manualshive.com logo in svg

Edge-Core ECS4810-12M Layer 2, Руководство по управлению

Поделиться
Скачать
Edge-Core ECS4810-12M Layer 2 Скачать руководство пользователя страница 314

C

HAPTER

 14

  |  Security Measures

Configuring the Secure Shell

–  314  –

C

ONFIGURING

 

THE

 S

ECURE

 S

HELL

 

The Berkeley-standard includes remote access tools originally designed for 

Unix systems. Some of these tools have also been implemented for 

Microsoft Windows and other environments. These tools, including 

commands such as 

rlogin

 (remote login), 

rsh

 (remote shell), and 

rcp

 

(remote copy), are not secure from hostile attacks. 

The Secure Shell (SSH) includes server/client applications intended as a 

secure replacement for the older Berkeley remote access tools. SSH can 

also provide remote management access to this switch as a secure 

replacement for Telnet. When the client contacts the switch via the SSH 

protocol, the switch generates a public-key that the client uses along with a 

local user name and password for access authentication. SSH also encrypts 

all data transfers passing between the switch and SSH-enabled 

management station clients, and ensures that data traveling over the 

network arrives unaltered.

N

OTE

:

 You need to install an SSH client on the management station to 

access the switch for management via the SSH protocol.

N

OTE

:

 The switch supports both SSH Version 1.5 and 2.0 clients.

C

OMMAND

 U

SAGE

The SSH server on this switch supports both password and public key 

authentication. If password authentication is specified by the SSH client, 

then the password can be authenticated either locally or via a RADIUS or 

 remote authentication server, as specified on the System 

Authentication page (

page 281

). If public key authentication is specified by 

the client, then you must configure authentication keys on both the client 

and the switch as described in the following section. Note that regardless of 

whether you use public key or password authentication, you still have to 

generate authentication keys on the switch (SSH Host Key Settings) and 

enable the SSH server (Authentication Settings).

To use the SSH server, complete these steps:

1.

Generate a Host Key Pair

 – On the SSH Host Key Settings page, create 

a host public/private key pair. 

2.

Provide Host Public Key to Clients

 – Many SSH client programs 

automatically import the host public key during the initial connection 

setup with the switch. Otherwise, you need to manually create a known 

hosts file on the management station and place the host public key in 

it. An entry for a public key in the known hosts file would appear similar 

to the following example:

10.1.0.54 1024 35 
15684995401867669259333946775054617325313674890836547254 

15020245593199868544358361651999923329781766065830956 
10825913212890233 76546801726272571413428762941301196195566782 
59566410486957427888146206519417467729848654686157177393901647

Содержание ECS4810-12M Layer 2

Страница 1: ...Management Guide www edge core com ECS4810 12M Layer 2 Gigabit Ethernet Switch...

Страница 2: ......

Страница 3: ...MANAGEMENT GUIDE ECS4810 12M GIGABIT ETHERNET SWITCH Layer 2 Switch with 12 Gigabit Combination Ports RJ 45 SFP ECS4810 12M E072011 ST R01 149100000142A...

Страница 4: ......

Страница 5: ...our attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard that...

Страница 6: ...ABOUT THIS GUIDE 6...

Страница 7: ...itch 65 Configuration Options 65 Required Connections 66 Remote Connections 67 Basic Configuration 68 Console Connection 68 Setting Passwords 68 Setting an IP Address 69 Downloading a Configuration Fi...

Страница 8: ...s 112 Automatic Operation Code Upgrade 113 Setting the System Clock 117 Setting the Time Manually 117 Setting the SNTP Polling Interval 119 Specifying SNTP Time Servers 120 Setting the Time Zone 120 C...

Страница 9: ...ANs 175 Configuring VLAN Groups 178 Adding Static Members to VLANs 180 Configuring Dynamic VLAN Registration 185 Showing VLAN Statistics 188 IEEE 802 1Q Tunneling 189 Enabling QinQ Tunneling on the Sw...

Страница 10: ...3 4 Priority Settings 249 Setting Priority Processing to DSCP or CoS 250 Mapping Ingress DSCP Values to Internal DSCP Values 251 Mapping CoS Priorities to Internal DSCP Values 253 12 QUALITY OF SERVI...

Страница 11: ...rting User Public Keys 319 Access Control Lists 321 Setting A Time Range 322 Showing TCAM Utilization 325 Setting the ACL Name and Type 326 Configuring a Standard IPv4 ACL 328 Configuring an Extended...

Страница 12: ...ging 380 System Log Configuration 380 Remote Log Configuration 382 Sending Simple Mail Transfer Protocol Alerts 383 Link Layer Discovery Protocol 385 Setting LLDP Timing Attributes 385 Configuring LLD...

Страница 13: ...guring Remote Maintenance End Points 467 Transmitting Link Trace Messages 469 Transmitting Loop Back Messages 471 Transmitting Delay Measure Requests 473 Displaying Local MEPs 475 Displaying Details f...

Страница 14: ...st of Domain Names 522 Configuring a List of Name Servers 524 Configuring Static DNS Host to Address Entries 525 Displaying the DNS Cache 527 18 MULTICAST FILTERING 529 Overview 529 Layer 2 IGMP Snoop...

Страница 15: ...ds and Arguments 575 Minimum Abbreviation 575 Command Completion 575 Getting Help on Commands 576 Partial Keyword Lookup 577 Negating the Effect of Commands 578 Using Command History 578 Understanding...

Страница 16: ...ment location 601 banner configure ip lan 601 banner configure lp number 602 banner configure manager info 603 banner configure mux 603 banner configure note 604 show banner 605 System Status 605 show...

Страница 17: ...0 disconnect 631 show line 632 Event Logging 632 logging facility 633 logging history 634 logging host 635 logging on 635 logging trap 636 clear log 636 show log 637 show logging 638 SMTP Alerts 639 l...

Страница 18: ...655 show cluster 655 show cluster members 656 show cluster candidates 656 22 SNMP COMMANDS 657 snmp server 658 snmp server community 659 snmp server contact 659 snmp server location 660 show snmp 660...

Страница 19: ...estination 685 sflow max datagram size 686 sflow max header size 687 sflow owner 687 sflow sample 688 sflow source 688 sflow timeout 689 show sflow 689 25 AUTHENTICATION COMMANDS 691 User Accounts 691...

Страница 20: ...708 server 708 accounting dot1x 709 accounting exec 709 authorization exec 710 show accounting 710 Web Server 711 ip http port 712 ip http server 712 ip http secure port 713 ip http secure server 713...

Страница 21: ...period 733 dot1x timeout re authperiod 733 dot1x timeout supp timeout 734 dot1x timeout tx period 734 dot1x re authenticate 735 dot1x identity profile 736 dot1x max start 736 dot1x pae supplicant 737...

Страница 22: ...ac count 760 clear network access 761 show network access 761 show network access mac address table 762 show network access mac filter 763 Web Authentication 763 web auth login attempts 764 web auth q...

Страница 23: ...arp inspection vlan 787 ip arp inspection limit 788 ip arp inspection trust 789 show ip arp inspection configuration 790 show ip arp inspection interface 790 show ip arp inspection log 791 show ip ar...

Страница 24: ...814 28 INTERFACE COMMANDS 817 interface 818 alias 819 capabilities 820 description 821 flowcontrol 821 history 822 media type 823 negotiation 824 shutdown 824 speed duplex 825 switchport packet rate...

Страница 25: ...load balance 856 30 PORT MIRRORING COMMANDS 857 Local Port Mirroring Commands 857 port monitor 857 show port monitor 859 RSPAN Mirroring Commands 859 rspan source 861 rspan destination 862 rspan remo...

Страница 26: ...to traffic control 882 show auto traffic control interface 882 33 ADDRESS TABLE COMMANDS 885 mac address table aging time 885 mac address table static 886 clear mac address table dynamic 887 show mac...

Страница 27: ...port bpdu flooding 912 spanning tree port priority 912 spanning tree root guard 913 spanning tree spanning disabled 914 spanning tree loopback detection release 914 spanning tree protocol migration 91...

Страница 28: ...45 show vlan 945 Configuring IEEE 802 1Q Tunneling 946 dot1q tunnel system tunnel control 947 switchport dot1q tunnel mode 948 switchport dot1q tunnel service match cvid 949 switchport dot1q tunnel tp...

Страница 29: ...rity 969 switchport voice vlan rule 970 switchport voice vlan security 971 show voice vlan 971 37 CLASS OF SERVICE COMMANDS 973 Priority Commands Layer 2 973 queue mode 974 queue weight 975 switchport...

Страница 30: ...ert option check 1011 ip igmp snooping router port expire time 1012 ip igmp snooping tcn flood 1012 ip igmp snooping tcn query solicit 1014 ip igmp snooping unregistered data flood 1014 ip igmp snoopi...

Страница 31: ...ter Interface Configuration 1033 ip igmp max groups 1033 ip igmp max groups action 1034 show ip igmp filter 1035 show ip igmp profile 1035 show ip igmp throttle interface 1036 Multicast VLAN Registrat...

Страница 32: ...65 40 LLDP COMMANDS 1069 lldp 1071 lldp holdtime multiplier 1071 lldp med fast start count 1072 lldp notification interval 1072 lldp refresh interval 1073 lldp reinit delay 1073 lldp tx delay 1074 lld...

Страница 33: ...m ais suppress alarm 1098 ethernet cfm domain 1099 ethernet cfm enable 1101 ma index name 1102 ma index name format 1103 ethernet cfm mep 1104 ethernet cfm port enable 1105 clear ethernet cfm ais mpid...

Страница 34: ...time 1128 mep fault notify lowest priority 1129 mep fault notify reset time 1130 show ethernet cfm fault notify generator 1131 ethernet cfm delay measure two way 1132 42 OAM COMMANDS 1135 efm oam 113...

Страница 35: ...157 show ipv6 dhcp duid 1158 show ipv6 dhcp vlan 1159 45 IP INTERFACE COMMANDS 1161 IPv4 Interface 1161 Basic IPv4 Configuration 1162 ip address 1162 ip default gateway 1163 show ip default gateway 11...

Страница 36: ...nd reachable time 1191 clear ipv6 neighbors 1192 show ipv6 neighbors 1192 SECTION IV APPENDICES 1195 A SOFTWARE SPECIFICATIONS 1197 Software Features 1197 Management Features 1198 Standards 1199 Mana...

Страница 37: ...ervers 120 Figure 15 Setting the Time Zone 121 Figure 16 Console Port Settings 123 Figure 17 Telnet Connection Settings 125 Figure 18 Displaying CPU Utilization 126 Figure 19 Displaying Memory Utiliza...

Страница 38: ...a Port 159 Figure 48 Configuring LACP Parameters on a Port 159 Figure 49 Showing Members of a Dynamic Trunk 160 Figure 50 Configuring Connection Settings for Dynamic Trunks 160 Figure 51 Displaying Co...

Страница 39: ...Figure 85 Showing MAC Based VLANs 203 Figure 86 Configuring VLAN Mirroring 204 Figure 87 Showing the VLANs to Mirror 205 Figure 88 Configuring Static MAC Addresses 208 Figure 89 Displaying Static MAC...

Страница 40: ...and WRR 247 Figure 120 Mapping CoS Values to Egress Queues 249 Figure 121 Showing CoS Values to Egress Queue Mapping 249 Figure 122 Setting the Trust Mode 251 Figure 123 Configuring DSCP to DSCP Inte...

Страница 41: ...for Exec Service 295 Figure 156 Displaying the Applied AAA Authorization Method 295 Figure 157 Configuring User Accounts 297 Figure 158 Showing User Accounts 297 Figure 159 Configuring Global Setting...

Страница 42: ...re 194 Showing IP Addresses Authorized for Management Access 351 Figure 195 Configuring Port Security 353 Figure 196 Configuring Port Security 354 Figure 197 Configuring Global Settings for 802 1X Por...

Страница 43: ...IDs for SNMP 406 Figure 226 Creating an SNMP View 407 Figure 227 Showing SNMP Views 408 Figure 228 Adding an OID Subtree to an SNMP View 408 Figure 229 Showing the OID Subtree Configured for SNMP View...

Страница 44: ...ains 450 Figure 265 Configuring Global Settings for CFM 455 Figure 266 Configuring Interfaces for CFM 456 Figure 267 Configuring Maintenance Domains 460 Figure 268 Showing Maintenance Domains 460 Figu...

Страница 45: ...ng the IPv4 Address Configured for an Interface 503 Figure 301 Configuring the IPv6 Default Gateway 504 Figure 302 Configuring General Settings for an IPv6 Interface 507 Figure 303 Configuring an IPv6...

Страница 46: ...g the IGMP Filtering Profiles Created 553 Figure 335 Adding Multicast Groups to an IGMP Filtering Profile 553 Figure 336 Showing the Groups Assigned to an IGMP Filtering Profile 554 Figure 337 Configu...

Страница 47: ...ty Mapping 247 Table 15 CoS Priority Levels 247 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 248 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 252 Table 18 Defau...

Страница 48: ...le 47 System Status Commands 605 Table 48 Frame Size Commands 612 Table 49 Flash File Commands 613 Table 50 File Directory Information 619 Table 51 Line Commands 623 Table 52 Event Logging Commands 63...

Страница 49: ...y description 748 Table 84 Network Access Commands 750 Table 85 Dynamic QoS Profiles 753 Table 86 Web Authentication 764 Table 87 DHCP Snooping Commands 769 Table 88 IP Source Guard Commands 778 Table...

Страница 50: ...Table 122 Commands for Configuring Traffic Segmentation 956 Table 123 Protocol based VLAN Commands 958 Table 124 IP Subnet VLAN Commands 962 Table 125 MAC Based VLAN Commands 964 Table 126 Voice VLAN...

Страница 51: ...Commands 1093 Table 156 show ethernet cfm configuration traps display description 1107 Table 157 show ethernet cfm maintenance points local detail mep display 1111 Table 158 show ethernet cfm mainten...

Страница 52: ...BLES 52 Table 176 show ipv6 mtu display description 1182 Table 177 show ipv6 traffic display description 1184 Table 178 show ipv6 neighbors display description 1192 Table 179 Troubleshooting Chart 120...

Страница 53: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 54: ...SECTION I Getting Started 54...

Страница 55: ...password Telnet SSH Web HTTPS General Security Measures AAA ARP inspection DHCP Snooping with Option 82 relay information IP Source Guard Port Authentication IEEE 802 1X Port Security MAC address fil...

Страница 56: ...er names and passwords can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE Store and Forward S...

Страница 57: ...to detect the connection settings used by the attached device Use full duplex mode on ports whenever possible to double the throughput of switch connections Flow control should also be enabled to cont...

Страница 58: ...n this information The address table supports up to 16K addresses STORE AND FORWARD SWITCHING The switch copies each frame into its memory before forwarding them to another port This ensures that all...

Страница 59: ...or ports can be manually assigned to a specific set of VLANs This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned By segmenting your network into VLANs you c...

Страница 60: ...affic can be marked for different kinds of forwarding MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic an...

Страница 61: ...configuration file The following table lists some of the basic system defaults Table 2 System Defaults Function Parameter Default Console Port Connection Baud Rate 115200 bps Data bits 8 Stop bits 1...

Страница 62: ...ast Disabled Unknown Unicast Disabled OAM Status Disabled Address Table Aging Time 300 seconds Spanning Tree Algorithm Status Enabled RSTP Defaults RSTP standard Edge Ports Disabled ERPS Status Disabl...

Страница 63: ...IGMP Snooping Layer 2 Snooping Enabled Querier Disabled Multicast VLAN Registration Disabled IGMP Proxy Reporting Enabled System Log Status Enabled Messages Logged to RAM Levels 0 7 all Messages Logge...

Страница 64: ...CHAPTER 1 Introduction System Defaults 64...

Страница 65: ...rd web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to the...

Страница 66: ...ch provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatib...

Страница 67: ...r SSH sessions After configuring the switch s IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed...

Страница 68: ...ation procedure starts 2 At the User Name prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened and the C...

Страница 69: ...fix received in router advertisement messages An IPv6 link local address for use in a local network can also be dynamically generated as described in Obtaining an IPv6 Address on page 73 The current s...

Страница 70: ...address An IPv6 prefix or address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the a...

Страница 71: ...works that encompass several different subnets you must define the full address including a network prefix and the host address for the switch You can specify either the full IPv6 address or the IPv6...

Страница 72: ...how ipv6 default gateway ipv6 default gateway 2001 DB8 2222 7272 254 Console DYNAMIC CONFIGURATION Obtaining an IPv4 Address If you select the bootp or dhcp option the system will immediately start br...

Страница 73: ...onfig Enter the startup file name and press Enter Console config interface vlan 1 Console config if ip address dhcp Console config if end Console show ip interface VLAN 1 is Administrative Up Link Up...

Страница 74: ...ate a unique host address based on the local subnet address prefix received in router advertisement messages DHCP for IPv6 will also be supported in future software releases To dynamically generate an...

Страница 75: ...receives information that allows it to download the remote bootup file it will save this file to a local buffer and then restart the provision process Note the following DHCP client behavior The boot...

Страница 76: ...ne section if the DHCP request packet s vendor class identifier matches that specified in this file the server will send Option 43 encapsulating Option 66 and 67 in the DHCP reply packet In the Vendor...

Страница 77: ...nfigured to accept management commands from Simple Network Management Protocol SNMP applications such as Edge Core ECView Pro You can configure the switch to respond to SNMP requests or generate SNMP...

Страница 78: ...d mode is rw read write or ro read only Press Enter Note that the default mode is read only 2 To remove an existing string simply type no snmp server community string where string is the community acc...

Страница 79: ...he password greenpeace for authentication and the password einstien for encryption Console config snmp server view mib 2 1 3 6 1 2 1 included Console config snmp server view 802 1d 1 3 6 1 2 1 17 incl...

Страница 80: ...the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directly to the...

Страница 81: ...e to FLASH finish Success Console To restore configuration settings from a backup server enter the following command 1 From the Privileged Exec mode prompt type copy tftp startup config and press Ente...

Страница 82: ...CHAPTER 2 Initial Switch Configuration Managing System Files 82...

Страница 83: ...Interface Configuration on page 131 VLAN Configuration on page 175 Address Table Settings on page 207 Spanning Tree Algorithm on page 215 Rate Limit Configuration on page 239 Storm Control Configurat...

Страница 84: ...SECTION II Web Configuration 84...

Страница 85: ...s on page 69 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See S...

Страница 86: ...word The administrator has Read Write access to all configuration parameters and statistics The default user name and password for the administrator is admin HOME PAGE When your web browser connects w...

Страница 87: ...switch s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Figure...

Страница 88: ...ort for jumbo frames shows the bridge extension parameters 106 107 File 109 Copy Allows the transfer and copying files 109 Set Startup Sets the startup file 112 Show Shows the files stored in flash me...

Страница 89: ...embers for the selected trunk 153 Configure General 153 Configure Configures trunk connection settings 153 Show Information Displays trunk connection settings 153 Dynamic 156 Configure Aggregator Conf...

Страница 90: ...unknown VLAN groups to pass through the specified interface 173 VLAN Virtual LAN 175 Static Add Creates VLAN groups 178 Show Displays configured VLAN groups 178 Modify Configures group name and admin...

Страница 91: ...learned entries 209 Show Dynamic MAC Displays dynamic entries in the address table 210 Clear Dynamic MAC Removes any learned entries from the forwarding database and clears the transmit and receive c...

Страница 92: ...ocessing 250 DSCP to DSCP 251 Configure Maps DSCP values in incoming packets to per hop behavior and drop precedence values for internal priority processing 251 Show Shows the DSCP to DSCP mapping lis...

Страница 93: ...Configure Server Configures RADIUS and TACACS server message exchange settings 282 Configure Group 282 Add Specifies a group of authentication servers and sets the priority sequence 282 Show Shows th...

Страница 94: ...cation on a port sets the maximum number of address that can be authenticated the guest VLAN dynamic VLAN and dynamic QoS 304 Link Detection Configures detection of changes in link status and the resp...

Страница 95: ...how Statistics Displays statistics on the inspection process 347 Show Log Shows the inspection log list 348 IP Filter 349 Add Sets IP addresses of clients allowed management access via the web SNMP an...

Страница 96: ...n about a remote device connected to this switch 393 Show Device Statistics 399 General Displays statistics for all connected remote devices 399 Port Trunk Displays statistics for remote devices on a...

Страница 97: ...ed alarms 424 Event Shows all configured events 427 Configure Interface Add History Periodically samples statistics on a physical interface 429 Statistics Enables collection of statistics on a physica...

Страница 98: ...ed maintenance associations 461 Configure MEP Configures Maintenance End Points 466 Add Configures MEPs at the domain boundary to provide management access for each maintenance association 466 Show Sh...

Страница 99: ...on Protocol 496 Configure General Sets the protocol timeout and enables or disables proxy ARP for the specified VLAN 497 Show Information Shows dynamically learned entries in the IP routing table 498...

Страница 100: ...information 376 Multicast 529 IGMP Snooping 530 General Enables multicast filtering configures parameters for multicast snooping 532 Multicast Router 536 Add Static Multicast Router Assigns ports that...

Страница 101: ...ty and upstream source IP 557 Configure Profile 558 Add Configures multicast stream addresses 558 Show Shows multicast stream addresses 558 Associate Profile 558 Add Maps an address profile to a domai...

Страница 102: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 102...

Страница 103: ...up files Setting the System Clock Sets the current time manually or through specified SNTP servers Configuring The Console Port Sets console port connection parameters Configuring Telnet Settings Set...

Страница 104: ...ubsystem System Up Time Length of time the management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator respon...

Страница 105: ...layed Main Board Information Serial Number The serial number of the switch Number of Ports Number of built in ports Hardware Version Hardware version of the main board Internal Power Status Displays t...

Страница 106: ...hat run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields CLI REFERENCES System Management Commands on page 595 USAGE...

Страница 107: ...ers are displayed Extended Multicast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes...

Страница 108: ...maximum number of VLANs supported on this switch Max Supported VLAN ID The maximum configurable VLAN identifier supported on this switch GMRP GARP Multicast Registration Protocol GMRP allows network d...

Страница 109: ...p file CLI REFERENCES copy on page 615 PARAMETERS The following parameters are displayed Copy Type The firmware copy operation includes these options FTP Upgrade Copies a file from an FTP server to th...

Страница 110: ...ACE To copy firmware files 1 Click System then File 2 Select Copy from the Action list 3 Select FTP Upgrade HTTP Upgrade or TFTP Upgrade as the file transfer method 4 If FTP or TFTP Upgrade is used en...

Страница 111: ...onfig Copies the current configuration settings to a local file on the switch Destination File Name Copy to the currently designated startup file or to a new file The file name should not contain slas...

Страница 112: ...ERFACE To set a file to use for system initialization 1 Click System then File 2 Select Set Start Up from the Action list 3 Mark the operation code or configuration file to be used at startup 4 Then c...

Страница 113: ...auto on page 620 upgrade opcode path on page 621 USAGE GUIDELINES If this feature is enabled the switch searches the defined URL once during the bootup sequence FTP port 21 and TFTP port 69 are both...

Страница 114: ...g equal A notable exception in the list of case sensitive Unix like operating systems is Mac OS X which by default is case insensitive Please check the documentation for your server s operating system...

Страница 115: ...he host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL ftp username password host filedir ftp Defin...

Страница 116: ...password and file location options presented ftp 192 168 0 1 The user name and password are empty so anonymous will be the user name and the password will be blank The image file is in the FTP root di...

Страница 117: ...clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also ma...

Страница 118: ...nds Sets the second value Range 0 59 Default 0 Month Sets the month Range 1 12 Default 1 Day Sets the day of the month Range 1 31 Default 1 Year Sets the year Range 2001 2100 Default 2009 WEB INTERFAC...

Страница 119: ...rameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time update from a time server Range 16 16384 second...

Страница 120: ...ime 2 Select Configure Time Server from the Action list 3 Enter the IP address of up to three time servers 4 Click Apply Figure 14 Specifying SNTP Time Servers SETTING THE TIME ZONE Use the System Tim...

Страница 121: ...nge 1 29 characters Hours 0 13 The number of hours before after UTC The maximum value before UTC is 12 The maximum value after UTC is 13 Minutes 0 59 The number of minutes before after UTC WEB INTERFA...

Страница 122: ...Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes s...

Страница 123: ...to the console connection see login on page 625 You can select authentication by a single global password as configured for the password command or by passwords set up for specific user name accounts...

Страница 124: ...Range 0 8 A maximum of eight sessions can be concurrently opened for Telnet and Secure Shell i e both Telnet and SSH share a maximum number or eight sessions Login Timeout Sets the interval that the s...

Страница 125: ...the switch WEB INTERFACE To configure parameters for the console port 1 Click System then Telnet 2 Specify the connection parameters as required 3 Click Apply Figure 17 Telnet Connection Settings DISP...

Страница 126: ...soon as a new setting is selected Figure 18 Displaying CPU Utilization DISPLAYING MEMORY UTILIZATION Use the System Memory Status page to display memory utilization parameters CLI REFERENCES show mem...

Страница 127: ...e system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command See co...

Страница 128: ...0 59 Regularly Specifies a periodic interval at which to reload the switch Time HH The hour at which to reload Range 0 23 MM The minute at which to reload Range 0 59 Period Daily Every day Weekly Day...

Страница 129: ...CHAPTER 4 Basic Management Tasks Resetting the System 129 Figure 20 Restarting the Switch Immediately Figure 21 Restarting the Switch In...

Страница 130: ...CHAPTER 4 Basic Management Tasks Resetting the System 130 Figure 22 Restarting the Switch At Figure 23 Restarting the Switch Regularly...

Страница 131: ...atistics in table or chart form Displaying Statistical History Displays statistical history for the specified interfaces Displaying Transceiver Data Displays identifying information and functional par...

Страница 132: ...the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or trunk If not us...

Страница 133: ...tion 1000f Gigabit ports only Supports 1000 Mbps full duplex operation Sym Gigabit only Check this item to transmit and receive pause frames FC Flow control can eliminate frame loss by blocking traffi...

Страница 134: ...nge page to enable disable an interface set auto negotiation and the interface capabilities to advertise or manually fix the speed duplex mode and flow control For more information on command usage an...

Страница 135: ...ese parameters are displayed Port Port identifier Type Indicates the port type 100Base SFP 1000Base T 1000Base SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indic...

Страница 136: ...re 27 Configuring Local Port Mirroring CLI REFERENCES Local Port Mirroring Commands on page 857 COMMAND USAGE Traffic can be mirrored from one or more source ports to a destination port on the same sw...

Страница 137: ...AC address the matching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed Source Port The port whose traffic will be monitored Target Port...

Страница 138: ...ion over a user specified VLAN dedicated to that RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSPAN VLAN through IEEE 802 1Q trunk or hybri...

Страница 139: ...the mirror session the switch s role Destination the destination port1 whether or not the traffic exiting this port will be tagged or untagged and the RSPAN VLAN Then specify each uplink port where t...

Страница 140: ...itch Role Specifies the role this switch performs in mirroring traffic None This switch will not participate in RSPAN Source Specifies this device as the source of remotely mirrored traffic Intermedia...

Страница 141: ...he same switch per session but a destination port can be configured on more than one switch for the same session Also note that a destination port can still send and receive switched traffic and parti...

Страница 142: ...ON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port...

Страница 143: ...ible reason for discarding such a packet could be to free up buffer space Received Multicast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a m...

Страница 144: ...alignment error Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error Collision...

Страница 145: ...34 Showing Port Statistics Table Utilization Statistics Input Octets per second Number of octets entering this interface per second Input Packets per second Number of packets entering this interface p...

Страница 146: ...to display Figure 35 Showing Port Statistics Chart DISPLAYING STATISTICAL HISTORY Use the Interface Port History or Interface Trunk History page to display statistical history for the specified inter...

Страница 147: ...Port Port number Range 1 12 Name Name of sample interval Options 15min 1day or any other entry configured through the command line interface WEB INTERFACE To show the parameters to display for statis...

Страница 148: ...rameters for optical transceivers CLI REFERENCES show interfaces transceiver on page 840 transceiver threshold rx power on page 828 COMMAND USAGE The switch can display diagnostic information for SFP...

Страница 149: ...would continuously trigger event messages if the power level were to fluctuate just above and below either the high threshold or the low threshold Trap messages configured by this command are sent to...

Страница 150: ...E To display identifying information and functional parameters for optical transceivers 1 Click Interface Port Transceiver 2 Select a port from the scroll down list 3 Adjust the alarm or warning thres...

Страница 151: ...twisted pair media This cable test is only accurate for cables 7 140 meters long The test takes approximately 5 seconds The switch displays the results of the test immediately upon completion includin...

Страница 152: ...is section describes how to configure static and dynamic trunks You can create multiple links between devices that work as one virtual aggregate link A port trunk offers a dramatic increase in bandwid...

Страница 153: ...rt trunks before you connect the corresponding network cables between switches to avoid creating a loop You can create up to 12 trunks on a switch with up to eight ports per trunk The ports at both en...

Страница 154: ...he configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface PARAMETERS These parameters are displayed Trunk ID T...

Страница 155: ...port for an additional trunk member 6 Click Apply Figure 42 Adding Static Trunks Members To configure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure General...

Страница 156: ...Configuring Dynamic Trunks CLI REFERENCES Link Aggregation Commands on page 845 COMMAND USAGE To avoid creating a loop in the network be sure you enable LACP before connecting the ports and also disc...

Страница 157: ...ic link aggregation group LAG during local LACP setup on the switch Range 0 65535 Configure Aggregation Port General Port Port identifier Range 1 12 LACP Status Enables or disables LACP on a port Conf...

Страница 158: ...device The command attributes have the same meaning as those used for the port actor WEB INTERFACE To configure the admin key for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Ag...

Страница 159: ...o configure LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Partner 5...

Страница 160: ...gure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Trunk from the Step List 3 Select Configure from the Action List 4 Modify the required interface setti...

Страница 161: ...f valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group...

Страница 162: ...ation Internal page to display the configuration settings and operational state for the local side of a link aggregation CLI REFERENCES show lacp on page 853 PARAMETERS These parameters are displayed...

Страница 163: ...his link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The Syst...

Страница 164: ...FOR THE REMOTE SIDE Use the Interface Trunk Dynamic Configure Aggregation Port Show Information Neighbors page to display the configuration settings and operational state for the remote side of a lin...

Страница 165: ...o this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this...

Страница 166: ...r switch to switch trunk links where traffic through the switch is destined for many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same...

Страница 167: ...urce MAC address WEB INTERFACE To display the load distribution method used by ports in aggregated links 1 Click Interface Trunk Load Balance 2 Select the required method from the Load Balance Mode li...

Страница 168: ...onnections typically operate with enough power to support at least 100 meters of cable even though average network cable length is shorter When cable length is shorter power consumption can be reduced...

Страница 169: ...ports from the uplink ports assigned to other clients or to forward traffic through the uplink ports used by other clients allowing different clients to share access to their uplink ports where secur...

Страница 170: ...plink ports assigned to different sessions WEB INTERFACE To enable traffic segmentation 1 Click Interface Traffic Segmentation 2 Select Configure Global from the Step list 3 Mark the Status check box...

Страница 171: ...session A downlink port can only communicate with an uplink port in the same session Therefore if an uplink port is not configured for a session the assigned downlink ports will not be able to communi...

Страница 172: ...n 2 Select Configure Session from the Step list 3 Select Add from the Action list 4 Enter the session ID set the direction to uplink or downlink and select the interface to add 5 Click Apply Figure 58...

Страница 173: ...e intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN groups in switches A and B Switches C D and E automatically allow frames with VLAN group tags 1 a...

Страница 174: ...ange 1 12 Trunk Trunk Identifier Range 1 12 VLAN Trunking Status Enables VLAN trunking on the selected interface WEB INTERFACE To enable VLAN trunking on a port or trunk 1 Click Interface VLAN Trunkin...

Страница 175: ...each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffi...

Страница 176: ...a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other V...

Страница 177: ...assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join When t...

Страница 178: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Страница 179: ...ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows if RSPAN is enabled on this VLAN see Configuring Remote Port Mirroring on page 138 WE...

Страница 180: ...howing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a range of interfaces Use the menus for editing port memb...

Страница 181: ...nk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the p...

Страница 182: ...ort will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is fo...

Страница 183: ...re static members by the VLAN index 1 Click VLAN Static 2 Select Edit Member by VLAN from the Action list 3 Set the Interface type to display as Port or Trunk 4 Modify the settings for any interface a...

Страница 184: ...LAN Members by Interface To configure static members by interface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port or...

Страница 185: ...ssued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Default Disabled Config...

Страница 186: ...terval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group Range 500 18000 centiseconds Default 1000 Show Dynamic VLAN Show VLAN...

Страница 187: ...3 Set the Interface type to display as Port or Trunk 4 Modify the GVRP status or timers for any interface 5 Click Apply Figure 71 Configuring GVRP for an Interface To show the dynamic VLAN joined by t...

Страница 188: ...umber of octets and packets received All values displayed have been accumulated since the last system reboot and are shown as counts per second Statistics are refreshed every 60 seconds by default CLI...

Страница 189: ...AN for customers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer s...

Страница 190: ...constructs and inserts the outer tag SPVLAN into the packet based on the default VLAN ID and Tag Protocol Identifier TPID that is the ether type of the tag This outer tag is used for learning and swi...

Страница 191: ...led 3 If the ether type of an incoming packet single or double tagged is equal to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the inc...

Страница 192: ...3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tun...

Страница 193: ...hexadecimal 0800 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 et...

Страница 194: ...ccess port if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Acces...

Страница 195: ...guration deprives users of the basic benefits of VLANs including security and easy accessibility To avoid these problems you can configure this switch with protocol based VLANs that divide the physica...

Страница 196: ...rame type used by this protocol Protocol Type Specifies the protocol type to match The available options are IP ARP RARP and IPv6 If LLC Other is chosen for the Frame Type the only available Protocol...

Страница 197: ...rom the Action list 4 Select an entry from the Frame Type list 5 Select an entry from the Protocol Type list 6 Enter an identifier for the protocol group 7 Click Apply Figure 78 Configuring Protocol V...

Страница 198: ...e associated VLAN When a frame enters a port that has been assigned to a protocol VLAN it is processed in the following manner If the frame is tagged it will be processed according to the standard rul...

Страница 199: ...lect a port or trunk 5 Enter the identifier for a protocol group 6 Enter the corresponding VLAN to which the protocol traffic will be forwarded 7 Click Apply Figure 80 Assigning Interfaces to Protocol...

Страница 200: ...to only one VLAN ID An IP subnet consists of an IP address and a mask When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLAN mapping table and if a...

Страница 201: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 202: ...MAC addresses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLA...

Страница 203: ...e VLANs to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source VLAN s in a completely unobtrusive manne...

Страница 204: ...t cannot be set to the same target ports as that used for port mirroring see Configuring Local Port Mirroring on page 136 When traffic matches the rules for both port mirroring and for mirroring of VL...

Страница 205: ...CHAPTER 6 VLAN Configuration Configuring VLAN Mirroring 205 To show the VLANs to be mirrored 1 Click VLAN Mirror 2 Select Show from the Action list Figure 87 Showing the VLANs to Mirror...

Страница 206: ...CHAPTER 6 VLAN Configuration Configuring VLAN Mirroring 206...

Страница 207: ...C addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another...

Страница 208: ...us Sets the time to retain the specified address Delete on reset Assignment lasts until the switch is reset Permanent Assignment is permanent This is the default WEB INTERFACE To configure a static MA...

Страница 209: ...set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned forwarding information CLI REFERENCES mac address table aging time on page 885 PARAMET...

Страница 210: ...source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated...

Страница 211: ...or Interface 5 Click Query Figure 91 Displaying the Dynamic MAC Address Table CLEARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from...

Страница 212: ...port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner CLI REFERENCES Loca...

Страница 213: ...matching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed Source MAC MAC address in the form of xx xx xx xx xx xx or xxxxxxxxxxxx Target P...

Страница 214: ...ress Table Settings Configuring MAC Address Mirroring 214 To show the MAC addresses to be mirrored 1 Click MAC Address Mirror 2 Select Show from the Action list Figure 94 Showing the Source MAC Addres...

Страница 215: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 216: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 217: ...cations with STP or RSTP nodes in the global network Figure 97 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a single Common...

Страница 218: ...eceive it s own BPDUs in a forward delay interval NOTE If loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Sta...

Страница 219: ...MAND USAGE Spanning Tree Protocol2 Uses RSTP for the internal state machine but sends only 802 1D BPDUs This creates one spanning tree instance for the entire network If multiple VLANs are implemented...

Страница 220: ...stances A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree i...

Страница 221: ...ubset of RSTP to implement STP and also apply to MSTP which is based on RSTP according to the standard Path Cost Method The path cost is used to determine the best path between devices The path cost m...

Страница 222: ...x Message Age 2 1 Maximum 30 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Configuration Digest An MD5 signature key th...

Страница 223: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 223 Figure 99 Configuring Global Settings for STA STP Figure 100 Configuring Global Settings for STA RSTP...

Страница 224: ...ning tree on page 916 show spanning tree mst configuration on page 918 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique iden...

Страница 225: ...CE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 102 Displaying Global Settings for STA CO...

Страница 226: ...loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter is used by...

Страница 227: ...arding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to r...

Страница 228: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Страница 229: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Страница 230: ...the designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning...

Страница 231: ...Step list 3 Select Show Information from the Action list Figure 105 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 232: ...bridges within the same MSTI Region page 219 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Страница 233: ...lect Configure Global from the Step list 3 Select Add from the Action list 4 Specify the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP...

Страница 234: ...from the Step list 3 Select Show from the Action list Figure 107 Displaying MST Instances To modify the priority for an MST instance 1 Click Spanning Tree MSTP 2 Select Configure Global from the Step...

Страница 235: ...isplaying Global Settings for STA on page 224 Figure 109 Displaying Global Settings for an MST Instance To add additional VLAN groups to an MSTP instance 1 Click Spanning Tree MSTP 2 Select Configure...

Страница 236: ...mands on page 891 PARAMETERS These parameters are displayed MST ID Instance identifier to configure Default 0 Interface Displays a list of ports or trunks STA Status Displays the current state of this...

Страница 237: ...media and higher values assigned to ports with slower media Path cost takes precedence over port priority Note that when the Path Cost Method is set to short page 3 63 the maximum path cost is 65 535...

Страница 238: ...Interface Settings for MSTP 238 To display MSTP parameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Show Information from the Action list...

Страница 239: ...Rate limiting can be applied to individual ports When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dro...

Страница 240: ...on 240 WEB INTERFACE To configure rate limits 1 Click Traffic Rate Limit 2 Enable the Rate Limit Status for the required ports or trunks 3 Set the rate limit for the individual ports 4 Click Apply Fig...

Страница 241: ...rate falls back down beneath the threshold Traffic storms can be controlled at the hardware level using this command or at the software level using automatic storm control which triggers various cont...

Страница 242: ...s or disables storm control Default Enabled for broadcast storm control disabled for multicast and unknown unicast storm control Rate Threshold level as a rate i e kilobits per second Range 64 1000000...

Страница 243: ...ocessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Страница 244: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 116 Setting the Default Port Priority...

Страница 245: ...ications assigned a specific priority value Service time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted...

Страница 246: ...gure the queue mode 1 Click Traffic Priority Queue 2 Set the queue mode 3 If the weighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combinatio...

Страница 247: ...and weighted queuing Up to eight separate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in Table...

Страница 248: ...queue WEB INTERFACE To map internal PHB to hardware queues 1 Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Select a port 4 Map an internal PHB to a hardware queue Depe...

Страница 249: ...ffic to meet application requirements Traffic priorities can be specified in the IP header of a frame using the priority bits in the Type of Service ToS octet or the number of the TCP UDP port If prio...

Страница 250: ...os map trust mode on page 982 COMMAND USAGE If the QoS mapping mode is set to DSCP and the ingress packet type is IPv4 then priority processing will be based on the DSCP value in the ingress packet If...

Страница 251: ...non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding CLI REFERENCES qos m...

Страница 252: ...ect a port 4 Set the PHB and drop precedence for any DSCP value 5 Click Apply Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values ingress dscp1 ingress dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0...

Страница 253: ...ure 124 Showing DSCP to DSCP Internal Mapping MAPPING COS PRIORITIES TO INTERNAL DSCP VALUES Use the Traffic Priority CoS to DSCP page to maps CoS CFI values in incoming packets to per hop behavior an...

Страница 254: ...ports and 72 packets on Gigabit Ethernet ports and then starts dropping any packets regardless of color when the buffer fills up to 58 packets on Fast Ethernet ports and 80 packets on Gigabit Etherne...

Страница 255: ...Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any of the CoS CFI combinations 5 Click Apply Figure 125 Configuring CoS to DSCP Internal Mapping To show the CoS C...

Страница 256: ...CHAPTER 11 Class of Service Layer 3 4 Priority Settings 256...

Страница 257: ...ies different kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to pa...

Страница 258: ...e configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to...

Страница 259: ...d including standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP value contained in an IPv6 packet Range 0 63 VLAN...

Страница 260: ...128 Showing Class Maps To edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5...

Страница 261: ...a Class Map 261 Figure 129 Adding Rules to a Class Map To show the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Show Rule from the Action list Fi...

Страница 262: ...nforming traffic Policing is based on a token bucket where bucket depth that is the maximum burst before the bucket overflows is specified by the burst field BC and the average rate tokens are removed...

Страница 263: ...remented by B down to the minimum value of 0 else if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremente...

Страница 264: ...t stream so that each packet is either green yellow or red The marker re colors an IP packet according to the results of the meter The color is coded in the DS field RFC 2474 of the packet The behavio...

Страница 265: ...c interface by a service policy page 271 to take effect PARAMETERS These parameters are displayed Add Policy Name Name of policy map Range 1 16 characters Description A brief description of a policy m...

Страница 266: ...nge 64 10000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower The rate cannot exceed the configured interface speed Committed Burst Size BC Burst in bytes Range 4000 160000...

Страница 267: ...bytes The burst size cannot exceed 16 Mbytes Conform Specifies that traffic conforming to the maximum rate CIR will be transmitted without any change to the DSCP service level Transmit Transmits in c...

Страница 268: ...4 1000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower The rate cannot exceed the configured interface speed Committed Burst Size BC Burst in bytes Range 4000 16000000 at...

Страница 269: ...DiffServ 2 Select Configure Policy from the Step list 3 Select Add from the Action list 4 Enter a policy name 5 Enter a description 6 Click Add Figure 131 Configuring a Policy Map To show the configur...

Страница 270: ...behavior for matching packets to specify the quality of service to be assigned to the matching traffic class Use one of the metering options to define parameters such as the maximum throughput and bur...

Страница 271: ...Configure Interface page to bind a policy map to a port CLI REFERENCES Quality of Service Commands on page 987 COMMAND USAGE First define a class map define a policy map and then bind the service pol...

Страница 272: ...ervice Attaching a Policy Map to a Port 272 3 Check the box under the Ingress field to enable a policy map for a port 4 Select a policy map from the scroll down box 5 Click Apply Figure 135 Attaching...

Страница 273: ...isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth it needs VLAN isolation...

Страница 274: ...traffic on switch ports Default Disabled Voice VLAN Sets the Voice VLAN ID for the network Only one Voice VLAN is supported and it must already be created on the switch Range 1 4093 Voice VLAN Aging T...

Страница 275: ...re CLI REFERENCES Configuring Voice VLANs on page 966 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45...

Страница 276: ...raffic VoIP 2 Select Configure OUI from the Step list 3 Select Show from the Action list Figure 138 Showing an OUI Telephony List CONFIGURING VOIP TRAFFIC PORTS Use the Traffic VoIP Configure Interfac...

Страница 277: ...VoIP packets received on the port that are tagged with the voice VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP dev...

Страница 278: ...s 278 WEB INTERFACE To configure VoIP traffic settings for a port 1 Click Traffic VoIP 2 Select Configure Interface from the Step list 3 Configure any required changes to the VoIP settings each port 4...

Страница 279: ...are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure web connection SSH Provide a sec...

Страница 280: ...ers in the network The security servers can be defined as sequential groups that are applied as a method for controlling user access to specified services For example when the switch attempts to authe...

Страница 281: ...e on page 694 COMMAND USAGE By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the...

Страница 282: ...e logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of...

Страница 283: ...gest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security PARAMETERS These parameters are displayed Configure Server RADIUS Global Provides globally applicable RADIUS settings Serv...

Страница 284: ...erver used for authentication messages Range 1 65535 Default 49 Authentication Timeout The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 6...

Страница 285: ...ACS authentication 1 Click Security AAA Server 2 Select Configure Server from the Step list 3 Select RADIUS or TACACS server type 4 Select Global to specify the parameters that apply globally to all s...

Страница 286: ...TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server...

Страница 287: ...to display the configured accounting methods the methods applied to specific interfaces and basic accounting information recorded for user sessions CLI REFERENCES AAA on page 704 COMMAND USAGE AAA aut...

Страница 288: ...ication on page 281 Any other group name refers to a server group configured on the Security AAA Server Configure Group page Configure Service Accounting Type Specifies the service as 802 1X Command o...

Страница 289: ...Displays the receive port number through which this user accessed the switch Time Elapsed Displays the length of time this entry has been active WEB INTERFACE To configure global settings for AAA acc...

Страница 290: ...elect Add from the Action list 4 Select the accounting type 802 1X Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 147 Configuring AAA Accounting Methods To...

Страница 291: ...fic privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3 Select the accounting type 802 1X Exec 4 Enter the requ...

Страница 292: ...information and statistics recorded for user sessions 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Statistics Figure 152 Displaying Statistics for AAA Accountin...

Страница 293: ...me tacacs specifies all configured TACACS hosts see Configuring Local Remote Logon Authentication on page 281 Any other group name refers to a server group configured on the TACACS Group Settings page...

Страница 294: ...nd server group name 4 Click Apply Figure 153 Configuring AAA Authorization Methods To show the authorization method applied to the EXEC service type and the assigned server group 1 Click Security AAA...

Страница 295: ...zation Method CONFIGURING USER ACCOUNTS Use the Security User Accounts page to control management access to the switch based on manually configured user names and passwords CLI REFERENCES User Account...

Страница 296: ...crypted password Encrypted Password Encrypted password The encrypted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration fil...

Страница 297: ...on are infeasible or impractical The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP...

Страница 298: ...e enabled for any port where required under the Configure Interface menu Session Timeout Configures how long an authenticated session stays active before it must re authenticate itself Range 300 3600...

Страница 299: ...s for the port Host IP Address Indicates the IP address of each connected host Remaining Session Time Indicates the remaining time until the current authorization session for the host expires Apply En...

Страница 300: ...work properly See Configuring Remote Logon Authentication Servers on page 282 NOTE MAC authentication cannot be configured on trunk ports CLI REFERENCES Network Access MAC Address Authentication on pa...

Страница 301: ...the RADIUS server Tunnel Type VLAN Tunnel Medium Type 802 Tunnel Private Group ID 1u 2t VLAN ID list The VLAN identifier list is carried in the RADIUS Tunnel Private Group ID attribute The VLAN list...

Страница 302: ...ion result remains unchanged The Filter ID attribute cannot be found to carry the user profile The Filter ID attribute is empty The Filter ID attribute format for dynamic QoS assignment is unrecogniza...

Страница 303: ...ddresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authentication as described on page 356 Authenticated MAC addresses are stored as dynamic e...

Страница 304: ...number of MAC addresses that can be authenticated on a port via MAC authentication that is the Network Access process described in this section Range 1 1024 Default 1024 Network Access Max MAC Count5...

Страница 305: ...assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses mapped to that port are cleared from the secure MAC address table Dynami...

Страница 306: ...RS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condition The link event type which will trigger the port action Link up Onl...

Страница 307: ...age to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port...

Страница 308: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Страница 309: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Страница 310: ...CES Web Server on page 711 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Страница 311: ...S using an IPv6 link local address PARAMETERS These parameters are displayed HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the U...

Страница 312: ...ain a unique certificate and a private key and password from a recognized certification authority CAUTION For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the...

Страница 313: ...g the certificate to the switch Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not...

Страница 314: ...ts both password and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authenti...

Страница 315: ...Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Setti...

Страница 316: ...eed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whet...

Страница 317: ...s the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Server Key Size Specifie...

Страница 318: ...y pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch an...

Страница 319: ...Click Clear Figure 171 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be st...

Страница 320: ...a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version...

Страница 321: ...4 protocol port number or TCP control code IPv6 frames based on address DSCP or next header type or any frames based on MAC address or Ethernet type To filter incoming packets first create an access l...

Страница 322: ...he result of a MAC ACL on the same packet is to deny it the packet will be denied because the decision to deny a packet has a higher priority for security reasons A packet will also be denied if the I...

Страница 323: ...etting the Name of a Time Range To show a list of time ranges 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Show from the Action list Figure 175 Showing a List of Time...

Страница 324: ...for the selected mode 7 Click Apply Figure 176 Add a Rule to a Time Range To show the rules configured for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select...

Страница 325: ...or traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when setting an IP Source Guard filter rule for a port the system will also use two PCEs PARAMETERS These p...

Страница 326: ...ed on the source IPv4 address IP Extended IPv4 ACL mode filters packets based on the source or destination IPv4 address as well as the protocol type and protocol port number If the TCP protocol is spe...

Страница 327: ...CL 2 Select Configure ACL from the Step list 3 Select Add from the Action list 4 Fill in the ACL Name field and select the ACL type 5 Click Apply Figure 179 Creating an ACL To show a list of ACLs 1 Cl...

Страница 328: ...ddress and Subnet Mask fields Options Any Host IP Default Any Source IP Address Source IP address Source Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The...

Страница 329: ...atching the selected type Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Specifies the source or destination IP address type Use Any to include all p...

Страница 330: ...yte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match Range 0 63 The control bit mask is a decimal number for an equivalent binary bit mask that...

Страница 331: ...Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or IP 8 If you select Host enter a specific addres...

Страница 332: ...pe Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specify a range of addresses Options Any Hos...

Страница 333: ...e from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type Any Host or IPv...

Страница 334: ...exadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Source Destination Prefix Length A decimal value indicat...

Страница 335: ...elect IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefix 8 If you select Host enter a...

Страница 336: ...e with the Address and Bit Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source or dest...

Страница 337: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific address e g 11 22 33 44...

Страница 338: ...Default All Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field o...

Страница 339: ...e Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If you selec...

Страница 340: ...list to any port CLI REFERENCES ip access group on page 798 show ip access group on page 799 mac access group on page 809 show mac access group on page 810 Time Range on page 648 COMMAND USAGE This sw...

Страница 341: ...bindings which forms the basis for certain man in the middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache...

Страница 342: ...ection engine and their switching behavior will match that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration of any VLANs When...

Страница 343: ...and cannot be disabled The administrator can configure the log facility rate When the switch drops a packet it places an entry in the log buffer then generates a system message on a rate controlled b...

Страница 344: ...og messages are sent Range 0 86400 seconds Default 1 second WEB INTERFACE To configure global settings for ARP Inspection 1 Click Security ARP Inspection 2 Select Configure General from the Step list...

Страница 345: ...database determines their validity PARAMETERS These parameters are displayed ARP Inspection VLAN ID Selects any configured VLAN Default 1 ARP Inspection VLAN Status Enables ARP Inspection for the sele...

Страница 346: ...re subject to ARP packet rate limiting and all trusted ports are exempt from ARP packet rate limiting Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Validation che...

Страница 347: ...us reasons CLI REFERENCES show ip arp inspection statistics on page 791 PARAMETERS These parameters are displayed Table 21 ARP Inspection Statistics Parameter Description Received ARP packets before A...

Страница 348: ...N port and address components CLI REFERENCES show ip arp inspection log on page 791 PARAMETERS These parameters are displayed ARP packets dropped by additional validation Src MAC Count of packets that...

Страница 349: ...to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch f...

Страница 350: ...rt address and end address PARAMETERS These parameters are displayed Mode Web Configures IP address es for the web group SNMP Configures IP address es for the SNMP group Telnet Configures IP address e...

Страница 351: ...rt If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap mes...

Страница 352: ...led Port Status The operational status Secure Down Port security is disabled Secure Up Port security is enabled Shutdown Port is shut down due to a response to a port security violation Action Indicat...

Страница 353: ...cation Access to all switch ports in a network can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the net...

Страница 354: ...signed RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified 802 1X must be enabled globally for the switch Each switch port that will be used must be s...

Страница 355: ...ried out by switches located on the edge of the network When this device is functioning as an edge switch but does not require any attached clients to be authenticated EAPOL Pass Through can be disabl...

Страница 356: ...tion on page 727 COMMAND USAGE When the switch functions as a local authenticator between supplicant devices attached to the switch and the authentication server configure the parameters for the excha...

Страница 357: ...s the port to deny access to all clients either dot1x aware or otherwise Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Default Single Host Single Host...

Страница 358: ...information It may also send other EAP request frames to the client during an active connection as required for reauthentication Server Timeout Sets the time that a switch port waits for a response to...

Страница 359: ...Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identif...

Страница 360: ...thentication on page 727 COMMAND USAGE When devices attached to a port must submit requests to another authenticator on the network configure the Identity Profile parameters on the Configure Global pa...

Страница 361: ...authenticator Range 1 65535 seconds Default 30 seconds Held Period The time that a supplicant port waits before resending its credentials to find a new an authenticator Range 1 65535 seconds Default 3...

Страница 362: ...Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that ha...

Страница 363: ...ress carried in the most recent EAPOL frame received by this Supplicant Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Supplicant Rx EAP Resp Oth The number of valid E...

Страница 364: ...rt Authentication 364 WEB INTERFACE To display port authenticator statistics for 802 1X 1 Click Security Port Authentication 2 Select Show Statistics from the Step list 3 Click Authenticator Figure 20...

Страница 365: ...nooping on page 371 IP source guard can be used to prevent traffic attacks caused when a host tries to use the IP address of a neighbor to access the network This section describes commands used to co...

Страница 366: ...see page 373 IP source guard will check the VLAN ID source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is...

Страница 367: ...ype for each port 3 Click Apply Figure 202 Setting the Filter Type for IP Source Guard CONFIGURING STATIC BINDINGS FOR IP SOURCE GUARD Use the Security IP Source Guard Static Configuration page to bin...

Страница 368: ...uard binding Only unicast addresses are accepted for static bindings PARAMETERS These parameters are displayed Add Port The port to which a static entry is bound VLAN ID of a configured VLAN Range 1 4...

Страница 369: ...guring Static Bindings for IP Source Guard To display static bindings for IP Source Guard 1 Click Security IP Source Guard Static Configuration 2 Select Show from the Action list Figure 204 Displaying...

Страница 370: ...ist VLAN VLAN to which this entry is bound MAC Address Physical address associated with the entry Interface Port to which this entry is bound IP Address IP address corresponding to the client Lease Ti...

Страница 371: ...aces An entry is added or removed dynamically to the DHCP snooping table when a client receives or releases an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLA...

Страница 372: ...lf to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any m...

Страница 373: ...ng globally on the switch or to configure MAC Address Verification CLI REFERENCES DHCP Snooping on page 769 PARAMETERS These parameters are displayed DHCP Snooping Status Enables DHCP snooping globall...

Страница 374: ...nooping on specific VLANs CLI REFERENCES ip dhcp snooping vlan on page 775 COMMAND USAGE When DHCP snooping is enabled globally on the switch and enabled on the specified VLAN DHCP packet filtering wi...

Страница 375: ...Snooping Configure Interface page to configure switch ports as trusted or untrusted CLI REFERENCES ip dhcp snooping trust on page 775 COMMAND USAGE A trusted interface is an interface that is configur...

Страница 376: ...pply Figure 208 Configuring the Port Mode for DHCP Snooping DISPLAYING DHCP SNOOPING BINDING INFORMATION Use the IP Service DHCP Snooping Show Information page to display entries in the binding table...

Страница 377: ...ese entries will be restored to the snooping table when the switch is reset However note that the lease time shown for a dynamic entry that has been restored from flash memory will no longer be valid...

Страница 378: ...CHAPTER 14 Security Measures DHCP Snooping 378...

Страница 379: ...Monitoring RMON Configures local collection of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized management by a single unit over...

Страница 380: ...essages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 632 PARAMETERS Th...

Страница 381: ...rface NOTE All log messages are retained in Flash and purged from RAM after a cold restart i e power is turned off and then on through the power source WEB INTERFACE To configure the logging of error...

Страница 382: ...Memory REMOTE LOG CONFIGURATION Use the Administration Log Remote page to send log messages to syslog servers or other management stations You can also limit the event messages sent to only those mess...

Страница 383: ...CE To configure the logging of error messages to remote servers 1 Click Administration Log Remote 2 Enable remote logging specify the facility type to use for the syslog messages and enter the IP addr...

Страница 384: ...or the address of an administrator responsible for the switch Email Destination Address Specifies the email recipients of alert messages You can specify up to five recipients Server IP Address Specifi...

Страница 385: ...and maintain an accurate network topology SETTING LLDP TIMING ATTRIBUTES Use the Administration LLDP Configure Global page to set attributes for general functions such as globally enabling LLDP on th...

Страница 386: ...tored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the tim...

Страница 387: ...f SNMP trap notifications about LLDP and LLDP MED changes Default Disabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Int...

Страница 388: ...t address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifie...

Страница 389: ...page 106 for information on configuring the maximum frame size for this switch MAC PHY Configuration Status The MAC PHY configuration and status which includes information about auto negotiation supp...

Страница 390: ...PLAYING LLDP LOCAL DEVICE INFORMATION Use the Administration LLDP Show Local Device Information page to display information about the switch such as its MAC address chassis ID management IP address an...

Страница 391: ...management address associated with the local system If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement Table 25 Chassis...

Страница 392: ...scription If RFC 2863 is implemented the ifDescr object should be used for this field Port Trunk ID A string that contains the specific identifier for the port or trunk from which this LLDPDU was tran...

Страница 393: ...transmitted System Name A string that indicates the system s administratively assigned name Port Details Local Port The local port to which a remote LLDP capable device is attached Chassis Type Identi...

Страница 394: ...802 1 Extension Information Remote Port VID The port s default VLAN identifier PVID indicates the VLAN with which untagged or priority tagged frames are associated Remote Port Protocol VLAN List The...

Страница 395: ...3636 and is equal to the last number in the respective dot3MauType OID Port Details 802 3 Extension Power Information Remote Power Class The port Class of the given port associated with the remote sys...

Страница 396: ...oints and others will be classified according to their power requirements Port Details 802 3 Extension Trunk Information Remote Link Aggregation Capable Shows if the remote port is not in link aggrega...

Страница 397: ...ocol 397 WEB INTERFACE To display LLDP information for a remote port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or Trunk De...

Страница 398: ...CHAPTER 15 Basic Administration Protocols Link Layer Discovery Protocol 398 Figure 219 Displaying Remote Device Information for LLDP Port Details...

Страница 399: ...ich the remote database on this switch dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The number of times that a neighbor s information has been deleted from the LL...

Страница 400: ...LLDP Device Statistics General Figure 221 Displaying LLDP Device Statistics Port SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol SNMP is a communication protocol designed specifi...

Страница 401: ...rity models with each model having it s own security levels There are three security models defined SNMPv1 SNMPv2c and SNMPv3 Users are assigned to groups that are defined by a security model and spec...

Страница 402: ...your management station Configuring SNMPv3 Management Access 1 Use the Administration SNMP Configure Global page to enable SNMP on the switch and to enable trap messages 2 Use the Administration SNMP...

Страница 403: ...ation message to specified IP trap managers whenever an invalid community string is submitted during the SNMP access authentication process Default Enabled Link up and Link down Traps6 Issues a notifi...

Страница 404: ...e to the switch This is referred to as the default engine ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users PARAMETERS Thes...

Страница 405: ...mp server engine id on page 665 COMMAND USAGE SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore nee...

Страница 406: ...Apply Figure 224 Configuring a Remote Engine ID for SNMP To show the remote SNMP engine IDs 1 Click Administration SNMP 2 Select Configure Engine from the Step list 3 Select Show Remote Engine from t...

Страница 407: ...SNMP views configured in the Add View page OID Subtree Adds an additional object identifier of a branch within the MIB tree to the selected View Wild cards can be used to mask a specific portion of t...

Страница 408: ...ure 227 Showing SNMP Views To add an object identifier to an existing SNMP view of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Add OID Sub...

Страница 409: ...ricting them to specific read write and notify views You can use the pre defined default groups or create new groups to map a set of SNMP users to SNMP views CLI REFERENCES show snmp group on page 670...

Страница 410: ...ing itself such that its configuration is unaltered linkDown 1 3 6 1 6 3 1 1 5 3 A linkDown trap signifies that the SNMP entity acting in an agent role has detected that the ifOperStatus object for on...

Страница 411: ...0 1 11 2 1 0 77 When ATC is released this trap is fired swLoopbackDetectionTrap 1 3 6 1 4 1 259 10 1 11 2 1 0 95 This trap is sent when loop back BPDUs have been detected networkAccessPortLinkDetectio...

Страница 412: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 230 Creating an SN...

Страница 413: ...ssword and permits access to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string...

Страница 414: ...be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view CLI REFERENCES snmp server user on page 667 PARAMETERS T...

Страница 415: ...t DES is currently available Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a local SNMPv3 user 1 Click Administration SNMP 2 Select Configure User fr...

Страница 416: ...d notify view CLI REFERENCES snmp server user on page 667 COMMAND USAGE To grant management access to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent...

Страница 417: ...ions MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently availa...

Страница 418: ...evel is authPriv a privacy password must also be specified 5 Click Apply Figure 236 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from...

Страница 419: ...received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider t...

Страница 420: ...tification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Inform Notifica...

Страница 421: ...0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specified u...

Страница 422: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Страница 423: ...Network Management Protocol 423 Figure 240 Configuring Trap Managers SNMPv3 To show configured trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Show from...

Страница 424: ...lly send a trap message to the management agent which can then respond to the event if so configured CONFIGURING RMON ALARMS Use the Administration RMON Configure Global Add Alarm page to define speci...

Страница 425: ...e 1 65535 Rising Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing above the rising threshold If there is no corresponding entry in the eve...

Страница 426: ...d from the Action list 4 Click Alarm 5 Enter an index number the MIB object to be polled etherStatsEntry n n the polling interval the sample type the thresholds and the event to trigger 6 Click Apply...

Страница 427: ...f an alarm is already defined for an index the entry must be deleted before any changes can be made One default event is configured as follows event Index 1 Description RMON_TRAP_LOG Event type log tr...

Страница 428: ...e 413 prior to configuring it here Range 1 127 characters Description A comment that describes this event Range 1 127 characters Owner Name of the person who created this entry Range 1 127 characters...

Страница 429: ...hich may reveal problems associated with high traffic levels broadcast storms or other unusual events It can also be used to predict network growth and plan for expansion before your network becomes t...

Страница 430: ...number of buckets granted are displayed on the Show page Owner Name of the person who created this entry Range 1 127 characters WEB INTERFACE To periodically sample statistics on a port 1 Click Admini...

Страница 431: ...elect Show from the Action list 4 Select a port from the list 5 Click History Figure 247 Showing Configured RMON History Samples To show collected RMON history samples 1 Click Administration RMON 2 Se...

Страница 432: ...each entry includes input octets packets broadcast packets multicast packets undersize packets oversize packets CRC alignment errors jabbers fragments collisions drop events and frames of various siz...

Страница 433: ...an RMON Statistical Sample To show configured RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port f...

Страница 434: ...t Switches that support clustering can be grouped together regardless of physical location or switch type as long as they are connected to the same local network COMMAND USAGE A switch cluster has a p...

Страница 435: ...AGE First be sure that clustering is enabled on the switch the default is disabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with the network IP subnet Cl...

Страница 436: ...e Step list 3 Set the required attributes for a Commander or a managed candidate 4 Click Apply Figure 252 Configuring a Switch Cluster CLUSTER MEMBER CONFIGURATION Use the Administration Cluster Confi...

Страница 437: ...ep list 3 Select Add from the Action list 4 Select one of the cluster candidates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 253 Configuring a Cluster Member...

Страница 438: ...Cluster Show Member page to manage another switch in the cluster CLI REFERENCES Switch Clustering on page 651 PARAMETERS These parameters are displayed Member ID The ID number of the Member switch Ra...

Страница 439: ...h would fatally affect network operation and service availability The G 8032 recommendation also referred to as Ethernet Ring Protection Switching ERPS can be used to increase the availability and rob...

Страница 440: ...than any other request or a Ring Automatic Protection Switching protocol request R APS as defined in Y 1731 is received which has a higher priority than any other local request A link node failure is...

Страница 441: ...command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN Configure Domain Configure Details Specify the control VL...

Страница 442: ...LAN should only contain ring ports and must not be configured with an IP address ERPS CONFIGURATION Use the Administration ERPS Configure Global page to globally enable or disable ERPS on the switch C...

Страница 443: ...e displayed Add Domain Name Name of an ERPS ring Range 1 12 characters Show Domain Name Name of a configured ERPS ring Node State Shows the following ERPS states Init The ERPS ring has started but has...

Страница 444: ...must be specified in the format xx xx xx xx xx xx or xxxxxxxxxxxx Node State Refer to the parameters for the Show page West Port Connects to next ring node to the west Each node must be connected to t...

Страница 445: ...r old messages still circulating on the ring to expire Range 10 2000 milliseconds in steps of 10 milliseconds The guard timer duration should be greater than the maximum expected forwarding delay for...

Страница 446: ...learned again The major ring will not be broken but the bandwidth of data traffic on the major ring may suffer for a short period of time due to this flooding behavior Sub Domain A secondary ERPS rin...

Страница 447: ...tion list 4 Configure the ERPS parameters for this node Note that spanning tree protocol cannot be configured on the ring ports nor can these ports be members of a static or dynamic trunk And the cont...

Страница 448: ...Protection Switching 448 Figure 261 Creating an ERPS Ring Secondary Ring To show the configure ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from t...

Страница 449: ...SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance domain Key Components of CFM CFM provides re...

Страница 450: ...n see their respective MEPs as well as all the MIPs within their domains There is a service provider domain at the second level in the hierarchy From the service provider s view the access points mark...

Страница 451: ...A If the target MEP s identifier has been discovered through CCM messages then a loop back message can also be sent using the MEPs identifier A reply indicates that the destination is reachable Link t...

Страница 452: ...environment such as adjusting the interval at which continuity check messages are sent see Configuring CFM Maintenance Associations or setting the start up delay for the cross check operation see Conf...

Страница 453: ...message is a multicast CFM frame initiated by a MEP and forwarded from MIP to MIP with each MIP generating a linktrace reply up to the point at which the linktrace message reaches its destination or c...

Страница 454: ...ed from a remote MEP which as an expired entry in the archived database MEP Up traps are suppressed when cross checking of MEPs is enabled7 because cross check traps include more detailed status infor...

Страница 455: ...ic MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cross checking the end points learned through CCMs against those stored in the static list 4 Adjust the param...

Страница 456: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Страница 457: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Страница 458: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Страница 459: ...end point MEP is created at some lower MA Level None No MIP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 655...

Страница 460: ...the maintenance domains and authorized maintenance levels thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click...

Страница 461: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Страница 462: ...f a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or MA l...

Страница 463: ...CCMs The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 100 ms 5 1 sec 6 10 sec 7 60 sec Connectivity Check Enables transmissio...

Страница 464: ...intenance association 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4 Select an entry from the MD Index list 5 Specify the MAs assigned to each...

Страница 465: ...ance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Configure Details from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the CCM int...

Страница 466: ...e MEP s MA or the direction it faces first delete the MEP and then create a new one PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 0 4094 ME...

Страница 467: ...ts CONFIGURING REMOTE MAINTENANCE END POINTS Use the Administration CFM Configure Remote MEP Add page to specify remote maintenance end points MEPs set on other CFM enabled devices within a common MA...

Страница 468: ...vice waits for remote MEPs to come up before starting the cross check operation can be configured on the Configure Global page see Configuring Global Settings for CFM SNMP traps for continuity check e...

Страница 469: ...mit Link Trace page to transmit link trace messages LTMs These messages can isolate connectivity faults by tracing the path through a network to the designated target node i e a remote maintenance end...

Страница 470: ...size can be configured on the Configure Global page see Configuring Global Settings for CFM PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 0...

Страница 471: ...ic detection of a fault or receipt of some other error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving maintenance point should...

Страница 472: ...n either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx Count The number of times the loopback message is sent Range 1 5 Packet Size The size of the loopback message Range 64 1518 bytes De...

Страница 473: ...ng a frame with DM request information and the receiving MEP responds with a frame with DM reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time...

Страница 474: ...asure messages Range 1 5 seconds Default 1 second Timeout The timeout to wait for a response Range 1 5 seconds Default 5 seconds WEB INTERFACE To transmit delay measure messages 1 Click Administration...

Страница 475: ...the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Up indicates that the MEP faces inward toward the switch cross con...

Страница 476: ...r string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The port t...

Страница 477: ...if the specified MEP is currently suppressing sending frames containing AIS information following the detection of defect conditions WEB INTERFACE To show detailed information for the MEPs configured...

Страница 478: ...ethernet cfm maintenance points local on page 1109 PARAMETERS These parameters are displayed MD Name Maintenance domain name Level Authorized maintenance level for this domain MA Name Maintenance asso...

Страница 479: ...AMETERS These parameters are displayed MEP ID Maintenance end point identifier MA Name Maintenance association name Level Authorized maintenance level for this domain Primary VLAN Service VLAN ID MEP...

Страница 480: ...Level Authorized maintenance level for this domain MAC Address MAC address of this MEP entry Primary VLAN Service VLAN ID Incoming Port Port to which this remote MEP is attached CC Lifetime Length of...

Страница 481: ...e external event Not Present Some component of the interface is missing isLowerLayerDown The interface is down due to state of the lower layer interfaces Crosscheck Status Shows if crosscheck function...

Страница 482: ...he target data frame passed through to the MAC Relay Entity IngDown The bridge port s MAC_Operational parameter is false This value could be returned for example by an operationally Down MEP that has...

Страница 483: ...t Show Information from the Step list 3 Select Show Link Trace Cache from the Action list Figure 285 Showing the Link Trace Cache DISPLAYING FAULT NOTIFICATION SETTINGS Use the Administration CFM Show...

Страница 484: ...FM continuity check errors logged on this device CLI REFERENCES show ethernet cfm errors on page 1118 clear ethernet cfm errors on page 1117 PARAMETERS These parameters are displayed Level Maintenance...

Страница 485: ...s an Up MEP configured facing inward up on some bridge port EXCESS_LEV The number of different MD levels at which MIPs are to be created on this port exceeds the bridge s capabilities OVERLAP_LEV A ME...

Страница 486: ...Enables or disables OAM functions Default Disabled Operation State Shows the operational state between the local and remote OAM devices This value is always disabled if OAM is disabled on the local i...

Страница 487: ...M event log Default Enabled Critical events include various failures such as abnormal voltage fluctuations out of range temperature detected fan failure CRC error in flash memory insufficient memory o...

Страница 488: ...ace 2 Set the OAM administrative status and operational mode for the required ports Specify whether or not critical link events will be reported by the switch Specify whether errored frame link events...

Страница 489: ...s DISPLAYING THE OAM EVENT LOG Use the Administration OAM Event Log page to display link events for the selected port CLI REFERENCES show efm oam event log interface on page 1142 COMMAND USAGE When a...

Страница 490: ...isplayed Port Port identifier Range 1 12 MAC Address MAC address of the OAM peer OUI Organizational Unit Identifier of the OAM peer Remote Loopback Shows if remote loopback is supported by the OAM pee...

Страница 491: ...the Administration OAM Remote Loopback Remote Loopback Test page to initiate a loop back test to the peer device attached to the selected port CLI REFERENCES efm oam remote loopback on page 1140 efm o...

Страница 492: ...est Loop Back Status of Remote Device Result Shows the loop back status on the peer The loop back states shown in this field are described below Packets Transmitted The number of loop back frames tran...

Страница 493: ...mote loop back testing enable the Loop Back Mode attribute and click Apply 4 Set the number of packets to send and the packet size and then click Test Figure 292 Running a Remote Loop Back Test DISPLA...

Страница 494: ...nterface Loss Rate The percentage of packets transmitted for which there was no response WEB INTERFACE To display the results of remote loop back testing for each port for which this information is av...

Страница 495: ...de on the network Address Resolution Protocol Describes how to configure ARP aging time Also shows how to display the ARP cache IPv4 Configuration Sets an IPv4 address for management access IPv6 Confi...

Страница 496: ...EB INTERFACE To ping another device on the network 1 Click IP General Ping 2 Specify the target device and ping parameters 3 Click Apply Figure 294 Pinging a Network Device ADDRESS RESOLUTION PROTOCOL...

Страница 497: ...ng as this entry has not timed out the switch will be able forward traffic directly to the next hop for this destination without having to broadcast another ARP request Also if the switch receives a r...

Страница 498: ...LAYING ARP ENTRIES Use the IP ARP Show Information page to display dynamic entries in the ARP cache The ARP cache contains entries for local interfaces including subnet host and broadcast addresses Th...

Страница 499: ...fault gateway for the switch CLI REFERENCES ip default gateway on page 1163 PARAMETERS These parameters are displayed Gateway IP Address IP address of the gateway router between the switch and managem...

Страница 500: ...guration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast...

Страница 501: ...ystem IP 2 Select Configure Interface from the Step list 3 Select Add Address from the Action list 4 Select the VLAN through which the management station is attached set the IP Address Mode to Static...

Страница 502: ...s on each power reset NOTE If you lose the management connection make a console connection to the switch and enter show ip interface to determine the new switch address Renewing DCHP DHCP may lease ad...

Страница 503: ...distinct address types link local unicast and global unicast A link local address makes the switch accessible over IPv6 for all devices attached to the same local subnet Management traffic using this...

Страница 504: ...CONFIGURING IPV6 INTERFACE SETTINGS Use the IP IPv6 Configuration Configure Interface page to configure general IPv6 settings for the selected VLAN including auto configuration of a global unicast int...

Страница 505: ...The network portion of the address is based on prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the interface i...

Страница 506: ...ate link local address is found duplicate address detection is started for the remaining IPv6 addresses If a duplicate address is detected it is set to duplicate state and a warning message is sent to...

Страница 507: ...tion or enable IPv6 explicitly to automatically configure a link local address and enable IPv6 on the selected interface Set the MTU size the maximum number of duplicate address detection messages and...

Страница 508: ...terface Settings on page 504 It can be manually configured by specifying the entire network prefix and prefix length and using the EUI 64 form of the interface identifier to automatically create the l...

Страница 509: ...on the device s MAC address The EUI 64 specification is designed for devices that use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also known as EUI 48 format it must...

Страница 510: ...default all ports on the switch are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4093...

Страница 511: ...this example FF02 1 FF90 0 104 is the solicited node multicast address which is formed by taking the low order 24 bits of the address and appending those bits to the prefix Note that the solicited no...

Страница 512: ...ReachableTime interval that the forward path to the neighbor was functioning While in REACH state the device takes no special action when sending packets STALE More than the ReachableTime interval ha...

Страница 513: ...t Control Message Protocol for Version 6 addresses is a network layer protocol that transmits message packets to report errors in processing IPv6 packets ICMP is therefore an integral part of the Inte...

Страница 514: ...ce for some of the datagrams Truncated Packets The number of input datagrams discarded because datagram frame didn t carry enough data Discards The number of input IPv6 datagrams for which no problems...

Страница 515: ...ssfully fragmented at this output interface Fragment Failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not be ICMPv6...

Страница 516: ...interface Parameter Problem Message The number of ICMP Parameter Problem messages sent by the interface Echo Request Messages The number of ICMP Echo request messages sent by the interface Echo Reply...

Страница 517: ...wing IPv6 Statistics IPv6 No Port Errors The total number of received UDP datagrams for which there was no application at the destination port Other Errors The number of received UDP datagrams that co...

Страница 518: ...CHAPTER 16 IP Configuration Setting the Switch s IP Address IP Version 6 518 Figure 307 Showing IPv6 Statistics ICMPv6 Figure 308 Showing IPv6 Statistics UDP...

Страница 519: ...1182 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure 309 Showing Reporte...

Страница 520: ...CHAPTER 16 IP Configuration Setting the Switch s IP Address IP Version 6 520...

Страница 521: ...esses configure default domain names or specify one or more name servers to use for domain name to address translation CONFIGURING GENERAL DNS SERVICE PARAMETERS Use the IP Service DNS General Configu...

Страница 522: ...is page to define a list of domain names that can be appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation If there is no domain list the de...

Страница 523: ...domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Add Domain Name from the Action list 3 Enter one domain name at a time 4 Click Apply Figur...

Страница 524: ...pecified the servers are queried in the specified sequence until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be dis...

Страница 525: ...manually configure static entries in the DNS table that are used to map domain names to IP addresses CLI REFERENCES ip host on page 1148 show hosts on page 1152 COMMAND USAGE Static entries may be us...

Страница 526: ...vice DNS Static Host Table 2 Select Add from the Action list 3 Enter a host name and the corresponding address 4 Click Apply Figure 315 Configuring Static Entries in the DNS Table To show static entri...

Страница 527: ...ver a DNS client can try each address in succession until it establishes a connection with the target device PARAMETERS These parameters are displayed No The entry number for each resource record Flag...

Страница 528: ...CHAPTER 17 IP Services Displaying the DNS Cache 528...

Страница 529: ...o A multicast server does not have to establish a separate connection with each client It merely broadcasts its service to the network and any hosts that want to receive the multicast register with th...

Страница 530: ...service requests passing between multicast clients and servers and dynamically configure the switch ports which need to forward multicast traffic IGMP Snooping conserves bandwidth on network segments...

Страница 531: ...ed in the attached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 532 Static IGMP Router Interface If IGMP snooping...

Страница 532: ...roughout the VLAN if unregistered flooding is enabled see Unregistered Data Flood in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts i...

Страница 533: ...logy has stabilized and the new locations of all multicast receivers are learned If a topology change notification TCN is received and all the uplink ports are subsequently deleted a time out mechanis...

Страница 534: ...ting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert option Unregistered Data Flooding Floods unregistered...

Страница 535: ...ures the IGMP report query version used by IGMP snooping Versions 1 3 are all supported and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snoo...

Страница 536: ...s within the switch CLI REFERENCES Static Multicast Routing on page 1028 COMMAND USAGE IGMP Snooping must be enabled globally on the switch see Configuring IGMP Snooping and Query Parameters on page 5...

Страница 537: ...lay this information Figure 321 Showing Static Interfaces Attached a Multicast Router To show the all interfaces attached to a multicast router 1 Click Multicast IGMP Snooping Multicast Router 2 Selec...

Страница 538: ...on page 1023 COMMAND USAGE Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to por...

Страница 539: ...GMP Member 2 Select Show Static Member from the Action list 3 Select the VLAN for which to display this information Figure 324 Showing Static Interfaces Assigned to a Multicast Service To show the all...

Страница 540: ...ed for use by IGMP snooping and multicast routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast...

Страница 541: ...e is administratively disabled The router is gracefully shut down Advertisement and Termination messages are sent to the All Snoopers multicast address Solicitation messages are sent to the All Router...

Страница 542: ...le fixed at 2 as defined in RFC 2236 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should only be enabled on an interface...

Страница 543: ...onds This command applies when the switch is serving as the querier page 532 or as a proxy host when IGMP snooping proxy reporting is enabled page 532 Last Member Query Interval The interval to wait f...

Страница 544: ...dress in IGMP reports sent to upstream ports Many hosts do not implement RFC 4541 and therefore do not understand query messages with the source address of 0 0 0 0 These hosts will therefore not reply...

Страница 545: ...play information about multicast groups IGMP Snooping must first be enabled on the switch see page 532 PARAMETERS These parameters are displayed VLAN An interface on the switch that is forwarding traf...

Страница 546: ...ay IGMP snooping protocol related statistics for the specified interface CLI REFERENCES show ip igmp snooping statistics on page 1026 PARAMETERS These parameters are displayed VLAN VLAN identifier Ran...

Страница 547: ...ssages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query was d...

Страница 548: ...nd Query 548 WEB INTERFACE To display statistics for IGMP snooping query related messages 1 Click Multicast IGMP Snooping Statistics 2 Select Show Query Statistics from the Action list 3 Select a VLAN...

Страница 549: ...ooping and Query 549 To display IGMP snooping protocol related statistics for a VLAN 1 Click Multicast IGMP Snooping Statistics 2 Select Show VLAN Statistics from the Action list 3 Select a VLAN Figur...

Страница 550: ...limits the number of simultaneous multicast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the p...

Страница 551: ...ch Default Disabled WEB INTERFACE To enable IGMP filtering and throttling on the switch 1 Click Multicast IGMP Snooping Filter 2 Select Configure General from the Step list 3 Enable IGMP Filter Status...

Страница 552: ...ts are only processed when the multicast group is not in the controlled range Add Multicast Group Range Profile ID Selects an IGMP profile to configure Start Multicast IP Address Specifies the startin...

Страница 553: ...ticast groups to an IGMP filter profile 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step list 3 Select Add Multicast Group Range from the Action list 4 Select the profil...

Страница 554: ...port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join repo...

Страница 555: ...ly Figure 337 Configuring IGMP Filtering and Throttling Interface Settings MULTICAST VLAN REGISTRATION Multicast VLAN Registration MVR is a protocol that controls access to a single network wide VLAN...

Страница 556: ...Interface Status on page 561 4 For multicast streams that will run for a long term and be associated with a stable set of hosts you can statically bind the multicast group to the participating interfa...

Страница 557: ...ld not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether or not all necessary conditions in the MVR environment are satisfied Running status is Active as lo...

Страница 558: ...more MVR domains CLI REFERENCES Multicast VLAN Registration on page 1037 COMMAND USAGE Use the Configure Profile page to statically configure all multicast group addresses that will join the MVR VLAN...

Страница 559: ...group Range 224 0 1 0 239 255 255 255 Associate Profile Domain ID An independent multicast domain Range 1 5 Profile Name The name of a profile to be assigned to this domain Range 1 20 characters WEB...

Страница 560: ...t Show from the Action list Figure 341 Displaying MVR Group Address Profiles To assign an MVR group address profile to a domain 1 Click Multicast MVR 2 Select Associate Profile from the Step list 3 Se...

Страница 561: ...snooping to join or leave any other multicast groups using the standard rules for multicast filtering Receiver ports can belong to different VLANs but should not be configured as a member of the MVR V...

Страница 562: ...nfigured as a member of the MVR VLAN see Adding Static Members to VLANs on page 180 Receiver A subscriber port that can receive multicast data sent through the MVR VLAN Any port configured as an recei...

Страница 563: ...GNING STATIC MULTICAST GROUPS TO INTERFACES Use the Multicast MVR Configure Static Group Member page to statically bind multicast groups to a port which will receive long term multicast streams associ...

Страница 564: ...Defines a multicast service sent to the selected port Multicast groups must be assigned from the MVR group range configured on the Configure General page WEB INTERFACE To assign a static MVR group to...

Страница 565: ...groups on each interface CLI REFERENCES show mvr members on page 1049 PARAMETERS These parameters are displayed Domain ID An independent multicast domain Range 1 5 Group IP Address Multicast groups a...

Страница 566: ...Show Member from the Step list 3 Select an MVR domain Figure 347 Displaying MVR Receiver Groups DISPLAYING MVR STATISTICS Use the Multicast MVR Show Statistics pages to display MVR protocol related s...

Страница 567: ...Report The number of IGMP membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this inte...

Страница 568: ...and source specific query messages sent from this interface WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Sele...

Страница 569: ...n 569 To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR domain...

Страница 570: ...n 570 To display MVR protocol related statistics for a port 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR domain...

Страница 571: ...P Commands on page 657 Remote Monitoring Commands on page 677 Authentication Commands on page 691 General Security Measures on page 745 Access Control Lists on page 793 Interface Commands on page 817...

Страница 572: ...rvice Commands on page 987 Multicast Filtering Commands on page 1007 LLDP Commands on page 1069 CFM Commands on page 1093 OAM Commands on page 1135 Domain Name Service Commands on page 1145 DHCP Comma...

Страница 573: ...nsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CL...

Страница 574: ...54 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isola...

Страница 575: ...h command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require...

Страница 576: ...uster dns DNS information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile feature erps Displays ERPS configuration ethernet Specifies the ethernet garp GARP properties gvrp GVRP...

Страница 577: ...b authentication configuration Console show The command show interfaces will display the following information Console show interfaces brief Shows brief interface description counters Interface counte...

Страница 578: ...modify interface parameters or enable certain switching functions These classes are further divided into different modes Available commands depend on the selected mode You can always enter a question...

Страница 579: ...the running configuration only and are not saved when the switch is rebooted To store the running configuration in non volatile storage use the copy running config startup config command The configura...

Страница 580: ...ill change to Console config which gives you access privilege to all Global Configuration commands Console configure Console config To enter the other modes at the configuration prompt type one of the...

Страница 581: ...nter interface configuration mode and then return to Privileged Exec mode Console config interface ethernet 1 5 Console config if exit Console config Time Range time range Console config time range 64...

Страница 582: ...k for the static router port is up Console configure Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config end Console show ip igmp snooping mrouter VLAN M cast Router Ports Type...

Страница 583: ...begin can only be used as the first modifier if more than one modifier is used in a command CLI COMMAND GROUPS The system commands can be broken down into the functional groups shown below Table 42 Co...

Страница 584: ...7 Automatic Traffic Control Configures bounding thresholds for broadcast and multicast storms which can be used to trigger configured rate limits or to shut down a port 869 Address Table Configures th...

Страница 585: ...guration LC Line Configuration MST Multiple Spanning Tree NE Normal Exec PE Privileged Exec PM Policy Map Configuration VC VLAN Database Configuration OAM Configures Operations Administration and Main...

Страница 586: ...CHAPTER 19 Using the Command Line Interface CLI Command Groups 586...

Страница 587: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Страница 588: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 589: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 590: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Страница 591: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 592: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 589 reload Privileged Exec This command restarts the system NOT...

Страница 593: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 594: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 595: ...gers and version information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port includi...

Страница 596: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 46 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Страница 597: ...ted If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Edge Core Networks Responsible de...

Страница 598: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Страница 599: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or o...

Страница 600: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Страница 601: ...G None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersc...

Страница 602: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Страница 603: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Страница 604: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Страница 605: ...section describes commands used to display system information Table 47 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show mem...

Страница 606: ...r traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when setting an IP Source Guard filter rule for a port the system will also use two PCEs EXAMPLE Console sho...

Страница 607: ...keyword to display configuration data for the specified interface Use this command in conjunction with the show startup config command to compare the information in running memory to the information s...

Страница 608: ...enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database VLAN 1 name DefaultVlan media ethernet state active VLAN 4093 media ethernet state active spanning tree mst configuration inte...

Страница 609: ...state Multiple spanning tree instances name and interfaces Interface settings and VLAN configuration settings for each interface IP address for management VLAN Any configured settings for the console...

Страница 610: ...gs designed to help technical support resolve configuration or functional problems COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command generates a long list of information including de...

Страница 611: ...ounts User Name Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online Users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH...

Страница 612: ...bo frame DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames on Gigab...

Страница 613: ...ame from the current runtime code file and then the new file set as the startup file Saving or Restoring Configuration Settings Configuration settings can be uploaded and downloaded to and from an FTP...

Страница 614: ...E Global Configuration COMMAND USAGE A colon is required after the specified file type If the file contains an error it cannot be set as the default file EXAMPLE Console config boot system config star...

Страница 615: ...hat allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See Secure Shell on page 717 running config Keyword that allows you to...

Страница 616: ...the default user name EXAMPLE The following example shows how to download new firmware from a TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcode 1...

Страница 617: ...certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y This example shows how to copy a public key used by SSH from an TFTP se...

Страница 618: ...LE This example shows how to delete the test2 cfg configuration file from flash memory Console delete test2 cfg Console RELATED COMMANDS dir 618 delete public key 722 dir This command displays a list...

Страница 619: ...0 12139492 Factory_Default_Config cfg Config N 2010 10 06 14 29 44 455 startup1 cfg Config Y 2010 10 14 01 43 19 1138 Free space for compressed user config files 761856 Console whichboot This command...

Страница 620: ...is used to enable or disable automatic upgrade of the operational code When the switch starts up and automatic image upgrade is enabled by this command the switch will follow these steps when it boot...

Страница 621: ...and specifies an TFTP server and directory in which the new opcode is stored Use the no form of this command to clear the current setting SYNTAX upgrade opcode path opcode dir url no upgrade opcode pa...

Страница 622: ...r If the user name is omitted anonymous will be used for the connection If the password is omitted a null string will be used for the connection EXAMPLE This shows how to specify a TFTP server where n...

Страница 623: ...tion method to local console Telnet or SSH connections LC databits Sets the number of data bits per character that are interpreted and generated by hardware LC exec timeout Sets the interval that the...

Страница 624: ...ommand sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value SYNTAX databits 7 8 no databits 7 Seven data bits...

Страница 625: ...he timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using t...

Страница 626: ...ment interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login selects no authentication When using this method the management...

Страница 627: ...th 32 characters plain text or encrypted case sensitive DEFAULT SETTING No password is specified COMMAND MODE Line Configuration COMMAND USAGE When a connection is started on a line with password prot...

Страница 628: ...f allowed password attempts Range 1 120 0 no threshold DEFAULT SETTING The default value is three attempts COMMAND MODE Line Configuration COMMAND USAGE When the logon attempt threshold is reached the...

Страница 629: ...Line Configuration EXAMPLE To set the silent time to 60 seconds enter this command Console config line silent time 60 Console config line RELATED COMMANDS password thresh 628 speed This command sets t...

Страница 630: ...2 no stopbits 1 One stop bit 2 Two stop bits DEFAULT SETTING 1 stop bit COMMAND MODE Line Configuration EXAMPLE To specify 2 stop bits enter this command Console config line stopbits 2 Console config...

Страница 631: ...o set the timeout to two minutes enter this command Console config line timeout login response 120 Console config line disconnect This command terminates an SSH Telnet or console connection SYNTAX dis...

Страница 632: ...out Disabled Silent Time Disabled Baud Rate Auto Data Bits 8 Parity None Stop Bits 1 VTY Configuration Password Threshold 3 times Inactive Timeout 600 seconds Login Timeout 300 sec Silent Time Disable...

Страница 633: ...uration COMMAND USAGE The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by...

Страница 634: ...ash errors level 3 0 RAM debugging level 7 0 COMMAND MODE Global Configuration COMMAND USAGE The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Страница 635: ...s five EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of error messages sending debug or error messages to a logging process The no form disables...

Страница 636: ...le on page 634 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Global Configuration COMMAND USAGE Using this command with a specified level enabl...

Страница 637: ...NG None COMMAND MODE Privileged Exec COMMAND USAGE All log messages are retained in RAM and Flash after a warm restart i e power is reset through the command interface All log messages are retained in...

Страница 638: ...ging is enabled the message level for flash memory is errors i e default level 3 0 and the message level for RAM is debugging i e default level 7 0 Console show logging flash Syslog logging Enabled Hi...

Страница 639: ...he logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The severity threshold for sys...

Страница 640: ...ndling DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server...

Страница 641: ...D MODE Global Configuration COMMAND USAGE The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7...

Страница 642: ...e default value SYNTAX logging sendmail source email email address no logging sendmail source email email address The source email address used in alert messages Range 1 41 characters DEFAULT SETTING...

Страница 643: ...ommand enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp server command Use the no form to disable SNTP client requests SYNTAX no sntp client...

Страница 644: ...rver 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current Time Dec 23 02 52 44 2002 Poll Interval 60 Current Mode unicast SNTP Status Enabled S...

Страница 645: ...d specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issu...

Страница 646: ...s before UTC 0 13 hours after UTC minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone before east of UTC after utc Sets the local time zone after west of...

Страница 647: ...Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE...

Страница 648: ...1 30 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE This command sets a time range for use by other functions such as Access Control Lists EXAMPLE Console config time...

Страница 649: ...ear Year 4 digit Range 2009 2109 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured you must use the no form of this command to remove the c...

Страница 650: ...Weekdays weekend Weekends hour Hour in 24 hour format Range 0 23 minute Minute Range 0 59 DEFAULT SETTING None COMMAND MODE Time Range Configuration COMMAND USAGE If a time range is already configured...

Страница 651: ...are connected to the same local network Using Switch Clustering A switch cluster has a primary unit called the Commander which is used to manage all other Member switches in the cluster The management...

Страница 652: ...nt connection to the Commander When using a console connection from the Commander CLI prompt use the rcommand to connect to the Member switch cluster This command enables clustering on the switch Use...

Страница 653: ...date switches only become cluster Members when manually selected by the administrator through the management station Cluster Member switches can be managed through a Telnet connection to the Commander...

Страница 654: ...nge the cluster IP pool when the switch is currently in Commander mode Commander mode must first be disabled EXAMPLE Console config cluster ip pool 10 2 3 4 Console config cluster member This command...

Страница 655: ...switch Managing cluster Members using the local console CLI on the Commander is not supported There is no need to enter the username and password for access to the Member switch CLI EXAMPLE Console rc...

Страница 656: ...rs ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 E0 0C 00 00 FE Description ECS4810 12M Console show cluster candidates This command shows the discovered Candidate switches in the net...

Страница 657: ...ommands Command Function Mode General SNMP Commands snmp server Enables the SNMP agent GC snmp server community Sets up the community access string to permit access to SNMP commands GC snmp server con...

Страница 658: ...tomatic storm control and the apply timer expires IC Port snmp server enable port traps atc broadcast control release Sends a trap when broadcast traffic falls beneath the lower threshold after a stor...

Страница 659: ...ations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects DEFAULT SETTING public Read only access Auth...

Страница 660: ...ocation Maximum length 255 characters DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config snmp server location WC 19 Console config RELATED COMMANDS snmp server contact 659 s...

Страница 661: ...s 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP Logging Disabled Console snmp server enable traps This command enables this device to send Simple Network...

Страница 662: ...in conjunction with the corresponding entries in the Notify View assigned by the snmp server group command EXAMPLE Console config snmp server enable traps link up down Console config RELATED COMMANDS...

Страница 663: ...st one snmp server host command In order to enable multiple hosts you must issue a separate snmp server host command for each host The snmp server host command is used in conjunction with the snmp ser...

Страница 664: ...5 Allow the switch to send SNMP traps i e notifications page 661 6 Specify the target host that will receive inform messages with the snmp server host command as described in this section The switch c...

Страница 665: ...authenticating and encrypting SNMPv3 packets A remote engine ID is required when using SNMPv3 informs See the snmp server host command The remote engine ID is used to compute the security digest for...

Страница 666: ...e view for write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public11 read only private12 read write readview Every object belon...

Страница 667: ...device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5...

Страница 668: ...er will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s...

Страница 669: ...nfig This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engine id This...

Страница 670: ...tile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read Vie...

Страница 671: ...eld Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view storage type...

Страница 672: ...n log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification logging is enabled by defau...

Страница 673: ...rameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a mechanism...

Страница 674: ...contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network management stat...

Страница 675: ...s command displays the configured notification logs COMMAND MODE Privileged Exec EXAMPLE This example displays the configured notification logs and associated target hosts Console show snmp notify fil...

Страница 676: ...CHAPTER 22 SNMP Commands 676...

Страница 677: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 678: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Страница 679: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Страница 680: ...The number of buckets requested for this entry Range 1 65536 seconds The polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1...

Страница 681: ...nge 1 127 characters DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE By default each index number equates to a port on the switch but can be changed to any number n...

Страница 682: ...id owned by mike Description is urgent Event firing causes log and trap to community last fired 00 00 00 Console show rmon history This command shows the sampling parameters configured for each entry...

Страница 683: ...tistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372 packets 120 broadcast and 2211 multicast packets 0 undersized and 0 oversized packets 0 f...

Страница 684: ...CHAPTER 23 Remote Monitoring Commands 684...

Страница 685: ...dress ipv6 ipv6 address destination udp port no sflow destination ipv4 address IPv4 address of the sFlow Collector Valid IPv4 addresses consist of four decimal numbers 0 to 255 separated by periods ip...

Страница 686: ...the default UDP port Console config interface ethernet 1 9 Console config if sflow destination ipv4 192 168 0 4 Console config if sflow max datagram size This command configures the maximum size of th...

Страница 687: ...Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 9 Console config if sflow max header size 256 Console config if sflow owner This command configures the name of the receiv...

Страница 688: ...guration Ethernet EXAMPLE This example sets the sample rate to 1 out of every 100 packets Console config interface ethernet 1 9 Console config if sflow sample 100 Console config if sflow source This c...

Страница 689: ...icates no time out DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet COMMAND USAGE The sFlow parameters affected by this command include the sampling interval the receiver s name...

Страница 690: ...ec EXAMPLE Console show sflow interface ethernet 1 9 Interface of Ethernet 1 9 Interface status Enabled Owner name Lamar Owner destination 192 168 0 4 Owner socket port 6343 Time out 9994 Maximum head...

Страница 691: ...uthentication Commands Command Group Function User Accounts Configures the basic user names and passwords for management access Authentication Sequence Defines logon authentication method and preceden...

Страница 692: ...l Maximum length 32 characters plain text or encrypted case sensitive DEFAULT SETTING The default is level 15 The default password is super COMMAND MODE Global Configuration COMMAND USAGE You cannot s...

Страница 693: ...crypted password password password The authentication password for the user Maximum length 32 characters plain text or encrypted case sensitive DEFAULT SETTING The default access level is Normal Exec...

Страница 694: ...fers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RAD...

Страница 695: ...connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and...

Страница 696: ...ting messages Use the no form to restore the default SYNTAX radius server acct port port number no radius server acct port port number RADIUS server UDP port used for accounting messages Range 1 65535...

Страница 697: ...restore the default values SYNTAX no radius server index host host ip address acct port acct port auth port auth port key key retransmit retransmit timeout timeout index Allows you to specify up to f...

Страница 698: ...erver key key string no radius server key key string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters DEFAULT SETTING None...

Страница 699: ...imeout number of seconds no radius server timeout number of seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 DEFAULT SETTING 5 COMMAND MODE Global Config...

Страница 700: ...management access to a switch tacacs server host This command specifies the TACACS server and other optional parameters Use the no form to remove the server or to restore the default values SYNTAX tac...

Страница 701: ...equest Range 1 540 DEFAULT SETTING authentication port 49 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server 1 host 192 168 1 25 port 181 timeout 10...

Страница 702: ...TING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server retransmit This command sets the number of retries Use the no form to restore the d...

Страница 703: ...ng a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console config show tacacs server This command displays the current setting...

Страница 704: ...l RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS hosts configure with the tacacs server host command server group Specifies the name of a server group configure...

Страница 705: ...le the accounting service SYNTAX aaa accounting exec default method name start stop group radius tacacs server group no aaa accounting exec default method name default Specifies the default accounting...

Страница 706: ...update This command enables the sending of periodic updates to the accounting server Use the no form to disable accounting updates SYNTAX aaa accounting update periodic interval no aaa accounting upd...

Страница 707: ...ed with the tacacs server host command server group Specifies the name of a server group configured with the aaa group server command Range 1 255 characters DEFAULT SETTING Authorization is not enable...

Страница 708: ...XAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Страница 709: ...list name Specifies a method list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config i...

Страница 710: ...command list name Specifies a method list created with the aaa authorization exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line...

Страница 711: ...tps Group List radius Interface Eth 1 2 Accounting Type EXEC Method List default Group List tacacs Interface vty Console WEB SERVER This section describes commands used to configure web browser manage...

Страница 712: ...nge 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configuration EXAMPLE Console config ip http port 769 Console config RELATED COMMANDS ip http server 712 show system 609 ip http server This command...

Страница 713: ...to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number EXAMPLE Cons...

Страница 714: ...ction A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape Navigator 6 2 or above and Mozilla Firefox 2 0 0 0 or above The following web browsers and operating sy...

Страница 715: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight sessions can...

Страница 716: ...CP port number to be used by the browser interface Range 1 65535 DEFAULT SETTING 23 COMMAND MODE Global Configuration EXAMPLE Console config ip telnet port 123 Console config ip telnet server This com...

Страница 717: ...authentication retries Specifies the number of retries allowed by a client GC ip ssh server Enables the SSH server on the switch GC ip ssh server key size Sets the SSH server key size GC ip ssh timeo...

Страница 718: ...ts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233...

Страница 719: ...nts that have a private key corresponding to the public keys stored on the switch can access it The following exchanges take place during this process Authenticating SSH v1 5 Clients a The client send...

Страница 720: ...sing any configured IPv4 or IPv6 interface address on the switch ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no f...

Страница 721: ...ling the SSH server EXAMPLE Console ip ssh crypto host key generate dsa Console configure Console config ip ssh server Console config RELATED COMMANDS ip ssh crypto host key generate 723 show ssh 726...

Страница 722: ...e switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty...

Страница 723: ...v1 5 clients and DSA Version 2 for SSHv2 clients This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client...

Страница 724: ...emory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command EXAMPLE Console ip ssh crypto zeroize dsa...

Страница 725: ...leged Exec COMMAND USAGE If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA k...

Страница 726: ...27s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S...

Страница 727: ...s out the authentication session IC dot1x operation mode Allows single or multiple hosts on an dot1x port IC dot1x port control Sets dot1x mode for a port interface IC dot1x re authentication Enables...

Страница 728: ...g as intermediate node in the network and does not need to perform dot1x authentication the dot1x eapol pass through command can be used to forward EAPOL frames from other switches on to the authentic...

Страница 729: ...t1x system auth control Console config dot1x intrusion action This command sets the port s response to a failed authentication either to block all traffic or to assign all traffic for the port to a gu...

Страница 730: ...1x max reauth req count no dot1x max reauth req count The maximum number of requests Range 1 10 DEFAULT 2 COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config i...

Страница 731: ...o a port Range 1 1024 Default 5 mac based Allows multiple hosts to connect to this port with each host needing to be authenticated DEFAULT Single host COMMAND MODE Interface Configuration COMMAND USAG...

Страница 732: ...force authorized COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enables...

Страница 733: ...ault SYNTAX dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 DEFAULT 60 seconds COMMAND MODE Interface Configuration EXAMPLE Console config...

Страница 734: ...er than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Страница 735: ...nterface SYNTAX dot1x re authenticate interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 COMMAND MODE Privileged Exec COMMAND USAGE The re authentication p...

Страница 736: ...ify this switch as a supplicant when responding to an MD5 challenge from the authenticator These parameters must be set when this switch passes client authentication requests to another authenticator...

Страница 737: ...6 which identify this switch as a supplicant and enable dot1x supplicant mode for those ports which must authenticate clients through a remote authenticator using this command In this mode the port wi...

Страница 738: ...upplicant waits for a response from the authenticator for packets other than EAPOL Start EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout auth period 60 Console config if dot1x...

Страница 739: ...eth 1 2 Console config if dot1x timeout start period 60 Console config if show dot1x This command shows general port authentication related settings on the switch or a specific interface SYNTAX show d...

Страница 740: ...before re transmitting EAP packet page 734 Supplicant Timeout Supplicant timeout Server Timeout Server timeout Reauth Max Retries Maximum number of reauthentication attempts Max Request Maximum numbe...

Страница 741: ...h 1 1 Disabled Single Host Force Authorized Yes Eth 1 2 Disabled Single Host Force Authorized Yes Eth 1 11 Disabled Single Host Force Authorized Yes Eth 1 12 Enabled Single Host Auto Yes 802 1X Port D...

Страница 742: ...Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting address of...

Страница 743: ...s EXAMPLE This example restricts management access to the indicated addresses Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console s...

Страница 744: ...CHAPTER 25 Authentication Commands Management IP Filter 744 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console...

Страница 745: ...y of execution for these filtering commands is Port Security Port Authentication Network Access Web Authentication Access Control Lists DHCP Snooping and then IP Source Guard Configures secure address...

Страница 746: ...e the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number...

Страница 747: ...he port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port using the mac address table stat...

Страница 748: ...None 0 0 Eth 1 4 Disabled Secure Down None 0 0 Eth 1 5 Disabled Secure Down None 0 0 Eth 1 6 Disabled Secure Down None 0 0 Eth 1 7 Disabled Secure Down None 0 0 Eth 1 8 Disabled Secure Down None 0 0 E...

Страница 749: ...AC address entries in MAC Filter table can be learned as secure MAC addresses Console show port security interface ethernet 1 2 Global Port Security Parameters Secure MAC aging mode Disabled Port Secu...

Страница 750: ...network access link detection Enables the link detection feature IC network access link detection link down Configures the link detection feature to detect and act upon link down events IC network acc...

Страница 751: ...ured by the MAC Address Authentication process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host o...

Страница 752: ...g network access mac filter 1 mac address 11 22 33 44 55 66 Console config mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re authent...

Страница 753: ...on for the port When a user attempts to log into the network with a returned dynamic QoS profile that is different from users already logged on to the same port the user is denied access While a port...

Страница 754: ...ing the VLANs have already been created on the switch GVRP is not used to create the VLANs The VLAN settings specified by the first authenticated MAC address are implemented for a port Other authentic...

Страница 755: ...t VLAN must be defined and set as active See the vlan database command When used with 802 1X authentication the intrusion action must be set for guest vlan to be effective see the dot1x intrusion acti...

Страница 756: ...isable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 1 Console config if network access link detection link down action trap Consol...

Страница 757: ...onse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND...

Страница 758: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Страница 759: ...ype attribute set to 802 EXAMPLE Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter U...

Страница 760: ...e Con figuration EXAMPLE Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC addres...

Страница 761: ...xx xx xx xx xx xx interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 12 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console clear netwo...

Страница 762: ...AC address table entries SYNTAX show network access mac address table static dynamic address mac address mask interface interface sort address interface static Specifies static address entries dynamic...

Страница 763: ...AULT SETTING Displays all filters COMMAND MODE Privileged Exec EXAMPLE Console show network access mac filter Filter ID MAC Address MAC Mask 1 00 00 01 02 03 08 FF FF FF FF FF FF Console WEB AUTHENTIC...

Страница 764: ...eb auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet period Defines the amount of time to wait after the limit for failed login attempts is exceeded...

Страница 765: ...ation again Range 1 180 seconds DEFAULT SETTING 60 seconds COMMAND MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defin...

Страница 766: ...system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web...

Страница 767: ...ged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Failed to reauth Console web auth re authenticate IP This command ends the web authentication session associated with the desig...

Страница 768: ...mpts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfa...

Страница 769: ...g Enables DHCP snooping globally GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping infor...

Страница 770: ...tered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identi...

Страница 771: ...trusted ports in the same VLAN If a DHCP packet is from server is received on a trusted port it will be forwarded to both trusted and untrusted ports in the same VLAN If the DHCP snooping is globally...

Страница 772: ...mation mac address Inserts a MAC address in the remote ID sub option for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub optio...

Страница 773: ...g the DHCP snooping information option will add option 82 information to the packet If an incoming packet is a DHCP reply packet with option 82 information enabling the DHCP snooping information optio...

Страница 774: ...command verifies the client s hardware address stored in the DHCP packet against the source MAC address in the Ethernet header Use the no form to disable this function SYNTAX no ip dhcp binding verify...

Страница 775: ...the DHCP snooping is globally disabled DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is gl...

Страница 776: ...e VLAN according to the default status or as specifically configured for an interface with the no ip dhcp snooping trust command When an untrusted port is changed to a trusted port all the dynamic DHC...

Страница 777: ...e lease time shown for a dynamic entry that has been restored from flash memory will no longer be valid EXAMPLE Console config ip dhcp snooping database flash Console config show ip dhcp snooping This...

Страница 778: ...commands used to configure IP Source Guard ip source guard binding This command adds a static address to the source guard binding table Use the no form to remove a static entry SYNTAX ip source guard...

Страница 779: ...red in the source guard binding table with this command Static bindings are processed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the...

Страница 780: ...d port Use the sip option to check the VLAN ID source IP address and port number against all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC addr...

Страница 781: ...ard if enabled on an interface for which IP source bindings dynamically learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except...

Страница 782: ...nding 1 Console config if show ip source guard This command shows whether source guard is enabled or disabled on each interface COMMAND MODE Privileged Exec EXAMPLE Console show ip source guard Interf...

Страница 783: ...hosts with statically configured IP addresses This section describes commands used to configure ARP Inspection Table 89 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Ins...

Страница 784: ...ction is enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other packets Disabling and then r...

Страница 785: ...not checked DEFAULT SETTING ARP ACLs are not bound to any VLAN Static mode is not enabled COMMAND MODE Global Configuration COMMAND USAGE ARP ACLs are configured with the commands described on page 33...

Страница 786: ...ogging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VLAN the port...

Страница 787: ...e target IP addresses are checked only in ARP responses src mac Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP...

Страница 788: ...ine and their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs When ARP Inspect...

Страница 789: ...arp inspection trust This command sets a port as trusted and thus exempted from ARP Inspection Use the no form to restore the default setting SYNTAX no ip arp inspection trust DEFAULT SETTING Untruste...

Страница 790: ...ge Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspection interface This command shows the trust status a...

Страница 791: ...cs ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0...

Страница 792: ...CHAPTER 26 General Security Measures ARP Inspection 792 EXAMPLE Console show ip arp inspection vlan 1 VLAN ID DAI Status ACL Name ACL Status 1 disabled sales static Console...

Страница 793: ...4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header type MAC ACLs...

Страница 794: ...her more specific criteria acl name Name of the ACL Maximum length 16 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you cre...

Страница 795: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Страница 796: ...t deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destination port dport port bitmask...

Страница 797: ...t mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Preceden...

Страница 798: ...port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any con...

Страница 799: ...ccess list 799 Time Range 648 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP access l...

Страница 800: ...ist ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP address and...

Страница 801: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address prefi...

Страница 802: ...ipv6 address source ipv6 address prefix length any destination ipv6 address prefix length dscp dscp next header next header time range time range name no permit deny any host source ipv6 address sourc...

Страница 803: ...oded in separate headers that may be placed between the IPv6 header and the upper layer header in a packet There are a small number of such extension headers each identified by a distinct Next Header...

Страница 804: ...6 ACL acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 access list standard IPv6 standard access list david permit host 2009 DB9 2229 79 per...

Страница 805: ...ent ACL the switch will replace the old binding with the new one EXAMPLE Console config interface ethernet 1 2 Console config if ipv6 access group standard david in Console config if RELATED COMMANDS...

Страница 806: ...al Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To remove a rule use...

Страница 807: ...ny host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bitmask time range time range name no permit deny tagged eth2 any...

Страница 808: ...ce MAC address destination Destination MAC address range with bitmask address bitmask15 Bitmask for MAC address in hexadecimal format vid VLAN ID Range 1 4093 vid bitmask15 VLAN bitmask Range 1 4095 p...

Страница 809: ...time range time range name acl name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets time rang...

Страница 810: ...list M5 in Console RELATED COMMANDS mac access group 809 show mac access list This command displays the rules for configured MAC ACLs SYNTAX show mac access list acl name acl name Name of the ACL Maxi...

Страница 811: ...OMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To cr...

Страница 812: ...esponse ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac des...

Страница 813: ...mac any any Console config mac acl RELATED COMMANDS access list arp 811 show arp access list This command displays the rules for configured ARP ACLs SYNTAX show arp access list acl name acl name Name...

Страница 814: ...andard acl name mac acl name tcam utilization arp Shows ingress or egress rules for ARP ACLs ip extended Shows ingress rules for Extended IPv4 ACLs ip standard Shows ingress rules for Standard IPv4 AC...

Страница 815: ...5 255 15 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2...

Страница 816: ...CHAPTER 27 Access Control Lists ACL Information 816...

Страница 817: ...n is disabled IC switchport packet rate Configures broadcast multicast and unknown unicast storm control thresholds IC transceiver threshold current Sends a trap when the transceiver current falls out...

Страница 818: ...or IPv6 address before a connection can be made through Telnet SSH or HTTP show interfaces switchport Displays the administrative and operational status of an interface NE PE show interfaces transcei...

Страница 819: ...remember what is attached to this interface Range 1 64 characters DEFAULT SETTING None COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE The alias is displayed in the running co...

Страница 820: ...FAULT SETTING 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH SFP 1000full COMMAND MODE Interface Configuration Ethernet Port Channel COMMA...

Страница 821: ...thernet Port Channel COMMAND USAGE The description is displayed by the show interfaces status command and in the running configuration file An example of the value which a network manager might store...

Страница 822: ...auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise ba...

Страница 823: ...ombination ports Use the no form to restore the default mode SYNTAX media type mode no media type mode copper forced Always uses the built in RJ 45 port sfp forced Always uses the SFP port even if mod...

Страница 824: ...ased on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If auto negotiation is disabled auto MDI...

Страница 825: ...n 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation DEFAULT SETTING Auto negotiation is enabled by default When auto negotiation is disabled the default speed dup...

Страница 826: ...multicast Specifies storm control for multicast traffic unicast Specifies storm control for unknown unicast traffic rate Threshold level as a rate i e kilobits per second Range 64 1000000 Kbps for Gi...

Страница 827: ...nds on the same interface EXAMPLE The following shows how to configure broadcast storm control at 600 kilobits per second Console config interface ethernet 1 5 Console config if switchport broadcast p...

Страница 828: ...ust above and below either the high threshold or the low threshold Trap messages configured by this command are sent to any management station configured by the snmp server host command EXAMPLE The fo...

Страница 829: ...ole config if transceiver threshold rx power low alarm 9 Console config if transceiver threshold rx power high alarm 99 Console transceiver threshold temperature This command sends a trap when the tra...

Страница 830: ...sceiver threshold tx power This command sends a trap when the power level of the transmitted signal falls outside of the specified thresholds SYNTAX transceiver threshold tx power high alarm high warn...

Страница 831: ...ecified thresholds SYNTAX transceiver threshold voltage high alarm high warning low alarm low warning threshold value high alarm Sends an alarm message when the high voltage threshold is crossed high...

Страница 832: ...t unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 vlan vlan id Range 1 4093 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Statis...

Страница 833: ...Down 1 0 Auto 100TX None show interfaces counters This command displays interface statistics SYNTAX show interfaces counters interface interface ethernet unit port unit Unit identifier Range 1 port Po...

Страница 834: ...rier Sense Errors 0 Symbol Errors 0 Pause Frames Input 0 Pause Frames Output RMON Stats 0 Drop Events 16900558 Octets 40243 Packets 170 Broadcast PKTS 23 Multi cast PKTS 0 Undersize PKTS 0 Oversize PK...

Страница 835: ...nt The number of historical samples to display Range 1 96 input Ingress traffic output Egress traffic DEFAULT SETTING Shows historical statistics for all interfaces intervals ingress traffic and egres...

Страница 836: ...00d 02 45 07 116003318 616894 336491 17899 Discards Errors Unknown Proto 0 0 0 Octets Output Unicast Multicast Broadcast 648387890 819696 358285 8921 Discards Errors 0 0 Interface Eth 1 1 Name 1day I...

Страница 837: ...roadcast 5095864 7894 1776 18 Discards Errors 0 0 Previous Entries Start Time Octets Input Unicast Multicast Broadcast 00d 00 05 37 1400912 9381 1895 50 00d 00 06 37 1566090 10660 2195 50 00d 00 07 37...

Страница 838: ...laying Connection Status on page 135 EXAMPLE Console show interfaces status ethernet 1 1 Information of Eth 1 1 Basic Information Port Type 100TX MAC Address 00 E0 0C 00 00 FE Configuration Name Port...

Страница 839: ...shold Enabled 500 packets second Multicast Threshold Disabled Unknown Unicast Threshold Disabled LACP Status Disabled Ingress Rate Limit Disabled 1000M bits per second Egress Rate Limit Disabled 1000M...

Страница 840: ...mode as Trunk or Hybrid page 942 Ingress Rule Shows if ingress filtering is enabled or disabled page 942 Acceptable Frame Type Shows if acceptable VLAN frames include all types or tagged frames only p...

Страница 841: ...e 0x00 Eth Compliance Codes 1000BASE ZX Baud Rate 1300 MBd Vendor OUI 00 00 5F Vendor Name SumitomoElectric Vendor PN SCP6G94 FN BWH Vendor Rev Z Vendor SN SE08T712Z00006 Date Code 10 09 14 DDM Info T...

Страница 842: ...ny Fast Ethernet ports that are linked up or for any Gigabit Ethernet ports linked up at a speed lower than 1000 Mbps Impedance mismatch Terminating impedance is not in the reference range Ports are l...

Страница 843: ...ements based on cable connections operating at 100 meters Enabling power saving mode can reduce power used for cable lengths of 60 meters or less with more significant reduction for cables of 20 meter...

Страница 844: ...particular link NOTE Power savings mode on a active link only works when the connection speed is 100 Mbps or higher at linkup and line length is less than 60 meters NOTE Power savings can only be impl...

Страница 845: ...p to 8 ports The ports at both ends of a connection must be configured as trunk ports Table 98 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Conf...

Страница 846: ...the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group However if the port channel admin key is set...

Страница 847: ...use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination IP address is output on the sa...

Страница 848: ...ove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates trunk 1 and then adds port 10 Console config interface port channel...

Страница 849: ...nd shows that Trunk1 has been established Console config interface ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if lacp Console config if interface ether...

Страница 850: ...only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin...

Страница 851: ...indicates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP...

Страница 852: ...switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been established LACP...

Страница 853: ...e interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3...

Страница 854: ...is channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of f...

Страница 855: ...n this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The S...

Страница 856: ...e Destination IP address Console Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key...

Страница 857: ...an id mac address mac address no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 12 rx Mirror received packets tx Mirror transmitt...

Страница 858: ...monitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match otherwise traffic may be dropped from the monito...

Страница 859: ...figured source port destination port and mirror mode i e RX TX RX TX EXAMPLE The following shows mirroring configured from port 6 to port 5 Console config interface ethernet 1 5 Console config if port...

Страница 860: ...re not allowed A port can only be configured as one type of RSPAN interface source destination or uplink Also note that the source port and destination port cannot be configured on the same switch Onl...

Страница 861: ...an RSPAN source or destination port Also when a port is configured as an RSPAN uplink port port security cannot be enabled on that port rspan source Use this command to specify the source port and tr...

Страница 862: ...and to specify the destination port to monitor the mirrored traffic Use the no form to disable RSPAN on the specified port SYNTAX rspan session session id destination interface interface tagged untagg...

Страница 863: ...span remote vlan Use this command to specify the RSPAN VLAN switch role source intermediate or destination and the uplink ports Use the no form to disable the RSPAN on the specified VLAN SYNTAX no rsp...

Страница 864: ...s of this VLAN Ports cannot be manually assigned to an RSPAN VLAN with the switchport allowed vlan command Nor can GVRP dynamically add port members to an RSPAN VLAN Also note that the show vlan comma...

Страница 865: ...X show rspan session session id session id A number identifying this RSPAN session Range 1 2 Only two mirror sessions are allowed including both local and remote mirroring If local mirroring is enable...

Страница 866: ...CHAPTER 30 Port Mirroring Commands RSPAN Mirroring Commands 866...

Страница 867: ...default status of disabled SYNTAX rate limit input output rate no rate limit input output input Input rate for specified interface output Output rate for specified interface rate Maximum value in Kbp...

Страница 868: ...control command It is therefore not advisable to use both of these commands on the same interface EXAMPLE Console config interface ethernet 1 1 Console config if rate limit input 64 Console config if...

Страница 869: ...er expires IC Port auto traffic control auto control release Automatically releases a control response IC Port auto traffic control control release Manually releases a control response IC Port SNMP Tr...

Страница 870: ...neath the lower threshold after a storm control response has been triggered and the release timer expires IC Port ATC Display Commands show auto traffic control Shows global configuration settings for...

Страница 871: ...eleased automatically or manually The control response of shutting down a port can only be released manually Figure 352 Storm Control by Shutting Down a Port The key elements of this diagram are the s...

Страница 872: ...d by the auto traffic control action command and a trap message sent as specified by the snmp server enable port traps atc broadcast control apply command or snmp server enable port traps atc multicas...

Страница 873: ...affic control This command enables automatic traffic control for broadcast or multicast storms Use the no form to disable this feature SYNTAX no auto traffic control broadcast multicast broadcast Spec...

Страница 874: ...figured by the auto traffic control alarm clear threshold command shutdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic control can onl...

Страница 875: ...ontrol for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The lower threshold for ingress traffic beneath which a cleared storm control trap is sent Rang...

Страница 876: ...multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second DEFAULT SETTING...

Страница 877: ...he release timer has expired To release a control response which has shut down a port after the specified action has been triggered and the release timer has expired use the auto traffic control contr...

Страница 878: ...terface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc broadcast alarm clear Console config if RELATED COMMANDS auto traffic c...

Страница 879: ...le config if snmp server enable port traps atc broadcast control apply Console config if RELATED COMMANDS auto traffic control alarm fire threshold 876 auto traffic control apply timer 872 snmp server...

Страница 880: ...onfiguration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc multicast alarm clear Console config if RELATED COMMANDS auto traffic control ac...

Страница 881: ...le config if snmp server enable port traps atc multicast control apply Console config if RELATED COMMANDS auto traffic control alarm fire threshold 876 auto traffic control apply timer 872 snmp server...

Страница 882: ...le show auto traffic control interface This command shows interface configuration settings and storm control status for the specified port SYNTAX show auto traffic control interface interface interfac...

Страница 883: ...CHAPTER 32 Automatic Traffic Control Commands 883 Trap Traffic Release Disabled Disabled Console...

Страница 884: ...CHAPTER 32 Automatic Traffic Control Commands 884...

Страница 885: ...seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 108 Address Table Commands Command Function Mode mac address...

Страница 886: ...switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Страница 887: ...ac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interfa...

Страница 888: ...ans to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPLE Console show mac address...

Страница 889: ...X show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND...

Страница 890: ...CHAPTER 33 Address Table Commands 890...

Страница 891: ...ystem bpdu flooding Floods BPDUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission li...

Страница 892: ...P trap notification for a port IC spanning tree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC span...

Страница 893: ...o IOS Release 12 2 25 SEC do not fully follow the IEEE standard causing some state machine procedures to function incorrectly The command forces the spanning tree protocol to function in a manner comp...

Страница 894: ...E Console config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore t...

Страница 895: ...onfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becom...

Страница 896: ...delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the mig...

Страница 897: ...ath between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 905 takes precedence over...

Страница 898: ...the lowest MAC address will then become the root device EXAMPLE Console config spanning tree priority 40000 Console config spanning tree mst configuration This command changes to Multiple Spanning Tre...

Страница 899: ...port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu flooding command has no effect if BPDU flooding is...

Страница 900: ...tance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the ho...

Страница 901: ...ance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs SYNTAX no mst instance id vlan vlan range instance id Instance identifier of the sp...

Страница 902: ...Use the no form to clear the name SYNTAX name name name Name of the spanning tree DEFAULT SETTING Switch s MAC address COMMAND MODE MST Configuration COMMAND USAGE The MST region name and revision num...

Страница 903: ...du filter DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command filters all Bridge Protocol Data Units BPDUs received on an interface to save C...

Страница 904: ...00 seconds COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE An edge port should only be connected to end nodes which do not generate BPDUs If a BPDU is received on an edge port...

Страница 905: ...is set to 65 535 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lowe...

Страница 906: ...s at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicke...

Страница 907: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Страница 908: ...on action block shutdown duration no spanning tree loopback detection action block Blocks user traffic shutdown Shuts down the interface duration The duration to shut down the interface Range 60 86400...

Страница 909: ...en the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes to link...

Страница 910: ...ifier of the spanning tree Range 0 4094 no leading zeroes cost Path cost for an interface Range 0 for auto configuration 1 65535 for short path cost method18 1 200 000 000 for long path cost method Th...

Страница 911: ...ee Use the no form to restore the default SYNTAX spanning tree mst instance id port priority priority no spanning tree mst instance id port priority instance id Instance identifier of the spanning tre...

Страница 912: ...the receiving port s native VLAN as specified by the spanning tree system bpdu flooding command The spanning tree system bpdu flooding command has no effect if BPDU flooding is disabled on a port by...

Страница 913: ...ort Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch receiv...

Страница 914: ...his example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree loopback detection r...

Страница 915: ...t Port number Range 1 12 port channel channel id Range 1 12 COMMAND MODE Privileged Exec COMMAND USAGE If at any time the switch detects STP BPDUs including Configuration or Topology Change Notificati...

Страница 916: ...face in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst command to...

Страница 917: ...sabled State Discarding External Admin Path Cost 0 Internal Admin Path Cost 0 External Oper Path Cost 100000 Internal Oper Path Cost 100000 Priority 128 Designated Cost 100000 Designated Port 128 1 De...

Страница 918: ...nfiguration This command shows the configuration of the multiple spanning tree COMMAND MODE Privileged Exec EXAMPLE Console show spanning tree mst configuration Mstp Configuration Information Configur...

Страница 919: ...in Creates an ERPS ring and enters ERPS configuration mode GC control vlan Adds a Control VLAN to an ERPS ring ERPS enable Activates the current ERPS ring ERPS guard timer Sets the timer to prevent ri...

Страница 920: ...AN must NOT be configured with an IP address In addition only ring ports may be added to the CVLAN prior to configuring the VLAN as a CVLAN No other ports can be members of this VLAN once set as a CVL...

Страница 921: ...me of a specific ERPS ring Range 1 12 characters DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config erps domain r d Console config erps control vlan This command specifies a...

Страница 922: ...base Console config vlan vlan 2 name rdc media ethernet state active Console config vlan exit Console config interface ethernet 1 12 Console config if switchport allowed vlan add 2 tagged Console conf...

Страница 923: ...f 10 milliseconds DEFAULT SETTING 500 milliseconds COMMAND MODE ERPS Configuration COMMAND USAGE The guard timer duration should be greater than the maximum expected forwarding delay for an R APS mess...

Страница 924: ...protection switching mechanism The reported defect need not be the same one that started the timer EXAMPLE Console config erps holdoff timer 300 Console config erps major domain This command specifies...

Страница 925: ...munication channel for ring automatic protection switching R APS information Range 0 7 DEFAULT SETTING 1 COMMAND MODE ERPS Configuration COMMAND USAGE This parameter is used to ensure that received R...

Страница 926: ...NG Disabled COMMAND MODE ERPS Configuration COMMAND USAGE When a secondary ring detects a topology change it can pass a message about this event to the major ring When the major ring receives this kin...

Страница 927: ...nce the ports connected are referred to as east and west ports Alternatively the closest neighbor to the east should be the next node in the ring in a clockwise direction and the closest neighbor to t...

Страница 928: ...ed to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure Range 5 12 minutes DEFAULT SETTING 5 minutes COMMAND MODE ERPS Configuration COMMAND USAGE If the...

Страница 929: ...led on the switch Number of ERPS Domains Shows the number of ERPS rings configured on the switch Domain Displays the name of each ring followed by a brief list of status information State Shows the fo...

Страница 930: ...APS messages is allowed Forwarding The transmission and reception of traffic is allowed transmission reception and forwarding of R APS messages is allowed Down The interface is not linked up Unknown T...

Страница 931: ...s including ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Con...

Страница 932: ...USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 933: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 934: ...NG No VLANs are included in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified int...

Страница 935: ...ge Extension Capabilities on page 107 for a description of the displayed items EXAMPLE Console show bridge ext Maximum Supported VLAN Numbers 4093 Maximum Supported VLAN ID 4093 Extended Multicast Fil...

Страница 936: ...0 centiseconds Console RELATED COMMANDS garp timer 933 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit port unit Unit ide...

Страница 937: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 938: ...spend VLAN is suspended Suspended VLANs do not pass packets rspan Keyword to create a VLAN used for mirroring traffic from remote switches The VLAN used for RSPAN cannot include VLAN 1 the switch s de...

Страница 939: ...onfiguration Table 118 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchport acceptable frame types Confi...

Страница 940: ...store the default SYNTAX switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frame...

Страница 941: ...d If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parame...

Страница 942: ...ltering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames such as GMRP EXAMPLE The following example shows how to set the interface to...

Страница 943: ...the switchport mode to hybrid Console config interface ethernet 1 1 Console config if switchport mode hybrid Console config if RELATED COMMANDS switchport acceptable frame types 940 switchport native...

Страница 944: ...his command to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1 and 2 configured on switche...

Страница 945: ...following example enables VLAN trunking on ports 9 and 10 to establish a path across the switch for unknown VLAN groups Console config interface ethernet 1 9 Console config if vlan trunking Console co...

Страница 946: ...er specific VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double taggi...

Страница 947: ...onfigure the QinQ tunnel uplink port to join the SPVLAN as a tagged member switchport allowed vlan Limitations for QinQ The native VLAN for the tunnel uplink ports and tunnel access ports cannot be th...

Страница 948: ...ng must be enabled on the switch using the dot1q tunnel system tunnel control command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a pac...

Страница 949: ...the default VID of the edge router s ingress port This process is performed in a transparent manner as described under IEEE 802 1Q Tunneling on page 189 When priority bits are found in the inner tag t...

Страница 950: ...ingress vlan translation Inject double tagged frame SVID 101 CVID 10 to Port 2 then Port 1 exits single tagged frame VID 10 switching 3 Port 1 switchport dot1q tunnel service 101 match cvid 10 remove...

Страница 951: ...d upon as untagged frames and assigned to the native VLAN of that port All ports on the switch will be set to the same ethertype EXAMPLE Console config interface ethernet 1 1 Console config if switchp...

Страница 952: ...used to configure Layer 2 Protocol Tunneling L2PT l2protocol tunnel tunnel dmac This command configures the destination address for Layer 2 Protocol Tunneling L2PT Use the no form to restore the defa...

Страница 953: ...twork treat these encapsulated packets in the same way as normal data forwarding them across to the tunnel s egress port The egress port decapsulates these packets restores the proper protocol and MAC...

Страница 954: ...e STP means STP RSTP MSTP it is forwarded to the following ports in the same S VLAN a all access ports for which L2PT has been disabled and b all uplink ports recognized as a Generic Bridge PDU Tunnel...

Страница 955: ...le config l2protocol tunnel tunnel dmac 01 80 C2 00 00 01 Console config switchport l2protocol tunnel This command enables Layer 2 Protocol Tunneling L2PT for the specified protocol Use the no form to...

Страница 956: ...ter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider port based traffic segmentation can be use...

Страница 957: ...the same switch Traffic may pass freely between uplink ports in segmented groups and ports in normal VLANs Enter the traffic segmentation command without any parameters to enable traffic segmentation...

Страница 958: ...o configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 938 Although not mandatory we suggest configuring a separate VLAN for each majo...

Страница 959: ...MAND MODE Global Configuration EXAMPLE The following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types Console config protocol vlan protocol group 1 add frame type...

Страница 960: ...ames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the d...

Страница 961: ...VLANs for the selected interfaces SYNTAX show interfaces protocol vlan protocol group interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel chan...

Страница 962: ...et to VLAN assignment SYNTAX subnet vlan subnet ip address mask vlan vlan id priority priority no subnet vlan subnet ip address mask all ip address The IP address that defines the subnet Valid IP addr...

Страница 963: ...24 to VLAN 4 Console config subnet vlan subnet 192 168 12 192 255 255 255 224 vlan 4 Console config show interfaces subnet vlan This command displays a brief summary of IP Subnet VLAN settings SYNTAX...

Страница 964: ...248 255 255 255 252 7 0 192 168 12 252 255 255 255 254 8 0 192 168 12 254 255 255 255 255 9 0 192 168 12 255 255 255 255 255 10 0 Console CONFIGURING MAC BASED VLANS When using IEEE 802 1Q port based...

Страница 965: ...raffic Range 0 7 where 7 is the highest priority DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The MAC to VLAN mapping applies to all ports on the switch Source MAC addresses ca...

Страница 966: ...be manually configured voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to disable the Voice VLAN SYNTAX voice vlan voice vlan id no voice vlan voi...

Страница 967: ...rt as a tagged member of the Voice VLAN Only one Voice VLAN is supported and it must already be created on the switch before it can be specified as the Voice VLAN The Voice VLAN ID cannot be modified...

Страница 968: ...text that identifies the VoIP devices Range 1 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE VoIP devices attached to the switch can be identified by the manufactur...

Страница 969: ...chport voice vlan rule command When OUI is selected be sure to configure the MAC address ranges in the Telephony OUI list using the voice vlan mac address command All ports are set to VLAN hybrid mode...

Страница 970: ...se the no form to disable the detection method on the port SYNTAX no switchport voice vlan rule oui lldp oui Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the...

Страница 971: ...port that are tagged with the voice VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch P...

Страница 972: ...o Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 100 Eth 1 4 Auto Enabled OUI 6 100 Eth 1 5 Disabled Disabled OUI 6 NA Eth 1 6 Disabled Disabled OUI 6 NA Eth 1 7 Dis...

Страница 973: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 974: ...cates a strict queue DEFAULT SETTING WRR COMMAND MODE Global Configuration COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of strict and we...

Страница 975: ...weight This command assigns weights to the eight class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use...

Страница 976: ...rity mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged f...

Страница 977: ...Console config if RELATED COMMANDS show interfaces switchport 839 show queue mode This command shows the current queue mode COMMAND MODE Privileged Exec EXAMPLE Console show queue mode Queue Mode Wei...

Страница 978: ...l format Range 0 1 Table 129 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal...

Страница 979: ...or internal processing Note that priority tags in the original packet are not modified by this command The internal DSCP consists of three bits for per hop behavior PHB which determines the queue to w...

Страница 980: ...DSCP by the qos map trust mode command and the ingress packet type is IPv4 Two QoS domains can have different DSCP definitions so the DSCP to PHB Drop Precedence mutation map can be used to modify one...

Страница 981: ...rface ethernet 1 5 Console config if qos map dscp mutation 3 1 from 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per hop behavi...

Страница 982: ...essing will be based on the DSCP value in the ingress packet If the QoS mapping mode is set to DSCP and a non IP packet is received the packet s CoS and CFI Canonical Format Indicator values are used...

Страница 983: ...1 5 CoS Information of Eth 1 5 CoS DSCP map x y x PHB y drop precedence CoS CFI 0 1 0 0 0 0 0 1 1 0 1 0 2 2 0 2 0 3 3 0 3 0 4 4 0 4 0 5 5 0 5 0 6 6 0 6 0 7 7 0 7 0 Console show qos map dscp mutation T...

Страница 984: ...0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0 2 1 2 0 2 3 3 0 3 1 3 0 3 3 3 0 3 1 3 3 0 3 3 4 0 4 1 4 0 4 3 4 0 4 1 4 0 4 3 4 5 0 5 1 5 0 5 3 5 0 5 1 6 0 5 3 6 0 6 1 5 6 0 6 3 6...

Страница 985: ...ap trust mode interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 COMMAND MODE Privileged Exec EXAMPLE The foll...

Страница 986: ...CHAPTER 37 Class of Service Commands Priority Commands Layer 3 and 4 986...

Страница 987: ...classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an enforcer...

Страница 988: ...mmand to modify the per hop behavior the class of service value in the VLAN tag or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the police commands to...

Страница 989: ...ss maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packet...

Страница 990: ...ort unit Unit identifier Range 1 port Port number Range 1 12 vlan A VLAN Range 1 4093 DEFAULT SETTING None COMMAND MODE Class Map Configuration COMMAND USAGE First enter the class map command to desig...

Страница 991: ...map rd class 2 match any Console config cmap match ip precedence 5 Console config cmap This example creates a class map call rd class 3 and sets it to match packets marked for VLAN 1 Console config c...

Страница 992: ...ass Map page 992 before assigning it to a Policy Map EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set command to cl...

Страница 993: ...ets the IP DSCP value in matching packets This modifies packet priority in the IP header police commands define parameters such as the maximum throughput burst rate and response to non conforming traf...

Страница 994: ...ate action Action to take when packet exceeds the CIR and BC There are not enough tokens to service the packet the packet is set red transmit Transmits without taking any action drop Drops packet as r...

Страница 995: ...that incoming packets will receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate to 4000 bytes and configure the response to drop any violating p...

Страница 996: ...i e class maps for ingress ports The committed rate cannot exceed the configured interface speed and the committed burst and excess burst cannot exceed 16 Mbytes The srTCM as defined in RFC 2697 mete...

Страница 997: ...minimum value of 0 else If the packet has been precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and...

Страница 998: ...r second Range 64 1000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower peak burst Peak burst size BP in bytes Range 4000 16000000 at a granularity of 4k bytes conform acti...

Страница 999: ...the packet The behavior of the meter is specified in terms of its mode and two token buckets P and C which are based on the rates PIR and CIR respectively The maximum size of the token bucket P is BP...

Страница 1000: ...sole config pmap class rd class Console config pmap c set phb 3 Console config pmap c police trtcm color blind 100000 4000 100000 6000 conform action transmit exceed action 0 violate action drop Conso...

Страница 1001: ...d Use the no form to remove this traffic classification SYNTAX no set ip dscp new dscp new dscp New Differentiated Service Code Point DSCP value Range 0 63 DEFAULT SETTING None COMMAND MODE Policy Map...

Страница 1002: ...to control queue congestion by the police srtcm color command and police trtcm color command The set cos and set phb command function at the same level of priority Therefore setting either of these co...

Страница 1003: ...ce Configuration Ethernet Port Channel COMMAND USAGE Only one policy map can be assigned to an interface First define a class map then define a policy map and finally use the service policy command to...

Страница 1004: ...classification criteria for incoming traffic and may include policers for bandwidth limitations SYNTAX show policy map policy map name class class map name policy map name Name of the policy map Range...

Страница 1005: ...assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 COM...

Страница 1006: ...CHAPTER 38 Quality of Service Commands 1006...

Страница 1007: ...ard all inbound multicast traffic to the attached VLANs IGMP Filtering and Throttling Configures IGMP filtering and throttling Multicast VLAN Registration Configures a single network wide multicast VL...

Страница 1008: ...members GC ip igmp snooping vlan last memb query intvl Configures the last member query interval GC ip igmp snooping vlan mrd Sends multicast router solicitation messages GC ip igmp snooping vlan pro...

Страница 1009: ...interface settings will not take effect until snooping is re enabled globally EXAMPLE The following example enables IGMP snooping globally Console config ip igmp snooping Console config ip igmp snoopi...

Страница 1010: ...he specified VLAN DEFAULT SETTING Global Enabled VLAN Based on global setting COMMAND MODE Global Configuration COMMAND USAGE When proxy reporting is enabled with this command the switch performs IGMP...

Страница 1011: ...o not include the Router Alert option Use the no form to ignore the Router Alert Option when receiving IGMP messages SYNTAX no ip igmp snooping router alert option check DEFAULT SETTING Disabled COMMA...

Страница 1012: ...ping router port expire time seconds The time the switch waits after the previous querier stops before it considers it to have expired Range 1 65535 Recommended Range 300 500 DEFAULT SETTING 300 secon...

Страница 1013: ...nds unsolicited reports for all current learned channels out through the new uplink port By default the switch immediately enters into multicast flooding mode when a spanning tree topology change occu...

Страница 1014: ...l also immediately issues an IGMP general query The ip igmp snooping tcn query solicit command can be used to send a query solicitation whenever it notices a topology change even if the switch is not...

Страница 1015: ...no form to restore the default value SYNTAX ip igmp snooping unsolicited report interval seconds no ip igmp snooping version exclusive seconds The interval at which to issue unsolicited reports Range...

Страница 1016: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Страница 1017: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Страница 1018: ...ssage is received The router querier stops forwarding traffic for that group only if no host replies to the query within the time out period The time out for this release is currently defined by Last...

Страница 1019: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 1020: ...lan id VLAN ID Range 1 4093 DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation and...

Страница 1021: ...proxy address source address vlan id VLAN ID Range 1 4093 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Страница 1022: ...lan vlan id query interval vlan id VLAN ID Range 1 4093 interval The interval between sending IGMP general queries Range 10 31744 seconds DEFAULT SETTING 100 10 seconds COMMAND MODE Global Configurati...

Страница 1023: ...onds COMMAND MODE Global Configuration COMMAND USAGE This command applies when the switch is serving as the querier page 1011 or as a proxy host when IGMP snooping proxy reporting is enabled page 1010...

Страница 1024: ...AGE This command displays global and VLAN specific IGMP configuration settings See Configuring IGMP Snooping and Query Parameters on page 532 for a description of the displayed items EXAMPLE The follo...

Страница 1025: ...t group interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 igmpsnp Display only entries learned through IGMP snooping sort by port...

Страница 1026: ...entifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 vlan vlan id VLAN ID Range 1 4093 query Displays IGMP snooping related statistics DEFAULT SETTING None COMMAND MODE Priv...

Страница 1027: ...eport leave or query was dropped Packets may be dropped due to invalid format rate limiting or packet content not allowed Join Succ The number of times a multicast group was successfully joined Group...

Страница 1028: ...SAGE Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP General Query Received The number of general queries received on this i...

Страница 1029: ...r port within VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 10 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamicall...

Страница 1030: ...or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested mult...

Страница 1031: ...e number SYNTAX no ip igmp profile profile number profile number An IGMP filter profile number Range 1 4294967295 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE A profile def...

Страница 1032: ...fig igmp profile range This command specifies multicast group addresses for a profile Use the no form to delete addresses from a profile SYNTAX no range low ip address high ip address low ip address A...

Страница 1033: ...rface A profile can also be assigned to a trunk interface When ports are configured as trunk members the trunk uses the filtering profile assigned to the first port member in the trunk EXAMPLE Console...

Страница 1034: ...x groups 10 Console config if ip igmp max groups action This command sets the IGMP throttling action for an interface on the switch SYNTAX ip igmp max groups action deny replace deny The new multicast...

Страница 1035: ...EXAMPLE Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239...

Страница 1036: ...tle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMA...

Страница 1037: ...tching Enables MVR proxy switching where the source port acts as a host and the receiver port acts as an MVR router with querier service enabled GC mvr robustness value Configures the expected packet...

Страница 1038: ...s to generate report and group specific queries GC mvr6 upstream source ip Configures the source IP address assigned to all control packets sent upstream GC mvr6 vlan Specifies the VLAN through which...

Страница 1039: ...AULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Only IGMP version 2 or 3 hosts can issue multicast join or leave messages If MVR must be configured for an IGMP version 1 host the...

Страница 1040: ...function SYNTAX no mvr proxy switching DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE When MVR proxy switching is enabled an MVR source port serves as the upstream or host int...

Страница 1041: ...EXAMPLE The following example enable MVR proxy switching Console config mvr proxy switching Console config RELATED COMMANDS mvr robustness value 1041 mvr robustness value This command configures the...

Страница 1042: ...255 255 DEFAULT SETTING No profiles are defined COMMAND MODE Global Configuration COMMAND USAGE Use this command to statically configure all multicast group addresses that will join the MVR VLAN Any...

Страница 1043: ...bal Configuration EXAMPLE Console config mvr domain 1 upstream source ip 192 168 0 3 Console config mvr vlan This command specifies the VLAN through which MVR multicast data is received Use the no for...

Страница 1044: ...ent multicast domain Range 1 5 DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Immediate leave applies only to receiver ports When enabled the receive...

Страница 1045: ...MMAND USAGE A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering Receiver ports can...

Страница 1046: ...Receiver VLAN to which the specified multicast traffic is flooded Range 1 4093 group Defines a multicast service sent to the selected port ip address Statically configures an interface to receive mul...

Страница 1047: ...s configuration settings for all MVR domains COMMAND MODE Privileged Exec EXAMPLE The following shows the MVR settings Console show mvr MVR 802 1p Forwarding Priority Disabled MVR Proxy Switching Enab...

Страница 1048: ...terface This command shows MVR configuration settings for interfaces attached to the MVR VLAN SYNTAX show mvr domain domain id interface domain id An independent multicast domain Range 1 5 DEFAULT SET...

Страница 1049: ...ess host ip address interface sort by port interface domain id An independent multicast domain Range 1 5 ip address IPv4 address for an MVR multicast group Range 224 0 1 0 239 255 255 255 members The...

Страница 1050: ...nt 1 Console The following example shows detailed information about a specific multicast address Console show mvr domain 1 members 234 5 6 7 MVR Domain 1 MVR Forwarding Entry Count 1 Flag S Source por...

Страница 1051: ...ce SYNTAX show mvr statistics input output interface interface show mvr domain domain id statistics input interface interface output interface interface query domain id An independent multicast domain...

Страница 1052: ...ws interfaces attached to the MVR Report The number of IGMP membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general qu...

Страница 1053: ...led COMMAND MODE Global Configuration G Query The number of general query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent fr...

Страница 1054: ...domain 1 Console config mvr6 domain 1 Console config mvr6 profile This command maps a range of MVR group addresses to a profile Use the no form of this command to remove the profile SYNTAX mvr6 profi...

Страница 1055: ...range of MVR group addresses to a profile Console config mvr6 profile rd ff00 1 ff00 9 Console config mvr6 proxy switching This command enables MVR proxy switching where the source port acts as a hos...

Страница 1056: ...ery message it will be dropped EXAMPLE The following example enable MVR proxy switching Console config mvr proxy switching Console config RELATED COMMANDS mvr6 robustness value 1056 mvr6 robustness va...

Страница 1057: ...cast domain Range 1 5 source ip address The source IPv6 address assigned to all MVR control packets sent upstream This parameter must be a full IPv6 address including the network prefix and host addre...

Страница 1058: ...ration COMMAND USAGE MVR source ports can be configured as members of the MVR VLAN using the switchport allowed vlan command and switchport native vlan command but MVR receiver ports should not be sta...

Страница 1059: ...EXAMPLE The following enables immediate leave on a receiver port Console config interface ethernet 1 5 Console config if mvr6 domain 1 immediate leave Console config if mvr6 type This command configu...

Страница 1060: ...le config if mvr6 domain 1 type receiver Console config if mvr6 vlan group This command statically binds a multicast group to a port which will receive long term multicast streams associated with a st...

Страница 1061: ...thernet 1 2 Console config if mvr6 domain 1 type receiver Console config if mvr6 domain 1 vlan 2 group ff00 1 Console config if show mvr6 This command shows information about MVR domain settings inclu...

Страница 1062: ...show mvr6 domain domain id interface domain id An independent multicast domain Range 1 5 DEFAULT SETTING Displays configuration settings for all attached interfaces Table 148 show mvr6 display descrip...

Страница 1063: ...ndependent multicast domain Range 1 5 ip address IPv6 address for an MVR multicast group DEFAULT SETTING Displays configuration settings for all domains and all forwarding entries COMMAND MODE Privile...

Страница 1064: ...S Source port R Receiver port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h m s Expire Group remaining time m s...

Страница 1065: ...shows MVR protocol related statistics for the specified interface SYNTAX show mvr6 statistics input output interface interface show mvr6 domain domain id statistics input interface interface output in...

Страница 1066: ...attached to the MVR Report The number of IGMP membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general query messages r...

Страница 1067: ...0 h 00 m 30 s General Query Received 10 General Query Sent 0 Specific Query Received 2 Specific Query Sent 0 Number of Reports Sent 2 Number of Leaves Sent 0 Console G Query The number of general quer...

Страница 1068: ...CHAPTER 39 Multicast Filtering Commands Multicast VLAN Registration 1068...

Страница 1069: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Страница 1070: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Страница 1071: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Страница 1072: ...ice EXAMPLE Console config lldp med fast start count 6 Console config lldp notification interval This command configures the allowed interval for sending SNMP notifications about LLDP MIB changes Use...

Страница 1073: ...nterval seconds no lldp refresh delay seconds Specifies the periodic interval at which LLDP advertisements are sent Range 5 32768 seconds DEFAULT SETTING 30 seconds COMMAND MODE Global Configuration E...

Страница 1074: ...restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Configuration COMMAND...

Страница 1075: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Страница 1076: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Страница 1077: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Страница 1078: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Страница 1079: ...age 958 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its de...

Страница 1080: ...e 959 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link...

Страница 1081: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command confi...

Страница 1082: ...escription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywo...

Страница 1083: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Страница 1084: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Страница 1085: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Страница 1086: ...k policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificati...

Страница 1087: ...onfig detail interface detail Shows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 12 port channel channel id Range 1 12 COMMAND MODE Privileg...

Страница 1088: ...ication Status Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Civic Address Status Enabled Country Nam...

Страница 1089: ...dress 00 12 CF DA FC EC Ethernet Port on unit 0 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MAC Address Port ID 00 E0 0C 00 00 A...

Страница 1090: ...1 port 1 SystemCapSupported Bridge SystemCapEnabled Bridge Remote Management Address 192 168 1 2 IPv4 Remote Port VID 1 Remote Port Protocol VLAN VLAN 3 supported enabled Remote VLAN Name VLAN 1 Defau...

Страница 1091: ...LE Console show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Co...

Страница 1092: ...CHAPTER 40 LLDP Commands 1092...

Страница 1093: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Страница 1094: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Страница 1095: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Страница 1096: ...events discovered by continuity check messages page 1115 or cross check messages page 1119 ethernet cfm ais level This command configures the maintenance level at which Alarm Indication Signal AIS in...

Страница 1097: ...ers ma name Maintenance association name Range 1 45 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Frames with AIS information can be issued at the cl...

Страница 1098: ...acters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm ais period 60...

Страница 1099: ...ss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Console config...

Страница 1100: ...e domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that make up all pos...

Страница 1101: ...name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1102 ethernet cfm enable This command enables CFM processing globally on the switch Use the no form to...

Страница 1102: ...aintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance domain...

Страница 1103: ...G13 SG15 Y 1731 defined ICC based format Use the no form to restore the default setting SYNTAX ma index index name format character string icc based no ma index index name format index MA identifier R...

Страница 1104: ...EP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium DEFAULT SETTING No MEPs are configured The MEP faces outward down COMMA...

Страница 1105: ...nterface When CFM is disabled hardware resources previously used for CFM processing on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic EXAMP...

Страница 1106: ...ce interface global Displays global settings including CFM global status cross check start delay and link trace parameters traps Displays the status of all continuity check and cross check traps inter...

Страница 1107: ...reviously discovered remote MEP changes or a CCM is received from a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a...

Страница 1108: ...plays the configured maintenance associations SYNTAX show ethernet cfm ma level level level Maintenance level Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE For a descriptio...

Страница 1109: ...e 1 12 port channel channel id Range 1 12 level id Maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mep keyword with this command to...

Страница 1110: ...rt Port number Range 1 12 port channel channel id Range 1 12 level id Maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows detailed...

Страница 1111: ...N ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The port to which this MEP is attached CC Status Show...

Страница 1112: ...47 1 Port State Up Interface State Up Crosscheck Status Enabled Console Table 158 show ethernet cfm maintenance points remote detail display Field Description MAC Address MAC address of the remote mai...

Страница 1113: ...Ms from any other MEPs in its MA a connectivity failure is registered The interval at which CCMs are issued should therefore be Port State Port states include Up The port is functioning normally Block...

Страница 1114: ...specified maintenance association Use the no form to disable the transmission of these messages SYNTAX no ethernet cfm cc enable md domain name ma ma name domain name Domain name Range 1 43 alphanumer...

Страница 1115: ...ame MPID as its own but with a different source MAC address indicating that a CFM configuration error exists loop Sends a trap if this device receives a CCM with the same source MAC address and MPID a...

Страница 1116: ...5535 minutes DEFAULT SETTING 100 minutes COMMAND MODE CFM Domain Configuration COMMAND USAGE A change to the hold time only applies to entries stored in the database after this command is entered EXAM...

Страница 1117: ...his command clears continuity check errors logged for the specified maintenance domain or maintenance level SYNTAX clear ethernet cfm errors domain domain name level level id domain name Domain name R...

Страница 1118: ...VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher maintenance level and associated with at least...

Страница 1119: ...elay should be configured to a value greater than or equal to the continuity check message interval to avoid generating unnecessary traps EXAMPLE This example sets the maximum delay before starting th...

Страница 1120: ...static list A ma up trap is sent if cross checking is enabled and a CCM is received from all remote MEPs configured in the static list for this maintenance association EXAMPLE This example enables SNM...

Страница 1121: ...vlan 1 Console config ether cfm mep crosscheck mpid 2 ma rd Console config ether cfm ethernet cfm mep crosscheck This command enables cross checking between the static list of MEPs assigned to other...

Страница 1122: ...rnet cfm maintenance points remote crosscheck domain domain name mpid mpid domain name Domain name Range 1 43 alphanumeric characters mpid Maintenance end point identifier Range 1 8191 DEFAULT SETTING...

Страница 1123: ...P along the path and from the target MEP Information stored in the cache includes the maintenance domain name MA name MEPID sequence number and TTL value EXAMPLE This example enables link trace cachin...

Страница 1124: ...e 1 4095 entries DEFAULT SETTING 100 entries COMMAND MODE Global Configuration COMMAND USAGE Before setting the cache size the cache must first be enabled with the ethernet cfm linktrace cache command...

Страница 1125: ...1 255 hops DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Link trace messages can be targeted to MEPs not MIPs Before sending a link trace message be sure you have configured the tar...

Страница 1126: ...ged Exec EXAMPLE Console show ethernet cfm linktrace cache Hops MA IP Alias Ingress MAC Ing Action Relay Forwarded Egress MAC Egr Action 2 rd 192 168 0 6 00 12 CF 12 12 2D ingOk Hit Not Forwarded Cons...

Страница 1127: ...for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be false IngBlocked The...

Страница 1128: ...error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving maintenance point should respond to the loop back message with a loopbac...

Страница 1129: ...ult allowed to generate a fault alarm Range 1 6 DEFAULT SETTING Priority level 2 COMMAND MODE CFM Domain Configuration COMMAND USAGE A fault alarm can generate an SNMP notification It is issued when t...

Страница 1130: ...d Range 3 10 seconds Table 161 Remote MEP Priority Levels Priority Level Level Name Description 1 allDef All defects 2 macRemErrXcon DefMACstatus DefRemoteCCM DefErrorCCM or DefXconCCM 3 remErrXcon De...

Страница 1131: ...ance end point identifier Range 1 8191 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the fault notification settings configured for one MEP Console show ethernet cfm fau...

Страница 1132: ...xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 45 alphanumeric characters count The number of times to retry sending the message i...

Страница 1133: ...mation with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTimeStampb Timestamp at the time of transmitti...

Страница 1134: ...CHAPTER 41 CFM Commands 1134...

Страница 1135: ...efm oam link monitor frame window Sets the monitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical...

Страница 1136: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Страница 1137: ...s Use the no form to disable this function SYNTAX no efm oam link monitor frame DEFAULT SETTING Enabled COMMAND MODE Interface Configuration COMMAND USAGE An errored frame is a frame in which one or m...

Страница 1138: ...he no form to restore the default setting SYNTAX no efm oam link monitor frame window size size The period of time in which to check the reporting threshold for errored frame link events Range 10 6553...

Страница 1139: ...will initiate the OAM discovery process When in passive mode it can only respond to discovery messages EXAMPLE Console config interface ethernet 1 1 Console config if efm oam mode active Console conf...

Страница 1140: ...ote loopback start command to start OAM remote loop back test mode on the specified port Afterwards use the efm oam remote loopback test command page 1141 to start sending test packets Then use the ef...

Страница 1141: ...ommand to perform an OAM remote loopback test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loopback mode...

Страница 1142: ...ification 0 0 1 1 Loopback Control 1 0 1 1 Organization Specific 76 0 Console show efm oam event log interface This command displays the OAM event log for the specified port s or for all ports that ha...

Страница 1143: ...use a hyphen to designate a range of ports Range 1 12 COMMAND MODE Normal Exec Privileged Exec EXAMPLE Console show efm oam remote loopback interface 1 1 Port OAM loopback Tx OAM loopback Rx Loss Rat...

Страница 1144: ...e Loopback Gasp Event Frame 1 1 Enabled Active Disabled Enabled Enabled Enabled Console show efm oam status remote interface This command displays information about attached OAM enabled devices SYNTAX...

Страница 1145: ...ame Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters DEFAULT SETTING None Table 165 Address Table Commands Command Function Mode...

Страница 1146: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Страница 1147: ...n name 1147 ip name server 1149 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted not...

Страница 1148: ...YNTAX no ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use...

Страница 1149: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Страница 1150: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 1151: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Страница 1152: ...sole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yahoo...

Страница 1153: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1154: ...CHAPTER 43 Domain Name Service Commands 1154...

Страница 1155: ...acquire other non address configuration information such as a default gateway from a DHCPv6 server Table 168 DHCP Commands Command Group Function DHCP Client Allows interfaces to dynamically acquire I...

Страница 1156: ...ed to identify the vendor class and configuration of the switch to the DHCP server which then uses this information to decide on how to service the client or the type of information to return The gene...

Страница 1157: ...domain EXAMPLE In the following example the device is reassigned the same address Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart clien...

Страница 1158: ...builds a list of servers by sending a solicit message and collecting advertised message replies These servers are then ranked based on their advertised preference value If the client needs to acquire...

Страница 1159: ...s SYNTAX show ipv6 dhcp vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated by commas Range 1 4093 no leading z...

Страница 1160: ...CHAPTER 44 DHCP Commands DHCP Client 1160...

Страница 1161: ...segment IPV4 INTERFACE There are no IP addresses assigned to this switch by default You must manually configure a new address to manage the switch over your network or to connect the switch to existin...

Страница 1162: ...om DHCP DEFAULT SETTING DHCP COMMAND MODE Interface Configuration VLAN COMMAND USAGE An IP address must be assigned to this device to gain management access over the network or to connect the switch t...

Страница 1163: ...assignments through BOOTP or DHCP IP is enabled but will not function until a BOOTP or DHCP reply has been received Requests are broadcast periodically by the router in an effort to learn its IP addr...

Страница 1164: ...ATED COMMANDS ip address 1162 ipv6 default gateway 1171 show ip default gateway This command shows the IPv4 default gateway configured for this device DEFAULT SETTING None COMMAND MODE Privileged Exec...

Страница 1165: ...t datagrams reassembled succeeded reassembled failed IP sent forwards datagrams 5927 requests discards no routes generated fragments fragment succeeded fragment failed ICMP Statistics ICMP received in...

Страница 1166: ...out TTL is exceeded or the maximum number of hops is exceeded The traceroute command first sends probe datagrams with the TTL value set at one This causes the first router to discard the datagram and...

Страница 1167: ...MODE Normal Exec Privileged Exec COMMAND USAGE Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal r...

Страница 1168: ...on the switch arp timeout This command sets the aging time for dynamic entries in the Address Resolution Protocol ARP cache Use the no form to restore the default timeout SYNTAX arp timeout seconds n...

Страница 1169: ...cache This operation will delete all the dynamic entries in ARP Cache Are you sure to continue this operation y n y Console show arp This command displays entries in the Address Resolution Protocol AR...

Страница 1170: ...enable Enables IPv6 on an interface that has not been configured with an explicit IPv6 address IC ipv6 mtu Sets the size of the maximum transmission unit MTU for IPv6 packets sent on an interface IC s...

Страница 1171: ...ds The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN iden...

Страница 1172: ...Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields...

Страница 1173: ...and enables IPv6 on the interface The network portion of the address is based on prefixes received in IPv6 router advertisement messages the host portion in based on the modified EUI 64 form of the i...

Страница 1174: ...2 1 FF00 FD FF02 1 IPv6 link MTU is 1280 bytes ND DAD is enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds Console RELATED COMMANDS ipv6 address 1172 show ipv6 interface 118...

Страница 1175: ...a unique host identifier based on the device s MAC address The EUI 64 specification is designed for devices that use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also...

Страница 1176: ...interface Use the no form with a specific address to remove it from the interface SYNTAX ipv6 address ipv6 address link local no ipv6 address ipv6 address link local ipv6 address The IPv6 address ass...

Страница 1177: ...FF00 FD FF02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time...

Страница 1178: ...Console config if ipv6 enable Console config if end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link local address FE80 2E0 CFF FE00 FD 64 Global unicast address es 2001 DB8 2222 7273 72...

Страница 1179: ...ust use the same MTU in order to operate correctly IPv6 must be enabled on an interface before the MTU can be set EXAMPLE The following example sets the MTU for VLAN 1 to 1280 bytes Console config int...

Страница 1180: ...number of zeros required to fill the undefined fields prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion...

Страница 1181: ...k transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1...

Страница 1182: ...ssing through this switch COMMAND MODE Normal Exec Privileged Exec EXAMPLE The following example shows statistics for all IPv6 unicast and multicast traffic as well as ICMP UDP and TCP statistics Cons...

Страница 1183: ...licit messages neighbor advertisement messages redirect messages group membership query messages group membership response messages group membership reduction messages multicast listener discovery ver...

Страница 1184: ...truncated packets The number of input datagrams discarded because datagram frame didn t carry enough data discards The number of input IPv6 datagrams for which no problems were encountered to prevent...

Страница 1185: ...Pv6 datagrams that have been successfully fragmented at this output interface fragment failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output...

Страница 1186: ...e exceeded messages The number of ICMP Time Exceeded messages sent by the interface parameter problem message The number of ICMP Parameter Problem messages sent by the interface echo request messages...

Страница 1187: ...ddress to indicate the appropriate number of zeros required to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain name server count Numb...

Страница 1188: ...re trying to resolve it into an IPv4 address EXAMPLE Console ping6 FE80 2E0 CFF FE00 FC 1 64 Type ESC to abort PING to FE80 2E0 CFF FE00 FC 1 64 by 5 32 byte payload ICMP packets timeout is 3 seconds...

Страница 1189: ...started for the remaining IPv6 addresses If a duplicate address is detected it is set to duplicate state and a warning message is sent to the console If a duplicate link local address is detected IPv6...

Страница 1190: ...rval between transmitting IPv6 neighbor solicitation messages Range 1000 3600000 DEFAULT SETTING 1000 milliseconds is used for neighbor discovery operations COMMAND MODE Interface Configuration VLAN C...

Страница 1191: ...node is considered reachable after some reachability confirmation event has occurred SYNTAX ipv6 nd reachable time milliseconds no ipv6 nd reachable time milliseconds The time that a node can be consi...

Страница 1192: ...ture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING All...

Страница 1193: ...oning While in STALE state the device takes no action until a packet is sent D Delay More than the ReachableTime interval has elapsed since the last positive confirmation was received that the forward...

Страница 1194: ...CHAPTER 45 IP Interface Commands IPv6 Interface 1194...

Страница 1195: ...1195 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1197 Troubleshooting on page 1203 License Information on page 1205...

Страница 1196: ...SECTION IV Appendices 1196...

Страница 1197: ...1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a critical thresh...

Страница 1198: ...oping Layer 2 Multicast VLAN Registration ADDITIONAL FEATURES BOOTP Client Connectivity Fault Management DHCP Client DNS Client Proxy ERPS Ethernet Ring Protection Switching LLDP Link Layer Discover P...

Страница 1199: ...Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC...

Страница 1200: ...B RFC2054 Link Aggregation MIB IEEE 802 3ad MAU MIB RFC 3636 MIB II RFC 1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Priv...

Страница 1201: ...APPENDIX A Software Specifications Management Information Bases 1201 Trap RFC 1215 UDP MIB RFC 2013...

Страница 1202: ...APPENDIX A Software Specifications Management Information Bases 1202...

Страница 1203: ...t Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Страница 1204: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1205: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1206: ...ded that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work th...

Страница 1207: ...am is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so lon...

Страница 1208: ...you may choose any version ever published by the Free Software Foundation 11 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write...

Страница 1209: ...by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce p...

Страница 1210: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 1211: ...ANs to communicate across switched networks IEEE 802 1P An IEEE standard for providing quality of service QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes...

Страница 1212: ...g to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IN BAND MANAGEMENT Management of the network from a...

Страница 1213: ...is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers This process allows IGMP enabled devices to determine where to send m...

Страница 1214: ...to provide better service to selected traffic flows using features such as data prioritization queuing congestion avoidance and traffic shaping These features effectively provide preferential treatmen...

Страница 1215: ...tion protocol that uses software running on a central server to control access to TACACS compliant devices on the network TCP IP Transmission Control Protocol Internet Protocol Protocol suite that inc...

Страница 1216: ...s of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on...

Страница 1217: ...601 banner configure lp number 602 banner configure manager info 603 banner configure mux 603 banner configure note 604 boot system 614 bridge ext gvrp 932 C calendar set 647 capabilities 820 channel...

Страница 1218: ...trace cache size 1124 ethernet cfm loopback 1127 ethernet cfm mep 1104 ethernet cfm mep crosscheck 1121 ethernet cfm mep crosscheck start delay 1119 ethernet cfm port enable 1105 exec timeout 625 exit...

Страница 1219: ...k local 1176 ipv6 default gateway 1171 ipv6 dhcp restart client vlan 1157 ipv6 enable 1177 ipv6 host 1150 ipv6 mtu 1178 ipv6 nd dad attempts 1188 ipv6 nd ns interval 1190 ipv6 nd reachable time 1191 J...

Страница 1220: ...c vlan 754 network access guest vlan 755 network access link detection 755 network access link detection link down 756 network access link detection link up 756 network access link detection link up d...

Страница 1221: ...118 show ethernet cfm fault notify generator 1131 show ethernet cfm linktrace cache 1126 show ethernet cfm ma 1108 show ethernet cfm maintenance points local 1109 show ethernet cfm maintenance points...

Страница 1222: ...queue 984 show qos map trust mode 985 show queue mode 977 show queue weight 977 show radius server 699 show reload 593 show rmon alarms 682 show rmon events 682 show rmon history 682 show rmon statist...

Страница 1223: ...bits 630 subnet vlan 962 switchport acceptable frame types 940 switchport allowed vlan 941 switchport dot1q tunnel mode 948 switchport dot1q tunnel service match cvid 949 switchport dot1q tunnel tpid...

Страница 1224: ...COMMAND LIST 1224...

Страница 1225: ...Standard 326 332 800 801 MAC 326 336 806 time range 322 648 Address Resolution Protocol See ARP address table 207 885 aging time 209 885 aging time displaying 209 888 aging time setting 209 885 admin...

Страница 1226: ...ownload reference 75 configuration files restoring defaults 109 613 configuration settings restoring 80 111 112 613 615 saving 80 111 613 615 Connectivity Fault Management See CFM console port require...

Страница 1227: ...251 980 DSCP ingress map drop precedence 252 980 DSCP to PHB drop precedence 252 980 dynamic addresses clearing 211 887 displaying 210 887 Dynamic Host Configuration Protocol See DHCP dynamic QoS ass...

Страница 1228: ...nterval 543 1019 proxy query address 544 1021 proxy query interval 543 1022 proxy query response interval 543 1023 proxy reporting 533 542 1010 querier timeout 535 1012 querier enabling 535 1011 query...

Страница 1229: ...1085 TLV MED capabilities 389 1085 TLV network policy 389 1086 local engine ID 404 665 logging messages displaying 382 637 syslog traps 383 636 to syslog servers 383 635 log in web interface 86 logon...

Страница 1230: ...lticast groups 1054 specifying a domain 1054 specifying a VLAN 1058 static binding 1054 1060 static binding group to port 1060 statistics displaying 1065 using immediate leave 1058 N network access au...

Страница 1231: ...ogon authentication 283 696 settings 283 696 rate limit port 239 867 setting 239 867 remote engine ID 405 665 remote logging 383 636 remote maintenance end point CFM 452 461 467 476 479 480 1110 1111...

Страница 1232: ...2 port trunk loopback detection 218 907 protocol migration 228 915 transmission limit 221 899 standards IEEE 1199 startup files creating 109 615 displaying 109 608 619 setting 109 614 static addresses...

Страница 1233: ...subnet based 200 962 MAC based 202 964 mirroring 203 857 port members displaying 183 184 945 protocol 195 958 protocol configuring 196 958 protocol configuring groups 196 959 protocol configuring inte...

Страница 1234: ...INDEX 1234...

Страница 1235: ......

Страница 1236: ...ECS4810 12M E072011 ST R01 149100000142A...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды