manualshive.com logo in svg

Korenix JetNet 5228G Series, Руководство пользователя

Поделиться
Скачать
Korenix JetNet 5228G Series Скачать руководство пользователя страница 428

Command Line Interface

4-118

4

Example 

802.1X Port Authentication

The switch supports IEEE 802.1X (dot1x) port-based access control that prevents 
unauthorized access to the network by requiring users to first submit credentials for 
authentication. Client authentication is controlled centrally by a RADIUS server 
using EAP (Extensible Authentication Protocol).

Console#show public-key host
Host:
RSA:
1024 35 
1568499540186766925933394677505461732531367489083654725415020245593199868
5443583616519999233297817660658309586108259132128902337654680172627257141
3428762941301196195566782595664104869574278881462065194174677298486546861
5717739390164779355942303577413098022737087794545240839717526463580581767
16709574804776117
DSA:
ssh-dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV/yrDbKStIlnzD/Dg0h2Hxc 
YV44sXZ2JXhamLK6P8bvuiyacWbUW/a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv 
JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw
bvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY/p9cnrfwFTMU01VFDly3IR 
2G395NLy5Qd7ZDxfA9mCOfT/yyEfbobMJZi8oGCstSNOxrZZVnMqWrTYfdrKX7YKBw/Kjw6Bm 
iFq7O+jAhf1Dg45loAc27s6TLdtny1wRq/ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy 
DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwDjKGWtPNIQqabKgYCw2 
o/yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 
w0W
Console#

Table 4-38  802.1X Port Authentication Commands

Command

Function

Mode

Page

dot1x system-auth-control Enables dot1x globally on the switch.

GC

4-119

dot1x default 

Resets all dot1x parameters to their default values

GC

4-119

dot1x max-req

Sets the maximum number of times that the switch 
retransmits an EAP request/identity packet to the client 
before it times out the authentication session

IC

4-119

dot1x port-control

Sets dot1x mode for a port interface

IC

4-120

dot1x operation-mode

Allows single or multiple hosts on an dot1x port

IC

4-120

dot1x re-authenticate

Forces re-authentication on specific ports

PE

4-121

dot1x re-authentication

Enables re-authentication for all ports

IC

4-122

dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request 

Count has been exceeded before attempting to acquire a 
new client

IC

4-122

dot1x timeout 
re-authperiod

Sets the time period after which a connected client must be 
re-authenticated

IC

4-123

dot1x timeout tx-period

Sets the time period during an authentication session that the 
switch waits before re-transmitting an EAP packet

IC

4-123

dot1x intrusion-action

Sets the port response to intrusion when authentication fails IC

4-124

show dot1x

Shows all dot1x related information

PE

4-124

Содержание JetNet 5228G Series

Страница 1: ...Korenix JetNet 5228G Series Rackmount Managed Ethernet Switch User Manual Version 1 1 Apr 2009 www korenix com...

Страница 2: ...228G Series Rackmount Managed Ethernet Switch User s Manual Copyright Notice Copyright 2006 2009 Korenix Technology Co Ltd All rights reserved Reproduction in any form or by any means without permissi...

Страница 3: ...www edge core com 2 24FE 4G Layer 2 4 Ethernet Switch Management Guide V1 1...

Страница 4: ...Management Guide 24FE 4G Fast Ethernet Switch Standalone Layer 2 Switch with 24 100BASE TX RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP...

Страница 5: ...1 and 2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Managing System Files 2 8 Saving Configuration Settings 2 9 Chapter 3 Configuring the Switch 3 1 Using the Web...

Страница 6: ...ss 3 45 Setting the Local Engine ID 3 45 Specifying a Remote Engine ID 3 46 Configuring SNMPv3 Users 3 47 Configuring Remote SNMPv3 Users 3 49 Configuring SNMPv3 Groups 3 51 Setting SNMPv3 Views 3 54...

Страница 7: ...ard IP ACL 3 104 Configuring an Extended IP ACL 3 105 Configuring a MAC ACL 3 107 Binding a Port to an Access Control List 3 108 DHCP Snooping 3 109 Configuring DHCP Snooping 3 111 Configuring VLANs f...

Страница 8: ...Ns VLAN Index 3 176 Adding Static Members to VLANs Port Index 3 178 Configuring VLAN Behavior for Interfaces 3 179 IEEE 802 1Q Tunneling 3 181 Enabling QinQ Tunneling on the Switch 3 185 Adding an Int...

Страница 9: ...237 Layer 2 IGMP Snooping and Query 3 238 Configuring IGMP Snooping and Query Parameters 3 239 Enabling IGMP Immediate Leave 3 241 Displaying Interfaces Attached to a Multicast Router 3 242 Specifying...

Страница 10: ...Commands 4 7 Command Line Processing 4 8 Command Groups 4 9 General Commands 4 10 enable 4 10 disable 4 11 configure 4 12 show history 4 12 reload 4 13 prompt 4 13 end 4 14 exit 4 14 quit 4 14 System...

Страница 11: ...41 timeout login response 4 42 exec timeout 4 43 password thresh 4 44 silent time 4 44 databits 4 45 parity 4 46 speed 4 46 stopbits 4 47 disconnect 4 47 show line 4 48 Event Logging Commands 4 49 lo...

Страница 12: ...server community 4 70 snmp server contact 4 71 snmp server location 4 72 snmp server host 4 72 snmp server enable traps 4 74 snmp server engine id 4 75 show snmp engine id 4 76 snmp server view 4 77...

Страница 13: ...02 accounting commands 4 102 aaa authorization exec 4 103 authorization exec 4 104 show accounting 4 104 Web Server Commands 4 105 ip http port 4 105 ip http server 4 106 ip http secure server 4 106 i...

Страница 14: ...5 mac authentication max mac count 4 135 network access dynamic vlan 4 136 network access guest vlan 4 136 mac authentication reauth time 4 137 clear network access 4 138 show network access 4 138 sho...

Страница 15: ...cess list ip 4 164 MAC ACLs 4 164 access list mac 4 165 permit deny MAC ACL 4 166 show mac access list 4 167 mac access group 4 168 show mac access group 4 168 map access list mac 4 169 show map acces...

Страница 16: ...ning tree forward time 4 203 spanning tree hello time 4 204 spanning tree max age 4 205 spanning tree priority 4 205 spanning tree pathcost method 4 206 spanning tree transmission limit 4 207 spanning...

Страница 17: ...ort dot1q tunnel tpid 4 236 show dot1q tunnel 4 237 Configuring Private VLANs 4 237 private vlan 4 239 private vlan association 4 240 switchport mode private vlan 4 240 switchport private vlan host as...

Страница 18: ...265 lldp dot1 tlv pvid 4 266 lldp dot1 tlv vlan name 4 266 lldp dot3 tlv link agg 4 267 lldp dot3 tlv mac phy 4 267 lldp dot3 tlv max frame 4 268 lldp dot3 tlv poe 4 268 lldp medtlv extpoe 4 269 lldp...

Страница 19: ...vlan static 4 299 ip igmp snooping version 4 300 ip igmp snooping leave proxy 4 300 ip igmp snooping immediate leave 4 301 show ip igmp snooping 4 302 show mac address table multicast 4 302 IGMP Query...

Страница 20: ...guration 4 317 show mvr 4 318 IP Interface Commands 4 321 ip address 4 321 ip default gateway 4 322 ip dhcp restart 4 323 show ip interface 4 323 show ip redirects 4 324 ping 4 324 Appendix A Software...

Страница 21: ...able 3 18 Mapping CoS Values to Egress Queues 3 217 Table 3 19 CoS Priority Levels 3 217 Table 3 20 IP DSCP to CoS Queue Mapping 3 222 Table 3 21 Mapping IP Precedence Values to CoS Priority Queues 3...

Страница 22: ...IP Filter Commands 4 128 Table 4 40 Client Security Commands 4 130 Table 4 41 Port Security Commands 4 131 Table 4 42 Network Access 4 132 Table 4 43 Web Authentication 4 140 Table 4 44 DHCP Snooping...

Страница 23: ...ault CoS Priority Levels 4 280 Table 4 79 Priority Commands Layer 3 and 4 4 282 Table 4 80 Mapping IP DSCP to CoS Queues 4 282 Table 4 81 Mapping IP Precedence to CoS Queues 4 284 Table 4 82 Mapping I...

Страница 24: ...Tables xx...

Страница 25: ...ystem 3 35 Figure 3 21 SNTP Configuration 3 36 Figure 3 22 Setting the System Clock 3 37 Figure 3 23 Setting the Current Date and Time 3 38 Figure 3 1 Enabling the SNMP Agent 3 40 Figure 3 24 Configur...

Страница 26: ...04 Figure 3 63 Configuring Extended IP ACLs 3 106 Figure 3 64 Configuring MAC ACLs 3 108 Figure 3 65 Configuring ACL Port Binding 3 109 Figure 3 66 DHCP Snooping Configuration 3 111 Figure 3 67 DHCP S...

Страница 27: ...3 107 Private VLAN Port Information 3 191 Figure 3 108 Private VLAN Port Configuration 3 192 Figure 3 109 Protocol VLAN Configuration 3 195 Figure 3 110 Protocol VLAN Port Configuration 3 196 Figure 3...

Страница 28: ...244 Figure 3 142 IP Multicast Registration Table 3 245 Figure 3 143 IGMP Member Port Table 3 246 Figure 3 144 Enabling IGMP Filtering and Throttling 3 247 Figure 3 145 IGMP Profile Configuration 3 24...

Страница 29: ...nt Security AAA Authentication Authorization and Accounting Private VLANs Port Authentication IEEE 802 1X Port Security MAC address filtering Network Access MAC Address Authentication Web Authenticati...

Страница 30: ...le Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between the switch and the authentication server to verify the client s right to acc...

Страница 31: ...ion Trunks can be manually set up or dynamically configured using IEEE 802 3 2005 formerly IEEE 802 3ad Link Aggregation Control Protocol LACP The additional ports dramatically increase the throughput...

Страница 32: ...reconfiguring ports to STP compliant mode if they detect STP protocol messages from attached devices Multiple Spanning Tree Protocol MSTP IEEE 802 1s This protocol is a direct extension of RSTP It ca...

Страница 33: ...ng Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real time delivery by setting the required priority leve...

Страница 34: ...to simplify troubleshooting enhance network management and maintain an accurate network topology System Defaults The switch s system defaults are provided in the configuration file Factory_Default_Co...

Страница 35: ...Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Enabled all ports 5k octets per second Address Table Aging Time 300 seconds Sp...

Страница 36: ...0 0 DHCP Client Enabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Disabled Multicast VLAN Registration Disabled System Log Status Enabled Messages Logged Levels 0 6 al...

Страница 37: ...o the RS 232 serial console port on the switch or remotely by a Telnet or Secure Shell SSH connection over the network The switch s management agent also supports SNMP Simple Network Management Protoc...

Страница 38: ...serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on t...

Страница 39: ...vides access to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI p...

Страница 40: ...ss information for the switch to obtain management access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet...

Страница 41: ...ew minutes using exponential backoff until IP configuration information is obtained from a BOOTP or DHCP server BOOTP and DHCP values can include the IP address subnet mask and default gateway Note th...

Страница 42: ...MP agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3...

Страница 43: ...are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a...

Страница 44: ...types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files can be selected as a system start...

Страница 45: ...the copy command New startup configuration files must have a name specified File names on the switch are case sensitive can be from 1 to 31 characters must not contain slashes or and the leading lett...

Страница 46: ...onment temperature conforms to the specified operating temperature range z Mechanical Loading Do no place any equipment on top of the switch z Grounding Rack mounted equipment should be properly groun...

Страница 47: ...n page 2 4 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Set...

Страница 48: ...tatistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page...

Страница 49: ...lorer 7 x This option is available under Tools Internet Options General Browsing History Settings Temporary Internet Files 2 You may have to manually refresh the screen after making configuration chan...

Страница 50: ...21 Delete Allows deletion of files from the flash memory 3 22 Set Start Up Sets the startup file 3 22 Line 3 26 Console Sets console port connection parameters 3 26 Telnet Sets Telnet connection para...

Страница 51: ...ervices for billing or security purposes 3 66 Periodic Update Sets the interval at which accounting updates are sent to RADIUS AAA servers 3 66 802 1X Port Settings Applies the specified accounting me...

Страница 52: ...addresses 3 102 Port Binding Binds a port to the specified ACL 3 108 IP Filter Sets IP addresses of clients allowed management access via the web SNMP and Telnet 3 88 Port 3 120 Port Information Disp...

Страница 53: ...ration Configures individual port settings for STA 3 159 Trunk Configuration Configures individual trunk settings for STA 3 159 MSTP Multiple Spanning Tree Protocol 3 162 VLAN Configuration Configures...

Страница 54: ...Configuration Maps a protocol group to a VLAN 3 196 LLDP Link Layer Discovery Protocol 3 201 Configuration Configures global LLDP timing parameters 3 202 Port Configuration Configures a port for rece...

Страница 55: ...dence values to class of service queues 3 225 IP TOS Priority Status Globally enables IP ToS priority 3 227 IP TOS Priority Sets IP ToS priority mapping IP ToS values to class of service queues 3 227...

Страница 56: ...interface type MVR operational and activity status and immediate leave status 3 254 Trunk Information Displays MVR interface type MVR operational and activity status and immediate leave status 3 254 G...

Страница 57: ...r the switch 3 260 Member Configuration Adds switch Members to the cluster 3 261 Member Information Displays cluster Member switch information 3 262 Candidate Information Displays network Candidate sw...

Страница 58: ...Contact Administrator responsible for the system System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer add...

Страница 59: ...ole config snmp server contact Ted 4 71 Console config exit Console show system 4 30 System Description Layer2 Fast Ethernet Standalone Switch 24FE 4G System OID String 1 3 6 1 4 1 259 6 10 103 System...

Страница 60: ...itch Number of Ports Number of built in RJ 45 ports Hardware Version Hardware version of the main board Internal Power Status Displays the status of the internal power supply Management Software EPLD...

Страница 61: ...o display version information Console show version 4 31 Serial Number 0012CF422DC0 Service Tag Hardware Version R0B EPLD Version 0 00 Number of Ports 28 Main Power Status Up Loader Version 1 0 0 2 Boo...

Страница 62: ...tering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 143 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering data...

Страница 63: ...Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not functio...

Страница 64: ...Static enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console confi...

Страница 65: ...le connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart comma...

Страница 66: ...quential data transfers by supporting jumbo frames up to 9216 bytes Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead req...

Страница 67: ...n the switch directory assigning it a new name file to tftp Copies a file from the switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch TFTP Server IP Address The IP add...

Страница 68: ...IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you re...

Страница 69: ...he file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmware enter...

Страница 70: ...opies the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config to the runni...

Страница 71: ...Copy Operation Select tftp to startup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specif...

Страница 72: ...ange 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the syste...

Страница 73: ...ord for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No p...

Страница 74: ...the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds P...

Страница 75: ...the connection parameters for Telnet access then click Apply Figure 3 15 Enabling Telnet CLI Enter Line Configuration mode for a virtual terminal then specify the connection parameters as required To...

Страница 76: ...Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the spe...

Страница 77: ...to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type ha...

Страница 78: ...the facility type and set the logging trap Console config logging host 192 168 1 15 4 51 Console config logging facility 23 4 51 Console config logging trap 4 4 52 Console config end Console show logg...

Страница 79: ...les the SMTP function Default Enabled Email Source Address Sets the email address used for the From field in alert messages You may use a symbolic email address that identifies the switch or the addre...

Страница 80: ...New Email Destination Address text field and the Add Remove buttons to configure the list Web Click System Log SMTP To add an IP address to the Server IP List type the new IP address in the Server IP...

Страница 81: ...rm that you want to reset the switch Note When restarting the system it will always run the Power On Self Test Console config logging sendmail host 192 168 1 4 4 55 Console config logging sendmail lev...

Страница 82: ...p to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time s...

Страница 83: ...2 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set th...

Страница 84: ...ar Set the current date and time using the fields provided Click Apply to start using the configured time Figure 3 23 Setting the Current Date and Time CLI This example sets the system clock time and...

Страница 85: ...his agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using software such as HP Op...

Страница 86: ...none none Community string only v1 noAuthNoPriv private read write defaultview defaultview none Community string only v1 noAuthNoPriv user defined user defined user defined user defined Community stri...

Страница 87: ...permits access to the SNMP protocol Default strings public read only private read write Range 1 32 characters case sensitive Access Mode Specifies the access rights for the community string Read Only...

Страница 88: ...an be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs...

Страница 89: ...for the SNMPv3 security model Trap Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used Timeout The number of seco...

Страница 90: ...s trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 25 Configuring...

Страница 91: ...bination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred t...

Страница 92: ...s to it See Specifying Trap Managers and Trap Types on page 3 42 and Configuring Remote SNMPv3 Users on page 3 49 A new engine ID can be specified by entering 10 to 64 hexadecimal characters If an odd...

Страница 93: ...oAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only ava...

Страница 94: ...up of a user click Change Group in the Actions column of the users table and select the new group Figure 3 28 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new user name...

Страница 95: ...ier for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID...

Страница 96: ...lick Delete Figure 3 29 Configuring Remote SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user mark group r d remote...

Страница 97: ...iew for write access Range 1 64 characters Notify View The configured view for notifications Range 1 64 characters Table 3 5 Supported Notification Messages Object Label Object ID Description RFC 1493...

Страница 98: ...ol message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be gener...

Страница 99: ...lick Delete Figure 3 30 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and...

Страница 100: ...MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Clic...

Страница 101: ...rver view ifEntry a 1 3 6 1 2 1 2 2 1 1 included 4 77 Console config exit Console show snmp view 4 78 View Name ifEntry a Subtree OID 1 3 6 1 2 1 2 2 1 1 View Type included Storage Type nonvolatile Ro...

Страница 102: ...to the web SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing...

Страница 103: ...ser account and add it to the Account List To change the password for a specific user enter the user name and new password confirm the password by entering it again then click Apply Figure 3 32 Access...

Страница 104: ...d you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console p...

Страница 105: ...ngth 48 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds...

Страница 106: ...ication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if sele...

Страница 107: ...US Server Auth Port 181 Acct port 1813 Retransmit Times 5 Request Timeout 10 Radius server group Group Name Member Index radius 1 Console Console configure Console config authentication login tacacs 4...

Страница 108: ...suports the following AAA features Accounting for IEEE 802 1X authenticated users that access the network through the switch Accounting for users that access management interfaces on the switch throug...

Страница 109: ...r a RADIUS sever the server index must already be defined see Configuring Local Remote Logon Authentication on page 3 58 Web Click Security AAA Radius Group Settings Enter the RADIUS group name follow...

Страница 110: ...he index number of a TACACS server to add it to the group AAA Accounting AAA accounting is a feature that enables the accounting of requested services for billing or security purposes Command Attribut...

Страница 111: ...58 Any other group name refers to a server group configured on the RADIUS or TACACS Group Settings pages Web Click Security AAA Accounting Settings To configure a new accounting method specify a metho...

Страница 112: ...te Enter the required update interval and click Apply Figure 3 37 AAA Accounting Update CLI This example sets the periodic accounting update interval at 10 minutes AAA Accounting 802 1X Port Settings...

Страница 113: ...face AAA Accounting Exec Command Privileges This feature specifies a method name to apply to commands entered at specific CLI privilege levels Command Attributes Commands Privilege Level The CLI privi...

Страница 114: ...Apply Figure 3 39 AAA Accounting Exec Command Privileges CLI Specify the accounting method to use for console and Telnet privilege levels Console config line console 4 40 Console config line accounti...

Страница 115: ...mation recorded for user sessions Command Attributes AAA Accounting Summary Accounting Type Displays the accounting service Method List Displays the user defined or default accounting method Group Lis...

Страница 116: ...rrently applied accounting methods and registered users Console show accounting 4 104 Accounting Type dot1x Method List default Group List radius Interface Method List tps method Group List tps radius...

Страница 117: ...ocal Remote Logon Authentication on page 3 58 Any other group name refers to a server group configured on the TACACS Group Settings page Authorization is only supported for TACACS servers Web Click Se...

Страница 118: ...ization Summary The Authorization Summary displays the configured authorization methods and the interfaces to which they are applied Command Attributes Authorization Type Displays the authorization se...

Страница 119: ...in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server gener...

Страница 120: ...te has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certi...

Страница 121: ...word and public key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication serve...

Страница 122: ...2 Clients a The client sends its password to the server b The switch compares the client s password to those stored in memory c If a match is found the connection is allowed Note To use SSH with only...

Страница 123: ...ost Key The public key for the host RSA Version 1 The first field indicates the size of the host key e g 1024 the second field is the encoded public exponent e g 65537 and the last string is the encod...

Страница 124: ...48320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 60325919683697053439336438445223335188287173896894511729290510...

Страница 125: ...seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentica...

Страница 126: ...POL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server verifies the client identity and s...

Страница 127: ...the switch requires the following The switch must have an IP address assigned RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified 802 1X must be enab...

Страница 128: ...d Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 49 802 1X Global Configuration CLI This example enables 802 1X globally for the switch Console...

Страница 129: ...be re authenticated after the interval specified by the Re authentication Period Re authentication can be used to detect if a new device is plugged into a switch port Default Disabled Max Request Set...

Страница 130: ...nt Indicates the MAC address of a connected client Trunk Indicates if the port is configured as a trunk port Web Click Security 802 1X Port Configuration Modify the parameters required and click Apply...

Страница 131: ...4 124 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto...

Страница 132: ...of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx...

Страница 133: ...802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 124 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logof...

Страница 134: ...es either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for dif...

Страница 135: ...filter list Figure 3 52 Creating an IP Filter List CLI This example allows SNMP access for a specific client Console config management snmp client 10 1 2 3 4 128 Console config end Console show manage...

Страница 136: ...e secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports See Configuring 802 1X Port Authentication on page 3 80 Web Authentication Allows...

Страница 137: ...esses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from ac...

Страница 138: ...click Apply Figure 3 53 Configuring Port Security CLI This example selects the target port sets the port security action to send a trap and disable the port sets the maximum MAC addresses allowed on t...

Страница 139: ...ation on page 3 58 2 Web authentication cannot be configured on trunk ports Configuring Web Authentication Web authentication is configured on a per port basis however there are four configurable para...

Страница 140: ...Counts Indicates how many authenticated hosts are connected to the port Web Click Security Web Authentication Port Configuration Set the status box to enabled for any port that requires web authentic...

Страница 141: ...atus of each connected host Remaining Session Time seconds Indicates the remaining time until the current authorization session for a host expires Web Click Security Web Authentication Port Informatio...

Страница 142: ...P Indicates the IP address of the host selected for re authentication Web Click Security Web Authentication Re authentication Figure 3 57 Web Authentication Port Re authentication CLI This example for...

Страница 143: ...r the switch port When enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The username and password are both equal to the M...

Страница 144: ...uthenticated When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process traffic through the port remains unaffecte...

Страница 145: ...uthentication intrusion action must be set for Guest VLAN see Configuring Port Settings for 802 1X on page 3 83 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port When enabled any...

Страница 146: ...mac count 10 4 134 Console config if mac authentication max mac count 24 4 135 Console config if network access dynamic vlan 4 136 Console config if network access guest vlan 4 136 Console config if...

Страница 147: ...ddresses Address Table Sort Key Sorts the information displayed based on MAC address or port interface Unit Port The port interface associated with a secure MAC address MAC Address The authenticated M...

Страница 148: ...ce IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified packets can also...

Страница 149: ...otocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP control code MAC MAC ACL mode that filters packets based on the source or destin...

Страница 150: ...ate match and 0 bits to indicate ignore The mask is bitwise ANDed with the specified source IP address and compared with the address for each IP packet entering the port s to which this ACL has been a...

Страница 151: ...7 DSCP DSCP priority level Range 0 63 Protocol Specifies the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Sour...

Страница 152: ...g packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through...

Страница 153: ...the Address and Bitmask fields Options Any Host MAC Default Any Source Destination MAC Address Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source or destination...

Страница 154: ...icate with all destination mac addresses on VLAN 12 and another permit rule for source mac address to communicate with all destination mac addresses Binding a Port to an Access Control List After conf...

Страница 155: ...IP address back to a physical port Command Usage Network traffic may be disrupted when malicious DHCP messages are received from an outside source DHCP snooping is used to filter DHCP messages receiv...

Страница 156: ...in the binding table If the DHCP packet is from a client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address verification is disabled However if MAC add...

Страница 157: ...uration CLI This example first enables DHCP Snooping and then enables DHCP Snooping MAC Address Verification Configuring VLANs for DHCP Snooping Enables DHCP snooping on the specified VLAN Command Usa...

Страница 158: ...so an effective tool in preventing malicious network attacks from attached clients on DHCP services such as IP Spoofing Client Identifier Spoofing MAC Address Spoofing and Address Exhaustion Command U...

Страница 159: ...or a zero relay address In some cases the switch may receive DHCP packets from a client that already includes DHCP Option 82 information The switch can be configured to set the action policy for thes...

Страница 160: ...enabled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bi...

Страница 161: ...use the IP address of a neighbor to access the network This section describes commands used to configure IP Source Guard Configuring Ports for IP Source Guard IP Source Guard is used to filter traffic...

Страница 162: ...mber and source MAC address for the sip mac option If a matching entry is found in the binding table and the entry type is static IP source guard binding the packet will be forwarded If the DHCP snoop...

Страница 163: ...e guard binding table are automatically configured with an infinite lease time Dynamic entries learned via DHCP snooping are configured by the DHCP server itself of which static entries include a manu...

Страница 164: ...1 28 VLAN ID ID of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Web Click IP Source Guard Static Confi...

Страница 165: ...ic Binding Table Counts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table Web Click IP Sou...

Страница 166: ...e is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow...

Страница 167: ...bps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow control Broadcast Storm Shows if broadcast storm c...

Страница 168: ...interface You can disable an interface due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also disable an interface for security reason...

Страница 169: ...speed mode and flow control The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex...

Страница 170: ...standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other...

Страница 171: ...manufacturer s implementation However note that the static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the config...

Страница 172: ...an LACP trunk must be configured for full duplex and auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 125 Con...

Страница 173: ...on another switch to form a trunk Console config interface ethernet 1 1 4 172 Console config if lacp 4 186 Console config if exit Console config interface ethernet 1 6 Console config if lacp Console c...

Страница 174: ...Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must b...

Страница 175: ...can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate...

Страница 176: ...d 4 191 Port Channel System Priority System MAC Address 1 3 00 12 CF 31 31 31 2 3 00 12 CF 31 31 31 3 3 00 12 CF 31 31 31 4 3 00 12 CF 31 31 31 5 3 00 16 B6 F0 3B EC 6 3 00 16 B6 F0 3B EC 7 3 00 16 B6...

Страница 177: ...rnet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry...

Страница 178: ...nformation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be e...

Страница 179: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 191 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP S...

Страница 180: ...signed by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggrega...

Страница 181: ...e Level Multiplied by one another the scale and level set the broadcast threshold For example to set a threshold of 500 Kbytes per second choose 100K under Scale and 5 under Level Scale Range 1 10 100...

Страница 182: ...2 Console config if switchport broadcast 4 178 Console config if end Console show interfaces switchport ethernet 1 1 4 182 Information of Eth 1 1 Broadcast Threshold Enabled scale 100K level 5 octets...

Страница 183: ...t whose traffic will be monitored Range 1 28 Type Allows you to select which traffic to mirror to the target port Rx receive or Tx transmit Default Rx Target Port The port that will mirror the traffic...

Страница 184: ...without any changes Rate Limit Configuration Use the rate limit configuration pages to apply rate limiting Command Usage Input and output rate limits can be enabled or disabled for individual interfa...

Страница 185: ...otal number of octetts received on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast...

Страница 186: ...de frames received with frame too long or frame too short error Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions This counter d...

Страница 187: ...he number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and we...

Страница 188: ...ng the Switch 3 142 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 84 Port S...

Страница 189: ...dress of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Console show interfaces counters ethernet 1 13 4 181 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122...

Страница 190: ...for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interf...

Страница 191: ...method of sorting the displayed addresses and then click Query Figure 3 86 Configuring a Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac add...

Страница 192: ...sables the function Aging Time The time after which a learned entry is discarded Range 10 98301 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click Apply...

Страница 193: ...gned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded betwee...

Страница 194: ...MST Configuration Identifiers including the Region Name Revision Level and Configuration Digest see Configuring Multiple Spanning Trees on page 3 162 An MST Region may contain multiple MSTP Instances...

Страница 195: ...s at which the root device transmits a configuration message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This de...

Страница 196: ...w root port is selected from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum tim...

Страница 197: ...Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0016B6F03BEC Current Root Port 0 Current Root Cost 0 Number of Topology Changes 0 Last Topology Change Time sec 4291 Tr...

Страница 198: ...that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to pa...

Страница 199: ...oth ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changi...

Страница 200: ...o MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision The revision for this MSTI Range 0 65535 Default 0 Region Name The name for this MSTI Maximum lengt...

Страница 201: ...Spanning Tree Algorithm Configuration 3 155 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 89 Configuring Spanning Tree...

Страница 202: ...s and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has...

Страница 203: ...e Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e desi...

Страница 204: ...cepted as the root device Fast forwarding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port You can enab...

Страница 205: ...for additional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Del...

Страница 206: ...kes precedence over port priority Range 0 for auto configuration 1 65535 for the short path cost method11 1 200 000 000 for the long path cost method By default the system automatically detects the sp...

Страница 207: ...of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes oth...

Страница 208: ...ich cover the same general area of your network However remember that you must configure all bridges within the same MSTI Region page 3 133 with the same set of instances and the same instance on each...

Страница 209: ...Instance VLANs assigned to this instance MST ID Instance identifier to configure Range 0 57 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094 The other global attributes are...

Страница 210: ...ay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 4096 1 0012CF7D25BC Current Root Port 0 Current Root Cost 0 Number of Topolo...

Страница 211: ...trunks in the selected MST instance Command Attributes MST Instance ID Instance identifier to configure Default 0 Note The other attributes are described under Displaying Interface Settings on page 3...

Страница 212: ...20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0012CF7D25BC Current Root Port 0 Current Root Cost 0 Number of Topology Changes 0 Last Topology Change Time sec 2188...

Страница 213: ...h are the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spa...

Страница 214: ...02 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you...

Страница 215: ...ork devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but n...

Страница 216: ...the specified VLANs and then forward the message to all other ports When the message arrives at another switch that supports GVRP it will also place the receiving port in the specified VLANs and pass...

Страница 217: ...VLAN tag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from...

Страница 218: ...tch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this switch Web Click VLAN 802 1Q VLAN Basic Information Figure 3 96 Displaying Basic VLAN Information CLI Enter...

Страница 219: ...for one or two switches you can disable tagging Command Attributes Web VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLA...

Страница 220: ...be defined VLAN 1 is the default untagged VLAN VLAN 4093 is reserved for switch clustering and is not user configurable or removable New Allows you to specify the name and numeric identifier for a new...

Страница 221: ...end Console show vlan 4 233 Vlan ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11...

Страница 222: ...f the VLAN 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Membership Type Select V...

Страница 223: ...gure 3 99 Configuring a VLAN Static Table CLI The following example adds tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 4 172 Console config if switchport allowed vlan add 2...

Страница 224: ...p by Port Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagge...

Страница 225: ...d or untagged frames or only tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Options All Tagged Default All Ingress Filtering D...

Страница 226: ...1000 Mode Indicates VLAN membership mode for an interface Default Hybrid Access Sets the port to operate as an untagged interface All frames are sent untagged General Specifies a hybrid VLAN interface...

Страница 227: ...stomers is segregated within the service provider s network even when they use the same customer specific VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the cu...

Страница 228: ...already have The ingress process constructs and inserts the outer tag SPVLAN into the packet based on the default VLAN ID and Tag Protocol Identifier TPID that is the ether type of the tag This outer...

Страница 229: ...ther type of an incoming packet single or double tagged is equal to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets...

Страница 230: ...bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode see Enabling QinQ Tunneling on the Sw...

Страница 231: ...t is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames Command Usage Use the 802 1Q Tunnel Configuration screen to set the switch to QinQ mode before configuring a tunnel port see...

Страница 232: ...preserve customer VLAN IDs for traffic crossing the service provider network 802 1Q Tunnel Uplink Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider...

Страница 233: ...ly within the same switch To configure primary secondary associated groups follow these steps 1 Use the Private VLAN Configuration menu page 3 189 to designate one or more community VLANs and the prim...

Страница 234: ...VLAN Then assign the promiscuous port and all host ports to an isolated VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on...

Страница 235: ...Community VLANs Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN Current Displays a list of the currently configured VLANs Web Click VLAN Private V...

Страница 236: ...mmunity VLANs 6 and 7 with primary VLAN 5 Displaying Private VLAN Interface Information Use the Private VLAN Port Information and Private VLAN Trunk Information menus to display the interfaces associa...

Страница 237: ...raffic between the isolated ports and a lone promiscuous port Trunk Shows if a port is a member or a trunk Web Click VLAN Private VLAN Port Information Figure 3 107 Private VLAN Port Information CLI T...

Страница 238: ...es within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs If PVLAN type is Promiscuous the...

Страница 239: ...not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want...

Страница 240: ...ixed protocol types have been preconfigured For these Protocol VLAN groups the frame type of network traffic is not considered all frame types are accepted IP 0x0800 IPX 0x8137 Apple talk 0x809B Progr...

Страница 241: ...protocol type Click Apply Figure 3 109 Protocol VLAN Configuration CLI This example configures Protocol Group 1 with the fixed preconfigured IP parameters and configures Protocol Group 2 with user def...

Страница 242: ...and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interfac...

Страница 243: ...packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member the Voice VLAN...

Страница 244: ...d member to the Voice VLAN when VoIP traffic is detected on the port You must select a method for detecting VoIP traffic either OUI or 802 1ab LLDP When OUI is selected be sure to configure the MAC ad...

Страница 245: ...on See Link Layer Discovery Protocol on page 3 201 for more information on LLDP Priority Defines a CoS priority for port traffic on the Voice VLAN The priority of any received VoIP packet is overwrit...

Страница 246: ...e first three octets Other masks restrict the MAC address range Selecting FF FF FF FF FF FF specifies a single MAC address Default FF FF FF 00 00 00 Description User defined text that identifies the V...

Страница 247: ...clude details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Li...

Страница 248: ...delay between the successive transmission of advertisements initiated by a change in local LLDP MIB variables Range 1 8192 seconds Default 2 seconds The transmit delay is used to prevent a series of s...

Страница 249: ...all Service Web Click LLDP Configuration Enable LLDP modify any of the timing parameters as required and click Apply Figure 3 114 LLDP Configuration CLI This example sets several attributes which cont...

Страница 250: ...eck the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss TLV Type Configures the information included in the...

Страница 251: ...Connectivity Devices to efficiently discover which LLDP MED related TLVs are supported on the switch Network Policy This option advertises network policy configuration information aiding in the disco...

Страница 252: ...lldp medNotification 4 261 Console config if lldp basic tlv port description 4 263 Console config if lldp basic tlv system description 4 264 Console config if lldp basic tlv management ip address 4 26...

Страница 253: ...Displaying System Information on page 3 12 System Description A textual description of the network entity This field is also displayed by the show system command System Capabilities Supported The cap...

Страница 254: ...U or for the port sending this advertisement Interface Settings The attributes listed below apply to both port and trunk interface types When a trunk is listed the descriptions apply to the first port...

Страница 255: ...be used for this field System Name An string that indicates the system s administratively assigned name Console show lldp info local device 4 273 LLDP Local System Information Chassis Type MAC Address...

Страница 256: ...e identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field See Table 3 15 Chassis ID Subtype on page 207 Chassis ID An octet string indica...

Страница 257: ...ystem which are currently enabled Refer to the preceding table See Table 3 16 System Capabilities on page 207 Management Address The IPv4 address of the remote device If no management address is avail...

Страница 258: ...of times which the local remote database dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The number of times that a neighbor s information has been deleted from the...

Страница 259: ...ected directly to this switch switch show lldp info statistics 4 275 LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Cou...

Страница 260: ...f all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recognized...

Страница 261: ...witch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue at the output port Command Usage This switch prov...

Страница 262: ...d traffic Console config interface ethernet 1 3 4 172 Console config if switchport priority default 5 4 278 Console config if end Console show interfaces switchport ethernet 1 3 4 182 Information of E...

Страница 263: ...ollowing table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Interface Selects the port or...

Страница 264: ...igure 3 122 Traffic Classes CLI The following example shows how to change the CoS assignments Console config interface ethernet 1 1 4 172 Console config if queue cos map 0 0 4 279 Console config if qu...

Страница 265: ...viced according to it s weighting This prevents the head of line blocking that can occur with strict priority queuing Hybrid mode uses strict priority queuing for the highest priority queue queue 3 pr...

Страница 266: ...ntly affects the response time for software applications assigned a specific priority value Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights for allocated...

Страница 267: ...ces Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service output queue Because different priority information may be contained in the traffic the swit...

Страница 268: ...output queue Note that queue 0 represents low priority and 3 represent high priority Note IP DSCP priority settings apply to all interfaces Web Click Priority IP DSCP Priority Status Mark the Enabled...

Страница 269: ...TP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS queue map IP Port Number TCP UDP Set a...

Страница 270: ...n click Apply Figure 3 128 IP Port Priority CLI The following example globally enables IP Port Priority service on the switch maps HTTP traffic to CoS queue 0 and then displays all the IP Port Priorit...

Страница 271: ...sables the IP Precedence priority IP Precedence Priority Table Shows the IP Precedence to CoS map Class of Queue Service Value Maps an IP Precedence value to a CoS queue Note that queue 0 represents l...

Страница 272: ...recedence to Class of Service Queues CLI The following example globally enables IP Precedence priority on the switch maps IP Precedence value 2 to CoS queue 0 and then displays all the IP Precedence s...

Страница 273: ...he defined IP TOS values and the default mapping to CoS queues on the switch All the TOS values not defined are mapped to CoS queue 0 Command Attributes IP TOS Priority Status Enables or disables the...

Страница 274: ...ing IP TOS to Class of Service Queues CLI The following example globally enables IP TOS priority on the switch maps IP TOS value 2 to CoS queue 2 and then displays all the IP TOS settings Console conf...

Страница 275: ...mand Attributes Port Port identifier Name Name of a configured ACL Type Type of ACL IP or MAC CoS Values CoS values used for packets matching the ACL rule Range 0 7 Web Click Priority ACL CoS Priority...

Страница 276: ...rioritize the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path...

Страница 277: ...characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class entry Modify the criteria used to classify ingress traffic on this pag...

Страница 278: ...ules to change the rules of an existing class Figure 3 135 Configuring Class Maps CLI This example creates a class map call rd_class and sets it to match packets matching the access list rd Console co...

Страница 279: ...CL IPv6 Standard ACL and IPv6 Extended ACL Also note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum...

Страница 280: ...specified rate will be dropped Remove Class Deletes a class Policy Options Class Name Name of class map Action Configures the service provided to ingress traffic by setting a CoS or DSCP value in a ma...

Страница 281: ...235 3 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 136 Conf...

Страница 282: ...and Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from the...

Страница 283: ...the ports that want to join a multicast group and set its filters accordingly If there is no multicast router attached to the local subnet multicast traffic and query messages may not be received by...

Страница 284: ...In this case traffic is filtered from sources in the Exclude list and forwarded from all other available sources Notes 1 When the switch is configured to use IGMPv3 snooping the snooping version may...

Страница 285: ...ble is already full the switch will continue flooding the traffic into the VLAN IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast tra...

Страница 286: ...he interface which had been receiving query packets to have expired Range 300 500 seconds Default 300 IGMP Version Sets the protocol version for compatibility with other devices on the network Range 1...

Страница 287: ...ed to the interface Therefore immediate leave should only be enabled on an interface if it is connected to only one IGMP enabled device either a service host or a neighbor running IGMP snooping Immedi...

Страница 288: ...ss the Internet These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch You can use the Multicast Router Port Information page to display the por...

Страница 289: ...if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join all...

Страница 290: ...in VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for which to...

Страница 291: ...d in Configuring IGMP snooping and Query Parameters on page 3 133 For certain applications that require tighter control you may need to statically configure a multicast service on the switch First add...

Страница 292: ...TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits...

Страница 293: ...IGMP filtering and throttling on the switch you must first enable the feature globally and create IGMP profile numbers Command Attributes IGMP Filter Enables IGMP filtering and throttling globally fo...

Страница 294: ...nd Attributes Profile ID Selects an existing profile number to configure After selecting an ID number click the Query button to display the current configuration Access Mode Sets the access mode of th...

Страница 295: ...e configured IGMP profiles you can assign them to interfaces on the switch Also you can set the IGMP throttling number to limit the number of multicast groups an interface can join at the same time Co...

Страница 296: ...t the same time Range 0 255 Default 255 Current Multicast Groups Displays the current number of multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximu...

Страница 297: ...r a wide part of the network without having to use any multicast routing protocol MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into...

Страница 298: ...ng term and be associated with a stable set of hosts you can statically bind the multicast group to the participating interfaces see Assigning Static Multicast Groups to Interfaces on page 3 257 Confi...

Страница 299: ...orts should be configured as members of the MVR VLAN see Adding Static Members to VLANs VLAN Index on page 3 176 but MVR receiver ports should not be manually configured as members of this VLAN Range...

Страница 300: ...there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or di...

Страница 301: ...ided through the MVR VLAN Web Click MVR Group IP Information Figure 3 149 MVR Group IP Information CLI This example following shows information about the interfaces associated with multicast groups as...

Страница 302: ...h have been statically assigned see Assigning Static Multicast Groups to Interfaces on page 3 257 Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed f...

Страница 303: ...ver port and then enables immediate leave on the receiver port Assigning Static Multicast Groups to Interfaces For multicast streams that will run for a long term and be associated with a stable set o...

Страница 304: ...ows the IP addresses for all MVR multicast groups which have not been statically assigned to the selected interface Web Click MVR Group Member Configuration Select a port or trunk from the Interface f...

Страница 305: ...esses There can be up to 36 Member switches in one cluster and Cluster switches must be in the same IP subnet Once a switch has been configured to be a cluster Commander it automatically discovers oth...

Страница 306: ...abled Role Indicates the current role of the switch in the cluster either Commander Member or Candidate Default Candidate Cluster IP Pool An internal IP address pool that is used to assign IP addresse...

Страница 307: ...lected Candidate switch Range 1 36 MAC Address Select a discoverd switch MAC address from the Candidate Table or enter a specific MAC address of a known switch Web Click Cluster Member Configuration F...

Страница 308: ...r switch MAC Address The MAC address of the Member switch Description The system description string of the Member switch Web Click Cluster Member Information Figure 3 155 Cluster Member Information CL...

Страница 309: ...the network MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 156 Cluster Candidat...

Страница 310: ...Configuring the Switch 3 264 3...

Страница 311: ...the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered...

Страница 312: ...solated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by performing...

Страница 313: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Страница 314: ...P log Login records logging Logging setting mac MAC access list mac address table Shows the MAC address table management Show management information map Maps priority mvr Show mvr interface informatio...

Страница 315: ...em messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI maintains a history of...

Страница 316: ...Only a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new c...

Страница 317: ...nds configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple interfaces VLAN Configuration Includes the command to create...

Страница 318: ...n database Console config vlan 4 225 Console config interface ethernet 1 5 Console config if exit Console config Table 4 3 Command Line Processing Keystroke Function Ctrl A Shifts cursor to start of c...

Страница 319: ...address or Ethernet type 4 157 Interface Configures the connection parameters for all Ethernet ports aggregated links and VLANs 4 172 Link Aggregation Statically groups multiple ports into a single lo...

Страница 320: ...tanding Command Modes on page 4 6 Syntax enable level level Privilege level to log into the device The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec Enter level 15 to acc...

Страница 321: ...word 4 85 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gai...

Страница 322: ...6 Default Setting None Command Mode Privileged Exec Example Related Commands end 4 14 show history This command shows the contents of the command history buffer Default Setting None Command Mode Norm...

Страница 323: ...Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Us...

Страница 324: ...ration mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privile...

Страница 325: ...nation Configures information that uniquely identifies this switch 4 16 Banner Information Configures administrative contact device identification and location 4 16 System Status Displays system confi...

Страница 326: ...nformation is only available via the CLI and is automatically displayed before login as soon as a console or telnet connection has been established Table 4 7 Device Designation Commands Command Functi...

Страница 327: ...the backspace key during script mode is not supported If for example a mistake is made in the company name it can be corrected with the banner configure company command banner configure equipment info...

Страница 328: ...or clarity Console config banner configure Company Edge corE Responsible department R D Dept Name and telephone to Contact the management people Manager1 name Sr Network Admin phone number 123 555 121...

Страница 329: ...command attribute is 32 characters Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or other unobtrusi...

Страница 330: ...ow row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufacturer id rack row shelf rack mfr id The name of the device model number floor...

Страница 331: ...ta input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity Example banner configure ip lan This comma...

Страница 332: ...ner Use the no form to restore the default setting Syntax banner configure lp number lp num no banner configure lp number lp num The LP number Maximum length 32 characters Default Setting None Command...

Страница 333: ...d manager Default Setting None Command Mode Global Configuration Command Usage Maximum string length for each command attribute is 32 characters Input strings cannot contain spaces The banner configur...

Страница 334: ...e note info Miscellaneous information that does not fit in the other banner categories or any other information of importance to users of the switch CLI Maximum length 150 characters Default Setting N...

Страница 335: ...3 15 24 48V id_3 15 24 2 Number of LP 4 Position MUX telco 9734212kx_PVC 1 23 IP LAN 216 241 132 3 255 255 255 0 Note ROUTINE_MAINTENANCE_firmware upgrade_0100 0500_GMT 0500_20071022 _20min_network_i...

Страница 336: ...settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information Switch s...

Страница 337: ...name admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d25...

Страница 338: ...y command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information Switch s MAC address SNTP...

Страница 339: ...unity private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enab...

Страница 340: ...ileged Exec Command Usage The session used to execute this command is indicated by a symbol next to the Line i e session index number Console show system System Description Layer2 Fast Ethernet Standa...

Страница 341: ...nts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 s...

Страница 342: ...ncapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switch...

Страница 343: ...settings can be uploaded and downloaded to and from a TFTP server The configuration file can be later downloaded to restore switch settings The configuration file can be downloaded under a new file na...

Страница 344: ...ialization tftp Keyword that allows you to copy to from a TFTP server https certificate Copies an HTTPS certificate from an TFTP server to the switch public key Keyword that allows you to copy a SSH k...

Страница 345: ...The following example shows how to upload the configuration settings to a file on the TFTP server The following example shows how to copy the running configuration to a startup file Console copy tftp...

Страница 346: ...on file or image name Command Mode Privileged Exec Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup W...

Страница 347: ...splay includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the configuration file or code image Default Setti...

Страница 348: ...filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or code image The co...

Страница 349: ...es a password on a line LC 4 41 timeout login response Sets the interval that the system waits for a user to log into the CLI LC 4 42 exec timeout Sets the interval that the command interpreter waits...

Страница 350: ...een displays such as show users However the serial communication parameters e g databits do not affect Telnet or SSH connections Example To enter console line mode enter the following command Related...

Страница 351: ...s no authentication When using this method the management interface starts in Normal Exec NE mode This command controls login authentication via the switch itself To configure user names and passwords...

Страница 352: ...you to manually configure encrypted passwords Example Related Commands login 4 40 password thresh 4 44 timeout login response This command sets the interval that the system waits for a user to log int...

Страница 353: ...timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command...

Страница 354: ...and to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections Example To set the passwo...

Страница 355: ...ta bits per character 8 Eight data bits per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on i...

Страница 356: ...ty enter this command speed This command sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default sett...

Страница 357: ...command disconnect This command terminates an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command...

Страница 358: ...onsole access i e Telnet Default Setting Shows all lines Command Mode Normal Exec Privileged Exec Example To show all lines enter this command Console show line Console Configuration Password Threshol...

Страница 359: ...rol the type of error messages that are sent to specified syslog servers Example Related Commands logging history 4 50 logging trap 4 52 clear log 4 52 Table 4 14 Event Logging Commands Command Functi...

Страница 360: ...ode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 15 Logging Levels Level...

Страница 361: ...ility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server t...

Страница 362: ...etting Enabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this com...

Страница 363: ...lt Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the message level for...

Страница 364: ...able REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP ad...

Страница 365: ...each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection Console show log ram 1 00 00 38 2001 0...

Страница 366: ...he selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshold All events at this level...

Страница 367: ...il address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipient...

Страница 368: ...ing sendmail Console config Console show logging sendmail SMTP servers 1 192 168 1 200 SMTP minimum severity level 4 SMTP destination email addresses 1 geoff acme com SMTP source email address john ac...

Страница 369: ...the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues ti...

Страница 370: ...dates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the s...

Страница 371: ...for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before af...

Страница 372: ...ork or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Rang...

Страница 373: ...ers other cluster enabled switches in the network These Candidate switches only become cluster Members when manually selected by the administrator through the management station Note Cluster Member sw...

Страница 374: ...witches are limited to the same Ethernet broadcast domain There can be up to 100 candidates and 36 member switches in one cluster A switch can only be a Member of one cluster Configured switch cluster...

Страница 375: ...ration Command Usage An internal IP address pool is used to assign IP addresses to Member switches in the cluster Internal cluster IP addresses are in the form 10 x x member ID Only the base IP addres...

Страница 376: ...number of switch Candidates is 100 Example rcommand This command provides access to a cluster Member CLI for configuration Syntax rcommand id member id member id The ID number of the Member switch Ran...

Страница 377: ...ode Privileged Exec Example Console show cluster Role commander Interval heartbeat 30 Heartbeat loss count 3 Number of Members 1 Number of Candidates 2 Console Console show cluster members Cluster Mem...

Страница 378: ...orm to disable the server Syntax no snmp server Default Setting Enabled Table 4 21 SNMP Commands Command Function Mode Page snmp server Enables the SNMPv3 server GC 4 68 show snmp Displays the status...

Страница 379: ...Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol dat...

Страница 380: ...cts rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down en...

Страница 381: ...erver contact This command sets the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contact string String that describes...

Страница 382: ...address of the host the targeted recipient Maximum host addresses 5 trap destination IP address entries inform Notifications are sent as inform messages Note that this option is only available for ver...

Страница 383: ...host to receive notifications at least one snmp server enable traps command and the snmp server host command for that host must be enabled Some notification types cannot be controlled with the snmp se...

Страница 384: ...the community string is interpreted as an SNMP user name If you use the V3 auth or priv options the user name must first be defined with the snmp server user command Otherwise the authentication passw...

Страница 385: ...down traps are legacy notifications and therefore when used for SNMP Version 3 hosts they must be enabled in conjunction with the corresponding entries in the Notify View assigned by the snmp server g...

Страница 386: ...nt is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it A local engine ID is automatically generated that is unique...

Страница 387: ...up command to restrict user access to specified portions of the MIB tree The predefined view defaultview includes access to the entire MIB tree Examples This view includes MIB 2 This view includes the...

Страница 388: ...Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name defaultview Subtree OID 1 View Type included Storage Type volati...

Страница 389: ...w for notifications 1 64 characters Default Setting Default groups public19 read only private20 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is define...

Страница 390: ...s active Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview W...

Страница 391: ...2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the e...

Страница 392: ...mote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote...

Страница 393: ...user associated with an SNMP engine on a remote device Table 4 26 Authentication Commands Command Group Function Page User Accounts Configures the basic user names and passwords for management access...

Страница 394: ...e of the user Maximum length 8 characters case sensitive Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec no...

Страница 395: ...level Level 15 for Privileged Exec Levels 0 14 are not used 0 7 0 means plain password 7 means encrypted password password password for this privilege level Maximum length 8 characters plain text 32 e...

Страница 396: ...e that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a...

Страница 397: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege...

Страница 398: ...erver auth_port RADIUS server UDP port used for authentication messages Range 1 65535 acct_port RADIUS server UDP port used for accounting messages Range 1 65535 timeout Number of seconds the switch w...

Страница 399: ...ault Setting 1812 Command Mode Global Configuration Example radius server acct port This command sets the RADIUS server port used for accounting messages Use the no form to restore the default Syntax...

Страница 400: ...Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius s...

Страница 401: ...S server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resendin...

Страница 402: ...ius server Global Settings Communication Key with RADIUS Server Auth Port 1812 Acct port 1813 Retransmit Times 2 Request Timeout 5 Server 1 Server IP Address 10 1 2 3 Communication Key with RADIUS Ser...

Страница 403: ...ge 1 540 seconds retransmit Number of times the switch will resend an authentication request to the TACACS server Range 1 30 key Encryption key used to authenticate logon access for client Do not use...

Страница 404: ...mmand Mode Global Configuration Example tacacs server retransmit This command sets the number of retries Use the no form to restore the default Syntax tacacs server retransmit number_of_retries no tac...

Страница 405: ...erver Use the no form to restore the default Syntax tacacs server timeout number_of_seconds no tacacs server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a...

Страница 406: ...Server IP address 1 2 3 4 Communication key with TACACS server Server port number 49 Retransmit Times 2 Request Times 5 Tacacs server group Group Name Member Index tacacs 1 Console Table 4 32 AAA Com...

Страница 407: ...m to remove the associated server from the group Syntax no server index ip address index Specifies a server index and the sequence to use for the group Range RADIUS 1 5 TACACS 1 ip address Specifies t...

Страница 408: ...dius tacacs server group no aaa accounting dot1x default method name default Specifies the default accounting method for service requests method name Specifies an accounting method for service request...

Страница 409: ...nting from starting point and stopping point group Specifies the server group to use radius Specifies all RADIUS hosts configure with the radius server host command described on page 4 88 tacacs Speci...

Страница 410: ...up to use tacacs Specifies all TACACS hosts configure with the tacacs server host command described on page 4 93 server group Specifies the name of a server group configured with the aaa group server...

Страница 411: ...accounting records for all users on the system Using the command without specifying an interim interval enables updates but does not change the current interval setting Example accounting dot1x This c...

Страница 412: ...n accounting method to entered CLI commands Use the no form to disable accounting for entered commands Syntax accounting commands level default list name no accounting commands level level The privile...

Страница 413: ...4 93 server group Specifies the name of a server group configured with the aaa group server command described on 4 97 Range 1 255 characters Default Setting Authorization is not enabled No servers ar...

Страница 414: ...ngs per function and per port Syntax show accounting commands level dot1x statistics username user name interface exec statistics statistics commands Displays accounting information for CLI commands e...

Страница 415: ...t Setting 80 Command Mode Global Configuration Console show accounting Accounting type dot1x Method list default Group list radius Interface Method list tps Group list radius Interface eth 1 2 Account...

Страница 416: ...command enables the secure hypertext transfer protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disab...

Страница 417: ...HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 74 Also refer to the copy command on page 4 34 Example Related Commands ip http secure port 4 10...

Страница 418: ...CP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port...

Страница 419: ...nsole config ip telnet server Console config ip telnet port 123 Console config Table 4 36 Secure Shell Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4 111 i...

Страница 420: ...the User Accounts page as described on page 3 56 The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format as shown i...

Страница 421: ...vate key corresponds to an authorized public key and the client is authenticated Authenticating SSH v2 Clients a The client first queries the switch to determine if DSA public key authentication using...

Страница 422: ...store the default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Conf...

Страница 423: ...guration Example Related Commands show ip ssh 4 116 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key si...

Страница 424: ...rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage This command stores the host key pair in memory i e RAM Use the ip ssh sa...

Страница 425: ...the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Relate...

Страница 426: ...ey dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username En...

Страница 427: ...ed by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options f...

Страница 428: ...ZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 w0W Console Table 4 38 802 1X Port Authentication Commands Command Function Mode P...

Страница 429: ...t settings to their default values Command Mode Global Configuration Example dot1x max req This command sets the maximum number of times the switch port will retransmit an EAP request identity packet...

Страница 430: ...ration Example dot1x operation mode This command allows single or multiple hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to single host...

Страница 431: ...forces re authentication on all ports or a specific interface Syntax dot1x re authenticate interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 Command Mode Privi...

Страница 432: ...or the user assigned to the Guest VLAN see dot1x intrusion action on page 4 124 The connected client is re authenticated after the interval specified by the dot1x timeout re authperiod command The def...

Страница 433: ...e on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout tx period seconds no dot1x timeout tx per...

Страница 434: ...ration Command Usage For guest VLAN assignment to be successful the VLAN must be configured and set as active see vlan database on page 4 225 and assigned as the guest VLAN for the port see network ac...

Страница 435: ...uthentication session before re transmitting EAP packet page 4 123 supplicant timeout Supplicant timeout server timeout Server timeout reauth max Maximum number of reauthentication attempts max req Ma...

Страница 436: ...se success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier carried in the most recent EAP Succ...

Страница 437: ...2 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status A...

Страница 438: ...ement interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be confi...

Страница 439: ...mp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Console confi...

Страница 440: ...te VLANs Configures private VLANs including uplink and downlink ports 4 237 Port Security The priority of execution for these filtering commands is Port Security Port Authentication Network Access Web...

Страница 441: ...e the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number...

Страница 442: ...iolation to issue a trap message Related Commands shutdown 4 177 mac address table static 4 197 show mac address table 4 199 Network Access MAC Address Authentication Network Access authentication con...

Страница 443: ...mum number of secure MAC addresses supported for the switch system is 1024 Configured static MAC addresses are added to the secure address table when seen on a switch port Static addresses are treated...

Страница 444: ...count Use this command to set the maximum number of MAC addresses that can be authenticated on a port via all forms of authentication Use the no form of this command to restore the default Syntax netw...

Страница 445: ...max mac count Use this command to set the maximum number of MAC addresses that can be authenticated on a port via 802 1X authentication or MAC authentication Use the no form of this command to restor...

Страница 446: ...treated as an authentication failure If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still treated as a success and the host...

Страница 447: ...is command to restore the default value Syntax mac authentication reauth time seconds no mac authentication reauth time seconds The reauthentication time period Range 120 1000000 seconds Default Setti...

Страница 448: ...terface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 Default Setting None Command Mode Privileged Exec Example show network access Use this command to...

Страница 449: ...umber Range 1 28 sort Sorts displayed entries by either MAC address or interface Default Setting Displays all filters Command Mode Privileged Exec Command Usage When using a bit mask to filter display...

Страница 450: ...1 00 00 01 02 03 05 172 155 120 17 Dynamic 00d06h33m20s 1 1 00 00 01 02 03 06 172 155 120 17 Static 00d06h35m10s 1 3 00 00 01 02 03 07 172 155 120 17 Dynamic 00d06h34m20s Console Table 4 43 Web Authe...

Страница 451: ...gin attempts Command Mode Global Configuration Example web auth quiet period This command defines the amount of time a host must wait after exceeding the limit for failed login attempts before it may...

Страница 452: ...ed session remains valid Range 300 3600 seconds Default Setting 3600 seconds Command Mode Global Configuration Example web auth system auth control This command globally enables web authentication for...

Страница 453: ...led for web authentication to be active Example web auth re authenticate Port This command ends all web authentication sessions connected to the port and forces the users to re authenticate Syntax web...

Страница 454: ...t This is unit 1 port Port number Range 1 28 ip IPv4 formatted IP address Default Setting None Command Mode Privileged Exec Example show web auth This command displays global web authentication parame...

Страница 455: ...None Command Mode Privileged Exec Command Usage The session timeout displayed by this command is expressed in seconds Example show web auth summary This command displays a summary of web authenticati...

Страница 456: ...nabled 8 1 3 Disabled 0 1 4 Disabled 0 1 5 Disabled 0 Table 4 44 DHCP Snooping Commands Command Function Mode Page ip dhcp snooping Enables DHCP snooping globally GC 4 146 ip dhcp snooping vlan Enable...

Страница 457: ...all DHCP packets are forwarded for a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally an...

Страница 458: ...les DHCP snooping on the specified VLAN Use the no form to restore the default setting Syntax no ip dhcp snooping vlan vlan id vlan id ID of a configured VLAN Range 1 4094 Default Setting Disabled Com...

Страница 459: ...to trusted and all other ports outside the local network or firewall to untrusted When DHCP snooping ia enabled globally using the ip dhcp snooping command page 4 146 and enabled on a VLAN with ip dhc...

Страница 460: ...rification is enabled and the source MAC address in the Ethernet header of the packet is not same as the client s hardware address in the DHCP packet the packet is dropped Example This example enables...

Страница 461: ...ng is disabled The request packet contains a valid relay agent address field DHCP reply packets are flooded onto all attached VLANs other than the inbound management VLAN under the following situation...

Страница 462: ...n Example Related Commands ip dhcp snooping information option 4 150 ip dhcp snooping 4 146 show ip dhcp snooping This command shows the DHCP snooping configuration settings Command Mode Privileged Ex...

Страница 463: ...IP address and corresponding MAC address Use the no form to disable this function Syntax ip source guard sip sip mac no ip source guard sip Filters traffic based on IP addresses stored in the binding...

Страница 464: ...automatically configured with an infinite lease time Dynamic entries learned via DHCP snooping are configured by the DHCP server itself static entries include a manually configured lease time If the...

Страница 465: ...figuration Command Usage Table entries include a MAC address IP address lease time entry type Static IP SG Binding Dynamic DHCP Binding VLAN identifier and port identifier All static entries are confi...

Страница 466: ...bled or disabled on each interface Command Mode Privileged Exec Example show ip source guard binding This command shows the source guard binding table Syntax show ip source guard binding dhcp snooping...

Страница 467: ...d Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP port number and protocol type 4 157 MAC ACLs Configures ACLs based on hardware addresses packet format and Ethernet type 4...

Страница 468: ...ria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL...

Страница 469: ...es are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and...

Страница 470: ...cific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific...

Страница 471: ...address 10 7 1 2 255 255 255 0 the packet passes through This allows TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP This permit...

Страница 472: ...ing None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace...

Страница 473: ...the ACL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL before you can map CoS val...

Страница 474: ...ining the required permit or deny rules and then bind the access list to one or more ports Console show map access list ip Access list to COS of Eth 1 4 Access list ALS1 cos 0 Console Table 4 49 MAC A...

Страница 475: ...and Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one...

Страница 476: ...ny 802 3 any host source source address bitmask any host destination destination address bitmask cos cos value vid vid vid bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Etherne...

Страница 477: ...This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 4 165 show mac access list This com...

Страница 478: ...ation Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Exampl...

Страница 479: ...mum length 16 characters cos queue Port CoS queue Range 0 3 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL before you can map a CoS queue to...

Страница 480: ...ue determines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is unit 1 port Port number Command Mode Privileged Exec...

Страница 481: ...assigned to each port PE 4 171 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 16 0 255 255 240 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 a...

Страница 482: ...erface configuration IC 4 173 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 173 negotiation Enables autonegotiation of a given inter...

Страница 483: ...following example adds a description to port 24 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the def...

Страница 484: ...selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed duplex mode under auto negotiation...

Страница 485: ...t parameters to restore the default values Syntax no capabilities 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Supports 1000 Mbps full duplex operation 100full Supports 100 Mb...

Страница 486: ...n Ethernet Port Channel Command Usage Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back p...

Страница 487: ...rt a disabled interface use the no form Syntax no shutdown Default Setting All interfaces are enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you t...

Страница 488: ...d The scale and level are multiplied by one another to set the broadcast threshold For example to set a threshold of 500 Kbytes per second choose 100K for the scale and 5 for the level The specified t...

Страница 489: ...k unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This com...

Страница 490: ...displayed by this command see Displaying Connection Status on page 3 120 Example Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic Information Port Type 100TX Mac Address 00 12...

Страница 491: ...unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting Shows the counters for all interfaces Command Mode Normal Exec Privileged Exec Command Usage If n...

Страница 492: ...t 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment...

Страница 493: ...mit Shows if ingress rate limiting is enabled and the current rate limit page 4 196 Egress Rate Limit Shows if egress rate limiting is enabled and the current rate limit page 4 196 VLAN Membership Mod...

Страница 494: ...Status Shows if 802 1Q tunnel is enabled on this interface page 4 235 802 1Q tunnel Mode Shows the tunnel mode as Normal 802 1Q Tunnel or 802 1Q Tunnel Uplink page 4 235 802 1Q tunnel TPID Shows the T...

Страница 495: ...p admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the...

Страница 496: ...ll duplex and auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connect...

Страница 497: ...ership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Co...

Страница 498: ...ey Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate...

Страница 499: ...during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system...

Страница 500: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port...

Страница 501: ...er Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 4 55 show lacp counters display description Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this...

Страница 502: ...ate Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this l...

Страница 503: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Страница 504: ...ed the default mirroring is for both received and transmitted packets Console show lacp sysid Port Channel System Priority System MAC Address 1 32768 00 12 CF 8F 2C A7 2 32768 00 12 CF 8F 2C A7 3 3276...

Страница 505: ...le mirror sessions but all sessions must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following exam...

Страница 506: ...mmand define the rate limit for a specific interface Use the no form to restore the default status of disabled Syntax rate limit input output scale 1k 10k 100k 1m 10m level level no rate limit input o...

Страница 507: ...interface vlan vlan id action no mac address table static mac address vlan vlan id mac address MAC address interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel...

Страница 508: ...ce link is down Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the...

Страница 509: ...C addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted wh...

Страница 510: ...301 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac...

Страница 511: ...ng tree instance MST 4 208 name Configures the name for the multiple spanning tree MST 4 209 revision Configures the revision number for the multiple spanning tree MST 4 210 max hops Configures the ma...

Страница 512: ...in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down Example This example s...

Страница 513: ...P BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate ov...

Страница 514: ...loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hel...

Страница 515: ...t for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the...

Страница 516: ...t method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifi...

Страница 517: ...bal Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mod...

Страница 518: ...ssigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST region This switch supports up to 58 instances You should try to group VLANs which cover the same general...

Страница 519: ...cifying a priority of 16384 Example name This command configures the name for the multiple spanning tree region in which this switch is located Use the no form to clear the name Syntax name name name...

Страница 520: ...in the same region must be configured with the same MST instances Example Related Commands name 4 209 max hops This command configures the maximum number of hops in the region before a BPDU is discard...

Страница 521: ...he spanning tree algorithm for port 5 spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cos...

Страница 522: ...igher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 206 is set to short the maximum value for path cost is 65 5...

Страница 523: ...e link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands spanning tree cost 4 211 spanning...

Страница 524: ...ommand is used to enable disable the fast spanning tree mode for the selected port In this mode ports skip the Discarding and Learning states and proceed straight to Forwarding Since end nodes cannot...

Страница 525: ...l Command Usage Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or more bridges When automatic detection...

Страница 526: ...ate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 The default path co...

Страница 527: ...interface in the multiple spanning tree If the path cost for all interfaces on a switch are the same the interface with the highest priority that is lowest value will be configured as an active link i...

Страница 528: ...t Range 1 port Port number Range 1 28 port channel channel id Range 1 12 instance_id Instance identifier of the multiple spanning tree Range 0 4094 no leading zeroes Default Setting None Command Mode...

Страница 529: ...ated Root 32768 0 0000ABCD0000 Current root port 1 Current root cost 10000 Number of topology changes 1 Last topology changes time sec 22 Transmission limit 3 Path Cost Method long Eth 1 1 information...

Страница 530: ...Page GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows the configuration for bridge extension MIB 4 221 Editing VLAN Groups Sets up VLAN groups including na...

Страница 531: ...hange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the...

Страница 532: ...and enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridge ext...

Страница 533: ...sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join le...

Страница 534: ...ANs Timer values must meet the following restrictions leave 2 x join leaveall leave Note Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not...

Страница 535: ...to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show ru...

Страница 536: ...suspended Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vla...

Страница 537: ...erface configuration mode for a specified VLAN GC 4 227 switchport mode Configures VLAN membership mode for an interface IC 4 228 switchport acceptable frame types Configures frame types to be accepte...

Страница 538: ...e also transmitted as tagged frames private vlan For an explanation of this command see switchport mode private vlan on page 4 240 Default Setting All ports are in hybrid mode with the PVID set to VLA...

Страница 539: ...has ingress filtering permanently set to enabled Therefore trying to disable the filtering with the no switchport ingress filtering command will produce this error message Note Failed to ingress filt...

Страница 540: ...Command Usage Setting the native VLAN for a port can only be performed when the port is a member of the VLAN and the VLAN is untagged The no switchport native vlan command will set the native VLAN of...

Страница 541: ...port mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a...

Страница 542: ...o designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage...

Страница 543: ...le 4 70 Show VLAN Commands Command Function Mode Page show vlan Shows VLAN information NE PE 4 233 show interfaces status vlan Displays status for the specified VLAN interface NE PE 4 180 show interfa...

Страница 544: ...Configure the QinQ tunnel access port to join the SPVLAN as an untagged member switchport allowed vlan page 4 231 6 Configure the SPVLAN ID as the native VID on the QinQ tunnel access port switchport...

Страница 545: ...t1q tunnel 4 237 show interfaces switchport 4 182 switchport dot1q tunnel mode This command configures an interface as a QinQ tunnel port Use the no form to disable QinQ on the interface Syntax switch...

Страница 546: ...lation This identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 Range 0800 FFFF hexadecimal Default Setting 0x8100 Comma...

Страница 547: ...all cases the promiscuous ports are designed to provide open access to an external network such as the Internet while the community or isolated ports provide restricted access to local users Multiple...

Страница 548: ...will contain a single promiscuous port and one or more isolated ports 2 Use the switchport mode private vlan command to configure one port as promiscuous i e having access to all ports in the isolate...

Страница 549: ...ate with the promiscuous port within their own VLAN Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same community or...

Страница 550: ...for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources o...

Страница 551: ...secondary vlan id no switchport private vlan host association secondary vlan id ID of secondary i e community VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Interface Configurat...

Страница 552: ...ces outside of the group via a promiscuous port Example switchport private vlan mapping Use this command to map an interface to a primary VLAN Use the no form to remove this mapping Syntax switchport...

Страница 553: ...VLAN along with the assigned promiscuous interface and host interfaces The Primary and Secondary fields both display the isolated VLAN ID primary Displays all primary VLANs along with any assigned pr...

Страница 554: ...an protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protocol vlan protocol group command Interface Configuration mode prot...

Страница 555: ...t Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as the vlan command on page...

Страница 556: ...ng All protocol groups are displayed Command Mode Privileged Exec Example This example shows many protocol groups configured for various protocol types and frame types Console config interface etherne...

Страница 557: ...on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically...

Страница 558: ...can be detected on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the swit...

Страница 559: ...configures the Voice VLAN aging time as 3000 minutes voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Use the no form to remove an entry from the list...

Страница 560: ...s a MAC OUI to the OUI Telephony list switchport voice vlan This command specifies the Voice VLAN mode for ports Use the no form to disable the Voice VLAN feature on the port Syntax switchport voice v...

Страница 561: ...e Telephony OUI list see the voice vlan mac address command on page 4 249 MAC address OUI numbers must be configured in the Telephony OUI list so that the switch recognizes the traffic as being from a...

Страница 562: ...page 4 249 Example The following example enables security filtering on port 1 switchport voice vlan priority This command specifies a CoS priority for VoIP traffic on a port Use the no form to restore...

Страница 563: ...voice vlan status Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Eth 1 1 Auto Enable...

Страница 564: ...TL value sent in LLDP advertisements GC 4 256 medFastStartCount Configures how many medFastStart packets are transmitted GC 4 257 lldp notification interval Configures the allowed interval for sending...

Страница 565: ...ldp medtlv extpoe Configures an LLDP MED enabled port to advertise its extended Pover over Ethernet configuration and usage information IC 4 269 lldp medtlv inventory Configures an LLDP MED enabled po...

Страница 566: ...ng Syntax lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on holdtime multiplier refresh interval 65536 Range 2 10 Default Setting Holdtime multipl...

Страница 567: ...tical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service Example lldp notification interval This command configures the allowed interval for sendi...

Страница 568: ...yntax lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval at which LLDP advertisements are sent Range 5 32768 seconds Default Setting 30 seconds Command Mode Gl...

Страница 569: ...ing Syntax lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds Default Setting 2 seconds Command Mode Global Configuration Command Usage The transmit delay...

Страница 570: ...sable LLDP notifications Syntax no lldp notification Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option sends out SNMP trap notifications to d...

Страница 571: ...ons at the interval specified by the lldp notification interval command page 4 257 Trap notifications include information about state changes in the LLDP MIB IEEE 802 1AB the LLDP MED MIB ANSI TIA 105...

Страница 572: ...rdware component or protocol entity associated with this address The interface number and OID are included to assist SNMP applications to perform network discovery by indicating enterprise specific or...

Страница 573: ...asic tlv system capabilities This command configures an LLDP enabled port to advertise its system capabilities Use the no form to disable this feature Syntax no lldp basic tlv system capabilities Defa...

Страница 574: ...stem and networking software Example lldp basic tlv system name This command configures an LLDP enabled port to advertise the system name Use the no form to disable this feature Syntax no lldp basic t...

Страница 575: ...s an LLDP enabled port to advertise port related VLAN information Use the no form to disable this feature Syntax no lldp dot1 tlv proto vid Default Setting Enabled Command Mode Interface Configuration...

Страница 576: ...dot1 tlv vlan name This command configures an LLDP enabled port to advertise its VLAN name Use the no form to disable this feature Syntax no lldp dot1 tlv vlan name Default Setting Enabled Command Mo...

Страница 577: ...aggregation member Example lldp dot3 tlv mac phy This command configures an LLDP enabled port to advertise its MAC and physical layer capabilities Use the no form to disable this feature Syntax no ll...

Страница 578: ...ts Power over Ethernet PoE capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv poe Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command...

Страница 579: ...erating from primary or backup power the Endpoint Device could use this information to decide to enter power conservation mode Note that this device does not support PoE capabilities Example lldp medt...

Страница 580: ...nfigures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disable this feature Syntax no lldp medtlv med cap Default Setting Enabled Command Mode Interfa...

Страница 581: ...tion mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example show lldp config This command shows LLDP configur...

Страница 582: ...1 3 Tx Rx True Eth 1 4 Tx Rx True Eth 1 5 Tx Rx True Console show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin Status Tx Rx Notification Enabled True Basic TLVs Ad...

Страница 583: ...Name System Description Layer2 Fast Ethernet Standalone Switch 24FE 4G System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information...

Страница 584: ...12 Command Mode Privileged Exec Example Console show lldp info remote device LLDP Remote Devices Information Interface ChassisId PortId SysName Eth 1 1 00 01 02 03 04 05 00 01 02 03 04 06 Console show...

Страница 585: ...ch show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Ne...

Страница 586: ...2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 276 Priority Layer 3 and 4 Maps IP port and IP DSCP Precedence and TOS values...

Страница 587: ...figuration Command Usage The switch can be set to service the port queues based on strict priority WRR or a combination of strict and weighted queueing Strict priority requires all traffic in a higher...

Страница 588: ...priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used This switch provides eight priority...

Страница 589: ...Queue weights must be configured in ascendant manner assigning more weight to each higher numbered queue that is Q0 Q1 Q2 Q3 Example This example shows how to assign WRR weights to priority queues 0 2...

Страница 590: ...egress port Example The following example shows how to change the CoS assignments Related Commands show queue cos map 4 281 show queue mode This command shows the current queue mode Default Setting N...

Страница 591: ...ows the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Se...

Страница 592: ...3 and 4 Command Function Mode Page map ip dscp Configures IP DSCP to CoS queue mapping GC 4 282 map ip port Configures TCP port to CoS queue mapping GC 4 283 map ip precedence Configures IP precedence...

Страница 593: ...ble the feature on the switch map ip port Use this command to enable and set IP port priority mapping i e TCP UDP port priority mapping Use the no form to disable the feature or remove a settting Synt...

Страница 594: ...he default priority mapping Command Mode Global Configuration Command Usage The command map ip precedence enables the feature on the switch The command map ip precedence precedence value cos cos queue...

Страница 595: ...are defined in the following table All the TOS values not defined are mapped to CoS queue 0 Command Mode Global Configuration Command Usage The command map ip tos enables the feature on the switch The...

Страница 596: ...the IP ACL Maximum length 16 characters cos queue Port CoS queue Range 0 3 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL before you can ma...

Страница 597: ...map Syntax show map ip dscp Command Mode Privileged Exec Example Related Commands map ip dscp 4 282 show map ip port Use this command to show the IP port priority map Syntax show map ip port Command M...

Страница 598: ...tax show map ip precedence Command Mode Privileged Exec Example Related Commands map ip precedence 4 284 show map ip tos Use this command to show the IP ToS priority map Syntax show map ip tos Command...

Страница 599: ...cess list ip mac interface ip Specifies IP ACLs mac Specifies MAC ACLs interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged Exec Example Console show map ip tos...

Страница 600: ...the set command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just...

Страница 601: ...a class map class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter...

Страница 602: ...specify the fields within ingress packets that must match to qualify for this class map Only one match command can be entered per class map Example This example creates a class map call rd_class 3 an...

Страница 603: ...ssification upon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map and return to Policy Map configuration mode Syntax no class class map name...

Страница 604: ...ge 0 7 new dscp New Differentiated Service Code Point DSCP value Range 0 63 new precedence New IP Precedence value Range 0 7 Default Setting None Command Mode Policy Map Class Configuration Example Th...

Страница 605: ...tandard ACL and Extended ACL Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is by specified the burst byte field and the average rate at which...

Страница 606: ...Port Channel Command Usage You can only assign one policy map to an interface You must first define a class map then define a policy map and finally use the service policy command to bind the policy...

Страница 607: ...d Mode Privileged Exec Example show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface etherne...

Страница 608: ...oping and query settings and displays the multicast service and group members 4 298 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 303 Static Multicast Routing Config...

Страница 609: ...x no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 port Port num...

Страница 610: ...are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only enabled for IGMPv2 and or v3 including ip igmp snoop...

Страница 611: ...D 1 to 4094 Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage If immediate leave is not used a multicast router or querier will send a group specific query message when...

Страница 612: ...n multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display on...

Страница 613: ...o ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth...

Страница 614: ...client from the multicast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast cl...

Страница 615: ...igmp snooping query max response time seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 25 Default Setting 10 seconds Command Mode Global...

Страница 616: ...e the switch waits after the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 secon...

Страница 617: ...gured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known mul...

Страница 618: ...iltering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join...

Страница 619: ...ed multicast group is denied the IGMP join report is dropped IGMP filtering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups The IG...

Страница 620: ...access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multicast group falls within the controlled range When the access mode is set to deny IGM...

Страница 621: ...67295 Default Setting None Command Mode Interface Configuration Command Usage The IGMP filtering profile must first be created with the ip igmp profile command before being able to assign it to an int...

Страница 622: ...r replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast gr...

Страница 623: ...nd displays the global and interface settings for IGMP filtering Syntax show ip igmp filter interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port ch...

Страница 624: ...and displays the interface settings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel c...

Страница 625: ...he no form of this command without any keywords to globally disable MVR Use the no form with the group keyword to remove a specific address or range of addresses Or use the no form with the vlan keywo...

Страница 626: ...witchport allowed vlan command page 4 231 and switchport native vlan command page 4 230 but MVR receiver ports should not be statically configured as members of this VLAN IGMP snooping must be enabled...

Страница 627: ...r of any configured multicast group Command Mode Interface Configuration Ethernet Port Channel Command Usage A port which is not configured as an MVR receiver or source port can use IGMP snooping to j...

Страница 628: ...3 hosts can issue multicast join or leave messages Example The following configures one source port and several receiver ports on the switch enables immediate leave on one of the receiver ports and s...

Страница 629: ...s 10 Console Table 4 90 show mvr display description Field Description MVR Status Shows if MVR is globally enabled on the switch MVR running status Indicates whether or not all necessary conditions in...

Страница 630: ...0 2 INACTIVE None 225 0 0 3 INACTIVE None 225 0 0 4 INACTIVE None 225 0 0 5 INACTIVE None 225 0 0 6 INACTIVE None 225 0 0 7 INACTIVE None 225 0 0 8 INACTIVE None 225 0 0 9 INACTIVE None 225 0 0 10 IN...

Страница 631: ...dress from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configuration VLAN Command Usage You must assign an IP address to this device to gain management access o...

Страница 632: ...riginal IP address and this becomes the new management VLAN Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart 4 323 ip default gateway This...

Страница 633: ...the client will be based on this new domain Example In the following example the device is reassigned the same address Related Commands ip address 4 321 show ip interface This command displays the se...

Страница 634: ...ed because the router adds header information Default Setting count 5 size 32 Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be r...

Страница 635: ...9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 10 ms Ping statistics for 10 1 0 9 5 packets tran...

Страница 636: ...Command Line Interface 4 326 4...

Страница 637: ...SE SX LX LH 1000 Mbps at full duplex SFP Flow Control Full Duplex IEEE 802 3 2005 Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mirroring Multiple...

Страница 638: ...MON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts Switch Clustering Management Features In Band Management Telnet web based HTTP HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 D...

Страница 639: ...350 Management Information Bases Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 Entity MIB RFC 2737 Ether like MIB RFC 3635 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 F...

Страница 640: ...RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 SNMPv2 IP MIB RFC 2011 TACACS Authentication Client MIB...

Страница 641: ...of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurre...

Страница 642: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 643: ...DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP bits are ma...

Страница 644: ...s to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered en...

Страница 645: ...packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members Internet Group Management Protocol IGMP A protocol through which hosts can registe...

Страница 646: ...ntended for use with 32 bit machines and is safer than the MD4 algorithm which has been broken MD5 is a one way hash function meaning that it takes a message and converts it into a fixed string of dig...

Страница 647: ...bines several lower speed physical links Private VLANs Private VLANs provide port based security and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forward...

Страница 648: ...fers network management services Simple Network Time Protocol SNTP SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol NTP server Updates can be reque...

Страница 649: ...e access to IP like services UDP packets are delivered just like IP packets connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex to...

Страница 650: ...Glossary Glossary 8...

Страница 651: ...port required connections 2 2 CoS configuring 3 180 4 246 4 260 DSCP 3 187 IP precedence 3 190 layer 3 4 priorities 3 186 4 252 queue mapping 3 182 4 249 queue mode 3 184 4 246 traffic class weights...

Страница 652: ...uery Layer 2 3 210 4 280 snooping 3 208 4 275 snooping configuring 3 209 4 275 ingress filtering 3 153 4 227 IP address BOOTP DHCP 3 17 4 297 4 299 4 317 4 318 setting 2 4 3 15 4 297 4 317 4 318 IP pr...

Страница 653: ...g 3 180 4 246 4 260 default ingress 3 180 4 247 STA 3 133 4 211 port security configuring 3 72 4 97 port statistics 3 118 4 158 ports autonegotiation 3 101 4 152 broadcast storm threshold 3 114 4 156...

Страница 654: ...resses setting 3 122 4 175 statistics port 3 118 4 158 STP 3 129 4 201 STP Also see STA switchport dot1q ethertype 4 234 switchport mode dot1q tunnel 4 233 system clock setting 3 33 4 62 system logs 3...

Страница 655: ...Index 5 Index W Web interface access requirements 3 1 configuration buttons 3 3 home page 3 2 menu list 3 4 panel display 3 3...

Страница 656: ...Index 6 Index...

Страница 657: ......

Страница 658: ......

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды