Enterasys Matrix-V V2H124-24P Скачать руководство пользователя страница 98 | Manualshive

Страница: 98 / 498

Enterasys Matrix-V V2H124-24P Скачать руководство пользователя страница 98

Configuring the Switch

3-48

3

Configuring Local/Remote Logon Authentication

Use the Authentication Settings menu to restrict management access based on
specified user names and passwords. You can manually configure access rights on
the switch, or you can use a remote access authentication server based on RADIUS
or protocols.

Remote Authentication Dial-in
User Service (RADIUS) and
Terminal Access Controller
Access Control System Plus
() are logon
authentication protocols that use
software running on a central
server to control access to
RADIUS-aware or TACACS
-aware devices on the network.
An authentication server contains
a database of multiple user name/password pairs with associated privilege levels for
each user that requires management access to the switch.

RADIUS uses UDP while uses TCP. UDP only offers best effort delivery,
while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts
only the password in the access-request packet from the client to the server, while
encrypts the entire body of the packet.

Command Usage

• By default, management access is always checked against the authentication

database stored on the local switch. If a remote authentication server is used, you
must specify the authentication sequence and the corresponding parameters for
the remote authentication protocol. Local and remote logon authentication control
management access via the console port, web browser, or Telnet.

• RADIUS and logon authentication assign a specific privilege level for

each user name/password pair. The user name, password, and privilege level
must be configured on the authentication server.

• You can specify up to three authentication methods for any user to indicate the

authentication sequence. For example, if you select (1) RADIUS, (2) TACACS and
(3) Local, the user name and password on the RADIUS server is verified first. If the
RADIUS server is not available, then authentication is attempted using the
server, and finally the local user name and password is checked.

Web
Telnet

RADIUS/

server

console

1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.

«
...
96
97
98
99
100
...
»

Содержание Matrix-V V2H124-24P

Страница 1: ...P N 9033925 06 Matrix V Series V2H124 24 V2H124 24FX and V2H124 24P Fast Ethernet Switch Configuration Guide...

Страница 2: ......

Страница 3: ...E OR THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover M...

Страница 4: ...ON BEHALF OF THE END USER IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE AUTHORIZED TO ACT YOU AND YOUR SHALL BE DEEMED TO REFER TO SUCH ENTITY AND THAT YOU AGREE THAT YOU ARE BOUND BY THE TERM...

Страница 5: ...gram is exported from the United States pursuant to the License Exception TSR under the U S Export Administration Regulations in addition to the restriction on transfer set forth in Sections 1 or 2 of...

Страница 6: ...showing i license fees due and paid and ii the use copying and deployment of the Program You also grant to Enterasys and its authorized representatives upon reasonable notice the right to audit and ex...

Страница 7: ...a breach of this Agreement 12 WAIVER A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent...

Страница 8: ...Notice vi...

Страница 9: ...ic Configuration 2 4 Console Connection 2 4 Setting Passwords 2 5 Setting an IP Address 2 6 Manual Configuration 2 6 Dynamic Configuration 2 7 Enabling SNMP Management Access 2 8 Community Strings for...

Страница 10: ...n 3 33 Setting the Time Zone 3 34 Configuring SNMP 3 35 Enabling SNMP 3 36 Setting Community Access Strings 3 37 Specifying Trap Managers 3 38 Configuring SNMPv3 Management Access 3 39 Setting an Engi...

Страница 11: ...s 3 89 Creating Trunk Groups 3 90 Statically Configuring a Trunk 3 91 Enabling LACP on Selected Ports 3 93 Configuring LACP Parameters 3 94 Displaying LACP Port Counters 3 97 Displaying LACP Settings...

Страница 12: ...the Default Priority for Interfaces 3 156 Mapping CoS Values to Egress Queues 3 157 Selecting the Queue Mode 3 159 Setting the Service Weight for Traffic Classes 3 159 Layer 3 4 Priority Settings 3 1...

Страница 13: ...Negating the Effect of Commands 4 5 Using Command History 4 5 Understanding Command Modes 4 5 Exec Commands 4 6 Configuration Commands 4 6 Command Line Processing 4 7 Command Groups 4 8 Line Commands...

Страница 14: ...Commands 4 34 ip ssh server 4 36 ip ssh timeout 4 37 ip ssh authentication retries 4 37 ip ssh server key size 4 38 delete public key 4 38 ip ssh crypto host key generate 4 39 ip ssh crypto zeroize 4...

Страница 15: ...4 66 copy 4 66 delete 4 69 dir 4 70 whichboot 4 71 boot system 4 71 Cabletron Discovery Protocol CDP 4 72 cdp authentication key 4 72 cdp holdtime 4 73 cdp timer 4 74 cdp Global Configuration 4 74 cdp...

Страница 16: ...ty Commands 4 98 port security 4 98 802 1x Port Authentication 4 99 dot1x system auth control 4 100 dot1x default 4 101 dot1x max req 4 101 dot1x port control 4 102 dot1x operation mode 4 102 dot1x re...

Страница 17: ...132 mac access group 4 132 show mac access group 4 133 map access list mac 4 133 show map access list mac 4 134 match access list mac 4 134 ACL Information 4 135 show access list 4 135 show access lis...

Страница 18: ...Interface 4 168 lacp admin key Port Channel 4 169 lacp port priority 4 170 show lacp 4 170 Address Table Commands 4 174 mac address table static 4 174 clear mac address table dynamic 4 175 show mac a...

Страница 19: ...nterface vlan 4 200 switchport mode 4 201 switchport acceptable frame types 4 202 switchport ingress filtering 4 202 switchport native vlan 4 203 switchport allowed vlan 4 204 switchport forbidden vla...

Страница 20: ...ast 4 227 IGMP Query Commands Layer 2 4 228 ip igmp snooping querier 4 228 ip igmp snooping query count 4 229 ip igmp snooping query interval 4 230 ip igmp snooping query max response time 4 230 ip ig...

Страница 21: ...eshooting A 1 Problems Accessing the Management Interface A 1 Using System Logs A 2 Appendix B Software Specifications B 1 Software Features B 1 Management Features B 2 Standards B 2 Management Inform...

Страница 22: ...Contents xx...

Страница 23: ...163 Table 3 17 Egress Queue Priority Mapping 3 168 Table 4 1 Command Modes 4 5 Table 4 2 Configuration Commands 4 7 Table 4 3 Keystroke Commands 4 7 Table 4 4 Command Group Index 4 8 Table 4 5 Line Co...

Страница 24: ...4 44 SNMP Engine ID 4 144 Table 4 45 SNMP View 4 145 Table 4 46 Show SNMP Group display description 4 147 Table 4 47 SNMP User 4 149 Table 4 48 Interface Commands 4 150 Table 4 49 Show Interfaces Swit...

Страница 25: ...Snooping Commands 4 225 Table 4 71 IGMP Query Commands Layer 2 4 228 Table 4 72 Static Multicast Routing Commands 4 232 Table 4 73 IP Interface Command Syntax 4 233 Table 4 74 DNS Commands 4 238 Table...

Страница 26: ...Tables xxiv...

Страница 27: ...ch 3 32 Figure 3 20 Configuring SNTP 3 33 Figure 3 21 Setting the Time Zone 3 34 Figure 3 22 Enabling the SNMP Agent 3 36 Figure 3 23 Configuring SNMP Community Strings 3 37 Figure 3 24 Configuring SN...

Страница 28: ...rror Port 3 104 Figure 3 64 Configuring Output Port Rate Limiting 3 105 Figure 3 65 Displaying Port Statistics 3 108 Figure 3 66 Displaying Etherlike and RMON Statistics 3 109 Figure 3 67 Globally Con...

Страница 29: ...cedence to Class of Service Values 3 162 Figure 3 100 IP DSCP Priority 3 164 Figure 3 101 Globally Enabling the IP Port Priority Status 3 165 Figure 3 102 IP Port Priority 3 165 Figure 3 103 Mapping P...

Страница 30: ...Figures xxviii...

Страница 31: ...up to 32 IP or MAC ACLs DHCP Client Supported DNS Server Supported Port Configuration Speed duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One or mo...

Страница 32: ...r can be verified via a remote authentication server i e RADIUS or TACACS Port based and MAC based authentication is also supported via the IEEE 802 1x protocol This protocol uses the Extensible Authe...

Страница 33: ...ion and provide redundancy by taking over the load if a port in the trunk should fail The switch supports up to 6 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from o...

Страница 34: ...ides for even faster convergence than RSTP by limiting the size of each region and prevents VLAN members from being segmented from the rest of the group as sometimes occurs with IEEE 802 1D STP Virtua...

Страница 35: ...s IGMP Snooping and Query to manage multicast group registration System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defa...

Страница 36: ...Cabletron Discovery Protocol Status Auto enabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP Disabled Broadcast Storm Protection Status Enabled all ports Broa...

Страница 37: ...nagement VLAN 1 IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Enabed BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled System Log Status Enable...

Страница 38: ...Introduction 1 8 1...

Страница 39: ...o the network The switch s management agent is based on SNMP Simple Network Management Protocol version 3 This SNMP agent permits the switch to be managed from any system in the network using manageme...

Страница 40: ...g to the Console Port on page 3 8 of the Hardware Configuration Guide To connect a terminal to the console port complete the following steps 1 Connect the console cable to the serial port on a termina...

Страница 41: ...IP parameters you can access the onboard configuration program from anywhere within the attached network The onboard configuration program can be accessed using Telnet from any computer attached to th...

Страница 42: ...All units in the stack must be connected via stacking cables Note A single point of failure in a unit will cause the stack to break apart and units will become independent switches Resilient IP Inter...

Страница 43: ...you should define new passwords for both default user names using the username command record them and put them in a safe place Passwords can consist of up to 8 alphanumeric characters and are case s...

Страница 44: ...fault gateway that resides between this device and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything o...

Страница 45: ...1 From the Privileged Exec level global configuration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 At the interface configuration mode prompt use one of...

Страница 46: ...community string that provides read write access to the entire MIB tree However you may assign new views to version 1 or 2c community strings that suit your specific security requirements Community St...

Страница 47: ...r community string specifies access rights for a version 1 2c host or is the user name of a version 3 host version indicates the SNMP client version and auth noauth priv means that authentication no a...

Страница 48: ...itch is rebooted To save all your configuration changes in nonvolatile storage you must copy the running configuration file to the start up configuration file using the copy command To save the curren...

Страница 49: ...iagnostic code files However you can have as many configuration files as available flash memory space allows In the system flash memory one file of each type must be set as the start up file During a...

Страница 50: ...Initial Configuration 2 12 2...

Страница 51: ...tion Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program See Configuring User Accounts on page 3 46 3 After you enter a user name and passwo...

Страница 52: ...t side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Configura...

Страница 53: ...the Port Configuration page as described on page 3 89 Figure 3 2 Ports Panel Indicators Main Menu Using the onboard Web agent you can define system parameters manage and control the switch and all it...

Страница 54: ...40 Groups Configures SNMP v3 groups 3 42 Views Configures SNMP v3 views 3 44 Security 3 46 User Accounts Configures user names and passwords 3 46 Authentication Settings Configures authentication sequ...

Страница 55: ...ion settings 3 89 Trunk Configuration Configures trunk connection settings 3 89 Trunk Membership Specifies ports to group into static trunks 3 91 LACP 3 93 Configuration Allows ports to dynamically jo...

Страница 56: ...Sets timeout for dynamically learned entries 3 122 Spanning Tree 3 123 STA Information Displays STA values used for the bridge 3 123 Configuration Configures global bridge settings for STA 3 123 Port...

Страница 57: ...3 159 Queue Scheduling Configures Weighted Round Robin queueing 3 159 IPPrecedence DSCPPriority Status Globally selects IP Precedence or DSCP Priority or disables both 3 161 IP Precedence Priority Set...

Страница 58: ...secure server Shows if management access via HTTPS is enabled Web secure server port Shows the TCP port used by the HTTPS interface Telnet server Shows if management access via Telnet is enabled Telne...

Страница 59: ...System Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that access the Command Line Interfac...

Страница 60: ...Series 4 25 Console config snmp server location TPS 2nd Floor 4 140 Console config snmp server contact David 4 140 Console show system System description Enterasys Networks Inc V2H124 24 SW version V...

Страница 61: ...Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Slo...

Страница 62: ...ddresses Refer to Setting Static Addresses on page 3 120 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging Thi...

Страница 63: ...Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Bridge Extension Capabilities CLI Enter the following command Console show...

Страница 64: ...ement station can be connected to any port on the switch However if other VLANs are configured and you change the Management VLAN you may lose management access to the switch In this case you should r...

Страница 65: ...enter the IP address subnet mask and gateway then click Apply Figure 3 6 VLAN IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interfa...

Страница 66: ...he switch will also broadcast a request for IP configuration settings on each power reset Figure 3 7 IP Configuration Note If you lose your management connection use a console connection and enter sho...

Страница 67: ...ed The switch also allows a runtime code file to be copied to or from another switch unit in the stack Command Attributes File Transfer Method The firmware copy operation includes these options file t...

Страница 68: ...the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the cu...

Страница 69: ...stination file names When the file has completed the download set the new file to start up the system and then restart the switch To start the new firmware enter the reload command or reboot the syste...

Страница 70: ...e startup configuration to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP serve...

Страница 71: ...config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then click Apply Fig...

Страница 72: ...er unit in the stack Console copy tftp startup config 4 66 TFTP server ip address 192 168 1 19 Source configuration file name config 1 Startup configuration file name startup Write to FLASH Programmin...

Страница 73: ...3 attempts Silent Time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the numbe...

Страница 74: ...e password 0 secret 4 12 Console config line timeout login response 0 4 13 Console config line exec timeout 0 4 13 Console config line password thresh 5 4 14 Console config line silent time 60 4 15 Co...

Страница 75: ...ected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold whi...

Страница 76: ...ded The System Logs page allows you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be l...

Страница 77: ...Use the show logging command to display the current settings Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice N...

Страница 78: ...is type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database R...

Страница 79: ...entries in permanent flash memory Web Click System Log Logs Figure 3 17 Displaying Logs Console config logging host 192 168 1 7 4 46 Console config logging facility 23 4 46 Console config logging tra...

Страница 80: ...yslog severity threshold level see table on page 3 27 used to trigger alert messages All events at this level or higher will be sent to the configured email recipients For example using Level 7 will r...

Страница 81: ...o add an IP address to the SMTP Server List type the new IP address in the SMTP Server text box and then click Add To delete an IP address click the entry in the SMTP Server List and then click Remove...

Страница 82: ...CLI Use the reload command to reboot the system Note When restarting the system it always runs the Power On Self Test Console config logging sendmail host 192 168 1 4 4 50 Console config logging sendm...

Страница 83: ...d the switch periodically sends a request for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the config...

Страница 84: ...ent time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zo...

Страница 85: ...ent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as HP OpenView...

Страница 86: ...ity string only v1 noAuthNoPriv DefaultRWGroup defaultview defaultview Community string only v1 noAuthNoPriv user defined user defined user defined Community string only v2c noAuthNoPriv DefaultROGrou...

Страница 87: ...t acts like a password and permits access to the SNMP protocol Default strings public read only access private read write access Range 1 32 characters case sensitive Access Mode Specifies the access r...

Страница 88: ...s string in the Trap Managers table we recommend that you define this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for...

Страница 89: ...age replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is autom...

Страница 90: ...ed for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the...

Страница 91: ...assign it to a group then click Add to save the configuration and return to the User Name list To delete a user check the box next to the user name then click Delete To change the assigned group of a...

Страница 92: ...v There is no authentication or encryption used in SNMP communications AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model Auth...

Страница 93: ...oup In the New Group page define a name assign a security model and level and then select read and write views Click Add to save the new group and return to the Groups list To delete a group check the...

Страница 94: ...e currently configured object identifiers of branches within the MIB tree that define the SNMP view Edit OID Subtrees Allows you to configure the object identifiers of branches within the MIB tree Wil...

Страница 95: ...o be included or excluded in the view Click Back to save the new view and return to the SNMPv3 Views list For a specific view click on View OID Subtrees to display the current configuration or click o...

Страница 96: ...IP Filter Filters management access to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write...

Страница 97: ...sitive Change Password Sets a new password to overwrite an old password for the specified user name Web Click Security User Accounts To configure a new user account specify a user name select the user...

Страница 98: ...e packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the auth...

Страница 99: ...rk UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces...

Страница 100: ...ings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selected and cli...

Страница 101: ...in radius 4 84 Console config radius server port 181 4 88 Console config radius server key green 4 88 Console config radius server retransmit 5 4 89 Console config radius server timeout 10 4 89 Consol...

Страница 102: ...tings The AAA Group Settings define the configured RADIUS servers to use for accounting Command Attributes Group Name Defines a name for the RADIUS server group 1 7 characters Server Index Spefies the...

Страница 103: ...Update Periodic Specifies the intervals at which the accounting service updates information Default Disabled Range 1 2147483647 minutes Web Click Security AAA Accounting Update Enter the required upd...

Страница 104: ...od Name Specifies a user defined method name to apply to the port trunk This method must be defined in the AAA Accounting Settings page 3 51 Web Click Security AAA Accounting Update Enter the required...

Страница 105: ...counting list to it AAA Accounting Summary This feature displays all accounting information by port and trunk including user statistics Command Attributes AAA Accounting Summary Accounting Type Displa...

Страница 106: ...l HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Command Usage Both the HTTP and HTTPS service can be enabled independently on...

Страница 107: ...t Secure site Certificate on page 3 58 Command Attributes HTTPS Status Allows you to enable disable the HTTPS server feature on the switch Default Enabled Change HTTPS Port Number Specifies the UDP po...

Страница 108: ...To reset the switch type Console reload Configuring the Secure Shell The Berkley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implement...

Страница 109: ...e 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 595664...

Страница 110: ...sions Generating the Host Key Pair A host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host...

Страница 111: ...5935281260886486920309120838308842685861913351056036315022893 42067641736107446339591392060353248749664209296828112126705467393904568659 910458707018425016204304972482486490908817815271698606574815746...

Страница 112: ...Range 1 to 120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart...

Страница 113: ...pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table see Setting Static Addresses on page 3 120 When the port has reach...

Страница 114: ...les or disables port security on the port Default Disabled Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Trunk Trunk number if port is a member Web Click...

Страница 115: ...contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending on the configuration of the client software and...

Страница 116: ...protocol must be enabled globally for the switch system before port settings are active Command Attributes 802 1x System Authentication Control The global setting for 802 1x Default Disabled Web To di...

Страница 117: ...ent to be authorized by the authentication server Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise...

Страница 118: ...econds TX Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected client is au...

Страница 119: ...m auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized yes 1 2 enabled Single Host Auto n a 1 25 disabled Single Host ForceA...

Страница 120: ...The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authent...

Страница 121: ...aying 802 1x Statistics CLI This example displays the 802 1x statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 105 Eth 1 4 Rx EXPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logof...

Страница 122: ...rent sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When enteri...

Страница 123: ...agement telnet client 192 168 1 19 4 28 Console config management telnet client 192 168 1 25 192 168 1 30 Console config management snmp client 10 1 2 3 255 255 255 255 4 28 Console config end Console...

Страница 124: ...n have up to 32 rules The maximum number of ACLs is also 32 However due to resource restrictions the average number of rules bound to the ports should not exceed 20 You must configure a mask for an AC...

Страница 125: ...he Ethernet frame type RFC 1060 Web Click Security ACL ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration...

Страница 126: ...ssigned Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address...

Страница 127: ...s where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range 0 65535 Source...

Страница 128: ...ing packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes throug...

Страница 129: ...ge 1 4095 VID Bitmask VLAN bitmask Range 1 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can b...

Страница 130: ...lect MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 49 Configuring MAC ACLs...

Страница 131: ...assigned to an ACL mask Packets crossing a port are checked against all the rules in the ACL until a match is found The order in which these packets are checked is determined by the mask and not the...

Страница 132: ...tination IP address Use Any to match any address Host to specify a host address not a subnet or IP to specify a range of addresses Options Any Host IP Default Any Source Destination Subnet Mask Subnet...

Страница 133: ...is shows that the entries in the mask override the precedence in which the rules are entered into the ACL In the following example packets with the source address 10 1 1 1 are dropped because the deny...

Страница 134: ...ource Destination Bitmask Address of rule must match this bitmask VID Bitmask VLAN ID of rule must match this bitmask Ethernet Type Bitmask Ethernet type of rule must match this bitmask Packet Format...

Страница 135: ...tch does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs If these rules are included in the ACL and you attempt to bind the ACL to an interface for egress check...

Страница 136: ...nnection status including link state speed duplex mode flow control and auto negotiation Command Attributes Web Name Interface label Type Indicates the port type 10BASE T 100BASE TX 100BASE FX S 100BA...

Страница 137: ...000BASE LX 1000BASE GBIC 1000BASE SFP MAC address The physical layer address for this port To access this item on the web see Setting the IP Address on page 3 14 Configuration Name Interface label Por...

Страница 138: ...shutdown trap trap and shutdown Current status Link Status Indicates if the link is up or down Operation speed duplex Shows the current speed and duplex mode Flow control type Indicates the type of f...

Страница 139: ...peration 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Gigabit only When specified the port tran...

Страница 140: ...rol Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can au...

Страница 141: ...th up to eight ports per trunk The ports at both ends of a connection must be configured as trunk ports When configuring static trunks on switches of different types they must be compatible with the C...

Страница 142: ...nterface port channel 2 4 151 Console config if exit Console config interface ethernet 1 1 4 151 Console config if channel group 2 4 165 Console config if exit Console config interface ethernet 1 2 Co...

Страница 143: ...ext available trunk ID If more than four ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active li...

Страница 144: ...of 0 this key is set to the same value as the port admin key used by the interfaces that joined the group lacp admin key as described in this section and on page 4 168 Console config interface ethern...

Страница 145: ...s identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Ra...

Страница 146: ...optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link...

Страница 147: ...2768 00 30 F1 B0 E7 A0 2 32768 00 30 F1 B0 E7 A0 3 32768 00 30 F1 B0 E7 A0 4 32768 00 30 F1 B0 E7 A0 5 32768 00 30 F1 B0 E7 A0 6 32768 00 30 F1 B0 E7 A0 Console show lacp 1 internal 4 170 Channel grou...

Страница 148: ...cal side of an link aggregation Internal Configuration Information Console show 1 lacp counters 4 170 Channel group 1 Eth 1 1 LACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDU...

Страница 149: ...ence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to b...

Страница 150: ...3 9 LACP Remote Side Settings Field Description Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partne...

Страница 151: ...e side of port channel 1 Console show 1 lacp neighbors 4 170 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Ad...

Страница 152: ...ny broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default The default threshold is 500 packets per second Broadcast contro...

Страница 153: ...ions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both...

Страница 154: ...rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming out of the switch Traffic that falls within the rat...

Страница 155: ...l as a detailed breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify pote...

Страница 156: ...erface including framing characters Transmit Unicast Packets The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were...

Страница 157: ...or which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped due to lack of res...

Страница 158: ...had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS oc...

Страница 159: ...Port Configuration 3 109 3 Figure 3 66 Displaying Etherlike and RMON Statistics...

Страница 160: ...CDP setting Any CDP packets received are flooded to all other ports Console show interfaces counters ethernet 1 13 4 159 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122 Unicast...

Страница 161: ...ntication Key A code string that defines the CDP domain to which the switch belongs A CDP domain is a logical grouping of devices that exchange CDP packets If the switch receives a CDP packet with a d...

Страница 162: ...ts CDP packets received are discarded unless the CDP global setting is disabled in which case they are flooded to other ports Auto Enabled The port sends and receives CDP packets If the global CDP set...

Страница 163: ...rface The port on which the device is connected Hold Time The time the switch waits for an update CDP packet from neighbor devices before aging out the entry If a neighbor device has a longer Hold Tim...

Страница 164: ...way Protocol ospf 4 The connected device performs routing using Open Shortest Path First dvmrp 5 The connected device performs routing using Distance Vector Multicast Routing Protocol IEEE 802 1q 6 Th...

Страница 165: ...s Count of errors made by the deivce while tryng to send CDP packets Parse Error Packets Count of CDP packets received by the device that could not be parsed Memory Error Packets Count of memory error...

Страница 166: ...pplied Ports can be set to one of three power priority levels critical high or low To control power supply within the switch s budget ports set at critical or high priority have power enabled in prefe...

Страница 167: ...he power budget setting the switch uses port power priority settings to limit the supplied power Command Attributes Power Allocation The power budget for the switch If devices connected to the switch...

Страница 168: ...t The port number Admin Status The administrative status of PoE power on the port Default Enabled Mode The current operating status of PoE power on the port Power Allocation The configured power budge...

Страница 169: ...ps power to one or more lower priority ports Note Power is dropped from low priority ports in sequence starting from port number 1 Command Attributes Port The port number on the switch Admin Status En...

Страница 170: ...ic port Setting Static Addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static addres...

Страница 171: ...ddress for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes...

Страница 172: ...example also displays the address table entries for port 11 Changing the Aging Time You can change the aging time for entries in the dynamic address table Command Attributes Aging Status Enables or d...

Страница 173: ...Protocol IEEE 802 1w MSTP Multiple Spanning Tree Protocol IEEE 802 1s STA uses a distributed algorithm to select a bridging device STA compliant switch bridge or router that serves as the root of the...

Страница 174: ...structure when reconfiguration occurs When using STP or RSTP it may be difficult to maintain a stable path between all VLAN members Frequent changes in the tree structure can easily isolate some of th...

Страница 175: ...iority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device Root Port The number of the port on this switch that is closest to the root This switch commu...

Страница 176: ...ry device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a disca...

Страница 177: ...ocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration de...

Страница 178: ...t device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then b...

Страница 179: ...o determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that ran...

Страница 180: ...Configuring the Switch 3 130 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 80 Configuring the Spanning Tree Algorithm...

Страница 181: ...s and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has...

Страница 182: ...nnecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port or is the MSTI regional root i e master port or is an alternate or backu...

Страница 183: ...MAC address of the device in the Spanning Tree that this switch has accepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for bac...

Страница 184: ...ree ethernet 1 5 4 196 Eth 1 5 information Admin status enable Role disable State discarding External path cost 10000 Internal path cost 10000 Priority 128 Designated cost 200000 Designated port 128 5...

Страница 185: ...Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defines the priority used for this port in th...

Страница 186: ...also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Default Disabled Migration If at any time the switch...

Страница 187: ...nning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 3 123 2 Enter the spanning tree priority for the selected MST instance MSTP VLAN Configuration 3 A...

Страница 188: ...MSTP VLAN Configuration Select an instance identifier from the list set the instance priority and click Apply To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identi...

Страница 189: ...gnated Root 4096 2 0000E9313131 Current root port 0 Current root cost 0 Number of topology changes 0 Last topology changes time sec 646 Transmission limit 3 Path Cost Method long Eth 1 7 information A...

Страница 190: ...in the selected MST instance Field Attributes MST Instance ID Instance identifier to configure Range 0 57 Default 0 The other attributes are described under Displaying Interface Settings page 3 131 We...

Страница 191: ...ay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 200000 Number of...

Страница 192: ...57 Default 0 Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value...

Страница 193: ...r the priority and path cost for an interface and click Apply Figure 3 86 MSTP Port Configuration CLI This example sets the MSTP attributes for port 4 Console config interface ethernet 1 4 4 151 Conso...

Страница 194: ...LANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This switch supports the following VLAN features Up to 255...

Страница 195: ...ged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs config...

Страница 196: ...s VLAN Index on page 3 150 But you can still enable GVRP on these edge switches as well as on the core switches in the network Forwarding Tagged Untagged Frames If you want to create a small port base...

Страница 197: ...s Enable or disable GVRP and click Apply Figure 3 87 Displaying Bridge Extension Capabilities Enabling GVRP CLI This example enables GVRP for the switch Displaying Basic VLAN Information The VLAN Basi...

Страница 198: ...s created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port membe...

Страница 199: ...VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN...

Страница 200: ...n also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 152 However note that this configuration page can only add ports to a VLAN as tagged members...

Страница 201: ...that is carry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore no...

Страница 202: ...for which the selected interface is a tagged member Non Member VLANs for which the selected interface is not a tagged member Web Open VLAN 802 1Q VLAN VLAN Static Membership Select an interface from t...

Страница 203: ...of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to u...

Страница 204: ...ries to participate in a VLAN group Range 20 1000 centiseconds Default 20 GARP Leave Timer The interval a port waits before leaving a VLAN group This time should be set to more than twice the join tim...

Страница 205: ...sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 1 Console config if switchport acceptable frame types tagged 4 202 Console config if switchport ing...

Страница 206: ...e priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies fo...

Страница 207: ...tion traffic for your own network Console config interface ethernet 1 3 Console config if switchport priority default 5 4 212 Console config if end Console show interfaces switchport ethernet 1 12 4 1...

Страница 208: ...owing example shows how to map CoS values 1 and 2 to CoS priority queue 0 value 0 and 3 to CoS priority queue 1 values 4 and 5 to CoS priority queue 2 and values 6 and 7 to CoS priority queue 3 Mappin...

Страница 209: ...riority queues Web Click Priority Queue Mode Select Strict or WRR then click Apply Figure 3 96 Setting the Queue Mode CLI The following sets the queue mode to strict priority service mode Setting the...

Страница 210: ...ing Class of Service for Each Ingress Queue CLI The following example shows how to assign WRR weights of 1 4 16 and 64 to the CoS priority queues 0 1 2 and 3 Console config queue bandwidth 1 3 5 7 9 1...

Страница 211: ...t queues in the following manner The precedence for priority mapping is IP Port Priority IP Precedence or DSCP Priority and then Default Port Priority IP Precedence and DSCP Priority cannot both be en...

Страница 212: ...Class of Service Value Maps a CoS value to the selected IP Precedence value Note that 0 represents low priority and 7 represent high priority Note IP Precedence settings apply to all interfaces Web Cl...

Страница 213: ...ompliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values are de...

Страница 214: ...Figure 3 100 IP DSCP Priority CLI The following example globally enables DSCP Priority service on the switch maps DSCP value 1 to CoS value 0 on port 5 and then displays all the DSCP Priority setting...

Страница 215: ...number Class of Service Value Sets a CoS value for a new IP port Note that 0 represents low priority and 7 represent high priority Note IP Port Priority settings apply to all interfaces Web Click Prio...

Страница 216: ...to all ports on the switch Due to a hardware limitation individual port priority settings are not possible Command Attributes Copy IP Precedence Priority Settings Enables or disables copying IP Prece...

Страница 217: ...pping Priority Settings to Ports Trunks CLI The following example shows how to map HTTP traffic to CoS value 0 on port 5 maps IP precedence to CoS 0 to port 6 and enables mapping IP DSCP globally Cons...

Страница 218: ...rule Command Attributes Port Port identifier Name Name of ACL Type Type of ACL IP or MAC CoS Priority CoS value used for packets matching an IP ACL rule Range 0 7 For information on configuring ACLs...

Страница 219: ...02 1Q VLAN tag The 802 1p priority may be set for either Layer 2 or IP frames The IP frame header also includes priority bits in the Type of Service ToS octet The Type of Service octet may contain thr...

Страница 220: ...Add Figure 3 105 Changing Priorities Based on ACL Rules CLI This example changes the DSCP priority for packets matching an IP ACL rule and the 802 1p priority for packets matching a MAC ACL rule Conso...

Страница 221: ...lled multicast filtering The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast group hos...

Страница 222: ...pagates the service requests on to any adjacent multicast switch router to ensure that it will continue to receive the multicast service Note Multicast routers use this information along with a multic...

Страница 223: ...splays the current status Console config ip igmp snooping 4 225 Console config ip igmp snooping querier 4 228 Console config ip igmp snooping query count 10 4 229 Console config ip igmp snooping query...

Страница 224: ...ch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this swi...

Страница 225: ...ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Static Mult...

Страница 226: ...b Click IGMP IP Multicast Registration Table Select the VLAN ID and and the IP address for a multicast service The switch will display all the ports that are propagating this multicast service Figure...

Страница 227: ...to specific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propaga...

Страница 228: ...formatted with dotted notation you can specify a default domain name or a list of domain names to be tried in sequential order If there is no domain list the default domain name is used If there is a...

Страница 229: ...the address of one or more domain name servers to use for name to address resolution Range 1 6 IP addresses Do not include the initial dot that separates the host name from the domain name Web Select...

Страница 230: ...table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a host...

Страница 231: ...y Figure 3 112 Mapping IP Addresses to a Host Name CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 5...

Страница 232: ...ing a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which are mapped t...

Страница 233: ...51 www microsoft akadns net 2 4 CNAME 207 46 134 155 51 www microsoft akadns net 3 4 CNAME 207 46 249 222 51 www microsoft akadns net 4 4 CNAME 207 46 249 27 51 www microsoft akadns net 5 4 ALIAS POI...

Страница 234: ...Configuring the Switch 3 184 3...

Страница 235: ...mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to compl...

Страница 236: ...t command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty 0 prompt for the administrator to show that you are u...

Страница 237: ...mple to set a password for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a comma...

Страница 238: ...MAC access list mac address table Configuration of the address table management Management IP filter map Maps priority marking Configuration for packet marking port Port characteristics power Show pow...

Страница 239: ...or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configurati...

Страница 240: ...is rebooted To store the running configuration in nonvolatile storage use the copy running config startup config command The configuration commands are organized into different modes Global Configurat...

Страница 241: ...You can also use the following editing keystrokes for command line processing Console configure Console config Table 4 2 Configuration Commands Mode Command Prompt Page Line line console vty Console...

Страница 242: ...em Management Controls system logs system passwords user name browser management options and a variety of other system information 4 24 Flash File Manages code image or switch configuration files 4 66...

Страница 243: ...port membership for VLAN groups 4 198 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for bridge extension MIB 4 207 Priority Sets port...

Страница 244: ...the following command Related Commands show line 4 18 show users 4 63 silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds...

Страница 245: ...using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When u...

Страница 246: ...e system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password...

Страница 247: ...ion is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restore...

Страница 248: ...word thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuratio...

Страница 249: ...ent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 14 datab...

Страница 250: ...parity 4 16 parity Use this command to define generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd p...

Страница 251: ...ge Set the speed to match the baud rate of the device connected to the serial port or specify auto Some baud rates available on devices connected to the port might not be supported The system indicate...

Страница 252: ...Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example show line Use this co...

Страница 253: ...bled Login timeout Disabled Silent time 60 Baudrate auto Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec Console Table...

Страница 254: ...enable password 4 27 disable Use this command to return to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet...

Страница 255: ...Default Setting None Command Mode Privileged Exec Example Related Commands end 4 22 show history Use this command to show the contents of the command history buffer Default Setting None Command Mode N...

Страница 256: ...iguration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire sys...

Страница 257: ...n mode and then quit the CLI session quit Use this command to exit the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can...

Страница 258: ...ords for management access 4 25 IP Filter Configures IP addresses that are allowed management access 4 28 Web Server Enables management access via a web browser 4 30 Telnet Server Enables management a...

Страница 259: ...ment access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 9 user authentication via a remote authentication ser...

Страница 260: ...s encrypted password password password The authentication password for the user Maximum length 8 characters 32 encrypted case sensitive Default Setting The default access level is Normal Exec The fact...

Страница 261: ...ngth 8 characters plain text 32 encrypted case sensitive Default Setting The default is level 15 This default password is super Command Mode Global Configuration Command Usage You cannot set a null pa...

Страница 262: ...dress the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectivel...

Страница 263: ...snmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Global Configuration Example Console config management all client 192 168 1 19 Consol...

Страница 264: ...this command to allow this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Command Mode Global Configurat...

Страница 265: ...https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set...

Страница 266: ...ore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Comma...

Страница 267: ...Configuration Example Related Commands ip telnet server 4 33 ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax...

Страница 268: ...the commands used to configure the SSH server However note that you also need to install a SSH client on the management station when using this protocol to configure the switch Note The switch suppor...

Страница 269: ...254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 5194174677298486546861571773939016477935594230357741...

Страница 270: ...ed bytes to the original bytes it sent If the two sets match this means that the client s private key corresponds to an authorized public key and the client is authenticated Note To use SSH with only...

Страница 271: ...e client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec t...

Страница 272: ...ault Setting 768 bits Command Mode Global Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at...

Страница 273: ...e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration proc...

Страница 274: ...39 ip ssh save host key 4 40 no ip ssh server 4 36 ip ssh save host key Use this command to save host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key typ...

Страница 275: ...er key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console disconnect 0 Console Ta...

Страница 276: ...ryption method used by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and...

Страница 277: ...57481574636762465 2720825995018769351534686677 DSA ssh dss AAAAB3NzaC1kc3MAAACBAIZERDhRGM9jKjcjVzgGtlZgHT8QF8NtAA P0nXMtRGc meEAgL0rD37v44dma5cHesl 4tuJ0Nu8BcwxjwMjeCiLXIfb5c4ymD 0eJH64AVP5lhzy4OWp Ul...

Страница 278: ...ory 4 45 clear logging 4 47 Table 4 15 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 44 logging history Limits syslog messages saved to switch me...

Страница 279: ...ational level 6 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table...

Страница 280: ...s the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog...

Страница 281: ...Level 3 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a...

Страница 282: ...the time stamp message level page 4 45 program module function and event number Example The following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root c...

Страница 283: ...h Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM level debugging Console Table 4 17 show logging flash ram display...

Страница 284: ...as been enabled via the logging trap command REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command REMOTELOG level type The sever...

Страница 285: ...eriodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syn...

Страница 286: ...email alerts for system errors from level 3 through 0 logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a recipient Syntax no...

Страница 287: ...gging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console show logging sendma...

Страница 288: ...time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 T...

Страница 289: ...mand Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in...

Страница 290: ...Related Commands sntp client 4 54 show sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated...

Страница 291: ...zone before west of UTC after utc Sets the local time zone after east of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the...

Страница 292: ...h year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 month january february march april may june july august september october november december day Day of month R...

Страница 293: ...uration file stored in non volatile memory that is used to start up the system Default Setting None Command Mode Privileged Exec Table 4 21 System Status Commands Command Function Mode Page light unit...

Страница 294: ...ate VLAN configuration settings for each interface IP address configured for VLANs Spanning tree settings Any configured settings for the console port and Telnet Example Console show startup config bu...

Страница 295: ...ng memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and...

Страница 296: ...e wait snmp server community private rw snmp server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username...

Страница 297: ...ow system System description Enterasys Networks Inc V2H124 24 SW version V2 5 2 1 System OID string 1 3 6 1 4 1 5624 2 1 62 System information System Up time 0 days 1 hours 34 minutes and 7 77 seconds...

Страница 298: ...min 15 None guest 0 None Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 00 00 1 VTY 0 admin 0 00 20 192 168 1 10 Web online users Line Remote IP addr Username Idle time h...

Страница 299: ...ystem mtu size no system mtu size Specifies the MTU size Range 1500 1548 bytes Default Setting 1500 bytes Command Mode Global Configuration Command Usage The current MTU size can be displayed using th...

Страница 300: ...cate public key copy unit file controller Allows you to download new PoE controller code files file Keyword that allows you to copy to from a file running config Keyword that allows you to copy to fro...

Страница 301: ...must use startup config as the destination For information on specifying an https certificate see Replacing the Default Secure site Certificate on page 3 58 For information on configuring the switch t...

Страница 302: ...file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup c...

Страница 303: ...Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg con...

Страница 304: ...own Default Setting None Command Mode Privileged Exec Command Usage If you enter the command dir without any parameters the system displays all files File information is shown below Example Table 4 23...

Страница 305: ...tax boot system boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code The colon is required...

Страница 306: ...es in the string Maximum length 16 characters Default Setting null string Console config boot system config startup Console config Table 4 24 CDP Commands Command Group Function Mode Page cdp authenti...

Страница 307: ...mand to set the time for retaining information from neighbor devices Use the no form to restore the default setting Syntax cdp holdtime seconds no cdp holdtime seconds The time to wait before aging ou...

Страница 308: ...ation Use this command to enable CDP globally for the switch Use the no form to restore the default setting Syntax cdp run auto run disable run no cdp run Enables CDP for the switch Ports process CDP...

Страница 309: ...ds and receives CDP packets except when the switch global CDP setting is disabled disable The port never sends CDP packets CDP packets received are discarded unless the CDP global setting is disabled...

Страница 310: ...t unit This is device 1 port Port number Command Mode Privileged Executive Example show cdp neighbors Use this command to display CDP neighbor information Syntax show cdp neighbors Command Mode Privil...

Страница 311: ...Field Capability Code Description igmp 1 Internet Group Management Protocol is enabled on the transmitting port rip 2 The connected device performs routing using Routing Internet Protocol bgp 3 The co...

Страница 312: ...id version 0 Transmit error 0 Parse error 0 Memory error 0 Console Table 4 27 Show CDP Traffic Output Field Description Total packets output input Total number of CDP packets received sent by the devi...

Страница 313: ...vailable to all switch ports Use the no form to restore the default setting Syntax power mainpower maximum allocation unit unit watts unit The switch unit in the stack watts The power budget for the s...

Страница 314: ...the port into a test mode In test mode the port continuously attempts to detect if a device is connected to the port but does not supply power Default Setting auto Command Mode Interface Configuratio...

Страница 315: ...ice is connected to a switch port and the switch detects that it requires more than the maximum power allocated to the port no power is supplied to the device the port power remains off Example power...

Страница 316: ...le Related Commands power mainpower maximum allocation 4 79 show power inline status Use this command to display the current power status for all ports or for specific ports Syntax show power inline s...

Страница 317: ...ion on the switch in watts Software Version The version of software running on the PoE controller subsystem in the switch This software can be updated using the copy file controller command see page 4...

Страница 318: ...best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts...

Страница 319: ...thentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command see page 4 19 Use the no form to restore the default Syntax authe...

Страница 320: ...control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that req...

Страница 321: ...f seconds the switch waits for a reply before resending a request Range 0 2147483647 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 0 214748364...

Страница 322: ...and Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_...

Страница 323: ...ommand Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default S...

Страница 324: ...mt identifies the management privilege level Currently only management logins are supported xx takes one of the following values su for administrator access right privilege level 15 rw for administrat...

Страница 325: ...attribute with the value of Framed or Authenticate Only it will send a Fail message to the RADIUS client of IEEE 802 1X authenticator Example Table 4 32 RADIUS Filter ID None Administrative NAS Prompt...

Страница 326: ...t 5 Service type disabled Server 1 Server IP address 192 168 1 50 Status enable Communication key with RADIUS server Auth port 6000 Acct port 1813 Retransmit times 2 Request timeout 5 Radius server gr...

Страница 327: ...server This command adds a RADIUS server to an AAA server group Use the no form to remove the associated server from the group Syntax server server index index ip address address no radius server serv...

Страница 328: ...characters periodic Sends a periodic request for an update Default 0 Range 1 2147483647 minutes start stop Automatically records an authentication starting point and stopping point group Specifies th...

Страница 329: ...exec Displays exec accounting records statistics Displays accounting records username Displays accounting records for a specifiable username interface Specifies an interface Default Setting None Comma...

Страница 330: ...cs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server network p...

Страница 331: ...aces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Defau...

Страница 332: ...the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number o...

Страница 333: ...bled using the no shutdown command Example The following example enables port security for port 5 and sets the response to a security violation to issue a trap message Related Commands shutdown 4 156...

Страница 334: ...st be re authenticated IC 4 104 dot1x timeout tx period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet IC 4 105 show dot1x Shows all d...

Страница 335: ...of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore the default Syntax dot1x max req count n...

Страница 336: ...ommand Mode Interface Configuration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restor...

Страница 337: ...sends an EAPOL logoff message Example dot1x re authenticate This command forces re authentication on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit po...

Страница 338: ...ample dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod se...

Страница 339: ...ed settings on the switch or a specific interface Syntax show dot1x statistics interface interface statistics Displays dot1x status for each port interface ethernet unit port unit This is device 1 por...

Страница 340: ...Max request page 4 101 Quiet period page 4 104 Reauth period page 4 104 Tx period page 4 105 and Port control page 4 102 It also displays the following information Status Authorization status authoriz...

Страница 341: ...led Auto yes 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout...

Страница 342: ...attributes within the Access Accept field For additional information see section 3 31 in RFC 3580 http www faqs org rfcs rfc3580 html Example vlan auth This command applies information in the VLAN Tu...

Страница 343: ...VLAN ID untagged The authenticating port will be added to the current untagged egress list for the returned VLAN ID Default untagged Command Mode Interface Configuration Command Usage If the system vl...

Страница 344: ...ts An ACL is a sequential list of permit or deny conditions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions...

Страница 345: ...r of rules bound the ports should not exceed 20 You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule The switch does...

Страница 346: ...lters packets meeting the specified criteria including source and destination IP address TCP UDP port number protocol type and TCP control code EXT ACL 4 115 show ip access list Displays the rules for...

Страница 347: ...L must contain all deny rules When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you m...

Страница 348: ...one Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a perio...

Страница 349: ...mber A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a...

Страница 350: ...to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example acc...

Страница 351: ...k precedence in out in Ingress mask for ingress ACLs out Egress mask for egress ACLs Default Setting Default system mask Filter inbound packets according to specified IP ACLs Command Mode Global Confi...

Страница 352: ...ination bitmask Destination address of rule must match this bitmask precedence Check the IP precedence field tos Check the TOS field dscp Check the DSCP field source port Check the protocol source por...

Страница 353: ...o deny access to the IP host 171 69 198 102 and permit access to any others Console config access list ip mask precedence in Console config ip mask acl mask host any Console config ip mask acl mask 25...

Страница 354: ...how access list IP extended access list A3 deny host 171 69 198 5 any deny 171 69 198 0 255 255 255 0 any source port 23 Console config Console config access list ip mask precedence out Console config...

Страница 355: ...h config ext acl permit any any Switch config ext acl deny tcp any any control flag 2 2 Switch config ext acl end Console show access list IP extended access list A6 permit any any deny tcp any any co...

Страница 356: ...ation Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You mu...

Страница 357: ...e Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage Command Usage You must configure an ACL mask before you can map CoS values to the rule A packet matching a...

Страница 358: ...ity of a frame matching the defined ACL rule This feature is commonly referred to as ACL packet marking Use the no form to remove the ACL marker Syntax match access list ip acl_name set priority prior...

Страница 359: ...cify the IP precedence priority use the set tos keywords To specify the DSCP priority use the set dscp keywords Note that the IP frame header can include either the IP Precedence or DSCP priority type...

Страница 360: ...ied source and destination address packet format and Ethernet type MAC ACL 4 127 show mac access list Displays the rules for configured MAC ACLs PE 4 128 access list mac mask precedence Changes to the...

Страница 361: ...itmask Note The default is for Ethernet II packets no permit deny tagged eth2 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype prot...

Страница 362: ...d Usage New rules are added to the end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060...

Страница 363: ...obal Configuration Command Usage You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule A mask can only be used by all...

Страница 364: ...e address of rule must match this bitmask destination bitmask Destination address of rule must match this bitmask vid Check the VLAN ID field vid bitmask VLAN ID of rule must match this bitmask ethert...

Страница 365: ...st MAC access list M4 deny tagged eth2 host 00 11 11 11 11 11 any vid 3 permit any any MAC ingress mask ACL mask pktformat host any vid Console Console config access list mac M5 Console config mac acl...

Страница 366: ...of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Config...

Страница 367: ...the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos value acl_name Name of the ACL Maximum length 16 characters cos value CoS value Range 0 7 Def...

Страница 368: ...ist mac 4 133 match access list mac This command changes the IEEE 802 1p priority of a Layer 2 frame matching the defined ACL rule This feature is commonly referred to as ACL packet marking Use the no...

Страница 369: ...an IP access list mac Specifies a MAC access list mask precedence Specifies mask precedence for IP ACLs in Specifies ingress ACLs out Specifies egress ACLs Command Mode Privileged Exec Command Usage...

Страница 370: ...55 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list...

Страница 371: ...nd Function Mode Page snmp server Enables the SNMPv3 server GC 4 143 show snmp Displays the status of SNMP communications NE PE 4 138 snmp server community Sets up the community access string to permi...

Страница 372: ...Global Configuration Example show snmp Use this command to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides inf...

Страница 373: ...ify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both r...

Страница 374: ...aracters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 140 snmp server location Use this command to set the system location string Use the no f...

Страница 375: ...ost command Maximum length 32 characters auth noauth priv This group uses SNMPv3 with authentication no authentication or with authentication and privacy See Configuring SNMP on page 3 35 for further...

Страница 376: ...oauth option an SNMP user account will be generated and the switch will authorize SNMP access for the host Example Related Commands snmp server enable traps 4 142 snmp server enable traps Use this com...

Страница 377: ...ID Range 1 26 hexadecimal characters Default Setting A unique engine ID is automatically generated by the switch based on its MAC address Command Mode Global Configuration Command Usage An SNMP engine...

Страница 378: ...ific portion of the OID string Refer to the examples included Defines an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode...

Страница 379: ...le config snmp server view ifEntry 2 1 3 6 1 2 1 2 2 1 2 included Console config Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config Console show snmp view View Name...

Страница 380: ...for read access 1 64 characters writeview Defines the view for write access 1 64 characters Default Setting Default groups public read only private read write map to defaultview readview Every object...

Страница 381: ...defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Write View defaultview Notify View none Storage...

Страница 382: ...MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required...

Страница 383: ...An address bitmask of decimal numbers that represent the address bits to match Default Setting None Command Mode Global Configuration Console show snmp user EngineId 01000000000000000000000000 User Na...

Страница 384: ...tering on the switch and allows SNMP management access to client IP 10 1 2 3 and client IP group 10 1 3 0 to 10 1 3 255 Related Commands show snmp 4 138 Interface Commands These commands are used to d...

Страница 385: ...d to add a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this...

Страница 386: ...half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100half for 100BASE TX ports and 1000full for Gigabi...

Страница 387: ...h will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol co...

Страница 388: ...ed the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100BASE TX 10half 10full 1...

Страница 389: ...or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will b...

Страница 390: ...urity reasons Example The following example disables port 5 switchport broadcast packet rate Use this command to configure broadcast storm control Use the no form to disable broadcast storm control Sy...

Страница 391: ...ort Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for...

Страница 392: ...played For a description of the items displayed by this command see Displaying Connection Status on page 3 86 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic informati...

Страница 393: ...ard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 E...

Страница 394: ...hreshold Enabled 500 packets second Lacp status Disabled Ingress rate limit disable 100M bits per second Egress rate limit disable 100M bits per second VLAN membership mode Hybrid Ingress rule Disable...

Страница 395: ...destination port Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only See page 4 202 Native VLAN Indicates the default Port VLAN ID See page 4 203 Priority fo...

Страница 396: ...essions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to...

Страница 397: ...nforming traffic is forwarded without any changes rate limit Use this command to define the rate limit for a specific interface Use this command without specifying a rate to restore the default rate U...

Страница 398: ...ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Console config interface ethernet 1 1 Console config if rate limit input 10 Console config if Table 4 52 Link Aggregat...

Страница 399: ...ity Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this k...

Страница 400: ...either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on...

Страница 401: ...d to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Console con...

Страница 402: ...Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate li...

Страница 403: ...l LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority ma...

Страница 404: ...the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP sett...

Страница 405: ...Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel...

Страница 406: ...faulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is...

Страница 407: ...r Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin...

Страница 408: ...ignment lasts until the switch is reset permanent Assignment is permanent Table 4 56 Show LACP System ID Output Contents Field Description Channel group A link aggregation group configured on this swi...

Страница 409: ...to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be...

Страница 410: ...contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry t...

Страница 411: ...econds 10 1000000 or 0 to disable Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show...

Страница 412: ...85 spanning tree backup root Adjusts the bridge priority in an attempt to take over as the root bridge if it loses contact with the original root device GC 4 193 mst vlan Adds VLANs to a spanning tree...

Страница 413: ...the network and provide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode...

Страница 414: ...gration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after...

Страница 415: ...rning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for confli...

Страница 416: ...wer of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configura...

Страница 417: ...root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the...

Страница 418: ...th between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 184 takes precedence ove...

Страница 419: ...nds mst vlan 4 185 mst priority 4 186 name 4 187 revision 4 187 max hops 4 188 mst vlan This command adds VLANs to a spanning tree instance Use the no form to remove the specified VLANs Using the no f...

Страница 420: ...dge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example mst priority This command configures the priority...

Страница 421: ...T region name and revision number page 4 187 are used to designate a unique MST region A bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges...

Страница 422: ...x hops hop number hop number Maximum hop number for multiple spanning tree Range 1 40 Default Setting 20 Command Mode MST Configuration Command Usage A MSTI region is treated as a single node by the S...

Страница 423: ...t no spanning tree cost cost The path cost for the port Range 1 200 000 000 The recommended range is Ethernet 200 000 20 000 000 Fast Ethernet 20 000 2 000 000 Gigabit Ethernet 2 000 200 000 Default S...

Страница 424: ...d Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of a port in the Spanning Tree Algorithm If the path cost for all ports on a switch are...

Страница 425: ...ations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to in...

Страница 426: ...d to a LAN segment that is at the end of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier produc...

Страница 427: ...ity in an attempt to take over as the new root bridge if it loses contact with the original root device Use the no form to disable the command Syntax spanning tree backup root no spanning tree backup...

Страница 428: ...full duplex 1 000 000 trunk 500 000 Fast Ethernet half duplex 200 000 full duplex 100 000 trunk 50 000 Gigabit Ethernet full duplex 10 000 trunk 5 000 Command Mode Interface Configuration Ethernet Po...

Страница 429: ...an interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active li...

Страница 430: ...nstance_id interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 32 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading...

Страница 431: ...ridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 Designated Root 32768 0 0001F4475BA0 Current root port 0 Current root cost...

Страница 432: ...Console show spanning tree mst configuration Mstp Configuration Information Configuration name XSTP REGION 0 Revision level 0 Instance Vlans 1 2 Console Table 4 59 VLAN Commands Command Groups Functio...

Страница 433: ...ile and you can display this file by entering the show running config command Example Related Commands show vlan 4 206 vlan Use this command to configure a VLAN Use the no form to restore the default...

Страница 434: ...sole config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Table 4 61 Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface con...

Страница 435: ...o the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are transmitted as tagged frames hybrid Specifies a...

Страница 436: ...me types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The...

Страница 437: ...able ingress filtering switchport native vlan Use this command to configure the PVID i e default VLAN ID for a port Use the no form to restore the default Syntax switchport native vlan vlan id no swit...

Страница 438: ...r a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has switchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN gr...

Страница 439: ...signate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Страница 440: ...g example shows how to display information for VLAN 1 Table 4 62 Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE PE 4 206 show interfaces status vlan Display...

Страница 441: ...switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which ex...

Страница 442: ...command to enable GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridg...

Страница 443: ...command to set the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leavea...

Страница 444: ...VLANs Timer values must meet the following restrictions leave 2 x join leaveall leave Caution Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP ma...

Страница 445: ...Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 211 Priority Layer 3 and...

Страница 446: ...n a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relativ...

Страница 447: ...with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frames...

Страница 448: ...queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switc...

Страница 449: ...e bandwidth Use this command to display the weighted round robin WRR bandwidth allocation for the priority queues Default Setting None Command Mode Privileged Exec Console config interface ethernet 1...

Страница 450: ...face ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID Weight...

Страница 451: ...C 4 218 map ip precedence Enables IP precedence class of service mapping GC 4 218 map ip precedence Maps IP precedence value to a class of service IC 4 219 map ip dscp Enables IP DSCP class of service...

Страница 452: ...rt priority This command sets the IP port priority for all interfaces Example The following example shows how to map HTTP traffic to CoS value 0 map ip precedence Global Configuration Use this command...

Страница 453: ...Ethernet Port Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service...

Страница 454: ...switchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP...

Страница 455: ...he IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DS...

Страница 456: ...17 map ip port Interface Configuration 4 218 show map ip precedence Use this command to show the IP precedence priority map Syntax show map ip precedence interface interface ethernet unit port unit Th...

Страница 457: ...iority map Syntax show map ip dscp interface interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Default Setting None Command Mode Privileged Exec Con...

Страница 458: ...uter to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 E...

Страница 459: ...ess interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit This is device 1 port Port number port channel channel id Range 1 6 Table 4 70 IG...

Страница 460: ...Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Ve...

Страница 461: ...ow known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Dis...

Страница 462: ...c address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 71 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping...

Страница 463: ...Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has...

Страница 464: ...he default Syntax ip igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 30 Default Setting 10 seconds...

Страница 465: ...snooping router port expire time seconds The time the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to hav...

Страница 466: ...ge Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to...

Страница 467: ...he ip dhcp restart command or manually enter an address using the ip address command You may also need to a establish a default gateway between this device and the management stations Console show ip...

Страница 468: ...eriods Anything outside this format will not be accepted by the configuration program If you select the bootp or dhcp option IP is enabled but will not function until a BOOTP or DHCP reply has been re...

Страница 469: ...be defined if the management station is located in a different IP segment Example The following example defines a default gateway for this device Related Commands show ip redirects 4 236 ip dhcp resta...

Страница 470: ...xec Example Related Commands show ip redirects 4 236 show ip redirects Use this command to show the default gateway configured for this device Default Setting None Command Mode Privileged Exec Console...

Страница 471: ...ng This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some results...

Страница 472: ...ime 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets transmitted 5 packets received 100 0 packets lost 0 Approximate round trip times Minimum 0 m...

Страница 473: ...ices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name using this command a DNS client can try each address in succession until i...

Страница 474: ...domain name name no ip domain name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 64 characters Default Setting None Command Mode Globa...

Страница 475: ...lete host name is received by the DNS server on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers fo...

Страница 476: ...efault Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no...

Страница 477: ...e specified before you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Related Commands ip domain...

Страница 478: ...the same address es as a previously configured entry show dns This command displays the configuration of the DNS server Command Mode Privileged Exec Example Console show hosts Hostname rd5 Inet addres...

Страница 479: ...et 6 4 CNAME 66 218 71 89 298 www yahoo akadns net 7 4 CNAME 66 218 71 86 298 www yahoo akadns net 8 4 ALIAS POINTER TO 7 298 www yahoo com Console Table 4 75 Show DNS Output Description Field Descrip...

Страница 480: ...Command Line Interface 4 246 4...

Страница 481: ...Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH...

Страница 482: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 483: ...TX 10 100 Mbps half full duplex 1000BASE T 10 100 1000 Mbps half full duplex 1000BASE SX LX 1000 Mbps at full duplex SFP 1000BASE LH 1000 Mbps at full duplex SFP 100BASE FX 100 Mbps at full duplex SFP...

Страница 484: ...Filtering IGMP Snooping Layer 2 Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol SNMP Simple Network Management Protocol RMON Remote Monitoring gr...

Страница 485: ...SNMP RFC 1157 HTTPS SSH Version 1 5 RADIUS AAA RFC 3127 Management Information Bases Bridge MIB RFC 1493 DNS Resolver MIB RFC 1612 Entity MIB RFC 2737 Ether like MIB RFC 2665 Extended Bridge MIB RFC 2...

Страница 486: ...RFC 2571 SNMP MPD MIB RFC 2572 SNMP Target MIB SNMP Notification MIB RFC 2573 SNMP User Based SM MIB RFC 2574 SNMP View Based ACM MIB RFC 2575 SNMP Community MIB RFC 2576 Trap RFC 1215 TACACS Authenti...

Страница 487: ...ces Code Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of for...

Страница 488: ...es or end stations comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation...

Страница 489: ...rectly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts IP Precedence The Type of Service ToS octet in the IPv4 header includ...

Страница 490: ...t of the network from a station not attached to the network Port Authentication See IEEE 802 1x Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting...

Страница 491: ...he shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Cont...

Страница 492: ...less of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located...

Страница 493: ...4 214 queue mode 3 159 4 212 D default priority ingress port 3 156 4 212 default settings 1 5 DHCP 3 16 4 234 client 4 238 Differentiated Code Point Service See DSCP Displaying Basic VLAN Information...

Страница 494: ...3 137 4 178 interface settings 4 178 multicast configuring 3 171 4 224 router 3 174 3 175 4 232 P passwords administrator setting 3 46 3 51 3 52 3 53 3 54 3 55 4 25 path cost 3 125 3 133 4 189 method...

Страница 495: ...29 port priority 3 133 priority 4 190 protocol migration 3 136 transmission limit 3 129 standards IEEE B 2 startup files creating 3 21 displaying 3 18 4 66 A 1 setting 3 18 4 66 A 1 statistics port 3...

Страница 496: ...Index Index 4...

Страница 497: ......

Страница 498: ...Part 150200039400A FW 2 5 2 0 E012005 R02 ES3526G E072000 R04...

Отзывы:

Нет отзывов