Edge-Core ES4626F Скачать руководство пользователя страница 483 | Manualshive

Страница: 483 / 792

background image

Secure Shell Commands

25-17

25

stored on the switch can access it. The following exchanges take place during
this process:

Authenticating SSH v1.5 Clients

a. The client sends its RSA public key to the switch.
b. The switch compares the client's public key to those stored in memory.
c. If a match is found, the switch uses its secret key to generate a random

256-bit string as a challenge, encrypts this string with the user’s public key,
and sends it to the client.

d. The client uses its private key to decrypt the challenge string, computes the

MD5 checksum, and sends the checksum back to the switch.

e. The switch compares the checksum sent from the client against that

computed for the original string it sent. If the two checksums match, this
means that the client's private key corresponds to an authorized public key,
and the client is authenticated.

Authenticating SSH v2 Clients

a. The client first queries the switch to determine if DSA public key

authentication using a preferred algorithm is acceptable.

b. If the specified algorithm is supported by the switch, it notifies the client to

proceed with the authentication process. Otherwise, it rejects the request.

c. The client sends a signature generated using the private key to the switch.
d. When the server receives this message, it checks whether the supplied key

is acceptable for authentication, and if so, it then checks whether the
signature is correct. If both checks succeed, the client is authenticated.

Note:

The SSH server supports up to four client sessions. The maximum number of
client sessions includes both current Telnet sessions and SSH sessions.

ip ssh server

This command enables the Secure Shell (SSH) server on this switch. Use the

no

form to disable this service.

Syntax

[

no

]

ip ssh server

Default Setting

Disabled

Command Mode

Global Configuration

Command Usage

• The SSH server supports up to four client sessions. The maximum number of

client sessions includes both current Telnet sessions and SSH sessions.

• The SSH server uses DSA or RSA for key exchange when the client first

establishes a connection with the switch, and then negotiates with the client
to select either DES (56-bit) or 3DES (168-bit) for data encryption.

• You must generate DSA and RSA host keys before enabling the SSH server.

«
...
481
482
483
484
485
...
»

Содержание ES4626F

Страница 1: ...Powered by Accton Management Guide ES4626F ES4650F 24 48 Port Stackable Layer 3 Gigabit Ethernet Switch...

Страница 2: ......

Страница 3: ...T RJ 45 Ports 4 Gigabit Combination Ports RJ 45 SFP 2 10 Gigabit Extender Module Slots and 2 Stacking Ports ES4650F Gigabit Ethernet Switch Stackable Layer 3 Switch with 44 10 100 1000BASE T RJ 45 Po...

Страница 4: ...ES4626F ES4650F F1 1 0 2 E062009 R01 ST 149100000013A...

Страница 5: ...nt information or calls your attention to related features or instructions Caution Alerts you to a potential hazard that could cause loss of data or damage the system or equipment Warning Alerts you t...

Страница 6: ...ii...

Страница 7: ...nagement Access 2 5 Resilient Configuration 2 5 Renumbering the Stack 2 5 Ensuring Consistent Code is Used Across the Stack 2 5 Basic Configuration 2 6 Console Connection 2 6 Setting Passwords 2 7 Set...

Страница 8: ...oading Configuration Settings from a Server 4 25 Console Port Settings 4 26 Telnet Settings 4 28 Configuring Event Logging 4 30 System Log Configuration 4 30 Remote Log Configuration 4 31 Displaying L...

Страница 9: ...he ACL Name and Type 7 1 Configuring a Standard IPv4 ACL 7 2 Configuring an Extended IPv4 ACL 7 3 Configuring a MAC ACL 7 6 Configuring a Standard IPv6 ACL 7 7 Configuring an Extended IPv6 ACL 7 8 Bin...

Страница 10: ...Interface to a QinQ Tunnel 11 17 Configuring Private VLANs 11 18 Enabling Private VLANs 11 19 Configuring Uplink and Downlink Ports 11 19 Configuring Protocol Based VLANs 11 20 Configuring Protocol G...

Страница 11: ...e 16 1 Configuring General DNS Service Parameters 16 1 Configuring Static DNS Host to Address Entries 16 3 Displaying the DNS Cache 16 5 Chapter 17 Dynamic Host Configuration Protocol 17 1 Configuring...

Страница 12: ...rst Protocol 20 14 Configuring General Protocol Settings 20 15 Configuring OSPF Areas 20 19 Configuring Area Ranges Route Summarization for ABRs 20 23 Configuring OSPF Interfaces 20 25 Configuring Vir...

Страница 13: ...22 4 exit 22 5 quit 22 5 Chapter 23 System Management Commands 23 1 Device Designation Commands 23 1 hostname 23 1 switch renumber 23 2 System Status Commands 23 3 show startup config 23 3 show runni...

Страница 14: ...gging sendmail destination email 23 34 logging sendmail 23 34 show logging sendmail 23 35 Time Commands 23 35 sntp client 23 36 sntp server 23 37 sntp poll 23 37 sntp update time 23 38 show sntp 23 38...

Страница 15: ...us server key 25 7 radius server retransmit 25 8 radius server timeout 25 8 show radius server 25 8 TACACS Client 25 9 tacacs server host 25 9 tacacs server port 25 10 tacacs server key 25 10 show tac...

Страница 16: ...35 management 25 35 show management 25 36 Chapter 26 Access Control List Commands 26 1 IPv4 ACLs 26 1 access list ip 26 2 permit deny Standard IPv4 ACL 26 2 permit deny Extended IPv4 ACL 26 3 show ip...

Страница 17: ...ernet Interface 28 5 lacp admin key Port Channel 28 6 lacp port priority 28 6 show lacp 28 7 Chapter 29 Mirror Port Commands 29 1 port monitor 29 1 show port monitor 29 2 Chapter 30 Rate Limit Command...

Страница 18: ...32 18 Chapter 33 Spanning Tree Commands 33 1 spanning tree 33 2 spanning tree mode 33 2 spanning tree forward time 33 4 spanning tree hello time 33 4 spanning tree max age 33 5 spanning tree priority...

Страница 19: ...4 12 show vlan 34 13 Configuring IEEE 802 1Q Tunneling 34 14 dot1q tunnel system tunnel control 34 15 switchport dot1q tunnel mode 34 15 switchport dot1q tunnel tpid 34 16 show dot1q tunnel 34 17 Conf...

Страница 20: ...8 show class map 36 9 show policy map 36 9 show policy map interface 36 10 Chapter 37 Multicast Filtering Commands 37 1 IGMP Snooping Commands 37 1 ip igmp snooping 37 1 ip igmp snooping vlan static...

Страница 21: ...ess 39 6 ip dhcp pool 39 6 network 39 7 default router 39 8 domain name 39 8 dns server 39 9 next server 39 9 bootfile 39 10 netbios name server 39 10 netbios node type 39 11 lease 39 11 host 39 12 cl...

Страница 22: ...13 show ipv6 interface 41 14 ipv6 default gateway 41 17 show ipv6 default gateway 41 17 ipv6 mtu 41 18 show ipv6 mtu 41 19 show ipv6 traffic 41 19 clear ipv6 traffic 41 25 ping ipv6 41 25 ipv6 neighbo...

Страница 23: ...ation originate 42 21 timers spf 42 22 area range 42 23 area default cost 42 24 summary address 42 24 redistribute 42 25 network area 42 26 area stub 42 27 area nssa 42 28 area virtual link 42 30 ip o...

Страница 24: ...x A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interface...

Страница 25: ...to Egress Queues 13 3 Table 13 2 CoS Priority Levels 13 3 Table 13 3 Mapping IP Precedence 13 8 Table 13 4 Mapping DSCP Priority 13 10 Table 19 1 Address Resolution Protocol 19 8 Table 19 2 ARP Stati...

Страница 26: ...2 Port Security Commands 25 24 Table 25 13 802 1X Port Authentication Commands 25 26 Table 25 14 IP Filter Commands 25 35 Table 26 1 Access Control List Commands 26 1 Table 26 2 IPv4 ACL Commands 26 1...

Страница 27: ...le 40 4 show vrrp brief display description 40 8 Table 41 1 IP Interface Commands 41 1 Table 41 2 Basic IP Configuration Commands 41 1 Table 41 3 show ipv6 interface display description 41 15 Table 41...

Страница 28: ...splay description 42 47 Table 42 17 show ip ospf summary display description 42 48 Table 42 18 show ip ospf interface display description 42 49 Table 42 19 show ip ospf neighbor display description 42...

Страница 29: ...Figure 4 16 Configuring the Console Port 4 27 Figure 4 17 Configuring the Telnet Interface 4 29 Figure 4 18 System Logs 4 31 Figure 4 19 Remote Logs 4 32 Figure 4 20 Displaying Logs 4 33 Figure 4 21...

Страница 30: ...8 5 LACP Aggregation Port 8 11 Figure 8 6 LACP Port Counters Information 8 13 Figure 8 7 LACP Port Internal Information 8 15 Figure 8 8 LACP Port Neighbors Information 8 16 Figure 8 9 Port Broadcast...

Страница 31: ...e 13 8 IP Port Priority Status 13 11 Figure 13 9 IP Port Priority 13 12 Figure 14 1 Configuring Class Maps 14 3 Figure 14 2 Configuring Policy Maps 14 6 Figure 14 3 Service Policy Settings 14 7 Figure...

Страница 32: ...ce Settings 20 8 Figure 20 4 RIP Redistribution Configuration 20 10 Figure 20 5 RIP Statistics 20 12 Figure 20 6 OSPF General Configuration 20 18 Figure 20 7 OSPF Area Configuration 20 22 Figure 20 8...

Страница 33: ...is section provides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface Introduction 1...

Страница 34: ...Getting Started...

Страница 35: ...trol Lists Supports up to 256 ACLs 96 MAC rules 96 IP rules and 96 IPv6 rules DHCP Client Relay and Server Supported DNS Client and Proxy service Port Configuration Speed and duplex mode and flow cont...

Страница 36: ...so supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the swi...

Страница 37: ...eived on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Traffic that falls within the rate limit is transmitted while packe...

Страница 38: ...0 seconds or more for the older IEEE 802 1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches running the older standard by automatically reconfigu...

Страница 39: ...ion hassles normally associated with conventional routers Routing for unicast traffic is supported with the Routing Information Protocol RIP and the Open Shortest Path First OSPF protocol RIP This pro...

Страница 40: ...a per hop basis Each packet is classified upon entry into the network based on access lists IP Precedence or DSCP values or VLAN lists Using access lists allows you select traffic based on Layer 2 Lay...

Страница 41: ...rt Connection Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Pa...

Страница 42: ...Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Algorithm Status Enabled RSTP Default...

Страница 43: ...y 0 0 0 0 DHCP Client Enabled Relay Disabled Server Disabled DNS Client Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled Unicast Routing RIP Disabled OSPF Disa...

Страница 44: ...Introduction 1 10 1...

Страница 45: ...nection to the RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNM...

Страница 46: ...plete the following steps 1 Connect the console cable to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Conn...

Страница 47: ...oard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above Nets...

Страница 48: ...ster unit finishes booting up it continues to synchronize configuration information to all of the Slave units in the stack If the Master unit fails or is powered off a new master unit will be selected...

Страница 49: ...access However if the unit to which you normally connect for management access fails and there are no active port members on the other units within this VLAN interface then this IP address will no lo...

Страница 50: ...p units that are running a different image version For information on downloading firmware see Managing Firmware on page 4 21 or File Management Commands on page 23 10 Basic Configuration Console Conn...

Страница 51: ...nter 4 Type username admin password 0 password for the Privileged Exec level where password is your new password Press Enter Note 0 specifies a password in plain text 7 specifies a password in encrypt...

Страница 52: ...address is the switch IP address and netmask is the network mask for the network Press Enter 3 Type exit to return to the global configuration mode prompt Press Enter 4 To set the IP address of the de...

Страница 53: ...er Then press Enter Address for Multi segment Network Before you can assign an IPv6 address to the switch that will be used to connect to a multi segment network you must obtain the following informat...

Страница 54: ...ipv6 address bits The remaining bits are assigned to the host interface Press Enter 4 Type exit to return to the global configuration mode prompt Press Enter 5 To set the IP address of the IPv6 defau...

Страница 55: ...face vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp an...

Страница 56: ...network containing more than one subnet the switch can be configured to automatically generate a unique host address based on the local subnet address prefix received in router advertisement messages...

Страница 57: ...the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB tree However...

Страница 58: ...e are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure...

Страница 59: ...up file The three types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files can be selecte...

Страница 60: ...Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted To save all your configuration changes in nonvolatile storage you must copy the...

Страница 61: ...1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Enter Console copy running config startup config 23 11 Start...

Страница 62: ...Initial Configuration 2 18 2...

Страница 63: ...gement Tasks 4 1 Simple Network Management Protocol 5 1 User Authentication 6 1 Access Control Lists 7 1 Port Configuration 8 1 Address Table Settings 9 1 Spanning Tree Algorithm 10 1 VLAN Configurati...

Страница 64: ...Switch Management...

Страница 65: ...ess on page 2 7 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program Se...

Страница 66: ...cts with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu lin...

Страница 67: ...7 x This option is available under Tools Internet Options General Browsing History Settings Temporary Internet Files 2 You may have to manually refresh the screen after making configuration changes b...

Страница 68: ...guration Configures IPv6 interface address and protocol settings 4 9 IPv6 General Prefix Configures IPv6 general prefix for network portion of addresses 4 15 IPv6 ND Neighbor Configures IPv6 neighbor...

Страница 69: ...passwords and access levels 6 1 Authentication Settings Configures authentication sequence RADIUS and TACACS 6 2 HTTPS Settings Configures secure HTTP settings 6 5 SSH Secure Shell 6 8 Settings Confi...

Страница 70: ...17 Trunk Broadcast Control Sets the broadcast storm threshold for each trunk 8 17 Mirror Port Configuration Sets the source and target ports for mirroring 8 19 Rate Limit 8 20 Input Port Configuration...

Страница 71: ...hows the current port members of each VLAN and whether or not the port is tagged or untagged 11 5 Static List Used to create or remove VLAN groups 11 6 Static Table Modifies the settings for an existi...

Страница 72: ...each trunk 13 1 Traffic Classes Maps IEEE 802 1p priority tags to output queues 13 3 Traffic Classes Status Enables disables traffic class priorities not implemented NA Queue Mode Sets queue mode to s...

Страница 73: ...entries for domain name to address mapping 16 3 Cache Displays cache entries discovered by designated name servers 16 5 DHCP Dynamic Host Configuration Protocol 17 1 Relay Configuration Specifies DHCP...

Страница 74: ...and errors 19 19 TCP Shows statistics for TCP including the amount of traffic and TCP connection activity 19 20 Routing 19 21 Static Routes Configures and display static routing entries 19 21 Routing...

Страница 75: ...figuration Defines OSPF areas and associated interfaces 20 31 Summary Address Configuration Aggregates routes learned from other protocols for advertising into other autonomous systems 20 33 Redistrib...

Страница 76: ...Configuring the Switch 3 12 3...

Страница 77: ...agent has been up These additional parameters are displayed for the CLI System Description Brief description of device type MAC Address The physical layer address for this switch Web Server Shows if m...

Страница 78: ...ystem 23 7 System Description 24 48 port 10 100 1000 Stackable Managed Switch with 2 X 10G uplinks System OID String 1 3 6 1 4 1 259 8 1 9 System Information System Up Time 0 days 1 hours 28 minutes a...

Страница 79: ...main board Internal Power Status Displays the status of the internal power supply Management Software EPLD Version Version number of EEPROM Programmable Logic Device Loader Version Version number of...

Страница 80: ...es on page 9 1 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the defaul...

Страница 81: ...via DHCP by default To manually configure an address you need to change the stack s default settings to values that are compatible with your network You may also need to a establish a default gateway...

Страница 82: ...stack are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whether IP fu...

Страница 83: ...Apply Figure 4 4 IPv4 Interface Configuration Manual Click IP Global Setting If this stack and management stations exist on other network segments then specify the default gateway and click Apply Figu...

Страница 84: ...er reset Figure 4 6 IPv4 Interface Configuration DHCP Note If you lose your management connection make a console connection to the Master unit and enter show ip interface to determine the new stack ad...

Страница 85: ...net Management traffic using this kind of address cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshoo...

Страница 86: ...described under Configuring an IPv6 General Network Prefix on page 4 15 When using this method remember that the prefix length specified on the IPv6 Configuration page must include both the length of...

Страница 87: ...Configuration Enables stateless autoconfiguration of IPv6 addresses on an interface and enables IPv6 functionality on the interface The network portion of the address is based on prefixes received in...

Страница 88: ...oth that specified by the general prefix and any number of subsequent prefix bits that exceed the length of the general prefix Therefore depending on the specified prefix length some of the address bi...

Страница 89: ...uired to join the all nodes multicast addresses FF01 1 and FF02 1 for all IPv6 nodes within scope 1 interface local and scope 2 link local respectively FF01 1 16 is the transient node local multicast...

Страница 90: ...em IPv6 Configuration IPv6 Configuration Set the IPv6 default gateway specify the VLAN to configure enable IPv6 and set the MTU Then enter a global unicast or link local address and click Add IPv6 Add...

Страница 91: ...ent assigned to the general prefix The prefix must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the...

Страница 92: ...refix Click Add to open the editing fields for a prefix entry Enter a name for the general prefix the value for the general prefix and the prefix length Then click Add to enable the entry Figure 4 8 I...

Страница 93: ...detection is automatically restarted when the interface is administratively re activated An interface that is re activated restarts duplicate address detection for all unicast IPv6 addresses on the in...

Страница 94: ...received that the forward path was functioning A packet was sent within the last DELAY_FIRST_PROBE_TIME interval If no reachability confirmation is received within this interval after entering the DEL...

Страница 95: ...ol settings select a VLAN interface set the number of attempts allowed for duplicate address detection set the interval for neighbor solicitation messages and click Apply To configure static neighbor...

Страница 96: ...s FE80 1034 11FF FE11 4321 64 Global unicast address es 2009 DB9 2229 79 subnet is 2009 DB9 2229 0 64 Joined group address es FF01 1 16 FF02 1 16 FF02 1 FF00 79 104 FF02 1 FF11 4321 104 MTU is 1280 by...

Страница 97: ...rames Enable or disable support for jumbo frames and click Apply Figure 4 10 Configuring Support for Jumbo Frames CLI This example enables jumbo frames globally for the switch Managing Firmware You ca...

Страница 98: ...ed startup version of this file cannot be deleted Downloading System Software from a Server When downloading runtime code you can specify the destination file name to replace the current image or firs...

Страница 99: ...elect System File Management Delete Select the file name from the given list by checking the tick box and click Apply Note that the file currently designated as the startup code cannot be deleted Figu...

Страница 100: ...ng config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to r...

Страница 101: ...e switch Web Click System File Management Copy Operation Choose tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download select a fil...

Страница 102: ...r input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 0 seconds Password Threshold Sets the password intrusion threshold which limits the...

Страница 103: ...the stop bits transmitted per byte Range 1 2 Default 1 stop bit Password1 Specifies a password for the line connection When a connection is started on a line with password protection the system promp...

Страница 104: ...interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Passwo...

Страница 105: ...parameters for Telnet access then click Apply Figure 4 17 Configuring the Telnet Interface CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as required...

Страница 106: ...Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the spe...

Страница 107: ...s of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This...

Страница 108: ...type and set the logging trap Console config logging host 10 1 0 9 23 28 Console config logging facility 23 23 28 Console config logging trap 4 23 29 Console config logging trap Console config exit C...

Страница 109: ...ecified SMTP servers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the emai...

Страница 110: ...Specifies the email recipients of alert messages You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Web Click Syst...

Страница 111: ...each switch in the stack based on the unit identification number You should therefore remember to save the current configuration after renumbering the stack For a line topology the stack is numbered f...

Страница 112: ...al clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also...

Страница 113: ...o 16 15 58 February 1st 2008 Configuring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an S...

Страница 114: ...erate as an SNTP client and then displays the current time and settings Console config sntp client 23 36 Console config sntp poll 16 23 37 Console config sntp server 10 1 0 19 137 82 140 80 128 250 36...

Страница 115: ...ime zone to be before east or after west UTC Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC Minutes 0 59 The number of minutes before after...

Страница 116: ...ajor regions of the world To specify the time corresponding to your local time when summer time is in effect select the predefined summer time time zone appropriate for your location Date Mode Sets th...

Страница 117: ...nutes your summer time time zone deviates from your regular time zone Offset Summer time offset from the regular time zone in minutes Range 0 99 minutes From Start time for summer time offset To End t...

Страница 118: ...Basic Management Tasks 4 42 4...

Страница 119: ...uously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as Edge core ECView Acce...

Страница 120: ...tview none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user defined user defined user defined user defined Communit...

Страница 121: ...at acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the access...

Страница 122: ...t of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a respons...

Страница 123: ...available for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The num...

Страница 124: ...3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 5 3 Conf...

Страница 125: ...asswords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default eng...

Страница 126: ...to it See Specifying Trap Managers and Trap Types on page 5 4 and Configuring Remote SNMPv3 Users on page 5 11 A new engine ID can be specified by entering 9 to 64 hexadecimal characters If an odd nu...

Страница 127: ...er noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only...

Страница 128: ...ed group of a user click Change Group in the Actions column of the users table and select the new group Figure 5 6 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new user...

Страница 129: ...for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on...

Страница 130: ...hen click Delete Figure 5 7 Configuring Remote SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user mark group r d re...

Страница 131: ...model SNMP v1 v2c or v3 Level The security level used for the group noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication...

Страница 132: ...SNMP entity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent sta...

Страница 133: ...two objects the first object indicates the master version whereas the second represents the slave version swModuleVer MismatchNotificaiton 1 3 6 1 4 1 202 20 57 84 2 1 0 57 This trap is sent when the...

Страница 134: ...n click Delete Figure 5 8 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read an...

Страница 135: ...in the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view W...

Страница 136: ...ver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 24 10 Console config exit Console show snmp view 24 11 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile R...

Страница 137: ...has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as...

Страница 138: ...ly configure access rights on the switch or you can use a remote access authentication server based on RADIUS or TACACS protocols Remote Authentication Dial in User Service RADIUS and Terminal Access...

Страница 139: ...IUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Command Attributes A...

Страница 140: ...username on page 25 2 Web Click Security Authentication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parame...

Страница 141: ...on The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Inter...

Страница 142: ...on on this function see Replacing the Default Secure site Certificate on page 6 7 Web Click Security HTTPS Settings Enable HTTPS and specify the port number then click Apply Figure 6 3 HTTPS Settings...

Страница 143: ...re Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obtained these place them...

Страница 144: ...station to access the switch for management via the SSH protocol Note The switch supports both SSH Version 1 5 and 2 0 clients Command Usage The SSH server on this switch supports both password and pu...

Страница 145: ...32671316 29432532818915045306393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of re...

Страница 146: ...thenticated Note The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Generating the Host Key Pair A host pub...

Страница 147: ...the host key pair Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page C...

Страница 148: ...encrypted public key DSA The switch accepts a DSA version 2 encrypted public key The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and the...

Страница 149: ...public key file it is not necessary to first delete the original key from the switch The import process will overwrite the existing key Delete Deletes a selected RSA or DSA public key that has alread...

Страница 150: ...FTP server IP address 192 168 1 254 Choose public key type 1 RSA 2 DSA 1 2 2 Source file name admin ssh2 dsa pub key Username admin TFTP Download Success Write to FLASH Programming Success Console sho...

Страница 151: ...r Settings CLI This example enables SSH sets the authentication parameters and displays the current configuration It shows that the administrator has made a connection via SHH and then disables this c...

Страница 152: ...f MAC addresses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevent...

Страница 153: ...allowed on a port and click Apply Figure 6 8 Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port specifies a maximum address count...

Страница 154: ...ntains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and the...

Страница 155: ...2 1X System Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 6 9 802 1X Global Information CLI This example shows the default global setting for 802 1X...

Страница 156: ...on Command Attributes Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized p...

Страница 157: ...ess table Configured static MAC addresses are added to the secure address table when seen on a switch port Static addresses are treated as authenticated without sending a request to a RADIUS server Wh...

Страница 158: ...User Authentication 6 22 6 Web Click Security 802 1X Port Configuration Modify the parameters required and click Apply Figure 6 11 802 1X Port Configuration...

Страница 159: ...uth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto yes 1 25 disabled Single Host ForceAuth...

Страница 160: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx E...

Страница 161: ...re 6 12 802 1X Port Statistics CLI This example displays the dot1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 25 32 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start...

Страница 162: ...o five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges...

Страница 163: ...estricts management access for Telnet clients Console config management telnet client 192 168 1 19 25 35 Console config management telnet client 192 168 1 25 192 168 1 30 Console config exit Console s...

Страница 164: ...User Authentication 6 28 6...

Страница 165: ...IP ACLs including Standard and Extended ACLs IPv6 Standard ACLs and IPv6 Extended ACLs For the ES4626F all ports share this quota For the ES4650F ports 1 24 share a quota of 96 rules and ports 25 50...

Страница 166: ...n page for the new list Figure 7 1 Selecting ACL Type CLI This example creates a standard IP ACL named bill Configuring a Standard IPv4 ACL Command Attributes Action An ACL can contain any combination...

Страница 167: ...ny to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default...

Страница 168: ...he control bitmask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means t...

Страница 169: ...coming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes thr...

Страница 170: ...k for source or destination MAC address VID VLAN ID Range 1 4093 VID Bit Mask VLAN bitmask Range 1 4093 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff...

Страница 171: ...thernet type is 0800 Configuring a Standard IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Source Address Type Specifies the source IP address Use Any to...

Страница 172: ...9 5 64 Configuring an Extended IPv6 ACL Command Attributes Action An ACL can contain any combination of permit or deny rules Destination Address Type Specifies the destination IP address Use Any to in...

Страница 173: ...ling by IPv6 routers such as non default quality of service or real time service see RFC 2460 Range 0 16777215 A flow label is assigned to a flow by the flow s source node New flow labels must be chos...

Страница 174: ...ration Extended IPv6 CLI This example adds three rules 1 Accepts any incoming packets for the destination 2009 DB9 2229 79 48 2 Allows packets to any destination address when the DSCP value is 5 3 All...

Страница 175: ...s the MAC ACL to bind to a port IPv6 Specifies the IPv6 ACL to bind to a port IN ACL for ingress packets ACL Name Name of the ACL Web Click Security ACL Port Binding Mark the Enable field for the port...

Страница 176: ...Access Control Lists 7 12 7...

Страница 177: ...tatus Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if au...

Страница 178: ...ull duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast storm Shows if broadcast storm control is enabled or disabled Broadcast storm limit Sho...

Страница 179: ...ASE T port or trunk Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled...

Страница 180: ...a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10f...

Страница 181: ...1 13 27 1 Console config if description RD SW 13 27 2 Console config if shutdown 27 7 Console config if no shutdown Console config if no negotiation 27 4 Console config if speed duplex 100half 27 3 C...

Страница 182: ...e trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify t...

Страница 183: ...orts and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry f...

Страница 184: ...ust be configured for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 8 7...

Страница 185: ...enabled trunk ports on another switch to form a trunk Console config interface ethernet 1 1 27 1 Console config if lacp 28 3 Console config if exit Console config interface ethernet 1 6 Console config...

Страница 186: ...riority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be...

Страница 187: ...ou can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggrega...

Страница 188: ...nsole config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 28 7 Channel Group...

Страница 189: ...oup Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received...

Страница 190: ...ormation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be ena...

Страница 191: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 28 7 Port channel 1 Oper Key 3 Admin Key 0 Eth 1 2 LACPDUs Internal 30 sec LACP Sys...

Страница 192: ...ed by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation...

Страница 193: ...resolution is 1 packet per second pps i e any setting between 500 262143 is acceptable Command Attributes Port6 Port number Trunk7 Trunk number Type Indicates the port type 1000BASE T SFP or 10G Prot...

Страница 194: ...1 Console config if no switchport broadcast 27 7 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 600 27 7 Console config if end Console...

Страница 195: ...ce port when using MSTP see Spanning Tree Algorithm on page 10 1 Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Unit The unit whose port traffic will be monitored...

Страница 196: ...rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this fe...

Страница 197: ...then set the rate limit for the individual interfaces and click Apply Figure 8 11 Rate Limit Configuration CLI This example sets the rate limit for input and output traffic passing through port 1 to...

Страница 198: ...at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Pa...

Страница 199: ...articular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one colli...

Страница 200: ...r of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than...

Страница 201: ...ort Statistics 8 25 8 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 8 12 Port S...

Страница 202: ...rors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal ma...

Страница 203: ...can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will b...

Страница 204: ...d traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indica...

Страница 205: ...kbox select the method of sorting the displayed addresses and then click Query Figure 9 2 Dynamic Addresses CLI This example also displays the address table entries for port 1 Console show mac address...

Страница 206: ...es disables the aging function Aging Time The time after which a learned entry is discarded Range 10 1000000 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging tim...

Страница 207: ...that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designate...

Страница 208: ...commonly configured MSTP bridges An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration...

Страница 209: ...hich the root device transmits a configuration message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is...

Страница 210: ...ssage a new root port is selected from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The m...

Страница 211: ...rward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0001ECF8D8C6 Current Root Port 1 Current Root Cost 100000 Number of Topology Changes 1 Last Topology Change Time sec 1521 Trans...

Страница 212: ...that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to pa...

Страница 213: ...orts and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing st...

Страница 214: ...AN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision10 The revision for this MSTI Range 0 65535 Default 0 Region Name10 The name for this MSTI Ma...

Страница 215: ...Configuring Global Settings 10 9 10 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 10 2 STA Global Configuration...

Страница 216: ...no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then some of them change stat...

Страница 217: ...BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bri...

Страница 218: ...itch has accepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port Y...

Страница 219: ...onal information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay paramete...

Страница 220: ...on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Admin Link Type The link type attached to this interface Point to...

Страница 221: ...to forced STP compatible mode However you can also use the Protocol Migration button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected interfaces Default...

Страница 222: ...ree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 10 6 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 Add the V...

Страница 223: ...1 followed by settings for each port Console show spanning tree mst 1 33 18 Spanning tree information Spanning Tree Mode MSTP Spanning Tree Enabled Disabled Enabled Instance 1 VLANs Configuration 1 Pr...

Страница 224: ...er Path Cost 10000 Priority 128 Designated Cost 0 Designated Port 128 23 Designated Root 32768 1 0000E8900000 Designated Bridge 32768 1 0000E8900000 Fast Forwarding Disabled Forward Transitions 2 Admi...

Страница 225: ...n CLI This displays STA settings for instance 0 followed by settings for each port The settings for instance 0 are global settings that apply to the IST page 10 3 the settings for other instances only...

Страница 226: ...if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured MST Instance ID Instance identifier to configure Range 0 4094 Default 0 Priority Defi...

Страница 227: ...detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Web Click Spanning Tree MST...

Страница 228: ...22 10 CLI This example sets the MSTP attributes for port 4 Console config interface ethernet 1 4 27 1 Console config if spanning tree mst port priority 0 33 17 Console config if spanning tree mst cost...

Страница 229: ...erently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 4093 VLANs b...

Страница 230: ...e VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VL...

Страница 231: ...e same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable tagging on all ports Ports can be assigned to multiple tagg...

Страница 232: ...N 802 1Q VLAN GVRP Status Enable or disable GVRP click Apply Figure 11 1 Globally Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basic Informatio...

Страница 233: ...this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VL...

Страница 234: ...ntagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of confi...

Страница 235: ...t page to configure VLAN groups based on the port index page 9 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing...

Страница 236: ...tagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forbidden from a...

Страница 237: ...ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 11 6 VLAN Static Membershi...

Страница 238: ...frame types any received frames that are untagged are assigned to the default VLAN Option All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingr...

Страница 239: ...mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the sour...

Страница 240: ...ers who have multiple VLANs Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider s network even when they use the same customer specific VLAN...

Страница 241: ...en the egress process transmits the packet Packets entering a QinQ tunnel port are processed in the following manner 1 New SPVLAN tags are added to all incoming packets no matter how many tags they al...

Страница 242: ...der s network The TPID must be configured on a per port basis and the verification cannot be disabled 3 If the ether type of an incoming packet single or double tagged is equal to the TPID of the upli...

Страница 243: ...ing tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode see Enabling QinQ Tunneling o...

Страница 244: ...runk port incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the por...

Страница 245: ...hip mode of the port None The port operates in its normal VLAN mode This is the default 802 1Q Tunnel Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer...

Страница 246: ...le config if switchport dot1q tunnel mode access 34 15 Console config if interface ethernet 1 3 Console config if switchport dot1q tunnel mode uplink 34 15 Console config if end Console show dot1q tun...

Страница 247: ...Downlink Ports Use the Private VLAN Link Status page to set ports as downlink or uplink ports Ports designated as downlink ports can not communicate with any other ports on the switch except for the...

Страница 248: ...1 First configure VLAN groups for the protocols you want to use page 6 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port me...

Страница 249: ...configuration screen If you assign interfaces using any of the other VLAN menus such as the VLAN Static Table page 7 or VLAN Static Membership by Port menu page 9 these interfaces will admit traffic o...

Страница 250: ...93 Web Click VLAN Protocol VLAN Port Configuration Select a a port or trunk enter a protocol group ID the corresponding VLAN ID and click Apply Figure 11 11 Protocol VLAN Port Configuration CLI The fo...

Страница 251: ...LDP globally on the switch Default Disabled Transmission Interval Configures the periodic transmit interval for LLDP advertisements Range 5 32768 seconds Default 30 seconds This attribute must comply...

Страница 252: ...lt 5 seconds This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that occur between...

Страница 253: ...destinations see Specifying Trap Managers and Trap Types on page 5 4 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes...

Страница 254: ...r Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address...

Страница 255: ...cates the system s administratively assigned name see Displaying System Information on page 4 1 System Description A textual description of the network entity This field is also displayed by the show...

Страница 256: ...ent Interface Settings The attributes listed below apply to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Description A string t...

Страница 257: ...1000 Stackable Managed Switch with 2 X 10G uplinks System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information Interface PortID Typ...

Страница 258: ...the specific identifier for the particular chassis in this system Port ID A string that contains the specific identifier for the port from which this LLDPDU was transmitted Port Name A string that ind...

Страница 259: ...e particular chassis in this system Port Type Indicates the basis for the identifier that is listed in the Port ID field Port Description A string that indicates the port s description If RFC 2863 is...

Страница 260: ...he primary function s of the system which are currently enabled Refer to the preceding table See Table 12 2 System Capabilities on page 12 6 Management Address The IPv4 address of the remote device If...

Страница 261: ...e database dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The number of times that a neighbor s information has been deleted from the LLDP remote systems MIB becaus...

Страница 262: ...ected directly to this switch switch show lldp info statistics 32 18 LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Cou...

Страница 263: ...ount of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recog...

Страница 264: ...P enabled remote device attached to a specific port this switch switch show lldp info statistics detail ethernet 1 1 32 18 LLDP Port Statistics Detail PortName Eth 1 1 Frames Discarded 0 Frames Invali...

Страница 265: ...ted into the appropriate priority queue at the output port Command Usage This switch provides eight priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The def...

Страница 266: ...config if switchport priority default 5 35 3 Console config if end Console show interfaces switchport ethernet 1 3 27 11 Information of Eth 1 3 Broadcast threshold Enabled 500 packets second LACP stat...

Страница 267: ...lications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Pr...

Страница 268: ...priorities is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config interface ethernet 1 1 27 1 Console config queue cos map 0...

Страница 269: ...revents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 6 8 10...

Страница 270: ...es and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software application...

Страница 271: ...y information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSC...

Страница 272: ...Precedence values are mapped one to one to Class of Service values i e Precedence value 0 maps to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various appl...

Страница 273: ...1 and then displays the IP Precedence settings Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interfaces on the s...

Страница 274: ...e following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a...

Страница 275: ...es IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP port number Class of Service Value Sets a Co...

Страница 276: ...ch maps HTTP traffic on port 1 to CoS value 0 and then displays the IP Port Priority settings Mapping specific values for IP Port Priority is implemented as an interface configuration command but any...

Страница 277: ...ze the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should...

Страница 278: ...name and a brief description of a class map Range 1 16 characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class entry Modify th...

Страница 279: ...CP value contained in an IPv6 packet Range 0 63 Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Web Click QoS DiffSe...

Страница 280: ...gs page 14 7 You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6...

Страница 281: ...lobits per second Burst byte Burst in bytes Exceed Action Specifies whether the traffic that exceeds the specified rate will be dropped or the DSCP service level will be reduced Remove Class Deletes a...

Страница 282: ...14 6 14 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 14 2 Conf...

Страница 283: ...egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate pol...

Страница 284: ...Quality of Service 14 8 14...

Страница 285: ...ts and an IGMP enabled device most commonly a multicast router In this way the switch can discover the ports that want to join a multicast group and set its filters accordingly If there is no multicas...

Страница 286: ...d In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources Notes 1 When the switch is configured to use IGMPv3 snooping the snooping version may...

Страница 287: ...ulticast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is...

Страница 288: ...he default settings are shown below Figure 15 1 IGMP Configuration CLI This example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 3...

Страница 289: ...y see Configuring IGMP Snooping and Query Parameters on page 15 3 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should onl...

Страница 290: ...r switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4093 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to...

Страница 291: ...nk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Unit Stack unit Range 1 8 Port or Trunk Specifies the interface attached to a...

Страница 292: ...rvice Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are...

Страница 293: ...ts the VLAN to propagate all multicast traffic coming from the attached multicast router switch Range 1 4093 Multicast IP The IP address for a specific multicast service Unit Stack unit Range 1 8 Port...

Страница 294: ...Multicast Filtering 15 10 15...

Страница 295: ...m will search it for a corresponding entry If none is found the default domain name is used When an incomplete host name is received by the DNS service on this switch and a domain name list has been s...

Страница 296: ...a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 38 3 Console config ip domain list sample com uk 38 3 Co...

Страница 297: ...rk devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a...

Страница 298: ...ply Figure 16 2 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 3...

Страница 299: ...s field includes ADDRESS which specifies the host address for the owner and CNAME which specifies an alias IP The IP address associated with this record TTL The time to live reported by the name serve...

Страница 300: ...Domain Name Service 16 6 16...

Страница 301: ...switch supports DHCP relay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP request broadcast it inserts its own IP address into the request so that the DHCP serv...

Страница 302: ...other network settings such as the domain name default gateway Domain Name Servers DNS Windows Internet Naming Service WINS name servers or information on the bootup file for the host device to downlo...

