страница 917: ...word that allows you to delete a file usbdisk Keyword indicating USB memory stick or disk name Keyword indicating a file filename Name of configuration file or code image public key Keyword that allow...

Страница 918: ...le usbdisk System file on a USB memory stick or disk filename Name of configuration file or code image If this file exists but contains errors information on this file cannot be shown DEFAULT SETTING...

Страница 919: ...pressed user config files 2584576 Console umount usbdisk This command prepares the USB memory device to be safely removed from the switch SYNTAX umount usbdisk DEFAULT SETTING None COMMAND MODE Privil...

Страница 920: ...AULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE This command is used to enable or disable automatic upgrade of the operational code When the switch starts up and automatic image...

Страница 921: ...pgrade succeeds Downloading new image Flash programming started Flash programming completed The switch will now restart upgrade opcode path This command specifies an TFTP server and directory in which...

Страница 922: ...omitted a null string will be used for the connection EXAMPLE This shows how to specify a TFTP server where new code is stored Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config T...

Страница 923: ...SSH connections LC authorization exec Applies an authorization method to local console Telnet or SSH connections LC databits Sets the number of data bits per character that are interpreted and genera...

Страница 924: ...AGE Telnet is considered a virtual terminal connection and will be shown as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet conn...

Страница 925: ...nput from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character EXAMPLE To specify 7 d...

Страница 926: ...local Selects local password checking Authentication is based on the user name specified with the username command DEFAULT SETTING login local COMMAND MODE Line Configuration COMMAND USAGE There are t...

Страница 927: ...ED COMMANDS username 1033 password 928 parity This command defines the generation of a parity bit Use the no form to restore the default setting SYNTAX parity none even odd no parity none No parity ev...

Страница 928: ...ction the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect p...

Страница 929: ...llowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down EXAMPLE To set the password threshold to...

Страница 930: ...inal speeds Use the no form to restore the default setting SYNTAX speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps DEFAULT SETTING 115200 bps COMMAND MODE...

Страница 931: ...t login response This command sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default setting SYNTAX timeout login response seconds no timeout log...

Страница 932: ...SSH Telnet or console connection Range 0 8 COMMAND MODE Privileged Exec COMMAND USAGE Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an act...

Страница 933: ...on describes commands used to configure event logging on the switch Table 68 Event Logging Commands Command Function Mode logging facility Sets the facility type for remote logging of syslog messages...

Страница 934: ...the syslog server to sort messages or to store messages in the corresponding database EXAMPLE Console config logging facility 19 Console config logging history This command limits syslog messages sav...

Страница 935: ...emove a syslog server host SYNTAX no logging host host ip address host ip address The IPv4 or IPv6 address of a syslog server DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Use t...

Страница 936: ...rror messages that are stored in memory You can use the logging trap command to control the type of error messages that are sent to specified syslog servers EXAMPLE Console config logging on Console c...

Страница 937: ...evel also enables remote logging but restores the minimum severity level to the default EXAMPLE Console config logging trap 4 Console config clear log This command clears messages from the log buffer...

Страница 938: ...d then on through the power source EXAMPLE The following example shows the event message stored in RAM Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function...

Страница 939: ...bled Remote Log Facility Type Local use 7 Remote Log Level Type Debugging messages Remote Log Server IP Address 0 0 0 0 Remote Log Server IP Address 0 0 0 0 Remote Log Server IP Address 0 0 0 0 Remote...

Страница 940: ...facility command REMOTELOG level type The severity threshold for syslog messages sent to a remote server as specified in the logging trap command REMOTELOG server IP address The address of syslog serv...

Страница 941: ...es the connection To open a connection the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mai...

Страница 942: ...logging sendmail level 3 Console config logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient SYNTAX no logging sendma...

Страница 943: ...ODE Global Configuration COMMAND USAGE You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch EXAMPLE Console config logging sen...

Страница 944: ...configuration settings NE PE NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables the NTP client for tim...

Страница 945: ...SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp...

Страница 946: ...which SNTP time requests are issued Use the this command with no arguments to clear all time servers from the current list Use the no form to clear all time servers from the current list or to clear a...

Страница 947: ...ing time synchronization requests and the current SNTP mode i e unicast EXAMPLE Console show sntp Current Time Nov 5 18 51 22 2006 Poll Interval 16 seconds Current Mode Unicast SNTP Status Enabled SNT...

Страница 948: ...er The NTP authentication key ID number Range 1 65535 md5 Specifies that authentication is provided by using the message digest algorithm 5 key An MD5 authentication key string The key string can be u...

Страница 949: ...n COMMAND USAGE The SNTP and NTP clients cannot be enabled at the same time First disable the SNTP client before using this command The time acquired from time servers is used to record accurate dates...

Страница 950: ...client mode It issues time synchronization requests based on the interval set with the ntp poll command The client will poll all the time servers configured the responses received are filtered and co...

Страница 951: ...ion 3 NTP Server 192 168 4 22 version 3 key 19 NTP Authentication Key 19 md5 42V68751663T6K11P2J307210R885 Console Manual Configuration Commands clock summer time date This command sets the start end...

Страница 952: ...al Configuration COMMAND USAGE In some countries or regions clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less This is known as Summer Time or D...

Страница 953: ...one hour at the start of spring and then adjusted backward in autumn This command sets the summer time time relative to the configured time zone To specify the time corresponding to your local time wh...

Страница 954: ...ry march april may june july august september october november december b hour The hour when summer time will begin Range 0 23 hours b minute The minute when summer time will begin Range 0 59 minutes...

Страница 955: ...he time zone for the switch s internal clock SYNTAX clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 30 characters hours Number of ho...

Страница 956: ...TAX calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march...

Страница 957: ...ge configuration mode Use the no form to remove a previously specified time range SYNTAX no time range name name Name of the time range Range 1 16 characters DEFAULT SETTING None COMMAND MODE Global C...

Страница 958: ...june july august september october november december year Year 4 digit Range 2009 2109 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured yo...

Страница 959: ...Weekdays weekend Weekends hour Hour in 24 hour format Range 0 23 minute Minute Range 0 59 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured...

Страница 960: ...area network Table 76 PTP Commands Command Function Mode ptp adjust Adjusts the system time based information in received Sync messages GC ptp domain number Specifies the PTP clock synchronization dom...

Страница 961: ...Sync message ensuring that the offset from the master clock listed in the Current Data Set is now zero as displayed by the show ptp information command EXAMPLE Console config ptp adjust Console confi...

Страница 962: ...her using PTP Multiple independent PTP clocking domains can be configured on a single network but a device can only belong to one domain EXAMPLE Console config ptp domain number 1 Console config ptp e...

Страница 963: ...d master clocks EXAMPLE Console config ptp in latency 10 Console config ptp mode This command sets the operating mode to boundary clock or transparent clock Use the no form to restore the default sett...

Страница 964: ...witch will synchronize to that clock as its child and then acts as the parent clock to devices connected to other ports After initial synchronization the switch and connected devices exchange timing m...

Страница 965: ...k based on the following clock properties Priority An administratively assigned precedence hint used by the BMC to help select a grandmaster for the PTP domain Class An attribute defining the clock s...

Страница 966: ...AND USAGE The priority2 preference is only considered when it not possible to use priority1 and other clock attributes to select a best master clock EXAMPLE Console config ptp priority2 16 Console con...

Страница 967: ...all paths through the switch or for successive messages crossing the same path peer to peer This method measures the delay required for PTP event messages to cross the link from the peer port on the u...

Страница 968: ...ollowing values 0 1 packet every second 1 1 packet every 2 seconds 2 1 packet every 4 seconds 3 1 packet every 8 seconds 4 1 packet every 16 seconds It may be necessary for the announcement interval t...

Страница 969: ...second 1 1 packet every 2 seconds 2 1 packet every 4 seconds 3 1 packet every 8 seconds 4 1 packet every 16 seconds 5 1 packet every 32 seconds This value is determined and advertised by a master clo...

Страница 970: ...he ptp delay mechanism command EXAMPLE Console config interface ethernet 1 1 Console config if ptp log min pdelay request interval 1 Console config if ptp log sync interval This command sets the synch...

Страница 971: ...ptp port enable DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE PTP is not enabled on all supported interfaces by default You must enable PTP on indiv...

Страница 972: ...a transport mechanism the following UDP destination ports are reserved values assigned to PTP Table 77 Ethernet Multicast MAC Addresses Message Types Address hex All except peer delay mechanism messag...

Страница 973: ...TP management message SYNTAX ptp port release interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged...

Страница 974: ...rs Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show ptp configuration ethernet 1 1 Ethernet 1 1 Delay Mechanism Peer to Peer Transport Ethernet Log Sync I...

Страница 975: ...aster clock quality time properties Shows information about the time attributes transparent Shows information for a transparent clock interface ethernet unit port list unit Stack unit Range 1 port lis...

Страница 976: ...riority2 128 Domain Number 0 Slave Only No Current Data Set Steps Removed 0 Offset From Master 0 sec 0 nano sec Mean Path Delay 0 sec 0 nano sec Parent Data Set Parent Identity Clock Identity 0X00000C...

Страница 977: ...ining the accuracy of the clock Offset Scaled Log Variance An attribute defining the stability of the clock Priority1 A preference level used in selecting the master clock Priority2 A secondary prefer...

Страница 978: ...reference Frequency Traceable Indicates if the frequency determining the time scale is traceable to a primary reference PTP Timescale Indicates if the clock time scale of the grand master clock is PT...

Страница 979: ...A unique 8 octet array based on the IEEE EUI 64 assigned numbers Number Ports Number of ports on this device Delay Mechanism Time delay measurement method end to end or peer to peer Primary Domain Num...

Страница 980: ...nstream PHYs and retransmitted down the chain Every node in the chain must be capable of recovering and re transmitting frequency synchronization signals SyncE provides timing synchronization through...

Страница 981: ...pports SyncE Use the no form to disable SyncE on a port SYNTAX no synce ethernet unit port unit Unit identifier Range 1 port Port number Range 25 28 DEFAULT SETTING Disabled COMMAND MODE Global Config...

Страница 982: ...ctive clock source port exists the switch s internal clock will be used as the clock source If the priority of the clock source port is not specified the port ID of the clock source port will be used...

Страница 983: ...ource selection mode All ports configured as clock source port in manual mode will be kept after changing to auto mode If more than one port is configured as clock source port the port with a valid cl...

Страница 984: ...active clock source or sets a port to be the active clock source SYNTAX synce force clock source selecting ethernet unit port unit Unit identifier Range 1 port Port number Range 25 28 DEFAULT SETTING...

Страница 985: ...command only enables a port to send receive SSM It does not designate a specific port to be used as the clock source port Use the synce clk src ssm command to configure the clock source Only SSM will...

Страница 986: ...ode the local clock will be used as clock source in Manual mode All ports configured as clock source ports under Auto mode will be kept after changing to Manual mode Link State Changes If an SSM enabl...

Страница 987: ...t function EXAMPLE Console config synce ssm ethernet 1 25 Console config synce ssm ethernet 1 26 Console config synce ssm ethernet 1 27 Console config synce ssm ethernet 1 28 Console config show synce...

Страница 988: ...Status Port Port identifier Status Shows if reception transmission of SSM is enabled or disabled Priority The selection priority determined by the manual configuration or default setting Tx SSM Shows...

Страница 989: ...Candidates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate swit...

Страница 990: ...k Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Switch clusters are limited to the same Ethernet broad...

Страница 991: ...pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x DEFAULT SETTING 10 254 254 1 COMMAND MODE Global Confi...

Страница 992: ...tion COMMAND USAGE The maximum number of cluster Members is 16 The maximum number of cluster Candidates is 100 EXAMPLE Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config r...

Страница 993: ...OMMAND MODE Privileged Exec EXAMPLE Console show cluster Role commander Interval Heartbeat 30 Heartbeat Loss Count 3 seconds Number of Members 1 Number of Candidates 2 Console show cluster members Thi...

Страница 994: ...tes This command shows the discovered Candidate switches in the network COMMAND MODE Privileged Exec EXAMPLE Console show cluster candidates Cluster Candidates Role MAC Address Description Active memb...

Страница 995: ...Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Display...

Страница 996: ...n multicast traffic exceeds the upper threshold for automatic storm control IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper thre...

Страница 997: ...nity string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number o...

Страница 998: ...tact string Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length...

Страница 999: ...SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentica...

Страница 1000: ...page 1561 mac notification Keyword to issue trap when a dynamic MAC address is added or removed interval Specifies the interval between issuing two consecutive traps Range 0 3600 seconds Default 1 se...

Страница 1001: ...cipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps a...

Страница 1002: ...that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notifications are issued by the...

Страница 1003: ...tring is interpreted as an SNMP user name The user name must first be defined with the snmp server user command Otherwise an SNMPv3 group will be automatically created by the snmp server host command...

Страница 1004: ...Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show snmp server enable port traps interface Interface MAC Notification Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine...

Страница 1005: ...en the switch and a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need...

Страница 1006: ...write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public17 read only private18 read write readview Every object belonging to th...

Страница 1007: ...remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha...

Страница 1008: ...emote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote...

Страница 1009: ...onsole config This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engin...

Страница 1010: ...ype volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1...

Страница 1011: ...iption Field Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view sto...

Страница 1012: ...s the specified notification log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification...

Страница 1013: ...host parameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a m...

Страница 1014: ...ation log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network ma...

Страница 1015: ...AX memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 falling threshol...

Страница 1016: ...d in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 DEFAULT SETTING Rising Threshold 90 Falling Threshold 70 COMMAND MODE Glob...

Страница 1017: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 1018: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Страница 1019: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Страница 1020: ...he polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 28 Buckets 50 Interval 30...

Страница 1021: ...24 interval 60 Console config if rmon collection rmon1 This command enables the collection of statistics on a physical interface Use the no form to disable statistics collection SYNTAX rmon collectio...

Страница 1022: ...t 0 show rmon events This command shows the settings for all configured events COMMAND MODE Privileged Exec EXAMPLE Console show rmon events Event 2 is valid owned by mike Description is urgent Event...

Страница 1023: ...entries in the statistics group COMMAND MODE Privileged Exec EXAMPLE Console show rmon statistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372...

Страница 1024: ...CHAPTER 26 Remote Monitoring Commands 1024...

Страница 1025: ...of this chapter all refer to a remote server capable of receiving the sFlow datagrams generated by the sFlow agent of the switch sflow owner This command creates an sFlow collector on the switch Use...

Страница 1026: ...s version v4 v5 Sends either v4 or v5 sFlow datagrams to the receiver DEFAULT SETTING No owner is configured UDP Port 6343 Version v4 Maximum Datagram Size 1400 bytes COMMAND MODE Privileged Exec COMM...

Страница 1027: ...ling rate sample rate max header size max header size no sflow sample interface interface instance instance id interface The source from which the samples will be taken and sent to a collector etherne...

Страница 1028: ...terval Use the no form to remove the polling data source instance from the switch s sFlow configuration SYNTAX sflow polling interface interface instance instance id receiver owner name polling interv...

Страница 1029: ...s for the sFlow process SYNTAX show sflow owner owner name interface interface owner name The associated receiver to which the samples are sent Range 1 30 alphanumeric characters interface ethernet un...

Страница 1030: ...CHAPTER 27 Flow Sampling Commands 1030...

Страница 1031: ...ntication Sequence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS Client Configures settings for authentication via...

Страница 1032: ...ec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password Password for this privilege level Maximum length 32 characters plain text or encrypted case sensitive DEFAULT...

Страница 1033: ...redefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authe...

Страница 1034: ...de with the enable command Use the no form to restore the default SYNTAX authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS server passw...

Страница 1035: ...nging command modes 1032 authentication login This command defines the login authentication method and precedence Use the no form to restore the default SYNTAX authentication login local radius tacacs...

Страница 1036: ...base of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch radius server acct port This command sets the RADIUS server...

Страница 1037: ...t 181 Console config radius server host This command specifies primary and backup RADIUS servers and authentication and accounting parameters that apply to each server Use the no form to remove a spec...

Страница 1038: ...t 1812 acct port 1813 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server 1 host 192 168 1 20 port 181 timeout 10 retransmit 5 key green Console confi...

Страница 1039: ...SETTING 2 COMMAND MODE Global Configuration EXAMPLE Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication re...

Страница 1040: ...Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on the network An authentication ser...

Страница 1041: ...P port used for authentication messages Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 timeout Number of seconds the switch...

Страница 1042: ...TACACS server TCP port used for authentication messages Range 1 65535 DEFAULT SETTING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server re...

Страница 1043: ...ds Number of seconds the switch waits for a reply before resending a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console con...

Страница 1044: ...accounting method for service requests Range 1 64 characters start stop Records accounting from starting point and stopping point Table 102 AAA Commands Command Function Mode aaa accounting dot1x Enab...

Страница 1045: ...counting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x defa...

Страница 1046: ...ethod name fields are only used to describe the accounting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to us...

Страница 1047: ...64 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured wit...

Страница 1048: ...EXAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the g...

Страница 1049: ...list name Specifies a method list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config...

Страница 1050: ...t name Specifies a method list created with the aaa authorization exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line authorizatio...

Страница 1051: ...Eth 1 1 Method List tps Group List radius Interface Eth 1 2 Accounting Type EXEC Method List default Group List tacacs Interface vty Console WEB SERVER This section describes commands used to configur...

Страница 1052: ...nge 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configuration EXAMPLE Console config ip http port 769 Console config RELATED COMMANDS ip http server 1052 show system 906 ip http server This command...

Страница 1053: ...to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number EXAMPLE Cons...

Страница 1054: ...e client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The fol...

Страница 1055: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight sessions can...

Страница 1056: ...CP port number to be used by the browser interface Range 1 65535 DEFAULT SETTING 23 COMMAND MODE Global Configuration EXAMPLE Console config ip telnet port 123 Console config ip telnet server This com...

Страница 1057: ...h authentication retries Specifies the number of retries allowed by a client GC ip ssh server Enables the SSH server on the switch GC ip ssh server key size Sets the SSH server key size GC ip ssh time...

Страница 1058: ...ts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233...

Страница 1059: ...ents that have a private key corresponding to the public keys stored on the switch can access it The following exchanges take place during this process Authenticating SSH v1 5 Clients a The client sen...

Страница 1060: ...sing any configured IPv4 or IPv6 interface address on the switch ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no f...

Страница 1061: ...ing the SSH server EXAMPLE Console ip ssh crypto host key generate dsa Console configure Console config ip ssh server Console config RELATED COMMANDS ip ssh crypto host key generate 1063 show ssh 1066...

Страница 1062: ...e switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty...

Страница 1063: ...1 5 clients and DSA Version 2 for SSHv2 clients This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client p...

Страница 1064: ...mory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command EXAMPLE Console ip ssh crypto zeroize dsa C...

Страница 1065: ...ileged Exec COMMAND USAGE If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA...

Страница 1066: ...27s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S...

Страница 1067: ...ch sends an EAP request identity frame to the client before restarting the authentication process IC dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity...

Страница 1068: ...MODE Global Configuration COMMAND USAGE When this device is functioning as intermediate node in the network and does not need to perform dot1x authentication the dot1x eapol pass through command can b...

Страница 1069: ...either to block all traffic or to assign all traffic for the port to a guest VLAN Use the no form to reset the default SYNTAX dot1x intrusion action block traffic guest vlan no dot1x intrusion action...

Страница 1070: ...T 2 COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x max reauth req 2 Console config if dot1x max req This command sets the maximum number of times...

Страница 1071: ...ws multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAGE The max count parameter specified by this co...

Страница 1072: ...T force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enable...

Страница 1073: ...efault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console confi...

Страница 1074: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Страница 1075: ...interface SYNTAX dot1x re authenticate interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 COMMAND MODE Privileged Exec COMMAND USAGE The re authentication...

Страница 1076: ...erface that has enabled 802 1X including the following items Type Administrative state for port access control Enabled Authenticator or Supplicant Operation Mode Allows single or multiple hosts page 1...

Страница 1077: ...rized Reauth Count Number of times connecting state is re entered Current Identifier The integer 0 255 used by the Authenticator to identify the current authentication session Backend State Machine St...

Страница 1078: ...o Intrusion Action Block traffic Supplicant 00 e0 29 94 34 65 Authenticator PAE State Machine State Authenticated Reauth Count 0 Current Identifier 3 Backend State Machine State Idle Request Count 0 I...

Страница 1079: ...invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access r...

Страница 1080: ...addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Displays IP addresses for the Telnet group COMMAND MODE Privileged Exec EXAMPLE Console show management...

Страница 1081: ...op information from the client s PPPoE Active Discovery Request and forwards this information to all trusted ports Table 110 PPPoE Intermediate Agent Commands Command Function Mode pppoe intermediate...

Страница 1082: ...X pppoe intermediate agent format type access node identifier id string generic error message error message no pppoe intermediate agent format type access node identifier generic error message id stri...

Страница 1083: ...int ethernet 1 5 Console config if pppoe intermediate agent port enable Console config if pppoe intermediate agent port format type This command sets the circuit id or remote id for an interface Use t...

Страница 1084: ...ets sent from the PPPoE Server include the Circuit Id tag inserted by the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients using the pppoe...

Страница 1085: ...SAGE This command only applies to trusted interfaces It is used to strip off vendor specific tags which carry subscriber and line identification information in PPPoE Discovery packets received from an...

Страница 1086: ...nfo PPPoE Intermediate Agent Global Status Enabled PPPoE Intermediate Agent Admin Access Node Identifier 192 168 0 2 PPPoE Intermediate Agent Oper Access Node Identifier 192 168 0 2 PPPoE Intermediate...

Страница 1087: ...th 1 1 statistics Received All PADI PADO PADR PADS PADT 3 0 0 0 0 3 Dropped Response from untrusted Request towards untrusted Malformed 0 0 0 Console Table 111 show pppoe intermediate agent statistics...

Страница 1088: ...CHAPTER 28 Authentication Commands PPPoE Intermediate Agent 1088...

Страница 1089: ...AC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control Lists Provides filtering for IP frames based on address protocol TCP UDP port number or TC...

Страница 1090: ...and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enabl...

Страница 1091: ...security This command enables or configures port security Use the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings fo...

Страница 1092: ...ddress VLAN for frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a p...

Страница 1093: ...pecifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE This example shows the switch saving the MAC addresses learned by port...

Страница 1094: ...settings and number of secure addresses for a specific port The Last Intrusion MAC and Last Time Detected Intrusion MAC fields show information about the last detected intrusion MAC address These fie...

Страница 1095: ...Up Intrusion Action None Max MAC Count 0 Current MAC Count 0 MAC Filter Enabled MAC Filter ID 1 Last Intrusion MAC 00 10 22 00 00 01 Last Time Detected Intrusion MAC 2010 7 29 15 13 03 Console NETWORK...

Страница 1096: ...ect and act upon link up events IC network access link detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac c...

Страница 1097: ...e config if network access aging Console config if network access mac filter Use this command to add a MAC address into a filter table Use the no form of this command to remove the specified MAC addre...

Страница 1098: ...mac authentication reauth time seconds The reauthentication time period Range 120 1000000 seconds DEFAULT SETTING 1800 COMMAND MODE Global Configuration COMMAND USAGE The reauthentication time is a gl...

Страница 1099: ...ile a port has an assigned dynamic QoS profile any manual QoS configuration changes only take effect after all users have logged off of the port NOTE Any configuration changes for dynamic QoS are not...

Страница 1100: ...resses on the port must have same VLAN configuration or they are treated as an authentication failure If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuratio...

Страница 1101: ...est vlan to be effective see the dot1x intrusion action command EXAMPLE Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if network access link detec...

Страница 1102: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Страница 1103: ...ponse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAN...

Страница 1104: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Страница 1105: ...Type attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter...

Страница 1106: ...ce Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addre...

Страница 1107: ...t xx xx xx xx xx xx interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console clear netw...

Страница 1108: ...MAC address table entries SYNTAX show network access mac address table static dynamic address mac address mask interface interface sort address interface static Specifies static address entries dynami...

Страница 1109: ...FAULT SETTING Displays all filters COMMAND MODE Privileged Exec EXAMPLE Console show network access mac filter Filter ID MAC Address MAC Mask 1 00 00 01 02 03 08 FF FF FF FF FF FF Console WEB AUTHENTI...

Страница 1110: ...web auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet period Defines the amount of time to wait after the limit for failed login attempts is exceeded...

Страница 1111: ...cation again Range 1 180 seconds DEFAULT SETTING 60 seconds COMMAND MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defi...

Страница 1112: ...system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web...

Страница 1113: ...COMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the de...

Страница 1114: ...empts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interf...

Страница 1115: ...snooping globally GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping information policy...

Страница 1116: ...an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time V...

Страница 1117: ...is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server...

Страница 1118: ...n for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub option for the DHCP snooping agent that is the IP address of the managem...

Страница 1119: ...ormation enabling the DHCP snooping information option will remove option 82 information from the packet EXAMPLE This example enables the DHCP Snooping Information Option Console config ip dhcp snoopi...

Страница 1120: ...the source MAC address in the Ethernet header Use the no form to disable this function SYNTAX no ip dhcp binding verify mac address DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND U...

Страница 1121: ...command DHCP packet filtering will be performed on any untrusted ports within the VLAN as specified by the ip dhcp snooping trust command When the DHCP snooping is globally disabled DHCP snooping can...

Страница 1122: ...under the ip dhcp snooping information option command Option 82 information generated by the switch is based on TR 101 syntax as shown below The circuit identifier used by this switch starts at sub o...

Страница 1123: ...ly messages from within the network An untrusted interface is an interface that is configured to receive messages from outside the network or fire wall Set all ports connected to DHCP servers within t...

Страница 1124: ...t any optional keywords to clear all entries from the binding table SYNTAX clear ip dhcp snooping binding mac address vlan vlan id mac address Specifies a MAC address entry Format xx xx xx xx xx xx vl...

Страница 1125: ...ory will no longer be valid EXAMPLE Console ip dhcp snooping database flash Console show ip dhcp snooping This command shows the DHCP snooping configuration settings COMMAND MODE Privileged Exec EXAMP...

Страница 1126: ...store the default setting SYNTAX no ipv6 dhcp snooping DEFAULT SETTING Disabled Table 120 DHCP Snooping Commands Command Function Mode ipv6 dhcp snooping Enables DHCPv6 snooping globally GC ipv6 dhcp...

Страница 1127: ...tch is 100 packets per second Any DHCPv6 packets in excess of this limit are dropped Filtering rules are implemented as follows If global DHCPv6 snooping is disabled all DHCPv6 packets are forwarded I...

Страница 1128: ...me and forward to original destination Otherwise remove binding entry and check failed If a DHCPv6 Relay packet is received check the relay message option in Relay Forward or Relay Reply packet and pr...

Страница 1129: ...y using the ipv6 dhcp snooping command and enabled on a VLAN with this command DHCPv6 packet filtering will be performed on any untrusted ports within the VLAN as specified by the ipv6 dhcp snooping t...

Страница 1130: ...g trust This command configures the specified interface as trusted Use the no form to restore the default setting SYNTAX no ipv6 dhcp snooping trust DEFAULT SETTING All interfaces are untrusted COMMAN...

Страница 1131: ...g trust Console config if RELATED COMMANDS ipv6 dhcp snooping 1126 ipv6 dhcp snooping vlan 1129 clear ipv6 dhcp snooping binding This command clears DHCPv6 snooping binding table entries from RAM Use...

Страница 1132: ...ping status disabled DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max binding Current binding Eth 1 1 No 5 0 Eth 1 2 No 5 0 Eth 1 3 No 5 0 Eth 1 4 No 5 0 Eth 1 5 Yes 5 0 sh...

Страница 1133: ...ooping on page 1115 IPv4 source guard can be used to prevent traffic attacks caused when a host tries to use the IPv4 address of a neighbor to access the network This section describes commands used t...

Страница 1134: ...rt Port number Range 1 28 DEFAULT SETTING No configured entries COMMAND MODE Global Configuration COMMAND USAGE If the binding mode is not specified in this command the entry is bound to the ACL table...

Страница 1135: ...8 0 99 interface ethernet 1 5 Console config RELATED COMMANDS ip source guard 1135 ip dhcp snooping 1116 ip dhcp snooping vlan 1121 ip source guard This command configures the switch to filter inbound...

Страница 1136: ...h its IP address and corresponding MAC address sip mac option will be checked against the binding table If no matching entry is found the packet will be dropped Filtering rules are implemented as foll...

Страница 1137: ...r of IP addresses that can be mapped to an interface in the binding table Range 1 5 for ACL mode 1 1024 for MAC mode DEFAULT SETTING Mode ACL Maximum bindings 5 for ACL mode 1024 for MAC mode COMMAND...

Страница 1138: ...rnet EXAMPLE This command sets the binding table mode for the specified interface to MAC mode Console config interface ethernet 1 5 Console config if ip source guard mode mac Console config if clear i...

Страница 1139: ...h 1 4 DISABLED ACL 5 1024 Eth 1 5 DISABLED ACL 5 1024 show ip source guard binding This command shows the source guard binding table SYNTAX show ip source guard binding dhcp snooping static acl mac bl...

Страница 1140: ...e Use the no form to remove a static entry SYNTAX ipv6 source guard binding mac address vlan vlan id ipv6 address interface interface no ipv6 source guard binding mac address vlan vlan id mac address...

Страница 1141: ...amic entries learned via ND snooping DHCPv6 snooping or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry wi...

Страница 1142: ...uard is enabled on an interface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A por...

Страница 1143: ...rce bindings dynamically learned via ND snooping or DHCP snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packets and DHCPv6 pack...

Страница 1144: ...source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries learned through DHC...

Страница 1145: ...g each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination dropping any invalid ARP packets ARP Inspection determines the validity of an AR...

Страница 1146: ...their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs ip arp inspection limit...

Страница 1147: ...andom group of VLANs with each entry separated by a comma static ARP packets are only validated against the specified ACL address bindings in the DHCP snooping database is not checked DEFAULT SETTING...

Страница 1148: ...inspection command before this command will be accepted by the switch By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the lo...

Страница 1149: ...ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and respons...

Страница 1150: ...ction is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP...

Страница 1151: ...command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Console config i...

Страница 1152: ...ion Global IP ARP Inspection Status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp insp...

Страница 1153: ...ics ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address...

Страница 1154: ...an no longer communicate adequately This section describes commands used to protect against DoS attacks dos protection land This command protects against DoS LAND Local Area Network Denial attacks in...

Страница 1155: ...X no dos protection tcp null scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp null scan Console config dos protection tcp syn fin scan This comm...

Страница 1156: ...he target replies with a TCP RST packet If the target TCP port is open it simply discards the TCP XMAS scan Use the no form to disable this feature SYNTAX no dos protection tcp xmas scan DEFAULT SETTI...

Страница 1157: ...tation SYNTAX no traffic segmentation DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Traffic segmentation provides port based security and isolation between ports within the...

Страница 1158: ...entation globally on the switch Console config traffic segmentation Console config traffic segmentation session This command creates a traffic segmentation client session Use the no form to remove a c...

Страница 1159: ...rface list downlink interface list downlink interface list session id Traffic segmentation session Range 1 4 uplink Specifies an uplink interface downlink Specifies a downlink interface interface list...

Страница 1160: ...sole config traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink to uplink This command specifies whether or not traffic can be forwarded betwee...

Страница 1161: ...segmentation This command displays the configured traffic segments COMMAND MODE Privileged Exec EXAMPLE Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding...

Страница 1162: ...CHAPTER 29 General Security Measures Configuring Port based Traffic Segmentation 1162...

Страница 1163: ...IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class next header type or flow l...

Страница 1164: ...er more specific criteria acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you crea...

Страница 1165: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Страница 1166: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Страница 1167: ...t mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Preceden...

Страница 1168: ...ort 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any contr...

Страница 1169: ...ip access list 1169 Time Range 957 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP ac...

Страница 1170: ...cess list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP addre...

Страница 1171: ...ndard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address pre...

Страница 1172: ...permit deny any host destination ipv6 address destination ipv6 address prefix length dscp dscp flow label flow label next header next header time range time range name no permit deny any host destinat...

Страница 1173: ...handling by the intervening routers The nature of that special handling might be conveyed to the routers by a control protocol such as a resource reservation protocol or by information within the flow...

Страница 1174: ...e config ext ipv6 acl This allows any packets sent to the destination 2009 DB9 2229 79 48 when the next header is 43 Console config ext ipv6 acl permit 2009 DB9 2229 79 48 next header 43 Console confi...

Страница 1175: ...DS show ipv6 access list 1175 Time Range 957 show ipv6 access group This command shows the ports assigned to IPv6 ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 access group Interface eth...

Страница 1176: ...Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuratio...

Страница 1177: ...rce source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask NOTE The default is for Ethernet II packets permit deny tagged eth2...

Страница 1178: ...I packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tagged Ethernet 802 3 packets untagged 802 3 Untagged Ethernet 802 3 packets any Any MAC source or destination address host A specific...

Страница 1179: ...ort Use the no form to remove the port SYNTAX mac access group acl name in out time range time range name counter no mac access group acl name in out acl name Name of the ACL Maximum length 16 charact...

Страница 1180: ...ace ethernet 1 5 MAC access list M5 in Console RELATED COMMANDS mac access group 1179 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name...

Страница 1181: ...MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create a...

Страница 1182: ...esponse ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac des...

Страница 1183: ...mac any any Console config mac acl RELATED COMMANDS access list arp 1181 show access list arp This command displays the rules for configured ARP ACLs SYNTAX show access list arp acl name acl name Name...

Страница 1184: ...ernet unit port unit Unit identifier Range 1 port Port number Range 1 28 acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware c...

Страница 1185: ...ngress egress rules for Standard IPv6 ACLs mac Shows ingress egress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Na...

Страница 1186: ...CHAPTER 30 Access Control Lists ACL Information 1186...

Страница 1187: ...ce IC switchport mtu Sets the maximum transfer unit for an interface IC clear counters Clears statistics on an interface PE show discard Displays if CDP and PVST packets are being discarded PE show in...

Страница 1188: ...or IPv6 address before a connection can be made through Telnet SSH or HTTP transceiver threshold rx power Sends a trap when the power level of the received signal power falls outside the specified thr...

Страница 1189: ...onfiguration file An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following example...

Страница 1190: ...n command the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the flowcontrol...

Страница 1191: ...he no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cdp pvst cdp Cisco Discovery Protocol pvst Per VLAN Spanning Tree DEFAULT SETTING Default Forwa...

Страница 1192: ...rmined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port EXAMPLE The following example enables flow control o...

Страница 1193: ...ports Use the no form to restore the default mode SYNTAX media type sfp forced mode no media type sfp forced Forces transceiver mode for the SFP port mode 1000sfp Always uses 1000BASE SFP mode 100fx A...

Страница 1194: ...When auto negotiation is disabled you must manually specify the link attributes with the flowcontrol command Note Auto negotiation is not supported for 1000BASE SFP transceivers used in 10G SFP Ports...

Страница 1195: ...ING 1518 bytes COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use the jumbo frame command to enable or disable jumbo frames for all Gigabit and 10 Gigabit Ethernet ports To s...

Страница 1196: ...and EXAMPLE The following first enables jumbo frames for layer 2 packets and then sets the MTU for port 1 Console config jumbo frame Console config interface ethernet 1 1 Console config if switchport...

Страница 1197: ...th 1 1 Default Default Eth 1 2 Default Default Eth 1 3 Default Default Eth 1 4 Default Default Eth 1 7 Default Default Eth 1 8 Default Default Eth 1 9 Default Default Eth 1 10 Default Default Eth 1 11...

Страница 1198: ...yed by this command see Showing Port or Trunk Statistics on page 192 EXAMPLE Console show interfaces counters ethernet 1 1 Ethernet 1 1 IF table Stats 2166458 Octets Input 14734059 Octets Output 14707...

Страница 1199: ...Output per seconds 1 Packets Output per second 0 00 Output Utilization Console show interfaces counters vlan 1 VLAN 1 21462 Octets Input 93 Packets Input Console show interfaces history This command...

Страница 1200: ...ries in the sampling table Console show interfaces history ethernet 1 1 Interface Eth 1 1 Name 1min Interval 1 minute s Buckets Requested 15 Buckets Granted 15 Status Active Current Entries Start Time...

Страница 1201: ...ards Errors Unknown Proto 0 0 0 Octets Output Unicast Multicast Broadcast 8896498997 11151669 4734465 119595 Discards Errors 0 0 Console This example shows the statistics recorded for a named entry in...

Страница 1202: ...62 30 00d 00 07 37 8548505 13380 2879 30 Start Time Octets Output Discards Errors 00d 00 05 37 6827866 0 0 00d 00 06 37 7572668 0 0 00d 00 07 37 8548505 0 0 Console show interfaces status This command...

Страница 1203: ...Disabled MAC Learning Yes Media Type SFP forced MTU 1518 Current Status Link Status Up Port Operation Status Up Operation Speed duplex 1000full Up Time 0w 0d 1h 41m 8s 6068 seconds Flow Control Type...

Страница 1204: ...hport display description Field Description Broadcast Threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 1241 Multicast Threshold S...

Страница 1205: ...e private VLAN mode as host promiscuous or none 1369 Private VLAN host association Shows the secondary or community VLAN with which this port is associated 1368 Private VLAN mapping Shows the primary...

Страница 1206: ...an alarm or warning message SYNTAX transceiver threshold current high alarm high warning low alarm low warning threshold value high alarm Sets the high current threshold for an alarm message high warn...

Страница 1207: ...vel were to fluctuate just above and below either the high threshold or the low threshold Trap messages enabled by the transceiver threshold monitor command are sent to any management station configur...

Страница 1208: ...alarm thresholds for the signal power received at port 1 Console config interface ethernet 1 1 Console config if transceiver threshold rx power low alarm 21 Console config if transceiver threshold rx...

Страница 1209: ...thernet 1 1 Console config if transceiver threshold temperature low alarm 97 Console config if transceiver threshold temperature high alarm 83 Console transceiver threshold tx power This command sets...

Страница 1210: ...ole config interface ethernet 1 1 Console config if transceiver threshold tx power low alarm 8 Console config if transceiver threshold tx power high alarm 3 Console transceiver threshold voltage This...

Страница 1211: ...splays identifying information for the specified transceiver including connector type and vendor related parameters as well as the temperature voltage bias current transmit power and receive power SYN...

Страница 1212: ...ower dBm 12 00 11 50 9 50 9 00 RxPower dBm 21 50 21 00 3 50 3 00 Console show interfaces transceiver threshold This command Displays the alarm warning thresholds for temperature voltage bias current t...

Страница 1213: ...e a DDM compliant transceiver inserted EXAMPLE Console show interfaces transceiver threshold ethernet 1 25 Information of Eth 1 25 DDM Thresholds Transceiver monitor Disabled Transceiver threshold aut...

Страница 1214: ...CHAPTER 31 Interface Commands Transceiver Threshold Configuration 1214...

Страница 1215: ...8 ports Table 135 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC port...

Страница 1216: ...s not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the...

Страница 1217: ...r many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination I...

Страница 1218: ...with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates tru...

Страница 1219: ...shows that Trunk1 has been established Console config interface ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if lacp Console config if interface etherne...

Страница 1220: ...COMMAND USAGE Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chan...

Страница 1221: ...s selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already...

Страница 1222: ...mbined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been e...

Страница 1223: ...reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3 Console config if lacp timeout This command configures the timeout to wait for the next LACP data unit LA...

Страница 1224: ...again that timeout value will be used EXAMPLE Console config interface port channel 1 Console config if lacp timeout short Console config if Trunk Status Display Commands show lacp This command displ...

Страница 1225: ...oup LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs rece...

Страница 1226: ...s not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is cur...

Страница 1227: ...t priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper K...

Страница 1228: ...play Commands 1228 show port channel load balance This command shows the load distribution method used on aggregated links COMMAND MODE Privileged Exec EXAMPLE Console show port channel load balance T...

Страница 1229: ...nitor interface rx tx both no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 28 rx Mirror received packets tx Mirror transmitted...

Страница 1230: ...mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monitor port When mirroring traffic from a VLAN traffic may als...

Страница 1231: ...nation Port listen port Eth1 5 Source Port monitored port Eth1 6 Mode RX TX Console RSPAN MIRRORING COMMANDS Remote Switched Port Analyzer RSPAN allows you to mirror traffic from remote switches for a...

Страница 1232: ...nation port cannot be configured on the same switch Local Remote Mirror The destination of a local mirror session created with the port monitor command cannot be used as the destination for RSPAN traf...

Страница 1233: ...d remote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN interface list One or more source ports Use a hyphen to indicate a con...

Страница 1234: ...ote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN interface ethernet unit port unit Unit identifier Range 1 port Port number...

Страница 1235: ...y one session available for RSPAN vlan id ID of configured RSPAN VLAN Range 2 4092 Use the vlan rspan command to reserve a VLAN for RSPAN mirroring before enabling RSPAN with this command source Speci...

Страница 1236: ...ch and the uplink interface as port 3 Console config rspan session 1 remote vlan 2 destination uplink ethernet 1 3 Console config no rspan session Use this command to delete a configured RSPAN session...

Страница 1237: ...rt monitor command then there is only one session available for RSPAN COMMAND MODE Privileged Exec EXAMPLE Console show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None T...

Страница 1238: ...CHAPTER 33 Port Mirroring Commands RSPAN Mirroring Commands 1238...

Страница 1239: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Страница 1240: ...specified interface rate Maximum value in Kbps Range 64 1 000 000 Kbits per second for Gigabit Ethernet ports 64 10 000 000 Kbits per second for 10G Ethernet ports DEFAULT SETTING Disabled COMMAND MO...

Страница 1241: ...ast unicast packet rate rate no switchport broadcast multicast unicast broadcast Specifies storm control for broadcast traffic multicast Specifies storm control for multicast traffic unicast Specifies...

Страница 1242: ...ected results It is therefore not advisable to use both of these commands on the same interface EXAMPLE The following shows how to configure broadcast storm control at 600 packets per second Console c...

Страница 1243: ...raffic control alarm clear threshold Sets the lower threshold for ingress traffic beneath which a cleared storm control trap is sent IC Port auto traffic control alarm fire threshold Sets the upper th...

Страница 1244: ...trap when multicast traffic falls beneath the lower threshold after a storm control response has been triggered and the release timer expires IC Port ATC Display Commands show auto traffic control Sh...

Страница 1245: ...shut down a port it can only be manually re enabled using the auto traffic control control release command The traffic control response of rate limiting can be released automatically or manually The...

Страница 1246: ...tion COMMAND USAGE After the apply timer expires a control action may be triggered as specified by the auto traffic control action command and a trap message sent as specified by the snmp server enabl...

Страница 1247: ...nsole config auto traffic control broadcast release timer 800 Console config auto traffic control This command enables automatic traffic control for broadcast or multicast storms Use the no form to di...

Страница 1248: ...threshold configured by the auto traffic control alarm clear threshold command shutdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic c...

Страница 1249: ...omatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The lower threshold for ingress traffic beneath which a cleared storm control tra...

Страница 1250: ...rm control for multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second...

Страница 1251: ...triggered and the release timer has expired To release a control response which has shut down a port after the specified action has been triggered and the release timer has expired use the auto traffi...

Страница 1252: ...bled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast alarm clear Console config if RELATED COM...

Страница 1253: ...MAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast control apply Console config if RELATED COMMANDS...

Страница 1254: ...ed Use the no form to disable this trap SYNTAX no snmp server enable port traps atc multicast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config...

Страница 1255: ...ps atc multicast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Страница 1256: ...ontrol This command shows global configuration settings for automatic storm control COMMAND MODE Privileged Exec EXAMPLE Console show auto traffic control Storm control Broadcast Apply timer sec 300 r...

Страница 1257: ...ation Storm Control Broadcast Multicast State Disabled Disabled Action rate control rate control Auto Release Control Disabled Disabled Alarm Fire Threshold Kpps 128 128 Alarm Clear Threshold Kpps 128...

Страница 1258: ...CHAPTER 34 Congestion Control Commands Automatic Traffic Control Commands 1258...

Страница 1259: ...nterface or when an interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Страница 1260: ...e protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no spanning tree loopback detec...

Страница 1261: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Страница 1262: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Страница 1263: ...detection feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection...

Страница 1264: ...n Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of...

Страница 1265: ...erval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT SETTING 15 seconds COMMAN...

Страница 1266: ...detection process is always based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by...

Страница 1267: ...E UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to be taken Wh...

Страница 1268: ...1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 Disabled Normal Disabled 7 s Unknown 5 s Console show udld interface ethernet 1 1 Interface UDLD...

Страница 1269: ...e link is down or not connected to a UDLD capable device The state is Bidirectional if the link has a normal two way connection to a UDLD capable device All other states indicate mis wiring Msg Invl T...

Страница 1270: ...CHAPTER 36 UniDirectional Link Detection Commands 1270...

Страница 1271: ...0 seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 150 Address Table Commands Command Function Mode mac addres...

Страница 1272: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Страница 1273: ...mac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interf...

Страница 1274: ...bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPLE Console show...

Страница 1275: ...DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show mac address table count interface ethernet 1 1 MAC Entries for Eth 1 1 Total Address Count 3 Static Address Count 0 Dynamic Addr...

Страница 1276: ...CHAPTER 37 Address Table Commands 1276...

Страница 1277: ...l spanning tree is disabled GC spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC max hops Configures the maximum number of hops allowed in the region before a BPDU is...

Страница 1278: ...n instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPDUs to other ports when global spanning tree is...

Страница 1279: ...ts the maximum time in seconds a port will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology chan...

Страница 1280: ...econds Time in seconds Range 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 DEFAULT SETTING 20 seconds COMMAND MODE Gl...

Страница 1281: ...ay be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports conne...

Страница 1282: ...ng tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that r...

Страница 1283: ...lecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority the device...

Страница 1284: ...e receiving port s native VLAN i e as determined by port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu...

Страница 1285: ...Range 1 40 DEFAULT SETTING 20 COMMAND MODE MST Configuration COMMAND USAGE An MSTI region is treated as a single node by the STP and RSTP protocols Therefore the message age for BPDUs inside an MSTI r...

Страница 1286: ...ridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the device with the lowest MA...

Страница 1287: ...r remember that you must configure all bridges within the same MSTI Region page 1287 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP...

Страница 1288: ...MMAND USAGE The MST region name page 1287 and revision number are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST regio...

Страница 1289: ...config if RELATED COMMANDS spanning tree edge port 1291 spanning tree bpdu guard This command shuts down an edge port i e an interface set for fast forwarding if it receives a BPDU Use the no form wit...

Страница 1290: ...estore the default auto configuration mode SYNTAX spanning tree cost cost no spanning tree cost cost The path cost for the port Range 0 for auto configuration 1 65535 for short path cost method24 1 20...

Страница 1291: ...mmand specifies an interface as an edge port Use the no form to restore the default SYNTAX spanning tree edge port auto no spanning tree edge port auto Automatically determines if an interface is an e...

Страница 1292: ...ng tree link type auto point to point shared no spanning tree link type auto Automatically derived from the duplex mode setting point to point Point to point link shared Shared medium DEFAULT SETTING...

Страница 1293: ...disabled on the switch EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree loopback detection spanning tree loopback detection action This command configures the response for...

Страница 1294: ...ree loopback detection release mode auto Allows a port to automatically be released from the discarding state when the loopback state ends manual The port can only be released from the discarding stat...

Страница 1295: ...EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree loopback detection trap spanning tree mst cost This command configures the path cost on a spanning instance in the Multipl...

Страница 1296: ...media and higher values assigned to interfaces with slower media Use the no spanning tree mst cost command to specify auto configuration mode Path cost takes precedence over interface priority EXAMPL...

Страница 1297: ...mst cost 1295 spanning tree port bpdu flooding This command floods BPDUs to other ports when spanning tree is disabled globally or disabled on a specific port Use the no form to restore the default se...

Страница 1298: ...port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric id...

Страница 1299: ...t could also be used to form a border around part of the network where the root bridge is allowed When spanning tree is initialized globally on the switch or on an interface the switch will wait for 2...

Страница 1300: ...ich is purposely configured in a ring topology EXAMPLE Console config interface ethernet 1 1 Console config if spanning tree tc prop stop Console config if spanning tree loopback detection release Thi...

Страница 1301: ...rt Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged Exec COMMAND USAGE If at any time the switch detects STP BPDUs including Configuration or Topology Change Notificati...

Страница 1302: ...he tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst command to display t...

Страница 1303: ...Discarding External Admin Path Cost 0 Internal Admin Path Cost 0 External Oper Path Cost 100000 Internal Oper Path Cost 100000 Priority 128 Designated Cost 100000 Designated Port 128 1 Designated Root...

Страница 1304: ...nfiguration This command shows the configuration of the multiple spanning tree COMMAND MODE Privileged Exec EXAMPLE Console show spanning tree mst configuration Mstp Configuration Information Configur...

Страница 1305: ...ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS non revertive Enables non revertive mode which require...

Страница 1306: ...t link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVLAN Use the control vlan...

Страница 1307: ...for a specific ring erps This command enables ERPS on the switch Use the no form to disable this feature SYNTAX no erps DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS m...

Страница 1308: ...for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configur...

Страница 1309: ...exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This command activates the current ERPS ring Use the no form to disable the current ring SYNTAX no en...

Страница 1310: ...aximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard timer is that during its duration a node will be unaware of new or existing ring requests trans...

Страница 1311: ...ts Use the no form to remove the current setting SYNTAX major domain name no major domain name Name of the ERPS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMAND...

Страница 1312: ...continuity check messages are used to monitor the link status of an ERPS ring node as specified by the mep monitor command then the MEG level set by the meg level command must match the authorized mai...

Страница 1313: ...own this information is passed to ERPS which in turn processes it as a ring node failure For more information on how ERPS recovers from a node failure refer to Ethernet Ring Protection Switching on pa...

Страница 1314: ...packets when an owner node enters protection state without any link down event having been detected through SF messages Use the no form to disable this feature SYNTAX no non erps dev protect DEFAULT S...

Страница 1315: ...node will still transmit an R APS NR RB ring blocked message ERPS compliant nodes receiving this message flush their forwarding database and unblock previously blocked ports The ring is now returned t...

Страница 1316: ...ther higher priority request is received Recovery with Revertive Mode When all ring links and ring nodes have recovered and no external requests are active reversion is handled in the following way a...

Страница 1317: ...ge on both ring ports informing other nodes that no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another highe...

Страница 1318: ...ocked until the RPL is blocked as a result of ring protection reversion or until there is another higher priority request e g an SF condition in the ring The Ethernet Ring Node where the Manual Switch...

Страница 1319: ...ndication all ring nodes flush their FDB This action unblocks the ring port which was blocked as result of an operator command EXAMPLE Console config erps non revertive Console config erps propagate t...

Страница 1320: ...ing nodes running ERPSv1 and ERPSv2 co exist on the same ring the Ring ID of each ring node must be configured as 1 If this command is disabled the following strings are used as the node identifier ER...

Страница 1321: ...the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can be achieved by for...

Страница 1322: ...essary to take precautions against forming a loop which is potentially composed of a whole interconnected network Figure 551 Sub ring without Virtual Channel EXAMPLE Console config erps raps without v...

Страница 1323: ...any member ports spanning tree will be disabled for the first member port assigned to the static trunk EXAMPLE Console config erps ring port east interface ethernet 1 12 Console config erps rpl neighb...

Страница 1324: ...ink RPL owner Use the no form to restore the default setting SYNTAX rpl owner no rpl DEFAULT SETTING None that is neither owner nor neighbor COMMAND MODE ERPS Configuration COMMAND USAGE Only one RPL...

Страница 1325: ...mount of flush FDB operations in the ring Support of multiple ERP instances on a single ring Version 2 is backward compatible with Version 1 If version 2 is specified the inputs and commands are forwa...

Страница 1326: ...ion COMMAND USAGE If the switch goes into ring protection state due to a signal failure after the failure condition is cleared the RPL owner will start the wait to restore timer and wait until it expi...

Страница 1327: ...ual switch state 1 Issue an erps clear command to remove the forced switch command on the node where a local forced switch command is active 2 Issue an erps clear command on the RPL owner node to trig...

Страница 1328: ...R APS messages e The ring node receiving an R APS FS message flushes its FDB Protection switching on a forced switch request is completed when the above actions are performed by each ring node At thi...

Страница 1329: ...ng a FS command at the ring node under maintenance in order to avoid falling into the above mentioned unrecoverable situation EXAMPLE Console erps forced switch domain r d west Console erps manual swi...

Страница 1330: ...ch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without any local higher priority requests unblocks any blocked ring port which does not have an S...

Страница 1331: ...tatus information for all configured rings or for a specified ring SYNTAX show erps domain ring name statistics domain Keyword to display ERPS ring configuration settings ring name Name of a specific...

Страница 1332: ...link failure has occurred This state will switch to idle state if all the failed links recover Type Shows ERPS node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertiv...

Страница 1333: ...this ring node R APS with VC The R APS Virtual Channel is the R APS channel connection used to tunnel R APS messages between two interconnection nodes of a sub ring in another Ethernet ring or network...

Страница 1334: ...to block timer expires WTR Expire The time before the wait to restore timer expires Table 158 show erps statistics detailed display description Field Description Interface The direction and port or t...

Страница 1335: ...Commands 1335 EVENT Any request state message excluding FS SF MS and NR HEALTH The number of non standard health check messages Table 158 show erps statistics detailed display description Continued Fi...

Страница 1336: ...CHAPTER 39 ERPS Commands 1336...

Страница 1337: ...iltering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Configures 802 1Q Tunneling QinQ Tunneling Configuring L...

Страница 1338: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 1339: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 1340: ...re included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified interface via GV...

Страница 1341: ...AMPLE Console show bridge ext Maximum Supported VLAN Numbers 4094 Maximum Supported VLAN ID 4094 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurabl...

Страница 1342: ...garp timer 1339 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range...

Страница 1343: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 1344: ...eyword to be followed by the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets rspan Keyword to create a VLAN used for mirroring traffic from remote s...

Страница 1345: ...ING None COMMAND MODE Global Configuration Table 162 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchpor...

Страница 1346: ...n assign an IP address to the VLAN Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if RELATED COMMANDS shutdown 1194 interface 1188 vlan 1344 sw...

Страница 1347: ...range of IDs Do not enter leading zeros Range 1 4094 DEFAULT SETTING All ports are assigned to VLAN 1 by default The default frame type is untagged COMMAND MODE Interface Configuration Ethernet Port C...

Страница 1348: ...Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VL...

Страница 1349: ...gged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames private vlan For an explanation of th...

Страница 1350: ...et to any VLAN for which it is an untagged member If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress po...

Страница 1351: ...tags 1 and 2 groups that are unknown to those switches to pass through their VLAN trunking ports To prevent loops from forming in the spanning tree all unknown VLANs will be bound to a single instanc...

Страница 1352: ...ry DEFAULT SETTING Shows all VLANs COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Type Static Name...

Страница 1353: ...ode switchport dot1q tunnel mode 4 Set the Tag Protocol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify...

Страница 1354: ...is enabled be aware that a tunnel access or tunnel uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcome a break in the tree It is therefore advisable t...

Страница 1355: ...ntrol command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a packet from a customer the customer tag regardless of whether there are one...

Страница 1356: ...arent manner as described under IEEE 802 1Q Tunneling on page 243 When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiate...

Страница 1357: ...chport allowed vlan add 100 200 300 tagged Console config if switchport dot1q tunnel mode uplink 4 Configures port 1 as an untagged member of VLANs 100 200 and 300 using access mode Console config int...

Страница 1358: ...1q tunnel tpid tpid Sets the ethertype value for 802 1Q encapsulation This identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Страница 1359: ...nnel interface interface service svid service svid interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 8 svid VLAN ID for the outer VLAN ta...

Страница 1360: ...address in all upstream L2PT protocol packets i e STP BPDUs to this value and forwards them on to uplink ports The MAC address must be specified in the format xx xx xx xx xx xx or xxxxxxxxxxxx DEFAUL...

Страница 1361: ...2PT processes packets is based on the following criteria 1 packet is received on a QinQ uplink port 2 packet is received on a QinQ access port or 3 received packet is Cisco compatible L2PT i e as indi...

Страница 1362: ...received on an access port and recognized as a CDP VTP STP PVST protocol packet and L2PT is enabled on this port it is forwarded to the following ports in the same S VLAN a other access ports for whic...

Страница 1363: ...ee Plus spanning tree Spanning Tree STP RSTP MSTP vtp Cisco VLAN Trunking Protocol DEFAULT SETTING Disabled for all protocols COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE R...

Страница 1364: ...ed to that device can be configured to swap the customer s VLAN ID with the service provider s VLAN ID for upstream traffic or the service provider s VLAN ID with the customer s VLAN ID for downstream...

Страница 1365: ...ries is 8 per port and up to 96 for the system However note that configuring a large number of entries may degrade the performance of other processes that also use the TCAM such as IP Source Guard fil...

Страница 1366: ...imary and community groups A primary VLAN contains promiscuous ports that can communicate with all other ports in the associated private VLAN groups while a community or secondary VLAN contains commun...

Страница 1367: ...show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary or community private VLAN Use the no form to remove the specified private VLAN S...

Страница 1368: ...s ports Port membership for private VLANs is static Once a port has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked...

Страница 1369: ...ate vlan host promiscuous no switchport mode private vlan host This port type can subsequently be assigned to a community VLAN promiscuous This port type can communicate with all other promiscuous por...

Страница 1370: ...ut must communicate with resources outside of the group via promiscuous ports in the associated primary VLAN EXAMPLE Console config interface ethernet 1 3 Console config if switchport private vlan hos...

Страница 1371: ...rivate vlan Primary Secondary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 Console CONFIGURING PROTOCOL BASED VLANS The network devices required to support multiple protocols cannot be...

Страница 1372: ...tocol group SYNTAX protocol vlan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group group id group id Group identifier of this protocol group Ra...

Страница 1373: ...otocol group Range 1 2147483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 DEFAULT SETTING No protocol groups are mapped for any interface COMMAND MODE Interface Configu...

Страница 1374: ...l group group id group id Group identifier for a protocol group Range 1 2147483647 DEFAULT SETTING All protocol groups are displayed COMMAND MODE Privileged Exec EXAMPLE This shows protocol group 1 co...

Страница 1375: ...ssification all untagged frames received by a port are classified as belonging to the VLAN whose VID PVID is associated with that port When IP subnet based VLAN classification is enabled the source ad...

Страница 1376: ...ty 0 COMMAND MODE Global Configuration COMMAND USAGE Each IP subnet can be mapped to only one VLAN ID An IP subnet consists of an IP address and a subnet mask The specified VLAN need not be an existin...

Страница 1377: ...192 168 12 252 255 255 255 254 8 0 192 168 12 254 255 255 255 255 9 0 192 168 12 255 255 255 255 255 10 0 Console CONFIGURING MAC BASED VLANS When using IEEE 802 1Q port based VLAN classification all...

Страница 1378: ...traffic Range 0 7 where 7 is the highest priority DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The MAC to VLAN mapping applies to all ports on the switch Source MAC addresses c...

Страница 1379: ...n be manually configured voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to disable the Voice VLAN SYNTAX voice vlan voice vlan id no voice vlan vo...

Страница 1380: ...rt as a tagged member of the Voice VLAN Only one Voice VLAN is supported and it must already be created on the switch before it can be specified as the Voice VLAN The Voice VLAN ID cannot be modified...

Страница 1381: ...voice vlan mac address mac address mask mask address description description no voice vlan mac address mac address mask mask address mac address Defines a MAC address OUI that identifies VoIP devices...

Страница 1382: ...ort but the port must be manually added to the Voice VLAN auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port DEFAULT SETTING Disabled COMMAND MO...

Страница 1383: ...active for the port EXAMPLE The following example sets the CoS priority to 5 on port 1 Console config interface ethernet 1 1 Console config if switchport voice vlan priority 5 Console config if switc...

Страница 1384: ...oIP traffic on a port Use the no form to disable filtering on a port SYNTAX no switchport voice vlan security DEFAULT SETTING Disabled COMMAND MODE Interface Configuration COMMAND USAGE Security filte...

Страница 1385: ...aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Auto Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 1...

Страница 1386: ...CHAPTER 40 VLAN Commands Configuring Voice VLANs 1386...

Страница 1387: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 1388: ...ct queue DEFAULT SETTING WRR COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of...

Страница 1389: ...config RELATED COMMANDS queue weight 1389 show queue mode 1391 queue weight This command assigns weights to the eight class of service CoS priority queues when using weighted queuing or one of the qu...

Страница 1390: ...g is IP Port IP Precedence or IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagge...

Страница 1391: ...shows the current queue mode SYNTAX show queue mode interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE Console show queue...

Страница 1392: ...terface IC qos map dscp mutation Maps DSCP values in incoming packets to per hop behavior and drop precedence values for internal priority processing IC qos map ip port dscp Maps the destination TCP U...

Страница 1393: ...to 0 to indicate that the MAC address information carried in the frame is in canonical format Range 0 1 DEFAULT SETTING COMMAND MODE Interface Configuration Port show qos map phb queue Shows internal...

Страница 1394: ...HB which determines the queue to which a packet is sent and two bits for drop precedence namely color which is used to control traffic congestion The specified mapping applies to all interfaces EXAMPL...

Страница 1395: ...ommand maps internal per hop behavior and drop precedence value pairs to CoS CFI values used in tagged egress packets on a Layer 2 interface Use the no form to restore the default settings SYNTAX qos...

Страница 1396: ...map dscp cos 1 0 from 1 2 Console config if qos map dscp mutation This command maps DSCP values in incoming packets to per hop behavior and drop precedence values for priority processing Use the no f...

Страница 1397: ...vior of 3 and a drop precedence of 1 Referring to Table 178 note that the DSCP value for these packets is now set to 25 3x23 1 and passed on to the egress interface Console config interface ethernet 1...

Страница 1398: ...Datagram Protocol port number 16 bit TCP UDP destination port number Range 0 65535 DEFAULT SETTING None COMMAND MODE Interface Configuration Port COMMAND USAGE This mapping table is only used if the...

Страница 1399: ...prec dscp 7 0 6 0 5 0 4 0 3 0 2 1 1 1 0 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per hop behavior value Use the no form to...

Страница 1400: ...ence DEFAULT SETTING CoS COMMAND MODE Interface Configuration Port COMMAND USAGE If the QoS mapping mode is set to IP Precedence with this command and the ingress packet type is IPv4 then priority pro...

Страница 1401: ...Console config if qos map trust mode dscp Console config if show qos map cos dscp This command shows ingress CoS CFI to internal DSCP map SYNTAX show qos map cos dscp interface interface interface eth...

Страница 1402: ...This map is only used if the packet is forwarded with a 8021 Q tag EXAMPLE Console show qos map dscp cos interface ethernet 1 5 Information of Eth 1 5 dscp cos map phb drop precedence 0 green 1 red 3...

Страница 1403: ...8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3 3 4 0 4 1 4 0 4 3 4 0 4 1 4 0 4 3 4 5 0 5 1 5 0 5 3 5 0 5 1 6...

Страница 1404: ...ress packet type is IPv4 then the IP Precedence to DSCP mapping table is used to generate per hop behavior and drop precedence values for internal processing EXAMPLE Console show qos map ip prec dscp...

Страница 1405: ...6 7 Console show qos map trust mode This command shows the QoS mapping mode SYNTAX show qos map trust mode interface interface interface ethernet unit port unit Unit identifier Range 1 port Port numbe...

Страница 1406: ...CHAPTER 41 Class of Service Commands Priority Commands Layer 3 and 4 1406...

Страница 1407: ...of a policy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three c...

Страница 1408: ...ntain up to 16 class maps 5 Use the set phb or set cos command to modify the per hop behavior the class of service value in the VLAN tag for the matching traffic class and use one of the police comman...

Страница 1409: ...ass maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packe...

Страница 1410: ...USAGE First enter the class map command to designate a class map and enter the Class Map configuration mode Then use match commands to specify the fields within ingress packets that must match to qual...

Страница 1411: ...onfig cmap rename This command redefines the name of a class map or policy map SYNTAX rename map name map name Name of the class map or policy map Range 1 32 characters COMMAND MODE Class Map Configur...

Страница 1412: ...rd policy Console config pmap class rd class Console config pmap c set cos 0 Console config pmap c police flow 10000 4000 conform action transmit violate action drop Console config pmap c class This...

Страница 1413: ...nsmit violate action drop Console config pmap c police flow This command defines an enforcer for classified traffic based on the metered flow rate Use the no form to remove a policer SYNTAX no police...

Страница 1414: ...ze The token bucket C is initially full that is the token count Tc 0 BC Thereafter the token count Tc is updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else Tc...

Страница 1415: ...burst size BE in bytes Range 0 524288 bytes conform action Action to take when rate is within the CIR and BC There are enough tokens in bucket BC to service the packet packet is set green exceed actio...

Страница 1416: ...ken count Tc 0 BC and the token count Te 0 BE Thereafter the token counts Tc and Te are updated CIR times per second as follows If Tc is less than BC Tc is incremented by one else if Te is less then B...

Страница 1417: ...he no form to remove a policer SYNTAX no police trtcm color blind trtcm color aware committed rate committed burst peak rate peak burst conform action transmit new dscp exceed action drop new dscp vio...

Страница 1418: ...ol queue congestion A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or doesn t exceed the CIR The trTCM is useful for ingress...

Страница 1419: ...on other aspects of trTCM EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service tha...

Страница 1420: ...Console config pmap c police flow 10000 4000 conform action transmit violate action drop Console config pmap c set phb This command services IP traffic by setting a per hop behavior value for a matchi...

Страница 1421: ...command applies a policy map defined by the policy map command to the ingress or egress side of a particular interface Use the no form to remove this mapping SYNTAX no service policy input policy map...

Страница 1422: ...ess list rd access Match IP DSCP 0 Class Map match any rd class 2 Match IP Precedence 5 Class Map match any rd class 3 Match VLAN 1 Console show policy map This command displays the QoS policy maps wh...

Страница 1423: ...ole show policy map interface This command displays the service policy assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Unit identifier Ran...

Страница 1424: ...CHAPTER 42 Quality of Service Commands 1424...

Страница 1425: ...ed VLANs IGMP Filtering and Throttling Configures IGMP filtering and throttling MLD Snooping Configures multicast snooping for IPv6 MLD Filtering and Throttling Configures MLD filtering and throttling...

Страница 1426: ...ed IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a v...

Страница 1427: ...fect until snooping is re enabled globally EXAMPLE The following example enables IGMP snooping globally Console config ip igmp snooping Console config ip igmp snooping vlan static Adds an interface as...

Страница 1428: ...fic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Console config ip igmp snooping priority 6 Console config RELATED COMMANDS show ip...

Страница 1429: ...ip igmp snooping proxy reporting Console config ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it SYNTAX no ip igmp snooping querier DEFAULT SE...

Страница 1430: ...Router Alert option 2 Also when the switch is acting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert optio...

Страница 1431: ...eived and all the uplink ports are subsequently deleted a timeout mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolici...

Страница 1432: ...When a switch receives this solicitation it floods it to all ports in the VLAN where the spanning tree change occurred When an upstream multicast router receives this solicitation it will also immedia...

Страница 1433: ...command specifies how often the upstream interface should transmit unsolicited IGMP reports when proxy reporting is enabled Use the no form to restore the default value SYNTAX ip igmp snooping unsolic...

Страница 1434: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Страница 1435: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Страница 1436: ...v2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the timeout period The timeout for this release is currentl...

Страница 1437: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 1438: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Страница 1439: ...proxy address source address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Страница 1440: ...address of the last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for pro...

Страница 1441: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval T...

Страница 1442: ...1 8 DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the correspo...

Страница 1443: ...P Snooping Running Status Inactive Version Using global version 2 Version Exclusive Using global status Disabled Immediate Leave Disabled Last Member Query Interval 10 1 10s Last Member Query Count 2...

Страница 1444: ...Multicast Forwarding Entry Count 1 Flag R Router port M Group member port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed t...

Страница 1445: ...ion Interface Shows interface Report The number of IGMP membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general query...

Страница 1446: ...ics vlan query display description Field Description Querier IP Address The IP address of the querier on this interface Querier Expire Time The time after which this querier is assumed to have expired...

Страница 1447: ...e the IGMP querier Therefore if the IGMP querier is a known multicast router or switch connected over the network to an interface port or trunk on this switch that interface can be manually configured...

Страница 1448: ...ort can join Table 188 IGMP Filtering and Throttling Commands Command Function Mode ip igmp filter Enables IGMP filtering and throttling on the switch GC ip igmp profile Sets a profile number and ente...

Страница 1449: ...checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGM...

Страница 1450: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Страница 1451: ...TTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE Console config ip i...

Страница 1452: ...ined by command ip igmp snooping vlan query interval When receiving the same report during this interval the switch will not send the access request to the RADIUS server If the interface leaves the gr...

Страница 1453: ...profile from an interface SYNTAX no ip igmp filter profile number profile number An IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Interface Configuration COMMAND USAG...

Страница 1454: ...wo actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it w...

Страница 1455: ...if ip igmp query drop This command drops any received IGMP query packets Use the no form to restore the default setting SYNTAX no ip igmp query drop DEFAULT SETTING Disabled COMMAND MODE Interface Co...

Страница 1456: ...hentication This command displays the interface settings for IGMP authentication SYNTAX show ip igmp authentication interface interface interface ethernet unit port unit Unit identifier Range 1 port P...

Страница 1457: ...EXAMPLE Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239 2...

Страница 1458: ...number Range 1 28 port channel channel id Range 1 8 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE C...

Страница 1459: ...lticast Groups 0 Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets SYNTAX show ip igmp throttle interface interface interfa...

Страница 1460: ...tch to act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configure...

Страница 1461: ...e no form to disable this feature SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected Th...

Страница 1462: ...by this command When this message is received by downstream hosts all receivers build an MLD report for the multicast groups they have joined EXAMPLE Console config ipv6 mld snooping query interval 15...

Страница 1463: ...GE A port will be removed from the receiver list for a multicast service when no MLD reports are detected in response to a number of MLD queries The robustness variable sets the number of queries on p...

Страница 1464: ...AX ipv6 mld snooping unknown multicast mode flood to router port no ipv6 mld snooping unknown multicast mode flood Floods the unknown multicast data packets to all ports to router port Forwards the un...

Страница 1465: ...no form to remove the configuration SYNTAX no ipv6 mld snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit Stack unit Range 1 port Port number Range...

Страница 1466: ...st group Format X X X X X interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 8 DEFAULT SETTING None COMMAND MODE Global Configuration EXAM...

Страница 1467: ...s connected to only one MLD enabled device either a service host or a neighbor running MLD snooping EXAMPLE The following shows how to enable MLD immediate leave Console config interface vlan 1 Consol...

Страница 1468: ...roup source list This command shows known multicast groups member ports the means by which each group was learned and the corresponding source list SYNTAX show ipv6 mld snooping group source list COMM...

Страница 1469: ...ulfills this requirement by restricting access to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port can join Table 191 MLD Filt...

Страница 1470: ...profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD filtering and throttling only...

Страница 1471: ...but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ipv6 mld profile 19 Console config mld profile RELATED COMMANDS...

Страница 1472: ...id IPv6 address X X X X X for the end of a multicast group range DEFAULT SETTING None COMMAND MODE MLD Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one mu...

Страница 1473: ...icast groups an interface can join at the same time Range 1 1024 DEFAULT SETTING 1024 COMMAND MODE Interface Configuration Ethernet COMMAND USAGE MLD throttling sets a maximum number of multicast grou...

Страница 1474: ...Configuration Ethernet COMMAND USAGE When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join...

Страница 1475: ...to enable multicast data guard mode on a port interface Use the no form of the command to disable multicast data guard SYNTAX no ipv6 multicast data drop DEFAULT SETTING Disabled COMMAND MODE Interfac...

Страница 1476: ...number profile number An existing MLD filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 mld profile MLD Profile 19 MLD Profile 50 Co...

Страница 1477: ...and displays the interface settings for MLD throttling SYNTAX show ipv6 mld throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port chan...

Страница 1478: ...s the interval at which the receiver port sends out general queries GC mvr proxy switching Enables MVR proxy switching where the source port acts as a host and the receiver port acts as an MVR router...

Страница 1479: ...associated profile This command binds the MVR group addresses specified in a profile to an MVR domain Use the no form of this command to remove the binding SYNTAX no mvr domain domain id associated pr...

Страница 1480: ...c domain Use the no form of this command to disable MVR for a domain SYNTAX no mvr domain domain id domain id An independent multicast domain Range 1 5 DEFAULT SETTING Disabled COMMAND MODE Global Con...

Страница 1481: ...ed an MVR group is sent from all source ports to all receiver ports that have registered to receive data from that multicast group The IP address range from 224 0 0 0 to 239 255 255 255 is used for mu...

Страница 1482: ...ig mvr priority This command assigns a priority to all multicast traffic in the MVR VLAN Use the no form of this command to restore the default setting SYNTAX mvr priority priority no mvr priority pri...

Страница 1483: ...l MVR subscriptions on the downstream interface Receiver ports must therefore be configured on all downstream interfaces which require MVR proxy service When the source port receives report and leave...

Страница 1484: ...f times report messages are sent upstream when changes are learned about downstream groups and the number of times group specific queries are sent to downstream receiver ports This command only takes...

Страница 1485: ...t the requested streams are still restricted to the address range which has been specified in a profile and bound to a domain EXAMPLE Console config mvr source port mode dynamic Console config mvr ups...

Страница 1486: ...is the VLAN to which all source ports must be assigned The VLAN specified by this command must be an existing VLAN configured with the vlan command MVR source ports can be configured as members of the...

Страница 1487: ...ly to multicast groups which have been statically assigned to a port with the mvr vlan group command EXAMPLE The following enables immediate leave on a receiver port Console config interface ethernet...

Страница 1488: ...erface ethernet 1 5 Console config if mvr domain 1 type source Console config if exit Console config interface ethernet 1 6 Console config if mvr domain 1 type receiver Console config if exit Console...

Страница 1489: ...ically assigns a multicast group to a receiver port Console config interface ethernet 1 7 Console config if mvr domain 1 type receiver Console config if mvr domain 1 vlan 3 group 225 0 0 5 Console con...

Страница 1490: ...fic forwarded into the MVR VLAN MVR Proxy Switching Shows if MVR proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enabled MVR...

Страница 1491: ...6 8 VLAN2 Eth 1 3 Source Inactive Discarding Eth 1 1 Receiver Active Forwarding Disabled 225 0 0 1 VLAN1 225 0 0 9 VLAN3 Eth 1 4 Receiver Active Discarding Disabled Console Table 194 show mvr interfa...

Страница 1492: ...address The subscriber IP addresses sort by port The multicast groups associated with an interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel ch...

Страница 1493: ...6 7 1 2 P 1 Eth 1 1 S 2 Eth 1 2 R Console show mvr profile This command shows all configured MVR profiles COMMAND MODE Privileged Exec EXAMPLE The following shows all configured MVR profiles Console...

Страница 1494: ...ys statistics for all domains COMMAND MODE Privileged Exec EXAMPLE The following shows MVR protocol related statistics received Console show mvr domain 1 statistics input MVR Domain 1 Input Statistics...

Страница 1495: ...rt received Join Succ The number of times a multicast group was successfully joined Group The number of MVR groups active on this interface Table 197 show mvr statistics output display description Fie...

Страница 1496: ...ion Continued Field Description Table 199 Multicast VLAN Registration for IPv6 Commands Command Function Mode mvr6 associated profile Binds the MVR group addresses specified in a profile to an MVR dom...

Страница 1497: ...oup address profile to domain 1 Console config mvr6 domain 1 associated profile rd Console config clear mvr6 statistics Clears the MVR statistics globally or on a per interface basis PE show mvr6 Show...

Страница 1498: ...E The following example enables MVR for domain 1 Console config mvr6 domain 1 Console config mvr6 profile This command maps a range of MVR group addresses to a profile Use the no form of this command...

Страница 1499: ...ess range of any other profile EXAMPLE The following example maps a range of MVR group addresses to a profile Console config mvr6 profile rd ff00 1 ff00 9 Console config mvr6 proxy query interval This...

Страница 1500: ...ntaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be configured on all downstream interfaces which require MVR proxy service When the source port r...

Страница 1501: ...s report messages are sent upstream when changes are learned about downstream groups and the number of times group specific queries are sent to downstream receiver ports This command only takes effect...

Страница 1502: ...ream source ip This command configures the source IPv6 address assigned to all MVR control packets sent upstream on the specified domain Use the no form to restore the default setting SYNTAX mvr6 doma...

Страница 1503: ...OMMAND USAGE MVR source ports can be configured as members of the MVR VLAN using the switchport allowed vlan command and switchport native vlan command but MVR receiver ports should not be statically...

Страница 1504: ...e following enables immediate leave on a receiver port Console config interface ethernet 1 5 Console config if mvr6 domain 1 immediate leave Console config if mvr6 type This command configures an inte...

Страница 1505: ...iver ports on the switch Console config interface ethernet 1 5 Console config if mvr6 domain 1 type source Console config if exit Console config interface ethernet 1 6 Console config if mvr6 domain 1...

Страница 1506: ...X is reserved The MVR VLAN cannot be specified as the receiver VLAN for static bindings EXAMPLE The following statically assigns a multicast group to a receiver port Console config interface ethernet...

Страница 1507: ...using the interface option will only clear MVR6 statistics for the specified interface EXAMPLE The following shows how to clear all the MVR6 statistics Console clear mvr6 statistics Console show mvr6...

Страница 1508: ...he receiver port sends out general queries MVR6 Source Port Mode Shows if the switch only forwards multicast streams which the source port has dynamically joined or always forwards multicast streams M...

Страница 1509: ...ached to the MVR VLAN in domain 1 Console show mvr6 domain 1 interface MVR6 Domain 1 Port Type Status Immediate Static Group Address Eth1 1 Source Active Up Eth1 2 Receiver Active Up Disabled FF00 1 V...

Страница 1510: ...e show mvr6 domain 1 members MVR6 Domain 1 MVR6 Forwarding Entry Count 1 Flag S Source port R Receiver port H Host counts number of hosts join the group on this port P Port counts number of ports join...

Страница 1511: ...n id statistics input interface interface output interface interface query domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Range 1 port Port numbe...

Страница 1512: ...y Eth 1 1 12 0 1 0 Eth 1 2 5 1 4 1 VLAN 1 7 2 3 0 Console Table 203 show mvr6 statistics input display description Field Description Interface Shows interfaces attached to the MVR Report The number of...

Страница 1513: ...query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface Table 205 IGMP Commands Layer 3 Command Function...

Страница 1514: ...ough the ip igmp command When a multicast routing protocol such as PIM is enabled IGMP is also enabled EXAMPLE Console config interface vlan 1 Console config if ip igmp Console config if end Console s...

Страница 1515: ...N COMMAND USAGE When the switch receives an IGMPv2 or IGMPv3 leave message from a host that wants to leave a multicast group source or channel it sends a number of group specific or group source speci...

Страница 1516: ...ip igmp version 1519 ip igmp query interval 1516 ip igmp query interval This command configures the frequency at which host query messages are sent Use the no form to restore the default SYNTAX ip ig...

Страница 1517: ...G 2 COMMAND MODE Interface Configuration VLAN COMMAND USAGE The robustness value is used in calculating the appropriate range for other IGMP variables such as the Group Membership Interval as well as...

Страница 1518: ...nless the next node up the reverse path tree has statically mapped this group to a specific source address Also if an address outside of the SSM address range is specified and a specific source addres...

Страница 1519: ...s 1 3 If the switch receives an IGMP Version 1 Membership Report it sets a timer to note that there are Version 1 hosts which are members of the group for which it heard the report If there are Versio...

Страница 1520: ...splays detailed information about the multicast process and source addresses when available COMMAND MODE Privileged Exec COMMAND USAGE To display information about multicast groups IGMP must first be...

Страница 1521: ...Uptime The time elapsed since this entry was created Expire The time remaining before this entry will be aged out The default is 260 seconds This field displays stopped if the Group Mode is INCLUDE V...

Страница 1522: ...ses listed in the source list parameter In EXCLUDE mode reception of packets sent to the given multicast address is requested from all IP source addresses except for those listed in the source list pa...

Страница 1523: ...ip igmp proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ip igmp proxy This command enables IGMP proxy service for multic...

Страница 1524: ...rk then the proxy device will act as an IGMPv1 or IGMPv2 host on the upstream interface accordingly Otherwise it will act as an IGMPv3 host Multicast routing protocols are not supported on interfaces...

Страница 1525: ...Disabled Table 209 MLD Commands Layer 3 Command Function Mode ipv6 mld Enables MLD for the specified interface IC ipv6 mld last member query response interval Configures the frequency at which to sen...

Страница 1526: ...al This command configures the frequency at which to send MLD group specific or MLDv2 group source specific query messages in response to receiving a group specific or group source specific leave mess...

Страница 1527: ...ds no ipv6 mld max resp interval seconds The report delay advertised in MLD queries Range 0 255 tenths of a second DEFAULT SETTING 100 10 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAG...

Страница 1528: ...lticast service Only the designated multicast router for a subnet sends host query messages which are addressed to the link scope all nodes multicast address FF02 1 and uses a time to live TTL value o...

Страница 1529: ...ends EXAMPLE Console config if ipv6 mld robustval 3 Console config if ipv6 mld static group This command statically binds multicast groups to a VLAN interface Use the no form to remove the static mapp...

Страница 1530: ...on an interface Use the no form of this command to restore the default setting SYNTAX ipv6 mld version 1 2 no ipv6 mld version 1 MLD Version 1 2 MLD Version 2 DEFAULT SETTING MLD Version 2 COMMAND MO...

Страница 1531: ...or the specified group Enter the interface option to delete all multicast groups for the specified interface Enter no options to clear all multicast groups from the cache EXAMPLE The following example...

Страница 1532: ...has received traffic directed to the multicast group address Uptime The time elapsed since this entry was created Expire The time remaining before this entry will be aged out The default is 260 second...

Страница 1533: ...VLAN 1 Up MLD Enabled MLD Version 2 MLD Proxy Disabled MLD Unsolicited Report Interval 400 sec Robustness Variable 2 Query Interval 125 sec Query Max Response Time 10 Last Member Query Interval 1 Quer...

Страница 1534: ...LT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE When MLD proxy is enabled on an interface that interface is known as the upstream or host interface This interface performs...

Страница 1535: ...roxy unsolicited report interval This command specifies how often the upstream interface should transmit unsolicited MLD reports Use the no form to restore the default value SYNTAX ipv6 mld proxy unso...

Страница 1536: ...CHAPTER 43 Multicast Filtering Commands MLD Proxy Routing 1536...

Страница 1537: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Страница 1538: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Страница 1539: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Страница 1540: ...the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service EXAMPLE Console config lldp med fast start count 6 Con...

Страница 1541: ...e periodic transmit interval for LLDP advertisements Use the no form to restore the default setting SYNTAX lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval a...

Страница 1542: ...se the no form to restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Conf...

Страница 1543: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Страница 1544: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Страница 1545: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Страница 1546: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Страница 1547: ...age 1371 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its d...

Страница 1548: ...e 1373 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise lin...

Страница 1549: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command config...

Страница 1550: ...escription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywo...

Страница 1551: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Страница 1552: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Страница 1553: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Страница 1554: ...policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificatio...

Страница 1555: ...config detail interface detail Shows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileg...

Страница 1556: ...ication Status Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Civic Address Status Enabled Country Nam...

Страница 1557: ...rt on unit 0 port 3 Eth 1 4 MAC Address 00 12 CF DA FC EC Ethernet Port on unit 0 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MA...

Страница 1558: ...ss 192 168 1 2 IPv4 Remote Port VID 1 Remote VLAN Name VLAN 1 DefaultVlan Remote Port Protocol VLAN VLAN 3 supported enabled Remote Protocol Identity Hex 88 CC Remote MAC PHY Configuration Status Remo...

Страница 1559: ...ses LLDP MED TLVs LLDP MED Capability Device Class Network Connectivity Supported Capabilities LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Inventory Current...

Страница 1560: ...LE Console show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Co...

Страница 1561: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Страница 1562: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Страница 1563: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Страница 1564: ...events discovered by continuity check messages page 1583 or cross check messages page 1587 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm...

Страница 1565: ...aintenance association name Range 1 44 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Each MA name must be unique within the CFM domain Frames with AI...

Страница 1566: ...numeric characters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm a...

Страница 1567: ...P resumes loss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Con...

Страница 1568: ...n between the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that mak...

Страница 1569: ...main index 1 name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1570 ethernet cfm enable This command enables CFM processing globally on the switch Use the...

Страница 1570: ...a maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance doma...

Страница 1571: ...2147483647 character string IEEE 802 1ag defined character string format This is an IETF RFC 2579 DisplayString icc based ITU T SG13 SG15 Y 1731 defined ICC based format DEFAULT SETTING character str...

Страница 1572: ...ance domain at the same level as the MEP to be configured using the ethernet cfm domain command 2 maintenance association within the domain using the ma index name command and 3 finally the MEP using...

Страница 1573: ...le config interface ethernet 1 1 Console config if ethernet cfm port enable Console config if clear ethernet cfm ais mpid This command clears AIS defect information for the specified MEP SYNTAX clear...

Страница 1574: ...ifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the global settings for CFM Console show ethern...

Страница 1575: ...received from a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a...

Страница 1576: ...rimary VID CC Interval MIP Creation steve 1 voip 1 4 Default Console show ethernet cfm maintenance points local This command displays the maintenance points configured on this device SYNTAX show ether...

Страница 1577: ...rd Console show ethernet cfm maintenance points local mep MPID MD Name Level Direct VLAN Port CC Status MAC Address 1 rd 0 UP 1 Eth 1 1 Enabled 00 12 CF 3A A8 C0 Console show ethernet cfm maintenance...

Страница 1578: ...format of the Maintenance Association name including primary VID character string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction...

Страница 1579: ...AULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mpid keyword with this command to display information about a specific maintenance point or use the mac keyword to display informat...

Страница 1580: ...he last CCM message about this MEP has been in the CCM database Frame Loss Percentage of transmitted frames lost CC Packet Statistics received error The number of CCM packets received successfully and...

Страница 1581: ...te 7 10 minutes DEFAULT SETTING 4 1 second COMMAND MODE Global Configuration COMMAND USAGE CCMs provide a means to discover other MEPs and to detect connectivity failures in an MA If any MEP fails to...

Страница 1582: ...connectivity to all other MEPs MIPs in the MA Each CCM received is checked to verify that the MEP identifier field sent in the message does not match its own MEPID which would indicate a duplicate MEP...

Страница 1583: ...trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which has recovered from an error condition mep up Sends a trap if a remote MEP is discovere...

Страница 1584: ...ts the aging time for missing MEPs in the CCM database to 30 minutes Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep archive hold time 30 Console config ether...

Страница 1585: ...AND MODE Privileged Exec COMMAND USAGE Use this command without any keywords to clear all entries in the error database Use the domain keyword to clear the error database for a specific domain or the...

Страница 1586: ...associated with a specific VID list one or more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a...

Страница 1587: ...CFM continuity check events in relation to the cross check operations between statically configured MEPs and those learned via continuity check messages CCMs Use the no form to restore disable these...

Страница 1588: ...move a remote MEP SYNTAX no mep crosscheck mpid mpid ma ma name mpid Identifier for a maintenance end point which exists on another CFM enabled device within the same MA Range 1 8191 ma name Maintenan...

Страница 1589: ...ain name ma ma name enable Starts the cross check process disable Stops the cross check process domain name Domain name Range 1 43 alphanumeric characters ma name MA name Range 1 44 alphanumeric chara...

Страница 1590: ...k MPID MA Name Level VLAN MEP Up Remote MAC 2 downtown 4 2 Yes 00 0D 54 FC A2 73 Console Link Trace Operations ethernet cfm linktrace cache This command enables caching of CFM data learned through lin...

Страница 1591: ...time minutes minutes The aging time for entries stored in the link trace cache Range 1 65535 minutes DEFAULT SETTING 100 minutes COMMAND MODE Global Configuration COMMAND USAGE Before setting the agin...

Страница 1592: ...Console config ethernet cfm linktrace This command sends CFM link trace messages to the MAC address of a remote MEP SYNTAX ethernet cfm linktrace dest mep destination mpid src mep source mpid dest me...

Страница 1593: ...isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Fault isolation is even more challenging since the MAC address of th...

Страница 1594: ...could be returned for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be fals...

Страница 1595: ...nce association name Range 1 44 alphanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes DE...

Страница 1596: ...NTAX mep fault notify alarm time alarm time no fault notify alarm time alarm time The time that one or more defects must be present before a fault alarm is generated Range 3 10 seconds DEFAULT SETTING...

Страница 1597: ...mand The state machine transmits no further fault alarms until it is reset by the passage of a configured time period see the mep fault notify reset time command without a defect indication The normal...

Страница 1598: ...generated Range 3 10 seconds DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration EXAMPLE This example sets the reset time after which another fault alarm can be generated Console config e...

Страница 1599: ...rm Time Reset Time voip rd none macRemErrXcon 3sec 10sec Console Table 222 show fault notify generator display description Field Description MD Name The maintenance domain for this entry MA Name The m...

Страница 1600: ...xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 44 alphanumeric characters count The number of times to retry...

Страница 1601: ...p at the time of transmitting a frame with DM reply information Frame Delay RxTimeStampb TxTimeStampf TxTimeStampb RxTimeStampf The MEP can also make two way frame delay variation measurements based o...

Страница 1602: ...CHAPTER 45 CFM Commands Delay Measure Operations 1602...

Страница 1603: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Страница 1604: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Страница 1605: ...s Use the no form to disable this function SYNTAX no efm oam link monitor frame DEFAULT SETTING Enabled COMMAND MODE Interface Configuration COMMAND USAGE An errored frame is a frame in which one or m...

Страница 1606: ...he no form to restore the default setting SYNTAX no efm oam link monitor frame window size size The period of time in which to check the reporting threshold for errored frame link events Range 10 6553...

Страница 1607: ...will initiate the OAM discovery process When in passive mode it can only respond to discovery messages EXAMPLE Console config interface ethernet 1 1 Console config if efm oam mode active Console conf...

Страница 1608: ...og Console efm oam remote loopback This command starts or stops OAM loopback test mode to the attached CPE SYNTAX efm oam remote loopback start stop interface start Starts remote loopback test mode st...

Страница 1609: ...back operation is processing please wait Enter loopback mode succeeded Console efm oam remote loopback test This command performs a remote loopback test sending a specified number of packets SYNTAX ef...

Страница 1610: ...0 1016 48 94 Console show efm oam counters interface This command displays counters for various OAM PDU message types SYNTAX show efm oam counters interface interface list interface list unit port uni...

Страница 1611: ...automatically deleted to make room for new entries EXAMPLE Console show efm oam event log interface 1 1 OAM event log of Eth 1 1 00 24 07 2001 01 01 Unit 1 Port 1 Dying Gasp at Remote Console This co...

Страница 1612: ...l 10 28 28 2013 09 13 Unit 1 Port 1 Dying Gasp clear occurred at Remote When the remote device comes up the switch will get OAM packets without the dying gasp bit and display dying gasp event clear Co...

Страница 1613: ...l Mode Active Remote Loopback Disabled Remote Loopback Status No loopback Dying Gasp Enabled Critical Event Enabled Link Monitor Errored Frame Enabled Link Monitor Errored Frame Window 100msec 10 Erro...

Страница 1614: ...ormal Exec Privileged Exec EXAMPLE Console show efm oam status remote interface 1 1 Port MAC Address OUI Remote Unidirectional Link MIB Variable Loopback Monitor Retrieval 1 1 00 12 CF 6A 07 F6 000084...

Страница 1615: ...me Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 127 characters DEFAULT SETTING None Table 224 Address Table Commands Command Function Mode...

Страница 1616: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Страница 1617: ...n name 1617 ip name server 1619 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted not...

Страница 1618: ...YNTAX no ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use...

Страница 1619: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Страница 1620: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 1621: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Страница 1622: ...nsole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yaho...

Страница 1623: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1624: ...CHAPTER 47 Domain Name Service Commands 1624...

Страница 1625: ...r class identifier for the current interface Use the no form to remove the class identifier option from the DHCP packet SYNTAX ip dhcp client class id text text hex hex no ip dhcp client class id text...

Страница 1626: ...le By default DHCP option 66 67 parameters are not carried in a DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter...

Страница 1627: ...client request for any IP interface that has been set to BOOTP or DHCP mode through the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or...

Страница 1628: ...clients can obtain configuration parameters from a server through a normal four message exchange solicit advertise request reply or through a rapid two message exchange solicit reply The rapid commit...

Страница 1629: ...sees a DHCP client request it inserts its own IP address into the request so that the DHCP server will know the subnet where the client is located Then the switch forwards the packet to a DHCP server...

Страница 1630: ...Disabled COMMAND MODE Privileged Exec COMMAND USAGE This command is used to configure DHCP relay functions for host devices attached to the switch If DHCP relay service is enabled and this switch sees...

Страница 1631: ...ice is enabled and this switch sees a DHCPv6 request broadcast it inserts its own IP address into the request so the DHCPv6 server will know the subnet where the client is located Then the switch forw...

Страница 1632: ...nds used to configure client address pools for the DHCP service Table 232 DHCP Server Commands Command Function Mode ip dhcp excluded address Specifies IP addresses that a DHCP server should not assig...

Страница 1633: ...s is assigned to a DHCP client DC netbios name server Configures NetBIOS Windows Internet Naming Service WINS name servers available to Microsoft DHCP clients DC netbios node type Configures NetBIOS n...

Страница 1634: ...e address pools for the network interfaces using the network command You can also manually bind an address to a specific client with the host command if required You can configure up to 8 network addr...

Страница 1635: ...mmand Use the no form to delete the boot image name SYNTAX bootfile filename no bootfile filename Name of the file that is used as a default boot image DEFAULT SETTING None COMMAND MODE DHCP Pool Conf...

Страница 1636: ...hcp client identifier text steve Console config dhcp RELATED COMMANDS host 1638 default router This command specifies default routers for a DHCP pool Use the no form to remove the default routers SYNT...

Страница 1637: ...f DNS IP servers are not configured for a DHCP client the client cannot correlate host names to IP addresses Servers are listed in order of preference starting with address1 as the most preferred serv...

Страница 1638: ...ND MODE DHCP Pool Configuration COMMAND USAGE This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifier To bi...

Страница 1639: ...ompares the hardware address for DHCP or BOOTP clients If no manual binding has been specified for a host entry with the client identifier or hardware address commands then the switch will assign an a...

Страница 1640: ...n EXAMPLE The following example leases an address to clients using this pool for 7 days Console config dhcp lease 7 Console config dhcp netbios name server This command configures NetBIOS Windows Inte...

Страница 1641: ...BIOS node type broadcast hybrid recommended mixed peer to peer DEFAULT SETTING None COMMAND MODE DHCP Pool Configuration EXAMPLE Console config dhcp netbios node type hybrid Console config dhcp RELATE...

Страница 1642: ...ified the class A B or C natural mask is used Subnet addresses are interpreted as class A B or C based on the first field in the specified address In other words if a subnet address nnn xxx xxx xxx is...

Страница 1643: ...he binding to clear Clears all automatic bindings DEFAULT SETTING None COMMAND MODE Privileged Exec USAGE GUIDELINES An address specifies the client s IP address If an asterisk is used as the address...

Страница 1644: ...bindings on the DHCP server SYNTAX show ip dhcp binding address address Specifies the IP address of the DHCP client for which bindings will be displayed DEFAULT SETTING None COMMAND MODE Privileged E...

Страница 1645: ...Network Network address 192 168 0 1 Subnet mask 255 255 255 0 Boot file Client identifier mode Hex Client identifier Default router 0 0 0 0 0 0 0 0 DNS server 0 0 0 0 0 0 0 0 Domain name Hardware type...

Страница 1646: ...CHAPTER 48 DHCP Commands DHCP Server 1646...

Страница 1647: ...to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment if r...

Страница 1648: ...D USAGE If this router is directly connected to end node devices or connected to end nodes via shared media that will be assigned to a specific subnet then you must create a router interface for each...

Страница 1649: ...condary address cannot be configured prior to setting the primary IP address and the primary address cannot be removed if a secondary address is still present Also if any router switch in a network se...

Страница 1650: ...ablished COMMAND MODE Global Configuration COMMAND USAGE The default gateway can also be defined using the following Global configuration command ip route 0 0 0 0 0 0 0 0 gateway address Static routes...

Страница 1651: ...el 2 ia IS IS inter area candidate default S 0 0 0 0 0 1 0 via 10 1 1 254 VLAN1 C 127 0 0 0 8 is directly connected lo0 C 192 168 2 0 24 is directly connected VLAN1 Console RELATED COMMANDS ip address...

Страница 1652: ...MP Statistics ICMP received input errors destination unreachable messages time exceeded messages parameter problem message echo request messages echo reply messages redirect messages timestamp request...

Страница 1653: ...his causes the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round trip time for e...

Страница 1654: ...size specified because the router adds header information DEFAULT SETTING count 5 size 32 bytes COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE Use the ping command to see if another site on t...

Страница 1655: ...ommands used to configure the Address Resolution Protocol ARP on the switch arp This command adds a static entry in the Address Resolution Protocol ARP cache Use the no form to remove an entry from th...

Страница 1656: ...rk operations to time out Static entries will not be aged out nor deleted when power is reset A static entry can only be removed through the configuration interface EXAMPLE Console config arp 10 1 0 1...

Страница 1657: ...sable proxy ARP SYNTAX no ip proxy arp DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE Proxy ARP allows a non routing device to determine the MAC address of a host on...

Страница 1658: ...ther and VLAN interface Note that entry type other indicates local addresses for this router You can define up to 128 static entries in the ARP cache A static entry may need to be used if there is no...

Страница 1659: ...t for which UDP service requests are forwarded Range 1 65535 DEFAULT SETTING The following UDP ports are included in the forwarding list when UDP helper is enabled with the ip helper command and a rem...

Страница 1660: ...are confined to the local subnet either as an all hosts broadcast all ones broadcast 255 255 255 255 or a directed subnet broadcast such as 10 10 10 255 To reduce the number of application servers de...

Страница 1661: ...igured with an IP address The UDP packets to be forwarded must be specified by the ip forward protocol udp command and the packets meet the following criteria The MAC address of the received frame mus...

Страница 1662: ...uration settings for UDP helper COMMAND MODE Privileged Exec COMMAND USAGE This command displays all configuration settings for UDP helper including its functional status the UDP ports for which broad...

Страница 1663: ...E PE show ipv6 traffic Displays statistics about IPv6 traffic NE PE clear ipv6 traffic Resets IPv6 traffic counters PE ping6 Sends IPv6 ICMP echo request packets to another node on the network PE trac...

Страница 1664: ...nterfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the delimiter For example FE80 7272 1 identi...

Страница 1665: ...NTAX no ipv6 address ipv6 address prefix length ipv6 address A full IPv6 address including the network prefix and host address bits prefix length A decimal value indicating how many contiguous bits fr...

Страница 1666: ...ress for an IPv4 virtual interface is formed by appending the interface identifier as defined above to the prefix FE80 64 If a duplicate address is detected a warning message is sent to the console EX...

Страница 1667: ...priate number of zeros required to fill the undefined fields If a link local address has not yet been assigned to this interface this command will dynamically generate a global unicast address and a l...

Страница 1668: ...the interface identifier is not globally unique When the host has more than one IPv4 address in use on the physical interface concerned the primary address for that interface is used The IPv6 link loc...

Страница 1669: ...the address prefix must be in the range of FE80 FEBF The address specified with this command replaces a link local address that was automatically generated for the interface You can configure multipl...

Страница 1670: ...is command enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 and the host portion of the address is generated by converti...

Страница 1671: ...smission unit MTU for IPv6 packets sent on an interface Use the no form to restore the default setting SYNTAX ipv6 mtu size no ipv6 mtu size Specifies the MTU size Range 1280 65535 bytes DEFAULT SETTI...

Страница 1672: ...6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined field...

Страница 1673: ...d by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as described below A node is also required to compute and join the associated solic...

Страница 1674: ...le MTU to this switch COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows the MTU cache for this device Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000...

Страница 1675: ...grams 15 requests discards no routes generated fragments fragment succeeded fragment failed ICMPv6 Statistics ICMPv6 received input errors destination unreachable messages packet too big messages time...

Страница 1676: ...ddresses with unallocated prefixes For entities which are not IPv6 routers and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a lo...

Страница 1677: ...encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipv6IfStatsOutForwDatagra...

Страница 1678: ...al number of ICMP messages which this interface attempted to send Note that this counter includes all those counted by icmpOutErrors destination unreachable messages The number of ICMP Destination Unr...

Страница 1679: ...to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain name server count Number of packets to send Range 1 16 group membership response m...

Страница 1680: ...g is sent When pinging a host name be sure the DNS server has been enabled see page 1616 If necessary local devices can also be specified in the DNS static host table see page 1618 When using ping6 wi...

Страница 1681: ...stination The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VL...

Страница 1682: ...Trace completed Console Neighbor Discovery ipv6 hop limit This command configures the maximum number of hops used in router advertisements that are originated by this router Use the no form to restor...

Страница 1683: ...ormatted as six hexadecimal pairs separated by hyphens DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Address Resolution Protocol ARP has been replaced in IPv6 with the Neighbor...

Страница 1684: ...6 nd dad attempts count no ipv6 nd dad attempts count The number of neighbor solicitation messages sent to determine whether or not a duplicate address exists on this interface Range 0 600 DEFAULT SET...

Страница 1685: ...addresses configured on VLAN 1 The show ipv6 interface command indicates that the duplicate address detection process is still on going Console config interface vlan 1 Console config if ipv6 nd dad at...

Страница 1686: ...ess autoconfiguration based on IPv6 prefixes found in router advertisements The managed address configuration flag is only a suggestion to attached hosts They may still use stateful and or stateless a...

Страница 1687: ...non address information from a DHCPv6 server Console config interface vlan 1 Console config ipv6 nd other config flag Console config ipv6 nd ns interval This command configures the interval between t...

Страница 1688: ...attempts 1 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND ad...

Страница 1689: ...ng SYNTAX ipv6 nd reachable time milliseconds no ipv6 nd reachable time milliseconds The time that a node can be considered reachable after receiving confirmation of reachability Range 0 3600000 DEFAU...

Страница 1690: ...the local link that the specified prefix cannot be used for IPv6 autoconfiguration off link Indicates that the specified prefix is assigned to the link Nodes sending traffic to addresses that contain...

Страница 1691: ...v6 nd ra interval interval The interval between IPv6 router advertisements Range 3 1800 seconds COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 600 seconds COMMAND USAGE The interval between...

Страница 1692: ...not be considered a default router Set the lifetime to a non zero value to indicate that it should be considered a default router When a non zero value is used the lifetime should not be less than th...

Страница 1693: ...high Console config ipv6 nd ra suppress This command suppresses router advertisement transmissions on an interface Use the no form to re enable router advertisements SYNTAX no ipv6 nd ra suppress COM...

Страница 1694: ...ort unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd raguard interface ethernet 1 1 Interface RA Gua...

Страница 1695: ...entry from the indicated mapping RFC 4293 R Reachable Positive confirmation was received within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACH sta...

Страница 1696: ...o host or host to host connections using the tunnel mode ipv6ip command Table 243 IPv6 to IPv4 Tunnelling Commands Command Function Mode interface tunnel Configures a tunnel interface and enters tunne...

Страница 1697: ...ber no interface tunnel tunnel number tunnel number Tunnel interface identifier Range 1 16 DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Although this command is labeled with th...

Страница 1698: ...dress of an IPv6 IPv4 router bordering the IPv6 backbone is known this can be used as the tunnel end point address This tunnel can be configured into the routing table as an IPv6 default route That is...

Страница 1699: ...no form to restore the default setting SYNTAX tunnel mode ipv6ip configured 6to4 no tunnel mode ipv6ip configured Configured IPv6 over IPv4 tunneling using point to point tunnels by encapsulating IPv6...

Страница 1700: ...o4 node or native IPv6 host Router to Host IPv6 IPv4 routers can tunnel IPv6 packets to their final destination IPv6 IPv4 host This tunnel spans only the last segment of the end to end path Tunneling...

Страница 1701: ...eeded removes the IPv4 header updates the IPv6 header and processes the received IPv6 packet EXAMPLE Console config interface tunnel 2 Console config if tunnel mode ipv6ip configured Console config if...

Страница 1702: ...lating packet However note that IPv6 over IPv4 tunnels are modeled as a single hop That is the IPv6 hop limit is decremented by only one when an IPv6 packet traverses the tunnel The single hop model s...

Страница 1703: ...D advertised reachable time is 0 milliseconds Tunnel 1 is up IPv6 is stale Link local address FE80 C0A8 3 64 Global unicast address es 2002 DB9 2222 7272 72 48 subnet is 2002 DB9 2222 48 Joined group...

Страница 1704: ...ding This section describes commands used to configure ND Snooping Table 244 ND Snooping Commands Command Function Mode ipv6 nd snooping Enables ND snooping globally or on a specified VLAN or range of...

Страница 1705: ...le according to the Prefix Information option in the RA message The prefix table records prefix prefix length valid lifetime as well as the VLAN and port interface which received the message If an RA...

Страница 1706: ...ally and on VLAN 1 Console config ipv6 nd snooping Console config ipv6 nd snooping vlan 1 Console config ipv6 nd snooping vlan 1 4094 VLAN ID Console config ipv6 nd snooping auto detect This command e...

Страница 1707: ...f no RA message is received is set to the retransmit count x the retransmit interval see the ipv6 nd snooping auto detect retransmit interval command Based on the default settings this is 3 seconds EX...

Страница 1708: ...ssage before deleting an entry in the prefix table Use the no form to restore the default setting SYNTAX ipv6 nd snooping prefix timeout timeout no ipv6 nd snooping prefix timeout timeout The time to...

Страница 1709: ...nfig ipv6 nd snooping trust This command configures a port as a trusted interface from which prefix information in RA messages can be added to the prefix table or NS messages can be forwarded without...

Страница 1710: ...d Exec EXAMPLE Console clear ipv6 nd snooping binding Console show ipv6 nd snooping binding MAC Address IPv6 Address Lifetime VLAN Interface Console clear ipv6 nd snooping prefix This command clears a...

Страница 1711: ...VLANs VLAN 1 Interface Trusted Max binding Eth 1 1 Yes 1 Eth 1 2 No 5 Eth 1 3 No 5 Eth 1 4 No 5 Eth 1 5 No 5 show ipv6 nd snooping binding This command shows all entries in the dynamic user binding t...

Страница 1712: ...D Snooping 1712 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd snooping prefix Prefix entry timeout 100 second Prefix Len Valid Time Expire VLAN Interface 2001 b000 64 2592000 100 1 Eth 1 1...

Страница 1713: ...ich allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Table 245 VRRP Commands Command Function Mode vrrp authe...

Страница 1714: ...the string configured on this router If the keys match the message is accepted Otherwise the packet is discarded Plain text authentication does not provide any real security It is supported only to p...

Страница 1715: ...customize any of the other parameters for VRRP such as authentication priority or advertisement interval then first configure these parameters before enabling VRRP EXAMPLE This example creates VRRP g...

Страница 1716: ...p priority 1716 vrrp priority This command sets the priority of this router in a VRRP group Use the no form to restore the default setting SYNTAX vrrp group priority level no vrrp group priority group...

Страница 1717: ...advertisements communicating its state as the master Use the no form to restore the default interval SYNTAX vrrp group timers advertise interval no vrrp group timers advertise group Identifies the VR...

Страница 1718: ...ifier of configured VLAN interface Range 1 4094 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console clear vrrp 1 interface 1 counters Console clear vrrp router counters This command clears VRRP...

Страница 1719: ...rity 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 246 show vrrp display description Field Description State VRRP role of this interface master or backup Virtual IP add...

Страница 1720: ...xec Master Advertisement interval The advertisement interval configured on the VRRP master Master down interval The down interval configured on the VRRP master This interval is used by all the routers...

Страница 1721: ...ies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4094 DEFAULTS None COMMAND MODE Privileged Exec EXAMPLE Console show vrrp 1 interface vlan 1 counters Total Numbe...

Страница 1722: ...MMAND MODE Privileged Exec EXAMPLE Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Страница 1723: ...s global parameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange routing information Routing Information Protocol RIP Configures global and i...

Страница 1724: ...istances used by the dynamic unicast routing protocols is 110 for OSPF 120 for RIP 20 for eBGP and 200 for iBGP Range 1 255 Default 1 Removes all static routing table entries DEFAULT SETTING No static...

Страница 1725: ...e 1849 respectively EXAMPLE This example forwards all traffic for subnet 192 168 1 0 to the gateway router 192 168 5 254 using the default metric of 1 Console config ip route 192 168 1 0 255 255 255 0...

Страница 1726: ...ed Displays all currently connected entries database All known routes including inactive routes ospf Displays external routes imported from the Open Shortest Path First OSPF protocol into this routing...

Страница 1727: ...ing The router must be able to directly reach the next hop so the VLAN interface associated with any dynamic or static route entry must be up Note that routes currently not accessible for forwarding m...

Страница 1728: ...ow ip route summary This command displays summary information for the routing table COMMAND MODE Privileged Exec EXAMPLE In the following example the numeric identifier following the routing table nam...

Страница 1729: ...essages timestamp request messages timestamp reply messages source quench messages address mask request messages address mask reply messages ICMP sent output errors destination unreachable messages ti...

Страница 1730: ...ve distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic route is less than that configured for the static route Note that the default adm...

Страница 1731: ...ation Base FIB SYNTAX show ipv6 route ipv6 address prefix length bgp database interface tunnel tunnel number vlan vlan id local ospf rip static ipv6 address A full IPv6 address including the network p...

Страница 1732: ...formation necessary to make a forwarding decision on a particular packet The typical components within a forwarding information base entry are a network prefix a router port identifier and next hop in...

Страница 1733: ...routes from one routing domain to another RC timers basic Sets basic timers including update timeout garbage collection RC version Specifies the RIP version to use on all network interfaces if not al...

Страница 1734: ...MPLE Console config router rip Console config router RELATED COMMANDS network 1738 default information originate This command generates a default external route into the local RIP autonomous system Us...

Страница 1735: ...routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistribut...

Страница 1736: ...bits used for the associated routing entries DEFAULT SETTING None COMMAND MODE Router Configuration COMMAND USAGE Administrative distance is used by the routers to select the preferred path when ther...

Страница 1737: ...o remove an entry SYNTAX no neighbor ip address ip address IP address of a neighboring router DEFAULT SETTING No neighbors are defined COMMAND MODE Router Configuration COMMAND USAGE This command can...

Страница 1738: ...networks are specified COMMAND MODE Router Configuration COMMAND USAGE RIP only sends and receives updates on interfaces specified by this command If a network is not specified the interfaces in that...

Страница 1739: ...his feature SYNTAX no redistribute bgp connected ospf static metric metric value bgp Displays external routes imported from the Border Gateway Protocol BGP into this routing domain connected Imports r...

Страница 1740: ...point other than that derived from the original source EXAMPLE This example redistributes routes learned from OSPF and sets the metric for all external routes imported from OSPF to a value of 3 Conso...

Страница 1741: ...e This timer allows neighbors to become aware of an invalid route prior to it being purged by this device Setting the update timer to a short interval can cause the router to spend an excessive amount...

Страница 1742: ...nd and receive version 2 packets Console config router version 2 Console config router RELATED COMMANDS ip rip receive version 1744 ip rip send version 1745 ip rip authentication mode This command spe...

Страница 1743: ...p authentication mode text Console config if RELATED COMMANDS ip rip authentication string 1743 ip rip authentication string This command specifies an authentication key for RIPv2 packets Use the no f...

Страница 1744: ...receive version 1 Accepts only RIPv1 packets 2 Accepts only RIPv2 packets DEFAULT SETTING RIPv1 and RIPv2 packets COMMAND MODE Interface Configuration VLAN COMMAND USAGE Use this command to override t...

Страница 1745: ...ng table for an interface For example when only static routes are to be allowed for a specific interface EXAMPLE Console config interface vlan 1 Console config if ip rip receive packet Console config...

Страница 1746: ...which only receive RIP broadcast messages to receive all of the information provided by RIPv2 including subnet mask next hop and authentication information EXAMPLE This example sets the interface ver...

Страница 1747: ...N DEFAULT SETTING split horizon poisoned COMMAND USAGE Split horizon never propagates routes back to an interface from which they have been acquired Poison reverse propagates routes back to an interfa...

Страница 1748: ...l static entries DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command with the all parameter clears the RIP table of all routes To avoid deleting the entire RIP network u...

Страница 1749: ...about RIP routes and configuration settings Use this command without any keywords to display all RIP routes SYNTAX show ip rip interface vlan vlan id interface Shows RIP configuration settings for all...

Страница 1750: ...ult metric for external routes imported from other protocols RC redistribute Redistribute routes from one routing domain to another RC summary address Summarizes routes advertised by an ASBR RC Area C...

Страница 1751: ...mit interval Specifies the time between resending a link state advertisement IC ip ospf transmit delay Estimates time to send a link state update packet over an interface IC passive interface Suppress...

Страница 1752: ...e destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF routi...

Страница 1753: ...red to import external routes through other routing protocols or static routing and such a route is known See the redistribute command The metric for the default external route is used to calculate th...

Страница 1754: ...ique router ID for this device within the autonomous system for the current OSPF process Use the no form to use the default router identification method i e the highest interface address SYNTAX router...

Страница 1755: ...cutive SPF calculations Use the no form to restore the default values SYNTAX timers spf spf delay spf holdtime no timers spf spf delay The delay after receiving a topology change notification and star...

Страница 1756: ...le Route Metrics and Summaries area default cost This command specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assig...

Страница 1757: ...Network mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the routes remain hidden from the rest of the network COMMAND MODE Router...

Страница 1758: ...967 Mbps COMMAND MODE Router Configuration DEFAULT SETTING 1 Mbps COMMAND USAGE The system calculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By defaul...

Страница 1759: ...ols Range 0 16777214 COMMAND MODE Router Configuration DEFAULT SETTING 20 COMMAND USAGE The default metric must be used to resolve the problem of redistributing external routes from other protocols th...

Страница 1760: ...nal route 2 Type 2 external route default Routers do not add internal route metric to external route metric tag value A tag placed in the AS external LSA to identify a specific external routing domain...

Страница 1761: ...This example redistributes routes learned from RIP as Type 1 external routes Console config router redistribute rip metric type 1 Console config router RELATED COMMANDS default information originate 1...

Страница 1762: ...eger ranging from 0 4294967295 translator role Indicates NSSA ABR translator role for Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never t...

Страница 1763: ...is different from a stub because when the router is an ASBR it can import a default external AS route for routing protocol domains adjacent to the NSSA but not within the OSPF AS into the NSSA using t...

Страница 1764: ...eger ranging from 0 4294967295 no summary Stops an Area Border Router ABR from sending summary link advertisements into the stub area COMMAND MODE Router Configuration DEFAULT SETTING No stub is confi...

Страница 1765: ...r id authentication message digest null authentication key key message digest key key id md5 key no area area id virtual link router id authentication authentication key message digest key key id area...

Страница 1766: ...authentication Specifies the authentication mode If no optional parameters follow this keyword then plain text authentication is used along with the password specified by the authentication key If me...

Страница 1767: ...be configured between any two backbone routers that have an interface to a common non backbone area The two routers joined by a virtual link are treated as if they were connected by an unnumbered poin...

Страница 1768: ...0 0 0 0 indicates the OSPF backbone for an autonomous system Each router must be connected to the backbone via a direct connection or a virtual link Set the area ID to the same value for all routers...

Страница 1769: ...area with the same password or key All neighboring routers on the same network with the same password will exchange routing data This command creates a password key that is inserted into the OSPF hea...

Страница 1770: ...address This parameter can be used to indicate a specific IP address connected to the current interface If not specified the command applies to all networks connected to the current interface key Sets...

Страница 1771: ...erface If not specified the command applies to all networks connected to the current interface cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 COMMAND MODE...

Страница 1772: ...network Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 40 or four times the interval specified by the ip ospf hello interval command COMMAND USAGE The dead interval is advert...

Страница 1773: ...assign a key id and key to be used by neighboring routers Use the no form to remove an existing key SYNTAX ip ospf ip address message digest key key id md5 key no ip ospf ip address message digest key...

Страница 1774: ...ospf message digest key 1 md5 aiebel Console config if RELATED COMMANDS ip ospf authentication 1769 ip ospf priority This command sets the router priority used when determining the designated router D...

Страница 1775: ...ifies the time between resending link state advertisements LSAs Use the no form to restore the default value SYNTAX ip ospf ip address retransmit interval seconds no ip ospf ip address retransmit inte...

Страница 1776: ...ted time required to send a link state update Range 1 65535 COMMAND MODE Interface Configuration VLAN DEFAULT SETTING 1 second COMMAND USAGE LSAs have their age incremented by this delay before transm...

Страница 1777: ...lved is set to passive mode The specified interface will appear as a stub in the OSPF domain Also if you configure an OSPF interface as passive where an adjacency already exists the adjacency will dro...

Страница 1778: ...TOS TOS0 routes Optional Type of Service ToS specified in OSPF Version 2 Appendix F 1 2 is not supported so only one cost per interface can be assigned SPF schedule delay Delay between receiving a ch...

Страница 1779: ...ured areas attached to this router Number of interfaces in this area is The number of interfaces attached to this area Number of fully adjacent neighbors in this area is The number of neighbors for wh...

Страница 1780: ...An IP network number for Type 3 Summary and External LSAs A Router ID for Router Network and Type 4 AS Summary LSAs Also note that when an Type 5 ASBR External LSA is describing a default route its li...

Страница 1781: ...68 2 1 LS Seq Number 80000001 Checksum 0x7b67 Length 28 Network Mask 0 TOS 0 Metric 10 Console Table 254 show ip ospf database display description Field Description OSPF Router Process with ID OSPF pr...

Страница 1782: ...xternal Network Number Advertising Router 192 168 0 2 LS Seq Number 80000005 Checksum 0xcc95 Length 36 Network Mask 0 Metric Type 2 Larger than any link state path TOS 0 Metric 1 Forward Address 0 0 0...

Страница 1783: ...ptions Optional capabilities associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network...

Страница 1784: ...ds Options Optional capabilities associated with the LSA LS Type Network Link LSA describes the routers attached to the network Link State ID Interface address of the designated router Advertising Rou...

Страница 1785: ...e length of the LSA in bytes Link connected to Link state type including transit network stub network or virtual link Link ID Link type and corresponding Router ID or network address Link Data Router...

Страница 1786: ...transmit 5 Hello due in 00 00 10 Neighbor Count is 1 Adjacent neighbor count is 1 Hello received 920 sent 975 DD received 5 sent 4 LS Req received 1 sent 1 LS Upd received 14 sent 18 LS Ack received 1...

Страница 1787: ...is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but is not the DR or BDR Priority Router priority Designated Router De...

Страница 1788: ...ed fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 VLAN1 Table 261 show ip ospf neighbor display description Field Description Neighbo...

Страница 1789: ...10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 08 Adjacency state Down Console RELATED COMMANDS area virtual link 1765 Table 262 show ip ospf virtual links display description Field Description V...

Страница 1790: ...oute redistribution has been enabled with the redistribute command Routing for Networks Networks for which the OSPF is currently registering routing information Routing for Summary Address Shows the n...

Страница 1791: ...an interface IC ipv6 ospf dead interval Sets the interval at which hello packets are not seen before neighbors declare the router down IC ipv6 ospf hello interval Specifies the interval between sendi...

Страница 1792: ...assign an area to each interface that will participate in the specified OSPF process General Configuration router ipv6 ospf This command creates an Open Shortest Path First OSPFv3 routing process and...

Страница 1793: ...SA 2 Checksum 0x00ab4f Console RELATED COMMANDS ipv6 router ospf area 1804 abr type This command sets the criteria used to determine if this router can declare itself an ABR and issue Type 3 and Type...

Страница 1794: ...f it is not an ABR but has more than one attached area or it does not have an active backbone connection In other words inter area routes are calculated by examining summary LSAs If the router is an A...

Страница 1795: ...default setting SYNTAX router id ip address no router id ip address Router ID formatted as an IPv4 address COMMAND MODE Router Configuration DEFAULT SETTING None COMMAND USAGE This command sets the r...

Страница 1796: ...restore the default values SYNTAX timers spf spf delay spf holdtime no timers spf spf delay The delay after receiving a topology change notification and starting the SPF calculation Range 0 214748364...

Страница 1797: ...st area id Identifies the stub The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 4294967295 cost Cost for the default summary route sent to a stub Ra...

Страница 1798: ...summary is not sent and the routes remain hidden from the rest of the network COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command can be used to summarize intra area...

Страница 1799: ...etric value set by the redistribute command When a metric value has not been configured by the redistribute command the default metric command sets the metric value to be used for all imported externa...

Страница 1800: ...router automatically becomes an autonomous system boundary router ASBR Metric type specifies the way to advertise routes to destinations outside the AS through External LSAs When a Type 1 LSA is rece...

Страница 1801: ...g Type 4 Inter Area Router and Type 5 AS External LSAs into the stub Since no information on external routes is known inside the stub an ABR will advertise the default route 0 0 0 using a Type 3 Inter...

Страница 1802: ...val seconds Specifies the time that neighbor routers will wait for a hello packet before they declare the router down This value must be the same for all routers attached to an autonomous system Range...

Страница 1803: ...al path to the backbone for an isolated area or can be configured as a backup connection that can take over if the normal connection to the backbone fails A virtual link can be configured between any...

Страница 1804: ...MODE Interface Configuration DEFAULT SETTING None COMMAND USAGE An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous system Each router...

Страница 1805: ...meric string up to 16 characters instance id Identifies a specific OSPFv3 routing process on the link local network segment attached to this interface Range 0 255 COMMAND MODE Interface Configuration...

Страница 1806: ...stance id instance id cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link local network se...

Страница 1807: ...ore declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link...

Страница 1808: ...econds COMMAND USAGE Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological...

Страница 1809: ...d If a DR already exists for a network segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the elec...

Страница 1810: ...o send a link state update packet over an interface Use the no form to restore the default value SYNTAX ipv6 ospf transmit delay seconds instance id instance id no ipv6 ospf transmit delay instance id...

Страница 1811: ...interface vlan vlan id ipv6 address vlan id VLAN ID Range 1 4094 ipv6 address A full IPv6 address including the network prefix and host address bits COMMAND MODE Router Configuration DEFAULT SETTING N...

Страница 1812: ...identifies the router in the autonomous system By convention this is normally set to one of the router s IP interface addresses Process uptime The time this process has been running Supports only sin...

Страница 1813: ...LSA Link State ID ADV Router Age Seq CkSum Console Checksum The sum of the LS checksums of opaque link state advertisements contained in the link state database Number of LSA received The number of l...

Страница 1814: ...eceived 0 sent 0 LS Upd received 0 sent 0 LS Ack received 0 sent 0 Discarded 0 Console Table 266 show ip ospf database display description Field Description OSPF Router Process with ID OSPF router ID...

Страница 1815: ...is on a multiaccess network but is not the DR or BDR Loopback This is a loopback interface PointToPoint A direct link between two routers Waiting Router is trying to find the DR and BDR Priority Rout...

Страница 1816: ...1 L2 IS IS level 2 ia IS IS inter area C 1 128 lo0 O 2001 DB8 2222 7272 64 VLAN1 Table 268 show ipv6 ospf neighbor display description Field Description ID Neighbor s router ID Pri Neighbor s router p...

Страница 1817: ...t Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Adjacency state Full Console Table 269 show ipv6 ospf virtual links display...

Страница 1818: ...tween the source and destination Loops are prevented simply by checking the path vector to see if same AS is listed twice This approach solves many of the scalability problems encountered when applyin...

Страница 1819: ...in OPEN messages by a peer with that of its own internal value If it matches then this neighbor is an iBGP speaker and if it does not then it is an eBGP speaker An eBGP speaker can advertise prefixes...

Страница 1820: ...he shortest number or AS hops Just note that each AS may be comprised of multiple routers or networks that a packet traverses as it crosses the associated route to the destination so the AS hop count...

Страница 1821: ...reflector receives a route with its own cluster ID a potential routing loop can be broken MP_REACH_NLRI This attribute describes routes for network protocols other than IPv4 The attribute identifies...

Страница 1822: ...heir capabilities the UPDATE message is used to advertise withdraw prefixes the NOTIFICATION message is used to send errors or close the session and the KEEPALIVE messages is used to keep the BGP sess...

Страница 1823: ...This supernetted address block is less specific and only lists the AS number of the AS where the supernetting was done The Atomic_Aggregate attribute indicates that attributes for more specific paths...

Страница 1824: ...ngle Route Reflector Route reflector clients are not aware that they are connected to a route reflector and function as though fully meshed within the autonomous system For redundancy a cluster many c...

Страница 1825: ...een that routing information learned from an iBGP speaker can be passed to another iBGP speaker This breaks the normal rules for a fully meshed iBGP autonomous system and other steps are now required...

Страница 1826: ...ber AS to another member AS This exception to normal practice is allowed within the confederation since this attribute is meant for use by the entire AS The Next Hop for a route set by the first BGP s...

Страница 1827: ...es and their attributes are relayed unmodified between client routers they acquire the same routing information as they would via direct peering in a full mesh configuration Figure 559 Connections for...

Страница 1828: ...s as shown below Maximum penalty reuse limit 2 max suppress time half life When a route is being damped any updates or withdrawals for this route received from a peer are ignored This limits the effec...

Страница 1829: ...er RC timers bgp Sets the Keep Alive time used for maintaining connectivity and the Hold time to wait for Keep Alive messages before declaring a neighbor down RC clear ip bgp Clears connections using...

Страница 1830: ...ty negotiation when creating connections RC neighbor ebgp multihop Allows eBGP neighbors to exist in different segments and configures the maximum hop count TTL RC neighbor enforce multihop Enforces t...

Страница 1831: ...used for specified neighbors RC neighbor timers connect Sets the time to wait before attempting to reconnect to a neighbor whose TCP connection has failed RC neighbor unsuppress map Allows specified...

Страница 1832: ...sing the neighbor remove private as command Note that AS number 23456 is reserved for the AS Transitive attribute which is required when setting up a new BGP speaker Use this command to specify all of...

Страница 1833: ...ers no spaces or other special characters deny Permits access for messages with matching path attribute permit Denies access to messages with matching path attribute regular expression Autonomous syst...

Страница 1834: ...e Name of standard access list A maximum of 16 communities can be configured in a standard community list Maximum length 32 characters no spaces or other special characters deny Denies access to messa...

Страница 1835: ...Standard community lists are used to configure well known communities or community numbers Expanded community lists are used to filter communities using a regular expression When multiple values are e...

Страница 1836: ...f communities standard community list name Name of standard access list A maximum of 16 extended communities can be configured in a standard community list Maximum length 32 characters no spaces or ot...

Страница 1837: ...community lists the form a logical OR condition where the first list that matches a condition is processed If the criteria specified for a community list is matched then the deny permit condition is a...

Страница 1838: ...address netmask any ge min prefix length le max prefix length prefix list name Name of prefix list Maximum length 128 characters no spaces or other special characters sequence number Applies a sequenc...

Страница 1839: ...with the match ip address prefix list route map command to implement a more comprehensive filter for policy based routing EXAMPLE This example denies access to routing messages for the specified addre...

Страница 1840: ...s avoid advertising routing information in this manner since this route may be frequently withdrawn and updated as AS path reachability information for the summarized routes changes Using the summary...

Страница 1841: ...rom a non client peer is advertised to all clients And information from cluster members is reflected to all routing peers both inside and outside of the cluster using this model the local AS can be di...

Страница 1842: ...g this attribute an RR can determine if routing information has looped back to the same cluster due to mis configuration If the local cluster ID is found in the cluster list the advertisement is ignor...

Страница 1843: ...command to specify the autonomous systems within a confederation EXAMPLE Console config router bgp confederation identifier 600 Console config router RELATED COMMANDS bgp confederation peer 1843 bgp c...

Страница 1844: ...uppress limit max suppress time no dampening half life The time after which a penalty is reduced The penalty value is reduced to half of the previous value after the half life time expires Range 1 45...

Страница 1845: ...t its own autonomous system number at the beginning of the AS path attribute Use the no form to disable this feature SYNTAX no bgp enforce first as COMMAND MODE Router Configuration DEFAULT SETTING Di...

Страница 1846: ...is feature COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command helps detect network problems by indicating if a neighbor connection is flapping A high number of neigh...

Страница 1847: ...bgp router id router id no bgp router id router id Router ID formatted as an IPv4 address COMMAND MODE Router Configuration DEFAULT SETTING The highest IP address configured for an interface COMMAND...

Страница 1848: ...cause black holes or routing loops to form EXAMPLE Console config router bgp scan time 30 Console config router network This command specifies a network to advertise Use the no form to stop advertisi...

Страница 1849: ...r routes learned through eBGP even if the distance of the external route is shorter EXAMPLE Console config router network 172 16 0 0 255 255 0 0 Console config router redistribute This command redistr...

Страница 1850: ...ectivity and the Hold time to wait for Keep Alive or Update messages before declaring a neighbor down Use the no form to restore the default settings SYNTAX timers bgp keepalive time hold time no time...

Страница 1851: ...nbound sessions prefix list The outbound route filter ORF prefix list This option triggers a new route refresh or soft re configuration which updates the ORF prefix list This option is ignored unless...

Страница 1852: ...ound routing tables dynamically by exchanging route refresh requests with peers Route refresh relies on the dynamic exchange of information with supporting peers It is advertised through BGP capabilit...

Страница 1853: ...g paths from the same autonomous system This command allows the comparison of MEDs among different paths regardless of the autonomous system from which the paths are received The bgp deterministic med...

Страница 1854: ...ig router bgp bestpath compare confed aspath Console config router bgp bestpath compare routerid This command compares similar routes from external peers and gives preference to a route with the lowes...

Страница 1855: ...ned from confederation peers is compared only if no external autonomous systems AS appear in the path If an external AS is within the path then the external MED is passed transparently through the con...

Страница 1856: ...SETTING Disabled COMMAND USAGE The MED is compared after BGP attributes weight local preference AS path and origin have been compared and are equal When deterministic comparison of the MED is enabled...

Страница 1857: ...characters no spaces or other special characters COMMAND MODE Router Configuration DEFAULT SETTING None COMMAND USAGE The route distance indicates the trustworthiness of a router The higher the distan...

Страница 1858: ...peer within the local autonomous system Local routes are those configured with the network command as a back door for the router or for the networks being redistributed from another routing process Th...

Страница 1859: ...oring router this command is used to enable the exchange of information with the neighbor The exchange of information is enabled by default for each routing session configured with the neighbor remote...

Страница 1860: ...ining a list of neighboring routers configured with the neighbor peer group command count Maximum number of times the same AS number can appear in the AS path of a received route Range 1 10 or 3 if th...

Страница 1861: ...r MED attribute next hop Next hop attribute COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE If this command is entered without specifying any route attributes then all three o...

Страница 1862: ...ion of outbound route filter ORF capabilities with a neighboring router Use the no form to disable negotiation SYNTAX no neighbor ip address group name orf prefix list both receive send ip address IP...

Страница 1863: ...e criteria used for sending the default route to a neighbor Range 1 80 characters COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command is used to advertise the local r...

Страница 1864: ...ecified EXAMPLE Console config router neighbor 10 1 1 64 description bill s router Console config router neighbor distribute list This command filters route updates to from a neighbor or peer group Us...

Страница 1865: ...restore the default setting SYNTAX no neighbor ip address group name dont capability negotiate ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring routers...

Страница 1866: ...AND USAGE This command can be used to allow routers in different network segments to create a BGP neighbor relationship If this command is entered without specifying a count the hop limit is set at 25...

Страница 1867: ...t access list in out no neighbor ip address group name filter list in out ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the n...

Страница 1868: ...can be received from a neighbor Use the no form to restore the default setting SYNTAX neighbor ip address group name maximum prefix max count threshold restart interval warning no neighbor ip address...

Страница 1869: ...nd configures the local router as the next hop for a neighbor in all routing messages it sends Use the no form to disable this feature SYNTAX no neighbor ip address group name next hop self ip address...

Страница 1870: ...no form to disable this feature SYNTAX no neighbor ip address group name neighbor override capability ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring r...

Страница 1871: ...utes Use the no form to remove a peer group SYNTAX no neighbor group name peer group group name A BGP peer group Range 1 256 characters COMMAND MODE Router Configuration DEFAULT SETTING No peer groups...

Страница 1872: ...group use the neighbor group name peer group command EXAMPLE Console config router neighbor 10 1 1 64 peer group RD Console config router neighbor port This command specifies the TCP port number of th...

Страница 1873: ...fix list with the ip prefix list command and then use this command to specify the neighbors to which it applies and whether it applies to inbound or outbound messages Filtering routes based on a prefi...

Страница 1874: ...MODE Router Configuration DEFAULT SETTING No neighbors are configured COMMAND USAGE BGP neighbors must be manually configured A neighbor relationship can only be established if partners are configured...

Страница 1875: ...portion of the AS path EXAMPLE Console config router neighbor 10 1 1 64 remove private as Console config router neighbor route map This command specifies the route mapping policy for inbound outbound...

Страница 1876: ...dress IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command COMMAND MODE Router Configuration DEFAULT SETTING Di...

Страница 1877: ...sed in iBGP Instead of maintaining direct eBGP peering sessions with every other service provider providers can acquire the same routing information through a single connection to a route server at th...

Страница 1878: ...OMMAND MODE Router Configuration DEFAULT SETTING No community attributes are sent If community type is not specified then only standard community attributes are sent COMMAND USAGE Community attributes...

Страница 1879: ...peer group containing a list of neighboring routers configured with the neighbor peer group command COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE Use this command to employ...

Страница 1880: ...oup name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command COMMAND MODE Router Configuration DEFAULT SETTING Disabled COMMAND USAGE This command...

Страница 1881: ...the global timers bgp command EXAMPLE Console config router neighbor 10 1 1 66 timers 50 200 Console config router neighbor timers connect This command sets the time to wait before attempting to recon...

Страница 1882: ...the no form to remove this configuration entry SYNTAX no neighbor ip address group name unsuppress map map name ip address IP address of a neighbor group name A BGP peer group containing a list of ne...

Страница 1883: ...st interface to the neighbor is used for BGP connections This command can be used to specify any available interface for a TCP connection EXAMPLE Console config router neighbor 10 1 1 66 update source...

Страница 1884: ...k mask for the route This mask identifies the network address bits used for the associated routing entries longer prefixes Specified route and all more specific routes COMMAND MODE Privileged Exec EXA...

Страница 1885: ...try removed Origin codes Origin of table entry includes these values i Entry originated from an Interior Gateway Protocol IGP and was advertised using a network router configuration command e Entry or...

Страница 1886: ...vertise no export exact match AA NN Standard community number to match The 4 byte community number is composed of a 2 byte autonomous system number and a 2 byte network number separated by one colon E...

Страница 1887: ...Hop Metric LocPrf Weight Path 100 1 1 0 24 0 0 0 0 32768 700 800 i 172 0 0 0 8 0 0 0 0 32768 700 800 i Total number of prefixes 2 Console show ip bgp community info This command shows community messa...

Страница 1888: ...ays only routes that match the specified communities exactly COMMAND MODE Privileged Exec EXAMPLE Console show ip bgp community list rd BGP table version is 0 local router ID is 192 168 0 2 Status cod...

Страница 1889: ...damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network From Flaps Duration Reuse Path d 100 1 3 0 24 10 1 1 64 3 00 06 05 00 27 00 100 Total...

Страница 1890: ...and chows connection information for neighbor sessions SYNTAX show ip bgp neighbors ip address advertised routes received prefix filter received routes routes ip address IP address of the neighbor adv...

Страница 1891: ...ption BGP neighbor IP address of neighbor remote AS Autonomous system number of the neighbor local AS Local autonomous system number external link external link is displayed for external BGP neighbors...

Страница 1892: ...ort or export as defined by the match ip address prefix list command Range 1 80 characters COMMAND MODE Privileged Exec Foreign host port IP address and TCP port of the neighbor BGP speaker Nexthop IP...

Страница 1893: ...ion indicating the path attributes to match Syntax complies with the IEEE POSIX Basic Regular Expressions BRE standard COMMAND MODE Privileged Exec EXAMPLE Console show ip bgp regexp 100 BGP table ver...

Страница 1894: ...TAX show ip bgp scan COMMAND MODE Privileged Exec EXAMPLE Console show ip bgp scan BGP scan is running BGP scan interval is 60 Current BGP nexthop cache 10 10 10 64 valid IGP metric 0 BGP connected ro...

Страница 1895: ...y list name Name of standard or expanded access list Maximum length 32 characters no spaces or other special characters COMMAND MODE Privileged Exec EXAMPLE Console show ip community list rd Named Com...

Страница 1896: ...notation netmask Network mask for the route This mask identifies the network address bits used for the associated routing entries first match First matched prefix longer All entries more specific than...

Страница 1897: ...plied and then based on the policy makes some decision First the traffic is matched according to the policy Second for each match there is something set What is set could be that the traffic matches m...

Страница 1898: ...occurs RM description Creates a description of an entry in the route map RM match as path Sets an AS path access list to match RM match community Sets a BGP community access list to match RM match ex...

Страница 1899: ...to perform if the criteria enforced by the match commands are met If the match criteria are met for a route map and the permit keyword specified the packet is policy routed based on defined set comma...

Страница 1900: ...for an access list if the access list does not exist no routing message will be matched and therefore all routes are skipped For a permit route map if it does not have a match clause any routing mess...

Страница 1901: ...nue processing Range 1 65535 COMMAND MODE Route Map COMMAND USAGE If no match statements precede the call entry the call is automatically executed If no sequence number is specified by the call entry...

Страница 1902: ...DE Route Map COMMAND USAGE The weights assigned by the match as path and set weight route map commands command override the weight assigned using the BGP neighbor weight command EXAMPLE Console config...

Страница 1903: ...config route map set weight 30 Console config route map match extcommunity This command sets a BGP extended community access list to match Use the no form to remove this entry from a route map SYNTAX...

Страница 1904: ...le config route map set weight 30 Console config route map RELATED COMMANDS ip prefix list 1838 Access Control Lists 1163 match ip next hop This command specifies the next hop addresses to be matched...

Страница 1905: ...list name prefix list access list name Name of standard or extended access list Maximum length 32 characters no spaces or other special characters prefix list name Name of a specific prefix list COMM...

Страница 1906: ...Console config route map match origin igp Console config route map set weight 30 Console config route map match pathlimit as This command sets the maximum AS path length allowed for propagation of mo...

Страница 1907: ...s counted as a single AS Each instance of an AS number that appears multiple times in an AS_PATH is counted If the AS_PATHLIMIT attribute is attached to a prefix by a private AS then when the prefix i...

Страница 1908: ...umber Route map entry Range 1 65535 next Go to next entry COMMAND MODE Route Map COMMAND USAGE Use this command when no set action is for a match clause EXAMPLE Console config route map RD permit 8 Co...

Страница 1909: ...te map match pathlimit as 5 Console config route map set aggregator 1 192 168 0 0 Console config route map set as path This command modifies the AS path by prepending or excluding an AS number Use the...

Страница 1910: ...atomic aggregate Console config route map set comm list delete This command removes communities from the community attribute of inbound or outbound routing messages Use the no form to remove this ent...

Страница 1911: ...twork number separated by one colon Each 2 byte number can range from 0 from 65535 One or more communities can be entered separated by a space Up to 16 community numbers are supported additive Adds co...

Страница 1912: ...bute soo The site of origin extended community attribute extended community value The route target or site of origin in one of the following formats AAAA NN or AA NNNN Community number to deny or perm...

Страница 1913: ...ommand sets the next hop for a routing message Use the no form to remove this entry from a route map SYNTAX set ip next hop ip address peer address no set ip next hop ip address ip address An IPv4 add...

Страница 1914: ...295 COMMAND MODE Route Map COMMAND USAGE The preference is sent only to routers in the local autonomous system To specify the metric for inter autonomous systems use the set metric command A route wit...

Страница 1915: ...ems use the bgp always compare med command EXAMPLE Console config route map RD permit 16 Console config route map match peer 192 168 0 99 Console config route map set metric 1 Console config route map...

Страница 1916: ...oop prevention by rejecting updates that contain the receiving router s own router ID in the originator ID attribute EXAMPLE Console config route map RD permit 17 Console config route map match peer 1...

Страница 1917: ...rom a route map SYNTAX set weight weight no set weight weight The weight assigned to this route Range 0 4294967295 COMMAND MODE Route Map COMMAND USAGE Weights are used to determine the best path avai...

Страница 1918: ...ing Commands Policy based Routing for BGP 1918 EXAMPLE Console show route map RD route map RD permit sequence 1 Match clauses peer 102 168 0 99 Set clauses comm list 100 delete Call clause Action Exit...

Страница 1919: ...SYNTAX no ip multicast routing DEFAULT SETTING Disabled Table 277 Multicast Routing Commands Command Group Function General Multicast Routing Enables IP multicast routing globally also displays the I...

Страница 1920: ...command displays the IPv4 multicast routing table SYNTAX show ip mroute group address source summary group address An IPv4 multicast group address with subscribers directly attached or downstream from...

Страница 1921: ...ndezvous Point RP which normally indicates a pruned state along the shared tree for a particular source T SPT bit set Multicast packets have been received from a source on the shortest path tree J Joi...

Страница 1922: ...outing globally for the router A multicast routing protocol also needs to be enabled on the interfaces that will support multicast routing using the router pim6 command and then specify the interfaces...

Страница 1923: ...cast routing If no optional parameters are selected detailed information for each entry in the multicast address table is displayed If you select a multicast group and source pair detailed information...

Страница 1924: ...ately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a requested service source Subnetwork containing the IP...

Страница 1925: ...n the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration SYNTAX ip igmp snooping vlan vlan id mrouter interface...

Страница 1926: ...hin VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned...

Страница 1927: ...m a neighboring PIM router before declaring it dead IC ip pim hello interval Sets the interval between sending PIM hello messages IC ip pim join prune holdtime Configures the hold time for the prune s...

Страница 1928: ...limit Configures the rate at which register messages are sent by the Designated Router DR GC ip pim register source Configure the IP source address of a register message to an address other than the o...

Страница 1929: ...MAND MODE Interface Configuration VLAN COMMAND USAGE To fully enable PIM you need to enable multicast routing globally for the router with the ip multicast routing command enable PIM globally for the...

Страница 1930: ...f they have already connected to the source through the SPT or if there are no longer any group members connected to the interface EXAMPLE Console config interface vlan 1 Console config if ip pim dens...

Страница 1931: ...ending PIM hello messages Range 1 65535 DEFAULT SETTING 30 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE Hello messages are sent to neighboring PIM routers from which this device has...

Страница 1932: ...le this feature SYNTAX no ip pim lan prune delay DEFAULT SETTING Disabled COMMAND MODE Interface Configuration VLAN COMMAND USAGE When other downstream routers on the same VLAN are notified that this...

Страница 1933: ...d in the message Range 500 6000 milliseconds DEFAULT SETTING 2500 milliseconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The override interval configured by this command and the propagat...

Страница 1934: ...te the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the propagation delay represents the time require...

Страница 1935: ...le config if show ip pim interface This command displays information about interfaces configured for PIM SYNTAX show ip pim interface vlan vlan id vlan id VLAN ID Range 1 4094 COMMAND MODE Normal Exec...

Страница 1936: ...DM Commands ip pim graft retry interval This command configures the time to wait for a Graft acknowledgement before resending a Graft Use the no form to restore the default value SYNTAX ip pim graft r...

Страница 1937: ...to resend a Graft message if it has not been acknowledged Use the no form to restore the default value SYNTAX ip pim max graft retries retries no ip pim max graft retries retries The maximum number of...

Страница 1938: ...strap Router BSR candidate Use the no form to restore the default value SYNTAX ip pim bsr candidate interface vlan vlan id hash hash mask length priority priority no ip pim bsr candidate vlan id VLAN...

Страница 1939: ...wo core routers in diverse locations each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP EXAMPLE The following ex...

Страница 1940: ...s back toward the rendezvous point RP Use the no form to restore the default setting SYNTAX ip pim register source interface vlan vlan id no ip pim register source vlan id VLAN ID Range 1 4094 DEFAULT...

Страница 1941: ...an IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by more than one...

Страница 1942: ...nt RP candidate to the bootstrap router BSR Use the no form to remove this router as an RP candidate SYNTAX ip pim rp candidate interface vlan vlan id group prefix group address mask interval seconds...

Страница 1943: ...d on the group address RP address priority and hash mask included in the bootstrap messages If there is a tie use the candidate RP with the highest IP address This distributed election process provide...

Страница 1944: ...he RP is not always the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree SPT...

Страница 1945: ...le election process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with...

Страница 1946: ...versely affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested to join this g...

Страница 1947: ...RP Use the show ip pim rp mapping command to display active RPs that are cached with associated multicast routing entries EXAMPLE This example clears the RP map Console clear ip pim bsr rp set Consol...

Страница 1948: ...umber of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before this entry will be removed Role...

Страница 1949: ...via null Console Table 286 show ip pim rp mapping display description Field Description Groups The multicast group address mask length managed by the RP RP address IP address of the RP used for the l...

Страница 1950: ...about interfaces configured for PIM NE PE show ipv6 pim neighbor Displays information about PIM neighbors NE PE PIM DM Commands ipv6 pim graft retry interval Configures the time to wait for a Graft ac...

Страница 1951: ...routing must be enabled on the switch using the ipv6 multicast routing command To use IPv6 multicast routing MLD proxy cannot be enabled on any interface of the device see the ipv6 mld proxy command...

Страница 1952: ...cast routing table when the router determines that there are no group members or downstream routers or when a prune message is received from a downstream router Sparse mode interfaces forward multicas...

Страница 1953: ...or PIM hello messages Range 1 65535 DEFAULT SETTING 105 seconds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The ip pim hello holdtime should be greater than the value of ipv6 pim hello int...

Страница 1954: ...onds COMMAND MODE Interface Configuration VLAN COMMAND USAGE The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces o...

Страница 1955: ...hose advertised by each neighbor including this switch EXAMPLE Console config if ipv6 pim lan prune delay Console config if RELATED COMMANDS ipv6 pim override interval 1955 ipv6 pim propagation delay...

Страница 1956: ...on delay milliseconds The time required for a lan prune delay message to reach downstream routers attached to the same VLAN interface Range 100 5000 milliseconds DEFAULT SETTING 500 milliseconds COMMA...

Страница 1957: ...lue between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello message is received fr...

Страница 1958: ...s information about PIM neighbors SYNTAX show ipv6 pim neighbor interface vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING Displays information for all known PIM neighbors COMMAND MODE Normal...

Страница 1959: ...router receives a graft message it must respond with an graft acknowledgement message If this acknowledgement message is lost the router that sent the graft message will resend it a number of times as...

Страница 1960: ...sages Use the no form to restore the default value SYNTAX ipv6 pim state refresh origination interval seconds no ipv6 pim max graft retries seconds The interval between sending PIM DM state refresh co...

Страница 1961: ...the mask length is less than 32 then only the first portion of the hash is used and a single RP will be defined for multiple groups Range 0 32 bits priority Priority used by the candidate bootstrap ro...

Страница 1962: ...it Console show ipv6 pim bsr router PIMv2 Bootstrap information BSR Address 2001 DB8 2222 7272 72 Uptime 00 00 08 BSR Priority 200 Hash Mask Length 20 Expire 00 00 57 Role Candidate BSR State Elected...

Страница 1963: ...N ID Range 1 4094 DEFAULT SETTING The IP address of the DR s outgoing interface that leads back to the RP COMMAND MODE Global Configuration COMMAND USAGE When the source address of a register message...

Страница 1964: ...not allowed If an IP address is specified that was previously used for an RP then the older entry is replaced Multiple RPs can be defined for different groups or group ranges If a group is matched by...

Страница 1965: ...is router as an RP candidate SYNTAX ipv6 pim rp candidate interface vlan vlan id group prefix group prefix interval seconds priority value no ipv6 pim rp candidate interface vlan vlan id vlan id VLAN...

Страница 1966: ...there is a tie use the candidate RP with the highest IP address This distributed election process provides faster convergence and minimal disruption when an RP fails It also serves to provide load ba...

Страница 1967: ...ys the shortest path Therefore the router uses the RP to forward only the first packet from a new multicast group to its receivers Afterwards it calculates the shortest path tree SPT directly between...

Страница 1968: ...ction process The router with the highest priority configured on an interface is elected as the DR If more than one router attached to this interface uses the same priority then the router with the hi...

Страница 1969: ...y affected The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requested to join this group W...

Страница 1970: ...he show ipv6 pim rp mapping command to display active RPs that are cached with associated multicast routing entries EXAMPLE This example clears the RP map Console clear ipv6 pim bsr rp set Console sho...

Страница 1971: ...ificant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before this entry will be removed Role Candidate BS...

Страница 1972: ...01 via bootstrap Console Table 291 show ip pim rp mapping display description Field Description Groups The multicast group address mask length managed by the RP RP address IP address of the RP used fo...

Страница 1973: ...1973 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1975 Troubleshooting on page 1981 License Information on page 1983...

Страница 1974: ...SECTION IV Appendices 1974...

Страница 1975: ...x SFP 1000BASE SX LX LH 1000 Mbps full duplex SFP 10GBASE SR LR ER 10 Gbps full duplex XFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unica...

Страница 1976: ...yer 2 IPv4 MLD Snooping Layer 2 IPv6 IGMP Layer 3 Multicast VLAN Registration IPv4 IPv6 IP ROUTING ARP Proxy ARP Static routes CIDR Classless Inter Domain Routing RIP RIPv2 OSPFv2 OSPFv3 unicast routi...

Страница 1977: ...IEEE 802 1AB Link Layer Discovery Protocol IEEE 802 1D 2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802...

Страница 1978: ...2576 3410 3411 3413 3414 3415 SNTP RFC 2030 SSH Version 2 0 TELNET RFC 854 855 856 TFTP RFC 1350 VRRP RFC 3768 MANAGEMENT INFORMATION BASES Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 DNS...

Страница 1979: ...IEEE 802 1ad Provider Bridges Quality of Service MIB RADIUS Accounting Server MIB RFC 2621 RADIUS Authentication Client MIB RFC 2619 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MI...

Страница 1980: ...APPENDIX A Software Specifications Management Information Bases 1980...

Страница 1981: ...connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting a...

Страница 1982: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1983: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1984: ...ded that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work th...

Страница 1985: ...am is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so lon...

Страница 1986: ...you may choose any version ever published by the Free Software Foundation 11 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write...

Страница 1987: ...TFTP server that contains the devices system files and the name of the boot file COS Class of Service is supported by prioritizing packets based on the required level of service and then placing them...

Страница 1988: ...of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues EAPOL Extensible Authentication Protocol over LAN EAPOL is a client authentication protocol u...

Страница 1989: ...otocol is a network layer protocol that reports errors in processing IP packets ICMP is also used by routers to feed back information about better routing choices IEEE 802 1D Specifies a general metho...

Страница 1990: ...ls in an simple tree that uses IGMP Proxy IGMP QUERY On each subnetwork one IGMP capable device will act as the querier that is the device that asks all hosts to report on the IP multicast groups they...

Страница 1991: ...han the MD4 algorithm which has been broken MD5 is a one way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest MIB Management Inf...

Страница 1992: ...ls such as RIP It includes features such as unlimited hop count authentication of routing updates and Variable Length Subnet Masks VLSM OUT OF BAND MANAGEMENT Management of the network from a station...

Страница 1993: ...et alarms on a variety of traffic conditions including specific error types RSTP Rapid Spanning Tree Protocol RSTP reduces the convergence time for network topology changes to about 10 of that require...

Страница 1994: ...hen TCP would be too complex too slow or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accur...

Страница 1995: ...ompany 894 banner configure dc power info 895 banner configure department 895 banner configure equipment info 896 banner configure equipment location 897 banner configure ip lan 897 banner configure l...

Страница 1996: ...914 D databits 925 default information originate 1734 default information originate 1753 default metric 1735 default metric 1759 default metric 1799 default router 1636 delete 917 delete public key 1...

Страница 1997: ...y server 1629 ip dhcp restart client 1627 ip dhcp restart relay 1630 ip dhcp snooping 1116 ip dhcp snooping database flash 1125 ip dhcp snooping information option 1118 ip dhcp snooping information op...

Страница 1998: ...old 1944 ip pim state refresh origination interval 1937 ip pim trigger hello delay 1934 ip prefix list 1838 ip proxy arp 1657 ip rip authentication mode 1742 ip rip authentication string 1743 ip rip r...

Страница 1999: ...im lan prune delay 1954 ipv6 pim max graft retries 1960 ipv6 pim override interval 1955 ipv6 pim propagation delay 1956 ipv6 pim register rate limit 1962 ipv6 pim register source 1963 ipv6 pim rp addr...

Страница 2000: ...6 mst vlan 1286 mvr 1479 mvr associated profile 1479 mvr domain 1480 mvr immediate leave 1486 mvr priority 1482 mvr profile 1481 mvr proxy query interval 1481 mvr proxy switching 1483 mvr robustness v...

Страница 2001: ...e interface 1811 password 928 password thresh 929 periodic 959 permit deny 1450 permit deny 1471 permit deny ARP ACL 1182 permit deny Extended IPv4 ACL 1166 permit deny Extended IPv6 ACL 1172 permit d...

Страница 2002: ...n source 1233 S server 1048 service dhcp 1634 service policy 1421 set aggregator as 1908 set as path 1909 set atomic aggregate 1910 set comm list delete 1910 set community 1911 set cos 1419 set extcom...

Страница 2003: ...ip dhcp snooping binding 1126 show ip extcommunity list 1895 show ip helper 1662 show ip host route 1726 show ip igmp authentication 1456 show ip igmp filter 1457 show ip igmp groups 1520 show ip igm...

Страница 2004: ...how mvr statistics 1494 show mvr6 1507 show mvr6 associated profile 1508 show mvr6 interface 1509 show mvr6 members 1510 show mvr6 profile 1511 show mvr6 statistics 1511 show network access 1107 show...

Страница 2005: ...8 spanning tree bpdu filter 1288 spanning tree bpdu guard 1289 spanning tree cost 1290 spanning tree edge port 1291 spanning tree forward time 1279 spanning tree hello time 1279 spanning tree link typ...

Страница 2006: ...threshold rx power 1207 transceiver threshold temperature 1208 transceiver threshold tx power 1209 transceiver threshold voltage 1210 transceiver threshold auto 1205 transceiver threshold monitor 1206...

Страница 2007: ...1172 IPv6 Standard 395 400 1170 1171 MAC 395 404 1176 time range 391 957 Address Resolution Protocol See ARP address table 263 1271 address count displaying 1275 aging time 267 1271 aging time display...

Страница 2008: ...1597 1599 fault verification 548 1561 link trace cache 581 1591 1593 1594 link trace message 548 550 569 1561 1590 1591 1592 loop back messages 548 550 571 1561 1595 maintenance association 548 560 15...

Страница 2009: ...licy to interface 339 1421 class map 326 1408 1412 class map description 1409 classifying QoS traffic 326 1410 color aware srTCM 334 1415 color aware trTCM 335 1417 color blind srTCM 334 1415 color bl...

Страница 2010: ...s displaying 543 1331 version 530 1325 wait to block timer 540 wait to restore timer 540 1326 WTB timer 540 WTR timer 540 1326 Ethernet Ring Protection Switching See ERPS event logging 454 933 excess...

Страница 2011: ...last member query count 625 1437 last member query interval 624 1437 proxy query address 625 1439 proxy query interval 624 1440 proxy query response interval 624 1441 proxy reporting 614 624 1428 quer...

Страница 2012: ...ls displaying 480 1560 device statistics displaying 478 1560 display device information 466 470 1557 displaying remote information 470 1557 interface attributes configuring 461 1543 1554 local device...

Страница 2013: ...ling 638 1461 query interval 639 1462 query maximum response time 639 1462 robustness value 639 1463 static port assignment 643 1466 static router port 641 1465 unknown multicast handling 639 1464 ver...

Страница 2014: ...re MAC information 377 1108 1109 NTP authentication keys specifying 169 948 setting the system clock 168 949 951 specifying servers 168 950 O OAM active mode 586 1607 displaying settings and status 58...

Страница 2015: ...ibutes 837 1928 1938 PIM DM 833 1927 configuring 833 1927 global configuration 835 837 840 1928 interface settings 837 1929 1936 neighbor routers 839 1936 PIM SM 833 840 1927 bootstrap router 842 1938...

Страница 2016: ...ocol tunnel layer 2 1363 protocol VLANs 251 1371 configuring 252 1371 configuring groups 252 1372 configuring interfaces 253 1373 group configuration 252 1372 interface configuration 253 1373 proxy AR...

Страница 2017: ...022 response to alarm setting 511 1019 statistics history collection 513 1020 statistics history displaying 515 1022 statistics collection 516 1021 statistics displaying 517 1023 root guard 284 1298 r...

Страница 2018: ...esses setting 265 1272 static routes configuring 753 1724 statistics ARP 753 1652 1728 history for port 196 1199 history for trunk 196 1199 ICMP 1652 1728 IP 1652 1728 port 192 1198 TCP 1652 1728 UDP...

Страница 2019: ...port members by interface range 235 displaying port members by VLAN index 234 dynamic assignment 373 1100 egress mode 231 1349 ingress filtering 232 1348 interface configuration 231 1346 1350 IP subne...

Страница 2020: ...ECS4660 28F E102013 ST R03 149100000140A...

Отзывы:

Нет отзывов