manualshive.com logo in svg

Edge-Core ES4524M-PoE, Руководство по управлению, Страница: 122 / 560

Поделиться
Скачать
Edge-Core ES4524M-PoE Скачать руководство пользователя страница 122

Configuring the Switch

3-78

Client Security 

This switch supports many methods of segregating traffic for clients attached to 
each of the data ports, and for ensuring that only authorized clients gain access to 
the network. Private VLANs and port-based authentication using IEEE 802.1X are 
commonly used for these purposes. In addition to these methods, several other 
options of providing client security are supported by this switch. These include 
port-based authentication, which can be configured for network client access 
by specifying a fixed set of MAC addresses. The addresses assigned to DHCP 
clients can also be carefully controlled using static or dynamic bindings with the IP 
Source Guard and DHCP Snooping commands. 

This switch provides client security using the following options:

• Private VLANs – Provide port-based security and isolation between ports within the 

assigned VLAN. (See “Configuring Private VLANs” on page 3-168.)

• 802.1X – Use IEEE 802.1X port authentication to control access to specific ports. 

(See “Configuring 802.1X Port Authentication” on page 3-69.)

• Port Security – Configure secure addresses for individual ports.
• ACL - Access Control Lists provide packet filtering for IP frames (based on
• address, protocol, Layer 4 protocol port number or TCP control code) or any
• frames (based on MAC address or Ethernet type).
• IP Source Guard – Filters untrusted DHCP messages on unsecure ports by 

building and maintaining a DHCP snooping binding table. (See “IP Source Guard” 
on page 3-95.)

• DHCP Snooping – Filters IP traffic on unsecure ports for which the source address 

cannot be identified via DHCP snooping nor static source bindings. (See “DHCP 
Snooping” on page 3-88.)

Note:

The priority of execution for the filtering commands is 

Port Security, Access 

Control Lists, IP Source Guard, and then DHCP Snooping

.

Configuring Port Security

Port security is a feature that allows you to configure a switch port with one or more 
device MAC addresses that are authorized to access the network through that port.

When port security is enabled on a port, the switch stops learning new MAC 
addresses on the specified port when it has reached a configured maximum 
number. Only incoming traffic with source addresses already stored in the dynamic 
or static address table will be accepted as authorized to access the network through 
that port. If a device with an unauthorized MAC address attempts to use the switch 
port, the intrusion will be detected and the switch can automatically take action by 
disabling the port and sending a trap message.

To use port security, specify a maximum number of addresses to allow on the port 
and then let the switch dynamically learn the <source MAC address, VLAN> pair for 
frames received on the port. Note that you can also manually add secure addresses 
to the port using the Static Address Table (page 10-1). When the port has reached 

Содержание ES4524M-PoE

Страница 1: ...Powered by Accton Management Guide ES4524M PoE 24 Port Layer 2 4 Gigabit Ethernet Switch with PoE...

Страница 2: ......

Страница 3: ...Management Guide ES4524M PoE Gigabit Ethernet Switch with PoE Layer 2 4 Switch with 22 10 100 1000BASE T RJ 45 Ports and 2 Gigabit Combination Ports RJ 45 SFP...

Страница 4: ...ES4524M PoE F1 0 0 5 E012008 ST R01 149100037400A...

Страница 5: ...unity Strings for SNMP version 1 and 2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Managing System Files 2 8 Saving Configuration Settings 2 9 Configuring Power o...

Страница 6: ...ypes 3 40 Configuring SNMPv3 Management Access 3 43 Setting the Local Engine ID 3 43 Specifying a Remote Engine ID 3 44 Configuring SNMPv3 Users 3 45 Configuring Remote SNMPv3 Users 3 47 Configuring S...

Страница 7: ...ed Ports 3 107 Configuring LACP Parameters 3 110 Displaying LACP Port Counters 3 113 Displaying LACP Settings and Status for the Local Side 3 114 Displaying LACP Settings and Status for the Remote Sid...

Страница 8: ...s 3 174 Configuring the Protocol VLAN System 3 175 Link Layer Discovery Protocol 3 176 Setting LLDP Timing Attributes 3 176 Configuring LLDP Interface Attributes 3 178 Displaying LLDP Local Device Inf...

Страница 9: ...atic Multicast Groups to Interfaces 3 217 Switch Clustering 3 219 Cluster Configuration 3 219 Cluster Member Configuration 3 221 Cluster Member Information 3 222 Cluster Candidate Information 3 223 UP...

Страница 10: ...n 4 21 Frame Size Commands 4 22 jumbo frame 4 22 File Management Commands 4 23 copy 4 24 delete 4 26 dir 4 27 whichboot 4 28 boot system 4 28 Line Commands 4 29 line 4 30 login 4 30 password 4 31 time...

Страница 11: ...Commands 4 53 cluster 4 54 cluster commander 4 54 cluster ip pool 4 55 cluster member 4 56 rcommand 4 56 show cluster 4 57 show cluster members 4 57 show cluster candidates 4 57 UPnP Commands 4 58 upn...

Страница 12: ...server port 4 84 tacacs server key 4 84 show tacacs server 4 85 Web Server Commands 4 85 ip http port 4 85 ip http server 4 86 ip http secure server 4 86 ip http secure port 4 87 Telnet Server Comman...

Страница 13: ...CP Snooping Commands 4 115 ip dhcp snooping 4 115 ip dhcp snooping vlan 4 117 ip dhcp snooping trust 4 118 ip dhcp snooping verify mac address 4 119 ip dhcp snooping information option 4 120 ip dhcp s...

Страница 14: ...rity 4 153 show lacp 4 154 Mirror Port Commands 4 157 port monitor 4 157 show port monitor 4 158 Rate Limit Commands 4 159 rate limit 4 159 Power over Ethernet Commands 4 160 power mainpower maximum a...

Страница 15: ...ort priority 4 186 spanning tree protocol migration 4 186 show spanning tree 4 187 show spanning tree mst configuration 4 189 VLAN Commands 4 189 GVRP and Bridge Extension Commands 4 190 bridge ext gv...

Страница 16: ...delay 4 217 lldp admin status 4 218 lldp notification 4 218 lldp mednotification 4 219 lldp basic tlv management ip address 4 220 lldp basic tlv port description 4 221 lldp basic tlv system capabilit...

Страница 17: ...show policy map interface 4 251 Multicast Filtering Commands 4 252 IGMP Snooping Commands 4 252 ip igmp snooping 4 253 ip igmp snooping vlan static 4 253 ip igmp snooping version 4 254 ip igmp snoopi...

Страница 18: ...default gateway 4 269 ip dhcp restart 4 270 show ip interface 4 271 show ip redirects 4 271 ping 4 272 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A...

Страница 19: ...ls 3 188 Table 3 3 Mapping DSCP Priority 3 193 Table 4 1 Command Modes 4 6 Table 4 2 Configuration Commands 4 7 Table 4 3 Keystroke Commands 4 8 Table 4 4 Command Group Index 4 9 Table 4 5 General Com...

Страница 20: ...Control List Commands 4 122 Table 4 5 IP ACL Commands 4 123 Table 4 2 MAC ACL Commands 4 128 Table 4 1 ACL Information 4 132 Table 4 2 Interface Commands 4 135 Table 4 3 show interfaces switchport dis...

Страница 21: ...6 Mapping IP DSCP to CoS Values 4 241 Table 3 7 Quality of Service Commands 4 243 Table 3 8 Multicast Filtering Commands 4 252 Table 3 9 IGMP Snooping Commands 4 252 Table 3 10 IGMP Query Commands La...

Страница 22: ...xviii Tables...

Страница 23: ...ng and Configuring SMTP 3 33 Figure 3 18 Resetting the System 3 34 Figure 3 19 SNTP Configuration 3 35 Figure 3 20 Setting the Time Zone 3 36 Figure 3 21 Enabling the SNMP Agent 3 38 Figure 3 22 Confi...

Страница 24: ...t Configuration 3 111 Figure 3 59 Displaying LACP Port Counters 3 113 Figure 3 60 Displaying Local LACP Port Information 3 115 Figure 3 61 Displaying Remote LACP Port Information 3 116 Figure 3 62 Por...

Страница 25: ...re 3 94 Setting the Queue Mode 3 190 Figure 3 95 Configuring Queue Scheduling 3 191 Figure 3 96 IP DSCP Priority Status 3 192 Figure 3 97 Mapping IP DSCP Priority to Class of Service Values 3 193 Figu...

Страница 26: ...xxii Figures...

Страница 27: ...to 256 ACLs 60 rules per ACL DHCP Client Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One port mirrored to singl...

Страница 28: ...tion Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the switch and the authentication server to verify the client s right to access the netwo...

Страница 29: ...ll be throttled until the level falls back beneath the threshold Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned int...

Страница 30: ...Ns you can Eliminate broadcast storms which severely degrade performance in a flat network Simplify network management for node changes moves by remotely configuring VLAN membership for any port rathe...

Страница 31: ...formance The switch uses IGMP Snooping and Query to manage multicast group registration System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg T...

Страница 32: ...Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Span...

Страница 33: ...k 255 0 0 0 Default Gateway 0 0 0 0 DHCP Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Lo...

Страница 34: ...Introduction 1 8 1...

Страница 35: ...ct connection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol Th...

Страница 36: ...tor 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port...

Страница 37: ...d program only provides access to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Co...

Страница 38: ...agement access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in t...

Страница 39: ...are broadcast every few minutes using exponential backoff until IP configuration information is obtained from a BOOTP or DHCP server If the BOOTP or DHCP server is slow to respond the ip dhcp restart...

Страница 40: ...SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the defa...

Страница 41: ...here are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To config...

Страница 42: ...types of files are Configuration This file stores system configuration information and is created when configuration settings are saved Saved configuration files can be selected as a system start up f...

Страница 43: ...e start up configuration file using the copy command New startup configuration files must have a name specified File names on the switch are case sensitive can be from 1 to 31 characters must not cont...

Страница 44: ...e centrally managed preventing overload conditions at the power source If the power demand from devices connected to the switch exceeds the power budget setting the switch uses port power priority set...

Страница 45: ...n page 2 4 2 Set user names and passwords using an out of band serial connection Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Set...

Страница 46: ...atistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page...

Страница 47: ...visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent...

Страница 48: ...lows the transfer and copying files 3 21 Delete Allows deletion of files from the flash memory 3 21 Set Start Up Sets the start up file 3 21 Line 3 25 Console Sets console port connection parameters 3...

Страница 49: ...Security Configures per port security including status response for security breach and maximum allowed MAC addresses 3 78 802 1X Port authentication 3 69 Information Displays global configuration set...

Страница 50: ...guration Sets the output rate limit for each trunks 3 121 Port Statistics Lists Ethernet and RMON port statistics 3 122 PoE Power over Ethernet 3 127 Power Status Displays the status of global power p...

Страница 51: ...ting VLAN 3 164 Static Membership by Port Configures membership type for interfaces including tagged untagged or forbidden 3 165 Port Configuration Specifies default PVID and VLAN attributes 3 166 Tru...

Страница 52: ...efault Port Priority Sets the default priority for each port 3 186 Default Trunk Priority Sets the default priority for each trunk 3 186 Traffic Classes Maps IEEE 802 1p priority tags to output queues...

Страница 53: ...type and immediate leave status 3 216 Group Member Configuration Statically assigns MVR multicast streams to an interface 3 217 DHCP Snooping 3 88 Configuration Enables DHCP Snooping and DHCP Snooping...

Страница 54: ...Configuring the Switch 3 10 UPNP Universal Plug and Play 3 224 Configuration Configures basic UPnP parameters 3 225 Table 3 2 Main Menu Continued Menu Description Page...

Страница 55: ...Administrator responsible for the system System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address fo...

Страница 56: ...nsole config snmp server contact Geoff 4 63 Console config exit Console show system 4 19 System Description 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System OID String 1 3 6 1 4 1 259 8...

Страница 57: ...n RJ 45 ports and expansion ports Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal power supply Management Software EPLD Version Version nu...

Страница 58: ...Static Addresses on page 3 132 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to ov...

Страница 59: ...k You may also need to a establish a default gateway between the switch and management stations that exist on another network segment You can manually configure a specific IP address or direct the dev...

Страница 60: ...the IP address subnet mask and default gateway IP Address Address of the VLAN interface that is allowed management access Valid IP addresses consist of four numbers 0 to 255 separated by periods Defau...

Страница 61: ...gure 3 7 DHCP IP Configuration Note If you lose your management connection use a console connection to the switch and enter show ip interface to determine the new address CLI Specify the management in...

Страница 62: ...he switch In this case you can reboot the switch or submit a client request to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to ren...

Страница 63: ...frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two...

Страница 64: ...this switch For details see the Batch Upgrade document in this Batch Upgrade folder Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a fi...

Страница 65: ...ss of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced t...

Страница 66: ...ress of the TFTP server select config or opcode file type then enter the source and destination file names set the new file to start up the system and then restart the switch Console copy tftp file 4...

Страница 67: ...nning configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config to the running config st...

Страница 68: ...tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then...

Страница 69: ...ge 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system...

Страница 70: ...for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No pass...

Страница 71: ...interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Passwo...

Страница 72: ...ection parameters for Telnet access then click Apply Figure 3 2 Configuring the Telnet Interface CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as requ...

Страница 73: ...bles disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specif...

Страница 74: ...to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to...

Страница 75: ...e facility type and set the logging trap Console config logging host 192 168 1 15 4 41 Console config logging facility 23 4 41 Console config logging trap 4 4 42 Console config end Console show loggin...

Страница 76: ...ers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used fo...

Страница 77: ...ation Address List Specifies the email recipients of alert messages You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the l...

Страница 78: ...irm that you want to reset the switch Note When restarting the system it will always run the Power On Self Test Console config logging sendmail host 192 168 1 4 4 45 Console config logging sendmail le...

Страница 79: ...ree time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to specific time...

Страница 80: ...rs 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone...

Страница 81: ...nts This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as...

Страница 82: ...none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user defined user defined user defined user defined Community stri...

Страница 83: ...at acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the access...

Страница 84: ...ceipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is re...

Страница 85: ...vailable for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The numbe...

Страница 86: ...settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 23 Configuring SNMP Trap Ma...

Страница 87: ...bination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred t...

Страница 88: ...o it See Specifying Trap Managers and Trap Types on page 3 40 and Configuring Remote SNMPv3 Users on page 3 47 The engine ID can be specified by entering 10 to 64 hexadecimal characters If less than 6...

Страница 89: ...r noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only...

Страница 90: ...p of a user click Change Group in the Actions column of the users table and select the new group Figure 3 26 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new user name...

Страница 91: ...r for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on...

Страница 92: ...ick Delete Figure 3 27 Configuring Remote SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user mark group r d remote...

Страница 93: ...4 characters Notify View The configured view for notifications Range 1 64 characters Table 3 1 Supported Notification Messages Object Label Object ID Description RFC 1493 Traps newRoot 1 3 6 1 2 1 17...

Страница 94: ...message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be generat...

Страница 95: ...ick Delete Figure 3 28 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and w...

Страница 96: ...IB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Click...

Страница 97: ...ver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 69 Console config exit Console show snmp view 4 70 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile Row...

Страница 98: ...eb SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboa...

Страница 99: ...and passwords You can manually configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Remote Authentication Dial in User Servic...

Страница 100: ...5 Message Digest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security You can specify up to three authentication methods for any user to indicate the authentication sequence For ex...

Страница 101: ...CACS server used for authentication messages Range 1 65535 Default 49 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum lengt...

Страница 102: ...g radius server retransmit 5 4 82 Console config radius server timeout 10 4 82 Console config radius server 1 host 192 168 1 25 4 80 Console config exit Console show radius server 4 82 Remote RADIUS S...

Страница 103: ...ng to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Note...

Страница 104: ...secure site certificate enter the TFTP Server IP Address the Source Certificate File Name the Source Private File Name and the Private Password then click Copy Certificate Figure 3 31 HTTPS Settings...

Страница 105: ...r TACACS remote authentication server as specified on the Authentication Settings page page 3 55 If public key authentication is specified by the client then you must configure authentication keys on...

Страница 106: ...c If a match is found the connection is allowed Note To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually ent...

Страница 107: ...ibutes Public Key of Host Key The public key for the host RSA The first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string...

Страница 108: ...010252487896597759216832222558465238779154647980739631403 3869257931051057652122430528078658854857892726029378660892368414232759121 27603259196836970534393364384452233351882871738968945117292905108139...

Страница 109: ...ndicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus User Name The user type used for the public key pair Public Key Ty...

Страница 110: ...k Security SSH User Public Key Settings Select the user type and public key type from the drop down box enter the TFTP server IP address input the source file name and then click Copy Public Key Figur...

Страница 111: ...mber of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process Range 1 5 times Default 3 SSH Server Key Size Specifies th...

Страница 112: ...on It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 91 Console config ip ssh timeout 100 4 92 Console config ip ssh authen...

Страница 113: ...rwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the challenge but th...

Страница 114: ...l setting for 802 1X Web Click Security 802 1X Information Figure 3 35 802 1X Global Information CLI This example shows the default global setting for 802 1X Console show dot1x 4 104 Global 802 1X Par...

Страница 115: ...and authentication server These parameters are described in this section Command Attributes Port Port number Status Indicates if authentication is enabled or disabled on the port Default Disabled Ope...

Страница 116: ...quire a new client Range 1 65535 seconds Default 60 seconds Re authen Period Sets the time period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds Tx...

Страница 117: ...auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 23 disabled Single Host ForceAu...

Страница 118: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx E...

Страница 119: ...ng 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 104 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Log...

Страница 120: ...to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address range...

Страница 121: ...nt access for Telnet clients Console config management telnet client 192 168 1 19 4 107 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console show management al...

Страница 122: ...e IP Source Guard Filters untrusted DHCP messages on unsecure ports by building and maintaining a DHCP snooping binding table See IP Source Guard on page 3 95 DHCP Snooping Filters IP traffic on unsec...

Страница 123: ...ount from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 102 Command Attrib...

Страница 124: ...on a port and click Apply Figure 3 40 Configuring Port Security CLI This example sets the command mode to Port 5 sets the port security action to send a trap and disable the port and then enables por...

Страница 125: ...d on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified pac...

Страница 126: ...L Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 41 Selecting ACL Type CLI...

Страница 127: ...8 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Source Destination Addr...

Страница 128: ...ber representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal...

Страница 129: ...ing packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes throug...

Страница 130: ...xidecimal mask for source or destination MAC address VID VLAN ID Range 1 4095 VID Bit Mask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets...

Страница 131: ...he destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Binding a Port to an Access Control List After configuring the Access Control Lists ACL you can bind the ports that need to fil...

Страница 132: ...HCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port related information to a DHCP server This information can be useful in tracking an IP address...

Страница 133: ...CP packet is from a client such as a DECLINE or RELEASE message the switch forwards the packet only if the corresponding entry is found in the binding table If the DHCP packet is from a client such as...

Страница 134: ...ket Default Enabled Web Click DHCP Snooping Configuration Select the required options and click Apply Figure 3 46 DHCP Snooping Configuration CLI This example first enables DHCP Snooping and MAC addre...

Страница 135: ...ntermediate relay agent that has used the information fields to describe itself can be identified in the DHCP request packets forwarded by the switch and in reply packets sent back from the DHCP serve...

Страница 136: ...ation or replace it with the switch s relay information Command Attributes DHCP Snooping Information Option Status Enables or disables DHCP Option 82 information relay Default Disabled DHCP Snooping I...

Страница 137: ...sted state Set all other ports outside the local network or firewall to untrusted state Command Attributes Trust Status Enables or disables port as trusted Default Disabled Web Click DHCP Snooping Inf...

Страница 138: ...P Snooping DHCP Snooping Binding Information Figure 3 50 DHCP Snooping Binding Information CLI This example shows how to display the DHCP Snooping binding table entries Console config interface ethern...

Страница 139: ...tatic addresses configured in the source guard binding table If the IP source guard is enabled an inbound packet s IP address sip option or both its IP address and corresponding MAC address sip mac op...

Страница 140: ...rd Binding Configuration Adds a static addresses to the source guard binding table Table entries include a MAC address IP address lease time entry type Static Dynamic VLAN identifier and port identifi...

Страница 141: ...try is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guard binding Command Attributes Static Binding Table Counts The...

Страница 142: ...nts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table Web Click IP Source Guard Dynamic In...

Страница 143: ...d Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in u...

Страница 144: ...hows the current speed and duplex mode Auto or fixed choice Capabilities Specifies the capabilities to be advertised for a port during auto negotiation To access this item on the web see Configuring I...

Страница 145: ...or disabled Port Security Shows if port security is enabled or disabled Max MAC Count Shows the maximum number of MAC address that can be learned by a port 0 1024 addresses Port Security Action Shows...

Страница 146: ...ributes Name Allows you to label an interface Range 1 64 characters Admin Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive collisions and...

Страница 147: ...s are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operat...

Страница 148: ...ig if description RD SW 13 4 136 Console config if shutdown 4 141 Console config if no shutdown Console config if no negotiation 4 137 Console config if speed duplex 100half 4 136 Console config if fl...

Страница 149: ...one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load...

Страница 150: ...re connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port N...

Страница 151: ...s of an LACP trunk must be configured for full duplex and auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 106...

Страница 152: ...New Includes entry fields for creating new trunks Port Port identifier Range 1 24 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After yo...

Страница 153: ...nfig if lacp Console config if end Console show interfaces status port channel 1 4 143 Information of Trunk 1 Basic Information Port Type 1000T Mac Address 00 16 B6 F0 3B EF Configuration Name Port Ad...

Страница 154: ...to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be configured with the same system prio...

Страница 155: ...Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed sett...

Страница 156: ...sole config if exit Console config interface ethernet 1 8 Console config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Conso...

Страница 157: ...Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received th...

Страница 158: ...formation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be en...

Страница 159: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 154 Port Channel 1 Oper Key 120 Admin Key 0 Eth 1 3 LACPDUs Internal 30 sec LACP S...

Страница 160: ...d by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation...

Страница 161: ...ighbors Eth 1 3 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 01 F4 77 6D E0 Partner Admin Port Number 3 Partner Oper Port Number 1 Port Admin Priority 32768 Port Ope...

Страница 162: ...l then be dropped Command Usage Broadcast control does not effect IP multicast traffic The specified threshold applies to each individual port on the switch Note Multicast and unknown unicast storm th...

Страница 163: ...exit Console config broadcast packet rate 64000 4 141 Console config exit Console show interfaces switchport ethernet 1 2 4 145 Information of Eth 1 2 Broadcast Threshold Enabled 64000 Kbits second Mu...

Страница 164: ...mand Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 24 Type Allows you to select which traffic to mirror to the targ...

Страница 165: ...hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Configuration Use the rate limit configuration pages to apply rate limiti...

Страница 166: ...Table 3 7 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface including framing characters Received Unicast Packets The num...

Страница 167: ...ntegral number of octets in length but do not pass the FCS check This count does not include frames received with frame too long or frame too short error Excessive Collisions A count of frames for whi...

Страница 168: ...The number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and w...

Страница 169: ...ration 3 125 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 65 Displaying Port...

Страница 170: ...rrors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal m...

Страница 171: ...hole switch power is not supplied Ports can be set to one of three power priority levels critical high or low To control the power supply within the switch s budget ports set at critical or high prior...

Страница 172: ...lobal PoE Status CLI This example displays the current power status for the switch Console show power mainpower 4 165 Unit 1 Mainpower Status Maximum Available Power 180 watts System Operation Status...

Страница 173: ...o control the supplied power Range 37 180 watts Default 180 Watts Web Click PoE Power Config Specify the desired power budget for the switch Click Apply Figure 3 67 Setting the Switch Power Budget CLI...

Страница 174: ...e is connected to a low priority port and causes the switch to exceed its budget port power is not turned on If a device is connected to a critical or high priority port and causes the switch to excee...

Страница 175: ...Allocation Sets the power budget for the port Range 3000 15400 milliwatts Default 15400 milliwatts Web Click PoE Power Port Configuration Enable PoE power on selected ports set the priority and the po...

Страница 176: ...s are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attribut...

Страница 177: ...re forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with this inte...

Страница 178: ...method of sorting the displayed addresses and then click Query Figure 3 71 Displaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac...

Страница 179: ...s disables the function Aging Time The time after which a learned entry is discarded Range 10 630 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click App...

Страница 180: ...ce All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all o...

Страница 181: ...interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration Digest see Configuring Multiple Spanning Trees on page 3 151 An MST R...

Страница 182: ...ion message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive...

Страница 183: ...from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device...

Страница 184: ...ward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0016B6F03BEC Current Root Port 0 Current Root Cost 0 Number of Topology Changes 0 Last Topology Change Time sec 4291 Transmissio...

Страница 185: ...PDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing the...

Страница 186: ...s and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing state...

Страница 187: ...the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision12 The revision for this MSTI Range 0 65535 Default 0 Region Name The name for this MS...

Страница 188: ...Configuring the Switch 3 144 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 74 STA Global Configuration...

Страница 189: ...packets and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this po...

Страница 190: ...are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated p...

Страница 191: ...tch has accepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port Yo...

Страница 192: ...on Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without rece...

Страница 193: ...cost takes precedence over port priority Range 0 for auto configuration 1 65535 for the short path cost method14 1 200 000 000 for the long path cost method By default the system automatically detect...

Страница 194: ...address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However...

Страница 195: ...rea of your network However remember that you must configure all bridges within the same MSTI Region page 3 143 with the same set of instances and the same instance on each bridge with the same set of...

Страница 196: ...T Instance VLANs assigned this instance MST ID Instance identifier to configure Range 0 4094 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094 The other global attributes are...

Страница 197: ...rrent Root Port 7 Current Root Cost 10000 Number of Topology Changes 2 Last Topology Change Time sec 10 Transmission Limit 3 Path Cost Method Long Eth 1 1 Information Admin Status Enabled Role Designa...

Страница 198: ...displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 3 138 the settings for other instances only apply to...

Страница 199: ...icates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priorit...

Страница 200: ...n each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path co...

Страница 201: ...erently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255 VLANs ba...

Страница 202: ...me VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic V...

Страница 203: ...e same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagg...

Страница 204: ...1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 3 1 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Information page...

Страница 205: ...Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows the e...

Страница 206: ...groups created for this system Up to 255 VLAN groups can be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is...

Страница 207: ...g Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 194 Console config vlan vlan 2 name R D media ethernet state active 4 195 Console config vlan end Console show vlan 4...

Страница 208: ...he VLAN 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Trunk Trunk identifier Memb...

Страница 209: ...Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Port or trunk identifier Member VLANs for which the selected interface is a tag...

Страница 210: ...P VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group Address Registration Pr...

Страница 211: ...ved on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer16 The interval between transmitting requests queries to participate in...

Страница 212: ...ondary VLAN and with any of the promiscuous ports in the associated primary VLAN In all cases the promiscuous ports are designed to provide open access to an external network such as the Internet whil...

Страница 213: ...er traffic through promiscuous ports Then assign any promiscuous ports to a primary VLAN and any host ports a community VLAN Displaying Current Private VLANs The Private VLAN Information page displays...

Страница 214: ...Ns Primary Conveys traffic between promiscuous ports and to their community ports within secondary or community VLANs Community Conveys traffic between community ports and to their promiscuous ports i...

Страница 215: ...primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with the selected primary VLAN A community VLAN ca...

Страница 216: ...en promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A community VLAN conveys traffic between community ports and from community...

Страница 217: ...private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs If PVLAN type is Promiscuous then specify t...

Страница 218: ...The available options are IP ARP and RARP If LLC Other is chosen for the Frame Type the only available Protocol Type is IPX Raw Note Traffic which matches IP Protocol Ethernet Frames is mapped to the...

Страница 219: ...tocol VLAN System Configuration menu to map a Protocol VLAN Group to a VLAN Command Attributes Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN t...

Страница 220: ...ageout time and setting the frequency for broadcasting general advertisements or reports about changes in the LLDP MIB Command Attributes LLDP Enables LLDP globally on the switch Default Enabled Trans...

Страница 221: ...ime of a notification are included in the transmission An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification eve...

Страница 222: ...ns see Specifying Trap Managers and Trap Types on page 3 40 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exis...

Страница 223: ...ystem Capabilities The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in...

Страница 224: ...ot3 TLV parameters to advertise Console config interface ethernet 1 1 4 135 Console config if lldp admin status tx rx 4 218 Console config if lldp notification 4 218 Console config if lldp medNotifica...

Страница 225: ...ion Chassis Type MAC Address Chassis ID 00 16 B6 F0 3B EC System Name System Description 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System Capabilities Support Bridge System Capabilities...

Страница 226: ...Trunk Information Figure 3 1 LLDP Remote Port Information CLI This example displays LLDP information for remote devices attached to this switch which are advertising information through LLDP Console s...

Страница 227: ...Information Details CLI This example displays LLDP information for an LLDP enabled remote device attached to a specific port on this switch Console show lldp info remote device detail ethernet 1 1 4 2...

Страница 228: ...lays LLDP statistics received from all LLDP enabled remote devices connected directly to this switch Console show lldp info statistics 4 233 LLDP Device Statistics Neighbor Entries List Last Updated 2...

Страница 229: ...ice Statistics Details Figure 3 8 LLDP Device Statistics Details CLI This example displays detailed LLDP statistics for an LLDP enabled remote device attached to a specific port on this switch Console...

Страница 230: ...y and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blo...

Страница 231: ...le show interfaces switchport ethernet 1 3 4 145 Information of Eth 1 3 Broadcast Threshold Enabled 64 Kbits second Multicast Threshold Disabled Unknown unicast Threshold Disabled LACP Status Disabled...

Страница 232: ...applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attribute...

Страница 233: ...ing specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 4 135 C...

Страница 234: ...vents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for que...

Страница 235: ...will be polled for service and subsequently affects the response time for software applications assigned a specific priority value Command Attributes WRR Setting Table19 Displays a list of weights for...

Страница 236: ...y mapping is IP DSCP Priority and then Default Port Priority Selecting IP DSCP Priority The switch allows you to enable or disable IP DSCP priority Command Attributes Disabled Disables IP DSCP priorit...

Страница 237: ...ty and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value field...

Страница 238: ...for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class Class information ca...

Страница 239: ...l for traffic exceeding the specified rate 7 Use the Service Policy to assign a policy map to a specific interface Configuring a Class Map A class map is used for matching packets to a specified class...

Страница 240: ...the criteria specified by the lone match command Description A brief description of a class map Range 1 64 characters Add Adds the specified class Back Returns to previous page without making any chan...

Страница 241: ...it Rules to change the rules of an existing class Figure 3 98 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Con...

Страница 242: ...orts Also note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is...

Страница 243: ...licy Options Class Name Name of class map Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settin...

Страница 244: ...ch 3 200 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 99 Con...

Страница 245: ...Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from...

Страница 246: ...r the ports that want to join a multicast group and set its filters accordingly If there is no multicast router attached to the local subnet multicast traffic and query messages may not be received by...

Страница 247: ...d In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources Notes 1 When the switch is configured to use IGMPv3 snooping the snooping version may...

Страница 248: ...uerier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one...

Страница 249: ...are shown below Figure 3 101 Configuring IGMP CLI This example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 253 Console config...

Страница 250: ...ached to it Command Attributes VLAN ID ID of configured VLAN 1 4094 Immediate Leave Sets the status for immediate leave on the specified VLAN Default Disabled Web Click IGMP Snooping IGMP Immediate Le...

Страница 251: ...d to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or tho...

Страница 252: ...or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web...

Страница 253: ...Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagat...

Страница 254: ...ace in a specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attribute Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to pr...

Страница 255: ...port common multicast services over a wide part of the network without having to use any multicast routing protocol MVR maintains the user isolation and data security provided by VLAN segregation by p...

Страница 256: ...ration MVR include enabling or disabling MVR for the switch selecting the VLAN that will serve as the sole channel for common multicast streams supported by the service provider and assigning the mult...

Страница 257: ...that will stream traffic to attached hosts and then click Apply Figure 3 107 MVR Global Configuration CLI This example first enables IGMP snooping enables MVR globally and then configures a range of M...

Страница 258: ...subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or disabled Tr...

Страница 259: ...groups assigned to the MVR VLAN Group Port List Shows the interfaces with subscribers for multicast services provided through the MVR VLAN Web Click MVR Group IP Information Figure 3 109 MVR Group IP...

Страница 260: ...faces on page 3 217 Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave i...

Страница 261: ...that will run for a long term and be associated with a stable set of hosts you can statically bind the multicast group to the participating interfaces Command Usage Any multicast groups that use the M...

Страница 262: ...to the selected interface Web Click MVR Group Member Configuration Select a port or trunk from the Interface field and click Query to display the assigned multicast groups Select a multicast address...

Страница 263: ...nection to the Commander From the Commander CLI prompt use the rcommand command see page 4 56 to connect to the Member switch Cluster Configuration To create a switch cluster first be sure that cluste...

Страница 264: ...ome Members Web Click Cluster Configuration Figure 3 112 Cluster Configuration CLI This example first enables clustering on the switch sets the switch as the cluster Commander and then configures the...

Страница 265: ...C Address Select a discovered switch MAC address from the Candidate Table or enter a specific MAC address of a known switch Web Click Cluster Member Configuration Figure 3 113 Cluster Member Configura...

Страница 266: ...IP address assigned to the Member switch MAC Address The MAC address of the Member switch Description The system description string of the Member switch Web Click Cluster Member Information Figure 3...

Страница 267: ...k MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 115 Cluster Candidate Informati...

Страница 268: ...next step is to learn more about the device and its capabilities by retrieving the device s description from the URL provided by the device in the discovery message After a control point has retrieved...

Страница 269: ...ime to live TTL value for UPnP messages transmitted by this device Range 1 255 Default 4 Web Click UPNP Configuration and enter the desired variables Figure 3 116 UPnP Configuration CLI This example e...

Страница 270: ...Configuring the Switch 3 226...

Страница 271: ...ole prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec...

Страница 272: ...he Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that y...

Страница 273: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Страница 274: ...og Login records logging Logging setting mac MAC access list mac address table Configuration of the address table management Show management information map Maps priority mvr Show mvr interface inform...

Страница 275: ...o the default value For example the logging command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applica...

Страница 276: ...console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited number of the com...

Страница 277: ...and databits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple...

Страница 278: ...config vlan 4 194 Console config interface ethernet 1 5 Console config if exit Console config Table 4 3 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shift...

Страница 279: ...terface Configures the connection parameters for all Ethernet ports aggregated links and VLANs 4 135 Link Aggregation Statically groups multiple ports into a single logical trunk configures Link Aggre...

Страница 280: ...Command Modes on page 4 6 Syntax enable level level Privilege level to log into the device The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec Enter level 15 to access Priv...

Страница 281: ...word 4 77 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gai...

Страница 282: ...6 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 14 show history This command shows the contents of the command history buffer Default Setting None Command Mode Norm...

Страница 283: ...Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Us...

Страница 284: ...he Interface Configuration mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to r...

Страница 285: ...es this switch 4 15 System Status Displays system configuration active managers and version information 4 16 Frame Size Enables support for jumbo frames 4 22 File Management Manages code image or swit...

Страница 286: ...d Exec Command Usage Use this command in conjunction with the show running config command to compare the information in running memory to the information stored in non volatile memory Console config h...

Страница 287: ...figured for the switch Spanning tree settings Interface settings Any configured settings for the console port and Telnet Example Related Commands show running config 4 18 Console show startup config b...

Страница 288: ...ands This command displays the following information SNTP server settings SNMP community strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configurati...

Страница 289: ...ommunity public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 08...

Страница 290: ...tion 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System OID String 1 3 6 1 4 1 259 8 1 7 System Information System Up Time 0 days 0 hours 7 minutes and 48 43 seconds System Name NONE Syste...

Страница 291: ...ge Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168...

Страница 292: ...ncapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switch...

Страница 293: ...settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded to restore switch settings The configuration file can be downloaded under a new file na...

Страница 294: ...yword that allows you to copy to from a TFTP server https certificate Keyword that allows you to copy an HTTPS secure site certificate from an TFTP server to the switch public key Keyword that allows...

Страница 295: ...ollowing example shows how to upload the configuration settings to a file on the TFTP server The following example shows how to copy the running configuration to a startup file Console copy tftp file...

Страница 296: ...guration file or image name Default Setting None Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup Startup configuration file name startup Write...

Страница 297: ...m Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the file or image If this file exists but contains errors information on...

Страница 298: ...rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or...

Страница 299: ...password checking at login LC 4 30 password Specifies a password on a line LC 4 31 timeout login response Sets the interval that the system waits for a login attempt LC 4 32 exec timeout Sets the int...

Страница 300: ...screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Comm...

Страница 301: ...selects no authentication When using this method the management interface starts in Normal Exec NE mode This command controls login authentication via the switch itself To configure user names and pas...

Страница 302: ...to manually configure encrypted passwords Example Related Commands login 4 30 password thresh 4 33 timeout login response This command sets the interval that the system waits for a user to log into th...

Страница 303: ...sion is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifyi...

Страница 304: ...ter this command Related Commands silent time 4 34 silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the t...

Страница 305: ...mand can be used to mask the high bit on input from devices that generate 7 data bits with parity If parity is being generated specify 7 data bits per character If no parity is required specify 8 data...

Страница 306: ...nd Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port...

Страница 307: ...Use this command to terminate an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privile...

Страница 308: ...Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console show line Console Configuration Password Threshold 3 times Interactive Ti...

Страница 309: ...to control the type of error messages that are sent to specified syslog servers Example Related Commands logging history 4 40 logging trap 4 42 clear log 4 42 Table 4 13 Event Logging Commands Comman...

Страница 310: ...ode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 14 Logging Levels Level...

Страница 311: ...he facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog se...

Страница 312: ...ting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this comm...

Страница 313: ...Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 and the message...

Страница 314: ...OTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console Table 4 16 show...

Страница 315: ...specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection Console show log ram 1 00 01 3...

Страница 316: ...40 Messages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshol...

Страница 317: ...The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages How...

Страница 318: ...endmail Console config Console show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this c...

Страница 319: ...ds the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues...

Страница 320: ...e updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via t...

Страница 321: ...time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours...

Страница 322: ...u have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec S...

Страница 323: ...es using the cluster s internal IP addresses Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled switches in the network These Candidate switch...

Страница 324: ...et the switch as a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to switches when they become Members and ar...

Страница 325: ...address for IP addresses assigned to cluster Members The IP address must start 10 x x x Default Setting 10 254 254 1 Command Mode Global Configuration Command Usage An internal IP address pool is used...

Страница 326: ...nd Usage The maximum number of cluster Members is 36 The maximum number of switch Candidates is 100 Example rcommand This command provides access to a cluster Member CLI for configuration Syntax rcomm...

Страница 327: ...s command shows the discovered Candidate switches in the network Command Mode Privileged Exec Console rcommand id 1 CLI session with the SMC8124PL2 is opened To end the CLI session enter Exit Console...

Страница 328: ...nd the web management interface accessed upnp device This command enables UPnP on the device Use the no form to disable UPnP Syntax no upnp device Default Setting Enabled Command Mode Global Configura...

Страница 329: ...is within the TTL value for multicast messages Example In the following example sets the TTL to 6 hops upnp device advertise duration This command sets the duration for which the switch will advertise...

Страница 330: ...uthentication and privacy passwords Console show upnp UPnP global settings Status Enabled Advertise duration 200 TTL 20 Console Table 4 21 SNMP Commands Command Function Mode Page snmp server Enables...

Страница 331: ...communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and out...

Страница 332: ...ts rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Console show snmp SNMP Agent Enabled SNMP Traps Authentication Enabled Link up down En...

Страница 333: ...erver contact This command sets the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contact string String that describes...

Страница 334: ...ress of the host the targeted recipient Maximum host addresses 5 recipient destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for v...

Страница 335: ...host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp se...

Страница 336: ...terpreted as an SNMP user name If you use the V3 auth or priv options the user name must first be defined with the snmp server user command Otherwise the authentication password and or privacy passwor...

Страница 337: ...k up and link down traps are legacy notifications and therefore when used for SNMP Version 3 hosts they must be enabled in conjunction with the corresponding entries in the Notify View assigned by the...

Страница 338: ...ine ID before you can send proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 0123456789 is equivalent to 0123456789 followed...

Страница 339: ...command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includes the MI...

Страница 340: ...nsole show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type nonvolatile Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type nonvola...

Страница 341: ...w for notifications 1 64 characters Default Setting Default groups public22 read only private23 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is define...

Страница 342: ...ew Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status...

Страница 343: ...cation md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight cha...

Страница 344: ...remote agent s SNMP engine ID before you can send proxy requests or informs to it Example show snmp user This command shows information on SNMP users Command Mode Privileged Exec Example Console confi...

Страница 345: ...ith an SNMP engine on a remote device Table 4 26 Authentication Commands Command Group Function Page User Accounts Configures the basic user names and passwords for management access 4 75 Authenticati...

Страница 346: ...assword password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The factor...

Страница 347: ...8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null passwor...

Страница 348: ...t packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pai...

Страница 349: ...lso note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication as...

Страница 350: ...es host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters auth_port RADIUS server UDP port used for authentication messages Range 1 65535 timeout Number o...

Страница 351: ...er key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon...

Страница 352: ...r timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radi...

Страница 353: ...efault Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Console show radius server Remote RADIUS Server Configu...

Страница 354: ...fault Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no t...

Страница 355: ...t number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Console config tacacs server key green Console config Console show tacacs server Remote TACACS server configu...

Страница 356: ...d Mode Global Configuration Example Related Commands ip http port 4 85 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providin...

Страница 357: ...a Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 58...

Страница 358: ...ies the TCP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet se...

Страница 359: ...ver Console config ip telnet server Console config ip telnet port 123 Console config Table 4 35 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4...

Страница 360: ...current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA key 1024 35 1341081685609893921040944920155425347631641921872958921143173880...

Страница 361: ...gorithm is supported by the switch it notifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to...

Страница 362: ...120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase...

Страница 363: ...guration Example Related Commands show ip ssh 4 96 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key siz...

Страница 364: ...1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 client...

Страница 365: ...mand clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Ex...

Страница 366: ...ample Console ip ssh save host key dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Conn...

Страница 367: ...on the Digital Signature Standard DSS and the last string is the encoded modulus Username The user name of the client Encryption The encryption method is automatically negotiated between the client an...

Страница 368: ...rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 w0W Console Table 4 37 802 1X Po...

Страница 369: ...port settings to their default values Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity pack...

Страница 370: ...ration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to single host...

Страница 371: ...e dot1x re authenticate This command forces re authentication on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit Stack unit Always unit 1 por...

Страница 372: ...client is re authenticated after the interval specified by the dot1x timeout re authperiod command The default is 3600 seconds Example Related Commands dot1x timeout re authperiod 4 103 dot1x timeout...

Страница 373: ...od This command sets the time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x tim...

Страница 374: ...control mode page 4 100 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items reau...

Страница 375: ...te including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State...

Страница 376: ...st Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 reauth enabled Enable reauth period 3600 quiet period 60 tx period 30 supplicant timeout 30 server timeout 10...

Страница 377: ...ement interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be confi...

Страница 378: ...snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Console co...

Страница 379: ...has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action b...

Страница 380: ...Status Disabled Action None Maximum Addresses 0 Command Mode Interface Configuration Ethernet Command Usage If you enable port security the switch stops learning new MAC addresses on the specified por...

Страница 381: ...command configures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address Use the no form to disable this function Syntax no ip source guard s...

Страница 382: ...ally configured with an infinite lease time Dynamic entries learned via DHCP snooping are configured by the DHCP server itself static entries include a manually configured lease time If the IP source...

Страница 383: ...Range 1 24 Default Setting No configured entries Command Mode Global Configuration Command Usage Table entries include a MAC address IP address lease time entry type Static IP SG Binding Dynamic DHCP...

Страница 384: ...hcp snooping vlan 4 117 show ip source guard This command shows whether source guard is enabled or disabled on each interface Command Mode Privileged Exec Example show ip source guard binding This com...

Страница 385: ...168 0 99 0 Static 1 Eth 1 5 Console Table 4 3 DHCP Snooping Commands Command Function Mode Page ip dhcp snooping Enables DHCP snooping globally GC 4 115 ip dhcp snooping vlan Enables DHCP snooping on...

Страница 386: ...ly and also enabled on the VLAN where the DHCP packet is received all DHCP packets are forwarded for a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also a...

Страница 387: ...ple enables DHCP snooping globally for the switch Related Command ip dhcp snooping vlan 4 117 ip dhcp snooping trust 4 118 ip dhcp snooping vlan This command enables DHCP snooping on the specified VLA...

Страница 388: ...usted interface is an interface that is configured to receive messages from outside the network or firewall Set all ports connected to DHCP servers within the local network or firewall to trusted and...

Страница 389: ...mac address Default Setting Enabled Command Mode Global Configuration Command Usage If MAC address verification is enabled and the source MAC address in the Ethernet header of the packet is not same a...

Страница 390: ...onnected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire VLAN DHCP snooping...

Страница 391: ...elay agent itself insert the relay agent s address when DHCP snooping is enabled and unicast the packet to the DHCP server Default Setting replace Command Mode Global Configuration Command Usage When...

Страница 392: ...obal DHCP Snooping status disable DHCP Snooping Information Option Status disable DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Addres...

Страница 393: ...mand Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To crea...

Страница 394: ...are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0...

Страница 395: ...A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a spe...

Страница 396: ...to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example acc...

Страница 397: ...access group acl_name in out acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Eth...

Страница 398: ...t and enters MAC ACL configuration mode Use the no form to remove the specified ACL Syntax no access list mac acl_name acl_name Name of the ACL Maximum length 16 characters Default Setting None Consol...

Страница 399: ...urce or destination address i e physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination dest...

Страница 400: ...sk Range 1 4093 protocol A specific Ethernet protocol number Range 600 fff hex protocol bitmask Protocol bitmask Range 600 fff hex Default Setting None Command Mode MAC ACL Command Usage New rules are...

Страница 401: ..._name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A...

Страница 402: ...n Command Function Mode Page show access list Shows all ACLs and associated rules PE 4 132 show access group Shows the ACLs assigned to each port PE 4 133 Console show access list IP standard access l...

Страница 403: ...s 4 133 4 show access group This command shows the port assignments of ACLs Command Mode Privileged Executive Example Console show access group Interface ethernet 1 25 IP standard access list david MA...

Страница 404: ...Command Line Interface 4 134 4...

Страница 405: ...guration IC 4 136 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 136 negotiation Enables autonegotiation of a given interface IC 4 13...

Страница 406: ...The following example adds a description to port 24 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the...

Страница 407: ...disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed d...

Страница 408: ...the port capabilities of a given interface during autonegotiation Use the no form with parameters to remove an advertised capability or the no form without parameters to restore the default values Sy...

Страница 409: ...to 100half 100full and flow control Related Commands negotiation 4 137 speed duplex 4 136 flowcontrol 4 139 flowcontrol This command enables flow control Use the no form to disable flow control Synta...

Страница 410: ...a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The following example enables flow control on port 5 Related Commands nego...

Страница 411: ...asons Example The following example disables port 5 switchport packet rate This command configures broadcast and multicast and unknown unicast storm control Use the no form to restore the default sett...

Страница 412: ...at 600 kilobits per second clear counters This command clears statistics on an interface Syntax clear counters interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1...

Страница 413: ...Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 8 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec...

Страница 414: ...0T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full Broadcast Storm Enabled Broadcast Storm Limit 64 Kbits second Mu...

Страница 415: ...Input 0 Discard Output 0 Error Input 0 Error Output 0 Unknown Protos Input 0 QLen Output 0 Extended Iftable Stats Multi cast Input 178 Multi cast Output 14715 Broadcast Input 607 Broadcast Output 4 E...

Страница 416: ...pression is enabled or disabled if enabled it also shows the threshold level page 4 141 Multicast Threshold Shows if multicast storm suppression is enabled or disabled if enabled it also shows the thr...

Страница 417: ...201 Private VLAN Mode Shows the private VLAN mode as host promiscuous or none Private VLAN Host association Shows the secondary or community VLAN with which this port is associated Private VLAN Mappin...

Страница 418: ...Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP system priority Ports must have the same port admin key Ethe...

Страница 419: ...isabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation A trunk formed with another switch u...

Страница 420: ...AG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 10 Console config if lacp Console config if...

Страница 421: ...y Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate...

Страница 422: ...LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority mat...

Страница 423: ...cates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port...

Страница 424: ...er Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 4 5 show lacp counters display description Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this c...

Страница 425: ...ate Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this l...

Страница 426: ...igned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partne...

Страница 427: ...8F 2C A7 2 32768 00 30 F1 8F 2C A7 3 32768 00 30 F1 8F 2C A7 4 32768 00 30 F1 8F 2C A7 5 32768 00 30 F1 8F 2C A7 6 32768 00 30 F1 8F 2C A7 7 32768 00 30 F1 D4 73 A0 8 32768 00 30 F1 D4 73 A0 9 32768 0...

Страница 428: ...affic may be dropped from the monitor port You can create multiple mirror sessions but all sessions must share the same destination port However you should avoid sending too much traffic to the destin...

Страница 429: ...c is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to res...

Страница 430: ...a power budget for the switch i e the power available to all switch ports Use the no form to restore the default setting Syntax power mainpower maximum allocation watts watts The power budget for the...

Страница 431: ...ault Setting Disabled Command Mode Global Configuration Command Usage The switch automatically detects attached PoE devices by periodically transmitting test voltages that over the 10 100BASE TX ports...

Страница 432: ...utomatically supplied when a device is detected on the port providing that the power demanded does not exceed switch s power budget Example Console config power inline compatible Console config end Co...

Страница 433: ...ice is connected to a switch port and the switch detects that it requires more than the maximum power allocated to the port no power is supplied to the device i e port power remains off Example power...

Страница 434: ...le Related Commands power mainpower maximum allocation 4 160 show power inline status This command displays the current power status for all ports or for specific ports Syntax show power inline status...

Страница 435: ...lliwatts Priority The port s power priority setting see power inline priority on page 4 163 Console show power mainpower Unit 1 Mainpower Status Maximum Available Power 180 watts System Operation Stat...

Страница 436: ...er Range 1 24 port channel channel id Range 1 8 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No stat...

Страница 437: ...ommand Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entr...

Страница 438: ...bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example mac address...

Страница 439: ...r MSTP mode GC 4 171 spanning tree forward time Configures the spanning tree bridge forward time GC 4 172 spanning tree hello time Configures the spanning tree bridge hello time GC 4 173 spanning tree...

Страница 440: ...Disables spanning tree for an interface IC 4 179 spanning tree cost Configures the spanning tree path cost of an interface IC 4 180 spanning tree port priority Configures the spanning tree priority of...

Страница 441: ...re implemented on a network the path between specific VLAN members may be inadvertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend select...

Страница 442: ...ures the spanning tree bridge forward time globally for this switch Use the no form to restore the default Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in secon...

Страница 443: ...al in seconds at which the root device transmits a configuration message Example Related Commands spanning tree forward time 4 172 spanning tree max age 4 173 spanning tree max age This command config...

Страница 444: ...is command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no spanning tree priority priority Priority of t...

Страница 445: ...Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports w...

Страница 446: ...LAN parameters to remove all VLANs Syntax no mst instance_id vlan vlan range instance_id Instance identifier of the spanning tree Range 0 4094 vlan range Range of VLANs Range 1 4093 Default Setting no...

Страница 447: ...y priority no mst instance_id priority instance_id Instance identifier of the spanning tree Range 0 4094 priority Priority of the a spanning tree instance Range 0 61440 in steps of 4096 Options 0 4096...

Страница 448: ...same region must be configured with the same MST instances Example Related Commands revision 4 178 revision This command configures the revision number for this multiple spanning tree configuration of...

Страница 449: ...tree instance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decremen...

Страница 450: ...nterface ethernet 1 5 Console config if spanning tree spanning disabled Console config if 26 Use the spanning tree pathcost method command on page 4 175 to set the path cost method Table 4 3 Recommend...

Страница 451: ...higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 175 is set to short the maximum value for path cost is 65...

Страница 452: ...onfiguration Ethernet Port Channel Command Usage You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot ca...

Страница 453: ...tate changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also overcome other STA related timeout pr...

Страница 454: ...cify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection is selected the sw...

Страница 455: ...ed to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 The defa...

Страница 456: ...face in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link in the...

Страница 457: ...ree interface mst instance_id interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 8 instance_id Instance identifier of the multiple spannin...

Страница 458: ...ay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0013F7123456 Current Root Port 25 Current Root Cost 5000 Number of Top...

Страница 459: ...iguration Name R D Revision Level 0 Instance VLANs 0 2 4094 1 1 Console Table 4 1 VLAN Commands Command Groups Function Page GVRP and Bridge Extension Configures GVRP settings that permit automatic VL...

Страница 460: ...o exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond...

Страница 461: ...enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridge ext Max...

Страница 462: ...command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall...

Страница 463: ...Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 193 show garp timer This...

Страница 464: ...N settings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the...

Страница 465: ...Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id...

Страница 466: ...interface configuration mode for a specified VLAN IC 4 196 switchport mode Configures VLAN membership mode for an interface IC 4 197 switchport acceptable frame types Configures frame types to be acc...

Страница 467: ...ociated with the PVID are also transmitted as tagged frames Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Example...

Страница 468: ...led Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs f...

Страница 469: ...is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as a...

Страница 470: ...has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when...

Страница 471: ...signate a range of IDs Do not enter leading zeros Range 1 4093 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Страница 472: ...mation for VLAN 1 Table 4 3 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 202 show interfaces status vlan Displays status for the specified VLAN inter...

Страница 473: ...e community groups 2 Use the private vlan association command to map the community VLAN s to the primary VLAN 3 Use the switchport mode private vlan command to configure ports as promiscuous i e havin...

Страница 474: ...Ns and other locations Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same community VLAN and channel traffic passing...

Страница 475: ...for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources o...

Страница 476: ...ssociation secondary vlan id ID of secondary i e community VLAN Range 1 4093 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports a...

Страница 477: ...communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN...

Страница 478: ...low these steps 1 First configure VLAN groups for the protocols you want to use page 4 195 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network...

Страница 479: ...he following creates protocol group 1 and specifies Ethernet frames with IP and ARP protocol types protocol vlan protocol group vlan This command maps a protocol group to a VLAN for the current interf...

Страница 480: ...mple maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2 show protocol vlan protocol group This command shows the frame and protocol type associate...

Страница 481: ...the VLANs mapped to a protocol group Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console...

Страница 482: ...nd Function Mode Page lldp Enables LLDP globally on the switch GC 4 214 lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC 4 214 lldp medFastStartCount Confi...

Страница 483: ...t to advertise its Power over Ethernet capabilities IC 4 226 lldp medtlv extpoe Configures an LLDP MED enabled port to advertise its extended Power over Ethernet configuration and usage information IC...

Страница 484: ...rm to restore the default setting Syntax lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on holdtime multiplier refresh interval 65536 Range 2 10 D...

Страница 485: ...tive for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service Example lldp notification interval This comma...

Страница 486: ...sChange notification events missed due to throttling or transmission loss Example lldp refresh interval This command configures the periodic transmit interval for LLDP advertisements Use the no form t...

Страница 487: ...all information in the remote systems LLDP MIB associated with this port is deleted Example lldp tx delay This command configures a delay time between the successive transmission of advertisements in...

Страница 488: ...no lldp admin status rx only Only receive LLDP PDUs tx only Only transmit LLDP PDUs tx rx Both transmit and receive LLDP Protocol Data Units PDUs Default Setting tx rx Command Mode Interface Configur...

Страница 489: ...enables the transmission of SNMP trap notifications about LLDP MED changes Use the no form to disable LLDP MED notifications Syntax no lldp mednotification Default Setting Enabled Command Mode Interf...

Страница 490: ...ess and an object identifier indicating the type of hardware component or protocol entity associated with this address The interface number and OID are included to assist SNMP applications perform net...

Страница 491: ...lldp basic tlv system capabilities This command configures an LLDP enabled port to advertise its system capabilities Use the no form to disable this feature Syntax no lldp basic tlv system capabiliti...

Страница 492: ...ing system and networking software Example lldp basic tlv system name This command configures an LLDP enabled port to advertise the system name Use the no form to disable this feature Syntax no lldp b...

Страница 493: ...igures an LLDP enabled port to advertise port related VLAN information Use the no form to disable this feature Syntax no lldp dot1 tlv proto vid Default Setting Enabled Command Mode Interface Configur...

Страница 494: ...199 Example lldp dot1 tlv vlan name This command configures an LLDP enabled port to advertise its VLAN name Use the no form to disable this feature Syntax no lldp dot1 tlv vlan name Default Setting E...

Страница 495: ...tly a link aggregation member Example lldp dot3 tlv mac phy This command configures an LLDP enabled port to advertise its MAC and physical layer capabilities Use the no form to disable this feature Sy...

Страница 496: ...led port to advertise its Power over Ethernet PoE capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv power via mdi Default Setting Disabled Command Mode Interface Configurati...

Страница 497: ...erating from primary or backup power the Endpoint Device could use this information to decide to enter power conservation mode Note that this device does not support PoE capabilities Example lldp medt...

Страница 498: ...nfigures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disable this feature Syntax no lldp medtlv med cap Default Setting Enabled Command Mode Interfa...

Страница 499: ...ation mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example show lldp config This command shows LLDP configu...

Страница 500: ...us NotificationEnabled Eth 1 1 Tx Rx True Eth 1 2 Tx Rx True Eth 1 3 Tx Rx True switch show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin Status Tx Rx Notification...

Страница 501: ...ess Chassis ID 00 16 B6 F0 3B EC System Name System Description 24 port 10 100 1000 2 port mini GBIC Gigabit PoE Switch System Capabilities Support Bridge System Capabilities Enable Bridge Management...

Страница 502: ...Command Mode Privileged Exec Example Console show lldp info remote device LLDP Remote Devices Information Interface ChassisId PortId SysName Eth 1 1 00 01 02 03 04 05 00 01 02 03 04 06 Console show l...

Страница 503: ...ileged Exec Example Consold show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 978725 seconds New Neighbor Entries Count 0 Neighbor Entries Deleted Count 0 Neighbor En...

Страница 504: ...ic in the higher priority queues before servicing lower priority queues wrr Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for queues 0 3 respectively Ta...

Страница 505: ...command sets a priority for incoming untagged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority...

Страница 506: ...round robin WRR weights to the eight class of service CoS priority queues Use the no form to restore the default weights Syntax queue bandwidth weight1 weight4 no queue bandwidth weight1 weight4 The...

Страница 507: ...arated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Ro...

Страница 508: ...th This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Console config interface ethernet 1 1 Console...

Страница 509: ...ethernet unit port unit Stack unit Range 1 port Port number Range 1 24 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID...

Страница 510: ...ax no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP DSCP and default switchport priority Example The following example...

Страница 511: ...ode Interface Configuration Ethernet Port Channel Command Usage The precedence for priority mapping is IP DSCP and default switchport priority DSCP priority values are mapped to default Class of Servi...

Страница 512: ...rt number Range 1 24 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 240 map ip dscp Interface Configura...

Страница 513: ...et command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce...

Страница 514: ...lass map class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter the...

Страница 515: ...Map configuration mode Then use the match command to specify the fields within ingress packets that must match to qualify for this class map Up to 16 match commands are permitted per class map Example...

Страница 516: ...a Class Map page 4 246 before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command...

Страница 517: ...y the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the bu...

Страница 518: ...is lower burst byte Burst in bytes Range 64 524288 bytes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of p...

Страница 519: ...policy map name input Apply to the input traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode...

Страница 520: ...S policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name N...

Страница 521: ...hernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 port channel channel id Range 1 8 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_clas...

Страница 522: ...nd group members 4 252 IGMP Query Configures IGMP query parameters for multicast filtering 4 256 Static Multicast Routing Configures static multicast router ports 4 260 Multicast VLAN Registration Con...

Страница 523: ...no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit...

Страница 524: ...port Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The fo...

Страница 525: ...ice either a service host or a neighbor running IGMP snooping This command is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is used Example show ip igmp snooping This comman...

Страница 526: ...rough IGMP snooping for VLAN 1 IGMP Query Commands Layer 2 This section describes commands used to configure Layer 2 IGMP query on the switch Console show mac address table multicast vlan 1 igmp snoop...

Страница 527: ...ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default...

Страница 528: ...ange 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max response time This c...

Страница 529: ...ip igmp snooping query max response time 4 258 ip igmp snooping router port expire time This command configures the query timeout Use the no form to restore the default Syntax ip igmp snooping router...

Страница 530: ...ed Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multic...

Страница 531: ...nt to all subscribers This can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN Also note that MVR maintains...

Страница 532: ...up command to statically configure all multicast group addresses that will join an MVR VLAN Any multicast data associated with an MVR group is sent from all source ports and to all receiver ports that...

Страница 533: ...ceiver Configures the interface as a subscriber port that can receive multicast data source Configure the interface as an uplink port that can send and receive multicast data for the configured multic...

Страница 534: ...o another receiver port mvr immediate This command causes the switch to immediately removes an interface from a multicast stream as soon as it receives a leave message for that group Use the no form t...

Страница 535: ...wing shows the global MVR settings Console config interface ethernet 1 5 Console config if mvr immediate Console config if Console show mvr MVR Status enable MVR running status TRUE MVR multicast vlan...

Страница 536: ...eth1 1 SOURCE ACTIVE UP Disable eth1 2 RECEIVER ACTIVE UP Disable eth1 5 RECEIVER INACTIVE DOWN Disable eth1 6 RECEIVER INACTIVE DOWN Disable eth1 7 RECEIVER INACTIVE DOWN Disable Console Table 4 1 s...

Страница 537: ...MVR Group IP Status Members 225 0 0 1 ACTIVE eth1 1 d eth1 2 s 225 0 0 2 INACTIVE None 225 0 0 3 INACTIVE None 225 0 0 4 INACTIVE None 225 0 0 5 INACTIVE None 225 0 0 6 INACTIVE None 225 0 0 7 INACTIV...

Страница 538: ...address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets bootp Obtains IP address from BOOTP dhcp Obtains IP address f...

Страница 539: ...1 This defines the management VLAN the only VLAN through which you can gain management access to the switch If you assign an IP address to any other VLAN the new IP address overrides the original IP...

Страница 540: ...CP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DH...

Страница 541: ...71 show ip redirects This command shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 4 269 Console show...

Страница 542: ...nse The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The...

Страница 543: ...estination port Rate Limits Input Limit Output limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Pro...

Страница 544: ...NMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1D Spanning Tree Protocol and traffic priorities IEEE 80...

Страница 545: ...nterface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 3636 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private...

Страница 546: ...Software Specifications A 4 A...

Страница 547: ...um number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of...

Страница 548: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 549: ...Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding T...

Страница 550: ...tations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC brid...

Страница 551: ...ast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership In Band Man...

Страница 552: ...within the subnet and to national time standards via wire or radio Out of Band Management Management of the network from a station not attached to the network Port Authentication See IEEE 802 1X Port...

Страница 553: ...fers network management services Simple Network Time Protocol SNTP SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol NTP server Updates can be reque...

Страница 554: ...that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share...

Страница 555: ...CoS configuring 3 186 3 194 4 234 4 243 DSCP 3 192 4 240 layer 3 4 priorities 3 192 4 240 queue mapping 3 188 4 237 queue mode 3 190 4 234 traffic class weights 3 191 4 236 D default gateway configur...

Страница 556: ...4 80 RADIUS server 3 55 4 80 TACACS client 3 55 4 83 TACACS server 3 55 4 83 logon authentication sequence 3 56 4 78 4 79 M main menu 3 4 Management Information Bases MIBs A 3 media type 3 103 mirror...

Страница 557: ...9 remote logging 4 42 restarting the system 4 13 RSTP 3 136 4 171 global configuration 3 138 4 171 S secure shell 3 61 4 89 Secure Shell configuration 3 61 4 92 4 93 security client 3 78 serial port c...

Страница 558: ...unicast storm threshold 4 141 upgrading software 3 21 4 24 UPnP configuration 3 224 user password 3 54 4 76 4 77 V VLANs 3 157 4 189 4 205 adding static members 3 164 3 165 4 200 creating 3 162 4 195...

Страница 559: ......

Страница 560: ...ES4524M PoE E012008 ST R01 149100037400A...

Отзывы:

Нет отзывов