Edge-Core ES3528MV2 Скачать руководство пользователя страница 385 | Manualshive

Страница: 385 / 1480

Edge-Core ES3528MV2 Скачать руководство пользователя страница 385

C

HAPTER

13

| Security Measures

Configuring 802.1X Port Authentication

– 385 –

rights. When a client (i.e., Supplicant) connects to a switch port, the switch

(i.e., Authenticator) responds with an EAPOL identity request. The client

provides its identity (such as a user name) in an EAPOL response to the

switch, which it forwards to the RADIUS server. The RADIUS server verifies

the client identity and sends an access challenge back to the client. The

EAP packet from the RADIUS server contains not only the challenge, but

the authentication method to be used. The client can reject the

authentication method and request another, depending on the

configuration of the client software and the RADIUS server. The encryption

method used to pass authentication messages can be MD5 (Message-

Digest 5), TLS (Transport Layer Security), PEAP (Protected Extensible

Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The

client responds to the appropriate method with its credentials, such as a
password or certificate. The RADIUS server verifies the client credentials

and responds with an accept or reject packet. If authentication is

successful, the switch allows the client to access the network. Otherwise,

non-EAP traffic on the port is blocked or assigned to a guest VLAN based on

the “intrusion-action” setting. In “multi-host” mode, only one host

connected to a port needs to pass authentication for all other hosts to be

granted network access. Similarly, a port can become unauthorized for all

hosts if one attached host fails re-authentication or sends an EAPOL logoff

message.

Figure 213: Configuring Port Security

The operation of 802.1X on the switch requires the following:

◆

The switch must have an IP address assigned.

◆

RADIUS authentication must be enabled on the switch and the IP

address of the RADIUS server specified.

◆

802.1X must be enabled globally for the switch.

◆

Each switch port that will be used must be set to dot1X “Auto” mode.

◆

Each client that needs to be authenticated must have dot1X client

software installed and properly configured.

◆

The RADIUS server and 802.1X client support EAP. (The switch only

supports EAPOL in order to pass the EAP packets from the server to the

client.)

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

«
...
383
384
385
386
387
...
»

Содержание ES3528MV2

Страница 1: ...Management Guide www edge core com ES3528MV2 ES3528MV2 DC 28 Port Fast Ethernet Layer 2 Switch...

Страница 2: ......

Страница 3: ...h with 24 10 100BASE TX RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP ES3528MV2 DC FAST ETHERNET SWITCH Layer 2 Switch with DC power input with 24 10 100BASE TX RJ 45 Ports and 4 Gigabit Combi...

Страница 4: ......

Страница 5: ...e used throughout this guide to show information NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could c...

Страница 6: ...c Trunk on page 173 Added the section Creating CVLAN to SPVLAN Mapping Entries on page 211 Added the section Configuring MAC Address Learning on page 227 Added the parameters Action and Shutdown Inter...

Страница 7: ...page 563 Added description of RA Guard parameters under Configuring IPv6 Interface Settings on page 571 Added the section Specifying A DHCP Client Identifier on page 595 Added the section Configuring...

Страница 8: ...scription of new command port security mac address as permanent on page 877 Added description of new command ip dhcp snooping limit rate on page 904 Added description of new command ipv6 dhcp snooping...

Страница 9: ...mand loopback detection action on page 1048 and removed the command loopback detection mode Updated information in Command Usage section for the command show mac address table on page 1061 Added descr...

Страница 10: ...ent log on page 1366 Added the section DHCP Relay Option 82 on page 1389 Updated the description of command ip address on page 1396 to include using classless subnet format for the ip address subnet m...

Страница 11: ...witch 79 Configuration Options 79 Required Connections 80 Remote Connections 81 Basic Configuration 81 Console Connection 81 Setting Passwords 82 Setting an IP Address 83 Downloading a Configuration F...

Страница 12: ...ystem Files 126 Automatic Operation Code Upgrade 127 Setting the System Clock 131 Setting the Time Manually 131 Setting the SNTP Polling Interval 132 Configuring NTP 133 Configuring Time Servers 134 S...

Страница 13: ...93 IEEE 802 1Q VLANs 193 Configuring VLAN Groups 196 Adding Static Members to VLANs 198 Configuring Dynamic VLAN Registration 203 IEEE 802 1Q Tunneling 206 Enabling QinQ Tunneling on the Switch 210 Cr...

Страница 14: ...Timers 266 Configuring ATC Thresholds and Responses 267 10 CLASS OF SERVICE 271 Layer 2 Queue Settings 271 Setting the Default Priority for Interfaces 271 Selecting the Queue Mode 272 Mapping CoS Val...

Страница 15: ...ink Detection 334 Configuring a MAC Address Filter 335 Displaying Secure MAC Address Information 337 Configuring HTTPS 338 Configuring Global Settings for HTTPS 338 Replacing the Default Secure site C...

Страница 16: ...P Source Guard 399 Configuring Static Bindings for IP Source Guard 401 Displaying Information for Dynamic IPv4 Source Guard Bindings 403 IPv6 Source Guard 404 Configuring Ports for IPv6 Source Guard 4...

Страница 17: ...mote Monitoring 474 Configuring RMON Alarms 475 Configuring RMON Events 477 Configuring RMON History Samples 479 Configuring RMON Statistical Samples 482 Switch Clustering 484 Configuring General Sett...

Страница 18: ...Remote Interfaces 556 Configuring a Remote Loop Back Test 557 Displaying Results of Remote Loop Back Testing 559 15 IP CONFIGURATION 561 Using the Ping Function 561 Using the Trace Route Function 563...

Страница 19: ...ifying Static Interfaces for a Multicast Router 614 Assigning Interfaces to Multicast Services 616 Setting IGMP Snooping Status per Interface 618 Filtering IGMP Query Packets and Multicast Data 623 Di...

Страница 20: ...ssigning Static MVR6 Multicast Groups to Interfaces 669 Displaying MVR6 Receiver Groups 670 Displaying MVR6 Statistics 671 SECTION III COMMAND LINE INTERFACE 677 18 USING THE COMMAND LINE INTERFACE 67...

Страница 21: ...nner configure dc power info 703 banner configure department 703 banner configure equipment info 704 banner configure equipment location 705 banner configure ip lan 705 banner configure lp number 706...

Страница 22: ...Commands 725 upgrade opcode auto 725 upgrade opcode path 726 upgrade opcode reload 727 show upgrade 728 Line 728 line 729 databits 730 exec timeout 730 login 731 parity 732 password 733 password thres...

Страница 23: ...il 749 Time 749 SNTP Commands 750 sntp client 750 sntp poll 751 sntp server 752 show sntp 752 NTP Commands 753 ntp authenticate 753 ntp authentication key 753 ntp client 754 ntp server 755 show ntp 75...

Страница 24: ...er location 776 show snmp 777 SNMP Target Host Commands 778 snmp server enable traps 778 snmp server host 779 snmp server enable port traps mac notification 781 show snmp server enable port traps 782...

Страница 25: ...flow polling instance 805 sflow sampling instance 806 show sflow 807 24 AUTHENTICATION COMMANDS 809 User Accounts and Privilege Levels 810 enable password 810 username 811 privilege 812 show privilege...

Страница 26: ...ounting dot1x 830 accounting commands 830 accounting exec 831 authorization exec 831 show accounting 832 Web Server 833 ip http port 833 ip http server 834 ip http secure port 834 ip http secure serve...

Страница 27: ...re authentication 853 dot1x timeout quiet period 854 dot1x timeout re authperiod 854 dot1x timeout supp timeout 855 dot1x timeout tx period 856 dot1x re authenticate 856 Supplicant Commands 857 dot1x...

Страница 28: ...ging 880 network access mac filter 881 mac authentication reauth time 882 network access dynamic qos 882 network access dynamic vlan 883 network access guest vlan 884 network access link detection 885...

Страница 29: ...formation option circuit id 906 ip dhcp snooping trust 907 clear ip dhcp snooping binding 908 clear ip dhcp snooping database flash 908 ip dhcp snooping database flash 909 show ip dhcp snooping 909 sh...

Страница 30: ...inspection validate 935 ip arp inspection vlan 936 ip arp inspection limit 937 ip arp inspection trust 937 show ip arp inspection configuration 938 show ip arp inspection interface 938 show ip arp ins...

Страница 31: ...6 ACLs 958 access list ipv6 958 permit deny Standard IPv6 ACL 959 permit deny Extended IPv6 ACL 960 ipv6 access group 962 show ipv6 access group 963 show ipv6 access list 963 MAC ACLs 964 access list...

Страница 32: ...threshold auto 989 transceiver monitor 990 transceiver threshold current 990 transceiver threshold rx power 992 transceiver threshold temperature 993 transceiver threshold tx power 994 transceiver th...

Страница 33: ...ce 1022 rspan destination 1023 rspan remote vlan 1024 no rspan session 1025 show rspan 1025 30 CONGESTION CONTROL COMMANDS 1027 Rate Limit Commands 1027 rate limit 1028 Storm Control Commands 1029 sto...

Страница 34: ...l 1044 show auto traffic control interface 1044 31 LOOPBACK DETECTION COMMANDS 1047 loopback detection 1048 loopback detection action 1048 loopback detection recover time 1049 loopback detection trans...

Страница 35: ...rt 1080 spanning tree link type 1081 spanning tree loopback detection 1081 spanning tree loopback detection action 1082 spanning tree loopback detection release mode 1083 spanning tree loopback detect...

Страница 36: ...rt 1110 rpl neighbor 1111 rpl owner 1112 version 1113 wtr timer 1114 clear erps statistics 1114 erps clear 1115 erps forced switch 1115 erps manual switch 1117 show erps 1119 36 VLAN COMMANDS 1125 GVR...

Страница 37: ...1145 show dot1q tunnel 1146 Configuring L2CP Tunneling 1147 l2protocol tunnel tunnel dmac 1147 switchport l2protocol tunnel 1150 show l2protocol tunnel 1151 Configuring VLAN Translation 1151 switchpo...

Страница 38: ...default 1172 show queue mode 1173 show queue weight 1173 Priority Commands Layer 3 and 4 1174 qos map cos dscp 1174 qos map dscp mutation 1176 qos map phb queue 1177 qos map trust mode 1178 show qos...

Страница 39: ...211 ip igmp snooping version 1212 ip igmp snooping version exclusive 1212 ip igmp snooping vlan general query suppression 1213 ip igmp snooping vlan immediate leave 1214 ip igmp snooping vlan last mem...

Страница 40: ...icast data drop 1238 MLD Snooping 1239 ipv6 mld snooping 1240 ipv6 mld snooping querier 1240 ipv6 mld snooping query interval 1241 ipv6 mld snooping query max response time 1241 ipv6 mld snooping robu...

Страница 41: ...pv6 mld query drop 1256 show ipv6 mld throttle interface 1257 MVR for IPv4 1258 mvr 1259 mvr associated profile 1259 mvr domain 1260 mvr profile 1261 mvr proxy query interval 1261 mvr priority 1262 mv...

Страница 42: ...ear mvr6 statistics 1288 show mvr6 1289 show mvr6 associated profile 1290 show mvr6 interface 1290 show mvr6 members 1291 show mvr6 profile 1292 show mvr6 statistics 1293 40 LLDP COMMANDS 1295 lldp 12...

Страница 43: ...dp info local device 1314 show lldp info remote device 1315 show lldp info statistics 1317 41 CFM COMMANDS 1319 Defining CFM Structures 1322 ethernet cfm ais level 1322 ethernet cfm ais ma 1323 ethern...

Страница 44: ...t cfm maintenance points remote crosscheck 1348 Link Trace Operations 1348 ethernet cfm linktrace cache 1348 ethernet cfm linktrace cache hold time 1349 ethernet cfm linktrace cache size 1349 ethernet...

Страница 45: ...43 DOMAIN NAME SERVICE COMMANDS 1373 ip domain list 1373 ip domain lookup 1374 ip domain name 1375 ip host 1376 ip name server 1377 ipv6 host 1378 clear dns cache 1378 clear host 1379 show dns 1379 s...

Страница 46: ...imeout 1403 clear arp cache 1403 show arp 1404 IPv6 Interface 1404 Interface Address Configuration and Utilities 1405 ipv6 default gateway 1405 ipv6 address 1406 ipv6 address autoconfig 1408 ipv6 addr...

Страница 47: ...ng 1435 ipv6 nd snooping trust 1435 clear ipv6 nd snooping binding 1436 clear ipv6 nd snooping prefix 1436 show ipv6 nd snooping 1437 show ipv6 nd snooping binding 1437 show ipv6 nd snooping prefix 14...

Страница 48: ...CONTENTS 48...

Страница 49: ...ring NTP 134 Figure 15 Specifying SNTP Time Servers 135 Figure 16 Adding an NTP Time Server 136 Figure 17 Showing the NTP Time Server List 136 Figure 18 Adding an NTP Authentication Key 137 Figure 19...

Страница 50: ...nk 173 Figure 48 Showing Information for Static Trunks 173 Figure 49 Configuring Dynamic Trunks 173 Figure 50 Configuring the LACP Aggregator Admin Key 176 Figure 51 Enabling LACP on a Port 177 Figure...

Страница 51: ...otocol VLANs 216 Figure 84 Displaying Protocol VLANs 216 Figure 85 Assigning Interfaces to Protocol VLANs 218 Figure 86 Showing the Interface to Protocol Group Mapping 218 Figure 87 Configuring IP Sub...

Страница 52: ...re 119 Adding a VLAN to an MST Instance 258 Figure 120 Displaying Members of an MST Instance 258 Figure 121 Configuring MSTP Interface Settings 260 Figure 122 Displaying MSTP Interface Settings 260 Fi...

Страница 53: ...314 Figure 158 Showing AAA Server Groups 315 Figure 159 Configuring Global Settings for AAA Accounting 317 Figure 160 Configuring AAA Accounting Methods 318 Figure 161 Showing AAA Accounting Methods 3...

Страница 54: ...owing the Rules Configured for a Time Range 353 Figure 192 Showing TCAM Utilization 354 Figure 193 Creating an ACL 355 Figure 194 Showing a List of ACLs 356 Figure 195 Configuring a Standard IPv4 ACL...

Страница 55: ...Global Settings for DHCP Snooping 413 Figure 229 Configuring DHCP Snooping on a VLAN 414 Figure 230 Configuring the Port Mode for DHCP Snooping 416 Figure 231 Displaying the Binding Table for DHCP Sno...

Страница 56: ...Pv1 469 Figure 264 Configuring Trap Managers SNMPv2c 469 Figure 265 Configuring Trap Managers SNMPv3 470 Figure 266 Showing Trap Managers 470 Figure 267 Creating SNMP Notification Logs 472 Figure 268...

Страница 57: ...ains 526 Figure 301 Creating Maintenance Associations 529 Figure 302 Showing Maintenance Associations 530 Figure 303 Configuring Detailed Settings for Maintenance Associations 531 Figure 304 Configuri...

Страница 58: ...336 Configuring an IPv6 Address 578 Figure 337 Showing Configured IPv6 Addresses 580 Figure 338 Showing IPv6 Neighbors 581 Figure 339 Showing IPv6 Statistics IPv6 586 Figure 340 Showing IPv6 Statistic...

Страница 59: ...Figure 373 Showing the IGMP Filtering Profiles Created 631 Figure 374 Adding Multicast Groups to an IGMP Filtering Profile 632 Figure 375 Showing the Groups Assigned to an IGMP Filtering Profile 632...

Страница 60: ...an MVR6 Group Address Profile to a Domain 666 Figure 405 Showing MVR6 Group Address Profiles Assigned to a Domain 666 Figure 406 Configuring Interface Settings for MVR6 668 Figure 407 Assigning Static...

Страница 61: ...ority Mapping 275 Table 15 CoS Priority Levels 275 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 276 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 280 Table 18 De...

Страница 62: ...evice Designation Commands 699 Table 48 Banner Commands 700 Table 49 System Status Commands 709 Table 50 Frame Size Commands 717 Table 51 Flash File Commands 718 Table 52 File Directory Information 72...

Страница 63: ...ermediate Agent Commands 865 Table 85 show pppoe intermediate agent statistics display description 871 Table 86 General Security Commands 873 Table 87 Port Security Commands 874 Table 88 show port sec...

Страница 64: ...Commands 1031 Table 121 Loopback Detection Commands 1047 Table 122 UniDirectional Link Detection Commands 1053 Table 123 show udld display description 1056 Table 124 Address Table Commands 1059 Table...

Страница 65: ...s vlan query display description 1226 Table 157 Static Multicast Interface Commands 1226 Table 158 IGMP Filtering and Throttling Commands 1227 Table 159 IGMP Authentication RADIUS Attribute Value Pair...

Страница 66: ...Table 186 OAM Commands 1361 Table 187 Address Table Commands 1373 Table 188 show dns cache display description 1380 Table 189 show hosts display description 1381 Table 190 DHCP Commands 1383 Table 19...

Страница 67: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 68: ...SECTION I Getting Started 68...

Страница 69: ...eneral Security Measures AAA ARP Inspection DHCP Snooping with Option 82 relay information IP Source Guard PPPoE Intermediate Agent Port Authentication IEEE 802 1X Port Security MAC address filtering...

Страница 70: ...an be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE Store and Forward Switching Supported to en...

Страница 71: ...GURATION You can manually configure the speed duplex mode and flow control used on specific ports or use auto negotiation to detect the connection settings used by the attached device Use full duplex...

Страница 72: ...1D transparent bridging The address table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addre...

Страница 73: ...k The switch supports tagged VLANs based on the IEEE 802 1Q standard Members of VLAN groups can be dynamically learned via GVRP or ports can be manually assigned to a specific set of VLANs This allows...

Страница 74: ...traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding ETHERNET RING PRO...

Страница 75: ...device location details The LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology SYSTEM DEFA...

Страница 76: ...negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 64 kbits sec Multicast Dis...

Страница 77: ...nt Enabled DNS Proxy service Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled MLD Snooping Layer 2 IPv6 Snooping Enabled Querier Disabled Multicast V...

Страница 78: ...CHAPTER 1 Introduction System Defaults 78...

Страница 79: ...lorer 6 Mozilla Firefox 4 or Google Chrome 29 or more recent versions The switch s web management interface can be accessed from any computer attached to the network The CLI program can be accessed by...

Страница 80: ...configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a terminal emulation program to the switch You can use the console cabl...

Страница 81: ...here within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web bro...

Страница 82: ...p to 32 alphanumeric characters and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the default user name and password ad...

Страница 83: ...subnet can only be manually configured as described in Assigning an IPv6 Address on page 84 MANUAL CONFIGURATION You can manually assign an IP address to the switch You may also need to specify a def...

Страница 84: ...ion 6 on page 570 Link Local Address All link local addresses must be configured with a prefix in the range of FE80 FEBF Remember that this address type makes the switch accessible over IPv6 for all d...

Страница 85: ...r For example all IPv6 addresses that start with the first byte of 73 hexadecimal could be expressed as 73 0 0 0 0 0 0 0 8 or 73 8 To generate an IPv6 global unicast address for the switch complete th...

Страница 86: ...r BOOTP and DHCP values can include the IP address subnet mask and default gateway If the DHCP BOOTP server is slow to respond you may need to use the ip dhcp restart client command to re start broadc...

Страница 87: ...ddress There are several ways to configure IPv6 addresses The simplest method is to automatically generate a link local address identified by an address prefix of FE80 This address type makes the swit...

Страница 88: ...ter 2 From the interface prompt type ipv6 address autoconfig and press Enter 3 Type ipv6 enable and press Enter to enable IPv6 on an interface that has not been configured with an explicit IPv6 addres...

Страница 89: ...lient requests If the switch fails to download the bootup configuration file based on information passed by the DHCP server it will not send any further DHCP client requests If the switch does not rec...

Страница 90: ...2 168 255 160 192 168 255 200 option routers 192 168 255 101 option tftp server name 192 168 255 100 Default Option 66 option bootfile name bootfile Default Option 67 class Option66 67_2 DHCP Option 6...

Страница 91: ...ages from the switch You therefore need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are...

Страница 92: ...ONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write assign...

Страница 93: ...the switch operations and provides the CLI and web management interfaces See Managing System Files on page 122 for more information Diagnostic Code Software that is run during system boot up also know...

Страница 94: ...rrent configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Ente...

Страница 95: ...Interface Configuration on page 149 VLAN Configuration on page 193 Address Table Settings on page 227 Spanning Tree Algorithm on page 237 Rate Limit Configuration on page 227 Storm Control Configurat...

Страница 96: ...SECTION II Web Configuration 96...

Страница 97: ...page 83 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setti...

Страница 98: ...for most configuration parameters Refer to Configuring User Accounts on page 324 for more details HOME PAGE When your web browser connects with the switch s web agent the home page is displayed as sho...

Страница 99: ...s ports The Mode can be set to display different information for the ports including Active i e up or down Duplex i e half or full duplex or Flow Control i e with or without flow control Figure 2 Fro...

Страница 100: ...ows the transfer and copying files 122 Set Startup Sets the startup file 125 Show Shows the files stored in flash memory allows deletion of files 126 Automatic Operation Code Upgrade Automatically upg...

Страница 101: ...any cable faults short open etc and report the cable length 168 Trunk Static 171 Configure Trunk 171 Add Creates a trunk along with the first port member 171 Show Shows the configured trunk identifier...

Страница 102: ...Static Add Creates VLAN groups 196 Show Displays configured VLAN groups 196 Modify Configures group name and administrative status 196 Edit Member by VLAN Specifies VLAN attributes per VLAN 198 Edit M...

Страница 103: ...29 Add Configures static entries in the address table 229 Show Displays static entries in the address table 229 Dynamic Configure Aging Sets timeout for dynamically learned entries 231 Show Dynamic MA...

Страница 104: ...eded the upper threshold and the time to release the control response after traffic has fallen beneath the lower threshold 266 Configure Interface Sets the storm control mode broadcast or multicast th...

Страница 105: ...to the VoIP device manufacturer 303 Show Shows the OUI telephony list 303 Configure Interface Configures VoIP traffic settings for ports including the way in which a port is added to the Voice VLAN f...

Страница 106: ...ation and access to the network when 802 1X or Network Access authentication are infeasible or impractical 326 Configure Global Configures general protocol settings 326 Configure Interface Enables Web...

Страница 107: ...es packet filtering based on IP or MAC addresses and other packet attributes 354 Show Rule Shows the rules specified for an ACL 354 Configure Interface Binds a port to the specified ACL and time range...

Страница 108: ...IPv6 traffic based on static entries in the IP Source Guard table or dynamic entries in the DHCP Snooping table 404 Port Configuration Enables IPv6 source guard and selects filter type per port 404 St...

Страница 109: ...iew 452 Show OID Subtree Shows the subtrees assigned to each view 452 Configure Group 455 Add Adds a group with access policies for assigned users 455 Show Shows configured groups and access policies...

Страница 110: ...les clustering for the switch sets Commander status 485 Configure Member Adds switch Members to the cluster 486 Show Member Shows cluster switch member managed switch members 488 ERPS Ethernet Ring Pr...

Страница 111: ...e connectivity faults by requesting a target node to echo the message back to the source 536 Transmit Delay Measure Sends periodic delay measure requests to a specified MEP within a maintenance associ...

Страница 112: ...in the IPv6 neighbor discovery cache 580 Show Statistics 581 IPv6 Shows statistics about IPv6 traffic 581 ICMPv6 Shows statistics about ICMPv6 messages 581 UDP Shows statistics about UDP messages 581...

Страница 113: ...ures parameters for multicast snooping 610 Multicast Router 614 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 614 Show Static Multicast Router Displays...

Страница 114: ...es the immediate leave status of a VLAN 636 Multicast Router Statically attach an interface to an IPv6 multicast router 637 Add Specifies the interface to be attached to the IPv6 multicast router 637...

Страница 115: ...e Profile 663 Add Configures multicast stream addresses 663 Show Shows multicast stream addresses 663 Associate Profile 663 Add Maps an address profile to a domain 663 Show Shows addresses profile to...

Страница 116: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 116...

Страница 117: ...files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring The Console Port Sets console port connection parameters Configuring Telnet Settings...

Страница 118: ...e Name assigned to the switch system System Location Specifies the system location System Contact Administrator responsible for the system WEB INTERFACE To configure general system information 1 Click...

Страница 119: ...Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as Master or Slave EPLD Version Version number of EEPROM Programmable Logic De...

Страница 120: ...ystem Management Commands on page 699 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is...

Страница 121: ...st addresses Refer to Setting Static Addresses on page 229 VLAN Version Number Based on IEEE 802 1Q 1 indicates Bridges that support only single spanning tree SST operation and 2 indicates Bridges tha...

Страница 122: ...ystem File Copy page to upload download firmware or configuration settings using FTP TFTP or HTTP By backing up a file to an FTP TFTP server or management station that file can later be downloaded to...

Страница 123: ...firmware File Name The file name should not contain slashes or and the maximum length for file names is 32 characters for files on the switch or 128 characters for files on the server Valid characters...

Страница 124: ...tion settings are not automatically saved by the system for subsequent use when the switch is rebooted You must save these settings to the current startup file or to another file which can be subseque...

Страница 125: ...5 Then click Apply Figure 8 Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file reboot the system via the System Reset menu SETTING...

Страница 126: ...System File Show page to show the files in the system directory or to delete a file NOTE Files designated for start up and the Factory_Default_Config cfg file cannot be deleted CLI REFERENCES dir on...

Страница 127: ...he file name of the code stored on the remote server must be es3528mv2 bix using upper case and lower case letters exactly as indicated here Enter the file name for other switches described in this ma...

Страница 128: ...switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image PARAMETERS The following parameters are displayed Automatic Opcode Upgra...

Страница 129: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL Examples The following...

Страница 130: ...3 Mark the check box to enable Automatic Opcode Upgrade 4 Enter the URL of the FTP or TFTP server and the path and directory containing the operation code 5 Click Apply Figure 11 Configuring Automati...

Страница 131: ...time server IP addresses The switch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY Use the System Time Configure General Manual page to set the system time on t...

Страница 132: ...S Time on page 749 PARAMETERS The following parameters are displayed Current Time Shows the current time set on the switch SNTP Polling Interval Sets the interval between sending requests for a time u...

Страница 133: ...between the switch and NTP servers Default Disabled You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers The authentication keys and their a...

Страница 134: ...address for up to three SNTP time servers CLI REFERENCES sntp server on page 752 PARAMETERS The following parameters are displayed SNTP Server IP Address Sets the IPv4 or IPv6 address for up to three...

Страница 135: ...time servers configured the responses received are filtered and compared to determine the most reliable and accurate time update for the switch Version Specifies the NTP version supported by the serve...

Страница 136: ...key list CLI REFERENCES ntp authentication key on page 753 PARAMETERS The following parameters are displayed Authentication Key Specifies the number of the key in the NTP Authentication Key List to us...

Страница 137: ...ct Add NTP Authentication Key from the Action list 4 Enter the index number and MD5 authentication key string 5 Click Apply Figure 18 Adding an NTP Authentication Key To show the list of configured NT...

Страница 138: ...You can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock timezone on page 760 PARAMETERS The following...

Страница 139: ...ds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface become...

Страница 140: ...E To configure parameters for the console port 1 Click System then Console 2 Specify the connection parameters as required 3 Click Apply Figure 21 Console Port Settings CONFIGURING TELNET SETTINGS Use...

Страница 141: ...detected within the timeout interval the current session is terminated Range 60 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of f...

Страница 142: ...cpu on page 711 PARAMETERS The following parameters are displayed Time Interval The interval at which to update the displayed utilization rate Options 1 5 10 30 60 seconds Default 1 second CPU Utiliza...

Страница 143: ...utilization parameters CLI REFERENCES show memory on page 710 PARAMETERS The following parameters are displayed Free Size The amount of memory currently free for use Used Size The amount of memory al...

Страница 144: ...lays information on the next scheduled reload and selected reload mode as shown in the following example The switch will be rebooted at March 9 12 00 00 2012 Remaining Time 0 days 2 hours 46 minutes 5...

Страница 145: ...ularly Specifies a periodic interval at which to reload the switch Time HH The hour at which to reload Range 00 23 MM The minute at which to reload Range 00 59 Period Daily Every day Weekly Day of the...

Страница 146: ...CHAPTER 4 Basic Management Tasks Resetting the System 146 Figure 25 Restarting the Switch Immediately Figure 26 Restarting the Switch In...

Страница 147: ...CHAPTER 4 Basic Management Tasks Resetting the System 147 Figure 27 Restarting the Switch At Figure 28 Restarting the Switch Regularly...

Страница 148: ...CHAPTER 4 Basic Management Tasks Resetting the System 148...

Страница 149: ...Displaying Transceiver Data Displays identifying information and operational parameters for optical transceivers which support DDM Configuring Transceiver Thresholds Configures thresholds for alarm a...

Страница 150: ...under auto negotiation the required operation modes must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation should always be u...

Страница 151: ...ation 10f Supports 10 Mbps full duplex operation 100h Supports 100 Mbps half duplex operation 100f Supports 100 Mbps full duplex operation 1000f Gigabit ports only Supports 1000 Mbps full duplex opera...

Страница 152: ...ce capabilities to advertise or manually fix the speed duplex mode and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page...

Страница 153: ...rameters are displayed Port Port identifier Type Indicates the port type 100BASE TX 1000BASE T 100BASE SFP or 1000BASE SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Stat...

Страница 154: ...ng as described in this section or from one or more source ports on remote switches to a destination port on this switch remote port mirroring as described in Configuring Remote Port Mirroring on page...

Страница 155: ...or the traffic on the source port Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Both WEB INTERFACE To configure a local mirror session 1 C...

Страница 156: ...to any RSPAN destination port monitoring the RSPAN VLAN as shown in the figure below Figure 35 Configuring Remote Port Mirroring CLI REFERENCES RSPAN Mirroring Commands on page 1020 COMMAND USAGE Traf...

Страница 157: ...this switch RSPAN Ports Only ports can be configured as an RSPAN source destination or uplink static and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface so...

Страница 158: ...ed traffic from one or more sources to one or more destinations Destination Specifies this device as a switch configured with a destination port which is to receive mirrored traffic for this session R...

Страница 159: ...d and receive switched traffic and participate in any Layer 2 protocols to which it has been assigned Tag Specifies whether or not the traffic exiting the destination port to the monitoring device car...

Страница 160: ...statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per seco...

Страница 161: ...el protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Received Unknown Packets The number of packets r...

Страница 162: ...ets Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less than 64 octets long e...

Страница 163: ...rop down list 4 Use the Refresh button at the bottom of the page if you need to update the screen Figure 39 Showing Port Statistics Table To show a chart of port statistics 1 Click Interface Port Char...

Страница 164: ...and operational for optical transceivers which support Digital Diagnostic Monitoring DDM CLI REFERENCES show interfaces transceiver on page 996 PARAMETERS These parameters are displayed Port Port num...

Страница 165: ...nctional parameters for optical transceivers 1 Click Interface Port Transceiver 2 Select a port from the scroll down list Figure 41 Displaying Transceiver Data CONFIGURING TRANSCEIVER THRESHOLDS Use t...

Страница 166: ...tal Diagnostic Monitoring DDM provides information on transceiver parameters Trap Sends a trap when any of the transceiver s operation values falls outside of specified thresholds Default Disabled Aut...

Страница 167: ...eshold and the last sample value was greater than the threshold After a falling event has been generated another such event will not be generated until the sampled value has risen above the low thresh...

Страница 168: ...USAGE Cable diagnostics are performed using Digital Signal Processing DSP test methods DSP analyses the cable by sending a pulsed signal into the cable and then examining the reflection of that pulse...

Страница 169: ...or the approximate cable length if no fault is found To ensure more accurate measurement of the length to a fault first disable power saving mode on the link partner before running cable diagnostics...

Страница 170: ...aced in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it COMMAND USAGE Besides balancing the load across each port in the trunk the...

Страница 171: ...s switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the po...

Страница 172: ...t Add Member from the Action list 4 Select a trunk identifier 5 Set the unit and port for an additional trunk member 6 Click Apply Figure 46 Adding Static Trunks Members To configure connection parame...

Страница 173: ...3 Select Show Information from the Action list Figure 48 Showing Information for Static Trunks CONFIGURING A DYNAMIC TRUNK Use the Interface Trunk Dynamic pages to set the administrative key for an ag...

Страница 174: ...admin key matches and 3 the LAG admin key matches if configured However if the LAG admin key is set then the port admin key must be set to the same value for a port to be allowed to join that group N...

Страница 175: ...mined by port s link speed and copied to Oper Key The Partner Admin Key is assigned to zero and the Oper Key is set based upon LACP PDUs received from the Partner System Priority LACP system priority...

Страница 176: ...he command attributes have the same meaning as those used for the port actor WEB INTERFACE To configure the admin key for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Aggregator...

Страница 177: ...igure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure the required settings 6 Click Apply Figure 52 Configuring LACP Parameters on a Po...

Страница 178: ...re from the Action List 4 Modify the required interface settings See Configuring by Port List on page 150 for a description of the interface settings 5 Click Apply Figure 54 Configuring Connection Set...

Страница 179: ...Table 8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marke...

Страница 180: ...CPDU information Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive m...

Страница 181: ...rnal 5 Select a group member from the Port list Figure 57 Displaying LACP Port Internal Information Admin State Oper State continued Aggregation The system considers this link to be aggregatable i e a...

Страница 182: ...n Information Parameter Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port...

Страница 183: ...IP Address All traffic with the same destination IP address is output on the same link in a trunk This mode works best for switch to router trunk links where traffic through the switch is destined fo...

Страница 184: ...C Address All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through the switch is received from man...

Страница 185: ...on exists When using power savings mode the switch checks for energy on the circuit to determine if there is a link partner If none is detected the switch automatically turns off the transmitter and m...

Страница 186: ...rs are displayed Port Power saving mode only applies to the Gigabit Ethernet ports using copper media Power Saving Status Adjusts the power provided to ports based on the length of the cable used to c...

Страница 187: ...ts allowing different clients to share access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Globa...

Страница 188: ...ed on the settings specified by other functions such as VLANs and spanning tree protocol A port cannot be configured in both an uplink and downlink list A port can only be assigned to one traffic segm...

Страница 189: ...rface to the segmented group by setting the direction to uplink or downlink Default Uplink Interface Displays a list of ports or trunks Port Port Identifier Range 1 28 Trunk Trunk Identifier Range 1 1...

Страница 190: ...ge 1138 COMMAND USAGE Use this feature to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong The following figure shows VLANs 1...

Страница 191: ...nstance either STP RSTP or an MSTP instance depending on the selected STA mode If both VLAN trunking and ingress filtering are disabled on an interface packets with unknown VLAN tags will still be all...

Страница 192: ...CHAPTER 5 Interface Configuration VLAN Trunking 192 Figure 65 Configuring VLAN Trunking...

Страница 193: ...n Maps VLAN IDs between the customer and the service provider IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provid...

Страница 194: ...oup s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate...

Страница 195: ...ld be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join W...

Страница 196: ...rst strip off the VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an u...

Страница 197: ...ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows if RSPAN is enabled on this VLAN see Configuring Remote Port Mirroring on page 156 WE...

Страница 198: ...howing Static VLANs ADDING STATIC MEMBERS TO VLANS Use the VLAN Static page to configure port members for the selected VLAN index interface or a range of interfaces Use the menus for editing port memb...

Страница 199: ...unk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the...

Страница 200: ...ort will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is fo...

Страница 201: ...et the Interface type to display as Port or Trunk 4 Modify the settings for any interface as required 5 Click Apply Figure 71 Configuring Static Members by VLAN Index To configure static members by in...

Страница 202: ...e Action list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptable frame type and ingress filterin...

Страница 203: ...globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets received on this port will be discarded and no GVRP registrations wi...

Страница 204: ...tch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch 1 Click VLAN Dynamic 2 Select Co...

Страница 205: ...N Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 76 Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN 1 Click V...

Страница 206: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Страница 207: ...tag is copied to the outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags...

Страница 208: ...l to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled If...

Страница 209: ...3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Enable Tun...

Страница 210: ...D This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example if 0x1234 is set as the custom 802...

Страница 211: ...ag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods of queue management at intermediate nodes ac...

Страница 212: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 80 Configuring CVLAN to SPVLAN Mapp...

Страница 213: ...e attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set t...

Страница 214: ...uired protocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets COMMAND USAGE To configure protocol based VLAN...

Страница 215: ...VLAN Group Range 1 2147483647 NOTE Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet tra...

Страница 216: ...he VLAN Protocol Configure Interface Add page to map a protocol group to a VLAN for each interface that will participate in the group CLI REFERENCES protocol vlan protocol group Configuring Interfaces...

Страница 217: ...of ports or trunks Port Port Identifier Range 1 28 Trunk Trunk Identifier Range 1 12 Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which m...

Страница 218: ...nterfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a po...

Страница 219: ...P subnet consists of an IP address and a mask The specified VLAN need not be an existing VLAN When an untagged frame is received by a port the source IP address is checked against the IP subnet to VLA...

Страница 220: ...field 4 Enter a mask in the Subnet Mask field 5 Enter the identifier in the VLAN field Note that the specified VLAN need not already be configured 6 Enter a value to assign to untagged frames in the...

Страница 221: ...MAC addresses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VL...

Страница 222: ...e VLANs to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source VLAN s in a completely unobtrusive manne...

Страница 223: ...t cannot be set to the same target ports as that used for port mirroring see Configuring Local Port Mirroring on page 154 When traffic matches the rules for both port mirroring and for mirroring of VL...

Страница 224: ...evice can be configured to swap the customer s VLAN ID with the service provider s VLAN ID for upstream traffic or the service provider s VLAN ID with the customer s VLAN ID for downstream traffic For...

Страница 225: ...PARAMETERS These parameters are displayed Old VLAN The original VLAN ID Range 1 4094 New VLAN The new VLAN ID Range 1 4094 WEB INTERFACE To configure VLAN translation 1 Click VLAN Translation 2 Selec...

Страница 226: ...CHAPTER 6 VLAN Configuration Configuring VLAN Translation 226...

Страница 227: ...ed source address to a target port CONFIGURING MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable MAC address learning on an interface CLI REFERENCES mac learning on pa...

Страница 228: ...ity Status see Configuring Port Security on page 382 is enabled on the same interface PARAMETERS These parameters are displayed Interface Displays a list of ports or trunks Port Port Identifier Range...

Страница 229: ...ollowing characteristics Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be writt...

Страница 230: ...m the Action list 3 Specify the VLAN the port or trunk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 97 Configuring Static MAC Addresses...

Страница 231: ...ddress table aging time on page 1059 PARAMETERS These parameters are displayed Aging Status Enables disables the function Aging Time The time after which a learned entry is discarded Range 10 844 seco...

Страница 232: ...RENCES show mac address table on page 1061 PARAMETERS These parameters are displayed Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk MAC Address Ph...

Страница 233: ...parameters are displayed Clear by All entries can be cleared or you can clear the entries for a specific MAC address all the entries in a VLAN or all the entries associated with a port or trunk WEB I...

Страница 234: ...get port will be mirrored to the destination port All mirror sessions must share the same destination port Spanning Tree BPDU packets are not mirrored to the target port When mirroring port traffic th...

Страница 235: ...packets based on a MAC address 1 Click MAC Address Mirror 2 Select Add from the Action list 3 Specify the source MAC address and destination port 4 Click Apply Figure 102 Mirroring Packets Based on th...

Страница 236: ...CHAPTER 7 Address Table Settings Configuring MAC Address Mirroring 236...

Страница 237: ...nt switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes...

Страница 238: ...seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and...

Страница 239: ...cations with STP or RSTP nodes in the global network Figure 106 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tree MSTP connects all bridges and LAN segments with a single Commo...

Страница 240: ...f loopback detection is not enabled and an interface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection w...

Страница 241: ...e will be automatically enabled when the shutdown interval has expired If an interface is shut down due to a detected loopback and the release mode is set to Manual the interface can be re enabled usi...

Страница 242: ...he RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridg...

Страница 243: ...y is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the...

Страница 244: ...lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconverge All device ports except for desi...

Страница 245: ...ure key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision3 The revision for this MSTI Range 0 65535 Default 0 Region Name3...

Страница 246: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 246 Figure 108 Configuring Global Settings for STA STP Figure 109 Configuring Global Settings for STA RSTP...

Страница 247: ...ing tree on page 1090 show spanning tree mst configuration on page 1092 PARAMETERS The parameters displayed are described in the preceding section except for the following items Bridge ID A unique ide...

Страница 248: ...CE To display global STA settings 1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Show Information from the Action list Figure 111 Displaying Global Settings for STA CO...

Страница 249: ...network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin Path Cost This parameter i...

Страница 250: ...ing tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding...

Страница 251: ...te In a valid configuration configured edge ports should not receive BPDUs If an edge port receives a BPDU an invalid configuration exists such as a connection to an unauthorized device The BPDU guard...

Страница 252: ...has been enabled on this interface BPDU Flooding Shows if BPDUs will be flooded to other ports when spanning tree is disabled globally on the switch or disabled on a specific port STA Status Displays...

Страница 253: ...designated bridging device through which this switch must communicate with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tre...

Страница 254: ...Step list 3 Select Show Information from the Action list Figure 114 Displaying Interface Settings for STA Alternate port receives more useful BPDUs from another bridge and is therefore not selected as...

Страница 255: ...bridges within the same MSTI Region page 242 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single nod...

Страница 256: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Страница 257: ...e priority for an MSTP Instance 5 Click Apply Figure 117 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Страница 258: ...ect an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 11...

Страница 259: ...in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree Thi...

Страница 260: ...trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Figure 121 Co...

Страница 261: ...e Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface Rat...

Страница 262: ...e Traffic Storm Control page to configure broadcast multicast and unknown unicast storm control thresholds Traffic storms may occur when a device on your network is malfunctioning or if application pr...

Страница 263: ...rol on the same interface may lead to unexpected results It is therefore not advisable to use both of these commands on the same interface PARAMETERS These parameters are displayed Interface Displays...

Страница 264: ...esholds for broadcast and multicast storms which can automatically trigger rate limits or shut down a port CLI REFERENCES Automatic Traffic Control Commands on page 1031 COMMAND USAGE ATC includes sto...

Страница 265: ...Control Release Trap sent and logged Note that if the control action has shut down a port it can only be manually re enabled using Manual Control Release see page 267 The traffic control response of...

Страница 266: ...se it must be manually re enabled using the Manual Control Release see page 267 PARAMETERS These parameters are displayed in the web interface Broadcast Apply Timer The interval after the upper thresh...

Страница 267: ...d Automatic storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be a...

Страница 268: ...ets per second Default 250 pps If rate limiting has been configured as a control response and Auto Control Release is enabled rate limiting will be discontinued after the traffic rate has fallen benea...

Страница 269: ...omatic Storm Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response...

Страница 270: ...CHAPTER 9 Congestion Control Automatic Traffic Control 270...

Страница 271: ...cessing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags...

Страница 272: ...Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 129 Setting the Default Port Priority...

Страница 273: ...time is shared at the egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode applies to all int...

Страница 274: ...weighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combination of strict and weighted queueing is selected the queues which are serviced first...

Страница 275: ...and weighted queuing Up to eight separate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in Table...

Страница 276: ...queue WEB INTERFACE To map internal PHB to hardware queues 1 Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Select a port 4 Map an internal PHB to a hardware queue Depe...

Страница 277: ...s 277 Figure 133 Mapping CoS Values to Egress Queues To show the internal PHB to hardware queue map 1 Click Traffic Priority PHB to Queue 2 Select Show from the Action list 3 Select an interface Figur...

Страница 278: ...ne the hardware queues used for egress traffic not to replace the priority values These defaults are designed to optimize priority services for the majority of network applications It should not be ne...

Страница 279: ...S Use the Traffic Priority DSCP to DSCP page to map DSCP values in incoming packets to per hop behavior and drop precedence values for internal priority processing The DSCP is six bits wide allowing c...

Страница 280: ...DSCP value in ingress packets Range 0 63 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for Random Early Detection in controlling traffic...

Страница 281: ...Select Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any DSCP value 5 Click Apply Figure 136 Configuring DSCP to DSCP Internal Mapping To show the DSCP to intern...

Страница 282: ...of three bits for per hop behavior PHB which determines the queue to which a packet is sent and two bits for drop precedence namely color which is used by Random Early Detection RED to control traffi...

Страница 283: ...o DSCP 2 Select Configure from the Action list 3 Select a port 4 Set the PHB and drop precedence for any of the CoS CFI combinations 5 Click Apply Figure 138 Configuring CoS to DSCP Internal Mapping T...

Страница 284: ...e Layer 3 4 Priority Settings 284 To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list 3 Select a port Figure 139 Showing CoS...

Страница 285: ...ies different kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to pa...

Страница 286: ...lso be configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface pag...

Страница 287: ...an access control list Any type of ACL can be specified including standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6...

Страница 288: ...t the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic for t...

Страница 289: ...A policy map is then configured which indicates the boundary parameters used for monitoring inbound traffic and the action to take for conforming and non conforming traffic A policy map may contain on...

Страница 290: ...excess burst size and red otherwise The meter operates in one of two modes In the color blind mode the meter assumes that the packet stream is uncolored In color aware mode the meter assumes that som...

Страница 291: ...throughput exceeding the maximum throughput or exceeding the peak burst size The PHB label is composed of five bits three bits for per hop behavior and two bits for the color scheme used to control qu...

Страница 292: ...Tp is decremented by B else the packet is green and both Tp and Tc are decremented by B The trTCM can be used to mark a IP packet stream in a service where different decreasing levels of assurances e...

Страница 293: ...DSCP value for a matching packet as specified in rule settings for a class map Range 0 63 Meter Check this to define the maximum throughput burst rate and the action that results from a policy violat...

Страница 294: ...es that the incoming packets are pre colored The functional differences between these modes is described at the beginning of this section under srTCM Police Meter Committed Information Rate CIR Rate i...

Страница 295: ...lor Blind which assumes that the packet stream is uncolored and Color Aware which assumes that the incoming packets are pre colored The functional differences between these modes is described at the b...

Страница 296: ...t of conformance traffic Violate Specifies whether the traffic that exceeds the peak information rate PIR will be dropped or the DSCP service level will be reduced Set IP DSCP Decreases DSCP priority...

Страница 297: ...p list 3 Select Add Rule from the Action list 4 Select the name of a policy map 5 Set the CoS or per hop behavior for matching packets to specify the quality of service to be assigned to the matching...

Страница 298: ...Policies 298 Figure 146 Adding Rules to a Policy Map To show the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Show Rule from the Action list Fi...

Страница 299: ...vice policy to the required interface PARAMETERS These parameters are displayed Port Specifies a port Ingress Applies the selected rule to ingress traffic Egress Applies the selected rule to egress tr...

Страница 300: ...CHAPTER 11 Quality of Service Attaching a Policy Map to a Port 300...

Страница 301: ...acket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP...

Страница 302: ...hip is not set to access mode see Adding Static Members to VLANs on page 198 PARAMETERS These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch p...

Страница 303: ...I REFERENCES Configuring Voice VLANs on page 1161 PARAMETERS These parameters are displayed Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 8...

Страница 304: ...fine a MAC address range 6 Enter a description for the devices 7 Click Apply Figure 150 Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment 1 Click Traffic VoIP 2 Sel...

Страница 305: ...Auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port You must select a method for detecting VoIP traffic either OUI or 802 1AB LLDP When OUI is se...

Страница 306: ...ning Age starts to count down when the OUI s MAC address expires from the MAC address table Therefore the MAC address aging time should be added to the overall aging time For example if you configure...

Страница 307: ...ork Access authentication methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure...

Страница 308: ...Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for services that us...

Страница 309: ...access based on user names and passwords manually configured on the switch Remote authentication uses a remote access authentication server based on RADIUS or TACACS protocols to verify management ac...

Страница 310: ...urity AAA Server page to configure the message exchange parameters for RADIUS or TACACS remote access authentication servers Remote Authentication Dial in User Service RADIUS and Terminal Access Contr...

Страница 311: ...he authentication server The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client This switch can pass authen...

Страница 312: ...pecifies the index number of the server to be configured The switch currently supports only one TACACS server Server IP Address Address of the TACACS server A Server Index entry must be selected to di...

Страница 313: ...fined see Configuring Local Remote Logon Authentication on page 309 WEB INTERFACE To configure the parameters for RADIUS or TACACS authentication 1 Click Security AAA Server 2 Select Configure Server...

Страница 314: ...TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server...

Страница 315: ...methods the methods applied to specific interfaces and basic accounting information recorded for user sessions CLI REFERENCES AAA on page 824 COMMAND USAGE AAA authentication through a RADIUS or TACA...

Страница 316: ...cal Remote Logon Authentication on page 309 Any other group name refers to a server group configured on the Security AAA Server Configure Group page Configure Service Accounting Type Specifies the ser...

Страница 317: ...and associated server group has not been assigned to an interface Show Information Statistics User Name Displays a registered user name Accounting Type Displays the accounting service Interface Displ...

Страница 318: ...the Step list 3 Select Add from the Action list 4 Select the accounting type 802 1X Command Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 160 Configuring...

Страница 319: ...ific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3 Select...

Страница 320: ...igure 164 Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types 1 Click Security AAA Acco...

Страница 321: ...This feature performs authorization to determine if a user is allowed to run an Exec shell AAA authentication through a RADIUS or TACACS server must be enabled before authorization is enabled PARAMET...

Страница 322: ...ctions Show Information Authorization Type Displays the authorization service Method Name Displays the user defined or default accounting method Server Group Name Displays the authorization server gro...

Страница 323: ...onfigure Method from the Step list 3 Select Show from the Action list Figure 168 Showing AAA Authorization Methods To configure the authorization method applied to local console Telnet or SSH connecti...

Страница 324: ...admin with the password admin The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should ther...

Страница 325: ...onfigure encrypted passwords Password Specifies the user password Range 0 32 characters case sensitive Confirm Password Re type the string entered in the previous field to ensure no errors were made T...

Страница 326: ...n is successful the web browser is forwarded on to the originally requested web page Successful authentication is valid for all hosts connected to the port NOTE RADIUS authentication must be activated...

Страница 327: ...ttempts Default 3 attempts WEB INTERFACE To configure global parameters for web authentication 1 Click Security Web Authentication 2 Select Configure Global from the Step list 3 Enable web authenticat...

Страница 328: ...thenticate Ends all authenticated web sessions for selected host IP addresses in the Authenticated Host List and forces the users to re authenticate WEB INTERFACE To enable web authentication for a po...

Страница 329: ...nly if the source MAC address is successfully authenticated by a central RADIUS server While authentication for a MAC address is in progress all traffic is blocked until authentication is completed On...

Страница 330: ...ingress rate limit profile value is 100 kbps If duplicate profiles are passed in the Filter ID attribute then only the first profile is used For example if the attribute is service policy in p1 servic...

Страница 331: ...basis however there are two configurable parameters that apply globally to all ports on the switch Use the Security Network Access Configure Global page to configure MAC address authentication aging...

Страница 332: ...ts including enabling address authentication setting the maximum MAC count and enabling dynamic VLAN or dynamic QoS assignments CLI REFERENCES Network Access MAC Address Authentication on page 879 PAR...

Страница 333: ...ANs Default Enabled The VLAN settings specified by the first authenticated MAC address are implemented for a port Other authenticated MAC addresses on the port must have the same VLAN configuration or...

Страница 334: ...FERENCES Network Access MAC Address Authentication on page 879 PARAMETERS These parameters are displayed Link Detection Status Configures whether Link Detection is enabled or disabled for a port Condi...

Страница 335: ...e to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port C...

Страница 336: ...a MAC address filter for MAC authentication 1 Click Security Network Access 2 Select Configure MAC Filter from the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and opti...

Страница 337: ...Specifies a port interface Attribute Displays static or dynamic addresses Authenticated MAC Address List MAC Address The authenticated MAC address Interface The port interface associated with a secur...

Страница 338: ...CES Web Server on page 833 COMMAND USAGE Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same UDP port HTTP can only be...

Страница 339: ...local address PARAMETERS These parameters are displayed HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled HTTPS Port Specifies the UDP port number used f...

Страница 340: ...nique certificate and a private key and password from a recognized certification authority CAUTION For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earlies...

Страница 341: ...g the certificate to the switch Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not...

Страница 342: ...both password and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentica...

Страница 343: ...onal Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On the SSH Settings p...

Страница 344: ...eed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whet...

Страница 345: ...s the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 Server Key Size Specifie...

Страница 346: ...y pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch an...

Страница 347: ...Click Clear Figure 185 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be st...

Страница 348: ...a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version...

Страница 349: ...4 protocol port number or TCP control code IPv6 frames based on address DSCP or next header type or any frames based on MAC address or Ethernet type To filter incoming packets first create an access l...

Страница 350: ...entries in TCAM where n is the fixed number of TCAM entries needed for one ACE When compression is employed before writing the ACE into TCAM the software compresses the ACEs to reduce the number of re...

Страница 351: ...and one of the periodic time ranges PARAMETERS These parameters are displayed Add Time Range Name Name of a time range Range 1 16 characters Add Rule Time Range Name of a time range Mode Absolute Spe...

Страница 352: ...t 3 Select Show from the Action list Figure 189 Showing a List of Time Ranges To configure a rule for a time range 1 Click Security ACL 2 Select Configure Time Range from the Step list 3 Select Add Ru...

Страница 353: ...Time Range SHOWING TCAM UTILIZATION Use the Security ACL Configure ACL Show TCAM page to show utilization parameters for TCAM Ternary Content Addressable Memory including the number policy control ent...

Страница 354: ...he number of policy control entries available for use Entries Used by System The number of policy control entries used by the operating system Entries Used by User The number of policy control entries...

Страница 355: ...P control code IPv6 Standard IPv6 ACL mode filters packets based on the source IPv6 address IPv6 Extended IPv6 ACL mode filters packets based on the source or destination IP address as well as DSCP an...

Страница 356: ...n page 953 show ip access list on page 957 Time Range on page 762 PARAMETERS These parameters are displayed Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching...

Страница 357: ...ich this ACL has been assigned Time Range Name of a time range WEB INTERFACE To add rules to an IP Standard ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from th...

Страница 358: ...Destination Subnet Mask Subnet mask for source or destination address See the description for Subnet Mask on page 356 Source Destination Port Source destination port number for the specified protocol...

Страница 359: ...code 2 control bit mask 18 Time Range Name of a time range WEB INTERFACE To add rules to an IPv4 Extended ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the...

Страница 360: ...permit or deny rules Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specif...

Страница 361: ...3 Select Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type...

Страница 362: ...exadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Source Destination Prefix Length A decimal value indicat...

Страница 363: ...Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefix 8 If you sele...

Страница 364: ...with the Address and Bit Mask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source or desti...

Страница 365: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific address e g 11 22 33 44...

Страница 366: ...Default IP Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field or...

Страница 367: ...e Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If you selec...

Страница 368: ...group on page 957 mac access group on page 968 show mac access group on page 969 Time Range on page 762 PARAMETERS These parameters are displayed Type Selects the type of ACLs to bind to a port Port...

Страница 369: ...ssing the source VLAN s in a completely unobtrusive manner CLI REFERENCES Local Port Mirroring Commands on page 1017 COMMAND USAGE ACL based mirroring is only used for ingress traffic To mirror an ACL...

Страница 370: ...m the Step list 3 Select Add Mirror from the Action list 4 Select a port 5 Select the name of an ACL from the ACL list 6 Click Apply Figure 202 Configuring ACL Mirroring To show the ACLs to be mirrore...

Страница 371: ...egress traffic Name The ACL bound this port Action Shows if action is to permit or deny specified packets Rules Shows the rules for the ACL bound to this port Time Range The time during which this ACL...

Страница 372: ...database see DHCP Snooping Configuration on page 412 This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs ARP Inspection can also validate ARP...

Страница 373: ...EFERENCES ARP Inspection on page 931 COMMAND USAGE ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the following validations enables ARP Inspectio...

Страница 374: ...will be replaced with the newest entry PARAMETERS These parameters are displayed ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection Validation Enables extended ARP I...

Страница 375: ...ARP Inspection on page 931 COMMAND USAGE ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disabled ARP Inspection ACLs are configured within the AR...

Страница 376: ...s selected and static mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database When an ARP ACL is selected but static mode is not...

Страница 377: ...P Inspection and ARP Inspection Validation checks and will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limit Sets th...

Страница 378: ...rate limit Dropped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP...

Страница 379: ...og page to show information about entries stored in the log including the associated VLAN port and address components CLI REFERENCES show ip arp inspection log on page 939 PARAMETERS These parameters...

Страница 380: ...Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on the switch from an invalid address the swi...

Страница 381: ...ddress es for the Telnet group All Configures IP address es for all groups Start IP Address A single IP address or the starting address of a range End IP Address The end address of a range WEB INTERFA...

Страница 382: ...uthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message CLI REFERENCES Port S...

Страница 383: ...terconnection device PARAMETERS These parameters are displayed Port Port number Security Status Enables or disables port security on an interface Default Disabled Port Status The operational status Se...

Страница 384: ...curity CONFIGURING 802 1X PORT AUTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC Although this automatic configuration and access is...

Страница 385: ...etwork Otherwise non EAP traffic on the port is blocked or assigned to a guest VLAN based on the intrusion action setting In multi host mode only one host connected to a port needs to pass authenticat...

Страница 386: ...L frames from other switches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the edge of the network When this device is fun...

Страница 387: ...X Use the Security Port Authentication Configure Interface Authenticator page to configure 802 1X port settings for the switch as the local authenticator When 802 1X is enabled you need to configure t...

Страница 388: ...tatus is disabled if the control mode is set to Force Authorized Authorized Displays the 802 1X authorization status of connected clients Yes Connected client is authorized N A Connected client is not...

Страница 389: ...an EAP packet Range 1 65535 Default 30 seconds This command attribute sets the timeout for EAP request frames other than EAP request identity frames If dot1x authentication is enabled on a port the sw...

Страница 390: ...thenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Current Identifier Identifier sent in each EAP Success Failure or Request pack...

Страница 391: ...you need to configure the parameters for the client supplicant process if the client must be authenticated through another device in the network CLI REFERENCES 802 1X Port Authentication on page 848...

Страница 392: ...atus cannot be enabled if a port is a member of trunk or LACP is enabled on the port Authentication Period The time that a supplicant port waits for a response from the authenticator Range 1 65535 sec...

Страница 393: ...Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that ha...

Страница 394: ...ress carried in the most recent EAPOL frame received by this Supplicant Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Supplicant Rx EAP Resp Oth The number of valid E...

Страница 395: ...rt Authentication 395 WEB INTERFACE To display port authenticator statistics for 802 1X 1 Click Security Port Authentication 2 Select Show Statistics from the Step list 3 Click Authenticator Figure 21...

Страница 396: ...iciently or at all In general DoS attacks are implemented by either forcing the target to reset to consume most of its resources so that it can no longer provide its intended service or to obstruct th...

Страница 397: ...ult Enabled TCP SYN FIN Scan A TCP SYN FIN scan message is used to identify listening TCP ports The scan uses a series of strangely configured TCP packets which contain SYN synchronize and FIN finish...

Страница 398: ...ACE To protect against DoS attacks 1 Click Security DoS Protection 2 Enable protection for specific DoS attacks and set the maximum allowed rate as required 3 Click Apply Figure 219 Protecting Against...

Страница 399: ...ce Guard on page 404 or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address SIP option or both its IP address and corresponding M...

Страница 400: ...ed in the binding table Max Binding Entry The maximum number of entries that can be bound to an interface Range 1 5 Default 5 This parameter sets the maximum number of address entries that can be mapp...

Страница 401: ...he same VLAN ID and MAC address a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entry...

Страница 402: ...ure static bindings for IP Source Guard 1 Click Security IP Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 Click Apply Figure 221 Con...

Страница 403: ...VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Dynamic Binding List VLAN VLAN to which this entry is bound MAC Addre...

Страница 404: ...ration page to filter inbound traffic based on the source IPv6 address stored in the binding table IPv6 Source Guard is used to filter traffic on an insecure port which receives messages from outside...

Страница 405: ...ry is found in the binding table and the entry type is static IPv6 source guard binding the packet will be forwarded If ND snooping or DHCP snooping is enabled IPv6 source guard will check the VLAN ID...

Страница 406: ...ded to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries lear...

Страница 407: ...eplace the old one If there is an entry with same MAC address and IPv6 address and the type of the entry is either a dynamic ND snooping binding or DHCPv6 snooping binding then the new entry will repl...

Страница 408: ...B INTERFACE To configure static bindings for IPv6 Source Guard 1 Click Security IPv6 Source Guard Static Configuration 2 Select Add from the Action list 3 Enter the required bindings for each port 4 C...

Страница 409: ...of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IPv6 Address A valid global unicast IPv6 address Dynamic Binding List VLAN VLAN to which this entry is bound MAC Address Phys...

Страница 410: ...aces An entry is added or removed dynamically to the DHCP snooping table when a client receives or releases an IP address from a DHCP server Each entry includes a MAC address IP address lease time VLA...

Страница 411: ...lf to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any m...

Страница 412: ...ion CLI REFERENCES DHCPv4 Snooping on page 899 PARAMETERS These parameters are displayed DHCP Snooping Status Enables DHCP snooping globally Default Disabled DHCP Snooping MAC Address Verification Ena...

Страница 413: ...s to trusted ports Replace Replaces the Option 82 information circuit id and remote id fields in the client s request with information about the relay agent itself inserts the relay agent s address wh...

Страница 414: ...is globally re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table PARAMETERS The...

Страница 415: ...a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other...

Страница 416: ...types include DHCP Snooping Dynamically snooped VLAN VLAN to which this entry is bound Interface Port or trunk to which this entry is bound Store Writes all dynamically learned snooping entries to fla...

Страница 417: ...CHAPTER 13 Security Measures DHCP Snooping 417 3 Use the Store or Clear function if required Figure 231 Displaying the Binding Table for DHCP Snooping...

Страница 418: ...CHAPTER 13 Security Measures DHCP Snooping 418...

Страница 419: ...Monitoring RMON Configures local collection of detailed statistics or events which can be subsequently retrieved through SNMP Switch Clustering Configures centralized management by a single unit over...

Страница 420: ...sh or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM CLI REFERENCES Event Logging on page 739 PARAMETERS These parameters are displayed S...

Страница 421: ...source WEB INTERFACE To configure the logging of error messages to system memory 1 Click Administration Log System 2 Select Configure Global from the Step list 3 Enable or disable system logging set...

Страница 422: ...ages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facili...

Страница 423: ...ggered by logging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients CLI REFERENCES SMTP Alerts on page 746 PARAM...

Страница 424: ...the minimum severity level Specify the source and destination email addresses and one or more SMTP servers 3 Click Apply Figure 235 Configuring SMTP Alert Messages LINK LAYER DISCOVERY PROTOCOL Link L...

Страница 425: ...ult 30 seconds Hold Time Multiplier Configures the time to live TTL value sent in LLDP advertisements as shown in the formula below Range 2 10 Default 4 The time to live tells the receiving LLDP agent...

Страница 426: ...astChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss MED Fast Start Count Configures the amount of LLDP MED Fast Start LLDPDUs to transmit...

Страница 427: ...see Specifying Trap Managers on page 466 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a...

Страница 428: ...full name and version identification of the system s hardware type software operating system and networking software System Name The system name is taken from the sysName object in RFC 3418 which con...

Страница 429: ...advertises device details useful for inventory management such as manufacturer model software version and other pertinent information Location This option advertises location identification details Ne...

Страница 430: ...GURING LLDP INTERFACE CIVIC ADDRESS Use the Administration LLDP Configure Interface Add CA Type page to specify the physical location of the device attached to an interface CLI REFERENCES lldp med loc...

Страница 431: ...n LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interface from the Port or Trunk list 5 Specify a CA Type and CA Value pair 6 Click Apply T...

Страница 432: ...al ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field Chassis ID An octet string indicating the speci...

Страница 433: ...ly to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Trunk Description A string that indicates the port or trunk description If R...

Страница 434: ...the interface LLDP MED Capabilities Network Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory WEB INTERFACE To display LLDP information for the local devic...

Страница 435: ...tocols Link Layer Discovery Protocol 435 Figure 239 Displaying Local Device Information for LLDP General Figure 240 Displaying Local Device Information for LLDP Port Figure 241 Displaying Local Device...

Страница 436: ...e system s administratively assigned name Port Details Port Port identifier on local switch Remote Index Index of remote device attached to this port Local Port The local port to which a remote LLDP c...

Страница 437: ...ed frames are associated Remote Port Protocol VLAN List The port based protocol VLANs configured on this interface whether the given port associated with the remote system supports port based protocol...

Страница 438: ...re in use and Spare means that the spare pairs only are in use Remote Power MDI Supported Shows whether MDI power is supported on the given port associated with the remote system Remote Power Pair Con...

Страница 439: ...in octets on the port component associated with the remote system Port Details LLDP MED Capability 7 Device Class Any of the following categories of endpoint devices Class 1 The most basic class of e...

Страница 440: ...ired by the device but is currently unknown VLAN ID The VLAN identifier VID for the port as defined in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that...

Страница 441: ...n PSE Local PSE and Local PSE Unknown Primary Power Source Backup Power Source Power conservation mode Power Value The total power in watts required by a PD device from a PSE device or the total power...

Страница 442: ...port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or Trunk Details 4 When the next page opens select a port on this switch a...

Страница 443: ...CHAPTER 14 Basic Administration Protocols Link Layer Discovery Protocol 443 Figure 243 Displaying Remote Device Information for LLDP Port Details...

Страница 444: ...P capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces CLI REFERENCES show lldp info statistics on page 1317 PARAMETERS These parameter...

Страница 445: ...TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count...

Страница 446: ...nt as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A de...

Страница 447: ...ups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings NOTE The predefined default groups and view can be deleted...

Страница 448: ...p page to specify trap managers so that key events are reported by this switch to your management station 3 Use the Administration SNMP Configure Engine page to change the local engine ID If you want...

Страница 449: ...rap types 4 Click Apply Figure 247 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engine ID An SNM...

Страница 450: ...red WEB INTERFACE To configure the local SNMP engine ID 1 Click Administration SNMP 2 Select Configure Engine from the Step list 3 Select Set Engine ID from the Action list 4 Enter an ID of a least 9...

Страница 451: ...l format If an odd number of characters are specified a trailing zero is added to the value to fill in the last octet For example the value 123456789 is equivalent to 1234567890 Remote IP Host The IP...

Страница 452: ...nch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OID Subtree page to configure additional object identifiers Type Indicates if the object identif...

Страница 453: ...an SNMP View To show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Figure 252 Showing SNMP...

Страница 454: ...an SNMP View To show the OID branches configured for the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show OID Subtree from...

Страница 455: ...of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups...

Страница 456: ...the down state from some other state but not from the notPresent state This other state is indicated by the included value of ifOperStatus linkUp 1 3 6 1 6 3 1 1 5 4 A linkUp trap signifies that the S...

Страница 457: ...PortLinkDetection event is triggered dot1agCfmMepUpTrap 1 3 6 1 4 1 259 10 1 22 2 1 0 97 This trap is sent when a new remote MEP is discovered dot1agCfmMepDownTrap 1 3 6 1 4 1 259 10 1 22 2 1 0 98 Thi...

Страница 458: ...e SFP s A D values are not within alarm warning thresholds udldPortShutdownTrap 1 3 6 1 4 1 259 10 1 22 2 1 0 192 This trap is sent when the port is shut down by UDLD userAuthenticationFailureTrap 1 3...

Страница 459: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 255 Creating an SN...

Страница 460: ...ssword and permits access to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string...

Страница 461: ...be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view CLI REFERENCES snmp server user on page 785 PARAMETERS T...

Страница 462: ...t DES is currently available Privacy Password A minimum of eight plain text characters is required WEB INTERFACE To configure a local SNMPv3 user 1 Click Administration SNMP 2 Select Configure User fr...

Страница 463: ...d notify view CLI REFERENCES snmp server user on page 785 COMMAND USAGE To grant management access to an SNMPv3 user on a remote device you must first specify the engine identifier for the SNMP agent...

Страница 464: ...minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text...

Страница 465: ...anagement Protocol 465 Figure 261 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Страница 466: ...received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider t...

Страница 467: ...tification message i e the targeted recipient Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Notification Type Traps Notifications are sent as trap messages Inform Notifica...

Страница 468: ...0 255 Default 3 Local User Name The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch Range 1 32 characters If an account for the specified u...

Страница 469: ...onfigure trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Add from the Action list 4 Fill in the required parameters based on the selected SNMP version 5 C...

Страница 470: ...agers CREATING SNMP NOTIFICATION LOGS Use the Administration SNMP Configure Notify Filter Add page to create an SNMP notification log CLI REFERENCES nlm on page 790 snmp server notify filter on page 7...

Страница 471: ...d on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time...

Страница 472: ...nput and output protocol data units CLI REFERENCES show snmp on page 777 PARAMETERS The following counters are displayed SNMP packets input The total number of messages delivered to the SNMP entity fr...

Страница 473: ...er of SNMP Set Request PDUs which have been accepted and processed or generated by the SNMP protocol entity SNMP packets output The total number of SNMP Messages which were passed from the SNMP protoc...

Страница 474: ...automatically notify the network administrator of a failure and provide historical information about the event If it cannot connect to the management agent it will continue to perform any specified ta...

Страница 475: ...y be sampled Note that etherStatsEntry n uniquely defines the MIB variable and etherStatsEntry n n defines the MIB variable plus the etherStatsIndex For example 1 3 6 1 2 1 16 1 1 1 6 1 denotes etherS...

Страница 476: ...lling Event Index The index of the event to use if an alarm is triggered by monitored variables reaching or crossing below the falling threshold If there is no corresponding entry in the event control...

Страница 477: ...ered The response can include logging the alarm or sending a message to a trap manager Alarms and corresponding events provide a way of immediately responding to critical network problems CLI REFERENC...

Страница 478: ...and v2c hosts Although the community string can be set on this configuration page it is recommended that it be defined on the SNMP trap configuration page see Setting Community Access Strings on page...

Страница 479: ...RMON Configure Interface Add History page to collect statistics on a physical interface to monitor network utilization packet types and errors A historical record of activity can be used to track down...

Страница 480: ...e Show nor Show Details page for the port to which is normally assigned For example if control entry 15 is assigned to port 5 this index entry will be removed from the Show and Show Details page for p...

Страница 481: ...Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 275 Showing Configured RMON History S...

Страница 482: ...istics collection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each entry includes input octets packets broadcast packets m...

Страница 483: ...index number and the name of the owner for this entry 7 Click Apply Figure 277 Configuring an RMON Statistical Sample To show configured RMON statistical samples 1 Click Administration RMON 2 Select C...

Страница 484: ...t Switches that support clustering can be grouped together regardless of physical location or switch type as long as they are connected to the same local network COMMAND USAGE A switch cluster has a p...

Страница 485: ...AGE First be sure that clustering is enabled on the switch the default is disabled then set the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with the network IP subnet Cl...

Страница 486: ...e Step list 3 Set the required attributes for a Commander or a managed candidate 4 Click Apply Figure 280 Configuring a Switch Cluster CLUSTER MEMBER CONFIGURATION Use the Administration Cluster Confi...

Страница 487: ...idates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 281 Configuring a Cluster Members To show the cluster members 1 Click Administration Cluster 2 Select Conf...

Страница 488: ...RENCES Switch Clustering on page 766 PARAMETERS These parameters are displayed Member ID The ID number of the Member switch Range 1 36 Role Indicates the current status of the switch in the cluster IP...

Страница 489: ...tion and service availability The G 8032 recommendation also referred to as Ethernet Ring Protection Switching ERPS can be used to increase the availability and robustness of Ethernet rings An Etherne...

Страница 490: ...tomatic Protection Switching protocol request R APS as defined in Y 1731 is received which has a higher priority than any other local request A link node failure is detected by the nodes adjacent to t...

Страница 491: ...nk between the interconnection nodes that is controlled by ERP1 ERP2 is a sub ring Ring node A is the RPL owner node for ERP1 and ring node E is the RPL owner node for ERP2 These ring nodes A and E ar...

Страница 492: ...onnectivity among all ring nodes until the failure is recovered 4 Configure ERPS timers Configure Domain Configure Details Set the Guard timer to prevent ring nodes from receiving outdated R APS messa...

Страница 493: ...switch supports up to six ERPS rings each ring must have one Control VLAN and at most 255 Data VLANs Ring ports can not be a member of a trunk nor an LACP enabled port Dynamic VLANs are not supported...

Страница 494: ...tion An ERPS ring containing one Control VLAN and one or more protected Data VLANs must be configured and the global ERPS function enabled on the switch see ERPS Global Configuration on page 493 befor...

Страница 495: ...nk failure has occurred This state will switch to idle state if all the failed links recover Type Shows node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertive recove...

Страница 496: ...ddress is disabled for the R APS Def MAC parameter then the Domain ID will be used in R APS PDUs Admin Status Activates the current ERPS ring Default Disabled Before enabling a ring the global ERPS fu...

Страница 497: ...ed VLAN used for sending and receiving E APS protocol messages Range 1 4094 Configure one control VLAN for each ERPS ring First create the VLAN to be used as the control VLAN see Configuring VLAN Grou...

Страница 498: ...itch is set as the RPL neighbor for an ERPS domain the east ring port is set as the other end of the RPL The east and west connections to the ring must be specified for all ring nodes When this switch...

Страница 499: ...igher priority request the RPL Owner Node initiates reversion by blocking its traffic channel over the RPL transmitting an R APS NR RB message over both ring ports informing the ring that the RPL is b...

Страница 500: ...Owner Node to start the WTB timer b The WTB timer is cancelled if during the WTB period a higher priority request than NR is accepted by the RPL Owner Node or is declared locally at the RPL Owner Nod...

Страница 501: ...t no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another higher priority request is received If the ring node...

Страница 502: ...al port on a secondary ring must be the west port In other words if a domain has two physical ring ports this ring can only be a major ring not a secondary ring or sub domain which can have only one p...

Страница 503: ...l RAPS messages of the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can...

Страница 504: ...ust be configured as 1 If this command is disabled the following strings are used as the node identifier ERPSv1 01 19 A7 00 00 01 ERPSv2 01 19 A7 00 00 Ring ID Propagate TC Enables propagation of topo...

Страница 505: ...It does not use the normal procedure of waiting to receive an R APS NR no request message from nodes adjacent to the recovered link Instead it waits to see if the non standard health check packets loo...

Страница 506: ...ering from an FS or MS command the delay timer must be long enough to receive any latent remote FS or MS commands This delay timer called the WTB timer is defined to be 5 seconds longer than the guard...

Страница 507: ...is allowed transmission reception and forwarding of R APS messages is allowed Unknown The interface is not in a known state Local SF Shows if a signal fault exists on a link to the local node Local FS...

Страница 508: ...eters for a ring 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Configure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanni...

Страница 509: ...et Ring Protection Switching 509 Figure 291 Creating an ERPS Ring To show the configure ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Actio...

Страница 510: ...ommand was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s highest pri...

Страница 511: ...table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS condition and the node at which an FS command was issue...

Страница 512: ...riority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without...

Страница 513: ...teps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remove the forced switch command on the node...

Страница 514: ...ross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messag...

Страница 515: ...omain with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 294 Single CFM Maintenance Domain The...

Страница 516: ...within the same MA and MIPs to discover MEPs Connectivity faults are indicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors su...

Страница 517: ...MEP List see Configuring Remote Maintenance End Points This allows CFM to automatically verify the functionality of these remote end points by cross checking the static list configured on this device...

Страница 518: ...up and the switch starts cross checking the list of statically configured remote MEPs in the local maintenance domain Configure Remote MEP page see Configuring Remote Maintenance End Points against th...

Страница 519: ...forwarding loop exists Connectivity Check MEP Down Sends a trap if this device loses connectivity with a remote maintenance end point MEP or connectivity has been restored to a remote MEP which has re...

Страница 520: ...ng CFM processing on the switch first configure the required CFM domains maintenance associations and static MEPs Then set the delay time to wait for a remote MEP comes up before the switch starts cro...

Страница 521: ...ng on that interface are released and all CFM frames entering that interface are forwarded as normal data traffic WEB INTERFACE To enable CFM on an interface 1 Click Administration CFM 2 Select Config...

Страница 522: ...MA MIPs are automatically generated by the CFM protocol when the MIP Creation Type is set to Default or Explicit and the MIP creation state machine is invoked as defined in IEEE 802 1ag The default op...

Страница 523: ...anaged objects to see whether the MEP fault notification generator state machine has been reset and repeat those steps until the fault is resolved Only the highest priority defect currently detected i...

Страница 524: ...IP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 65535 MEP Archive Hold Time The time that data from a missin...

Страница 525: ...thereby setting the hierarchical relationship with other domains 5 Specify the manner in which MIPs can be created within each domain 6 Click Apply Figure 298 Configuring Maintenance Domains To show...

Страница 526: ...ions MA which define a unique CFM service instance Each MA can be identified by its parent MD the MD s maintenance level the VLAN assigned to the MA and the set of maintenance end points MEPs assigned...

Страница 527: ...ut If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA a connectivity failure is registered If a maintenance point receives a CCM with an invalid MEPID or...

Страница 528: ...s The setting for this parameter is expressed as levels 4 through 7 which in turn map to specific intervals of time Options 4 1 second 5 10 seconds 6 1 minute 7 10 minutes Connectivity Check Enables t...

Страница 529: ...sables suppression of the AIS Default Disabled WEB INTERFACE To create a maintenance association 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Add from the Action list 4...

Страница 530: ...y from the MD Index list Figure 302 Showing Maintenance Associations To configure detailed settings for maintenance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 S...

Страница 531: ...g order 1 maintenance domain at the same level as the MEP to be configured see Configuring CFM Maintenance Domains 2 maintenance association within the domain see Configuring CFM Maintenance Associati...

Страница 532: ...figure a maintenance end point 1 Click Administration CFM 2 Select Configure MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the MEPs as...

Страница 533: ...on should be statically configured to ensure full connectivity through the cross check process Remote MEPs can only be configured if local domain service access points DSAPs have already been created...

Страница 534: ...Remote MEP from the Step list 3 Select Add from the Action list 4 Select an entry from MD Index and MA Index 5 Specify the remote MEPs which exist on other devices within the same MA 6 Click Apply Fig...

Страница 535: ...s its destination or can no longer be forwarded LTMs are used to isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Faul...

Страница 536: ...C address and set the maximum number of hops allowed in the TTL field 5 Click Apply 6 Check the results in the Link Trace cache see Displaying the Link Trace Cache Figure 308 Transmitting Link Trace M...

Страница 537: ...in index Range 1 65535 MA Index MA identifier Range 1 2147483647 Source MEP ID The identifier of a source MEP that will send the loopback message Range 1 8191 Target MEP ID The identifier of a remote...

Страница 538: ...is enabled to generate frames with delay measurement DM information it periodically sends DM frames to its peer MEP in the same MA and expects to receive DM frames back from it Frame delay measuremen...

Страница 539: ...is address can be entered in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx Counts The number of times to retry sending the message if no response is received before the specified t...

Страница 540: ...ame Maintenance domain name Level Authorized maintenance level for this domain Direction Direction in which the MEP communicates CFM messages Down indicates that the MEP is facing away from the switch...

Страница 541: ...e continuity check database CLI REFERENCES show ethernet cfm maintenance points local detail mep on page 1335 PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA...

Страница 542: ...ng detection of defect conditions AIS Period The interval at which AIS information is sent AIS Transmit Level The maintenance level at which AIS information will be sent for the specified MEP Suppress...

Страница 543: ...red by the CFM protocol For a description of MIPs refer to the Command Usage section under Configuring CFM Maintenance Domains CLI REFERENCES show ethernet cfm maintenance points local on page 1334 PA...

Страница 544: ...or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1337 clear ethernet cfm maintenance poi...

Страница 545: ...gh continuity check messages or statically configured in the MEP database and verified through cross check messages CLI REFERENCES show ethernet cfm maintenance points remote detail on page 1337 PARAM...

Страница 546: ...n received or no interface status TLV was received in the last CCM Up The interface is ready to pass packets Down The interface cannot pass packets Testing The interface is in some test mode Unknown T...

Страница 547: ...cfm linktrace cache on page 1352 clear ethernet cfm linktrace cache on page 1351 PARAMETERS These parameters are displayed Hops The number hops taken to reach the target MEP MA Maintenance associatio...

Страница 548: ...nabled so the target data frame was filtered by ingress filtering Egress Action Action taken on the egress port EgrOk The targeted data frame was forwarded EgrDown The Egress Port can be identified bu...

Страница 549: ...age 1357 PARAMETERS These parameters are displayed MEP ID Maintenance end point identifier MD Name Maintenance domain name MA Name Maintenance association name Highest Defect The highest defect that w...

Страница 550: ...are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote MA...

Страница 551: ...continuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 318 Showing Continuity Check Errors OAM...

Страница 552: ...terface is not operational Passive Wait This value is returned only by OAM entities in passive mode and indicates the OAM entity is waiting to see if the peer device is OAM capable Active Send Local T...

Страница 553: ...events An errored frame is a frame in which one or more bits are errored An errored frame link event occurs if the threshold is reached or exceeded within the specified period If reporting is enabled...

Страница 554: ...the various types of OAM messages passed across each port CLI REFERENCES show efm oam counters interface on page 1369 PARAMETERS These parameters are displayed Port Port identifier Range 1 28 Clear Cl...

Страница 555: ...ND USAGE When a link event occurs no matter whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted...

Страница 556: ...ion Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where tr...

Страница 557: ...1368 COMMAND USAGE You can use this command to perform an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of e...

Страница 558: ...The number of loop back frames transmitted during the last loopback test on this interface Packets Received The number of loop back frames received during the last loopback test on this interface Los...

Страница 559: ...op Back Test DISPLAYING RESULTS OF REMOTE LOOP BACK TESTING Use the Administration OAM Remote Loop Back Show Test Result page to display the results of remote loop back testing for each port for which...

Страница 560: ...INTERFACE To display the results of remote loop back testing for each port for which this information is available 1 Click Administration OAM Remote Loop Back 2 Select Show Test Result from the Action...

Страница 561: ...etwork Trace Route Sends ICMP echo request packets to another node on the network Address Resolution Protocol Describes how to configure ARP aging time Also shows how to display the ARP cache IPv4 Con...

Страница 562: ...network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is u...

Страница 563: ...set at one This causes the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round tri...

Страница 564: ...each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry for an IP add...

Страница 565: ...ES arp timeout on page 1403 PARAMETERS These parameters are displayed Timeout Sets the aging time for dynamic entries in the ARP cache Range 300 86400 seconds Default 1200 seconds or 20 minutes The AR...

Страница 566: ...VERSION 4 This section describes how to configure an IPv4 interface for management access over the network This switch supports both IPv4 and IPv6 and can be managed through either of these address t...

Страница 567: ...with your network You may also need to a establish a default gateway between the switch and management stations that exist on another network segment You can direct the device to obtain an address fro...

Страница 568: ...the primary address cannot be removed if a secondary address is still present Also if any router or switch in a network segment uses a secondary address all other routers switches in that segment must...

Страница 569: ...t 4 Select the VLAN through which the management station is attached set the IP Address Mode to DHCP or BOOTP 5 Click Apply to save your changes 6 Then click Restart DHCP to immediately request a new...

Страница 570: ...rface SETTING THE SWITCH S IP ADDRESS IP VERSION 6 This section describes how to configure an IPv6 interface for management access over the network This switch supports both IPv4 and IPv6 and can be m...

Страница 571: ...E To configure an IPv6 default gateway for the switch 1 Click IP IPv6 Configuration 2 Select Configure Global from the Action list 3 Enter the IPv6 default gateway 4 Click Apply Figure 333 Configuring...

Страница 572: ...ment station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4094 Address Autoconfig Enables stateless autoconfiguration of IPv6 addresses...

Страница 573: ...duplicate address detection for all unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a t...

Страница 574: ...ation is known as DHCPv6 stateful autoconfiguration in which a DHCPv6 server assigns stateful addresses to IPv6 hosts The M flag is set to 0 and the O flag is set to 1 DHCPv6 is used only for other co...

Страница 575: ...matically configure a link local address and enable IPv6 on the selected interface Set the MTU size the maximum number of duplicate address detection messages the neighbor solicitation message interva...

Страница 576: ...ally generate a link local unicast address The prefix length for a link local address is fixed at 64 bits and the host portion of the default address is based on the modified EUI 64 Extended Universal...

Страница 577: ...full IPv6 address including the network prefix and host address bits followed by a forward slash and a decimal value indicating how many contiguous bits from the left of the address comprise the prefi...

Страница 578: ...ifier of 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device as long as those interfaces are attached to di...

Страница 579: ...local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF0...

Страница 580: ...cated by the value Permanent Link layer Addr Physical layer MAC address State The following states are used for dynamic entries Incomplete Address resolution is being carried out on the entry A neighb...

Страница 581: ...ly of long packets if necessary for transmission through small packet networks State continued Delay More than the ReachableTime interval has elapsed since the last positive confirmation was received...

Страница 582: ...input datagrams discarded due to errors in their IPv6 headers including version number mismatch other format errors hop count exceeded IPv6 options etc Too Big Errors The number of input datagrams th...

Страница 583: ...ch were Source Routed via this entity and the Source Route processing was successful Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented Requests The t...

Страница 584: ...Group Membership Query messages received by the interface Group Membership Response Messages The number of ICMPv6 Group Membership Response messages received by the interface Group Membership Reducti...

Страница 585: ...s The number of ICMPv6 Group Membership Response messages sent Group Membership Reduction Messages The number of ICMPv6 Group Membership Reduction messages sent Multicast Listener Discovery Version 2...

Страница 586: ...Address IP Version 6 586 WEB INTERFACE To show the IPv6 statistics 1 Click IP IPv6 Configuration 2 Select Show Statistics from the Action list 3 Click IPv6 ICMPv6 or UDP Figure 339 Showing IPv6 Statis...

Страница 587: ...w ipv6 mtu on page 1416 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure...

Страница 588: ...CHAPTER 15 IP Configuration Setting the Switch s IP Address IP Version 6 588...

Страница 589: ...SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network When a client device designates this...

Страница 590: ...or DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of domain names to be tried in sequential order CLI REFERENCES ip domain list on page...

Страница 591: ...Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Add...

Страница 592: ...until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status P...

Страница 593: ...OMMAND USAGE Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are dis...

Страница 594: ...ve been learned via the designated name servers CLI REFERENCES show dns cache on page 1380 COMMAND USAGE Servers or other network devices may support one or more connections via multiple IP addresses...

Страница 595: ...p If a subnet does not already include a BOOTP or DHCP server you can relay DHCP client requests to a DHCP server on another subnet SPECIFYING A DHCP CLIENT IDENTIFIER Use the IP Service DHCP Client p...

Страница 596: ...ING DHCP RELAY OPTION 82 Use the IP Service DHCP Relay page to configure DHCP relay service for attached host devices including DHCP option 82 information DHCP provides an option for sending informati...

Страница 597: ...IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then passes the DHCP response rec...

Страница 598: ...ut is not relayed DHCP reply packets received by the relay agent are handled as follows When the relay agent receives a DHCP reply packet with Option 82 information over the management VLAN it first e...

Страница 599: ...acket onto the VLAN that received it instead of relaying it This is the default Keep Retains the Option 82 information in the client request inserts the relay agent s address and unicasts the packet t...

Страница 600: ...the remote ID 6 Enter up to five IP addresses for DHCP servers or relay servers in order of preference 7 Click Apply Figure 353 Configuring DHCP Relay Information Option 82 Service CONFIGURING THE PP...

Страница 601: ...globally before it can be enabled on an interface Access Node Identifier String identifying this switch as an PPPoE IA to the PPPoE server Range 1 48 ASCII characters Default IP address of first IPv4...

Страница 602: ...aces connecting the switch to a PPPoE Server as trusted Interfaces that connect the switch to users PPPoE clients should be set as untrusted At least one trusted interface must be configured on the sw...

Страница 603: ...D tag inserted by the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients Operational Circuit ID The configured circuit identifier Remote ID...

Страница 604: ...covery Initiation messages PADO PPPoE Active Discovery Offer messages PADR PPPoE Active Discovery Request messages PADS PPPoE Active Discovery Session Confirmation messages PADT PPPoE Active Discovery...

Страница 605: ...CHAPTER 16 IP Services Configuring the PPPoE Intermediate Agent 605 Figure 356 Showing PPPoE Intermediate Agent Statistics g...

Страница 606: ...CHAPTER 16 IP Services Configuring the PPPoE Intermediate Agent 606...

Страница 607: ...ion for IPv6 Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation OVERVIEW Multicasting is used to s...

Страница 608: ...s only It then propagates the service request up to any neighboring multicast switch router to ensure that it will continue to receive the multicast service The purpose of IP multicast filtering is to...

Страница 609: ...be forwarded from any source except for those specified In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources NOTE When the switch is configu...

Страница 610: ...ast traffic only to the ports that request it This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance CLI REFERENCES IGMP Snooping on page 1204...

Страница 611: ...sion means that specific queries are not forwarded from an upstream multicast router to hosts downstream from this device When proxy reporting is disabled all IGMP reports received by the switch are f...

Страница 612: ...e spanning tree change occurred When an upstream multicast router receives this solicitation it immediately issues an IGMP general query A query solicitation can be sent whenever the switch notices a...

Страница 613: ...the new upstream interface This command only applies when proxy reporting is enabled Router Port Expire Time The time the switch waits after the previous querier stops before it considers it to have...

Страница 614: ...erface and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate...

Страница 615: ...ect the VLAN which will forward all the corresponding multicast traffic and select the port or trunk attached to the multicast router 4 Click Apply Figure 359 Configuring a Static Interface for a Mult...

Страница 616: ...can be dynamically configured using IGMP Snooping and IGMP Query messages see Configuring IGMP Snooping and Query Parameters on page 610 However for certain applications that require tighter control i...

Страница 617: ...ion list 3 Select the VLAN that will propagate the multicast service specify the interface attached to a multicast service through an IGMP enabled switch or multicast router and enter the multicast IP...

Страница 618: ...messages to discover multicast routers is insufficient due to query suppression MRD therefore provides a standardized way to identify multicast routers without relying on any particular multicast rou...

Страница 619: ...ed Otherwise this kind of packet is only forwarded to known multicast routing ports PARAMETERS These parameters are displayed VLAN ID of configured VLANs Range 1 4094 IGMP Snooping Status When enabled...

Страница 620: ...uery suppression is enabled then these messages are forwarded only to downstream ports which have joined a multicast service Proxy Reporting Enables IGMP Snooping with Proxy Reporting Default Based on...

Страница 621: ...31744 tenths of a second Default 10 seconds This command applies when the switch is serving as the querier page 610 or as a proxy host when IGMP snooping proxy reporting is enabled page 610 Last Membe...

Страница 622: ...ll address in IGMP reports sent to upstream ports Many hosts do not implement RFC 4541 and therefore do not understand query messages with the source address of 0 0 0 0 These hosts will therefore not...

Страница 623: ...ulticast data drop on page 1234 PARAMETERS These parameters are displayed Interface Specifies port or trunk selection IGMP Query Drop Configures an interface to drop any IGMP query packets received on...

Страница 624: ...610 PARAMETERS These parameters are displayed VLAN An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address Group Address IP multicast group...

Страница 625: ...display IGMP snooping protocol related statistics for the specified interface CLI REFERENCES show ip igmp snooping statistics on page 1224 PARAMETERS These parameters are displayed VLAN VLAN identifie...

Страница 626: ...ry messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query...

Страница 627: ...essages 1 Click Multicast IGMP Snooping Statistics 2 Select Show Query Statistics from the Action list 3 Select a VLAN Figure 368 Displaying IGMP Snooping Statistics Query To display IGMP snooping pro...

Страница 628: ...igure 369 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Act...

Страница 629: ...oup is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a p...

Страница 630: ...ering the same IP address for the start and end of the range PARAMETERS These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the...

Страница 631: ...and set its access mode 5 Click Apply Figure 372 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step li...

Страница 632: ...h to display this information Figure 375 Showing the Groups Assigned to an IGMP Filtering Profile CONFIGURING IGMP FILTERING AND THROTTLING FOR INTERFACES Use the Multicast IGMP Snooping Filter Config...

Страница 633: ...mber of multicast groups an interface can join at the same time Range 1 1023 Default 1023 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode...

Страница 634: ...ry and report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same time CONFIGURING MLD...

Страница 635: ...e multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10 seconds This attribute controls how long the host...

Страница 636: ...d immediate leave is enabled for the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave mess...

Страница 637: ...REFERENCES ipv6 mld snooping vlan mrouter on page 1245 COMMAND USAGE MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 634 before a multica...

Страница 638: ...Select the VLAN for which to display this information Figure 380 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multicas...

Страница 639: ...ace in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN PARAMETERS These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast s...

Страница 640: ...3 Select the VLAN for which to display this information Figure 383 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Страница 641: ...Filter Mode The filter mode is used to summarize the total listening state of a multicast address to a minimum set such that all nodes listening states are respected In Include mode the router only u...

Страница 642: ...h as television channels or video on demand across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all attached subscribers This protocol can significantly reduce to...

Страница 643: ...up to the participating interfaces see Assigning Static MVR Multicast Groups to Interfaces on page 652 Although MVR operates on the underlying mechanism of IGMP snooping the two features operate indep...

Страница 644: ...port and leave messages it only forwards them to other source ports When receiver ports receive any query messages they are dropped When changes occurring in the downstream MVR groups are learned by t...

Страница 645: ...a domain The multicast streams are sent to all source ports on the switch and to all receiver ports that have elected to receive data on that multicast address Dynamic When dynamic mode is enabled th...

Страница 646: ...VLAN see Adding Static Members to VLANs on page 198 but MVR receiver ports should not be manually configured as members of this VLAN Default 1 MVR Running Status Indicates whether or not all necessar...

Страница 647: ...Associate Profile pages to assign the multicast group address for required services to one or more MVR domains CLI REFERENCES MVR for IPv4 on page 1258 COMMAND USAGE Use the Configure Profile page to...

Страница 648: ...icast group Range 224 0 1 0 239 255 255 255 Associate Profile Domain ID An independent multicast domain Range 1 5 Profile Name The name of a profile to be assigned to this domain Range 1 21 characters...

Страница 649: ...To assign an MVR group address profile to a domain 1 Click Multicast MVR 2 Select Associate Profile from the Step list 3 Select Add from the Action list 4 Select a domain from the scroll down list and...

Страница 650: ...eave multicast groups within an MVR VLAN Multicast groups can also be statically assigned to a receiver port see Assigning Static MVR Multicast Groups to Interfaces on page 652 Receiver ports should n...

Страница 651: ...configured as an receiver port will be dynamically added to the MVR VLAN when it forwards an IGMP report or join message from an attached host requesting any of the designated multicast services supp...

Страница 652: ...SIGNING STATIC MVR MULTICAST GROUPS TO INTERFACES Use the Multicast MVR Configure Static Group Member page to statically bind multicast groups to a port which will receive long term multicast streams...

Страница 653: ...signed from the MVR group range configured on the Configure General page WEB INTERFACE To assign a static MVR group to an interface 1 Click Multicast MVR 2 Select Configure Static Group Member from th...

Страница 654: ...RS These parameters are displayed Domain ID An independent multicast domain Range 1 5 Group IP Address Multicast groups assigned to the MVR VLAN VLAN The VLAN through which the service is received Not...

Страница 655: ...play MVR protocol related statistics for the specified interface CLI REFERENCES show mvr statistics on page 1275 PARAMETERS These parameters are displayed Domain ID An independent multicast domain Ran...

Страница 656: ...ce G Query The number of general query messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The numb...

Страница 657: ...r IPv4 657 WEB INTERFACE To display statistics for MVR query related messages 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Query Statistics from the Action list 4 Se...

Страница 658: ...IPv4 658 To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR dom...

Страница 659: ...r similar to that described for MRV see Multicast VLAN Registration for IPv4 on page 642 COMMAND USAGE General Configuration Guidelines for MVR6 1 Enable MVR6 for a domain on the switch and select the...

Страница 660: ...uter interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptions on the downstream interface Receiver ports must therefore be configured on...

Страница 661: ...efault the switch forwards any multicast streams within the address range set by a profile and bound to a domain The multicast streams are sent to all source ports on the switch and to all receiver po...

Страница 662: ...the channel for streaming multicast services using MVR6 MVR6 source ports should be configured as members of the MVR6 VLAN see Adding Static Members to VLANs on page 198 but MVR6 receiver ports should...

Страница 663: ...eros required to fill the undefined fields Note that the IP address ff02 X is reserved WEB INTERFACE To configure settings for an MVR6 domain 1 Click Multicast MVR6 2 Select Configure Domain from the...

Страница 664: ...nge assigned to a profile cannot overlap with the group address range of any other profile MRV6 domains can be associated with more than one MVR6 profile But since MVR6 domains cannot share the group...

Страница 665: ...p Address Profile To show the configured MVR6 group address profiles 1 Click Multicast MVR6 2 Select Configure Profile from the Step list 3 Select Show from the Action list Figure 403 Displaying MVR6...

Страница 666: ...ached to an interface is receiving multicast services you can enable the immediate leave function CLI REFERENCES MVR for IPv6 on page 1277 COMMAND USAGE A port configured as an MVR6 receiver or source...

Страница 667: ...determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only be enabled on a...

Страница 668: ...ve an interface from a multicast stream as soon as it receives a leave message for that group This option only applies to an interface configured as an MVR6 receiver WEB INTERFACE To configure interfa...

Страница 669: ...te the appropriate number of zeros required to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 VLAN cannot be specified as the receiver VLAN for static bindings PARAMETE...

Страница 670: ...5 Select the port or trunk for which to display this information Figure 408 Showing the Static MVR6 Groups Assigned to a Port DISPLAYING MVR6 RECEIVER GROUPS Use the Multicast MVR6 Show Member page t...

Страница 671: ...been forwarded to attached clients Expire Time before this entry expires if no membership report is received from currently active or new clients Count The number of multicast services currently being...

Страница 672: ...ce Number of Reports Sent The number of reports sent from this interface Number of Leaves Sent The number of leaves sent from this interface VLAN Port and Trunk Statistics Input Statistics Report The...

Страница 673: ...The number of general query messages sent from this interface G S S Query The number of group specific or group and source specific query messages sent from this interface WEB INTERFACE To display sta...

Страница 674: ...Pv6 674 To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action list 4 Select an MVR6 do...

Страница 675: ...Pv6 675 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 do...

Страница 676: ...CHAPTER 17 Multicast Filtering Multicast VLAN Registration for IPv6 676...

Страница 677: ...n page 773 Remote Monitoring Commands on page 795 Authentication Commands on page 809 General Security Measures on page 873 Access Control Lists on page 951 Interface Commands on page 975 Link Aggrega...

Страница 678: ...1169 Quality of Service Commands on page 1183 Multicast Filtering Commands on page 1203 LLDP Commands on page 1295 CFM Commands on page 1319 OAM Commands on page 1361 Domain Name Service Commands on...

Страница 679: ...onsole prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the C...

Страница 680: ...254 Console config If your corporate network is connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isol...

Страница 681: ...each command in the required order For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that req...

Страница 682: ...n dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First Mile feature erps Displays ERPS configuration...

Страница 683: ...traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users logged in version System hardware and software ver...

Страница 684: ...n effect for all applicable commands USING COMMAND HISTORY The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow k...

Страница 685: ...ode by entering the enable command followed by the privileged level password super To enter Privileged Exec mode enter the following user names and passwords Username admin Password admin login passwo...

Страница 686: ...examining end to end connections between Provider Edge devices or between Customer Edge devices Class Map Configuration Creates a DiffServ class map for a specified traffic type ERPS Configuration Th...

Страница 687: ...ig Table 42 Configuration Command Modes Mode Command Prompt Page Access Control List access list arp access list ip standard access list ip extended access list ipv6 standard access list ipv6 extended...

Страница 688: ...tart of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor...

Страница 689: ...traffic for clients attached to common data ports and prevents unauthorized access by configuring valid static or dynamic addresses web authentication MAC address authentication filtering DHCP request...

Страница 690: ...Differentiated Services 1183 Multicast Filtering Configures IGMP multicast filtering query profile and proxy parameters specifies ports attached to a multicast router also configures multicast VLAN r...

Страница 691: ...estarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history bu...

Страница 692: ...hich to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to reload Range 1 31 year The year at wh...

Страница 693: ...e you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands display additiona...

Страница 694: ...Exec COMMAND USAGE The quit and exit commands can both exit the configuration program EXAMPLE This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verific...

Страница 695: ...tory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config confi...

Страница 696: ...ed to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console RELATED COMMANDS enable 693 reload Privileged Exec This command restarts the system NOT...

Страница 697: ...ays 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration Interface Configuration Line Configuration VLAN Databa...

Страница 698: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 699: ...gers and version information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the serial port includi...

Страница 700: ...is automatically displayed before login as soon as a console or telnet connection has been established Table 48 Banner Commands Command Function Mode banner configure Configures the banner informatio...

Страница 701: ...ted If for example a mistake is made in the company name it can be corrected with the banner configure company command EXAMPLE Console config banner configure Company Edge Core Networks Responsible de...

Страница 702: ...e company information displayed in the banner Use the no form to remove the company name from the banner display SYNTAX banner configure company name no banner configure company name The name of the c...

Страница 703: ...COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or ot...

Страница 704: ...YNTAX banner configure equipment info manufacturer id mfr id floor floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufac...

Страница 705: ...None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The banner configure equipment location command interprets spaces as data input boundaries The use of undersco...

Страница 706: ...igure lp number This command is used to configure the LP number information displayed in the banner Use the no form to restore the default setting SYNTAX banner configure lp number lp num no banner co...

Страница 707: ...mber The phone number of the third manager Maximum length of each parameter 32 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Input strings cannot contain spaces The b...

Страница 708: ...e no form to restore the default setting SYNTAX banner configure note note info no banner configure note note info Miscellaneous information that does not fit the other banner categories or any other...

Страница 709: ...on describes commands used to display system information Table 49 System Status Commands Command Function Mode show access list tcam utilization Shows utilization parameters for TCAM PE show memory Sh...

Страница 710: ...er rule for a port the system will also use two PCEs EXAMPLE Console show access list tcam utilization Total Policy Control Entries 1024 Free Policy Control Entries 836 Entries Used by System 188 Entr...

Страница 711: ...lization in the past 60 seconds Average Utilization 16 Maximum Utilization 19 Alarm Status Current Alarm Status Off Last Alarm Start Time Sep 26 01 39 04 2011 Last Alarm Duration Time 4 seconds Alarm...

Страница 712: ...panning tree instances name and interfaces IP address configured for management VLAN Interface settings Any configured settings for the console port and Telnet EXAMPLE Console show running config Buil...

Страница 713: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for the switch SNMP community stri...

Страница 714: ...ailed list of system settings designed to help technical support resolve configuration or functional problems COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command generates a long list...

Страница 715: ...ounts User Name Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online Users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH...

Страница 716: ...Operation Code Version 1 4 0 0 Console show watchdog This command shows if watchdog debugging is enabled COMMAND MODE Privileged Exec EXAMPLE Console show watchdog Software Watchdog Information Status...

Страница 717: ...frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination...

Страница 718: ...a new file name and then set as the startup file or the current startup configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg...

Страница 719: ...OM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE...

Страница 720: ...ning configuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certificate Keyword that allows you to copy the HTTPS secure site...

Страница 721: ...command When logging into an FTP server the interface prompts for a user name and password configured on the remote server Note that anonymous is set as the default user name EXAMPLE The following exa...

Страница 722: ...s example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19 So...

Страница 723: ...word indicating a file filename Name of configuration file or code image public key Keyword that allows you to delete a SSH key on the switch See Secure Shell on page 838 username Name of an SSH user...

Страница 724: ...tem displays all files File information is shown below EXAMPLE The following example shows how to display all file information Console dir File Name Type Startup Modify Time Size bytes ES3528MV2_V1 3...

Страница 725: ...10 04 10 46 20 1580 Console Automatic Code Upgrade Commands upgrade opcode auto This command automatically upgrades the current operational code when a new version is detected on the server indicated...

Страница 726: ...nning config or show startup config commands EXAMPLE Console config upgrade opcode auto Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config If a new image is found at the specified...

Страница 727: ...e following syntax must be used where filedir indicates the path to the directory containing the new image ftp username password 192 168 0 1 filedir If the user name is omitted anonymous will be used...

Страница 728: ...port or Telnet i e a virtual terminal Table 53 Line Commands Command Function Mode line Identifies a specific line for configuration and starts the line configuration mode GC accounting exec Applies...

Страница 729: ...mode enter the following command Console config line console Console config line RELATED COMMANDS show line 738 show users 715 silent time Sets the amount of time the management console is inaccessibl...

Страница 730: ...nput from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character EXAMPLE To specify 7 d...

Страница 731: ...local Selects local password checking Authentication is based on the user name specified with the username command DEFAULT SETTING login local COMMAND MODE Line Configuration COMMAND USAGE There are t...

Страница 732: ...TED COMMANDS username 811 password 733 parity This command defines the generation of a parity bit Use the no form to restore the default setting SYNTAX parity none even odd no parity none No parity ev...

Страница 733: ...ction the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect p...

Страница 734: ...time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down EXAMPLE To set the passwor...

Страница 735: ...inal speeds Use the no form to restore the default setting SYNTAX speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps DEFAULT SETTING 115200 bps COMMAND MODE...

Страница 736: ...d sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default setting SYNTAX timeout login response seconds no timeout login response seconds Integer...

Страница 737: ...connect an SSH or Telnet connection EXAMPLE Console disconnect 1 Console RELATED COMMANDS show ssh 847 show users 715 terminal This command configures terminal settings including escape character line...

Страница 738: ...Type VT100 Width 80 COMMAND MODE Privileged Exec EXAMPLE This example sets the number of lines displayed by commands with lengthy output such as show running config to 48 lines Console terminal length...

Страница 739: ...s Use the no form to return the type to the default SYNTAX logging facility type no logging facility type A number that indicates the facility used by the syslog server to dispatch log messages to an...

Страница 740: ...ault level SYNTAX logging history flash ram level no logging history flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flus...

Страница 741: ...ress that will receive logging messages Use the no form to remove a syslog server host SYNTAX no logging host host ip address host ip address The IP address of a syslog server DEFAULT SETTING None COM...

Страница 742: ...ing trap This command enables the logging of system messages to a remote server or limits the syslog messages saved to a remote server based on severity Use this command without a specified level to e...

Страница 743: ...tory stored in temporary RAM i e memory flushed on power reset DEFAULT SETTING Flash and RAM COMMAND MODE Privileged Exec EXAMPLE Console clear log Console RELATED COMMANDS show log 743 show log This...

Страница 744: ...is command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server SYNTAX show logging flash ram sendmail trap flash Displ...

Страница 745: ...nd History Logging in Flash The message level s reported based on the logging history command History Logging in RAM The message level s reported based on the logging history command Table 57 show log...

Страница 746: ...ill be sent alert messages Use the no form to remove an SMTP server SYNTAX no logging sendmail host ip address ip address IPv4 or IPv6 address of an SMTP server that will be sent alert messages for ev...

Страница 747: ...n If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection EXAMPLE Console config logging sendmail host...

Страница 748: ...ers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient EX...

Страница 749: ...resses ted this company com SMTP Source E mail Address bill this company com SMTP Status Enabled Console TIME The system clock can be dynamically set by polling a set of specified time servers NTP or...

Страница 750: ...interval set via the sntp poll command NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables the NTP clien...

Страница 751: ...0 0 0 0 0 0 Current Server 137 92 140 80 Console RELATED COMMANDS sntp server 752 sntp poll 751 show sntp 752 sntp poll This command sets the interval between sending time requests when the switch is...

Страница 752: ...servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchron...

Страница 753: ...that reliable updates are received from only authorized NTP servers The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clien...

Страница 754: ...t NTP authentication key numbers and values must match on both the server and client NTP authentication is optional When enabled with the ntp authenticate command you must also configure at least one...

Страница 755: ...the servers to which NTP time requests are issued Use the no form of the command to clear a specific time server or all servers from the current list SYNTAX ntp server ip address key key number no ntp...

Страница 756: ...current time and configuration settings for the NTP client and indicates whether or not the local time has been properly updated COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE This command di...

Страница 757: ...l begin b hour The hour summer time will begin Range 0 23 hours b minute The minute summer time will begin Range 0 59 minutes e date Day of the month when summer time will end Range 1 31 e month The m...

Страница 758: ...form to disable summer time SYNTAX clock summer time name predefined australia europe new zealand usa no clock summer time name Name of the timezone while summer time is in effect usually an acronym R...

Страница 759: ...en summer time will begin Range 1 5 b day The day of the week when summer time will begin Options sunday monday tuesday wednesday thursday friday saturday b month The month when summer time will begin...

Страница 760: ...gs Time DST Typically clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn This command sets the summer time time zone relative to the currently configured...

Страница 761: ...a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC EXAMPLE Console config clock timezone Japan hours 8 minute...

Страница 762: ...ileged Exec EXAMPLE Console show calendar Current Time Aug 23 11 51 23 2012 Time Zone UTC 00 00 Summer Time MESZ Australia region Summer Time in Effect No Console TIME RANGE This section describes the...

Страница 763: ...ccess Control Lists EXAMPLE Console config time range r d Console config time range RELATED COMMANDS Access Control Lists 951 absolute This command sets the time range for the execution of a command U...

Страница 764: ...ngle occurrence of an event Console config time range r d Console config time range absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console config time range periodic This command sets the time r...

Страница 765: ...ent time is within the absolute time range and one of the periodic time ranges EXAMPLE This example configures a time range for the periodic occurrence of an event Console config time range sales Cons...

Страница 766: ...Candidates or active Members through VLAN 4093 Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate swit...

Страница 767: ...k Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Switch clusters are limited to the same Ethernet broad...

Страница 768: ...pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x DEFAULT SETTING 10 254 254 1 COMMAND MODE Global Confi...

Страница 769: ...tion COMMAND USAGE The maximum number of cluster Members is 36 The maximum number of cluster Candidates is 100 EXAMPLE Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config r...

Страница 770: ...OMMAND MODE Privileged Exec EXAMPLE Console show cluster Role commander Interval Heartbeat 30 Heartbeat Loss Count 3 seconds Number of Members 1 Number of Candidates 2 Console show cluster members Thi...

Страница 771: ...dates This command shows the discovered Candidate switches in the network COMMAND MODE Privileged Exec EXAMPLE Console show cluster candidates Cluster Candidates Role MAC Address Description Active me...

Страница 772: ...CHAPTER 20 System Management Commands Switch Clustering 772...

Страница 773: ...s up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Displays t...

Страница 774: ...n multicast traffic exceeds the upper threshold for automatic storm control IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper thre...

Страница 775: ...nity string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number o...

Страница 776: ...tact string Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length...

Страница 777: ...input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication E...

Страница 778: ...page 1319 mac notification Keyword to issue trap when a dynamic MAC address is added or removed interval Specifies the interval between issuing two consecutive traps Range 0 3600 seconds Default 1 se...

Страница 779: ...the host the targeted recipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for version 2c and...

Страница 780: ...mp server host command for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled Notif...

Страница 781: ...ing is interpreted as an SNMP user name The user name must first be defined with the snmp server user command Otherwise an SNMPv3 group will be automatically created by the snmp server host command us...

Страница 782: ...Range 1 8 COMMAND MODE Privileged Exec EXAMPLE Console show snmp server enable port traps interface Interface MAC Notification Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine...

Страница 783: ...en the switch and a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need...

Страница 784: ...write access 1 32 characters notifyview Defines the view for notifications 1 32 characters DEFAULT SETTING Default groups public15 read only private16 read write readview Every object belonging to the...

Страница 785: ...remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha...

Страница 786: ...emote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote...

Страница 787: ...nsole config This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp engine...

Страница 788: ...ype volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1...

Страница 789: ...ption Field Description groupname Name of an SNMP group security model The SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view stor...

Страница 790: ...the specified notification log SYNTAX no nlm filter name filter name Notification log name Range 1 32 characters DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE Notification l...

Страница 791: ...host parameter is only required to complete mandatory fields in the SNMP Notification MIB DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Systems that support SNMP often need a m...

Страница 792: ...ation log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the entry aging time can only be configured using SNMP from a network ma...

Страница 793: ...X memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 falling threshold...

Страница 794: ...in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 DEFAULT SETTING Rising Threshold 90 Falling Threshold 70 COMMAND MODE Globa...

Страница 795: ...Event and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent the...

Страница 796: ...alue and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483647 event index The index of the event to use if an alarm is triggered I...

Страница 797: ...ndex index Index to this entry Range 1 65535 log Generates an RMON log entry when the event is triggered Log messages are processed based on the current configuration settings for event logging see Ev...

Страница 798: ...he polling interval Range 1 3600 seconds name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 28 Buckets 50 Interval 30...

Страница 799: ...24 interval 60 Console config if rmon collection rmon1 This command enables the collection of statistics on a physical interface Use the no form to disable statistics collection SYNTAX rmon collection...

Страница 800: ...t 0 show rmon events This command shows the settings for all configured events COMMAND MODE Privileged Exec EXAMPLE Console show rmon events Event 2 is valid owned by mike Description is urgent Event...

Страница 801: ...entries in the statistics group COMMAND MODE Privileged Exec EXAMPLE Console show rmon statistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372...

Страница 802: ...CHAPTER 22 Remote Monitoring Commands 802...

Страница 803: ...of this chapter all refer to a remote server capable of receiving the sFlow datagrams generated by the sFlow agent of the switch sflow owner This command creates an sFlow collector on the switch Use...

Страница 804: ...version v4 v5 Sends either v4 or v5 sFlow datagrams to the receiver DEFAULT SETTING No owner is configured UDP Port 6343 Version v4 Maximum Datagram Size 1400 bytes COMMAND MODE Privileged Exec COMMA...

Страница 805: ...he samples will be taken at specified intervals and sent to a collector ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 instance id An instance ID used to identify the sampling...

Страница 806: ...source Range 1 owner name The associated receiver to which the samples will be sent Range 1 30 alphanumeric characters sample rate The packet sampling rate or the number of packets out of which one s...

Страница 807: ...30 alphanumeric characters interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE Console show sflow interface ethernet 1 2 Receiver Owne...

Страница 808: ...CHAPTER 23 Flow Sampling Commands 808...

Страница 809: ...cified command groups or individual commands Authentication Sequence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS...

Страница 810: ...sword no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password Password for this privilege level...

Страница 811: ...ies or changes a user s access level Use the no form to remove a user name SYNTAX username name access level level nopassword password 0 7 password no username name name The name of the user Maximum l...

Страница 812: ...mode all level level command no privilege mode all command mode The configuration mode containing the specified command See Understanding Command Modes on page 684 and Configuration Commands on page...

Страница 813: ...vileged Exec EXAMPLE This example shows the privilege level for any command modified by the privilege command Console show privilege command privilege line all level 0 accounting privilege exec level...

Страница 814: ...ly the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level...

Страница 815: ...the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user nam...

Страница 816: ...e the default SYNTAX radius server acct port port number no radius server acct port port number RADIUS server UDP port used for accounting messages Range 1 65535 DEFAULT SETTING 1813 COMMAND MODE Glob...

Страница 817: ...restore the default values SYNTAX no radius server index host host ip address acct port acct port auth port auth port key key retransmit retransmit timeout timeout index Allows you to specify up to f...

Страница 818: ...erver key key string no radius server key key string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters DEFAULT SETTING None...

Страница 819: ...imeout number of seconds no radius server timeout number of seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 DEFAULT SETTING 5 COMMAND MODE Global Config...

Страница 820: ...management access to a switch tacacs server host This command specifies the TACACS server and other optional parameters Use the no form to remove the server or to restore the default values SYNTAX tac...

Страница 821: ...equest Range 1 540 DEFAULT SETTING authentication port 49 timeout 5 seconds retransmit 2 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server 1 host 192 168 1 25 port 181 timeout 10...

Страница 822: ...TING 49 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server port 181 Console config tacacs server retransmit This command sets the number of retries Use the no form to restore the d...

Страница 823: ...ng a request Range 1 540 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config tacacs server timeout 10 Console config show tacacs server This command displays the current setting...

Страница 824: ...unting from starting point and stopping point Table 76 AAA Commands Command Function Mode aaa accounting commands Enables accounting of Exec mode commands GC aaa accounting dot1x Enables accounting of...

Страница 825: ...nting method s configured on the specified TACACS server and do not actually send any information to the server about the methods to use EXAMPLE Console config aaa accounting commands 15 default start...

Страница 826: ...counting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to use EXAMPLE Console config aaa accounting dot1x defa...

Страница 827: ...ethod name fields are only used to describe the accounting method s configured on the specified RADIUS or TACACS servers and do not actually send any information to the servers about the methods to us...

Страница 828: ...64 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configured with the tacacs server host command server group Specifies the name of a server group configured wit...

Страница 829: ...XAMPLE Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Страница 830: ...d list created with the aaa accounting dot1x command DEFAULT SETTING None COMMAND MODE Interface Configuration EXAMPLE Console config interface ethernet 1 2 Console config if accounting dot1x tps Cons...

Страница 831: ...a method list created with the aaa accounting exec command DEFAULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting exec tps Console con...

Страница 832: ...dot1x statistics username user name interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable com...

Страница 833: ...form to use the default port SYNTAX ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 65535 DEFAULT SETTING 80 COMMAND MODE Global Configura...

Страница 834: ...833 show system 713 ip http secure port This command specifies the UDP port number used for HTTPS connection to the switch s web interface Use the no form to restore the default port SYNTAX ip http se...

Страница 835: ...ervice can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specif...

Страница 836: ...connection can be made from this switch to another device by entering the telnet command at the Privileged Exec configuration level Table 78 HTTPS System Support Web Browser Operating System Internet...

Страница 837: ...obal Configuration COMMAND USAGE A maximum of eight sessions can be concurrently opened for Telnet and Secure Shell i e both Telnet and SSH share a maximum number or eight sessions EXAMPLE Console con...

Страница 838: ...xec EXAMPLE Console show ip telnet IP Telnet Configuration Telnet Status Enabled Telnet Service Port 23 Telnet Max Session 4 Console SECURE SHELL This section describes the commands used to configure...

Страница 839: ...own hosts file on the management station and place the host public key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 156849954...

Страница 840: ...arameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the ip ssh server command to enable the SSH server on the switch 6 Authentication...

Страница 841: ...ifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives thi...

Страница 842: ...ports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions The SSH server uses DSA or RSA for key exchange when the client first esta...

Страница 843: ...client and is fixed at 1024 bits EXAMPLE Console config ip ssh server key size 512 Console config ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the...

Страница 844: ...e rsa RSA public key type DEFAULT SETTING Deletes both the DSA and RSA key COMMAND MODE Privileged Exec EXAMPLE Console delete public key admin dsa Console ip ssh crypto host key generate This command...

Страница 845: ...n method with the client trying to connect to it EXAMPLE Console ip ssh crypto host key generate dsa Console RELATED COMMANDS ip ssh crypto zeroize 845 ip ssh save host key 846 ip ssh crypto zeroize T...

Страница 846: ...dsa Console RELATED COMMANDS ip ssh crypto host key generate 844 show ip ssh This command displays the connection settings used when authenticating client access to the SSH server COMMAND MODE Privile...

Страница 847: ...02149888661921595568598879891919505883940181387440468908779160305837768 185490002831341625008348718449522087429212255691665655296328163516964040831 5547660664151657116381 DSA ssh dss AAAB3NzaC1kc3MAAA...

Страница 848: ...Authenticator Commands dot1x intrusion action Sets the port response to intrusion when authentication fails IC dot1x max reauth req Sets the maximum number of times that the switch sends an EAP reques...

Страница 849: ...tion the dot1x eapol pass through command can be used to forward EAPOL frames from Supplicant Commands dot1x identity profile Configures dot1x supplicant user name and password GC dot1x max start Sets...

Страница 850: ...e config dot1x eapol pass through Console config dot1x system auth control This command enables IEEE 802 1X port authentication globally on the switch Use the no form to restore the default SYNTAX no...

Страница 851: ...s that the switch sends an EAP request identity frame to the client before restarting the authentication process Use the no form to restore the default SYNTAX dot1x max reauth req count no dot1x max r...

Страница 852: ...for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 mac based Allows multiple hosts to connect to this port with each host needing to be...

Страница 853: ...he port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise DEFAULT force authorized COM...

Страница 854: ...ort waits after the maximum request count see page 851 has been exceeded before attempting to acquire a new client Use the no form to reset the default SYNTAX dot1x timeout quiet period seconds no dot...

Страница 855: ...ut supp timeout seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration COMMAND USAGE This command sets the timeout for EAP request frames other than EAP re...

Страница 856: ...h 1 2 Console config if dot1x timeout tx period 300 Console config if dot1x re authenticate This command forces re authentication on all ports or a specific interface SYNTAX dot1x re authenticate inte...

Страница 857: ...nd password are used to identify this switch as a supplicant when responding to an MD5 challenge from the authenticator These parameters must be set when this switch passes client authentication reque...

Страница 858: ...command on page 857 which identify this switch as a supplicant and enable dot1x supplicant mode for those ports which must authenticate clients through a remote authenticator using this command In th...

Страница 859: ...upplicant waits for a response from the authenticator for packets other than EAPOL Start EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout auth period 60 Console config if dot1x...

Страница 860: ...config if dot1x timeout start period 60 Console config if Information Display Commands show dot1x This command shows general port authentication related settings on the switch or a specific interface...

Страница 861: ...transmitting EAP packet page 856 Supplicant Timeout Supplicant timeout Server Timeout Server timeout A RADIUS server must be set before the correct operational value of 10 seconds will be displayed i...

Страница 862: ...ummary Port Type Operation Mode Control Mode Authorized Eth 1 1 Disabled Single Host Force Authorized Yes Eth 1 2 Disabled Single Host Force Authorized Yes Eth 1 27 Disabled Single Host Force Authoriz...

Страница 863: ...ttp client Adds IP address es to the web group snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group start address A single IP address or the starting a...

Страница 864: ...s EXAMPLE This example restricts management access to the indicated addresses Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console s...

Страница 865: ...e Agent Commands Command Function Mode pppoe intermediate agent Enables the PPPoE IA globally on the switch GC pppoe intermediate agent format type Sets the access node identifier and generic error me...

Страница 866: ...g the pppoe intermediate agent port enable command EXAMPLE Console config pppoe intermediate agent Console config pppoe intermediate agent format type This command sets the access node identifier and...

Страница 867: ...erface Configuration Ethernet Port Channel COMMAND USAGE PPPoE IA must also be enabled globally on the switch for this command to tack effect EXAMPLE Console config int ethernet 1 5 Console config if...

Страница 868: ...g the switch or access node where the intermediate agent resides Outgoing PAD Offer PADO and Session confirmation PADS packets sent from the PPPoE Server include the Circuit Id tag inserted by the swi...

Страница 869: ...Configuration Ethernet Port Channel COMMAND USAGE This command only applies to trusted interfaces It is used to strip off vendor specific tags which carry subscriber and line identification informati...

Страница 870: ...t info PPPoE Intermediate Agent Global Status Enabled PPPoE Intermediate Agent Admin Access Node Identifier 192 168 0 2 PPPoE Intermediate Agent Oper Access Node Identifier 192 168 0 2 PPPoE Intermedi...

Страница 871: ...1 Eth 1 1 statistics Received All PADI PADO PADR PADS PADT 3 0 0 0 0 3 Dropped Response from untrusted Request towards untrusted Malformed 0 0 0 Console Table 85 show pppoe intermediate agent statisti...

Страница 872: ...CHAPTER 24 Authentication Commands PPPoE Intermediate Agent 872...

Страница 873: ...figures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control List...

Страница 874: ...and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enab...

Страница 875: ...nsole config interface ethernet 1 2 Console config if no mac learning Console config if RELATED COMMANDS show interfaces status 987 port security This command enables or configures port security Use t...

Страница 876: ...ddress pairs source MAC address VLAN for frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additiona...

Страница 877: ...t interface ethernet unit port unit This is unit 1 port Port number Range 1 28 COMMAND MODE Privileged Exec EXAMPLE This example shows the switch saving the MAC addresses learned by port security on e...

Страница 878: ...eld is configured by the network access port mac filter command If this field displays Disabled then any unknown source MAC address can be learned as a secure MAC address If it displays a filter ident...

Страница 879: ...ific MAC address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RADIUS server While authentication for a MAC address is in progress all traffic is...

Страница 880: ...work access link detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac count Sets the maximum number of MAC ad...

Страница 881: ...es a MAC address filter table Range 1 64 mac address Specifies a MAC address entry Format xx xx xx xx xx xx mask Specifies a MAC address bit mask for a range of addresses DEFAULT SETTING Disabled COMM...

Страница 882: ...tion time is a global setting and applies to all ports When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process...

Страница 883: ...onfiguration file EXAMPLE The following example enables the dynamic QoS feature on port 1 Console config interface ethernet 1 1 Console config if network access dynamic qos Console config if network a...

Страница 884: ...untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table EXAMPLE The following example enables dynamic VLAN...

Страница 885: ...ig interface ethernet 1 1 Console config if network access link detection Console config if network access link detection link down Use this command to detect link down events When detected the switch...

Страница 886: ...hutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND MODE Interface Configuration EXAMPLE Console...

Страница 887: ...a port interface via all forms of authentication Use the no form of this command to restore the default SYNTAX network access max mac count count no network access max mac count count The maximum num...

Страница 888: ...aging time expires The maximum number of secure MAC addresses supported for the switch system is 1024 Configured static MAC addresses are added to the secure address table when seen on a switch port S...

Страница 889: ...s filter table can be configured with the network access mac filter command Only one filter table can be assigned to a port EXAMPLE Console config interface ethernet 1 1 Console config if network acce...

Страница 890: ...Interface Configuration EXAMPLE Console config if mac authentication max mac count 32 Console config if clear network access Use this command to clear entries from the secure MAC addresses table SYNT...

Страница 891: ...NG Displays the settings for all interfaces COMMAND MODE Privileged Exec EXAMPLE Console show network access interface ethernet 1 1 Global secure port information Reauthentication Time 1800 MAC Addres...

Страница 892: ...ange 1 port Port number Range 1 28 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When using a bit mask...

Страница 893: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user nam...

Страница 894: ...ole config web auth system auth control Enables web authentication globally for the switch GC web auth Enables web authentication for an interface IC web auth re authenticate Port Ends all web authent...

Страница 895: ...MODE Global Configuration EXAMPLE Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid W...

Страница 896: ...and web auth for an interface must be enabled for the web authentication feature to be active EXAMPLE Console config web auth system auth control Console config web auth This command enables web auth...

Страница 897: ...OMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the des...

Страница 898: ...mpts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics SYNTAX show web auth interface interface interface Specifies a port interfa...

Страница 899: ...y GC ip dhcp snooping information option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ip dhcp snooping information policy Sets the informat...

Страница 900: ...namic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and port identifier When DHCP snoo...

Страница 901: ...is not a recognizable type it is dropped If a DHCP packet from a client passes the filtering criteria above it will only be forwarded to trusted ports in the same VLAN If a DHCP packet is from server...

Страница 902: ...for the DHCP snooping agent that is the MAC address of the switch s CPU ip address Inserts an IP address in the remote ID sub option for the DHCP snooping agent that is the IP address of the manageme...

Страница 903: ...th option 82 information enabling the DHCP snooping information option will remove option 82 information from the packet DHCP Snooping Information Option 82 and DHCP Relay Information Option 82 see pa...

Страница 904: ...ch for DHCP snooping Use the no form to restore the default setting SYNTAX ip dhcp snooping limit rate rate no dhcp snooping limit rate rate The maximum number of DHCP packets that may be trapped for...

Страница 905: ...form to restore the default setting SYNTAX no ip dhcp snooping vlan vlan id vlan id ID of a configured VLAN Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE When D...

Страница 906: ...thernet Port Channel COMMAND USAGE DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server DHCP Option 82 allows compatible DHCP servers to use...

Страница 907: ...ce ethernet 1 1 Console config if ip dhcp snooping information option circuit id string mv2 Console config if ip dhcp snooping trust This command configures the specified interface as trusted Use the...

Страница 908: ...dhcp snooping trust Console config if RELATED COMMANDS ip dhcp snooping 900 ip dhcp snooping vlan 905 clear ip dhcp snooping binding This command clears DHCP snooping binding table entries from RAM Us...

Страница 909: ...rom flash memory will no longer be valid EXAMPLE Console config ip dhcp snooping database flash Console config show ip dhcp snooping This command shows the DHCP snooping configuration settings COMMAND...

Страница 910: ...snooping Enables DHCPv6 snooping globally GC ipv6 dhcp snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy Sets the info...

Страница 911: ...d via DHCPv6 snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IPv6 address lease time binding type VLAN identifier and port identifier When DHCPv6 snoop...

Страница 912: ...yes continue to C If not check failed and forward packet to trusted port C Check status code in IA option If successful and entry is in binding table update lease time and forward to original destinat...

Страница 913: ...relay mechanism for sending information about the switch and its DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning...

Страница 914: ...information in DHCPv6 client request packets the switch s MAC address hexadecimal is used for the remote ID EXAMPLE This example enables the DHCPv6 Snooping Remote ID Option Console config ipv6 dhcp...

Страница 915: ...pv6 dhcp snooping vlan This command enables DHCPv6 snooping on the specified VLAN Use the no form to restore the default setting SYNTAX no ipv6 dhcp snooping vlan vlan id vlan range vlan id ID of a co...

Страница 916: ...tored in the binding database for an interface Use the no form to restore the default setting SYNTAX ipv6 dhcp snooping max binding count no ipv6 dhcp snooping max binding count Maximum number of entr...

Страница 917: ...g trust command When an untrusted port is changed to a trusted port all the dynamic DHCPv6 snooping bindings associated with this port are removed Additional considerations when the switch itself is a...

Страница 918: ...DHCPv6 Snooping remote id option status disabled DHCPv6 Snooping remote id policy drop DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max binding Current binding Eth 1 1 No...

Страница 919: ...he IPv4 Source Guard table or dynamic entries in the DHCPv4 Snooping table when enabled see DHCPv4 Snooping on page 899 IPv4 source guard can be used to prevent traffic attacks caused when a host trie...

Страница 920: ...EFAULT SETTING No configured entries COMMAND MODE Global Configuration COMMAND USAGE If the binding mode is not specified in this command the entry is bound to the ACL table by default Table entries i...

Страница 921: ...ple configures a static source guard binding on port 5 Since the binding mode is not specified the entry is bound to the ACL table by default Console config ip source guard binding 11 22 33 44 55 66 v...

Страница 922: ...ed with an infinite lease time Dynamic entries learned via DHCP snooping are configured by the DHCP server itself If the IP source guard is enabled an inbound packet s IP address sip option or both it...

Страница 923: ...es for addresses in the ACL table mac Searches for addresses in the MAC address table number The maximum number of IP addresses that can be mapped to an interface in the binding table Range 1 5 for AC...

Страница 924: ...net EXAMPLE This command sets the binding table mode for the specified interface to MAC mode Console config interface ethernet 1 5 Console config if ip source guard mode mac Console config if clear ip...

Страница 925: ...Eth 1 4 DISABLED ACL 5 1024 Eth 1 5 DISABLED ACL 5 1024 show ip source guard binding This command shows the source guard binding table SYNTAX show ip source guard binding dhcp snooping static acl mac...

Страница 926: ...se the no form to remove a static entry SYNTAX ipv6 source guard binding mac address vlan vlan id ipv6 address interface interface no ipv6 source guard binding mac address vlan vlan id mac address A v...

Страница 927: ...g DHCPv6 snooping or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry with same and MAC address and IPv6 ad...

Страница 928: ...guard is enabled on an interface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A p...

Страница 929: ...v6 source bindings dynamically learned via ND snooping or DHCPv6 snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packets and DHC...

Страница 930: ...source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries learned through DHCP...

Страница 931: ...ing each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination dropping any invalid ARP packets ARP Inspection determines the validity of an...

Страница 932: ...their manner of switching matches that of all other packets Disabling and then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs ip arp inspection limit...

Страница 933: ...ndom group of VLANs with each entry separated by a comma static ARP packets are only validated against the specified ACL address bindings in the DHCP snooping database is not checked DEFAULT SETTING A...

Страница 934: ...nspection command before this command will be accepted by the switch By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log...

Страница 935: ...ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and response...

Страница 936: ...ction is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP...

Страница 937: ...command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Console config in...

Страница 938: ...on Global IP ARP Inspection status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspe...

Страница 939: ...cs ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0...

Страница 940: ...he echo service repeats anything sent to it and the chargen character generator service generates a continuous stream of data When used together they create an infinite loop and result in a denial of...

Страница 941: ...se packets Use the no form to disable this feature SYNTAX no dos protection smurf DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection smurf Console config d...

Страница 942: ...NULL scan Use the no form to disable this feature SYNTAX no dos protection tcp null scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp null scan C...

Страница 943: ...tcp xmas scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp xmas scan Console config dos protection udp flooding This command protects against DoS...

Страница 944: ...tack but the OOB packets still put the service in a tight loop that consumed all available CPU time Use the no form to disable this feature SYNTAX dos protection win nuke bit rate in kilo rate no dos...

Страница 945: ...traffic segmentation This command enables traffic segmentation Use the no form to disable traffic segmentation SYNTAX no traffic segmentation DEFAULT SETTING Disabled COMMAND MODE Global Configuratio...

Страница 946: ...ar the configuration settings for segmented groups EXAMPLE This example enables traffic segmentation globally on the switch Console config traffic segmentation Console config traffic segmentation sess...

Страница 947: ...or a segmented group of ports Use the no form to remove a port from the segmented group SYNTAX no traffic segmentation session session id uplink interface list downlink interface list downlink interfa...

Страница 948: ...as the uplink and ports 5 8 as downlinks Console config traffic segmentation Console config traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink...

Страница 949: ...ntation This command displays the configured traffic segments COMMAND MODE Privileged Exec EXAMPLE Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding Sessio...

Страница 950: ...CHAPTER 25 General Security Measures Port based Traffic Segmentation 950...

Страница 951: ...Pv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header type MAC ACL...

Страница 952: ...her more specific criteria acl name Name of the ACL Maximum length 32 characters no spaces or other special characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you cre...

Страница 953: ...NG None COMMAND MODE Standard IPv4 ACL COMMAND USAGE New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Страница 954: ...address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport bitmask destination port dport port bitmask control flag control flags f...

Страница 955: ...ied source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You can specify both Precedence and ToS in the same rule However if...

Страница 956: ...port 80 Console config ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any con...

Страница 957: ...ip access list 957 Time Range 762 show ip access group This command shows the ports assigned to IP ACLs COMMAND MODE Privileged Exec EXAMPLE Console show ip access group Interface ethernet 1 2 IP acc...

Страница 958: ...list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP address an...

Страница 959: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule SYNTAX permit deny any host source ipv6 address source ipv6 address prefi...

Страница 960: ...ipv6 address source ipv6 address prefix length any destination ipv6 address prefix length dscp dscp next header next header time range time range name no permit deny any host source ipv6 address sourc...

Страница 961: ...oded in separate headers that may be placed between the IPv6 header and the upper layer header in a packet There are a small number of such extension headers each identified by a distinct Next Header...

Страница 962: ...group acl name in out acl name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets time range na...

Страница 963: ...command displays the rules for configured IPv6 ACLs SYNTAX show ipv6 access list standard extended acl name standard Specifies a standard IPv6 ACL extended Specifies an extended IPv6 ACL acl name Nam...

Страница 964: ...SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of...

Страница 965: ...ethertype ethertype bitmask ip any host source ip source ip network mask any host destination ip destination ip network mask ipv6 any host source ipv6 source ipv6 prefix length any host destination ip...

Страница 966: ...rt sport port bitmask l4 destination port dport port bitmask permit deny untagged eth2 any host source source address bitmask any host destination destination address bitmask ethertype ethertype ether...

Страница 967: ...tmask19 Bitmask for MAC address in hexadecimal format network mask Network mask for IP subnet This mask identifies the host address bits used for routing to specific subnets prefix length Length of IP...

Страница 968: ...ress 00 e0 29 94 34 de where the Ethernet type is 0800 Console config mac acl permit any host 00 e0 29 94 34 de ethertype 0800 Console config mac acl RELATED COMMANDS access list mac 964 Time Range 76...

Страница 969: ...access list 969 Time Range 762 show mac access group This command shows the ports assigned to MAC ACLs COMMAND MODE Privileged Exec EXAMPLE Console show mac access group Interface ethernet 1 5 MAC acc...

Страница 970: ...ACL Maximum length 16 characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny c...

Страница 971: ...bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask...

Страница 972: ...mac any any Console config mac acl RELATED COMMANDS access list arp 970 show access list arp This command displays the rules for configured ARP ACLs SYNTAX show access list arp acl name acl name Name...

Страница 973: ...ernet unit port unit Unit identifier Range 1 port Port number Range 1 28 acl name Name of the ACL Maximum length 16 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware c...

Страница 974: ...ngress egress rules for Standard IPv6 ACLs mac Shows ingress egress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Na...

Страница 975: ...lear counters Clears statistics on an interface PE show discard Displays if CDP and PVST packets are being discarded PE show interfaces brief Displays a summary of key information including operationa...

Страница 976: ...eiver power level of the transmitted signal which can be used to trigger an alarm or warning message IC transceiver threshold voltage Sets thresholds for the transceiver voltage which can be used to t...

Страница 977: ...le An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following example adds an alias...

Страница 978: ...e switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcon...

Страница 979: ...description RD SW 3 Console config if discard This command discards CDP or PVST packets Use the no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cd...

Страница 980: ...essure is used for half duplex operation and IEEE 802 3 2002 formally IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no ne...

Страница 981: ...SFP port has a valid link DEFAULT SETTING RJ 45 copper forced Combination sfp preferred auto COMMAND MODE Interface Configuration Ethernet Ports 25 28 COMMAND USAGE Ports 1 24 are fixed at copper forc...

Страница 982: ...EXAMPLE The following example configures port 10 to use auto negotiation Console config interface ethernet 1 10 Console config if negotiation Console config if RELATED COMMANDS capabilities 977 speed...

Страница 983: ...nterface Configuration Ethernet Port Channel COMMAND USAGE The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T por...

Страница 984: ...Privileged Exec COMMAND USAGE Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log...

Страница 985: ...duplex mode and port type for all ports COMMAND MODE Privileged Exec EXAMPLE Console show interfaces brief Interface Name Status PVID Pri Speed Duplex Type Trunk Eth 1 1 Up 1 0 Auto 100full 100TX None...

Страница 986: ...put 5525 Multi cast Output 170 Broadcast Input 11 Broadcast Output Ether like Stats 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred T...

Страница 987: ...tus for all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displayed For a description of the items displayed by this c...

Страница 988: ...28 port channel channel id Range 1 12 DEFAULT SETTING Shows all interfaces COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displaye...

Страница 989: ...d or disabled page 1006 Ingress Egress Rate Limit Shows if rate limiting is enabled and the current rate limit page 971 VLAN Membership Mode Indicates membership mode as Trunk or Hybrid page 1136 Ingr...

Страница 990: ...ration Ethernet EXAMPLE Console config interface ethernet 1 25 Console config if transceiver monitor Console transceiver threshold current This command sets thresholds for transceiver current which ca...

Страница 991: ...age is sent if the current value is less than or equal to the threshold and the last sample value was greater than the threshold After a falling event has been generated another such event will not be...

Страница 992: ...nal Range 4000 820 in units of 0 01 dBm DEFAULT SETTING High Alarm 3 00 dBm HIgh Warning 3 50 dBm Low Warning 21 00 dBm Low Alarm 21 50 dBm COMMAND MODE Interface Configuration Ethernet COMMAND USAGE...

Страница 993: ...eshold value The threshold of the transceiver temperature Range 12800 12800 in units of 0 01 Celsius DEFAULT SETTING High Alarm 75 00 C HIgh Warning 70 00 C Low Alarm 123 00 C Low Warning 0 00 C COMMA...

Страница 994: ...ignal Range 4000 820 in units of 0 01 dBm DEFAULT SETTING High Alarm 9 00 dBm HIgh Warning 9 50 dBm Low Warning 21 00 dBm Low Alarm 21 50 dBm COMMAND MODE Interface Configuration Ethernet COMMAND USAG...

Страница 995: ...value The threshold of the transceiver voltage Range 0 655 in units of 0 01 Volt DEFAULT SETTING High Alarm 3 50 Volts HIgh Warning 3 45 Volts Low Warning 3 15 Volts Low Alarm 3 10 Volts COMMAND MODE...

Страница 996: ...SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This information allows administrators to remotely diagnose problems with optical devices This feature referred to...

Страница 997: ...allows administrators to remotely diagnose problems with optical devices This feature referred to as Digital Diagnostic Monitoring DDM in the command display provides information on transceiver parame...

Страница 998: ...es 7 140 meters long The test takes approximately 5 seconds The switch displays the results of the test immediately upon completion including common cable failures as well as the status and approximat...

Страница 999: ...port Port number Range 1 28 COMMAND MODE Privileged Exec COMMAND USAGE The results include common cable failures as well as the status and approximate distance to a fault or the approximate cable leng...

Страница 1000: ...ngs mode the switch checks for energy on the circuit to determine if there is a link partner If none is detected the switch automatically turns off the transmitter and most of the receive circuitry en...

Страница 1001: ...an 60 meters EXAMPLE Console config interface ethernet 1 28 Console config if power save Console config if show power save This command shows the configuration settings for power savings SYNTAX show p...

Страница 1002: ...CHAPTER 27 Interface Commands Power Savings 1002...

Страница 1003: ...8 ports Table 109 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC port...

Страница 1004: ...s not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the...

Страница 1005: ...or many different hosts Do not use this mode for switch to router trunk links where the destination MAC address is the same for all traffic src dst ip All traffic with the same source and destination...

Страница 1006: ...ove a port group from a trunk Use no interface port channel to remove a trunk from the switch EXAMPLE The following example creates trunk 1 and then adds port 10 Console config interface port channel...

Страница 1007: ...ace ethernet 1 1 Console config if lacp Console config if interface ethernet 1 2 Console config if lacp Console config if interface ethernet 1 3 Console config if lacp Console config if end Console sh...

Страница 1008: ...COMMAND USAGE Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chan...

Страница 1009: ...s selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already...

Страница 1010: ...mbined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been e...

Страница 1011: ...reset to 0 EXAMPLE Console config interface port channel 1 Console config if lacp admin key 3 Console config if lacp timeout This command configures the timeout to wait for the next LACP data unit LA...

Страница 1012: ...again that timeout value will be used EXAMPLE Console config interface port channel 1 Console config if lacp timeout short Console config if Trunk Status Display Commands show lacp This command displa...

Страница 1013: ...s received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown...

Страница 1014: ...protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or...

Страница 1015: ...Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current adm...

Страница 1016: ...CHAPTER 28 Link Aggregation Commands Trunk Status Display Commands 1016...

Страница 1017: ...dress access list acl name no port monitor interface vlan vlan id mac address mac address access list acl name interface ethernet unit port source port unit Unit identifier Range 1 port Port number Ra...

Страница 1018: ...configuration command and then use the port monitor command to specify the source of the traffic to mirror When mirroring traffic from a port the mirror port and monitor port speeds should match other...

Страница 1019: ...xample configures port 2 to monitor packets matching the MAC address 00 12 CF XX XX XX received by port 1 Console config access list mac m1 Console config mac acl permit 00 12 cf 00 00 00 ff ff ff 00...

Страница 1020: ...he following steps to configure an RSPAN session 1 Use the vlan rspan command to configure a VLAN to use for RSPAN Default VLAN 1 is prohibited 2 Use the rspan source command to specify the interfaces...

Страница 1021: ...ic Only one mirror session is allowed including both local and remote mirroring If local mirroring is enabled then no session can be configured for RSPAN Spanning Tree If the spanning tree is disabled...

Страница 1022: ...te a consecutive list of ports or a comma between non consecutive ports ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 rx Mirror received packets tx Mirror transmitted pac...

Страница 1023: ...tag untagged Traffic exiting the destination port is untagged DEFAULT SETTING Traffic exiting the destination port is untagged COMMAND MODE Global Configuration COMMAND USAGE Only one destination por...

Страница 1024: ...intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations destination Specifies this device as a switch configured with a destination port which...

Страница 1025: ...ession is allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then no session can be configured for RSPAN COMMAND MODE Global Configuration CO...

Страница 1026: ...nsole show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Switch Role Dest...

Страница 1027: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Страница 1028: ...Output rate for specified interface rate Maximum value in Kbps Range 64 100000 Kbps for Fast Ethernet ports 64 1000000 Kbps for Gigabit Ethernet ports DEFAULT SETTING Disabled COMMAND MODE Interface C...

Страница 1029: ...t packet rate to be either kilobits per second or packets per second SYNTAX storm sample type octet packet octet Threshold in kbit second packet Threshold in packets second DEFAULT SETTING packets sec...

Страница 1030: ...xceeds the threshold specified for broadcast and multicast or unknown unicast traffic packets exceeding the threshold are dropped until the rate falls back down beneath the threshold Traffic storms ca...

Страница 1031: ...ond which a storm control response is triggered after the apply timer expires IC Port auto traffic control auto control release Automatically releases a control response IC Port auto traffic control c...

Страница 1032: ...control response can be automatically terminated after the release timer snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper threshold for...

Страница 1033: ...ng can be released automatically or manually The control response of shutting down a port can only be released manually Figure 414 Storm Control by Shutting Down a Port The key elements of this diagra...

Страница 1034: ...tion COMMAND USAGE After the apply timer expires a control action may be triggered as specified by the auto traffic control action command and a trap message sent as specified by the snmp server enabl...

Страница 1035: ...nsole config auto traffic control broadcast release timer 800 Console config auto traffic control This command enables automatic traffic control for broadcast or multicast storms Use the no form to di...

Страница 1036: ...threshold configured by the auto traffic control alarm clear threshold command shutdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic c...

Страница 1037: ...omatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The lower threshold for ingress traffic beneath which a cleared storm control tra...

Страница 1038: ...rm control for multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second...

Страница 1039: ...triggered and the release timer has expired To release a control response which has shut down a port after the specified action has been triggered and the release timer has expired use the auto traffi...

Страница 1040: ...le port traps atc broadcast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port t...

Страница 1041: ...ps atc broadcast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Страница 1042: ...ed Use the no form to disable this trap SYNTAX no snmp server enable port traps atc multicast alarm clear DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config...

Страница 1043: ...ps atc multicast control apply DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet EXAMPLE Console config interface ethernet 1 1 Console config if snmp server enable port traps atc...

Страница 1044: ...ontrol This command shows global configuration settings for automatic storm control COMMAND MODE Privileged Exec EXAMPLE Console show auto traffic control Storm control Broadcast Apply timer sec 300 r...

Страница 1045: ...ation Storm Control Broadcast Multicast State Disabled Disabled Action rate control rate control Auto Release Control Disabled Disabled Alarm Fire Threshold Kpps 128 128 Alarm Clear Threshold Kpps 128...

Страница 1046: ...CHAPTER 30 Congestion Control Commands Automatic Traffic Control Commands 1046...

Страница 1047: ...nterface or when an interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Страница 1048: ...ded for the spanning tree protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no span...

Страница 1049: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Страница 1050: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Страница 1051: ...detection feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection...

Страница 1052: ...n Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of...

Страница 1053: ...erval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT SETTING 15 seconds COMMAN...

Страница 1054: ...detection process is always based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by...

Страница 1055: ...E UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to be taken Wh...

Страница 1056: ...1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 Disabled Normal Disabled 7 s Unknown 5 s Console show udld interface ethernet 1 1 Interface UDLD...

Страница 1057: ...e link is down or not connected to a UDLD capable device The state is Bidirectional if the link has a normal two way connection to a UDLD capable device All other states indicate mis wiring Msg Invl T...

Страница 1058: ...CHAPTER 32 UniDirectional Link Detection Commands 1058...

Страница 1059: ...seconds COMMAND MODE Global Configuration COMMAND USAGE The aging time is used to age out dynamically learned forwarding information Table 124 Address Table Commands Command Function Mode mac address...

Страница 1060: ...e switch is reset permanent Assignment is permanent DEFAULT SETTING No static addresses are defined The default mode is permanent COMMAND MODE Global Configuration COMMAND USAGE The static address for...

Страница 1061: ...ac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database SYNTAX show mac address table address mac address mask interface interfa...

Страница 1062: ...ns to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K EXAMPL...

Страница 1063: ...SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show mac address table count interface ethernet 1 1 MAC Entries for Port ID 1 Dynamic Address Count 2 Total MAC Addresses 2 Total MAC Address...

Страница 1064: ...CHAPTER 33 Address Table Commands 1064...

Страница 1065: ...ystem bpdu flooding Floods BPDUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission li...

Страница 1066: ...ing tree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPD...

Страница 1067: ...co IOS Release 12 2 25 SEC do not fully follow the IEEE standard causing some state machine procedures to function incorrectly The command forces the spanning tree protocol to function in a manner com...

Страница 1068: ...sole config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the de...

Страница 1069: ...onverge All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message become...

Страница 1070: ...1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and rec...

Страница 1071: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 1079 takes precedence over...

Страница 1072: ...e lowest MAC address will then become the root device EXAMPLE Console config spanning tree priority 40000 Console config spanning tree mst configuration This command changes to Multiple Spanning Tree...

Страница 1073: ...port s PVID DEFAULT SETTING Floods to all other ports in the same VLAN COMMAND MODE Global Configuration COMMAND USAGE The spanning tree system bpdu flooding command has no effect if BPDU flooding is...

Страница 1074: ...stance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the h...

Страница 1075: ...tance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs SYNTAX no mst instance id vlan vlan range instance id Instance identifier of the s...

Страница 1076: ...Use the no form to clear the name SYNTAX name name name Name of the spanning tree DEFAULT SETTING Switch s MAC address COMMAND MODE MST Configuration COMMAND USAGE The MST region name and revision num...

Страница 1077: ...isable this feature SYNTAX no spanning tree bpdu filter DEFAULT SETTING Disabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command filters all Bridge Protocol Data...

Страница 1078: ...s DEFAULT SETTING BPDU Guard Disabled Auto Recovery Disabled Auto Recovery Interval 300 seconds COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE An edge port should only be con...

Страница 1079: ...method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAG...

Страница 1080: ...enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to t...

Страница 1081: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Страница 1082: ...on action block shutdown duration no spanning tree loopback detection action block Blocks user traffic shutdown Shuts down the interface duration The duration to shut down the interface Range 60 86400...

Страница 1083: ...hen the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes to lin...

Страница 1084: ...nce identifier of the spanning tree Range 0 4094 cost Path cost for an interface Range 0 for auto configuration 1 65535 for short path cost method24 1 200 000 000 for long path cost method The recomme...

Страница 1085: ...panning Tree Use the no form to restore the default SYNTAX spanning tree mst instance id port priority priority no spanning tree mst instance id port priority instance id Instance identifier of the sp...

Страница 1086: ...n the receiving port s native VLAN as specified by the spanning tree system bpdu flooding command The spanning tree system bpdu flooding command has no effect if BPDU flooding is disabled on a port by...

Страница 1087: ...Port Channel COMMAND USAGE A bridge with a lower bridge identifier or same identifier and lower MAC address can take over as the root bridge at any time When Root Guard is enabled and the switch recei...

Страница 1088: ...t Channel EXAMPLE This example disables the spanning tree algorithm for port 5 Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if spanning tree t...

Страница 1089: ...ge 1 12 COMMAND MODE Privileged Exec COMMAND USAGE Use this command to release an interface from discarding state if loopback detection release mode is set to manual by the spanning tree loopback dete...

Страница 1090: ...ic instance within the multiple spanning tree MST SYNTAX show spanning tree interface mst instance id brief stp enabled only interface ethernet unit port unit Unit identifier Range 1 port Port number...

Страница 1091: ...panning Tree Enabled Disabled Enabled Instance 0 VLANs Configured 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec...

Страница 1092: ...gnated Root 32768 0000E89382A0 Current Root Port 0 Current Root Cost 0 Interface Pri Designated Designated Oper STP Role State Oper Bridge ID Port ID Cost Status Edge Eth 1 1 128 32768 0000E89382A0 12...

Страница 1093: ...ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS non revertive Enables non revertive mode which require...

Страница 1094: ...t link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVLAN Use the control vlan...

Страница 1095: ...for a specific ring erps This command enables ERPS on the switch Use the no form to disable this feature SYNTAX no erps DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS m...

Страница 1096: ...for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configur...

Страница 1097: ...exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This command activates the current ERPS ring Use the no form to disable the current ring SYNTAX no en...

Страница 1098: ...aximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard timer is that during its duration a node will be unaware of new or existing ring requests trans...

Страница 1099: ...kets Use the no form to remove the current setting SYNTAX major domain name no major domain name Name of the ERPS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMA...

Страница 1100: ...continuity check messages are used to monitor the link status of an ERPS ring node as specified by the mep monitor command then the MEG level set by the meg level command must match the authorized mai...

Страница 1101: ...own this information is passed to ERPS which in turn processes it as a ring node failure For more information on how ERPS recovers from a node failure refer to Ethernet Ring Protection Switching on pa...

Страница 1102: ...packets when an owner node enters protection state without any link down event having been detected through SF messages Use the no form to disable this feature SYNTAX no non erps dev protect DEFAULT S...

Страница 1103: ...the RPL the owner node will still transmit an R APS NR RB ring blocked message ERPS compliant nodes receiving this message flush their forwarding database and unblock previously blocked ports The rin...

Страница 1104: ...ther higher priority request is received Recovery with Revertive Mode When all ring links and ring nodes have recovered and no external requests are active reversion is handled in the following way a...

Страница 1105: ...ge on both ring ports informing other nodes that no request is present at this ring node The ring nodes stop transmitting R APS NR messages when they accept an RAPS NR RB message or when another highe...

Страница 1106: ...ocked until the RPL is blocked as a result of ring protection reversion or until there is another higher priority request e g an SF condition in the ring The Ethernet Ring Node where the Manual Switch...

Страница 1107: ...ndication all ring nodes flush their FDB This action unblocks the ring port which was blocked as result of an operator command EXAMPLE Console config erps non revertive Console config erps propagate t...

Страница 1108: ...ing nodes running ERPSv1 and ERPSv2 co exist on the same ring the Ring ID of each ring node must be configured as 1 If this command is disabled the following strings are used as the node identifier ER...

Страница 1109: ...the sub ring being transported over the virtual channel into the interconnected network can be uniquely distinguished from those of other interconnected ring R APS messages This can be achieved by for...

Страница 1110: ...essary to take precautions against forming a loop which is potentially composed of a whole interconnected network Figure 417 Sub ring without Virtual Channel EXAMPLE Console config erps raps without v...

Страница 1111: ...any member ports spanning tree will be disabled for the first member port assigned to the static trunk EXAMPLE Console config erps ring port east interface ethernet 1 12 Console config erps rpl neighb...

Страница 1112: ...ink RPL owner Use the no form to restore the default setting SYNTAX rpl owner no rpl DEFAULT SETTING None that is neither owner nor neighbor COMMAND MODE ERPS Configuration COMMAND USAGE Only one RPL...

Страница 1113: ...amount of flush FDB operations in the ring Support of multiple ERP instances on a single ring Version 2 is backward compatible with Version 1 If version 2 is specified the inputs and commands are forw...

Страница 1114: ...ion COMMAND USAGE If the switch goes into ring protection state due to a signal failure after the failure condition is cleared the RPL owner will start the wait to restore timer and wait until it expi...

Страница 1115: ...ual switch state 1 Issue an erps clear command to remove the forced switch command on the node where a local forced switch command is active 2 Issue an erps clear command on the RPL owner node to trig...

Страница 1116: ...R APS messages e The ring node receiving an R APS FS message flushes its FDB Protection switching on a forced switch request is completed when the above actions are performed by each ring node At thi...

Страница 1117: ...a FS command at the ring node under maintenance in order to avoid falling into the above mentioned unrecoverable situation EXAMPLE Console erps forced switch domain r d west Console erps manual switc...

Страница 1118: ...ch command was issued the ring node flushes its local FDB d A ring node accepting an R APS MS message without any local higher priority requests unblocks any blocked ring port which does not have an S...

Страница 1119: ...tatus information for all configured rings or for a specified ring SYNTAX show erps domain ring name statistics domain Keyword to display ERPS ring configuration settings ring name Name of a specific...

Страница 1120: ...link failure has occurred This state will switch to idle state if all the failed links recover Type Shows ERPS node type as None RPL Owner or RPL Neighbor Revertive Shows if revertive or non revertiv...

Страница 1121: ...this ring node R APS with VC The R APS Virtual Channel is the R APS channel connection used to tunnel R APS messages between two interconnection nodes of a sub ring in another Ethernet ring or network...

Страница 1122: ...to block timer expires WTR Expire The time before the wait to restore timer expires Table 132 show erps statistics detailed display description Field Description Interface The direction and port or t...

Страница 1123: ...Commands 1123 EVENT Any request state message excluding FS SF MS and NR HEALTH The number of non standard health check messages Table 132 show erps statistics detailed display description Continued Fi...

Страница 1124: ...CHAPTER 35 ERPS Commands 1124...

Страница 1125: ...ng ingress and egress tagging mode ingress filtering PVID and GVRP Displaying VLAN Information Displays VLAN groups status port members and MAC addresses Configuring IEEE 802 1Q Tunneling Configures 8...

Страница 1126: ...D USAGE GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 1127: ...AGE Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 1128: ...in the forbidden list COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN...

Страница 1129: ...rivileged Exec COMMAND USAGE See Displaying Bridge Extension Capabilities on page 121 for a description of the displayed items EXAMPLE Console show bridge ext Maximum Supported VLAN Numbers 4094 Maxim...

Страница 1130: ...eave All Timer 1000 centiseconds Console RELATED COMMANDS garp timer 1127 show gvrp configuration This command shows if GVRP is enabled SYNTAX show gvrp configuration interface interface ethernet unit...

Страница 1131: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 1132: ...the VLAN state active VLAN is operational suspend VLAN is suspended Suspended VLANs do not pass packets rspan Keyword to create a VLAN used for mirroring traffic from remote switches The VLAN used for...

Страница 1133: ...tion Table 136 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchport acceptable frame types Configures fr...

Страница 1134: ...estore the default SYNTAX switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged fram...

Страница 1135: ...has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when...

Страница 1136: ...iltering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames such as GMRP EXAMPLE The following example shows how to set the interface to...

Страница 1137: ...Console config if switchport mode hybrid Console config if RELATED COMMANDS switchport acceptable frame types 1134 switchport native vlan This command configures the PVID i e default VLAN ID for a po...

Страница 1138: ...ollowing figure shows VLANs 1 and 2 configured on switches A and B with VLAN trunking being used to pass traffic for these VLAN groups across switches C D and E Figure 418 Configuring VLAN Trunking Wi...

Страница 1139: ...to establish a path across the switch for unknown VLAN groups Console config interface ethernet 1 9 Console config if vlan trunking Console config if interface ethernet 1 10 Console config if vlan tru...

Страница 1140: ...are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer specific VLAN IDs QinQ tunneling expands VLAN space by using...

Страница 1141: ...tive vlan 7 Configure the QinQ tunnel uplink port to dot1Q tunnel uplink mode switchport dot1q tunnel mode 8 Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member switchport allo...

Страница 1142: ...led COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE QinQ tunneling must be enabled on the switch using the dot1q tunnel system tunnel control command before the switchport dot...

Страница 1143: ...that will carry this traffic across the 802 1Q tunnel This process is performed in a transparent manner as described under IEEE 802 1Q Tunneling on page 206 When priority bits are found in the inner...

Страница 1144: ...chport allowed vlan add 100 200 300 tagged Console config if switchport dot1q tunnel mode uplink 4 Configures port 1 as an untagged member of VLANs 100 200 and 300 using access mode Console config int...

Страница 1145: ...1q tunnel tpid tpid Sets the ethertype value for 802 1Q encapsulation This identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Страница 1146: ...tunnel interface interface service svid service svid interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 svid VLAN ID for the outer VLAN...

Страница 1147: ...upstream L2PT protocol packets i e STP BPDUs to this value and forwards them on to uplink ports The MAC address must be specified in the format xx xx xx xx xx xx or xxxxxxxxxxxx DEFAULT SETTING 01 12...

Страница 1148: ...2PT processes packets is based on the following criteria 1 packet is received on a QinQ uplink port 2 packet is received on a QinQ access port or 3 received packet is Cisco compatible L2PT i e as indi...

Страница 1149: ...received on an access port and recognized as a CDP VTP STP PVST protocol packet and L2PT is enabled on this port it is forwarded to the following ports in the same S VLAN a other access ports for whic...

Страница 1150: ...ee Plus spanning tree Spanning Tree STP RSTP MSTP vtp Cisco VLAN Trunking Protocol DEFAULT SETTING Disabled for all protocols COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE R...

Страница 1151: ...ed to that device can be configured to swap the customer s VLAN ID with the service provider s VLAN ID for upstream traffic or the service provider s VLAN ID with the customer s VLAN ID for downstream...

Страница 1152: ...ries is 8 per port and up to 96 for the system However note that configuring a large number of entries may degrade the performance of other processes that also use the TCAM such as IP Source Guard fil...

Страница 1153: ...n standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of...

Страница 1154: ...cific protocols to a group Use the no form to remove a protocol group SYNTAX protocol vlan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group gr...

Страница 1155: ...hing protocol traffic is forwarded Range 1 4094 priority The priority assigned to untagged ingress traffic Range 0 7 where 7 is the highest priority DEFAULT SETTING No protocol groups are mapped for a...

Страница 1156: ...l group group id group id Group identifier for a protocol group Range 1 2147483647 DEFAULT SETTING All protocol groups are displayed COMMAND MODE Privileged Exec EXAMPLE This shows protocol group 1 co...

Страница 1157: ...ssification all untagged frames received by a port are classified as belonging to the VLAN whose VID PVID is associated with that port When IP subnet based VLAN classification is enabled the source ad...

Страница 1158: ...ty 0 COMMAND MODE Global Configuration COMMAND USAGE Each IP subnet can be mapped to only one VLAN ID An IP subnet consists of an IP address and a subnet mask The specified VLAN need not be an existin...

Страница 1159: ...192 168 12 252 255 255 255 254 8 0 192 168 12 254 255 255 255 255 9 0 192 168 12 255 255 255 255 255 10 0 Console CONFIGURING MAC BASED VLANS When using IEEE 802 1Q port based VLAN classification all...

Страница 1160: ...y value 1 means relevant and 0 means ignore vlan id VLAN to which the matching source MAC address traffic is forwarded Range 1 4094 priority The priority assigned to untagged ingress traffic Range 0 7...

Страница 1161: ...tically assigns the port to the Voice VLAN Alternatively switch ports can be manually configured voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to...

Страница 1162: ...When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member of the Voice VLAN Only one Voice VLAN is supported and it must already be created on the...

Страница 1163: ...ng 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Use the no form to remove an entry from the list SYNTAX voice vlan mac address...

Страница 1164: ...must be manually added to the Voice VLAN auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port DEFAULT SETTING Disabled COMMAND MODE Interface Con...

Страница 1165: ...active for the port EXAMPLE The following example sets the CoS priority to 5 on port 1 Console config interface ethernet 1 1 Console config if switchport voice vlan priority 5 Console config if switc...

Страница 1166: ...oIP traffic on a port Use the no form to disable filtering on a port SYNTAX no switchport voice vlan security DEFAULT SETTING Disabled COMMAND MODE Interface Configuration COMMAND USAGE Security filte...

Страница 1167: ...aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Remaining Age minutes Eth 1 1 Auto Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 1...

Страница 1168: ...CHAPTER 36 VLAN Commands Configuring Voice VLANs 1168...

Страница 1169: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 1170: ...icates a strict queue DEFAULT SETTING WRR COMMAND MODE Global Configuration COMMAND USAGE The switch can be set to service the port queues based on strict priority WRR or a combination of strict and w...

Страница 1171: ...eights to the eight class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore the de...

Страница 1172: ...ority mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged...

Страница 1173: ...Console config if RELATED COMMANDS show interfaces switchport 988 show queue mode This command shows the current queue mode COMMAND MODE Privileged Exec EXAMPLE Console show queue mode Queue Mode Wei...

Страница 1174: ...al format Range 0 1 Table 147 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal...

Страница 1175: ...processing Note that priority tags in the original packet are not modified by this command The internal DSCP consists of three bits for per hop behavior PHB which determines the queue to which a pack...

Страница 1176: ...ust mode command and the ingress packet type is IPv4 Two QoS domains can have different DSCP definitions so the DSCP to PHB Drop Precedence mutation map can be used to modify one set of DSCP values to...

Страница 1177: ...onfig interface ethernet 1 5 Console config if qos map dscp mutation 3 1 from 1 Console config if qos map phb queue This command determines the hardware output queues to use based on the internal per...

Страница 1178: ...l be based on the DSCP value in the ingress packet If the QoS mapping mode is set to DSCP and a non IP packet is received the packet s CoS and CFI Canonical Format Indicator values are used for priori...

Страница 1179: ...CoS CFI 0 1 0 0 0 0 0 1 1 0 1 0 2 2 0 2 0 3 3 0 3 0 4 4 0 4 0 5 5 0 5 0 6 6 0 6 0 7 7 0 7 0 Console show qos map dscp mutation This command shows the ingress DSCP to internal DSCP map SYNTAX show qos...

Страница 1180: ...3 4 5 0 5 1 5 0 5 3 5 0 5 1 6 0 5 3 6 0 6 1 5 6 0 6 3 6 0 6 1 6 0 6 3 7 0 7 1 7 0 7 3 6 7 0 7 1 7 0 7 3 Console show qos map phb queue This command shows internal per hop behavior to hardware queue m...

Страница 1181: ...Priority Commands Layer 3 and 4 1181 COMMAND MODE Privileged Exec EXAMPLE The following shows that the trust mode is set to CoS Console show qos map trust mode interface ethernet 1 5 Information of E...

Страница 1182: ...CHAPTER 37 Class of Service Commands Priority Commands Layer 3 and 4 1182...

Страница 1183: ...er for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an en...

Страница 1184: ...set ip dscp command to modify the per hop behavior the class of service value in the VLAN tag or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the poli...

Страница 1185: ...ass maps may be added to the policy map nor any changes made to the assigned class maps with the match or set commands EXAMPLE This example creates a class map call rd class and sets it to match packe...

Страница 1186: ...e unit port unit Unit identifier Range 1 port Port number Range 1 28 vlan A VLAN Range 1 4094 DEFAULT SETTING None COMMAND MODE Class Map Configuration COMMAND USAGE First enter the class map command...

Страница 1187: ...map rd class 2 match any Console config cmap match ip precedence 5 Console config cmap This example creates a class map call rd class 3 and sets it to match packets marked for VLAN 1 Console config c...

Страница 1188: ...ass Map page 1188 before assigning it to a Policy Map EXAMPLE This example creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set command to c...

Страница 1189: ...sets the IP DSCP value in matching packets This modifies packet priority in the IP header police commands define parameters such as the maximum throughput burst rate and response to non conforming tra...

Страница 1190: ...ket the packet is set red transmit Transmits without taking any action drop Drops packet as required by violate action new dscp Differentiated Service Code Point DSCP value Range 0 63 DEFAULT SETTING...

Страница 1191: ...ng packets Console config policy map rd policy Console config pmap class rd class Console config pmap c set phb 3 Console config pmap c police flow 100000 4000 conform action transmit violate action d...

Страница 1192: ...cannot exceed 16 Mbytes The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to three traffic parameters Committed Information Rate CIR Committed Burst Size BC...

Страница 1193: ...en precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented The meterin...

Страница 1194: ...r second Range 0 1000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower peak burst Peak burst size BP in bytes Range 0 16000000 at a granularity of 4k bytes conform action A...

Страница 1195: ...the packet The behavior of the meter is specified in terms of its mode and two token buckets P and C which are based on the rates PIR and CIR respectively The maximum size of the token bucket P is BP...

Страница 1196: ...sole config pmap class rd class Console config pmap c set phb 3 Console config pmap c police trtcm color blind 100000 4000 100000 6000 conform action transmit exceed action 0 violate action drop Conso...

Страница 1197: ...d Use the no form to remove this traffic classification SYNTAX no set ip dscp new dscp new dscp New Differentiated Service Code Point DSCP value Range 0 63 DEFAULT SETTING None COMMAND MODE Policy Map...

Страница 1198: ...to control queue congestion by the police srtcm color command and police trtcm color command The set cos and set phb command function at the same level of priority Therefore setting either of these co...

Страница 1199: ...ce Configuration Ethernet Port Channel COMMAND USAGE Only one policy map can be assigned to an interface First define a class map then define a policy map and finally use the service policy command to...

Страница 1200: ...classification criteria for incoming traffic and may include policers for bandwidth limitations SYNTAX show policy map policy map name class class map name policy map name Name of the policy map Range...

Страница 1201: ...assigned to the specified interface SYNTAX show policy map interface interface input interface unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 COM...

Страница 1202: ...CHAPTER 38 Quality of Service Commands 1202...

Страница 1203: ...ing displays current snooping settings and displays the multicast service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicast traffi...

Страница 1204: ...ed IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use a v...

Страница 1205: ...p snooping Console config ip igmp snooping vlan static Adds an interface as a member of a multicast group GC ip igmp snooping vlan version Configures the IGMP version for snooping GC ip igmp snooping...

Страница 1206: ...fic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency EXAMPLE Console config ip igmp snooping priority 6 Console config RELATED COMMANDS show ip...

Страница 1207: ...ip igmp snooping proxy reporting Console config ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it SYNTAX no ip igmp snooping querier DEFAULT SE...

Страница 1208: ...outer Alert option 2 Also when the switch is acting in the role of a multicast host such as when using proxy routing it should ignore version 2 or 3 queries that do not contain the Router Alert option...

Страница 1209: ...ived and all the uplink ports are subsequently deleted a time out mechanism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolici...

Страница 1210: ...When a switch receives this solicitation it floods it to all ports in the VLAN where the spanning tree change occurred When an upstream multicast router receives this solicitation it will also immedia...

Страница 1211: ...command specifies how often the upstream interface should transmit unsolicited IGMP reports when proxy reporting is enabled Use the no form to restore the default value SYNTAX ip igmp snooping unsolic...

Страница 1212: ...and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed If the IGMP snooping version is configured on a VLAN this setting...

Страница 1213: ...ooping vlan general query suppression This command suppresses general queries except for ports attached to downstream multicast hosts Use the no form to flood general queries to all ports except for t...

Страница 1214: ...ssage is received The router querier stops forwarding traffic for that group only if no host replies to the query within the time out period The time out for this release is currently defined by Last...

Страница 1215: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 1216: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Страница 1217: ...proxy address source address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0...

Страница 1218: ...address of the last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for pro...

Страница 1219: ...queries Use the no form to restore the default SYNTAX ip igmp snooping vlan vlan id query resp intvl interval no ip igmp snooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval T...

Страница 1220: ...AGE Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN EXAMPLE...

Страница 1221: ...ort channel channel id Range 1 12 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ip igmp snooping statistics Console show ip igmp snooping This command sh...

Страница 1222: ...Disabled Immediate Leave Disabled Last Member Query Interval 10 unit 1 10s Last Member Query Count 2 General Query Suppression Disabled Query Interval 125 Query Response Interval 100 unit 1 10s Proxy...

Страница 1223: ...t Forwarding Entry Count 1 Flag R Router port M Group member port H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h...

Страница 1224: ...SYNTAX show ip igmp snooping statistics input interface interface output interface interface query vlan vlan id interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 p...

Страница 1225: ...is interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or group and...

Страница 1226: ...ip igmp snooping statistics vlan query display description Field Description Querier IP Address The IP address of the querier on this interface Querier Expire Time The time after which this querier i...

Страница 1227: ...n The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a p...

Страница 1228: ...ofile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP filtering and throttling onl...

Страница 1229: ...to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ip igmp profile 19 Console config igmp profi...

Страница 1230: ...TTING None COMMAND MODE IGMP Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one multicast address or address range for a profile EXAMPLE Console config ip i...

Страница 1231: ...ejoins the same group the join report needs to again be authenticated When receiving an IGMP v3 report message the switch will send the access request to the RADIUS server only when the record type is...

Страница 1232: ...er An IGMP filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Interface Configuration COMMAND USAGE The IGMP filtering profile must first be created with the ip igmp profile co...

Страница 1233: ...wo actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it w...

Страница 1234: ...if ip igmp query drop This command drops any received IGMP query packets Use the no form to restore the default setting SYNTAX no ip igmp query drop DEFAULT SETTING Disabled COMMAND MODE Interface Co...

Страница 1235: ...entication This command displays the interface settings for IGMP authentication SYNTAX show ip igmp authentication interface interface interface ethernet unit port unit Unit identifier Range 1 port Po...

Страница 1236: ...EXAMPLE Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239...

Страница 1237: ...ber Range 1 28 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Con...

Страница 1238: ...lticast Groups 0 Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets SYNTAX show ip igmp throttle interface interface interfa...

Страница 1239: ...tch to act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configure...

Страница 1240: ...e SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected The querier is responsible for ask...

Страница 1241: ...G 125 seconds COMMAND MODE Global Configuration COMMAND USAGE This command applies when the switch is serving as the querier An MLD general query message is sent by the switch at the interval specifie...

Страница 1242: ...command configures the MLD Snooping robustness variable Use the no form to restore the default value SYNTAX ipv6 mld snooping robustness value no ipv6 mld snooping robustness value The number of the...

Страница 1243: ...rt i e the interface that had been receiving query packets to have expired EXAMPLE Console config ipv6 mld snooping router port expire time 300 Console config ipv6 mld snooping unknown multicast mode...

Страница 1244: ...AND MODE Global Configuration EXAMPLE Console config ipv6 mld snooping version 1 Console config ipv6 mld snooping vlan immediate leave This command immediately deletes a member port of an IPv6 multica...

Страница 1245: ...atically configures an IPv6 multicast router port Use the no form to remove the configuration SYNTAX no ipv6 mld snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet...

Страница 1246: ...X interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE Console config ipv...

Страница 1247: ...ifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ipv6 mld snooping statistics Console show ipv6 mld snooping This command shows the current MLD Snooping configuration SYNTAX show...

Страница 1248: ...roup source list This command shows known multicast groups member ports the means by which each group was learned and the corresponding source list SYNTAX show ipv6 mld snooping group source list COMM...

Страница 1249: ...ltering feature fulfills this requirement by restricting access to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port can join T...

Страница 1250: ...permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD filtering and throttling only applies to dynamically learned multicast...

Страница 1251: ...but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny EXAMPLE Console config ipv6 mld profile 19 Console config mld profile RELATED COMMANDS...

Страница 1252: ...id IPv6 address X X X X X for the end of a multicast group range DEFAULT SETTING None COMMAND MODE MLD Profile Configuration COMMAND USAGE Enter this command multiple times to specify more than one mu...

Страница 1253: ...ast groups an interface can join at the same time Range 1 1023 DEFAULT SETTING 1023 COMMAND MODE Interface Configuration Ethernet COMMAND USAGE MLD throttling sets a maximum number of multicast groups...

Страница 1254: ...Configuration Ethernet COMMAND USAGE When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join...

Страница 1255: ...to enable multicast data guard mode on a port interface Use the no form of the command to disable multicast data guard SYNTAX no ipv6 multicast data drop DEFAULT SETTING Disabled COMMAND MODE Interfac...

Страница 1256: ...number profile number An existing MLD filter profile number Range 1 4294967295 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 mld profile MLD Profile 19 MLD Profile 50 Co...

Страница 1257: ...and displays the interface settings for MLD throttling SYNTAX show ipv6 mld throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port chan...

Страница 1258: ...ry interval Configures the interval at which the receiver port sends out general queries GC mvr proxy switching Enables MVR proxy switching where the source port acts as a host and the receiver port a...

Страница 1259: ...e MVR group addresses specified in a profile to an MVR domain Use the no form of this command to remove the binding SYNTAX no mvr domain domain id associated profile profile name domain id An independ...

Страница 1260: ...c domain Use the no form of this command to disable MVR for a domain SYNTAX no mvr domain domain id domain id An independent multicast domain Range 1 5 DEFAULT SETTING Disabled COMMAND MODE Global Con...

Страница 1261: ...ed an MVR group is sent from all source ports to all receiver ports that have registered to receive data from that multicast group The IP address range from 224 0 0 0 to 239 255 255 255 is used for mu...

Страница 1262: ...ig mvr priority This command assigns a priority to all multicast traffic in the MVR VLAN Use the no form of this command to restore the default setting SYNTAX mvr priority priority no mvr priority pri...

Страница 1263: ...l MVR subscriptions on the downstream interface Receiver ports must therefore be configured on all downstream interfaces which require MVR proxy service When the source port receives report and leave...

Страница 1264: ...f times report messages are sent upstream when changes are learned about downstream groups and the number of times group specific queries are sent to downstream receiver ports This command only takes...

Страница 1265: ...t the requested streams are still restricted to the address range which has been specified in a profile and bound to a domain EXAMPLE Console config mvr source port mode dynamic Console config mvr ups...

Страница 1266: ...is the VLAN to which all source ports must be assigned The VLAN specified by this command must be an existing VLAN configured with the vlan command MVR source ports can be configured as members of the...

Страница 1267: ...ly to multicast groups which have been statically assigned to a port with the mvr vlan group command EXAMPLE The following enables immediate leave on a receiver port Console config interface ethernet...

Страница 1268: ...configures one source port and several receiver ports on the switch Console config interface ethernet 1 5 Console config if mvr domain 1 type source Console config if exit Console config interface et...

Страница 1269: ...multicast groups must be statically assigned using the mvr vlan group command The MVR VLAN cannot be specified as the receiver VLAN for static bindings EXAMPLE The following statically assigns a multi...

Страница 1270: ...ation about MVR domain settings including MVR operational status the multicast VLAN the current number of group addresses and the upstream source IP address SYNTAX show mvr domain domain id domain id...

Страница 1271: ...into the MVR VLAN MVR Proxy Switching Shows if MVR proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enabled MVR Proxy Query I...

Страница 1272: ...Source Inactive Discarding Eth1 1 Receiver Active Forwarding Disabled 225 0 0 1 VLAN1 225 0 0 9 VLAN3 Eth1 4 Receiver Active Discarding Disabled Console Table 164 show mvr interface display descriptio...

Страница 1273: ...ddress The subscriber IP addresses sort by port The multicast groups associated with an interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel cha...

Страница 1274: ...6 7 1 2 P 1 Eth 1 1 S 2 Eth 1 2 R Console show mvr profile This command shows all configured MVR profiles COMMAND MODE Privileged Exec EXAMPLE The following shows all configured MVR profiles Console...

Страница 1275: ...ays statistics for all domains COMMAND MODE Privileged Exec EXAMPLE The following shows MVR protocol related statistics received Console show mvr domain 1 statistics input MVR Domain 1 Input Statistic...

Страница 1276: ...rt received Join Succ The number of times a multicast group was successfully joined Group The number of MVR groups active on this interface Table 167 show mvr statistics output display description Fie...

Страница 1277: ...ued Field Description Table 169 Multicast VLAN Registration for IPv6 Commands Command Function Mode mvr6 associated profile Binds the MVR group addresses specified in a profile to an MVR domain GC mvr...

Страница 1278: ...oup address profile to domain 1 Console config mvr6 domain 1 associated profile rd Console config clear mvr6 statistics Clears the MVR statistics globally or on a per interface basis PE show mvr6 Show...

Страница 1279: ...E The following example enables MVR for domain 1 Console config mvr6 domain 1 Console config mvr6 profile This command maps a range of MVR group addresses to a profile Use the no form of this command...

Страница 1280: ...to fill the undefined fields Note that the IP address ff02 X is reserved The MVR6 group address range assigned to a profile cannot overlap with the group address range of any other profile EXAMPLE Th...

Страница 1281: ...ly disables MVR router functions Receiver ports are known as downstream or router interfaces These interfaces perform the standard MVR router functions by maintaining a database of all MVR subscriptio...

Страница 1282: ...queries Use the no form to restore the default setting SYNTAX mvr6 robustness value value no mvr6 robustness value value The robustness used for all interfaces Range 1 10 DEFAULT SETTING 2 COMMAND MOD...

Страница 1283: ...ich the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a multicast stream is forwarded to any attached client Note...

Страница 1284: ...cast data is received Use the no form of this command to restore the default MVR VLAN SYNTAX mvr6 domain domain id vlan vlan id no mvr6 domain domain id vlan domain id An independent multicast domain...

Страница 1285: ...or a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only...

Страница 1286: ...as a member of the MVR VLAN Also note that VLAN membership for MVR receiver ports cannot be set to access mode see the switchport mode command One or more interfaces may be configured as MVR source p...

Страница 1287: ...address bits DEFAULT SETTING No receiver port is a member of any configured multicast group COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Multicast groups can be statically...

Страница 1288: ...r6 groups dynamic Console clear mvr6 statistics Use this command to clear the MVR6 statistics SYNTAX clear mvr6 statistics interface ethernet unit port port channel channel id vlan vlan id ethernet un...

Страница 1289: ...m Source IP FF05 25 Console Table 170 show mvr6 display description Field Description MVR6 802 1p Forwarding Priority Priority assigned to multicast traffic forwarded into the MVR6 VLAN MVR Proxy Swit...

Страница 1290: ...ed profile Domain ID 1 MVR Profile Name Start IPv6 Addr End IPv6 Addr rd FF00 1 FF00 9 Console show mvr6 interface This command shows MVR configuration settings for interfaces attached to the MVR VLAN...

Страница 1291: ...or all domains and all forwarding entries COMMAND MODE Privileged Exec EXAMPLE The following shows information about the number of multicast forwarding entries currently active in domain 1 Console sho...

Страница 1292: ...t H Host counts number of hosts join the group on this port P Port counts number of ports join the group Up time Group elapsed time d h m s Expire Group remaining time m s Group Address VLAN Port Up t...

Страница 1293: ...nterface interface query domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 vl...

Страница 1294: ...is interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or group and...

Страница 1295: ...d Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many...

Страница 1296: ...d notification Enables the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv inventory Configures an LLDP MED enabled port to advertise its inventory identification detail...

Страница 1297: ...e default setting SYNTAX lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier...

Страница 1298: ...ED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service EXAMPLE Console config lldp med fast start count 6 Console config lld...

Страница 1299: ...e periodic transmit interval for LLDP advertisements Use the no form to restore the default setting SYNTAX lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval a...

Страница 1300: ...se the no form to restore the default setting SYNTAX lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds DEFAULT SETTING 2 seconds COMMAND MODE Global Conf...

Страница 1301: ...figures an LLDP enabled port to advertise the management address for this device Use the no form to disable this feature SYNTAX no lldp basic tlv management ip address DEFAULT SETTING Enabled COMMAND...

Страница 1302: ...nt address reported by this TLV EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv management ip address Console config if lldp basic tlv port description This command conf...

Страница 1303: ...LE Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advert...

Страница 1304: ...and is in turn based on the hostname command EXAMPLE Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configu...

Страница 1305: ...age 1153 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its d...

Страница 1306: ...e 1155 EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise lin...

Страница 1307: ...and operational Multistation Access Unit MAU type EXAMPLE Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command confi...

Страница 1308: ...escription of a location Range 1 32 characters DEFAULT SETTING Not advertised No description COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE Use this command without any keywo...

Страница 1309: ...ole config if lldp med location civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med l...

Страница 1310: ...n An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss EXA...

Страница 1311: ...ole config if lldp med tlv location Console config if lldp med tlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disab...

Страница 1312: ...policy Console config if lldp notification This command enables the transmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications SYNTAX no lldp notificatio...

Страница 1313: ...onfig detail interface detail Shows configuration summary interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 COMMAND MODE Privileg...

Страница 1314: ...ication Status Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Civic Address Status Enabled Country Nam...

Страница 1315: ...t 0 port 3 Eth 1 4 MAC Address 00 12 CF DA FC EC Ethernet Port on unit 0 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MAC Address...

Страница 1316: ...unit 0 port 1 SystemCapSupported Bridge SystemCapEnabled Bridge Remote Management Address 192 168 0 5 IPv4 Remote Port VID 1 Remote Port Protocol VLAN VLAN 3 supported enabled Remote VLAN Name VLAN 1...

Страница 1317: ...Address LCI Country Name TW What 2 Extended Power via MDI Power Type PSE Power Source Unknown Power Priority Unknown Power Value 0 Watts Inventory Hardware Revision R0A Firmware Revision 1 2 6 0 Soft...

Страница 1318: ...Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Port NumFramesRecvd NumFramesSent NumFramesDiscarded Eth 1 1 0 83 0 Eth 1 2 11 12 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp...

Страница 1319: ...s Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maintenance doma...

Страница 1320: ...enance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the con...

Страница 1321: ...net cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache C...

Страница 1322: ...events discovered by continuity check messages page 1341 or cross check messages page 1345 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm...

Страница 1323: ...aintenance association name Range 1 43 alphanumeric characters DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Each MA name must be unique within the CFM domain Frames with AI...

Страница 1324: ...numeric characters DEFAULT SETTING 1 second COMMAND MODE Global Configuration EXAMPLE This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm a...

Страница 1325: ...P resumes loss of continuity alarm generation upon detecting loss of continuity defect conditions in the absence of AIS messages EXAMPLE This example suppresses sending frames with AIS information Con...

Страница 1326: ...n between the domain service access points DSAPs within each MA defined for a domain and are manually configured using the ethernet cfm mep command In contrast MIPs are interconnection points that mak...

Страница 1327: ...main index 1 name voip level 3 mip creation explicit Console config ether cfm RELATED COMMANDS ma index name 1328 ethernet cfm enable This command enables CFM processing globally on the switch Use the...

Страница 1328: ...a maintenance end point MEP is created at some lower MA Level none No MIP can be created for this MA DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration COMMAND USAGE The maintenance doma...

Страница 1329: ...2147483647 character string IEEE 802 1ag defined character string format This is an IETF RFC 2579 DisplayString icc based ITU T SG13 SG15 Y 1731 defined ICC based format DEFAULT SETTING character str...

Страница 1330: ...ance domain at the same level as the MEP to be configured using the ethernet cfm domain command 2 maintenance association within the domain using the ma index name command and 3 finally the MEP using...

Страница 1331: ...le config interface ethernet 1 1 Console config if ethernet cfm port enable Console config if clear ethernet cfm ais mpid This command clears AIS defect information for the specified MEP SYNTAX clear...

Страница 1332: ...fier Range 1 port Port number Range 1 28 port channel channel id Range 1 12 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the global settings for CFM Console show ethern...

Страница 1333: ...received from a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a...

Страница 1334: ...rimary VID CC Interval MIP Creation steve 1 voip 1 4 Default Console show ethernet cfm maintenance points local This command displays the maintenance points configured on this device SYNTAX show ether...

Страница 1335: ...rd Console show ethernet cfm maintenance points local mep MPID MD Name Level Direct VLAN Port CC Status MAC Address 1 rd 0 UP 1 Eth 1 1 Enabled 00 12 CF 3A A8 C0 Console show ethernet cfm maintenance...

Страница 1336: ...format of the Maintenance Association name including primary VID character string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction...

Страница 1337: ...AULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mpid keyword with this command to display information about a specific maintenance point or use the mac keyword to display informat...

Страница 1338: ...he last CCM message about this MEP has been in the CCM database Frame Loss Percentage of transmitted frames lost CC Packet Statistics received error The number of CCM packets received successfully and...

Страница 1339: ...ute 7 10 minutes DEFAULT SETTING 4 100 ms COMMAND MODE Global Configuration COMMAND USAGE CCMs provide a means to discover other MEPs and to detect connectivity failures in an MA If any MEP fails to r...

Страница 1340: ...connectivity to all other MEPs MIPs in the MA Each CCM received is checked to verify that the MEP identifier field sent in the message does not match its own MEPID which would indicate a duplicate MEP...

Страница 1341: ...trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP which has recovered from an error condition mep up Sends a trap if a remote MEP is discovere...

Страница 1342: ...ts the aging time for missing MEPs in the CCM database to 30 minutes Console config ethernet cfm domain index 1 name voip level 3 Console config ether cfm mep archive hold time 30 Console config ether...

Страница 1343: ...AND MODE Privileged Exec COMMAND USAGE Use this command without any keywords to clear all entries in the error database Use the domain keyword to clear the error database for a specific domain or the...

Страница 1344: ...associated with a specific VID list one or more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a...

Страница 1345: ...CFM continuity check events in relation to the cross check operations between statically configured MEPs and those learned via continuity check messages CCMs Use the no form to restore disable these...

Страница 1346: ...move a remote MEP SYNTAX no mep crosscheck mpid mpid ma ma name mpid Identifier for a maintenance end point which exists on another CFM enabled device within the same MA Range 1 8191 ma name Maintenan...

Страница 1347: ...ain name ma ma name enable Starts the cross check process disable Stops the cross check process domain name Domain name Range 1 43 alphanumeric characters ma name MA name Range 1 43 alphanumeric chara...

Страница 1348: ...k MPID MA Name Level VLAN MEP Up Remote MAC 2 downtown 4 2 Yes 00 0D 54 FC A2 73 Console Link Trace Operations ethernet cfm linktrace cache This command enables caching of CFM data learned through lin...

Страница 1349: ...time minutes minutes The aging time for entries stored in the link trace cache Range 1 65535 minutes DEFAULT SETTING 100 minutes COMMAND MODE Global Configuration COMMAND USAGE Before setting the agin...

Страница 1350: ...Console config ethernet cfm linktrace This command sends CFM link trace messages to the MAC address of a remote MEP SYNTAX ethernet cfm linktrace dest mep destination mpid src mep source mpid dest me...

Страница 1351: ...isolate faults However this task can be difficult in an Ethernet environment since each node is connected through multipoint links Fault isolation is even more challenging since the MAC address of th...

Страница 1352: ...could be returned for example by an operationally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be fals...

Страница 1353: ...nce association name Range 1 43 alphanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes DE...

Страница 1354: ...NTAX mep fault notify alarm time alarm time no fault notify alarm time alarm time The time that one or more defects must be present before a fault alarm is generated Range 3 10 seconds DEFAULT SETTING...

Страница 1355: ...mand The state machine transmits no further fault alarms until it is reset by the passage of a configured time period see the mep fault notify reset time command without a defect indication The normal...

Страница 1356: ...generated Range 3 10 seconds DEFAULT SETTING 10 seconds COMMAND MODE CFM Domain Configuration EXAMPLE This example sets the reset time after which another fault alarm can be generated Console config e...

Страница 1357: ...rm Time Reset Time voip rd none macRemErrXcon 3sec 10sec Console Table 185 show fault notify generator display description Field Description MD Name The maintenance domain for this entry MA Name The m...

Страница 1358: ...xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to retry...

Страница 1359: ...p at the time of transmitting a frame with DM reply information Frame Delay RxTimeStampb TxTimeStampf TxTimeStampb RxTimeStampf The MEP can also make two way frame delay variation measurements based o...

Страница 1360: ...CHAPTER 41 CFM Commands Delay Measure Operations 1360...

Страница 1361: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Страница 1362: ...ace ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable this function SYNTAX...

Страница 1363: ...itical link event dying gasp Console config if efm oam link monitor frame This command enables reporting of errored frame link events Use the no form to disable this function SYNTAX no efm oam link mo...

Страница 1364: ...LV includes the number of errored frames detected during the specified period EXAMPLE Console config interface ethernet 1 1 Console config if efm oam link monitor frame threshold 5 Console config if e...

Страница 1365: ...sets the OAM mode on the specified port Use the no form to restore the default setting SYNTAX efm oam mode active passive no efm oam mode active All OAM functions are enabled passive All OAM functions...

Страница 1366: ...of ports Range 1 28 COMMAND MODE Privileged Exec EXAMPLE Console clear efm oam counters Console RELATED COMMANDS show efm oam counters interface 1369 clear efm oam event log This command clears all e...

Страница 1367: ...to start OAM remote loop back test mode on the specified port Afterwards use the efm oam remote loopback test command page 1368 to start sending test packets Then use the efm oam remote loopback stop...

Страница 1368: ...ommand to perform an OAM remote loopback test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loopback mode...

Страница 1369: ...ification 0 0 1 1 Loopback Control 1 0 1 1 Organization Specific 76 0 Console show efm oam event log interface This command displays the OAM event log for the specified port s or for all ports that ha...

Страница 1370: ...nsole clear efm oam event log Use he clear efm oam event log command to clear the event log Console show efm oam event log interface 1 1 Console This command can show OAM dying gasp changes for link p...

Страница 1371: ...9 0 01 Console show efm oam status interface This command displays OAM configuration settings and event counters SYNTAX show efm oam status interface interface list brief interface unit port unit Unit...

Страница 1372: ...information about attached OAM enabled devices SYNTAX show efm oam status remote interface interface list interface list unit port unit Unit identifier Range 1 port Port number or list of ports To en...

Страница 1373: ...me Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 127 characters DEFAULT SETTING None Table 187 Address Table Commands Command Function Mode...

Страница 1374: ...the default domain name is not used EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list...

Страница 1375: ...75 ip name server 1377 ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use...

Страница 1376: ...ip host name address name Name of an IPv4 host Range 1 100 characters address Corresponding IPv4 address DEFAULT SETTING No static entries COMMAND MODE Global Configuration COMMAND USAGE Use the no ip...

Страница 1377: ...main name servers DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE The listed name servers are queried in the specified sequence until a response is received or the end of the list...

Страница 1378: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields DEFAULT SETTING No static entries COMMAND MODE Global Configuration...

Страница 1379: ...r host command to clear dynamic entries or the no ip host command to clear static entries EXAMPLE This example clears all dynamic entries from the DNS table Console config clear host Console config sh...

Страница 1380: ...nsole show hosts No Flag Type IP Address TTL Domain 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yaho...

Страница 1381: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address a...

Страница 1382: ...CHAPTER 43 Domain Name Service Commands 1382...

Страница 1383: ...roup Function DHCP Client Allows interfaces to dynamically acquire IP address information DHCP Relay Option 82 Relays DHCP requests from local hosts to a remote DHCP server Table 191 DHCP Client Comma...

Страница 1384: ...he default setting This command is used to identify the vendor class and configuration of the switch to the DHCP server which then uses this information to decide on how to service the client or the t...

Страница 1385: ...me address Console config interface vlan 1 Console config if ip address dhcp Console config if exit Console ip dhcp restart client Console show ip interface VLAN 1 is Administrative Up Link Up Address...

Страница 1386: ...YNTAX ipv6 dhcp restart client vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated by commas Range 1 4094 DEFAU...

Страница 1387: ...clients build a list of servers by sending a solicit message and collecting advertised message replies These servers are then ranked based on their advertised preference value If the client needs to...

Страница 1388: ...rmation for the specified interface s SYNTAX show ipv6 dhcp vlan vlan id vlan id VLAN ID specified as a single number a range of consecutive numbers separated by a hyphen or multiple numbers separated...

Страница 1389: ...erts its own IP address into the request so that the DHCP server will know the subnet where the client is located Then the switch forwards the packet to a DHCP server on another network When the serve...

Страница 1390: ...d ip address encode ascii hex mac address encode ascii hex string string no ip dhcp rely information option encode no subtype remote id ip address encode mac address encode encode no subtype Disables...

Страница 1391: ...client server exchange messages to be forwarded between the server and client without having to flood them onto the entire VLAN DHCP request packets received by the switch are handled as follows If a...

Страница 1392: ...ce connected to the requesting client and unicasts the reply packet to the client DHCP packets are flooded onto the VLAN which received them if DHCP relay service is enabled on the switch and any of t...

Страница 1393: ...e VLAN that received it instead of relaying it keep Retains the Option 82 information in the client request inserts the relay agent s address and unicasts the packet to the DHCP server replace Replace...

Страница 1394: ...tion option 1390 ip dhcp relay server 1389 ip dhcp snooping 900 show ip dhcp relay This command displays the configuration settings for DHCP relay service COMMAND MODE Privileged Exec EXAMPLE Console...

Страница 1395: ...must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway between this device and...

Страница 1396: ...efault gateway Refer to the ip default gateway command which provides the same function bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP DEFAULT SETTING DHCP COMMAND MODE Interfac...

Страница 1397: ...ss space If bootp or dhcp options are selected the system will immediately start broadcasting service requests for all VLANs configured to obtain address assignments through BOOTP or DHCP IP is enable...

Страница 1398: ...an only be successfully set when a network interface that directly connects to the gateway has been configured on the switch A gateway must be defined if the management station is located in a differe...

Страница 1399: ...255 255 0 Console RELATED COMMANDS ip address 1396 show ipv6 interface 1414 show ip traffic This command displays statistics for IP ICMP UDP TCP and ARP protocols COMMAND MODE Privileged Exec EXAMPLE...

Страница 1400: ...mp request messages timestamp reply messages source quench messages address mask request messages address mask reply messages UDP Statistics input no port errors other errors output TCP Statistics 784...

Страница 1401: ...the target device If the target device does not respond or other errors are detected the switch will indicate this by one of the following messages No Response H Host Unreachable N Network Unreachable...

Страница 1402: ...e page 1374 If necessary local devices can also be specified in the DNS static host table see page 1376 EXAMPLE Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packe...

Страница 1403: ...acket is sent to re establish the MAC address The aging time determines how long dynamic entries remain in the cache If the timeout is too short the switch may tie up resources by repeating ARP reques...

Страница 1404: ...tal entry 4 Console IPV6 INTERFACE This switch supports the following IPv6 interface commands Table 197 IPv6 Configuration Commands Command Function Mode Interface Address Configuration and Utilities...

Страница 1405: ...cs about IPv6 traffic NE PE clear ipv6 traffic Resets IPv6 traffic counters PE ping6 Sends IPv6 ICMP echo request packets to another node on the network PE traceroute6 Shows the route packets take to...

Страница 1406: ...fully set when a network interface that directly connects to the gateway has been configured on the switch EXAMPLE The following example defines a default gateway for this device Console config ipv6 d...

Страница 1407: ...ess is made with an address prefix of FE80 and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console EXAMP...

Страница 1408: ...and a host portion based the switch s MAC address in modified EUI 64 format If a duplicate address is detected a warning message is sent to the console When DHCPv6 is restarted the switch may attempt...

Страница 1409: ...se the prefix i e the network portion of the address DEFAULT SETTING No IPv6 addresses are defined COMMAND MODE Interface Configuration VLAN COMMAND USAGE The prefix must be formatted according to RFC...

Страница 1410: ...f 2A 9F 18 FF FE 1C 82 35 This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device as long as those interfaces are attached to different...

Страница 1411: ...the address prefix must be in the range of FE80 FEBF The address specified with this command replaces a link local address that was automatically generated for the interface You can configure multiple...

Страница 1412: ...is command enables IPv6 on the current VLAN interface and automatically generates a link local unicast address The address prefix uses FE80 and the host portion of the address is generated by converti...

Страница 1413: ...4 ipv6 mtu This command sets the size of the maximum transmission unit MTU for IPv6 packets sent on an interface Use the no form to restore the default setting SYNTAX ipv6 mtu size no ipv6 mtu size Sp...

Страница 1414: ...ity and configured settings for IPv6 interfaces SYNTAX show ipv6 interface brief vlan vlan id ipv6 prefix prefix length brief Displays a brief summary of IPv6 operational status and the addresses conf...

Страница 1415: ...terface Joined group address es In addition to the unicast addresses assigned to an interface a node is required to join the all nodes multicast addresses FF01 1 and FF02 1 for all IPv6 nodes within s...

Страница 1416: ...onsole show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6 141D Console ND retransmit interval The interval between IPv6 neighbor solicitation retransmi...

Страница 1417: ...equests discards no routes generated fragments fragment succeeded fragment failed ICMPv6 Statistics ICMPv6 received input errors destination unreachable messages packet too big messages time exceeded...

Страница 1418: ...n their IPv6 headers including version number mismatch other format errors hop count exceeded IPv6 options etc too big errors The number of input datagrams that could not be forwarded because their si...

Страница 1419: ...number of output datagrams which this entity received and forwarded to their final destinations In entities which do not act as IPv6 routers this counter will include only those packets which were So...

Страница 1420: ...ages The number of Redirect messages received by the interface group membership query messages The number of ICMPv6 Group Membership Query messages received by the interface group membership response...

Страница 1421: ...end redirects group membership query messages The number of ICMPv6 Group Membership Query messages sent by the interface group membership response messages The number of ICMPv6 Group Membership Respon...

Страница 1422: ...bytes COMMAND MODE Privileged Exec COMMAND USAGE Use the ping6 command to see if another site on the network can be reached or to evaluate delays over the path The same link local address may be used...

Страница 1423: ...in name server failure count The maximum number of failures before which the trace route is terminated Range 1 255 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the traceroute6 c...

Страница 1424: ...ation messages sent on an interface during duplicate address detection Use the no form to restore the default setting SYNTAX ipv6 nd dad attempts count no ipv6 nd dad attempts count The number of neig...

Страница 1425: ...changed duplicate address detection is performed on the new link local address but not for any of the IPv6 global unicast addresses already associated with the interface EXAMPLE The following configu...

Страница 1426: ...he reachability of a neighbor Therefore avoid using very short intervals for normal IPv6 operations EXAMPLE The following sets the interval between sending neighbor solicitation messages to 30000 mill...

Страница 1427: ...being sent which in turn can cause operational problems for hosts on the network This command can be used to block RAs and Router Redirect RR messages on the specified interface Determine which interf...

Страница 1428: ...es all dynamic entries in the IPv6 neighbor discovery cache COMMAND MODE Privileged Exec EXAMPLE The following deletes all dynamic entries in the IPv6 neighbor cache Console clear ipv6 neighbors Conso...

Страница 1429: ...as reachable in seconds Link layer Addr Physical layer MAC address State The following states are used for dynamic entries I1 Incomplete Address resolution is being carried out on the entry A neighbor...

Страница 1430: ...that the target still exists and updates the lifetime of the binding otherwise it deletes the binding This section describes commands used to configure ND Snooping State continued P1 Probe A reachabil...

Страница 1431: ...terface it is dropped If received on a trusted interface the switch adds an entry in the prefix table according to the Prefix Information option in the RA message The prefix table records prefix prefi...

Страница 1432: ...e includes the link layer address IPv6 address lifetime as well as the VLAN and port interface which received the message If an RA message is received in response to the original NS message indicating...

Страница 1433: ...This command sets the number of times the auto detection process sends an NS message to determine if a dynamic user binding is still valid Use the no form to restore the default setting SYNTAX ipv6 nd...

Страница 1434: ...message is received is set to the retransmit count see the ipv6 nd snooping auto detect retransmit count command x the retransmit interval Based on the default settings this is 3 seconds EXAMPLE Conso...

Страница 1435: ...t setting SYNTAX ipv6 nd snooping max binding max bindings no ipv6 nd snooping max binding max bindings The maximum number of address entries in the dynamic user binding table which can be bound to a...

Страница 1436: ...othing is added to the dynamic user binding table EXAMPLE Console config interface ethernet 1 1 Console config if ipv6 nd snooping trust Console config if clear ipv6 nd snooping binding This command c...

Страница 1437: ...g auto detection disabled ND Snooping auto detection retransmit count 3 ND Snooping auto detection retransmit interval 1 second ND Snooping is configured on the following VLANs VLAN 1 Interface Truste...

Страница 1438: ...ss prefix table SYNTAX show ipv6 nd snooping prefix interface vlan vlan id vlan id VLAN ID Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd snooping prefix Prefix entry timeout 1...

Страница 1439: ...1439 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1441 Troubleshooting on page 1445 License Information on page 1447...

Страница 1440: ...SECTION IV Appendices 1440...

Страница 1441: ...1000 Mbps at full duplex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttl...

Страница 1442: ...oping Layer 2 IPv4 IGMP Layer 3 Multicast VLAN Registration IPv4 IPv6 ADDITIONAL FEATURES BOOTP Client Connectivity Fault Management DHCP Client DNS Client Proxy ERPS Ethernet Ring Protection Switchin...

Страница 1443: ...on IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging IEEE 802 1ag Connectivity Fault Mana...

Страница 1444: ...1213 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q QinQ Tunneling IEEE 802 1ad Provider Bri...

Страница 1445: ...connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting a...

Страница 1446: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1447: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1448: ...ded that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work th...

Страница 1449: ...am is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so lon...

Страница 1450: ...you may choose any version ever published by the Free Software Foundation 11 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write...

Страница 1451: ...by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce p...

Страница 1452: ...and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard EUI Extend...

Страница 1453: ...allows switches to assign endstations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks IEEE 802 1P An IEEE standard for providing quality of servi...

Страница 1454: ...g to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members IN BAND MANAGEMENT Management of the network from a...

Страница 1455: ...is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers This process allows IGMP enabled devices to determine where to send m...

Страница 1456: ...to provide better service to selected traffic flows using features such as data prioritization queuing congestion avoidance and traffic shaping These features effectively provide preferential treatmen...

Страница 1457: ...tion protocol that uses software running on a central server to control access to TACACS compliant devices on the network TCP IP Transmission Control Protocol Internet Protocol Protocol suite that inc...

Страница 1458: ...s of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on...

Страница 1459: ...gure note 708 boot system 719 bridge ext gvrp 1126 C calendar set 761 capabilities 977 channel group 1006 class 1188 class map 1184 clear access list hardware counters 973 clear arp cache 1403 clear c...

Страница 1460: ...t period 860 dot1x timeout supp timeout 855 dot1x timeout tx period 856 E efm oam 1362 efm oam critical link event 1362 efm oam link monitor frame 1363 efm oam link monitor frame threshold 1364 efm oa...

Страница 1461: ...it 1210 ip igmp snooping unregistered data flood 1210 ip igmp snooping unsolicited report interval 1211 ip igmp snooping version 1212 ip igmp snooping version exclusive 1212 ip igmp snooping vlan gene...

Страница 1462: ...dress 1301 lldp basic tlv port description 1302 lldp basic tlv system capabilities 1303 lldp basic tlv system description 1303 lldp basic tlv system name 1304 lldp dot1 tlv proto ident 1304 lldp dot1...

Страница 1463: ...nk detection link up 886 network access link detection link up down 886 network access mac filter 881 network access max mac count 887 network access mode mac authentication 888 network access port ma...

Страница 1464: ...ates 771 show cluster members 770 show discard 984 show dns 1379 show dns cache 1380 show dos protection 944 show dot1q tunnel 1146 show dot1x 860 show efm oam counters interface 1369 show efm oam eve...

Страница 1465: ...dp config 1313 show lldp info local device 1314 show lldp info remote device 1315 show lldp info statistics 1317 show log 743 show logging 744 show logging sendmail 749 show loopback detection 1051 sh...

Страница 1466: ...ver group 784 snmp server host 779 snmp server location 776 snmp server notify filter 791 snmp server user 785 snmp server view 786 sntp client 750 sntp poll 751 sntp server 752 spanning tree 1066 spa...

Страница 1467: ...947 traffic segmentation uplink to uplink 948 transceiver monitor 990 transceiver threshold current 990 transceiver threshold rx power 992 transceiver threshold temperature 993 transceiver threshold t...

Страница 1468: ...COMMAND LIST 1468...

Страница 1469: ...Extended 355 362 958 960 IPv6 Standard 355 360 958 959 MAC 355 364 964 time range 351 762 Address Resolution Protocol See ARP address table 227 1059 aging time 231 1059 aging time displaying 231 1062...

Страница 1470: ...es management access 484 767 command line interface See CLI committed burst size QoS policy 293 294 295 1190 1191 1194 committed information rate QoS policy 293 294 295 1190 1191 1194 community string...

Страница 1471: ...R and PIR configuring response 295 1194 trTCM metering 295 1194 two rate three color meter 291 1194 violating traffic configuring response 296 1190 1191 1194 DNS default domain name 589 1375 displayin...

Страница 1472: ...filter profiles configuration 630 632 1229 filter parameters 630 632 filtering throttling 629 1227 filtering throttling configuring profile 1229 1230 filtering throttling creating profile 630 1229 fil...

Страница 1473: ...ry interval IGMP snooping 621 1215 layer 2 protocol tunnel 1150 license information 1447 Link Layer Discovery Protocol Media Endpoint Discovery See LLDP MED Link Layer Discovery Protocol See LLDP link...

Страница 1474: ...multicast static router port 637 1245 querier 634 1240 querier enabling 634 1240 query interval 635 1241 query maximum response time 635 1241 robustness value 635 1242 static port assignment 639 1246...

Страница 1475: ...552 1365 passive mode 552 1365 remote device information displaying 556 1372 remote loop back test 557 1368 setting to active mode 552 1365 setting to passive mode 552 1365 Operations Administration a...

Страница 1476: ...1346 Remote Monitoring See RMON rename DiffServ 1187 restarting the system 144 692 696 at scheduled times 144 692 showing restart time 147 697 RMON 474 795 alarm displaying settings 477 800 alarm sett...

Страница 1477: ...19 static addresses setting 229 1060 statistics ARP 1399 ICMP 1399 IP 1399 TCP 1399 UDP 1399 statistics port 160 985 STP 242 1069 Also see STA summary accounting 317 832 summer time setting 757 759 sw...

Страница 1478: ...IP subnet based 219 1157 MAC based 221 1159 mirroring 222 1017 port members displaying 1139 protocol 214 1153 protocol configuring 215 1154 1155 protocol configuring groups 215 1154 protocol interface...

Страница 1479: ......

Страница 1480: ...ES3528MV2 ES3528MV2 DC E112013 ST R03...

Отзывы:

Нет отзывов