Страница 303: ...changes This can be done on the DHCP Server General page Enabling the Server Setting Excluded Addresses Enable the DHCP Server and specify the IP addresses that it should not be assigned to clients Co...

Страница 304: ...om the matching network address pool However if no matching address pool is found the request is ignored When searching for a manual binding the switch compares the client identifier and then the hard...

Страница 305: ...eway router The IP address of the router should be on the same subnet as the client DNS Server The IP address of the primary and alternate DNS server DNS servers must be configured for a DHCP client t...

Страница 306: ...Address Pool Web Click DHCP Server Pool Configuration Specify a pool name then click Add Figure 17 3 DHCP Server Pool Configuration CLI This example adds an address pool and enters DHCP pool configur...

Страница 307: ...twork Configuration CLI This example configures a network address pool Console config ip dhcp pool tps 39 6 Console config dhcp network 10 1 0 0 255 255 255 0 39 7 Console config dhcp default router 1...

Страница 308: ...st address pool Console config ip dhcp pool mgr 39 6 Console config dhcp host 10 1 0 19 255 255 255 0 39 12 Console config dhcp hardware address 00 e0 29 94 34 28 ethernet 39 14 Console config dhcp cl...

Страница 309: ...l or after moving DHCP service to another device Entry Count Number of hosts that have been given addresses by the switch Note More than one DHCP server may respond to a service request by a host In t...

Страница 310: ...Dynamic Host Configuration Protocol 17 10 17...

Страница 311: ...l router priority Router redundancy can be set up in any of the following configurations These examples use the address of one of the participating routers as the master router When the virtual router...

Страница 312: ...lso enable the preempt feature which allows a router to take over as the master router when it comes on line if it has a higher priority than the currently active master router Command Usage Address A...

Страница 313: ...the new master router if the current master fails Preempting the Acting Master The virtual IP Owner has the highest priority so no other router can preempt it and it will always resume control as the...

Страница 314: ...er virtual router if it has a higher priority than the acting master virtual router i e a master router that is not the group s address owner or another backup router that has taken over from the prev...

Страница 315: ...18 5 18 Virtual Router Redundancy Protocol Web Click IP VRRP Group Configuration Select the VLAN ID enter the VRID group number and click Add Figure 18 1 VRRP Group Configuration...

Страница 316: ...ual router for the group Otherwise enter the virtual address for an existing group to make it a backup router or to compete as the master based on configured priority if no other members are set as th...

Страница 317: ...version number VRRP Packets with Invalid VRID The total number of VRRP packets received with an invalid VRID for this virtual router Web Click IP VRRP Global Statistics Figure 18 3 VRRP Global Statist...

Страница 318: ...ceived Priority 0 Packets Number of VRRP packets received by the virtual router with priority set to 0 Error Packet Length Packets Number of packets received with a packet length less than the length...

Страница 319: ...er of Received Error Advertisement Interval Packets 0 Total Number of Received Authentication Failures Packets 0 Total Number of Received Error IP TTL VRRP Packets 0 Total Number of Received Priority...

Страница 320: ...Configuring Router Redundancy 18 10 18...

Страница 321: ...ditional routers the static and dynamic routing functions must first be configured to work Initial Configuration By default all ports belong to the same VLAN and the switch provides only Layer 2 funct...

Страница 322: ...to live Verifying and recalculating the Layer 3 checksum If the destination node is on the same subnetwork as the source network then the packet can be transmitted directly without the help of a rout...

Страница 323: ...et is reformatted and sent out to the destination The reformat process includes decreasing the Time To Live TTL field of the IP header recalculating the IP header checksum and replacing the destinatio...

Страница 324: ...to manage the switch in band then you must define the IP subnet address for at least one VLAN Command Attributes IP Routing Status Configures the switch to operate as a Layer 2 switch or as a multilay...

Страница 325: ...ither Layer 2 or 3 as required All IP packets are routed directly between local interfaces or indirectly to remote interfaces using either static routing or dynamic routing All other packets for non I...

Страница 326: ...sses In other words you will need to specify secondary addresses if more than one IP subnet can accessed via this interface If DHCP BOOTP is enabled the system will immediately start broadcasting serv...

Страница 327: ...resses enter these addresses one at a time and click Set IP Configuration after entering each address Figure 19 2 IP Routing Interface CLI This example sets a primary IP address for VLAN 1 and then ad...

Страница 328: ...o the final destination If there is no entry for an IP address in the ARP cache the router will broadcast an ARP request packet to all devices on the network The ARP request contains the following fie...

Страница 329: ...86400 seconds Default 1200 seconds or 20 minutes The ARP aging timeout can be set for any currently configured VLAN The aging time determines how long dynamic entries remain the cache If the timeout i...

Страница 330: ...orks that do not have routing or a default gateway and click Apply Figure 19 3 ARP General CLI This example sets the ARP cache timeout for 15 minutes i e 900 seconds and enables Proxy ARP for VLAN 3 C...

Страница 331: ...try may need to be used if there is no response to an ARP broadcast message For example some applications may not respond to ARP requests or the response arrives too late causing network operations to...

Страница 332: ...to the corresponding IP address Interface VLAN interface associated with the address entry Dynamic to Static19 Changes a selected dynamic entry to a static entry Clear All19 Deletes all dynamic entri...

Страница 333: ...y in the cache MAC Address MAC address mapped to the corresponding IP address Interface VLAN interface associated with the address entry Entry Count The number of local entries in the ARP cache Consol...

Страница 334: ...ess Type Interface 10 1 0 0 ff ff ff ff ff ff other 1 10 1 0 11 00 11 22 33 44 55 static 1 10 1 0 12 01 02 03 04 05 06 static 1 10 1 0 19 00 10 b5 62 03 74 dynamic 1 10 1 0 253 00 00 ab cd 00 00 other...

Страница 335: ...d 0 couldn t fragment Sent 9 generated 0 no route ICMP statistics Rcvd 0 checksum errors 0 redirects 0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp S...

Страница 336: ...default gateways are down Datagrams Forwarded The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forwar...

Страница 337: ...to feed back information about more suitable routes i e the next hop router to use for a specific destination Routing Discards The number of routing entries which were chosen to be discarded even tho...

Страница 338: ...urce Quench messages received sent Redirects The number of ICMP Redirect messages received sent Echos The number of ICMP Echo request messages received sent Echo Replies The number of ICMP Echo Reply...

Страница 339: ...too complex too slow or just unnecessary Web Click IP Statistics UDP Figure 19 10 UDP Statistics CLI See the example on page 19 14 Table 19 5 USP Statistics Parameter Description Datagrams Received T...

Страница 340: ...SYN SENT state from the CLOSED state Failed Connection Attempts The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD sta...

Страница 341: ...ce over a dynamic route Static routes are included in RIP and OSPF updates periodically sent by the router if this feature is enabled by the RIP or OSPF see page 20 9 or 20 35 respectively Command Att...

Страница 342: ...is not enabled i e listed in the routing table unless there is at least one active link connected to that interface Command Attributes Interface Index number of the IP interface IP Address IP address...

Страница 343: ...Table CLI This example shows routes obtained from various methods Console show ip route 42 3 Ip Address Netmask Next Hop Protocol Metric Interface 0 0 0 0 0 0 0 0 10 1 0 254 static 1 1 10 1 0 0 255 2...

Страница 344: ...IP Routing 19 24 19...

Страница 345: ...inks which lead to relevant subnets OSPFv2 Dynamic Routing Protocol OSPF overcomes all the problems of RIP It uses a link state routing protocol to generate a shortest path tree then builds up its rou...

Страница 346: ...interface port from which they have been acquired but set the distance vector metrics to infinity This provides faster convergence Triggered updates Whenever a route gets changed broadcast an update...

Страница 347: ...and receiving protocol messages RIP send receive versions set on the RIP Interface Settings screen page 20 6 always take precedence over the settings for the Global RIP Version Timer Settings The tim...

Страница 348: ...lick Apply Figure 20 1 RIP General Settings CLI This example sets the router to use RIP Version 2 and sets the basic timer to 15 seconds Console config router rip 42 6 Console config router version 2...

Страница 349: ...t field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network address are used 192 223 is class C...

Страница 350: ...tively Use RIPv1 Compatible to propagate route information by broadcasting to other routers on the network using the RIPv2 advertisement list instead of multicasting as normally required by RIPv2 Usin...

Страница 351: ...Does not accept incoming RIP packets This option does not add any dynamic entries to the routing table for an interface Send Version The RIP version to send on an interface RIPv1 Sends only RIPv1 pac...

Страница 352: ...receiving interface must use the same password Range 1 16 characters case sensitive Web Click Routing Protocol RIP Interface Settings Select the RIP protocol message types that will be received and s...

Страница 353: ...ternal routes A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another...

Страница 354: ...tion metric for static routes and click Set Figure 20 4 RIP Redistribution Configuration CLI This example redistributes static routes and sets the metric for all of these routes to a value of 3 Consol...

Страница 355: ...outer database queries received by this router Interface Information Interface IP address of the interface SendMode RIP version sent on this interface none RIPv1 RIPv2 rip1Compatible ReceiveMode RIP v...

Страница 356: ...Unicast Routing 20 12 20 Web Click Routing Protocol RIP Statistics Figure 20 5 RIP Statistics...

Страница 357: ...umber of Queries 0 Console show ip rip configuration 42 16 Interface SendMode ReceiveMode Poison Authentication 10 1 0 253 rip1Compatible RIPv1Orv2 SplitHorizon noAuthentication 10 1 1 253 rip1Compati...

Страница 358: ...used to calculate summary route costs throughout the network when older OSPF routers exist as well as the not so stubby area option RFC 3101 Command Usage OSPF looks at more than just the simple hop c...

Страница 359: ...PF area that is not physically attached to the OSPF backbone Virtual links can also be used to provide a redundant link between contiguous areas to prevent areas from being partitioned or to merge bac...

Страница 360: ...any OSPF routers in an area exchanging summary information specifically ABRs which have not been upgraded to OSPFv2 RFC 2328 RFC 1583 should be used on the newly upgraded OSPFv2 routers to ensure comp...

Страница 361: ...import external routes through RIP or static routes and such a route is known See Redistributing External Routes on page 20 35 External Metric Type22 The external link type used to advertise the defa...

Страница 362: ...guration CLI This example configures the router with the same settings as shown in the screen capture for the web interface Console config router ospf 42 19 Console config router router id 10 1 1 253...

Страница 363: ...en areas you can configure an area as a stub or a not so stubby area NSSA Normal Area A large OSPF domain should be broken up into several areas to increase network stability and reduce the amount of...

Страница 364: ...in an OSPF stub area so routes cannot be redistributed from another protocol into a stub area On the other hand an NSSA allows external routes from another protocol to be redistributed into its own a...

Страница 365: ...area or not so stubby area NSSA Area ID 0 0 0 0 is set to the backbone by default Default Normal area Default Cost Cost for the default summary route sent into a stub from an area border router ABR Ra...

Страница 366: ...area 0 0 0 1 as a normal area area 0 0 0 2 as a stub and area 0 0 0 3 as an NSSA It also configures the router to propagate a default summary route into the stub and sets the cost for this default rou...

Страница 367: ...ed for several area ranges This router also supports Variable Length Subnet Masks VLSMs so you can summarize an address range on any bit boundary in a network address To summarize the external LSAs im...

Страница 368: ...efault for the area range command is to advertise the route summary The configured summary route is shown in the list of information displayed for area 1 Console config router area 0 0 0 1 range 10 1...

Страница 369: ...Count The number of IP interfaces assigned to this VLAN Note This router supports up 64 OSPF interfaces Detailed Interface Configuration VLAN ID The VLAN corresponding to the selected interface Rtr Pr...

Страница 370: ...uter is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological changes but will increase routing traffic Rtr Dead Interval Sets the interval at which...

Страница 371: ...ain text or Message Digest 5 MD5 authentication is enabled as described in the preceding item this password key is inserted into the OSPF header when routing protocol packets are originated by this de...

Страница 372: ...Configuration Select the required interface from the scroll down box and click Detailed Settings Figure 20 9 OSPF Interface Configuration Change any of the interface specific protocol parameters and t...

Страница 373: ...clude the transit area ID and the router ID for a virtual link neighbor that is adjacent to the backbone Command Attributes Area ID Identifies the transit area for the virtual link The area ID must be...

Страница 374: ...y the settings for an existing link click the Detail button for the required entry modify the link settings and click Set Figure 20 11 OSPF Virtual Link Configuration CLI This example configures a vir...

Страница 375: ...a by default A normal area can send and receive external Link State Advertisements LSAs If necessary you can use the Area Configuration page to configure an area as a stubby area that cannot send or r...

Страница 376: ...OSPF Network Area Address Configuration Configure a backbone area that is contiguous with all the other areas in your network configure an area for all of the other OSPF interfaces then click Apply F...

Страница 377: ...guration screen view the routes imported into the routing table and then configure one or more summary addresses to reduce the size of the routing table and consolidate these external routes for adver...

Страница 378: ...ecify the base address and network mask then click Add Figure 20 13 OSPF Summary Address Configuration CLI This example This example creates a summary address for all routes contained in 192 168 x x C...

Страница 379: ...ttributes Redistribute Protocol Specifies the external routing protocol type for which routing information is to be redistributed into the local routing domain Options RIP Static Default RIP Redistrib...

Страница 380: ...fer to Configuring OSPF Areas on page 20 19 Command Attributes Area ID Identifier for an not so stubby area NSSA The area ID must be in the form of an IPv4 address Default Information Originate An NSS...

Страница 381: ...ds redistribution should be disabled to prevent the NSSA ABR from advertising external routing information learned through routers in other areas into the NSSA Default Enabled Note This router support...

Страница 382: ...Area border routers can generate Summary LSAs that give the cost to a subnetwork located outside the area AS Summary Type 4 Area border routers can generate AS Summary LSAs that give the cost to an au...

Страница 383: ...PF Link State Database Information Specify parameters for the LSAs you want to display then click Query Figure 20 16 OSPF Link State Database Information CLI The CLI provides a wider selection of disp...

Страница 384: ...h Rte Type Route type either intra area or interarea route INTRA or INTER Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been executed...

Страница 385: ...Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchange Database descriptions being exchanged Loading LSA databases being exchanged Full Neighboring...

Страница 386: ...Unicast Routing 20 42 20...

Страница 387: ...ion Commands 25 1 Access Control List Commands 26 1 Interface Commands 27 1 Link Aggregation Commands 28 1 Mirror Port Commands 29 1 Rate Limit Commands 30 1 Address Table Commands 31 1 LLDP Commands...

Страница 388: ...Command Line Interface...

Страница 389: ...ords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name...

Страница 390: ...can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system...

Страница 391: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username a...

Страница 392: ...es ip IP information ipv6 IPv6 information lacp Show LACP statistic line TTY line information lldp LLDP log Login records logging Show the contents of logging buffers mac MAC access lists mac address...

Страница 393: ...m messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of...

Страница 394: ...nly a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new co...

Страница 395: ...n These commands modify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such as parit...

Страница 396: ...list ip extended access list mac access list ipv6 standard access list ipv6 extended Console config std acl Console config ext acl Console config mac acl Console config std ipv6 acl Console config ext...

Страница 397: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Страница 398: ...ally groups multiple ports into a single logical trunk configures Link Aggregation Control Protocol for port trunks 28 1 Mirror Port Mirrors data to another port for analysis without affecting the dat...

Страница 399: ...L Access Control List Configuration MST Multiple Spanning Tree CM Class Map Configuration NE Normal Exec DC DHCP Server Configuration PE Privileged Exec GC Global Configuration PM Policy Map Configura...

Страница 400: ...Overview of the Command Line Interface 21 12 21...

Страница 401: ...and Usage super is the default password required to change the command mode from Normal Exec to Privileged Exec To set this password see the enable password command on page 25 3 Table 22 1 General Com...

Страница 402: ...Command Mode Privileged Exec Command Usage The character is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 22 1 configure This c...

Страница 403: ...d history buffer The command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer w...

Страница 404: ...age This command resets the entire system Example This example shows how to reset the switch prompt This command customizes the CLI prompt Use the no form to restore the default prompt Syntax prompt s...

Страница 405: ...or exits the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI...

Страница 406: ...General Commands 22 6 22 Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username...

Страница 407: ...information that uniquely identifies this switch 23 1 System Status Displays system configuration active managers and version information 23 3 Frame Size Enables support for jumbo frames 23 9 File Ma...

Страница 408: ...ally starting from the top unit for a non loop stack or starting from the Master unit for a looped stack Syntax switch all renumber Default Setting For non loop stacking the top unit is unit 1 For loo...

Страница 409: ...the stack SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances...

Страница 410: ...map 00 20 1a df 9c a0 00 20 1a df 9e c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server comm...

Страница 411: ...mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information MAC address for each switch in the stack SNTP...

Страница 412: ...map 00 30 f1 d4 73 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server comm...

Страница 413: ...8 port 10 100 1000 Stackable Managed Switch with 2 X 10G uplinks System OID String 1 3 6 1 4 1 259 8 1 9 System information System Up time 0 days 1 hours 23 minutes and 44 61 seconds System Name NONE...

Страница 414: ...e version information for the system Default Setting None Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 4 3 for detailed information o...

Страница 415: ...the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also whe...

Страница 416: ...w file set as the startup file Saving or Restoring Configuration Settings Configuration settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded...

Страница 417: ...allows you to copy to from a TFTP server https certificate Keyword that allows you to copy the HTTPS secure site certificate public key Keyword that allows you to copy a SSH key from a TFTP server See...

Страница 418: ...25 12 Example The following example shows how to download new firmware from a TFTP server The following example shows how to upload the configuration settings to a file on the TFTP server The followin...

Страница 419: ...e or code image unit Stack unit Range 1 8 Default Setting None Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file na...

Страница 420: ...t of files in flash memory Syntax dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opc...

Страница 421: ...Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size T...

Страница 422: ...nfiguration file opcode Run time operation code filename Name of configuration file or code image unit Stack unit Range 1 8 The colon is required Default Setting None Command Mode Global Configuration...

Страница 423: ...rd Specifies a password on a line LC 23 19 timeout login response Sets the interval that the system waits for a login attempt LC 23 20 exec timeout Sets the interval that the command interpreter waits...

Страница 424: ...age There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When us...

Страница 425: ...em prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before...

Страница 426: ...he connection is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeo...

Страница 427: ...threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Co...

Страница 428: ...silent time to 60 seconds enter this command Related Commands password thresh 23 21 databits This command sets the number of data bits per character that are interpreted and generated by the console p...

Страница 429: ...age Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the ter...

Страница 430: ...d adjust the speed accordingly Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the default settin...

Страница 431: ...Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To...

Страница 432: ...control the type of error messages that are sent to specified syslog servers Example Related Commands logging history 23 27 logging trap 23 29 clear log 23 29 Table 23 8 Event Logging Commands Command...

Страница 433: ...Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 23 9 Logging Levels Level...

Страница 434: ...the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog s...

Страница 435: ...tting Disabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this com...

Страница 436: ...Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 and the message...

Страница 437: ...MOTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console Table 23 11 sh...

Страница 438: ...P servers for event handing However you must enter a separate command to specify each server Console show log ram 1 00 01 30 2001 01 01 VLAN 1 link up notification level 6 module 5 function 1 and even...

Страница 439: ...ges Syntax logging sendmail level level level One of the system message levels page 23 27 Messages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command M...

Страница 440: ...email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recip...

Страница 441: ...show logging sendmail SMTP servers 192 168 1 19 SMTP minimum severity level 7 SMTP destination email addresses ted this company com SMTP source email address bill this company com SMTP status Enabled...

Страница 442: ...the sntp poll command Example clock summertime date Configures summer time daylight savings time for the switch s internal clock GC 23 40 clock summertime predefined Configures summer time daylight s...

Страница 443: ...cifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues ti...

Страница 444: ...nd configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exec Command Usage This command displays the cur...

Страница 445: ...meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Related...

Страница 446: ...mer time name Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters b month The month when summer time will begin Options january february march april may june...

Страница 447: ...esponding to your local time when summer time is in effect you must indicate the number of minutes your summer time time zone deviates from your regular time zone Example Related Commands show clock 2...

Страница 448: ...gure the start end and offset times of summer time daylight savings time for the switch on a recurring basis Use the no form to disable summer time Syntax clock summer time name recurring b week b day...

Страница 449: ...rom the regular time zone in minutes Range 0 99 minutes Default Setting Disabled Command Mode Global Configuration Command Usage In some countries or regions clocks are adjusted through the summer mon...

Страница 450: ...nuary february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how t...

Страница 451: ...ommand Function Mode Page snmp server Enables the SNMP agent GC 24 2 show snmp Displays the status of SNMP communications NE PE 24 2 snmp server community Sets up the community access string to permit...

Страница 452: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Страница 453: ...t stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent en...

Страница 454: ...hat describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 24 4 snmp server locatio...

Страница 455: ...55 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like com...

Страница 456: ...nsure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to net...

Страница 457: ...uthentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Страница 458: ...P engine is an independent SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also used in combinati...

Страница 459: ...server engine id local 12345 Console config snmp server engineID remote 54321 192 168 1 19 Console config Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBo...

Страница 460: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefi...

Страница 461: ...mple Network Management Protocol on page 5 1 for further information about these authentication and encryption options readview Defines the view for read access 1 32 characters writeview Defines the v...

Страница 462: ...ification Messages on page 5 14 Also note that the authentication link up and link down messages are legacy traps and must therefore be enabled in conjunction with the snmp server enable traps command...

Страница 463: ...tatus active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Console Table 24 4 show snmp group display desc...

Страница 464: ...of eight characters is required priv des56 Uses SNMPv3 with privacy with DES56 encryption priv password Privacy password Enter as plain text if the encrypted option is not used Otherwise enter an encr...

Страница 465: ...ame steve Authentication Protocol md5 Privacy Protocol des56 Storage Type nonvolatile Row Status active SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt...

Страница 466: ...SNMP Commands 24 16 24...

Страница 467: ...sswords for management access 25 1 Authentication Sequence Defines logon authentication method and precedence 25 4 RADIUS Client Configures settings for authentication via a RADIUS server 25 6 TACACS...

Страница 468: ...d password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The fac...

Страница 469: ...8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 The default password is super Command Mode Global Configuration Command Usage You cannot set a null password...

Страница 470: ...he password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for...

Страница 471: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege...

Страница 472: ...r the retransmit period expires host_ip_address IP address of server auth_port RADIUS server UDP port used for authentication messages Range 1 65535 key Encryption key used to authenticate logon acces...

Страница 473: ...ey This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon acce...

Страница 474: ...his command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server t...

Страница 475: ...ost host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Console show radius server Remote RADIUS server configuration Global settings Commun...

Страница 476: ...de Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string...

Страница 477: ...ort number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Console show tacacs server Remote TACACS server configuration Server IP a...

Страница 478: ...l HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Defa...

Страница 479: ...fer to the copy command on page 23 11 Example Related Commands ip http secure port 25 13 copy tftp https certificate 23 11 ip http secure port This command specifies the UDP port number used for HTTPS...

Страница 480: ...form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port us...

Страница 481: ...switch and enable the SSH server Table 25 10 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 25 17 ip ssh timeout Specifies the authentication ti...

Страница 482: ...The current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA key 1024 35 1341081685609893921040944920155425347631641921872958921143173...

Страница 483: ...gorithm is supported by the switch it notifies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to...

Страница 484: ...ge 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation ph...

Страница 485: ...uration Example Related Commands show ip ssh 25 22 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key siz...

Страница 486: ...Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients This command stores the...

Страница 487: ...st key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Related Comm...

Страница 488: ...e show ip ssh SSH Enabled version 2 0 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session...

Страница 489: ...d by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options fo...

Страница 490: ...96954050362775257556251003866130989393834523 1033280214988866192159556859887989191950588394018138744046890877916030583 7768185490002831341625008348718449522087429212255691665655296328163516964 0408315...

Страница 491: ...e When port security is enabled with this command the switch first clears all dynamically learned entries from the address table It then starts learning new MAC addresses on the specified port and sto...

Страница 492: ...ll dot1x parameters to their default values GC 25 27 dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the aut...

Страница 493: ...d Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the aut...

Страница 494: ...me port Only one of these security mechanisms can be applied 802 1X port authentication cannot be configured on trunk ports In other words a static trunk or dynamically configured trunk cannot be set...

Страница 495: ...based auth Allows multiple hosts to connect to this port with each host needing to be authenticated Default Single host Command Mode Interface Configuration Command Usage The max count parameter speci...

Страница 496: ...ple dot1x re authentication This command enables periodic re authentication for a specified port Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface C...

Страница 497: ...conds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticate...

Страница 498: ...ce statistics Displays dot1x status for each port interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 Command Mode Privileged Exec Command Usage This command displays...

Страница 499: ...single or multiple hosts clients can connect to an 802 1X authorized port Max Count The maximum number of hosts allowed to access this port page 25 29 Port control Shows the dot1x mode on a port as au...

Страница 500: ...Host Auto yes 802 1X Port Details 802 1X is enabled on port 1 1 802 1X is enabled on port 26 Reauth enabled Enabled Reauth period 3600 Quiet period 60 TX period 30 Supplicant timeout 30 Server timeou...

Страница 501: ...nagement interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be co...

Страница 502: ...roup snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Consol...

Страница 503: ...ion Page IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code 26 1 IPv6 ACLs Configures ACLs based on IPv6 addresses next header type and flow label...

Страница 504: ...ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed...

Страница 505: ...sets a filter condition for packets with specific source or destination IP addresses protocol types source or destination protocol ports or TCP control codes Use the no form to remove a rule Syntax no...

Страница 506: ...nary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering t...

Страница 507: ...st This command displays the rules for configured IPv4 ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Na...

Страница 508: ...age A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show i...

Страница 509: ...Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you mu...

Страница 510: ...ed in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address compr...

Страница 511: ...dscp DSCP priority level Range 0 63 flow label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of...

Страница 512: ...supports the values defined for the IPv4 Protocol field in RFC 1700 including these commonly used headers 0 Hop by Hop Options RFC 2460 6 TCP Upper layer Header RFC 1700 17 UDP Upper layer Header RFC...

Страница 513: ...x no ipv6 access group acl_name in acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuratio...

Страница 514: ...s list and enters MAC ACL configuration mode Use the no form to remove the specified ACL Syntax no access list mac acl_name acl_name Name of the ACL Maximum length 16 characters Default Setting None C...

Страница 515: ...stination address i e physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination destination ad...

Страница 516: ...itmask Range 1 4093 protocol A specific Ethernet protocol number Range 600 fff hex protocol bitmask27 Protocol bitmask Range 600 fff hex Default Setting None Command Mode MAC ACL Command Usage New rul...

Страница 517: ...cl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can...

Страница 518: ...le Table 26 5 ACL Information Commands Command Function Mode Page show access list Show all IPv4 ACLs and associated rules PE 26 16 show access group Shows the IPv4 ACLs assigned to each port PE 26 17...

Страница 519: ...6 show access group This command shows the port assignments of IPv4 ACLs Command Mode Privileged Executive Example Console show access group Interface ethernet 1 2 IP standard access list david MAC ac...

Страница 520: ...Access Control List Commands 26 18 26...

Страница 521: ...terface configuration IC 27 2 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 27 3 negotiation Enables autonegotiation of a given interf...

Страница 522: ...Range 1 64 characters Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage The description is displayed by the show interfaces status command page 27 9 and in...

Страница 523: ...net Port Channel Command Usage The 1000BASE T and 10GBASE T standards do not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T or 10GBASE T port...

Страница 524: ...trol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disabled for the RJ 45 ports Example The following example configures port 11 to use autonegotiation R...

Страница 525: ...Auto negotiation should always be used to establish a connection over any 1000BASE T or 10GBASE T port or trunk When auto negotiation is enabled with the negotiation command the switch will negotiate...

Страница 526: ...l under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Othe...

Страница 527: ...sions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following example disables port 5 switchport broadcast packet rate T...

Страница 528: ...k unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset Thi...

Страница 529: ...ayed by this command see Displaying Connection Status on page 8 1 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic Information Port Type 1000T Mac Address 12 34 12 34 1...

Страница 530: ...Discard Output 0 Error Input 0 Error Output 0 Unknown Protos Input 0 QLen Output 0 Extended iftable Stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like St...

Страница 531: ...isabled Ingress Rate Limit Disable 1000M bits per second Egress Rate Limit Disable 1000M bits per second VLAN Membership Mode Hybrid Ingress Rule Disabled Acceptable Frame Type All frames Native VLAN...

Страница 532: ...nabled or disabled page 34 3 Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged page 34 11 Forbidden VLAN Shows the VLANs this interface can not d...

Страница 533: ...be configured in an identical manner including communication mode i e speed and duplex mode VLAN assignments and CoS settings Any of the Gigabit ports on the front panel can be trunked together inclu...

Страница 534: ...be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use...

Страница 535: ...CP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails Example The following shows LACP enabled on ports 10 12 Because LACP has also b...

Страница 536: ...ame system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiation...

Страница 537: ...CP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel g...

Страница 538: ...the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key...

Страница 539: ...applies to its administrative state not its operational state and will only take effect the next time an aggregate link is established with the partner Example show lacp This command displays LACP in...

Страница 540: ...rotocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or a...

Страница 541: ...nformation transmitted Aggregation The system considers this link to be aggregatable i e a potential candidate for aggregation Long timeout Periodic transmission of LACPDUs uses a slow transmission ra...

Страница 542: ...32768 00 30 F1 8F 2C A7 2 32768 00 30 F1 8F 2C A7 3 32768 00 30 F1 8F 2C A7 4 32768 00 30 F1 8F 2C A7 5 32768 00 30 F1 8F 2C A7 6 32768 00 30 F1 8F 2C A7 7 32768 00 30 F1 D4 73 A0 8 32768 00 30 F1 D4...

Страница 543: ...iguration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the des...

Страница 544: ...Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX RX TX Example The following shows mirroring configured from por...

Страница 545: ...it for a specific interface Use this command without specifying a rate to restore the default rate Use the no form to restore the default status of disabled Syntax rate limit input output rate no rate...

Страница 546: ...Rate Limit Commands 30 2 30...

Страница 547: ...ge 1 26 50 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static...

Страница 548: ...another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no form of this comm...

Страница 549: ...addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted whe...

Страница 550: ...0000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show ma...

Страница 551: ...e after LLDP ports are disabled or the link goes down GC 32 5 lldp tx delay Configures a delay between the successive transmission of advertisements initiated by a change in local LLDP MIB variables G...

Страница 552: ...ysical layer specifications IC 32 12 lldp dot3 tlv max frame Configures an LLDP enabled port to advertise its maximum frame size IC 32 13 lldp dot3 tlv poe Configures an LLDP enabled port to advertise...

Страница 553: ...d Usage The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner Example lldp notifica...

Страница 554: ...ange notification events missed due to throttling or transmission loss Example lldp refresh interval This command configures the periodic transmit interval for LLDP advertisements Use the no form to r...

Страница 555: ...port all information in the remote systems LLDP MIB associated with this port is deleted Example lldp tx delay This command configures a delay between the successive transmission of advertisements ini...

Страница 556: ...dmin status rx only Only receive LLDP PDUs tx only Only transmit LLDP PDUs tx rx Both transmit and receive LLDP Protocol Data Units PDUs Default Setting tx rx Command Mode Interface Configuration Ethe...

Страница 557: ...to advertise the management address for this device Use the no form to disable this feature Syntax no lldp basic tlv management ip address Default Setting Enabled Command Mode Interface Configuration...

Страница 558: ...ace Configuration Ethernet Port Channel Command Usage The port description is taken from the ifDescr object in RFC 2863 which includes information about the manufacturer the product name and the versi...

Страница 559: ...rnet Port Channel Command Usage The system description is taken from the sysDescr object in RFC 3418 which includes the full name and version identification of the system s hardware type software oper...

Страница 560: ...mand Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises the protocols that are accessible through this interface Example lldp dot1 tlv proto vid This command confi...

Страница 561: ...tion Ethernet Port Channel Command Usage The port s default VLAN identifier PVID indicates the VLAN with which untagged or priority tagged frames are associated see switchport native vlan on page 34 1...

Страница 562: ...et Port Channel Command Usage This option advertises link aggregation capabilities aggregation status of the link and the 802 3 aggregated port identifier if this interface is currently a link aggrega...

Страница 563: ...Interface Configuration Ethernet Port Channel Command Usage Refer to Frame Size Commands on page 23 9 for information on configuring the maximum frame size for this switch Example lldp dot3 tlv poe Th...

Страница 564: ...onfiguration summary interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Console config interf...

Страница 565: ...nge 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Console show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin St...

Страница 566: ...stem Name System Description 24 48 port 10 100 1000 Stackable Managed Switch with 2 X 10G uplinks System Capabilities Support Bridge Router System Capabilities Enable Bridge Router Management Address...

Страница 567: ...uplinks PortDescr Ethernet Port on unit 1 port 1 SystemCapSupported Bridge Router SystemCapEnabled Bridge Router Remote Management Address 192 168 0 5 IPv4 Remote Port VID 1 Remote Port Protocol VLAN...

Страница 568: ...ed Exec Example switch show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entrie...

Страница 569: ...ration mode GC 33 7 mst vlan Adds VLANs to a spanning tree instance MST 33 8 mst priority Configures the priority of a spanning tree instance MST 33 9 name Configures the name for the multiple spannin...

Страница 570: ...hich automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command selects the spanning tree...

Страница 571: ...ation delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after th...

Страница 572: ...e must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding...

Страница 573: ...d Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports ex...

Страница 574: ...lower numeric value becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example spanning tree pathcost me...

Страница 575: ...t Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage...

Страница 576: ...multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topo...

Страница 577: ...the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priori...

Страница 578: ...panning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Con...

Страница 579: ...nstances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the...

Страница 580: ...ds 65 535 the default is set to 65 535 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between d...

Страница 581: ...ts on a switch are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority...

Страница 582: ...ple Related Commands spanning tree portfast 33 14 spanning tree portfast This command sets an interface to fast forwarding Use the no form to disable fast forwarding Syntax no spanning tree portfast D...

Страница 583: ...to Command Mode Interface Configuration Ethernet Port Channel Command Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can...

Страница 584: ...mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021D 2004 standard exceeds 65 535 the default is set to 65 535 The default path costs are listed in...

Страница 585: ...n interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link...

Страница 586: ...nge 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading zeroes Default Setting None Command Mode...

Страница 587: ...ed Root 32768 0 0000E8900000 Current Root Port 2 Current Root Cost 10000 Number of Topology Changes 2 Last Topology Change Time sec 4100 Transmission Limit 3 Path Cost Method Long Eth 1 1 information...

Страница 588: ...ation This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configuration...

Страница 589: ...Groups Sets up VLAN groups including name VID and state 34 5 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP...

Страница 590: ...switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information...

Страница 591: ...ows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Default Setting...

Страница 592: ...Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media...

Страница 593: ...rp timer 34 4 Editing VLAN Groups vlan database This command enters VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration Con...

Страница 594: ...elete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed...

Страница 595: ...lan Table 34 4 Commands for Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN IC 34 7 switchport mode Configures VLAN membe...

Страница 596: ...link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as t...

Страница 597: ...n set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged fra...

Страница 598: ...fault Syntax switchport native vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4093 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethe...

Страница 599: ...nk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used w...

Страница 600: ...and prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set of forbid...

Страница 601: ...characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Type Stat...

Страница 602: ...is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 See switchport dot1q tunnel tpid page 34 16 5 Config...

Страница 603: ...sets the switch to operate in QinQ mode Use the no form to disable QinQ operating mode Syntax no dot1q tunnel system tunnel control Default Setting Disabled Command Mode Global Configuration Command...

Страница 604: ...t1q tunnel 34 17 show interfaces switchport 27 11 switchport dot1q tunnel tpid This command sets the Tag Protocol Identifier TPID value of a tunnel port Use the no form to restore the default setting...

Страница 605: ...ports Command Mode Privileged Exec Example Related Commands switchport dot1q tunnel mode 34 15 Console config interface ethernet 1 1 Console config if switchport dot1q tunnel tpid 9100 Console config...

Страница 606: ...e downlink ports can only be forwarded to and from the uplink port Data cannot pass between downlink ports in the same private VLAN nor to ports which do not belong to a private VLAN Any port can be d...

Страница 607: ...how pvlan This command displays the configured private VLAN Command Mode Privileged Exec Example Console config pvlan Console config pvlan up link ethernet 1 12 down link ethernet 1 5 8 Console config...

Страница 608: ...he protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protoco...

Страница 609: ...47483647 vlan id VLAN to which matching protocol traffic is forwarded Range 1 4093 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Ch...

Страница 610: ...ll protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet show interfaces protocol vlan protocol group This command shows the ma...

Страница 611: ...de Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Po...

Страница 612: ...VLAN Commands 34 24 34...

Страница 613: ...ntagged frames sets queue weights and maps class of service tags to hardware queues 35 1 Priority Layer 3 and 4 Sets the default priority processing method CoS IP Precedence or DSCP and maps TCP ports...

Страница 614: ...d Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed b...

Страница 615: ...his priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight prior...

Страница 616: ...ed to each queue by calculating a precise number of bytes per second that will be serviced on each round The granularity used to calculate this number is based on a unit of 2k bytes The bytes serviced...

Страница 617: ...lues assigned at the ingress port are also used at the egress port This command sets the CoS priority for all interfaces Example The following example shows how to change the CoS assignments to a one...

Страница 618: ...rt number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example show queue cos map This command shows the class of service priority map Syntax show queue cos map interf...

Страница 619: ...mapping globally Console show queue cos map ethernet 1 1 Information of Eth 1 1 CoS Value 0 1 2 3 4 5 6 7 Priority Queue 2 0 1 3 4 5 6 7 Console Table 35 4 Priority Commands Layer 3 and 4 Command Func...

Страница 620: ...an be specified for IP Port priority mapping This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Glob...

Страница 621: ...ion Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Serv...

Страница 622: ...t switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable...

Страница 623: ...EE 802 1p standard and then subsequently mapped to the eight hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP v...

Страница 624: ...ce ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Related Commands map ip precedence Global Configu...

Страница 625: ...ge 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 35 10 map ip dscp Interface Configuratio...

Страница 626: ...Class of Service Commands 35 14 35...

Страница 627: ...ass and use the policer command to monitor the average flow and burst rate and drop Table 36 1 Quality of Service Commands Command Function Mode Page class map Creates a class map for a type of traffi...

Страница 628: ...p class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter the Class...

Страница 629: ...within ingress packets that must match to qualify for this class map If an ingress packet matches an ACL specified by this command any deny rules included in the ACL will be ignored If match criteria...

Страница 630: ...ion This command specifies the description of a class map or policy map Syntax description string string Description of the class map or policy map Range 1 64 characters Command Mode Class Map Configu...

Страница 631: ...assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that...

Страница 632: ...the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any viola...

Страница 633: ...288 bytes drop Drop packet when specified rate or burst are exceeded set Set DSCP service to the specified value Range 0 63 Default Setting Drop out of profile packets Command Mode Policy Map Class Co...

Страница 634: ...t traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interface Configuration Ethernet Port C...

Страница 635: ...licy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name...

Страница 636: ...rnet unit port unit Stack unit Range 1 8 port Port number Range 1 26 50 port channel channel id Range 1 32 Command Mode Privileged Exec Example Console show policy map Policy Map rd_policy class rd_cl...

Страница 637: ...t groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 37 1 IGMP Query Configures IGMP...

Страница 638: ...ne Command Mode Global Configuration Command Usage Static multicast entries are never aged out When a multicast entry is assigned to an interface in a specific VLAN the corresponding traffic can only...

Страница 639: ...the default Syntax no ip igmp snooping immediate leave Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage If immediate leave is not used a multicast router or querier wi...

Страница 640: ...st address Syntax show mac address table multicast interface user igmp snooping user igmp snooping multicast address interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26...

Страница 641: ...tax no ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2...

Страница 642: ...ault Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sen...

Страница 643: ...ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 25 Default Setting 10 seconds Command Mode Glo...

Страница 644: ...port expire time seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range...

Страница 645: ...er ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP quer...

Страница 646: ...router vlan vlan id vlan id VLAN ID Range 1 4093 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types display...

Страница 647: ...Corresponding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 38 1 DNS Commands Command Function Mode Page...

Страница 648: ...get device Example This example maps two address to a host name clear host This command deletes entries from the DNS table Syntax clear host name name Name of the host Range 1 127 characters Removes a...

Страница 649: ...p domain list 38 3 ip name server 38 4 ip domain lookup 38 5 ip domain list This command defines a list of domain names that can be appended to incomplete host names i e host names passed from a clien...

Страница 650: ...This command specifies the address of one or more domain name servers to use for name to address resolution Use the no form to remove a name server from this list Syntax no ip name server server addr...

Страница 651: ...tax no ip domain lookup Default Setting Disabled Command Mode Global Configuration Command Usage At least one name server must be specified before you can enable DNS If all name servers are deleted DN...

Страница 652: ...Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address es as a previously configured entry Console config ip domain lookup Console config end...

Страница 653: ...199 239 136 200 1 4 Address a1116 x akamai net 19 61 213 189 120 2 4 Address a1116 x akamai net 19 61 213 189 104 3 4 CNAME graphics8 nytimes com 19 POINTER TO 2 4 4 CNAME graphics478 nytimes com edg...

Страница 654: ...e Service Commands 38 8 38 clear dns cache This command clears all entries in the DNS cache Command Mode Privileged Exec Example Console clear dns cache Console show dns cache NO FLAG TYPE IP TTL DOMA...

Страница 655: ...P client identifier for the current interface Use the no form to remove this identifier Syntax ip dhcp client identifier text text hex hex no ip dhcp client identifier text A text string Range 1 15 ch...

Страница 656: ...TP or DHCP mode via the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network port...

Страница 657: ...it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the DHCP relay agent i e this switch This switch then broadcas...

Страница 658: ...HCP server Range 1 3 addresses Default Setting None Command Mode Interface Configuration VLAN Usage Guidelines You must specify the IP address for at least one DHCP server Otherwise the switch s DHCP...

Страница 659: ...Server DNS servers available to a DHCP client DC 39 9 next server Configures the next server in the boot process of a DHCP client DC 39 9 bootfile Specifies a default boot image for a DHCP client DC 3...

Страница 660: ...ay be assigned Command Mode Global Configuration Example ip dhcp pool This command configures a DHCP address pool and enter DHCP Pool Configuration mode Use the no form to remove the address pool Synt...

Страница 661: ...network address pool matching the gateway where the request originated i e if the request was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded...

Страница 662: ...ter should be on the same subnet as the client You can specify up to two routers Routers are listed in order of preference starting with address1 as the most preferred router Example domain name This...

Страница 663: ...nnot correlate host names to IP addresses Servers are listed in order of preference starting with address1 as the most preferred server Example next server This command configures the next server in t...

Страница 664: ...command configures NetBIOS Windows Internet Naming Service WINS name servers that are available to Microsoft DHCP clients Use the no form to remove the NetBIOS name server list Syntax netbios name ser...

Страница 665: ...that an IP address is assigned to a DHCP client Use the no form to restore the default value Syntax lease days hours minutes infinite no lease days Specifies the duration of the lease in numbers of d...

Страница 666: ...if the request was forwarded by a relay server If there is no gateway in the client request i e the request was not forwarded by a relay server the switch searches for a network pool matching the int...

Страница 667: ...hexadecimal value Default Setting None Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP client to bind to an address specified in the host command If both a client ide...

Страница 668: ...et Command Mode DHCP Pool Configuration Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command BOOTP clients cannot transmit a client identifi...

Страница 669: ...vice to another device Example Related Commands show ip dhcp binding 39 15 show ip dhcp binding This command displays address bindings on the DHCP server Syntax show ip dhcp binding address address Sp...

Страница 670: ...DHCP Commands 39 16 39...

Страница 671: ...it has a higher priority than the currently active master router Table 40 1 Router Redundancy Commands Command Groups Function Page Virtual Router Redundancy Protocol Configures interface settings for...

Страница 672: ...within the same IP subnet If the IP address assigned to the virtual router with this command is already configured as the primary address on this interface this router is considered the Owner and wil...

Страница 673: ...en a VRRP packet is received from another router in the group its authentication key is compared to the string configured on this router If the keys match the message is accepted Otherwise the packet...

Страница 674: ...her than the current acting master comes on line this backup router will take over as the new acting master However note that if the original master i e the owner of the VRRP IP address comes back on...

Страница 675: ...over as the master virtual router for a VRRP group if it has a higher priority than the current acting master router Use the no form to disable preemption Syntax vrrp group preempt delay seconds no vr...

Страница 676: ...ry information for all VRRP groups on this router group Identifies a VRRP group Range 1 255 Defaults None Command Mode Privileged Exec Command Usage Use this command without any keywords to display th...

Страница 677: ...the virtual IP address Advertisement interval Interval at which the master virtual router advertises its role as the master Preemption Shows whether or not a higher priority router can preempt the cur...

Страница 678: ...n Field Description Interface VLAN interface Grp VRRP group State VRRP role of this interface master or backup Virtual addr Virtual address that identifies this VRRP group Int Interval at which the ma...

Страница 679: ...y items Console show vrrp router counters Total Number of VRRP Packets with Invalid Checksum 0 Total Number of VRRP Packets with Unknown Error 0 Total Number of VRRP Packets with Invalid VRID 0 Consol...

Страница 680: ...his command clears VRRP system statistics for the specified group and interface clear vrrp group interface interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configur...

Страница 681: ...network segment if routing is not enabled This section includes commands for configuring IP interfaces the Address Resolution Protocol ARP and Proxy ARP These commands are used to connect subnetworks...

Страница 682: ...NE PE 41 14 ipv6 default gateway Sets an IPv6 default gateway for traffic with no known next hop GC 41 17 show ipv6 default gateway Displays the current IPv6 default gateway NE PE 41 17 ipv6 mtu Sets...

Страница 683: ...rds a router interface address defines the network segment that is connected to that interface and allows IP packets to be sent to or from the router Before any network interfaces are configured on th...

Страница 684: ...a any of these IP addresses Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart client 39 2 ipv6 address 41 9 ip default gateway This command...

Страница 685: ...1 14 show ip redirects This command shows the IPv4 default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands ip default gateway 41 4 show ip...

Страница 686: ...ne to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indic...

Страница 687: ...address type makes the router accessible over IPv6 for all devices attached to the same local subnet If a duplicate address is detected on the local segment this interface will be disabled and a warn...

Страница 688: ...ndefined fields prefix length A decimal value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Default Setting No gene...

Страница 689: ...eral prefix if one is used followed by the host address bits The address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One doub...

Страница 690: ...ui 64 41 12 ipv6 address autoconfig 41 10 show ipv6 interface 41 14 ip address 41 3 ipv6 address autoconfig This command enables stateless autoconfiguration of IPv6 addresses on an interface and enabl...

Страница 691: ...ll attempt to acquire other non address configuration information such as a default gateway from a DHCP for IPv6 server Example This example assigns two dynamic global unicast address of 2005 212 CFFF...

Страница 692: ...erate a global unicast address and a link local address for this interface The link local address is made with an address prefix of FE80 and a host portion based the router s MAC address in modified E...

Страница 693: ...rface Use the no form with a specific address to remove it from the interface Syntax ipv6 address ipv6 address link local no ipv6 address ipv6 address link local ipv6 address The IPv6 address assigned...

Страница 694: ...usability and configured settings for IPv6 interfaces Syntax show ipv6 interface brief vlan vlan id ipv6 prefix prefix length brief Displays a brief summary of IPv6 operational status and the address...

Страница 695: ...1 1 16 FF02 1 16 FF02 1 FF00 79 104 FF02 1 FF19 6779 104 MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND retransmit interval is 1000 milliseconds Console Table 41 3 show ipv6 interface...

Страница 696: ...lso required to compute and join the associated solicited node multicast addresses for every unicast and anycast address it is assigned IPv6 addresses that differ only in the high order bits e g due t...

Страница 697: ...Configuration Command Usage The gateway specified in this command is only valid if routing is disabled with the no ip routing command If IP routing is disabled you must define a gateway if the target...

Страница 698: ...from this device This option is provided to ensure that all nodes on a link use the same MTU value in cases where the link MTU is not otherwise well known IPv6 routers do not fragment IPv6 packets fo...

Страница 699: ...tistics Console show ipv6 mtu MTU Since Destination Address 1400 00 04 21 5000 1 3 1280 00 04 50 FE80 203 A0FF FED6 141D Console Table 41 4 show ipv6 mtu display description Field Description MTU Adju...

Страница 700: ...meter option 0 hopcount expired 0 reassembly timeout 0 too big 0 echo request 0 echo reply 0 group query 0 group report 0 group reduce 0 router solicit 0 router advert 0 redirects 0 neighbor solicit 0...

Страница 701: ...ol This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams not a router The number of input da...

Страница 702: ...that have been generated as a result of fragmentation at this output interface fragmented failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this outp...

Страница 703: ...erface group query The number of ICMPv6 Group Membership Query messages received by the interface group report The number of ICMPv6 Group Membership Response messages received by the interface group r...

Страница 704: ...ce redirects The number of Redirect messages sent For a host this object will always be zero since hosts do not send redirects neighbor solicit The number of ICMP Neighbor Solicitation messages sent b...

Страница 705: ...le colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields host name The name the IPv6 device to ping A host name can be resolved into an IPv...

Страница 706: ...ample Related Commands ping 41 6 ipv6 neighbor This command configures a static entry in the IPv6 neighbor discovery cache Use the no form to remove a static entry from the cache Syntax ipv6 neighbor...

Страница 707: ...ipv6 enable command see page 41 7 deletes all dynamically learned entries in the IPv6 neighbor discovery cache for that interface but does not delete static entries Example The following maps a static...

Страница 708: ...ion for all unicast IPv6 addresses on the interface While duplicate address detection is performed on the interface s link local address the other IPv6 addresses remain in a tentative state If no dupl...

Страница 709: ...sed for neighbor discovery operations 0 milliseconds is advertised in router advertisements Command Mode Interface Configuration VLAN Command Usage When a non default value is configured the specified...

Страница 710: ...d 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Default Setting All IPv6 neighbor discovery ca...

Страница 711: ...hbor was functioning While in REACH state the device takes no special action when sending packets STALE More than the ReachableTime interval has elapsed since the last positive confirmation was receiv...

Страница 712: ...ed IP address The format for this address is xx xx xx xx xx xx Default Setting No default entries Command Mode Global Configuration Command Usage The ARP cache is used to map 32 bit IP addresses into...

Страница 713: ...c entry remains in the ARP cache Range 300 86400 86400 is one day Default Setting 1200 seconds 20 minutes Command Mode Global Configuration Command Usage When a ARP entry expires it is deleted from th...

Страница 714: ...ows each cache entry including the IP address MAC address type static dynamic other and VLAN interface Note that entry type other indicates local addresses for this router Example This example display...

Страница 715: ...the MAC address of a host on another subnet or network End stations that require Proxy ARP must view the entire network as a single network These nodes must therefore use a smaller subnet mask than t...

Страница 716: ...IP Interface Commands 41 36 41...

Страница 717: ...Use the no form to disable IP routing Syntax no ip routing Default Setting Enabled Table 42 1 IP Routing Commands Command Group Function Page Global Routing Configuration Configures global parameters...

Страница 718: ...ork mask for the associated IP subnet This mask identifies the host address bits used for routing to specific subnets default Sets this entry as the default route gateway IP address of the gateway use...

Страница 719: ...local interface Use the no ip route command to remove a static route Example show ip route This command displays information in the IP routing table Syntax show ip route config address netmask config...

Страница 720: ...outer Netmask Network mask for the associated IP subnet Next Hop IP address of the next hop or gateway used for this route Protocol The protocol which generated this route information Values static lo...

Страница 721: ...0 unreachable 0 echo 5 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp Sent 0 redirects 0 unreachable 0 echo 0 echo reply 0 mask requests 0 mask replies 0 quench 0 timestam...

Страница 722: ...outes from one routing domain to another RC 42 11 ip rip receive version Sets the RIP receive version to use on a network interface IC 42 12 ip rip send version Sets the RIP send version to use on a n...

Страница 723: ...s It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistributed into RIP For example if a met...

Страница 724: ...meout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advertised as unreachable Howev...

Страница 725: ...xxx xxx xxx is entered the first field nnn determines the class 0 127 is class A and only the first field in the network address is used 128 191 is class B and the first two fields in the network addr...

Страница 726: ...ip rip send version command will be set to the following values RIP Version 1 configures the unset interfaces to send RIPv1 compatible protocol messages and receive either RIPv1 or RIPv2 protocol mes...

Страница 727: ...must be used to resolve the problem of redistributing external routes with incompatible metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a hi...

Страница 728: ...e this command to override the global setting specified by the RIP redistribute command You can specify the receive version based on these options Use none if you do not want to add any dynamic entrie...

Страница 729: ...ceive version based on these options Use none to passively monitor route information advertised by other routers attached to the network Use 1 or 2 if all routers in the local network are based on RIP...

Страница 730: ...etrics to infinity This provides faster convergence Example This example propagates routes back to the source using poison reverse ip rip authentication key This command enables authentication for RIP...

Страница 731: ...MD5 authentication Command Mode Interface Configuration VLAN Default Setting No authentication Command Usage The password to be used for authentication is specified in the ip rip authentication key c...

Страница 732: ...n about the last time a route update was received the RIP version used by the neighbor and the status of routing messages received from this neighbor Command Mode Privileged Exec Console config interf...

Страница 733: ...ode RIP version sent on this interface none RIPv1 RIPv2 or RIPv2 broadcast ReceiveMode RIP version received on this interface none RIPv1 RIPv2 RIPv1 or RIPv2 Poison Shows if split horizon poison rever...

Страница 734: ...Area Configuration network area Assigns specified interface to an area RC 42 26 area stub Defines a stubby area that cannot send or receive LSAs RC 42 27 area nssa Defines a not so stubby that can im...

Страница 735: ...outing processes PE 42 39 show ip ospf border routers Displays routing table entries for Area Border Routers ABR and Autonomous System Boundary Routers ASBR PE 42 40 show ip ospf database Shows inform...

Страница 736: ...the router ID you cannot be set to 0 0 0 0 or 255 255 255 255 If this router already has registered neighbors the new router ID will be used when the router is rebooted or manually restarted by enteri...

Страница 737: ...rates a default external route into an autonomous system Use the no form to disable this feature Syntax default information originate always metric interface metric metric type metric type no default...

Страница 738: ...cost is only used as a tie breaker if several Type 2 routes have the same cost Example This example assigns a metric of 20 to the default external route advertised into an autonomous system sending i...

Страница 739: ...Setting Disabled Command Usage This command can be used to summarize intra area routes and advertise this information to other areas through Area Border Routers ABRs If the network addresses within a...

Страница 740: ...fault Setting 1 Command Usage Use this option only on an area border router attached to a stub area or NSSA If the default cost is set to 0 the router will not advertise a default route into the attac...

Страница 741: ...his command redistributes external routing information from other routing protocols and static routes into an autonomous system Use the no form to disable this feature or to restore the default settin...

Страница 742: ...S is equal to the cost associated with reaching the advertising ASBR plus the cost of the external route When a Type 2 LSA is received by a router it only uses the external route metric to determine r...

Страница 743: ...ed in subsequent network area commands the router will use the network area with the address range that most closely matches the interface address Also note that if a more specific address range is re...

Страница 744: ...ABR This router supports up to 16 total areas either normal transit areas stubs or NSSAs Example This example creates a stub area 10 2 0 0 and assigns all interfaces with class B addresses 10 2 x x to...

Страница 745: ...e AS into the NSSA using the default information originate keyword However an NSSA is different from a stub because when the router is an ASBR it can import a default external AS route for routing pro...

Страница 746: ...fy the authentication field in protocol message headers A separate password can be assigned to each network interface However this key must be the same for all neighboring routers on the same network...

Страница 747: ...ted by this amount before transmission This value must be the same for all routers attached to an autonomous system Range 1 3600 seconds Default 1 seconds Command Mode Router Configuration Default Set...

Страница 748: ...ssword or key All neighboring routers on the same network with the same password will exchange routing data This command creates a password key that is inserted into the OSPF header when routing proto...

Страница 749: ...ring routers to verify the authenticity of routing protocol messages Use the no form to remove the password Syntax ip ospf authentication key key no ip ospf authentication key key Sets a plain text pa...

Страница 750: ...e with the ip ospf authentication command configure the message digest key id and key with this command Normally only one key is used per interface to generate authentication information for outbound...

Страница 751: ...ter link state advertisements Routes are assigned a metric equal to the sum of all metrics for each interface link in the route Interface cost reflects the port speed This router uses a default cost o...

Страница 752: ...pf hello interval command Command Usage The dead interval is advertised in the router s hello packets It must be a multiple of the hello interval and be the same for all routers on a specific network...

Страница 753: ...orms an active adjacency to all other routers in the network segment to exchange routing topology information If for any reason the DR fails the BDR takes over this role Set the priority to zero to pr...

Страница 754: ...an adequate flow of routing information but does not produce unnecessary protocol traffic Note that this value should be larger for virtual links Set this interval to a value that is greater than the...

Страница 755: ...ole config interface vlan 1 Console config if ip ospf transmit delay 6 Console config if Console show ip ospf Routing Process with ID 10 1 1 253 Supports only single TOS TOS0 route It is an area borde...

Страница 756: ...Area SPF No 10 1 1 252 10 1 1 253 0 ABR INTRA 10 1 0 0 3 10 2 6 252 10 2 9 253 0 ASBR INTER 10 2 0 0 7 Console Table 42 10 show ip ospf border routers display description Field Description Destination...

Страница 757: ...originate link state id show ip ospf area id database self originate link state id show ip ospf area id database summary link state id show ip ospf area id database summary link state id adv router i...

Страница 758: ...52 26 0X80000005 0X89A1 10 1 1 253 10 1 1 253 23 0X80000002 0X8D9D Displaying Net Link States Area 10 1 0 0 Link ID ADV Router Age Seq Checksum 10 1 1 252 10 1 1 252 28 0X80000001 0X53E1 Console Table...

Страница 759: ...Network Mask 255 255 255 0 Metric 1 Console Table 42 12 show ip ospf asbr summary display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilit...

Страница 760: ...a 2 1 1 0 0 0 Total LSA Counts 4 Console Table 42 13 show ip ospf database summary display description Field Description Area ID Area identifier Router Number of router LSAs Network Number of network...

Страница 761: ...associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link State ID IP network number External Network Num...

Страница 762: ...outer 10 1 1 253 Console Table 42 15 show ip ospf network display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the...

Страница 763: ...er display description Field Description OSPF Router id Router ID LS age Age of LSA in seconds Options Optional capabilities associated with the LSA LS Type Router Link LSA describes the router s inte...

Страница 764: ...r 80000003 LS Checksum 0x3D02 Length 28 Network Mask 255 255 255 0 Metric 1 Console Table 42 17 show ip ospf summary display description Field Description OSPF Router id Router ID LS age Age of LSA in...

Страница 765: ...atus of physical link Interface Address IP address of OSPF interface Mask Network mask for interface address Area OSPF area to which this interface belongs Router ID Router ID Network Type Includes br...

Страница 766: ...router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet b...

Страница 767: ...Commands area virtual link 42 30 Console show ip ospf summary address 10 1 0 0 255 255 0 0 Console Console show ip ospf virtual links Virtual Link to router 10 1 1 253 is up Transit area 10 1 1 0 Tran...

Страница 768: ...IP Routing Commands 42 52 42...

Страница 769: ...Section IV Appendices This section provides additional information on the following topics Software Specifications A 1 Troubleshooting B 1 Glossary Index...

Страница 770: ...Appendices...

Страница 771: ...Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input Limit Output limit Range configured per port Port Trunking Static...

Страница 772: ...g groups 1 2 3 9 SMTP Email Alerts Management Features In Band Management Telnet web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading T...

Страница 773: ...F RFC 2328 2178 1587 RADIUS RFC 2618 RIP RFC 1058 RIPv2 RFC 2453 RIPv2 extension RFC 1724 RMON RFC 2819 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 RFC DRAFT 3414 3410 2273 3411 3415 SNTP RFC...

Страница 774: ...1 RIP1 MIB RFC 1058 RIP2 MIB RFC 2453 RIP2 Extension RFC1724 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2 IP MIB RFC 2011 SNMP Framework MIB RFC 3411 SNMP...

Страница 775: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Страница 776: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 777: ...ce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP...

Страница 778: ...ation Protocol over LAN EAPOL EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch A user name and password...

Страница 779: ...Spanning Tree Protocol RSTP which reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Now incorporated in IEEE 802 1D 2004 IEEE...

Страница 780: ...edence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The eight values are mapped one to one to the Clas...

Страница 781: ...or radio Open Shortest Path First OSPF OSPF is a link state routing protocol that functions better over a larger network such as the Internet as opposed to distance vector routing protocols such as R...

Страница 782: ...about 10 of that required by the older IEEE 802 1D STP standard Routing Information Protocol RIP The RIP protocol seeks to find the shortest route to another device by minimizing the distance vector...

Страница 783: ...reenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not have daylight saving time User Datagram Protocol UDP UDP provides a datagram mode for pac...

Страница 784: ...hich has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down XModem A protocol used to transfer files between devices Data is grouped in 128 byt...

Страница 785: ...ommand line interface See CLI community string 2 13 5 3 24 3 configuration files restoring defaults 4 24 23 10 configuration settings saving or restoring 2 16 4 24 23 10 23 11 console port required co...

Страница 786: ...2 1X 6 18 25 26 IGMP groups displaying 15 8 37 4 immediate leave status 15 5 37 4 Layer 2 15 2 37 1 query 15 2 37 5 query Layer 2 15 3 37 5 snooping 15 2 37 1 snooping configuring 15 3 37 1 snooping i...

Страница 787: ...attributes 12 3 32 1 32 6 32 13 message statistics 12 11 32 18 message timing 12 1 32 3 32 5 remote information displaying 12 9 32 16 remote port information displaying 12 8 32 16 timing attributes co...

Страница 788: ...g 8 19 29 1 priority default port ingress 13 1 35 3 problems troubleshooting B 1 protocol migration 10 15 33 17 proxy ARP 19 9 41 35 Q QinQ Tunneling See 802 1Q QoS 14 1 36 1 Quality of Service See Qo...

Страница 789: ...switch settings saving or restoring 23 10 system clock setting 4 36 4 37 23 35 system clock summer time 4 40 23 40 23 41 23 42 system clock time zone 4 39 23 39 system mode normal or QinQ 11 16 34 15...

Страница 790: ...roup statistics 18 8 40 6 preemption 18 3 18 4 40 5 priority 18 3 18 4 40 3 protocol message statistics 18 7 40 9 timers 18 4 40 4 virtual address 18 2 18 4 40 2 W web interface access requirements 3...

Страница 791: ......

Страница 792: ...ES4626F ES4650F E062009 R01 ST 149100000013A...

Отзывы:

Нет отзывов

Похожие инструкции для ES4626F

Бренд: Dataprobe Страницы: 31

Бренд: IBM Страницы: 13

Flex System EN2092

Бренд: IBM Страницы: 2

Sierra Video 1208V3S

Бренд: Kramer Страницы: 2

Бренд: AbleNet Страницы: 12

BONANZA ACCU-SIM V35B

Бренд: A2A Simulations Страницы: 112

FRIENDLYNET FS4116R

Бренд: Asante Страницы: 6

LS-5500-28C-PWR-SI-OVS

Бренд: H3C Страницы: 86

3C17205 - SuperStack 3 Switch 4400 PWR

Бренд: 3Com Страницы: 90

BNI EIP-950-000-Z009

Бренд: Balluff Страницы: 12

Бренд: Advantech Страницы: 101

Бренд: Versitron Страницы: 46

Бренд: AMAV Страницы: 8

Бренд: Enterasys Страницы: 41

Бренд: Xantech Страницы: 5

Бренд: Hored Страницы: 4

Digi-Touch DDN-SW1

Бренд: Blueridge Страницы: 13

Бренд: H3C Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды