manualshive.com logo in svg

Planet WGSD-1022, Руководство пользователя

Планета WGSD-1022 - это продукт, который обеспечивает вам высококачественные инструкции по использованию. Скачайте бесплатное руководство пользователя прямо с нашего сайта. Узнайте всю необходимую информацию о продукте, чтобы использовать его на максимуме его возможностей. Посетите manualshive.com прямо сейчас.

Поделиться
Скачать
background image

User’s Manual of WGSD-1022/WGSD-8000 

 

 

- 65 – 

 

the network administrator, or a packet assigned rate limiting restrictions for 
forwarding. The options are as follows:   

 

Permit

, by which forwards packets which meet the ACL criteria.   

 

Deny

, which drops packets which meet the ACL criteria.   

 

Shutdown

, where drops packet that meets the ACL criteria, and disables the 

port to which the packet was addressed. Ports are reactivated from the Port 
Management screen. 

 

Protocol 

By which creates an

 ACE (Access Control Event)

 based on a specific protocol 

 

Select from List 

Where selects from a protocols list on which ACE can be based. The possible field 
values are:   

 

Any

, matches the protocol to any protocol.   

 

EIGRP

, which indicates that the Enhanced Interior Gateway Routing Protocol 

(EIGRP) is used to classify network flows.   

 

ICMP

, which indicates that the Internet Control Message Protocol (ICMP) is 

used to classify network flows.   

 

IGMP

, which indicates that the Internet Group Management Protocol (IGMP) is 

used to classify network flows.   

 

TCP

, which indicates that the Transmission Control Protocol is used to classify 

network flows.   

 

OSPF

, by which matches the packet to the Open Shortest Path First (OSPF) 

protocol.  

 

UDP

, which indicates that the User Datagram Protocol is used to classify 

network flows.   

 

Protocol ID to Match

, adds user-defined protocols to which packets are 

matched to the ACE. Each protocol has a specific protocol number which is 
unique. The possible field range is 0-255. 

 

TCP Flags 

This filters packets by TCP flag. Filtered packets are either forwarded or dropped. 
Filtering packets by TCP flags increases packet control, and network security. The 
values that can be assigned are:   

 

Set

, which enables filtering packets by selected flags.   

 

Unset

, disables filtering packets by selected flags.   

 

Don’t care

, which indicates that selected packets do not influence the packet 

filtering process.   

The TCP Flags that can be selected are:   

 

Urg

, indicates the packet is urgent. 

 

Ack

, indicates the packet is acknowledged. 

 

Psh

, indicates the packet is pushed. 

 

Rst

, indicates the connection is dropped. 

 

Syn

, indicates request to start a session. 

Содержание WGSD-1022

Страница 1: ...r s Manual of WGSD 1022 WGSD 8000 1 User s Manual WGSD 1022 8 Port 10 100Mbps 2 Port Gigabit TP SFP Combo Managed Ethernet Switch WGSD 8000 8 Port 10 100 1000Mbps with 2 Shared SFP Managed Ethernet Switch ...

Страница 2: ... we would appreciate your comments and suggestions FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequ...

Страница 3: ... the SFP transceiver 22 3 CONFIGURATION 24 3 1 Management Access Overview 24 3 1 1 Administration Console 25 3 1 2 Direct Access 25 3 2 Web Management 26 3 3 SNMP Based Network Management 26 3 4 Protocols 26 3 4 1 Virtual Terminal Protocols 26 3 4 2 SNMP Protocol 26 3 4 3 Management Architecture 27 4 Web Configuration 28 4 1 Main Screen 30 4 2 Setup 31 4 2 1 Summary 31 4 2 2 Network Settings 32 4 ...

Страница 4: ...ure Sample 71 4 7 Security 75 4 7 1 ACL Binding 75 4 7 2 Radius 76 4 7 3 TACACS 78 4 7 4 802 1x settings 80 4 7 5 Port Security 84 4 7 6 Multiple Hosts 87 4 7 7 Storm control 88 4 8 QoS 89 4 8 1 CoS Settings 89 4 8 2 Queue Setting 90 4 8 3 DSCP Settings 91 4 8 4 Bandwidth 92 4 8 5 Basic Mode 94 4 8 6 Advanced Mode 94 4 9 Spanning Tree 100 4 9 1 STP Status 106 4 9 2 The Global STP 108 4 9 3 STP Por...

Страница 5: ...le Test 143 4 12 7 Save Configuration 144 4 12 8 Firmware Upgrade 146 4 12 9 Reboot 147 4 12 10 Factory Defaults 148 4 12 11 Server Logs 149 4 12 12 Memory Logs 150 4 12 13 Flash Logs 151 5 COMMAND STRUCTURE 153 5 1 Connect to PC s RS 232 serial port 153 5 2 Using the CLI 153 5 2 1 CLI Command Modes 153 5 2 2 Starting the CLI 156 5 2 3 Editing Features 157 5 3 AAA Commands 160 5 3 1 aaa authentica...

Страница 6: ...ddress table 178 5 4 14 show bridge address table static 179 5 4 15 show bridge address table count 179 5 4 16 show bridge multicast address table 180 5 4 17 show bridge multicast filtering 181 5 4 18 show ports security 182 5 5 Clock Commands 183 5 5 1 clock set 183 5 5 2 clock source 183 5 5 3 clock timezone 184 5 5 4 clock summer time 185 5 5 5 sntp authentication key 186 5 5 6 sntp authenticat...

Страница 7: ...tion 212 5 7 17 show interfaces counters 212 5 7 18 show ports jumbo frame 215 5 7 20 port storm control broadcast enable 216 5 7 21 port storm control broadcast rate 216 5 7 22 show ports storm control 217 5 8 GVRP Commands 218 5 8 1 gvrp enable global 218 5 8 2 gvrp enable interface 218 5 8 3 garp timer 219 5 8 4 gvrp vlan creation forbid 220 5 8 5 gvrp registration forbid 221 5 8 7 clear gvrp s...

Страница 8: ...imeout 237 5 11 4 show lacp ethernet 238 5 11 5 show lacp port channel 239 5 12 Line Commands 240 5 12 1 line 240 5 12 2 speed 240 5 12 3 exec timeout 241 5 12 4 show line 241 5 13 Management ACL Commands 242 5 13 1 management access list 242 5 13 2 permit management 244 5 13 3 deny management 244 5 13 4 management access class 245 5 13 5 show management access list 246 User Guidelines 246 5 13 6 ...

Страница 9: ...qos cos override 266 5 17 12 show qos map 267 5 18 Radius Commands 268 5 18 1 radius server host 268 5 18 2 radius server key 270 5 18 3 radius server retransmit 270 5 18 4 radius server source ip 271 5 18 5 radius server timeout 271 5 18 6 radius server deadtime 272 5 18 7 show radius servers 273 5 19 RMON Commands 274 5 19 1 show rmon statistics 274 5 19 2 rmon collection history 276 5 19 3 show...

Страница 10: ...anning tree cost 299 5 21 9 spanning tree port priority 300 5 21 10 spanning tree portfast 300 5 21 11 spanning tree link type 301 5 21 13 spanning tree bpdu 302 5 21 14 clear spanning tree detected protocols 303 5 21 15 show spanning tree 303 5 22 SSH and SLOGIN Commands 305 5 22 1 ip ssh port 305 5 22 2 ip ssh server 306 5 22 3 crypto key generate dsa 307 5 22 4 crypto key generate rsa 307 5 22 ...

Страница 11: ...24 10 show logging file 331 5 24 11 show syslog servers 332 5 25 TACACS Commands 333 5 25 1 tacacs server host 333 5 25 2 tacacs server key 334 5 25 3 tacacs server timeout 334 5 25 4 tacacs server source ip 335 5 25 5 show tacacs 336 5 26 User Interface Commands 337 5 26 1 enable 337 5 26 2 disable 338 5 26 3 configure 338 5 26 4 login 339 5 26 5 exit configuration 339 5 26 6 exit EXEC 340 5 26 7...

Страница 12: ...internal usage vlan 355 5 27 19 show vlan 356 5 27 20 show vlan internal usage 357 5 27 22 show interfaces switchport 357 5 28 Web Server Commands 359 5 28 1 ip http server 359 5 28 2 ip http port 359 5 28 3 ip https server 360 5 28 4 ip https port 361 5 28 5 crypto certificate generate 361 5 28 6 show ip http 362 5 28 7 show ip https 362 5 29 802 1x Commands 363 5 29 1 aaa authentication dot1x 36...

Страница 13: ...4 5 29 15 dot1x auth not req 375 5 29 17 dot1x multiple hosts 376 5 29 18 dot1x single host violation 376 5 29 19 show dot1x advanced 377 TROUBLE SHOOTING 379 APPENDEX A 380 A 1 Switch s RJ 45 Pin Assignments 380 A 2 RJ 45 cable pin assignment 380 A 3 Available Modules 382 ...

Страница 14: ... adapter x1 RS 232 console cable x 1 Rubber feet x 4 How to Use This Manual This User Manual is structured as follows Section 2 Installation The section explains the functions of the Switch and how to physically install the Switch Section 3 Configuration The section contains the information about the software function of the Switch Section 4 Web Configuration The section explains how to manage the...

Страница 15: ...t CRC filtering eliminates erroneous packets to optimize the network bandwidth 8K MAC address table automatic source address learning and ageing 1Mbit embedded memory for packet buffers Supports IEEE 802 1Q Tagged based VLAN GVRP protocol for VLAN Management Support up to 4 Trunk groups each trunk for up to maximum 4 port with 800Mbps bandwidth Duplex Mode IEEE802 1d IEEE802 1w classic Spanning Tr...

Страница 16: ...rdware Specification 10 100Base TX Ports 8 RJ 45 Auto MDI MDI X ports 10 100 1000Base T Ports 2 RJ 45 Auto MDI MDI X ports 8 RJ 45 Auto MDI MDI X ports SFP mini GBIC Slots 2 SFP interfaces Shared with Port 9 and Port 10 2 SFP interfaces Shared with Port 7 and Port 8 Switch Architecture Store and forward Switch Fabric 5 6Gbps Non Blocking 16Gbps Non Blocking Switch Throughput 4 17Mpps Wire Speed 11...

Страница 17: ...Bridge MIB RFC 2674 Extended Bridge MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB Standards Conformance Regulation Compliance FCC Part 15 Class A CE Standards Compliance IEEE802 3 10BASE T IEEE802 3u 100BASE TX 100BASE FX IEEE802 3z Gigabit SX LX IEE802 3ab Gigabit 1000T IEEE802 3x Flow Control and Back pressure IEEE802 3ad Port trunk with LACP IEEE802 1d S...

Страница 18: ...llocate more bandwidth to key traffics such as voice transmission empowering the enterprise to take full advantages of the limited network resources and guarantee the best performance PLANET WGSD Switch offers comprehensive Access Control List ACL for enforcing security to the edge Its protection mechanisms comprised of port based 802 1x user and device authentication The administrators can now co...

Страница 19: ... actively sending or receiving data over that port 100 Orange Lights to indicate the port is running in 100Mbps speed Off indicate that the port is operating at 10Mbps Per 10 100 1000Base T port SFP interfaces LED Color Function LNK ACT Green Lights to indicate the link through that port is successfully established Blink indicate that the switch is actively sending or receiving data over that port...

Страница 20: ...ch the rubber feet to the recessed areas on the bottom of the switch Step2 Place the switch on the desktop or the shelf near an AC power source Step3 Keep enough ventilation space between the switch and the surrounding objects Note When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and Specification Step4 Connect the Switch to network devic...

Страница 21: ... package Figure 2 5 shows how to attach brackets to one side of the switch Figure 2 5 Attach brackets to the switch Caution You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty Step3 Secure the brackets tightly Step4 Follow the same steps to attach the second bracket to the opposite side Step5 After the brack...

Страница 22: ...owing list of approved PLANET SFP transceivers is correct at the time of publication MGB SX SFP 1000BASE SX SFP transceiver MGB LX SFP 1000BASE LX SFP transceiver Note It recommends using PLANET SFPs on the Switch If you insert a SFP transceiver that is not supported the Switch will not recognize it Before connect the other switches workstation or Media Converter 1 Make sure both side of the SFP t...

Страница 23: ... or Media Converters set the Link mode to 1000 Force is needed Remove the transceiver module 1 Make sure there is no network activity by consult or check with the network administrator Or through the management interface of the switch converter if available to disable the port in advance 2 Remove the Fiber Optic Cable gently 3 Turn the handle of the MGB MFB module to horizontal 4 Pull out the modu...

Страница 24: ...anagement application The administration console and Web browser interface support are embedded in the switch software and are available for immediate use Each of these management methods has their own advantages Table 3 1 compares the three management methods Method Advantages Disadvantages Console No IP address or subnet needed Text based Telnet functionality and HyperTerminal built into Windows...

Страница 25: ...3 1 2 Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the switch console serial port When using this management method a null modem cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the follo...

Страница 26: ... knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets community strings for the switch are public 3 4 Protocols The switch supports the following protocols Virtual terminal protocols such as Telnet Simple Network Management Protocol SNMP 3 4 1 Virtual Terminal Protocols A virtual terminal ...

Страница 27: ...h a single MAPI configuration parameters set using one method console port for example are immediately displayable by the other management methods for example SNMP agent of Web browser The management architecture of the switch adheres to the IEEE open standard This compliance assures customers that the switch is compatible with and will interoperate with other solutions that adhere to the same ope...

Страница 28: ...en 1 and 253 with subnet mask 255 255 255 0 Or you can use the factory default IP address 192 168 1 254 to do the relative configuration on manager PC The sceen in Figure 4 1 appears Figure 4 1 Web Management via ethernet 1 Logging on the switch 1 Use Internet Explorer 5 0 or above Web browser Enter the factory default IP address to access the Web interface The factory default IP Address as follow...

Страница 29: ...sername and password the main screen appears as Figure 4 3 Figure 4 3 Web Main Screen of WGSD Switch Now you can use the Web management interface to continue the switch management or manage the switch by console interface Note It is recommended to use Internet Explore 6 0 or above to access WGSD Switch ...

Страница 30: ... use the switch s Web browser interface to con figure and manage the switch Figure 4 1 Via the Web Management the administrator can setup the WGSD Switch by select the functions those listed in the Main Function The screen in Figure 4 2 appears Figure 4 2 WGSD Switch Main Funcrions Menu The following functions can be configured here Setup Port Config VLAN Config Statistics ACL Main Functions Menu ...

Страница 31: ...ork Settings Time 4 2 1 Summary The summary screen provides Device and System Information about the Switch Figure 4 3 System Summary screen The page contains the following informations Device Information System Name Display your system name IP Address Display the current IP address of the device Subnet Mask Display the subnet mask setting of the device ...

Страница 32: ...aintenance number of the hardware Boot Version The version of boot system currently running on the switch Firmware Version The operating system currently running on the switch System Location Display where the Switch is located System Contact Display the administrative contact person System Up Time The time in days hours and minutes since the last switch reboot Current Time Specifies the time and ...

Страница 33: ...the system object identifier is in this field Base MAC Address The MAC address of the Switch displays here IP Configuration Management VLAN Where you can select the Management VLAN The default Managemanet VLAN is VLAN 1 IP Address Mode Where select Static or Dynamic IP address configuration The Default Mode is Static Host Name In this field you can enter the DHCP Host Name IP Address Enter the IP ...

Страница 34: ...domain names into IP addresses 4 2 3 Time In the Basic Setup Table you can see the Time Setup see figure 4 5 by which you can configure the time settings for the Switch You can select SNTP Servers Server1 for the primary SNTP server and Server2 for the secondary SNTP server Figure 4 5 Time screen The Time page includes the following fields Set Time Use System Time Specifies that the system time is...

Страница 35: ...urope in the format DayMonthYear in one field and time in another For example DST begins on the 25th October 2007 5 00 am the two fields will be 25Oct07 and 5 00 The possible field values are Date The date at which DST begins The possible field range is 1 31 Month The month of the year in which DST begins The possible field range is Jan Dec Year The year in which the configured DST begins Time The...

Страница 36: ...5 30 SNTP Server Server1 Enter a user defined SNTP server IP addresses or hostname Up to twot SNTP servers can be defined The primary server provides SNTP information Server2 The backup server provides SNTP information Poll Interval 60 86400 sec Defines the interval in seconds at which the SNTP server is polled for Unicast information The factory default value is 1024 Note The device supports the ...

Страница 37: ...button there is no active connection or the port has been taken offline by an Admiinistrator when you choose the Down button Speed Shows the connection speed of the port and the speed can be configured only when auto negotiation is disabled on that port Duplex The port duplex mode Full transmission occurs in both directions simultaneously or Half transmission occurs in only one direction at a time...

Страница 38: ... traffic to an uplink when a port is a Private VLAN Edge PVE port Uplinks can be ports or LAGs Detail It will open the port configuration detail screen Click the Detail button for more detail port configuration Port Configuration Detail screen see figure 4 7 Figure 4 7 Per Port Configuration detail screen The Port Configuration screen contains the following fields Port Indicates the number of the ...

Страница 39: ...ertised by the port Multiple options may be selected or Max Capability can be selected to cover all of the options The available options are Max Capability which indicates that the port speeds and duplex mode settings can be accepted 10 Half indicates that the port is advertising a 10Mbps half duplex mode setting 10 Full indicates that the port is advertising a 10Mbps full duplex mode setting 100 ...

Страница 40: ...t bypasses the Forwarding Database and forwards all unicast multicast and broadcast traffic to an uplink Uplinks can be ports or LAGs Click the Save Settings button to save your changes 4 3 2 Link Aggregation When you enter the Link Aggregation you can see these parts see figure 4 8 such as LAG shows whether the port is part of a LAG Figure 4 8 Link Aggregation screen The Link Aggregation page con...

Страница 41: ...de Full transmission occurs in both directions simultaneously or Half transmission occurs in only one direction at a time This mode can be configured only when auto negotiation is disabled and port speed is set to 10Mbps or 100Mbps Flow control Shows the flow control status of the port It is active when the port uses Full Duplex Mode LAG Mode Shows the current mode of the LAG interface Click the D...

Страница 42: ...y established on the relevant links by enabling Link Aggregation Control Protocol LACP Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed set to full duplex operation The LACP screen contains fields for configuring LACP LAG s see figure 4 9 ...

Страница 43: ...A channel will only be formed between ports having the same admin key in other words this only applies to ports located on the same switch 4 4 VLAN Configuration A Virtual LAN VLAN is a logical network grouping that limits the broadcast domain It allows you to isolate network traffic so only members of the VLAN receive traffic from the same VLAN members Basically creating a VLAN from a switch is l...

Страница 44: ... recognize VLAN tags in packet headers The tagging feature allows VLAN to span multiple 802 1Q compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in pack...

Страница 45: ...e VLAN Range Indicates a range of VLANs configured To add the defined range of VLAN ID numbers press the Add Range button VLAN Table The VLAN Table displays a list of all configured VLANs include the VLAN ID VLAN Name Status To remove a VLAN click the Remove button 4 4 2 Port setting In this port setting screen refer to figure 4 11 the parameters managing ports that are part of a VLAN will be prov...

Страница 46: ... 4094 VLAN 4095 is defined as per standard and industry practice as the discard VLAN Packets classified to the Discard VLAN are dropped Ingress Filtering Enables or disables Ingress filtering on the port Ingress filtering discards packets which do not include an ingress port LAG Indicates the LAG to which the VLAN is defined Port Mode VLAN Membership Frame Leave Access Belongs to a single untagged...

Страница 47: ...ne port that can be untagged General Which indicates the port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Tagged Defines the interface as a tagged member of a VLAN All packets forwarded by the interface are tagged The packets contain VLAN information Untagged Packets forwarded by the interface are untagged Forbidden Forbidden ports are not included in the ...

Страница 48: ...ccess mode the packet types which are accepted on the port cannot be designated Ingress filtering cannot be enabled disabled on an access port Trunk Which indicates these ports belong to VLANs in which all ports are tagged except for one port that can be untagged Join VLAN Defines the VLANs to which the interface is joined VLANs Displays the PVID tag LAG Indicates whether the port is a member of a...

Страница 49: ...ows VLAN aware bridges to automatically learn VLANs to bridge ports mapping without having to individually configure each bridge and register VLAN membership The Global System LAG information displays the same field information as the ports but represent the LAG GVRP information The GVRP screen refer to 4 15 is divided into two areas GVRP and GVRP Table The field definitions for both areas are the...

Страница 50: ...which GVRP is enabled LAG indicates the LAG number on which GVRP is enabled GVRP State When the checkbox is checked GVRP is enabled on the interface Dynamic VLAN Creation When the checkbox is checked Dynamic VLAN creation is enabled on the interface GVRP Registration When the checkbox is checked VLAN registration through GVRP is enabled on the device Update The Update button adds the configured GV...

Страница 51: ...stics are displayed The possible field values are Port defines the specific port for which RMON statistics are displayed LAG defines the specific LAG for which RMON statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are No Refresh indicates that the RMON statistics are not refreshed 15 Sec which indic...

Страница 52: ...ed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed Fragments Indicates the number of fragments packets with less than 64 octets excluding framing bits but including FCS ...

Страница 53: ...rface Displays the interface from which the history samples were taken The possible field values are Port specifies the port from which the RMON information was taken LAG specifies the port from which the RMON information was taken Sampling Interval Indicates in seconds the time that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Sampli...

Страница 54: ...Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of packets received on the interface since the device was last refreshed including bad packets Multicast and Broadcast packets Broadcast Packets Displays the number of good Br...

Страница 55: ...ince the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms 4 5 3 ...

Страница 56: ...icates there is not a saving mechanism for either the device or in the management system If the device is not reset the entry remains in the Log Table TRAP indicates that an SNMP trap is generated and sent via the Trap mechanism The Trap can also be saved using the Trap mechanism Both indicates that both the Log and Trap mechanism are used to report alarms Falling Threshold Displays the falling co...

Страница 57: ...ual of WGSD 1022 WGSD 8000 57 Interval Defines the alarm interval time in seconds Owner Dhere displays the device or user that defined the alarm Use the Add to List button when you add the RMON Alarms Table entry ...

Страница 58: ... the user defined event description Type Describes the event type Possible values are None where indicates that no event occurred Log indicates that the event is a log entry Trap indicates that the event is a trap Log and Trap indicates that the event is both a log entry and a trap Owner Where displays the device or user that defined the event Use the Add to List button when you add the configured...

Страница 59: ...re displays the time that the event occurred Press the RMON Event Log button to display the log store in the flash Only the Event type is Log or Log and Trap then the entries appear The screen in Figure 4 21 appears Figure 4 21 RMON Event Log Screen ...

Страница 60: ...network traffic Figure 4 22 Port Utilization screen The page includes the following fields Refresh Rate Indicates the amount of time that passes before the port utilization statistics are refreshed The possible field values are No Refresh indicates that the statistics are not refreshed 15 Sec indicates that the statistics are refreshed every 15 seconds 30 Sec indicates that the statistics are refr...

Страница 61: ... passes before the EAP statistics are refreshed The possible field values are No Refresh indicates that the EAP statistics are not refreshed 15 Sec which indicates that the EAP statistics are refreshed every 15 seconds 30 Sec which indicates that the EAP statistics are refreshed every 30 seconds 60 Sec which indicates that the EAP statistics are refreshed every 60 seconds Name Displays the measure...

Страница 62: ... displayed LAG indicates LAG statistics are displayed Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The possible field values are No Refresh indicates that the GVRP statistics are not refreshed 15 Sec which indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec which indicates that the GVRP statistics are refreshed every 30 seconds...

Страница 63: ...r Statistics Table contains the following fields Invalid Protocol ID Where displays the device GVRP Invalid Protocol ID statistics Invalid Attribute Type Where displays the device GVRP Invalid Attribute ID statistics Invalid Attribute Value Displays the device GVRP Invalid Attribute Value statistics Invalid Attribute Length where displays the device GVRP Invalid Attribute Length statistics Invalid...

Страница 64: ...tbound traffic Rules for the ACL are specified created using the ACL Rule Configuration menu 4 6 1 IP Based ACL The IP Based ACL Access Control List screen see figure 4 25 contains information for defining IP Based ACLs Figure 4 25 IP Base ACL screen The Page contains the following fields ACL Name Displays the user defined IP based ACLs New ACL Name Defines a new user defined IP based ACL Delete A...

Страница 65: ...nagement Protocol IGMP is used to classify network flows TCP which indicates that the Transmission Control Protocol is used to classify network flows OSPF by which matches the packet to the Open Shortest Path First OSPF protocol UDP which indicates that the User Datagram Protocol is used to classify network flows Protocol ID to Match adds user defined protocols to which packets are matched to the ...

Страница 66: ...36 184 198 and the wildcard mask is 255 36 184 00 the first eight bits of the IP address are ignored while the last eight bits are used Destination IP Address Matches the destination port IP address to which packets are addressed to the ACE Wildcard Mask Defines the destination IP address wildcard mask Match DSCP Matches the packet DSCP value to the ACE Either the DSCP value or the IP Precedence v...

Страница 67: ...e IP Address Any Destination IP Address Class C 172 16 0 0 255 255 255 0 Applied Interface Interface g1 Device Connection and Configuration Stream Target ID Source Address Destination Address Protocol Any 3 Any 172 16 0 0 255 255 255 0 Any The procedure as following Create Deny ACL and add to list 1 DENY Rule Choose New ACL Name then key in Deny IP Destination A Choose Action Deny The ACL Name can...

Страница 68: ... show at the table Create Permit ACL and add to list 5 Permit Rule Within the same ACL Deny IP Destination A choose Action Permit 6 Permit Rule Keep the Source IP Address and Wild Card Mask be blanked 7 Permit Rule Keep the Destination IP Address and Wild Card Mask be blanked 8 After click Add to List button the entry would be show at the table 9 Rember to click the Save Config button ...

Страница 69: ...L to specify interface 10 Select Security ACL Binding in the Menu bar 11 Choose Port g1 at the Interface 12 Choose IP Based ACL select ACL name with Deny Source A that we had been created at step 1 Click Add to List button the entry would be show at the table ...

Страница 70: ...0 70 4 6 3 MAC Based ACL The MAC Based ACL screen see figure 4 27 allows a MAC based ACL to be defined ACLs can be added only if the ACL is not bound to an interface Figure 4 26 MAC Base ACL screen The Page contains the following fields ...

Страница 71: ... 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important For example if the source IP address 149 36 184 198 and the wildcard mask is 255 36 184 00 the first eight bits of the IP address are ignored while the last eight bits are used Dest MAC Address Where matches the destination MAC address to which packets are addressed to the ACE Wildca...

Страница 72: ... 4F 1D 9F DE Applied Interface Interface g2 Device Connection and Configuration Setting procedure from WGSD Switch Web interface Create Deny MAC ACL and add to list 1 Please enter into Web interface and choose ACL function 2 Then choose MAC based ACL function 3 Please input a new ACL name for example Deny MAC A 4 To defined Permit Deny or Shutdown from Action item 5 Deny Rule Input Source MAC Addr...

Страница 73: ...ts be forwarded 9 Permit Rule Within the same ACL Deny MAC A choose Action Permit 10 Permit Rule Keep the Source MAC Address and Wild Card Mask be blanked 11 Permit Rule Keep the Destination MAC Address and Wild Card Mask be blanked 12 After click Add to List button the entry would be show at the table ...

Страница 74: ...ecurity ACL Binding in the Menu bar 15 Choose Port g2 from Interface item 16 Choose MAC Based ACL select ACL name with Deny MAC A that we had been created at step 1 Click Add to List button the entry would be show at the table 17 Please press Save Config to save current setting Note If action shutdown is selected the port will be force disabled ...

Страница 75: ...es that have been defined are applied to the selected interface Whenever an ACL is assigned on a port LAG or VLAN flows from that ingress interface that do not match the ACL are matched to the default rule which is Drop unmatched packets You can refer to figure 4 27 Figure 4 27 ACL Binding screen The Page contains the following fields Interface Indicates the interface to which the ACL is bound The...

Страница 76: ...ty Displays the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order Authentication Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authenticated port default is 1812 Number of Retries Defines the number of transmitted requests sent t...

Страница 77: ...he RADIUS encryption Source IP Address Defines the source IP address that is used for communication with RADIUS servers Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login indicates that the RADIUS server is used for authenticating user name and passwords 802 1X indicates that the RADIUS server is used for 802 1X authentication ...

Страница 78: ...ing fields Host IP Address Indicates the TACACS Server IP address Priority Displays the order in which the TACACS servers are used The default is 0 Source IP Address By which displays the device source IP address used for the TACACS session between the device and the TACACS server Key String This defines the authentication and encryption key for TACACS server The key must match the encryption key ...

Страница 79: ...ce and the TACACS server Not Connected there is not currently a connection between the device and the TACACS server Single Connection Maintains a single open connection between the device and the TACACS server when selected the Add to List button to add the TACACS configuration to the TACACS table at the bottom of the screen ...

Страница 80: ... the switch The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specification z Authentication server performs the actual authentication of the client The authentication server validates the identity of the client and notifies the switch whether or not the client is author...

Страница 81: ...est its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which ...

Страница 82: ...ent initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authori...

Страница 83: ...age contains the following fields Enable 802 1x Place a checkmark in the check box to enable 802 1x authentication Port Indicates the port name Status Port Control This specifies the port authorization state The possible field values are as follows Force Authorized the controlled port state is set to Force Authorized forward traffic Force Unauthorized the controlled port state is set to Force Unau...

Страница 84: ...are resent to the supplicant Range 1 65535 The field default is 30 seconds Server Timeout Which specifies the number of seconds that lapses before the switch resends a request to the authentication server Range 1 65535 The field default is 30 seconds 4 7 5 Port Security Work security screen see figure 4 32 can be increased by limiting access on a specific port only to users with specific MAC addre...

Страница 85: ...the locked port type The Learning Mode field is enabled only if Locked is selected in the Interface Status field The possible field values are Classic Lock by which locks the port using the classic lock mechanism The port is immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock which locks the port by deleting the current dynamic MAC addresses...

Страница 86: ...hout learning the MAC address Discard Disable which discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset Enable Trap This enables traps when a packet is received on a locked port Trap Frequency Which the amount of time in seconds between traps The default value is 10 seconds Note In order to change the Learning...

Страница 87: ...use port lock security on the selected port Action on Violation This defines the action to be applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Discard which discards the packets This is the default value Forward by which forwards the packet Discard Disable discards the packets and shuts down the port The p...

Страница 88: ...ling and configuring Storm Control The screen in Figure 4 34 appears Figure 4 34 Storm Control screen The Page contains the following fields Port Displays the port number for which storm control is enabled Broadcast Control This indicates whether broadcast packet types are forwarded on the specific interface Mode By which specifies the Broadcast mode currently enabled on the device The possible fi...

Страница 89: ...in the following CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as an aggregate whole with no per flow settings CoS is usually related to the 802 1p service that classifies flows according to their Layer 2 priority as set in the VLAN header QoS refers to Layer 2 traffic and above QoS handles per flow settings even within a...

Страница 90: ...s mapped Four traffic priority queues are supported The Restore Defaults button restores the device factory defaults for mapping CoS values to a forwarding queue CoS Default The Table contains the following fields Interface Interface to which the CoS configuration applies Default CoS Determines the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values...

Страница 91: ... for the selected queue is based strictly on the WRR Queue Shows the queue for which the queue settings are displayed The possible field range is 1 4 WRR Weight Which displays the WRR weights to queues Default Rate 1 2 4 8 of WRR Bandwidth Displays the amount of bandwidth assigned to the queue These values are fixed and are not user defined 6 67 13 33 26 67 53 33 4 8 3 DSCP Settings The DSCP Setti...

Страница 92: ...alue in the incoming packet Queue Maps the DSCP value to the selected queue 4 8 4 Bandwidth The Bandwidth screen refer to figure 4 38 allows network managers to define the bandwidth settings for a specified egress interface Modifying queue scheduling affects the queue settings globally The Bandwidth screen is not used with the Service mode as bandwidth settings are based on services ...

Страница 93: ...formation is displayed The possible field values are Port indicates the port for which the bandwidth settings are displayed LAG indicates the LAG for which the bandwidth settings are displayed Ingress Rate Limit Status which indicates if rate limiting is defined on the interface Rate Limit 62 1000000 Kbps Defines the amount of bandwidth assigned to the interface The possible field values are 62 10...

Страница 94: ...t Mode determines the queue to which the packet is assigned Possible values are CoS which sets trust mode to CoS on the device and the CoS mapping determined the packet queue DSCP sets trust mode to the DSCP on the device The DSCP mapping determines the packet queue 4 8 6 Advanced Mode Advanced QoS mode see figure 4 40 provides rules for specifying flow classification and assigning rule actions th...

Страница 95: ...can be attached to a port In advanced QoS mode ACLs can be applied directly to an interface in the Security ACL Binding However a policy and ACL cannot be simultaneously applied to an interface After assigning packets to a specific queue services such as configuring output queues for the scheduling scheme or configuring output shaping for burst size CIR or CBS per interface or per queue can be app...

Страница 96: ...contains the following fields DSCP In This displays the DSCP In value The value is form 0 63 DSCP Out This displays the current DSCP out value A new value can be selected from the pull down menu The Policy Settings button opens the Policy Name screen see figure 4 42 Figure 4 42 Policy Settings screen ...

Страница 97: ...g fields Policy Name defines a new Policy name Add to List this button will add the policy to the Policy Name table Select Policy which selects an existing Policy by name New Policy Name which defines a new Policy name Class Map where selects an existing Class Map by name ...

Страница 98: ... values are IP Based ACLs matches packets to IP based ACLs first then matches packets to MAC based ACLs MAC Based ACLs matches packets to MAC based ACLs first then matches packets to IP based ACLs IP ACL Matches packets to IP based ACLs first and then matches packets to MAC based ACLs Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are...

Страница 99: ... Information Rate CIR This defines the CIR in bits per second This field is only relevant when the Police value is Single Ingress Committed Burst Size CBS This defines the CBS in bytes per second This field is only relevant when the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values ...

Страница 100: ... a single switch in user specified groups Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following information is used The unique switch identifier The path cost to the root associated w...

Страница 101: ...g to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Eac...

Страница 102: ...tch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels Note On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On the port level STP sets the Root Port and t...

Страница 103: ...evaluate paths STP calculates path costs and selects the path with the minimum cost as the active path 19 100Mbps Fast Ethernet ports 4 1000Mbps Gigabit Ethernet ports Default Spanning Tree Configuration Feature Default Value Enable state STP enabled for all ports Port priority 128 Port cost 19 Bridge Priority 32 768 User Changeable STA Parameters The Switch s factory default setting should cover ...

Страница 104: ... will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in Figure 5 7 In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast...

Страница 105: ...2 LAN 3 Designated Port Root Port Root Port Designated Port Blocked After Applying the STA Rules The switch with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 4 on switch A are connected to one optional Gigabit port on both switch B and C The redundant link bet...

Страница 106: ...forwarding loops Multiple STP which provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition Multiple STP transmits packets assigned to different VLANs through different MST regions MST regions act as a single bridge 4 9 1 STP Status The STP Status screen see figure 4 45 describes the STP status on the device Figure 4 45 STP Status screen The page ...

Страница 107: ...figuration messages The default is 2 seconds The range is 1 to 10 seconds Root Forward delay sec This indicates the device forward delay time The Forward Delay Time indicates the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The default is 15 seconds The range is 4 to 30 seconds Topology Changes Counts which indicates the total amount of STP...

Страница 108: ...ere enables Multiple STP on the device BPDU Handling This determines how BPDU packets are managed when STP is disabled on the port device BPDUs are used to transmit spanning tree information The possible field values are Filtering where filters BPDU packets when spanning tree is disabled on an interface This is the default value Flooding where floods BPDU packets when spanning tree is disabled on ...

Страница 109: ... is 1 to 10 seconds Max Age Where specifies the device Maximum Age Time The Maximum Age Time indicates the amount of time in seconds a bridge waits before sending configuration messages The default max age is 20 seconds The range is 6 to 40 seconds Forward Delay This specifies the device forward delay time The Forward Delay Time indicates the amount of time in seconds a bridge remains in a listeni...

Страница 110: ...mode The port cannot forward traffic however it can learn new MAC addresses Forwarding the port that can forward traffic and learn new MAC addresses Speed Indicates the speed at which the port is operating Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path being rerouted Value Rage 1 200000...

Страница 111: ...reen 4 9 4 RSTP Port settings While the classic spanning tree prevents Layer 2 forwarding loops in a general network topology convergence can take between 30 60 seconds This time may delay detecting possible loops and propagating status topology changes Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops refer ...

Страница 112: ...a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled which indicates the port is not participating in the Spanning Tree Mode Where indicates the current Spanning Tree mode The Spanning Tree mode is selected in the Global STP screen The possible field values are Classic STP which indicates that Classic STP is enabled o...

Страница 113: ...inating PPP sends Network Control Protocols NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link or until some external event occurs This is the actua...

Страница 114: ...e Master instance The IST Master is the specified instance roo 4 9 6 MSTP Instance Settings MSTP opreation maps VLANs into STP instances see figure 4 51 Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Trees Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted In configuring MST the MST region ...

Страница 115: ...N Where maps the selected VLAN to the selected instance Each VLAN belongs to one instance Instance Settings Bridge Priority Specifies the selected spanning tree instance device priority The field range is 0 61440 Designated Root Bridge ID which indicates the ID of the bridge with the lowest path cost to the instance ID Root Port Where indicates the selected instance s root port Root Path Cost Indi...

Страница 116: ...ndicates whether the port is enabled for the specific instance Type indicates if the port is a point to point port or a port connected to a hub The possible field values are Boundary Port attaches MST bridges to LAN in an outlying region If the port is a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port where provides connec...

Страница 117: ... The range should always be 1200 000 000 Designated Bridge ID Where indicates that the bridge ID number that connects the link or shared LAN to the root Designated Port ID By which indicates that the Port ID number on the designated bridge that connects the link or the shared LAN to the root Designated Cost Indicates that the default path cost is assigned according to the method selected on the Sp...

Страница 118: ... join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes...

Страница 119: ...To turn on the IGMP Snooping select Enable of the IGMP Snooping Status field and click on the OK button to save 4 3 3 1 IGMP Configuration The switch support IP multicast you can enable IGMP protocol on web management s switch setting advanced page then display the IGMP snooping information in this page you can view difference multicast group VID and member port in here IP multicast addresses rang...

Страница 120: ...arded to the CPU The CPU analyzes the incoming packets and determines which ports want to join which Multicast groups which ports have Multicast routers generating IGMP queries which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation...

Страница 121: ...GMP group and not receiving a Join message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an immediate leave value The default timeout is 10 seconds Note IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled 4 10 2 Bridge Multicast The Bridge Mul...

Страница 122: ...lays Interface that can be added to a Multicast service The configuration options are as follows Static indicates the port is user defined Dynamic indicates the port is configured dynamically Forbidden forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group None displays the port is not configured for Multicast service LAG Displays L...

Страница 123: ...s fields 2 Check and click a port to Static to join the port to the selected Multicast group 3 Click Add to List button 4 Click the Save Config to apply the sttings 5 Select the VLAN ID to check if the entries be added The port is assigned to the Multicast group and the device is updated Assigning LAGs to Receive Multicast Service 1 Define the VLAN ID and the Bridge Multicast Address fields 2 Chec...

Страница 124: ...s are displayed This identifies a VLAN to be configured to a Multicast service Interface Displays Interface that can be added to a Multicast service The configuration options are as follows Static indicates the port is user defined Dynamic indicates the port is configured dynamically Forbidden forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a ...

Страница 125: ...r defining SNMP notification parameters Figure 4 59 SNMP Global Parameter The Global Parameter Screen contains the following fields SNMPV3 Local Engine ID Indicates the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings consists of two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID must be defined before SNM...

Страница 126: ...tates that SNMP Group A has Read Only R O access to Multicast groups while SNMP Group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID refer to figure 4 60 Figure 4 60 SNMP View screen The page contains the following fields View Name Indicates the user defined views The options are as follows Default which displays the default SNMP view fo...

Страница 127: ...ded Insert Enables a Subtree not included in the Select from List field to be entered View Type This indicates if the defined OID branch will be included or excluded in the selected SNMP view Use the button when you want to add the Views configuration to the Views Table at the bottom of the screen ...

Страница 128: ...the SNMP version attached to the group The possible field values are SNMPv1 defined for the group SNMPv2 defined for the group SNMPv3 defined for the group Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only The possible field values are No Authentication which indicates that neither the Authentication nor the Privacy security levels are assigned to...

Страница 129: ...which provides a user defined local user list Engine ID Indicates either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 User Database Local Indicates that the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive ...

Страница 130: ...AC MD5 96 or HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined If both privacy and authentication are required 32 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon Privacy Key Defines the Priva...

Страница 131: ... management station IP addresses Community String Defines the password used to authenticate the management station to the device Basic which enables SNMP Basic mode for a selected community and contains the following fields Access Mode Defines the access rights of the community The possible field values are Read Only which indicates management access is restricted to read only and changes cannot b...

Страница 132: ... screen The page contains the following fields Management Station Displays the management station IP address for which the basic SNMP community is defined Community String Displays the password used to authenticate the management station to the device Access Mode Where displays the access rights of the community View Name Displays the user defined SNMP view Advanced Table Management Station Displa...

Страница 133: ...ter screen The page contains the following fields Filter Name This contains a list of user defined notification filters New Filter Name Add a new user defined notification filter name New Object Identifier Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from...

Страница 134: ...ps are sent to specific users and the trap type sent Figure 4 66 Notification Recipient The page contains the following fields Recipient IP Which indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Traps indicates traps are sent Informs indicates informs are sent SNMP v1 2 Enables SNMP v1 2 as the Notification Recipient ...

Страница 135: ...No Authentication Indicates the packet is neither authenticated nor encrypted Authentication which indicates the packet is authenticated Privacy which indicates the packet is both authenticated and encrypted UDP Port Displays the UDP port used to send notifications The default is 162 Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined Timeout Indicates the am...

Страница 136: ...User s Manual of WGSD 1022 WGSD 8000 136 ...

Страница 137: ...atic Address Dynamic Address Logging Port Mirroting Cable Test Storm Control Save Configuration Firmware Uograde Server Logs Memory Logs Flash Logs 4 12 1 User Authentication The User Authentication screen see figure 4 68 is used to modify user passwords Figure 4 68 User Authentication screen The page contains the following fields Authentication Type Defines the user authentication methods Also yo...

Страница 138: ...firm Password This confirms the new password The password entered into this field must be exactly the same as the password entered in the Password field Use the button when you want to add the user configuration to the Local User s Table 4 12 2 Static Address A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and cannot be m...

Страница 139: ...he MAC address for which the table is queried VLAN ID which specifies the VLAN ID for which the table is queried Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table can be sorted by VLAN Address Interface Use the button to apply the static MAC address settings 4 12 3 Dynamic Address The Dynamic Address Table contains the MAC addresses learn...

Страница 140: ... Dynamic MAC Address table before it times out if no traffic from the source is detected The default value is 300 seconds Clear Table If checked clears the MAC address table Query Port Specifies the interface for which the table is queried There are two interface types from which to select Port displays the specific port number LAG displays the specific LAG number MAC Address Specifies the MAC add...

Страница 141: ...clude a message mnemonic which identifies the source application generating the message It allows messages to be filtered based on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event logging The page contains the following fields Logging Indicates if device global logs for Cache File and Server Logs are enabled Console logs are ...

Страница 142: ...User s Manual of WGSD 1022 WGSD 8000 142 Informational Provides device information Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support ...

Страница 143: ...oring screen The page contains the following fields Source Port Defines the port to which traffic is mirrored Type Indicates the port mode configuration for port mirroring The possible field values are RxOnly defines the port mirroring on receiving ports This is the default value TxOnly defines the port mirroring on transmitting ports Both which defines the port mirroring on both receiving and tra...

Страница 144: ...connected on only one side Short Cable indicates that a short has occurred in the cable Cable Fault Distance This is the distance from the port at which the cable error occurred Last Update This is the last time the port was tested Cable Length This is the approximate length of the cable The Cable Length test can be performed only when the port is up and operating at 1Gbps 4 12 7 Save Configuratio...

Страница 145: ...s that contains the source file to upgrade from Source File Specifies the name of the upgrade file on the TFTP Server Destination File Where specifies the name of the configuration file The default is StartupCfg Via HTTP This HTTP Firmware Upgrade screen is used for saving configuration information using your Web browser See figure 4 75 Figure 4 75 Save Configuration via HTTP Upgrade Select this o...

Страница 146: ... the following fields See figure 4 76 Figure 4 76 Firmware Upgrade via TFTP The page contains the following fields Via TFTP Via TFTP Defines the upgrade through a TFTP Server File Type Select file type to be upgraded through a TFTP Server The possible field values are Software Image Boot Code TFTP Server The TFTP Server IP Address that contains the source file to upgrade from Source File Specifies...

Страница 147: ...loaded Use the Proceed button to upgrade the firmware via TFTP or HHTP that be selected 4 12 9 Reboot The Reboot screen see figure 4 78 resets the device whose configuration is automatically saved before the device is rebooted Figure 4 78 Reboot screen Note There is a known issue Sometimes after the Reboot button be pressed it costs lot time to stop the curent tasks So it might be rebooted after m...

Страница 148: ... reset the device to the factory defaults settings but if you restore factory defaults results in erasing the configuration file Although restoring the factory defaults will erase your configuration you can save a backup of your current configuration settings from the Admin Save Configuration screen Figure 4 79 Factory Default screen ...

Страница 149: ...ch event logging device The following table contains the Log Severity Levels Severity Type Severity Level Description Example Emergency 0 The system is not functioning Memories overflow Alert 1 The system needs immediate attention Main system memory pool overflow Critical 2 The system is in a critical state Cannot bind to SNMP Error 3 A system error has occurred Failed to delete entry Warning 4 A ...

Страница 150: ...utilize the same facility on a server The possible field values are Local 0 Local 7 The field default is Local 7 Description Where provides a user defined server description Minimum Severity Indicates the Minimum severity from which logs are sent to the server For example if Notice is selected all logs from a Notice severity and higher are sent to the remote server If you want to add the Server Lo...

Страница 151: ...owing fields Log Index The log number in the Log File Table Log Time Specifies the time at which the log was entered in the Log File Table Severity Specifies the log severity Description The log message text 4 12 13 Flash Logs The Flash Log screen see figure 4 82 contains information about log entries saved to the Log File in FLASH the time that the log generated the log severity and description o...

Страница 152: ...User s Manual of WGSD 1022 WGSD 8000 152 Figure 4 82 Flash Logs screen ...

Страница 153: ...s When you are ready to configure the smart functions of the Switch make sure you had connected the supplied RS 232 serial cable to the RS 232 port at the front panel of your WGSW 24010 Switch and your PC 5 1 Connect to PC s RS 232 serial port Hyper Terminal In Windows 98 2000 XP launch HyperTerminal create a new connection and adjust settings as below Baud per second 38400 Data bits 8 Parity None...

Страница 154: ...e Configuration mode The Global Configuration mode manages the device configuration on a global level For specific interface configurations enter the next level the Interface Configuration Mode The Interface Configuration mode configures specific interfaces in the device User EXEC Mode After logging into the device the user is automatically in user EXEC command mode unless the user is defined as a...

Страница 155: ...mands apply to features that affect the system as a whole rather than just a specific interface The Privileged EXEC mode command configure is used to enter the Global Configuration mode The Global Configuration mode commands perform the following At the Privileged EXEC mode prompt enter the command configure and press Enter The Global Configuration mode prompt is displayed The Global Configuration...

Страница 156: ...hernet interface mode and are used to manage the member ports as a single entity The Global Configuration mode command interface port channel is used to enter the port channel Interface Configuration mode SSH Public Key chain Contains commands to manually specify other device SSH public keys The Global Configuration mode command crypto key pubkey chain ssh is used to enter the SSH Public Key chain...

Страница 157: ...tering commands the Giga ports are referred to with a prefix g and the 10 100 Mbps ports are referred to with a prefix e The ports are preceded by the unit number The unit number for a standalone device is 1 To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter console config username admin passwo...

Страница 158: ...tored in the buffer The standard number of 10 commands can be increased to 256 By configuring 0 the effect is the same as disabling the history buffer system For information about the command syntax for configuring the command history buffer see history size To display the history buffer see show history Negating the Effect of Commands For many configuration commands the prefix keyword no can ente...

Страница 159: ...equence will recall successively more recent commands Ctrl A Moves the cursor to the beginning of the command line Ctrl E Moves the cursor to the end of the command line Ctrl Z End Returns back to the Privileged EXEC mode from all modes Backspace key Moves the cursor back one space CLI Command Conventions When entering commands there are certain command entry standards which apply to all commands ...

Страница 160: ...automatically defaults to all 5 3 AAA Commands 5 3 1 aaa authentication login The aaa authentication login global configuration command defines login authentication To return to the default configuration use the no form of this command Syntax aaa authentication login default list name method1 method2 no aaa authentication login default list name Default Uses the listed authentication methods that ...

Страница 161: ...e list of methods that the authentication algorithm tries in the given sequence The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures authentication login console config ...

Страница 162: ...ation enable default enable none Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command Create a list by entering the aaa authentication enable list name method command where list name is any character string used to name this list The method argument identifies th...

Страница 163: ...gin authentication from default to another value may disconnect the telnet session Example The following example specifies the default authentication method for a remote Telnet or console console config line cnsole console config line login authentication default 5 3 4 enable authentication The enable authentication line configuration command specifies the authentication method list when accessing...

Страница 164: ...ication method1 method2 no ip http authentication method1 method2 Specify at least one from the following table Keyword Source or destination local Uses the local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is...

Страница 165: ... local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is checked This has the same effect as the command ip https authentication local Command Mode Global Configuration mode User Guidelines The additional methods...

Страница 166: ...displays the authentication configuration console show authentication methods Login Authentication Method Lists Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None Line Login Method List Enable Method List Console Console_Login Console_Enable Telnet Default Default SSH Default Default HTTP Radius local HTTPS Radius l...

Страница 167: ...ol access to normal and privilege levels To remove the password requirement use the no form of this command Syntax enable password level level password encrypted no enable password level level password Password for this level from 1 to 159 characters in length level level Level for which the password applies If not specified the level is 15 Range 1 15 encrypted Encrypted password entered copied fr...

Страница 168: ... copied from another device configuration Default Configuration The default privilege level is 1 Command Mode Global Configuration mode User Guidelines Up to 30 users can be defined on the device Example The following example configures user bob with the password lee and user level 15 to the system console config username bob password lee level 15 5 3 11 show users accounts The show users accounts...

Страница 169: ...ddress mac address ethernet interface port channel port channel number permanent delete onreset delete on timeout secure no bridge address mac address mac address A valid MAC address Interface A valid Ethernet port port channel number A valid port channel number permanent The address can only deleted by the no bridge address command delete on reset The address is deleted after reset delete on time...

Страница 170: ...ulticast filtering Default Configuration Disabled All multicast addresses are flooded to all ports of the relevant VLAN Command Mode Global Configuration mode User Guidelines If multicast routers exist on the VLAN and IGMP snooping is not enabled the bridge multicast forward all command should be used to enable forwarding all multicast packets to the multicast routers Example In this example bridg...

Страница 171: ...ration No multicast addresses are defined Command Mode Interface configuration VLAN mode User Guidelines If the command is executed without add or remove the command only registers the group in the bridge database Static multicast addresses can only be defined on static VLANs Examples The following example registers the MAC address console config interface vlan 8 console config if bridge multicast...

Страница 172: ...on port g9 within VLAN 8 console config interface vlan 8 console config if bridge multicast address 0100 5e02 0203 console config if bridge multicast forbidden address 0100 5e02 0203 add ethernet e9 3 4 5 bridge multicast forward unregistered The bridge multicast forward unregistered interface configuration command enables forwarding unregistered multicast addresses Use the no form of this command...

Страница 173: ...cast addresses port Use the no form of this command to return to default Syntax bridge multicast forbidden forward unregistered add remove ethernet interface list port channel portchannel number list no bridge multicast forbidden forward unregistered add Forbid forwarding unregistered multicast packets remove Don t forbid forwarding unregistered multicast packets interface list Separate nonconsecu...

Страница 174: ...rom the group interface list Separate non consecutive valid Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate non consecutive valid port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration Disable forward all on all ports Command Mode Interface Configuration VLAN mo...

Страница 175: ...or example forwarding to the port is not forbidden Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers multicast router ports When a multicast router port is discovered all the multicast packets are forwarded to it unconditionally This command prevents a port to be a multicast router port Example In this example forwarding all multicast packets to e6 ...

Страница 176: ...s command has no keywords or arguments Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the bridge tables are cleared console clear bridge 5 4 11 port security The port security interface configuration command locks the port By locking the port new addresses are no...

Страница 177: ...very 100 seconds on port e18 console config interface ethernet e18 console config if port security forward trap 100 5 4 12 port security routed secure address The port security routed secure address interface configuration command adds MAC layer secure addresses to a routed port Use the no form of this command to delete the MAC addresses Syntax port security routed secure address mac address no po...

Страница 178: ...le vlan vlan ethernet interface port channel port channel number vlan Specific valid VLAN such as VLAN 1 Interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all classes of entries in the b...

Страница 179: ...command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all static entries in the bridge forwarding database are displayed console show bridge address table static Aging time is 300 sec vlan mac address port type 1 0060 704C 73FF e8 permanent 1 0060 708C 73FF e8 delete on timeout 200 0010 0D48 37FF...

Страница 180: ...address table The show bridge multicast address table privileged EXEC command displays multicast MAC address table information Syntax show bridge multicast address table vlan vlan id address mac multicast address ip multicast address format ip mac vlan_id A VLAN ID value mac multicast address A MAC multicast address ip multicast address An IP multicast address format Multicast address format Can b...

Страница 181: ...4 239 130 2 2 8 static e1 8 19 224 239 130 2 2 8 dynamic e9 11 Forbidden ports for multicast addresses Vlan IP Address Ports 1 224 239 130 2 2 3 e8 19 224 239 130 2 2 8 e8 5 4 17 show bridge multicast filtering The show bridge multicast filtering privileged EXEC command displays the multicast filtering configuration Syntax show bridge multicast filtering vlan id vlan_id A valid VLAN ID value Defau...

Страница 182: ...hernet interface port channel port channel number interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all classes of entries in the port lock status are displayed console show ports securi...

Страница 183: ...conds 0 23 mm 0 59 ss 0 59 day Current day by date in the month 1 31 month Current month using the first three letters by name Jan Dec year Current year 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example sets the system time to 13 32 00 on the 7th Mar...

Страница 184: ...splay purposes To set the time to Coordinated Universal Time UTC use the no form of this command Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone hours offse t Hours difference from UTC Range 12 13 minutes minutes offse t Minutes difference from UTC Range 0 59 zone acronym The acronym of the time zone Range Up to 4 characters Default Configuration UTC Comman...

Страница 185: ...e in the command usa The summer time rules are the United States rules eu The summer time rules are the European Union rules week Week of the month Range 1 4 first last day Day of the week Range first three letters by name like sun date Date of the month Range 1 31 month Month Range first three letters by name year year no abbreviation Range 2000 2097 hh mm Time in military format in hours and min...

Страница 186: ...finishing on the last Sunday in October at 2 am Console config clock summer time recurring first sun apr 2 00 last sun oct 2 00 5 5 5 sntp authentication key The sntp authentication key global configuration command defines an authentication key for Simple Network Time Protocol SNTP To remove the authentication key for SNTP use the no form of this command Syntax sntp authentication key number md5 v...

Страница 187: ...Global Configuration mode User Guidelines The command is relevant for both unicast and broadcast Examples The following example defines the authentication key for SNTP and grants authentication cnsole config sntp authentication key 8 md5 ClkKey console config sntp trusted key 8 console config sntp authenticate 5 5 7 sntp trusted key The sntp trusted key global configuration command authenticates t...

Страница 188: ...er The sntp client poll timer global configuration command sets the polling time for the Simple Network Time Protocol SNTP client To return to default use the no form of this command Syntax sntp client poll timer seconds no sntp client poll timer seconds Polling interval in seconds Range 60 1024 Default Configuration 1024 Command Mode Global configuration mode User Guidelines There are no user gui...

Страница 189: ...e interface configuration command enables the device to receive broadcast transmissions globally and on ALL interfaces Use the sntp client enable interface configuration command to enable sntp client on specific interface Examples The following example enables the SNTP broadcast clients Console config sntp broadcast client enable 5 5 10 sntp anycast client enable The sntp anycast client enable glo...

Страница 190: ...t enable This command has no arguments or keywords Default Configuration Disabled Command Mode Interface configuration Ethernet Port Channel VLAN mode User Guidelines Use the sntp client enable global configuration command to enable broadcast clients globally Use the sntp anycast client enable global configuration command to enable anycast clients globally Examples The following example enables th...

Страница 191: ...rk Time Protocol NTP traffic from servers console config sntp unicast client enable 5 5 13 sntp unicast client poll The sntp unicast client poll global configuration command enables polling for the Simple Network Time Protocol SNTP predefined unicast clients To disable the polling for SNTP client use the no form of this command Syntax sntp unicast client poll no sntp unicast client poll This comma...

Страница 192: ...name Hostname of the server Range 1 160 characters poll Enable polling key keyed Authentication key to use when sending packets to this peer Range 1 4294967295 Default Configuration No servers are defined Command Mode Global Configuration mode User Guidelines Up to 8 sntp servers can be defined Use the sntp unicast client enables global configuration command to enable predefined unicast clients gl...

Страница 193: ...mmand Example The following example displays the time and date from the system clock Console show clock 15 29 03 Jun 17 2005 5 5 16 show sntp configuration The show sntp configuration Privileged EXEC command shows the configuration of the Simple Network Time Protocol SNTP use Syntax show sntp configuration This command has no keywords or arguments Default Configuration This command has no default ...

Страница 194: ...ast Clients Enabled Broadcast Clients Poll Enabled Broadcast Interfaces 1 1 1 3 OOB SNTP servers Server Polling Encryption Key 10 1 1 91 Enabled 9 Broadcast Clients Enabled Broadcast Clients Poll Enabled Broadcast Interfaces 1 1 1 3 5 5 17 show sntp status The show sntp status Privileged EXEC command shows the status of the Simple Network Time Protocol SNTP Syntax show sntp status This command has...

Страница 195: ... 1 8 179 Secondary Unknown AFE21789 643287C9 8 98 189 19 Broadcast Interface IP address Last response 176 1 1 8 Primary AFE252C1 6DBDDFF2 176 1 8 179 Secondary AFE21789 643287C9 5 6 Configuration and Image Files 5 6 1 copy The copy privileged EXEC command copies files from a source to a destination Syntax copy source url destination url snmp source url The source file location URL or reserved keyw...

Страница 196: ...e boot code prompts the user to initiate the Xmodem transfer of a valid image through the serial connection The image file name is in the format 6024_abcd dos where abcd represents the release number boot Boot file The name of the image is in the format 6024_boot_abcd rfb where abcd represents the release number tftp Source or destination URL for a TFTP network server The syntax for this alias is ...

Страница 197: ... copying and will ignore the command Note that this behavior occurs only at the session which initiated the copy command response to activity on other management sessions will result in a delay but will not be ignored Understanding Invalid Combinations of Source and Destination Some invalid combinations of source and destination exist Specifically the following cannot be copied If the source file ...

Страница 198: ...Configuration to the Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configuration Backup the Running Configuration or Startup Configuration to the Backup Configuration Use the copy running config file command to backup the running configuration to a backup configuration file Use the copy startup config file command to backu...

Страница 199: ... default configuration for this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the contents of the startup config file Console show startup config software version 1 1 hostname device interface ethernet 1 1 ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet 1 2 ip addres...

Страница 200: ...User s Manual of WGSD 1022 WGSD 8000 200 ...

Страница 201: ...guidelines for this command Example The following example enables ports g1 for configuration Console config interface ethernet g1 Console config if 5 7 2 interface range ethernet The interface range ethernet global configuration command enters the interface configuration mode to configure multiple Ethernet type interfaces Syntax interface range ethernet port range all port range List of valid port...

Страница 202: ... ethernet e1 e4 g1 g2 Console config if 5 7 3 shutdown The shutdown interface configuration command disables interfaces To restart a disabled interface use the no form of this command Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet port channel out of band Ethernet mode User Guidelines There are no user guidelines for this co...

Страница 203: ...ser Guidelines There are no user guidelines for this command Example The following example adds a description to the Ethernet e5 Console config interface ethernet e5 Console config if description RD_SW 3 5 7 5 speed The speed interface configuration command configures the speed of a given Ethernet interface when not using auto negotiation To restore the default use the no form of this command Synt...

Страница 204: ...peration of a given Ethernet interface when not using auto negotiation To restore the default use the no form of this command Syntax duplex half full no duplex half Force half duplex operation full Force full duplex operation Default Configuration The interface is set to full duplex Command Mode Interface Configuration Ethernet out of band Ethernet mode User Guidelines Before attempting to force a...

Страница 205: ...ational If the other side has auto negotiation turned on it may re synchronize all members of the aggregated link to half duplex operation and may as per the standards set them all inactive Example The following example enables autonegotiation on Ethernet e5 Console config interface ethernet e5 Console config if negotiation 5 7 8 flowcontrol The flowcontrol interface configuration command configur...

Страница 206: ...fig interface ethernet e5 Console config if flowcontrol on 5 7 9 mdix The mdix interface configuration command enables automatic crossover on a given interface To disable automatic crossover use the no form of this command Syntax mdix on auto no mdix on Manual mdix auto Auto mdi mdix Default Configuration Automatic crossover is enabled Command Mode Interface Configuration Ethernet mode User Guidel...

Страница 207: ... pressure no back pressure Default Configuration Back Pressure is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines Back Pressure will operate only if duplex mode is set to half Example In the following example Back Pressure is enabled on e5 Console config interface ethernet e5 Console config if back pressure 5 7 11 port jumbo frame The port jumbo frame globa...

Страница 208: ...on an interface Syntax clear counters ethernet interface port channel port channel number Interface Valid Ethernet port port channel number Valid port channel trunk index Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example In the following example the counters for interface g1 are cleared ...

Страница 209: ...ernet e5 5 7 14 show interfaces configuration The show interfaces configuration Privilege EXEC mode command displays the configuration for all configured interfaces Syntax show interfaces configuration ethernet interface port channel port channel number Interface Valid Ethernet port port channel number Valid port channel trunk index oob interface Out of band Ethernet port number Default Configurat...

Страница 210: ...nabled Off Up ch4 Enabled Off Up ch5 Enabled Off Up ch6 Enabled Off Up ch7 Enabled Off Up ch8 Enabled Off Up The displayed port configuration information includes the following Port The port number Port Type The port designated IEEE shorthand identifier For example 1000Base T refers to 1000 Mbps baseband signaling inluding both Tx and Rx transmissions Duplex Displays the port Duplex status Speed R...

Страница 211: ...ull 100 Off Off Down Disable Off e2 100 Full 100 Off Off Up Disable On Ch Type Duplex Speed Neg Flow Back Link Control Pressure State 1 1000 Full 1000 Off Off Disable Up The displayed port status information includes the following Port The port number Description If the port has a description the description is displayed Port Type The port designated IEEE shorthand identifier For example 1000Base ...

Страница 212: ...annel trunk index oob interface Out of band Ethernet port number Default Configuration This command has no default configuration Command Modes Privilege EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the description for the interface g1 Console show interfaces description ethernet g1 Port Description e1 Management_port e2 R D_port e3 ...

Страница 213: ...ser Guidelines There are no user guidelines for this command Examples The following example displays traffic seen by the physical interface Console show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts e1 183892 1289 987 8 e2 0 0 0 0 e3 123899 1788 373 19 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts e4 9188 9 8 0 e5 0 0 0 0 e6 8789 27 8 0 Ch InOctets InUcastPkts InMca...

Страница 214: ...issions 0 Late Collisions 0 Excessive Collisions 0 Internal MAC Tx Errors 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 The following table describes the fields shown in the display Field Description InOctets Counted received octets InUcastPkts Counted received unicast packets InMcastPkts Counted received multicast packets I...

Страница 215: ... Oversize Packets Counted frames received that exceed the maximum permitted frame size Internal MAC Rx Errors Counted frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames Counted MAC Control frames received with an opcode indicating the PAUSE operation Transmitted Pause Frames Counted MAC Control frames transmitted on this interface with an opcode in...

Страница 216: ...onfiguration command to set the maximum allowable broadcast rate Multicast can be counted as part of the storm frames if the port storm control include multicast global configuration command is already executed Example The following example enables broadcast storm control on port e5 Console config interface ethernet e5 Console config if port storm control broadcast enable 5 7 21 port storm control...

Страница 217: ...ple configures the maximum broadcast rate 100 kilobytes per second console config interface ethernet g2 console config if port storm control broadcast rate 100 5 7 22 show ports storm control The show ports storm control privileged EXEC command displays the storm control configuration Syntax show ports storm control ethernet interface ethernet interface A valid Ethernet port Default Configuration ...

Страница 218: ...ly The gvrp enable global configuration command enables GVRP globally To disable GVRP globally on the switch use the no form of this command Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example globally enables GVRP on the device Console co...

Страница 219: ... values use the no form of this command Syntax garp timer join leave leaveall timer_value no garp timer join Indicates the time in milliseconds that PDUs are transmitted Range 10 2147483640 leave Indicates the amount of time in milliseconds that the device waits before leaving its GARP state The Leave Time is activated by a Leave All Time message sent received and cancelled by the Join message Ran...

Страница 220: ...lliseconds Console config interface ethernet e8 Console config if garp timer leave 900 5 8 4 gvrp vlan creation forbid The gvrp vlan creation forbid interface configuration command enables or disables dynamic VLAN creation To disable dynamic VLAN creation use the no form of this command Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Default Configuration By default dynamic VLAN crea...

Страница 221: ...tion Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port e8 Console config interface ethernet e8 Console config if gvrp registration forbid 5 8 7 clear gvrp statistics The clear gvrp statistics privileged EXEC command clears all the GVRP stat...

Страница 222: ...rp configuration ethernet interface port channel port channel number interface A valid Ethernet interface port channel number A valid port channel trunk index Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to display GVRP configuration information Conso...

Страница 223: ...o user guidelines for this command Example The following example shows GVRP statistics information Console show gvrp statistics GVRP statistics rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port r...

Страница 224: ...lt Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays GVRP statistics information Console show gvrp error statistics GVRP error statistics Legend INVPROT Invalid Protocol Id INVPLEN Invalid PDU Length INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length I...

Страница 225: ...s disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables IGMP snooping Console config ip igmp snooping 5 9 2 ip igmp snooping Interface The ip igmp snooping interface configuration command enables Internet Group Management Protocol IGMP snooping on a specific VLAN To disable IGMP snooping on a VLAN interfa...

Страница 226: ...ooping mrouter learn pim dvmrp Default Configuration Automatic learning of mrouter ports is enabled Command Mode Interface Configuration VLAN mode User Guidelines Multicast router ports can be configured statically by the bridge multicast forward all command Example The following example enables automatic learning of multicast router ports on VLANs Console config interface vlan 2 Console config if...

Страница 227: ...p igmp snooping mrouter time out The ip igmp snooping mrouter time out interface configuration command configures the mrouter time out The mrouter time out command is used for setting the aging out time after multicast router ports are automatically learned To configure the default mrouter time out use the no form of this command Syntax ip igmp snooping mrouter time out time out no ip igmp snoopin...

Страница 228: ...in seconds Range 0 2147483647 immediate leave Specifies that the port should be immediately removed from the members list after receivingIGMP Leave Default Configuration The default leave time out configuration is 10 seconds Command Mode Interface Configuration VLAN mode User Guidelines The leave timeout should be set greater than the maximum time that a host is allowed to respond to an IGMP Query...

Страница 229: ...oping mrouter VLAN Ports 2 e1 5 9 8 show ip igmp snooping interface The show ip igmp snooping interface User EXEC command displays IGMP snooping configuration Syntax show ip igmp snooping interface vlan id vlan_id VLAN ID value Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The exampl...

Страница 230: ...roups learned by IGMP snooping Syntax show ip igmp snooping groups vlan vlan id address ip multicast address vlan_id VLAN ID value ip multicast address IP multicast address Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines To see the full multicast address table including static addresses use the show bridge address table command Example Th...

Страница 231: ... port channel out of band Ethernet User Guidelines An IP address cannot be configured for a range of interfaces range context Example The following example configures VLAN 1 with the IP address 131 108 1 27 and subnet mask 255 255 255 0 Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 5 10 2 ip address dhcp The ip address dhcp interface configuration command ...

Страница 232: ... name When the device is reset the DHCP command is saved in the configuration file but the IP address is not It is recommended not to define a DHCP address on an inband port or LAG If a DHCP IP address is configured this address is dynamically retrieved and the ip address dhcp command is saved in the configuration file In the event of a master failure the backup will again attempt to retrieve a DH...

Страница 233: ...sole config ip default gateway 192 168 1 1 5 10 4 show ip interface The show ip interface user EXEC command displays the usability status of interfaces configured for IP Syntax show ip interface ethernet interface number vlan vlan id port channel number ethernet interface number Ethernet port number vlan vlan id VLAN number port channel number Port channel number Default Configuration This command...

Страница 234: ...ault Configuration By default ARP is disabled Command Mode Global Configuration mode User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses into 48 bit hardware addresses Because most hosts support dynamic resolution static ARP cache entries do not need to be specified Example The following example adds the IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc ...

Страница 235: ...The following example configures ARP timeout to 12000 seconds Console config arp timeout 12000 5 10 7 clear arp cache The clear arp cache privileged EXEC command deletes all dynamic entries from the ARP cache Syntax clear arp cache Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example ...

Страница 236: ...w arp ARP timeout 60000 Seconds Interface IP address HW address status e1 10 7 1 102 00 10 B5 04 DB 4B Dynamic g2 10 7 1 135 00 50 22 00 2A A4 Static 5 11 LACP Commands 5 11 1 lacp system priority The lacp system priority global configuration command configures the system priority To reset to default use the no form of this command Syntax lacp system priority value no lacp system priority value Va...

Страница 237: ...rm of this command Syntax lacp port priority value no lacp port priority value Port priority value Range 1 65535 Default Configuration The default port priority value is 1 Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example configures the priority value for port e8 to 247 Console config interface ethernet e8...

Страница 238: ...for port e8 to a long timeout value Console config interface ethernet e8 Console config if lacp timeout long 5 11 4 show lacp ethernet The show lacp ethernet privilege EXEC command displays LACP information for Ethernet ports Syntax show lacp ethernet interface parameters statistics protocol state Interface Ethernet interface Default Configuration This command has no default configuration Command ...

Страница 239: ...annel_number The port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to display LACP port channel information Console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority 1 MAC Address 000285 0E1C00 ...

Страница 240: ... Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example configures the device as a virtual terminal for remote console access Console config line telnet Console config line 5 12 2 speed The speed line configuration command sets the line baud rate Syntax speed...

Страница 241: ... this command Syntax exec timeout minutes seconds no exec timeout minutes Integer that specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configuration mode User Guidelines To specify no timeout enter the exec timeout 0 command Examples The following example configures...

Страница 242: ... for this command Examples The following example displays the line configuration Console show line Console configuration Interactive timeout 20 History 10 Baudrate 38400 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 5 13 Management ACL Commands 5 13 1 management acce...

Страница 243: ...t the end of the access list Use the management access class command to select the active access list The active management list cannot be updated or removed Examples The following example shows how to create an access list called mlist configure two management interfaces ethernet g1 and ethernet g9 and make the access list the active list Console config management access list mlist Console config...

Страница 244: ... bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 service service Indicates service type Can be one of the following telnet ssh http https or snmp out of band eth oob interface Out of band ethernet port number Default Configuration This command has no default configuration Command Mode Management Access list Configuration mode User Gu...

Страница 245: ...This command has no default configuration Command Mode Management Access list Configuration mode User Guidelines Rules with Ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface The system supports up to 256 management access rules Example The following example shows how all ports are denied in the access list called mlist Console config ...

Страница 246: ... list privileged EXEC command displays management access lists Syntax show management access list name name Name of the access list If unspecified defaults to an empty access list Range Valid name Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the ...

Страница 247: ...nagement access class Management access class is enabled using access list mlist 5 14 PHY Diagnostics Commands 5 14 1 test copper port tdr The test copper port tdr privileged EXEC command diagnoses with TDR Time Domain Reflectometry technology the quality and characteristics of a copper cable attached to a port Syntax test copper port tdr interface interface A valid Ethernet port Default Configura...

Страница 248: ...The show copper ports tdr privileged EXEC command display the last TDR Time Domain Reflectometry tests on specified ports Syntax show copper ports tdr interface interface A valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the last...

Страница 249: ...Privileged EXEC mode User Guidelines This feature works only on 1 Gbps ports Example The following example displays the estimated copper cable length attached to all ports Console show copper ports cable length Port Length meters e1 50 e2 Giga link not active e3 110 140 e4 Fiber 5 14 4 show fiber ports optical transceiver The show fiber ports optical transceiver privileged EXEC command displays th...

Страница 250: ...OK OK OK g2 OK OK OK OK OK OK e3 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power Tx Fault Transmitter fault LOS Loss of signal Data ready Indicates transceiver has achieved power up and data is ready N A Not Available N S Not Supported W W...

Страница 251: ...annel The interface port channel global configuration command enters the interface configuration mode of a specific port channel Syntax interface port channel port channel number port channel number A valid port channel trunk index Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Seven supported aggregated links are defined and ...

Страница 252: ...s no default configuration Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range If the command returns an error on one of the interfaces it stops the execution of the command on subsequent interfaces Example The following example shows how port channels 1 2 and 8 are grouped to receive the same c...

Страница 253: ...irst port to join the LAG is one which cannot be configured according to the administrative settings of the LAG the port will nonetheless be added to the LAG using its port default settings An error message is generated however it is important to note that since it is then the ONLY port of the LAG the whole LAG at that point operates at the port s settings instead of the LAG administrative setting...

Страница 254: ...rface src interface Valid Ethernet port or port channel number rx Monitors received packets only If no option specified monitors both rx and tx tx Monitors transmitted packets only If no option specified monitors both rx and tx Default Configuration This command has no default configuration Command Mode Interface Configuration mode User Guidelines This command enables traffic on one port to be cop...

Страница 255: ...nd Note The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports Therefore multicast and broadcast frames in these VLANs are seen more than once Actually N where N is the number of mirroring source ports When both transmit Tx and receive Rx directions of more than one port are monitored the capacity may exceed the bandwidth of the target port In this case the di...

Страница 256: ...s how the port copy status is displayed Console show ports monitor Source Port Destination Port Type Status VLAN Tagging 1 1 1 8 RX TX Active No 1 2 1 8 RX TX Active No 1 18 1 8 Rx Active No 5 17 QoS Commands 5 17 1 qos The qos global configuration command enables quality of service QoS on the device and enters QoS basic or advanced mode ...

Страница 257: ...guidelines for this command However switching to Basic qos mode sets the trust mode to cos Example The following example shows how QoS is enabled on the device in basic mode Console config qos 5 17 2 show qos The show qos user EXEC command displays the QoS status Syntax show qos Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no...

Страница 258: ...value 2 select queue 2 CoS value 0 select queue 3 CoS value 3 select queue 4 CoS value 4 select queue 5 CoS value 5 select queue 6 CoS value 6 select queue 7 CoS value 7 select queue 8 Command Mode Global Configuration mode User Guidelines You can use this command to distribute traffic into different queues where each queue is configured with different weighted round robin WRR and Weighted Random ...

Страница 259: ...igure a queue as WRR or Strict Priority Use this command to set a weight per interface The ratio will be like this The ratio for each queue is defined by the queue weight divided by the sum of all queue weights i e the normalized weight This actually sets the bandwidth allocation of each queue A weight of 0 means no bandwidth is allocated for the same queue and the share bandwidth is divided among...

Страница 260: ...The expedite queues would be the queues with higher indexes The range is 1 8 Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines When configuring the priority queue out num of queues command the weighted round robin WRR weight ratios are affected because there are fewer queues participating in WRR Example The following example sets queue 7 8 ...

Страница 261: ...face their setting and the number of policers currently unused Default Configuration For VLAN interface only the policers option is relevant If no keyword is specified with the show qos interface command the port QoS mode default CoS value DSCPto DSCP mutation map if any attached to the port and policy map if any attached to the interface are displayed If a specific interface is not specified the ...

Страница 262: ...erface Ethernet g1 queuing Ethernet g1 wrr bandwidth weights and EF priority qid weights Ef Priority 1 125 dis N A 2 125 dis N A 3 125 dis N A 4 125 dis N A 5 N A ena 5 6 125 dis N A 7 125 dis N A 8 N A ena 8 Cos queue map cos qid 0 3 1 1 2 2 3 4 4 5 5 6 6 7 7 8 The following example displays output from the show qos interface g1 shapers command Console show qos interface g1 shapers Ethernet g1 Po...

Страница 263: ...mitted burst N A Exceed action N A 5 17 7 qos map dscp queue The qos map dscp queue global configuration command modifies the DSCP to queue map To return to the default map use the no form of this command Syntax qos map dscp queue dscp list to queue id no qos map dscp queue dscp list Specify up to 8 DSCP values separate each DSCP with a space Range 0 63 queue id Enter the queue number to which the...

Страница 264: ...s with the packet destination port values Default Configuration If the system is in basic mode then CoS is the default trust mode Command Mode Global Configuration mode User Guidelines This command can be used only in QoS basic mode Packets entering a quality of service QoS domain are classified at the edge of the QoS domain When the packets are classified at the edge the switch port within the Qo...

Страница 265: ... form of this command Syntax qos trust no qos trust Default Configuration Each port is enabled while the system is in basic mode Command Mode Interface Configuration Ethernet port channel mode User Guidelines Use no qos trust to disable the trust mode on each port Use qos trust to enable trust mode on each port Example The following example configures port e5 in basic mode to default trust state C...

Страница 266: ...mmand Example The following example configures port e5 default CoS value to 3 Console config interface ethernet e5 Console config if qos cos 3 5 17 11 qos cos override The qos cos override interface configuration command overrides the CoS of incoming packets To disable the override use the no form of this command Syntax qos cos override no qos cos override This command has no arguments or keywords...

Страница 267: ...tation Displays the DSCP DSCP mutation table Default Configuration This command has no default configuration Command Mode User EXEC command User Guidelines There are no user guidelines for this command Example The following example displays the DSCP port queue map console show qos map Dscp queue map d1 d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 02 02 1 02 02 02 02 02 02 03 03 03 03 2 03 03 0...

Страница 268: ... 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 5 18 Radius Commands 5 18 1 radius server host The radius server host global configuration command specifies a RADIUS server host To delete the specified RADIUS host use the no form of this com...

Страница 269: ... as request to use the IP address of the outgoing IP interface An out of band IP address can be specified as described in the usage guidelines priority Determines the order in which the servers are used where 0 is the highest priority Range 0 65535 priority Determines the order in which the servers are used where 0 is the highest priority Range 0 65535 Default Configuration By default no RADIUS ho...

Страница 270: ...racters long Default Configuration The default is an empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to abc server Console config radius server key abc server 5 18 3 radius server retransmit...

Страница 271: ...ip source no radius server ip source Specifies the source IP address Default Configuration The default IP address is the outgoing IP interface Command Mode Global Configuration mode User Guidelines To define an out of band IP address use the out of band IP address format oob ip address Example The following example configures the source IP address used for communication with RADIUS servers to 10 1...

Страница 272: ...uration command improves RADIUS response times when servers are unavailable The command is used to cause the unavailable servers to be skipped To reset the default value use the no form of this command Syntax radius server deadtime deadtime no radius server deadtime deadtime Length of time in minutes for which a RADIUS server is skipped over by transaction requests Range 0 2000 Default Configurati...

Страница 273: ...e are no user guidelines for this command Examples The following example displays the RADIUS server settings Console show radius servers Port IP address Auth Acct TimeOut Retransmit Deadtime Source IP Priority Usage 172 16 1 1 1645 1646 Global Global Global Global 1 All 172 16 1 2 1645 1646 11 8 Global Global 2 All OOB RADIUS servers Port IP address Auth Acct TimeOut Retransmit Deadtime Source IP ...

Страница 274: ... for this command Example The following example displays RMON Ethernet Statistics for port g1 Console show rmon statistics ethernet g1 Port g1 Dropped 8 Octets 878128 Packets 978 Broadcast 7 Multicast 1 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 98 65 to 127 Octets 0 128 to 255 Octets 0 256 to 511 Octets 0 512 to 1023 Octets 491 1024 to 1518 Oc...

Страница 275: ...nd either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Jabbers The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of oct...

Страница 276: ...o 50 Range 1 65535 interval seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command cannot be executed on multiple ports using the interface range ethernet command Example The following example enables ...

Страница 277: ...ld Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Requested Samples The requested number of samples to be saved Granted Samples The granted number of samples to be saved Owner The entity that configured this entry 5 19 4 show rmon history The show rmon history user EXEC command displays RMON Et...

Страница 278: ...t Sample Set 1 Owner CLI Interface g1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Octets Packets Broadcast Multicast Jan 18 2002 21 57 00 303595962 357568 3289 7287 19 98 Jan 18 2002 21 57 30 287696304 275686 2789 2789 20 17 The following example displays RMON Ethernet Statistics history for errors on index number 5 Console show rmon history 5 errors Sample Se...

Страница 279: ...ampling interval that were directed to a multicast address This number does not include packets addressed to the broadcast address Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent CRC Align The number of packets received during this sampling interval that had a length excluding framing bits but i...

Страница 280: ...segment during this sampling interval 5 19 5 rmon alarm The rmon alarm global configuration command configures alarm conditions To remove an alarm use the no form of this command Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent type type startup direction owner name no rmon alarm index index The alarm index Range 1 65535 variable The object identifier of the particular...

Страница 281: ...figuration The following parameters have the following default values type type If unspecified the type is absolute startup direction If unspecified the startup direction is rising falling Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the following alarm conditions Alarm index 1000 Variable identifier a...

Страница 282: ... 9 CLI The following table describes the significant fields shown in the display Field Description Index An index that uniquely identifies the entry OID Monitored variable OID Owner The entity that configured this entry 5 19 7 show rmon alarm The show rmon alarm user EXEC command displays alarm configuration Syntax show rmon alarm number number Alarm index Range 1 65535 Default Configuration This ...

Страница 283: ...dex Owner The entity that configured this entry Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating the value compared against the thresholds If the value is absolute the value of the variable is compared directly with the thresholds at the end of the sampling interval If...

Страница 284: ...vent use the no form of this command Syntax rmon event index type community text description text owner name no rmon event index index The event index Range 1 65535 type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent ...

Страница 285: ...ines There are no user guidelines for this command Example The following example displays the RMON event table Console show rmon events Index Description Type Community Owner Last time sent 1 Errors Log CLI Jan 18 2002 23 58 17 2 High Broadcast Log Trap router Manager Jan 18 2002 23 59 48 The following table describes the significant fields shown in the display Field Description Index An index tha...

Страница 286: ...rated any events this value is zero 5 19 10 show rmon log The show rmon log user EXEC command displays the RMON logging table Syntax show rmon log event event Event index Range 0 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON logging table...

Страница 287: ...e maximum RMON tables sizes To return to the default configuration use the no form of this command Syntax rmon table size history entries log entries no rmon table size history log history entries Maximum number of history table entries Range 20 32767 log entries Maximum number of log table entries Range 20 32767 Default Configuration History table size is 270 Log table size is 100 Command Mode Gl...

Страница 288: ...s an internal security name Maps the internal security name for SNMPv1 and SNMPv2 security models to an internal group name Maps the internal group name for SNMPv1 and SNMPv2 security models to view name read view and notify view always and for rw for write view also The group name command can be used to restrict the access rights of a community string Specifying a group name parameter does the fo...

Страница 289: ...ite access to SNMP protocol using the out of band port for 192 175 1 10 Console config snmp server community public rw 192 175 1 10 type oob 5 20 2 snmp server contact The snmp server contact global configuration command sets up a system contact To remove the system contact information use the no form of the command Syntax snmp server contact text no snmp server contact text Character string up to...

Страница 290: ...onfiguration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string Example The following example sets the device location as New_York Console config snmp server location New_York 5 20 4 snmp server enable traps The snmp server enable traps global configuration command enables the switch to send SNMP traps To disabl...

Страница 291: ...figuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example displays the command to enable authentication failed SNMP traps Console config snmp server trap authentication Console config snmp server host 10 1 1 1 management 2 5 20 6 snmp server host The snmp server host global configuration command specifies the reci...

Страница 292: ... be used if it is important that the SNMP manager receives every notification If traffic on the network or memory in the switch is a concern and notification is not required traps should be used To define an SNMP recipient on the out of band port use the out of band IP address format oob ip address Use only unicast IP addresses Example The following example enables SNMP traps for host 10 1 1 1 wit...

Страница 293: ...erver set sysName sysname abc The following example sets the entry MIB rndCommunityTable with keys 0 0 0 0 and public The field rndCommunityAccess gets the value super and the rest of the fields get their default values Console config snmp server set rndCommunityTable rndCommunityMngStationAddr 0 0 0 0 rndCommunityString public rndCommunityAccess super 5 20 8 show snmp The show snmp privileged EXE...

Страница 294: ...172 17 1 1 OOB management stations Community String Community Access IP address private read write 176 16 8 9 Traps are enabled Authentication trap is enabled Trap Rec Address Trap Rec Community Version 192 122 173 42 public 2 OOB trap receivers Trap Rec Address Trap Rec Community Version 176 16 8 9 public 2 System Contact Robert System Location Marketing ...

Страница 295: ...ration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality Console config spanning tree 5 21 2 spanning tree mode The spanning tree mode global configuration command configures the spanning tree protocol To return to the default configuration use the no form of this command Syntax spanning tree mode stp rstp no spanni...

Страница 296: ... this command Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in seconds Range 4 30 Default Configuration The default forwarding time for IEEE Spanning tree Protocol STP is 15 seconds Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures spanning tree bridge forward time to...

Страница 297: ...e to 5 seconds Console config spanning tree hello time 5 5 21 5 spanning tree max age The spanning tree max age global configuration command configures the spanning tree bridge maximum age To reset the default maximum age use the no form of this command Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 Default Configuration The default max age for IEE...

Страница 298: ...priority Priority of the bridge Range 0 61440 in steps of 4096 Default Configuration The default bridge priority for IEEE STP is 32768 Command Modes Global Configuration mode User Guidelines The lower the priority the more likely the bridge is to be the Root Bridge Example The following example configures spanning tree priority to 12288 Console config spanning tree priority 12288 5 21 7 spanning t...

Страница 299: ... interface configuration command configures the spanning tree path cost for a port To reset the default port path cost use the no form of this command Syntax spanning tree cost cost no spanning tree cost cost The port path cost Range 1 200 000 000 Default Configuration The default costs are as follows Port Channel 20 000 1000 mbps giga 20 000 100 mbps 200 000 10 mbps 2 000 000 Command Modes Interf...

Страница 300: ...lt port priority for IEEE STP is 128 Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the spanning priority on e5 to 96 Console config interface ethernet e5 Console config if spanning tree port priority 96 5 21 10 spanning tree portfast The spanning tree portfast interface configu...

Страница 301: ...mmand overrides the default link type setting To reset the default use the no form of this command Syntax spanning tree link type point to point shared no spanning tree spanning tree link type point to point Specifies the port link type as point to point shared Specifies that the port link type is shared Default Configuration The switch derives the link type of a port from the duplex mode A full d...

Страница 302: ...r Guidelines This command applies to all the spanning tree instances on the switch The priority value must be a multiple of 4096 The cost is set using the spanning tree cost command Example The following example sets the default path cost method to long Console spanning tree pathcost method long 5 21 13 spanning tree bpdu The spanning tree bpdu global configuration command defines BPDU handling wh...

Страница 303: ...switches on all interfaces or on the specified interface Syntax clear spanning tree detected protocols ethernet interface number port channel port channel number interface A valid Ethernet port port channel number A port channel index Default Configuration If no interface is specified the action is applied to all interfaces Command Modes Privileged EXEC mode User Guidelines This feature should be ...

Страница 304: ...cked ports only Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays spanning tree information Console show spanning tree Spanning tree enabled mode RSTP Default port cost method short Root ID Priority 32768 Address 0001 4297 e000 Cost 57 Port g 1 Hell...

Страница 305: ...hernet g1 Interface Port ID Cost Set Designated Port ID Name Prio Nbr Cost Bridge ID Prio Nbr g1 128 1 19 FWD 38 32768 0030 9441 62c1 128 25 Spanning tree enabled Type point to point configured auto Port Fast no configured no Number of transitions to forwarding state 1 BPDU sent 2 received 120638 5 22 SSH and SLOGIN Commands 5 22 1 ip ssh port The ip ssh port global configuration command specifies...

Страница 306: ...ommand enables the device to be configured from a SSH server To disable this function use the no form of this command Syntax ip ssh server no ip ssh server Default Configuration This default is SSH is disabled Command Mode Global Configuration mode User Guidelines If encryption keys are not generated the SSH server is in standby until the keys are generated To generate SSH server keys use the comm...

Страница 307: ...he maximum supported size for the DSA key is 1 024 This command is not saved in the startup configuration however the keys generated by this command are saved in the running configuration which is never displayed to the user or backed up to another device This command may take a considerable period of time to execute DSA key size is 2048 bits Example The following example generates DSA key pairs C...

Страница 308: ...enerates RSA key pairs Console config crypto key generate rsa 5 22 5 ip ssh pubkey auth The ip ssh pubkey auth global configuration command enables public key authentication for incoming SSH sessions To disable this function use the no form of this command Syntax ip ssh pubkey auth no ip ssh pubkey auth Default Configuration The function is disabled Command Mode Global Configuration mode User Guid...

Страница 309: ...and specifies which SSH public key is manually configured and enters the SSH public key string configuration command To remove a SSH public key use the no form of this command Syntax user key username rsa dsa no user key username username Specifies the remote SSH client username which can be up to 48 characters long rsa RSA key dsa DSA key Default Configuration By default there are no keys Command...

Страница 310: ...r Guidelines Use the key string row command to specify the SSH public key row by row Each row must begin with the keystring row command This command is useful for configuration files UU encoded DER format is the same format in authorized_keys file used by OpenSSH Example The following example enters public key strings for SSH public key clients called bob Console config crypto key pubkey chain ssh...

Страница 311: ...elines There are no user guidelines for this command Example The following example displays the SSH server configuration Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 172 16 0 1 John Brown 2 0 3 DES HMAC SH1 The following table describe...

Страница 312: ...plays the SSH public keys on the device Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C7 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yter...

Страница 313: ...le show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 john 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 The following example displays the SSH public called bob Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 5 23 System Management 5 23 1 ping The ping user EXEC command sends ICMP echo request packet...

Страница 314: ... the host does not respond a no answer from host message appears in 10 seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The switch found no corresponding entry in the route table To ping an out of band IP address use the out of band IP address format oob ip address Examples The following example displays a pi...

Страница 315: ...efault is 40 bytes ttl max ttl The default is 30 count packet_count The default count is 3 timeout time_out The default is 3 seconds Command Mode User EXEC mode User Guidelines The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its time to live TTL value The traceroute command starts by sending probe datagrams with a TTL value of one...

Страница 316: ... 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58 msec 58 msec 11 umaxp1 physics lsa umich edu 141 211 101 64 62 msec 63 msec 63 msec The following table describes the significant fields shown in the display Field Description 1 Indicates the sequence number of the router in the path to the host i2 gateway stanford edu Host name of this router 1...

Страница 317: ...and Mode User EXEC mode User Guidelines The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system specific functions To issue a special Telnet command enter Esc and then a command character If you want to login to host on the out of band port use the out of band IP address format oob ip address Special Telne...

Страница 318: ... out of band port use the out of band IP address format oob ip address Keywords Table Options Description echo Enables local echo quiet Prevents onscreen display of all messages from the software source interface Specifies the source interface stream Turns on stream processing which enables a raw TCP stream with no Telnet control sequences A stream connection does not process Telnet options and ca...

Страница 319: ...Transport Protocol 119 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 pim auto rp PIM Auto RP 496 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix to Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 Example Console telnet 176 213 10 ...

Страница 320: ...ther open Telnet session Console resume 176 213 10 50 5 23 5 reload The reload privileged EXEC command reloads the operating system Syntax reload Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device to ensure that no other activity is being performed In particular the user should veri...

Страница 321: ...command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the device host name Console config hostname abc 5 23 7 show users The show users user EXEC command displays information about the active users Syntax show users Default Configuration This command has no default configurat...

Страница 322: ...ns This command has no arguments or keywords Default Configuration There is no default configuration for this command Command Mode EXEC mode User Guidelines There are no user guidelines for this command Examples The following table describes the significant fields shown in the display Console show sessions Connection Host Address Port Byte 1 Remote router 172 16 1 1 23 89 2 172 16 1 2 172 16 1 2 2...

Страница 323: ...re no user guidelines for this command Example The following example displays the system information console show system System Description System Up Time days hour min sec 01 02 48 20 System Contact System Name System Location System MAC Address 00 03 6d 30 57 00 System Object ID 1 3 6 1 4 1 89 1 1 Temperature Indicates the temperature at which the device is currently running The device temperatu...

Страница 324: ...xample displays a system version this version number is only for demonstration purposes Console show version SW version x x x xx date xx xxx xxxx time 17 34 19 Boot version x x x xx date xx xxx xxxx time 11 48 21 HW version x x x 5 24 Syslog Commands 5 24 1 logging on The logging on global configuration command controls error messages logging This command sends debug or error messages to a logging...

Страница 325: ...syslog server To delete the syslog server with the specified address from the list of syslogs use the no form of this command Syntax logging ip address port port severity level facility facility description text no logging ip address ip address IP address of the host to be used as a syslog server An out of band IP address can be specified as described in the usage guidelines port Port number for s...

Страница 326: ...fig logging 10 1 1 1 severity critical 5 24 3 logging console The logging console global configuration command limits messages logged to the console based on severity To disable logging to the console terminal use the no form of this command Syntax logging console level no logging console level Limits the logging of messages displayed on the console to a specified level emergencies alerts critical...

Страница 327: ...yslog messages are logged to the internal buffer This command limits the commands displayed to the user Example The following example limits syslog messages displayed from an internal buffer based on the severity level debugging Console config logging buffered debugging 5 24 5 logging buffered size The logging buffered size global configuration command changes the number of syslog messages stored ...

Страница 328: ...ssages from the internal logging buffer Syntax clear logging Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears messages from the internal syslog message logging buffer Console clear logging Clear logging buffer y n y 5 24 7 logging file The logging file...

Страница 329: ...or this command Example The following example limits syslog messages sent to the logging file based on the severity level alerts Console config logging file alerts 5 24 8 clear logging file The clear logging file privileged EXEC command clears messages from the logging file Syntax clear logging file Default Configuration This command has no default configuration Command Mode Privileged EXEC mode U...

Страница 330: ...ssages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity OOB Syslog server 176 16 8 9 logging errors Messages 6 Dropped severity 2 messages were not logged resources Buffer log 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface FastEthernet g0 changed state to up 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface Ethernet g0 changed state to up 11 Aug 2002 15 41 43 LINK ...

Страница 331: ...e syslog messages stored in the logging file Console show logging file Logging is enabled Console logging level debugging Console Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors...

Страница 332: ...protocol on Interface Ethernet g2 changed state to down 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet e3 changed state to down 5 24 11 show syslog servers The show syslog servers privileged EXEC command displays the syslog servers settings Syntax show syslog servers Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User ...

Страница 333: ...unspecified the port number defaults to 49 Range 0 65535 timeout Specifies the timeout value in seconds If no timeout value is specified the global value is used Range 1 1000 key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon If no key string value is specifie...

Страница 334: ...he authentication and encryption key for all TACAS communications between the router and the TACACS server This key must match the encryption used on the TACACS daemon Range Up to 160 characters Default Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example sets the authentication encryption key...

Страница 335: ...r the communication with TACACS servers To return to default use the no form of this command Syntax tacacs server source ip source no tacacs server ip source Specifies the source IP address An out of band IP address can be specified as described in the usage guidelines Range Valid IP Address Default Configuration The IP address would be of the outgoing IP interface User Guidelines To define an out...

Страница 336: ...t configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays configuration and statistic for a TACACS server Console show tacacs IP address Status Port Single TimeOut Source IP Priority Connection 172 16 1 1 Connected 49 No Global Global 1 Global values TimeOut 3 Source IP 172 16 8 1 OOB Source IP 176 16 8 1...

Страница 337: ...e enable user EXEC command enters the privileged EXEC mode Syntax enable privilege level privilege level Privilege level to enter the system Range 1 15 Default Configuration The default privilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to enter privileged mode Console enable enter password Console...

Страница 338: ...nes for this command Example The following example shows how to return to normal mode Console disable Console 5 26 3 configure The configure privileged EXEC command enters the global configuration mode Syntax configure There are no parameters for this command Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelin...

Страница 339: ... no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to enter privileged EXEC mode and login Console login User Name admin Password Console 5 26 5 exit configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exit Default Configuration ...

Страница 340: ... EXEC command closes an active terminal session by logging off the device Syntax exit Default Configuration This command has no default configuration Command Mode User EXEC command mode User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session Console exit 5 26 7 end The end global configuration command ends the current configurat...

Страница 341: ...help The help command displays a brief description of the help system Syntax help Default Configuration This command has no default configuration Command Mode All Command modes User Guidelines There are no user guidelines for this command 5 26 9 history The history line configuration command enables the command history function To disable the command history feature use the no form of this command...

Страница 342: ...story buffer size to the default use the no form of this command Syntax history size number of commands no history size number of commands Number of commands that the system records in its history buffer Range 10 216 Default Configuration The default history buffer size is 10 Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following ex...

Страница 343: ...le The following example displays all the commands entered while in the current privileged EXEC mode Console show history show version show clock show history 5 26 13 show privilege The show privilege user EXEC command displays the current privilege level Syntax show privilege Default Configuration This command has no default configuration Command Mode User EXEC command mode User Guidelines There ...

Страница 344: ... User Guidelines There are no user guidelines for this command Example The following example enters the VLAN database mode Console config vlan database Console config vlan 5 27 2 vlan Use the vlan interface configuration VLAN command to create a VLAN To delete a VLAN use the no form of this command Syntax vlan vlan range no vlan vlan range vlan range A list of valid VLAN IDs to be added List separ...

Страница 345: ...lan vlan 1972 5 27 3 default vlan disable The default vlan disable VLAN configuration command disables the default VLAN functionality Use the no form of this command to enable the default VLAN functionality Syntax default vlan disable no default vlan disable This command has no keywords or arguments Default Configuration Enabled Command Modes Vlan configuration mode User Guidelines There are no us...

Страница 346: ...example configures the VLAN 1 IP address of 131 108 1 27 and subnet mask 255 255 255 0 Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 5 27 5 interface range vlan The interface range vlan global configuration command enters the interface configuration mode to configure multiple VLANs Syntax interface range vlan vlan range all vlan range A list of valid VLAN ...

Страница 347: ...uration command adds a name to a VLAN To remove the VLAN name use the no form of this command Syntax name string no name string Unique name up to 32 characters in length to be associated with this VLAN Default Configuration No name is defined Command Mode Interface Configuration VLAN mode User Guidelines The VLAN name should be unique Example The following example names VLAN number 19 with the nam...

Страница 348: ...uration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures e8 as an untagged layer 2 VLAN interface Console config interface ethernet e8 Console config if switchport mode access 5 27 8 switchport access vlan The switchport access vlan interface configuration command configures the VLAN ID when the interface is in access...

Страница 349: ... trunk allowed vlan add vlan list remove vlan list add vlan list List of VLAN IDs to add Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list List of VLAN IDs to remove Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designate a range of IDs Default Configuration This command has no default configuration Command Mode...

Страница 350: ...traffic sent from a trunkmode port is all tagged The command adds the port as a member in the VLAN If the port is already a member in the VLAN not as a native it should be first removed from the VLAN Example The following example e8 in trunk mode is configured to use VLAN number 123 as the native VLAN Console config interface ethernet e8 Console config if switchport trunk native vlan 123 5 27 11 s...

Страница 351: ...ed list Console config interface ethernet e8 Console config if switchport general allowed vlan add 2 5 6 tagged 5 27 12 switchport general pvid The switchport general pvid interface configuration command configures the PVID when the interface is in general mode To configure the default value use the no form of this command Syntax switchport general pvid vlan id no switchport general pvid vlan id P...

Страница 352: ...ltering is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example shows how to enables port ingress filtering on e8 Console config interface ethernet e8 Console config if switchport general ingress filtering disable 5 27 14 switchport general acceptable frame type taggedonly The switchport ...

Страница 353: ...automatically making these VLANs active on the selected ports To revert to allowing the addition of specific VLANs to the port use the remove parameter for this command Syntax switchport forbidden vlan add vlan list remove vlan list add vlan list List of VLAN IDs to add to the forbidden list Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan...

Страница 354: ...p no map protocol protocol encapsulation protocol The protocol is a protocol number or one of the reserved names The format is Hex format encapsulation One of the following values ethernet rfc1042 llcOther If no option is indicated the default is ethernet group Group number of group of protocols associated together Range 1 2147483647 Default Configuration This command has no default configuration ...

Страница 355: ...s command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example sets a protocol based classification rule of protocol group 1 to VLAN 8 Console config interface ethernet e8 Console config if switchport general map protocols group 1 vlan 8 5 27 18 ip internal usage vlan...

Страница 356: ...r dynamic VLAN he should either remove the IP interface creates the VLAN and recreate the IP interface or use this command to define explicit internal usage VLAN Examples The following example reserves a VLAN as the internal usage VLAN of an interface Console config ip internal usage vlan 10 5 27 19 show vlan The show vlan privileged EXEC command displays VLAN information Syntax show vlan tag vlan...

Страница 357: ... by the switch Syntax show vlan internal usage Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all VLAN information Console show vlan internal usage VLAN Usage IP Address Reserved 1007 g1 Active No 1008 g2 Inactive Yes 1009 e3 Active Yes 5 27 22 sho...

Страница 358: ... mode User Guidelines There are no user guidelines for this command Example The following example displays switchport configuration individually for e1 Console show interface switchport ethernet e1 Port e1 Port mode General GVRP Status disabled Ingress Filtering true Acceptable Frame Type admitAll Ingress Untagged VLAN NATIVE 1 Port is member in Vlan Name Egress rule Type 1 default untagged System...

Страница 359: ...ult configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables the device to be configured from a browser Console enable ip http server 5 28 2 ip http port The ip http port global configuration command specifies the TCP port for use by a web browser to configure the device To use the default TCP port use ...

Страница 360: ...sole config ip http port 100 5 28 3 ip https server The ip https server global configuration command enables the device to be configured from a secured browser To disable this function use the no form of this command Syntax ip https server no ip https server Default Configuration The default for the device is disabled Command Mode Global Configuration mode User Guidelines You must use the crypto c...

Страница 361: ...elines for this command Example The following example configures the https port number to 100 Console enable ip https port 100 5 28 5 crypto certificate generate The crypto certificate generate global configuration command generates a HTTPS certificate Syntax crypto certificate generate key generate length key generate Regenerate SSL RSA key length Specifies the SSL RSA key length If unspecified l...

Страница 362: ...plays the HTTP server configuration Syntax show ip http Default Configuration This command has no default configuration Command Mode Privileged EXEC command User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration Console show ip http HTTP server enable Port 80 5 28 7 show ip https The show ip http privileged EXEC command di...

Страница 363: ...n to default Syntax aaa authentication dot1x default method1 method2 no aaa authentication dot1x default method1 method2 At least one from the following table Keyword Description Radius Uses the list of all RADIUS servers for authentication None Uses no authentication Default Configuration The default behavior of the aaa authenctication for dot1 x is failed to authenticate If the 8021 x calls the ...

Страница 364: ...and Modes Global configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables 802 1x globally Console config dot1x system auto control 5 29 3 dot1x port control The dot1x port control interface configuration command enables manual control of the authorization state of the port Use the no form of this command to return to the default settin...

Страница 365: ...onfiguration force authorized Command Mode Interface configuration Ethernet User Guidelines There are no user guidelines for this command Examples The following example enables 802 1X authentication on the interface Console config interface ethernet e8 Console config if dot1x port control auto 5 29 4 dot1x re authentication The dot1x re authentication interface configuration command enables period...

Страница 366: ...re authperiod seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration 3600 Command Mode Interface configuration Ethernet mode User Guidelines There are no user guidelines for this command Examples The following example sets the number of seconds between re authentication attempts to 3600 Console config interface ethernet e8 Console config if dot1x ti...

Страница 367: ...fault setting Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds Time in seconds that the switch remains in the quiet state following a failed authentication exchange with the client Range 0 65535 seconds Default Configuration 60 Command Mode Interface configuration Ethernet User Guidelines During the quiet period the switch does not accept or initiate any authenticati...

Страница 368: ...tch should wait for a response to an EAP request identity frame from the client before resending the request Range 1 65535 seconds Default Configuration 30 Command Mode Interface configuration Ethernet Examples The following command sets the number of seconds that the switch waits for a response to an EAP request identity frame to 3600 seconds Console config interface ethernet e8 Console config if...

Страница 369: ...x max req 6 5 29 10 dot1x timeout supp timeout The dot1x timeout supp timeout interface configuration command sets the time for the retransmission of an Extensible Authentication Protocol EAP request frame to the client Use the no form of this command to return to the default setting Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout seconds Time in seconds that the switch sho...

Страница 370: ...lt setting Syntax dot1x timeout server timeout seconds no dot1x timeout server timeout seconds Time in seconds that the switch should wait for a response from the authentication server before resending the request Range 1 65535 seconds Default Configuration 30 Command Mode Interface configuration Ethernet mode User Guidelines There are no user guidelines for this command Examples The following exa...

Страница 371: ...uthorized Disabled 3600 n a e2 Force Authorized Authorized Disabled 3600 n a e3 Force Authorized Authorized Disabled 3600 n a e4 Force Authorized Authorized Disabled 3600 n a e5 Force Authorized Authorized Disabled 3600 n a e6 Force Authorized Authorized Disabled 3600 n a e7 Force Authorized Authorized Disabled 3600 n a e8 Force Authorized Authorized Disabled 3600 n a g1 Force Authorized Authorize...

Страница 372: ... current value of the Authenticator PAE state machine Quiet period The number of seconds that the switch remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the switch waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the...

Страница 373: ...name Session Time Last Auth Auth Method MAC Address Interface Bob 1d3h 58m Remote 0008 3b79 8787 1 1 John 8h19m 2m None 0008 3b89 3127 1 2 The following table describes the significant fields shown in the display Field Description Username The User Name representing the identity of the Supplicant Login Time How long the user is logged in Last Authentication Time since last authentication Authentic...

Страница 374: ...ple displays 802 1X statistics for the specified interface Switch show dot1x statistics ethernet g1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 0008 3b79 8787 The following table describes the...

Страница 375: ...henticator in which the frame type is not recognized EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame LastEapolFrameSource The source MAC address carried carried in the most recently received EAPOL frame ...

Страница 376: ...bled port In this mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized all attached clients are denied access to the network If a port would join a port channel the state would be multiple host as long as the port is member in the port channel Examples The following command allows multiple hosts clients on a...

Страница 377: ...bled and the user has been successfully authenticated Examples The following example uses the forward action to forward frames with source addresses console config if Config VLAN dot1x single host violation forward trap 100 5 29 19 show dot1x advanced The show dot1x advanced privileged EXEC command displays 802 1X advanced features for the switch or for the specified interface Syntax show dot1x ad...

Страница 378: ...erface Multiple Hosts 1 1 Disabled 1 2 Enabled console show dot1x advanced ethernet 1 1 Guest VLAN 3978 Unauthenticated VLANs 91 92 Use user attributes from Authentication Server Enabled User VLAN not created Create Interface Multiple Hosts 1 1 Disabled 1 2 Enabled Single Host Violation Discard Trap Enabled Frequency 100 Status Authorized Locked Counter 9 ...

Страница 379: ...thernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor 100Base TX port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Why the Switch do...

Страница 380: ...ts 10 100Mbps 10 100Base TX RJ 45 Connector pin assignment Contact MDI Media Dependant Interface MDI X Media Dependant Interface Cross 1 Tx transmit Rx receive 2 Tx transmit Rx receive 3 Rx receive Tx transmit 4 5 Not used 6 Rx receive Tx transmit 7 8 Not used 1000Mbps 1000Base T RJ 45 Connector pin assignment Contact MDI MDI X 1 BI_DA BI_DB 2 BI_DA BI_DB 3 BI_DB BI_DA 4 BI_DC BI_DD 5 BI_DC BI_DD ...

Страница 381: ...e 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Straight Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Strai...

Страница 382: ...FP port 1000Base LX mini GBIC module 70KM MGB L120 SFP port 1000Base LX mini GBIC module 120KM MGB LA10 SFP port 1000Base LX WDM TX 1310nm mini GBIC module 10KM MGB LB10 SFP port 1000Base LX WDM TX 1550nm mini GBIC module 10KM MGB LA20 SFP port 1000Base LX WDM TX 1310nm mini GBIC module 20KM MGB LB20 SFP port 1000Base LX WDM TX 1550nm mini GBIC module 20KM MGB LA40 SFP port 1000Base LX WDM TX 1310...

Отзывы:

Нет отзывов

Похожие инструкции для WGSD-1022

Communica CST-2042 User Manual preview
CST-2042
Бренд: Communica Страницы: 5
Lindy 32351 Manual preview
32351
Бренд: Lindy Страницы: 70
Ruby Tech Web-Smart GS-1208M Specifications preview
Web-Smart GS-1208M
Бренд: Ruby Tech Страницы: 2
Gomax MA-5288V2 User Manual preview
MA-5288V2
Бренд: Gomax Страницы: 24
C&C TECHNIC AVlink VAX-8404F User Manual preview
AVlink VAX-8404F
Бренд: C&C TECHNIC Страницы: 2
Link MX44-4KUHDE Manual preview
MX44-4KUHDE
Бренд: Link Страницы: 35
D+H GE 650 Set Original Instructions Manual preview
GE 650 Set
Бренд: D+H Страницы: 16
Black Box ServSwitch TDX User Manual preview
ServSwitch TDX
Бренд: Black Box Страницы: 21
QNAP QSW-M1208-8C Quick Installation Manual preview
QSW-M1208-8C
Бренд: QNAP Страницы: 30
EtherWAN EX17908 Series Installation Manual preview
EX17908 Series
Бренд: EtherWAN Страницы: 2
IDK FDX-32 Command Reference Manual preview
FDX-32
Бренд: IDK Страницы: 81
3Com SuperStack II 3C16671A User Manual preview
SuperStack II 3C16671A
Бренд: 3Com Страницы: 8
3Com SuperStack 4 3C16479 User Manual preview
SuperStack 4 3C16479
Бренд: 3Com Страницы: 8
Kramer VS-169TP User Manual preview
VS-169TP
Бренд: Kramer Страницы: 45
Inficon 399-001 Operating Manual preview
399-001
Бренд: Inficon Страницы: 18
showhome ZW30 Manual preview
ZW30
Бренд: showhome Страницы: 3
ShoreTel 200 Quick Install Manual preview
200
Бренд: ShoreTel Страницы: 2
Rose electronics KVM-4THD/4K Installation And Operation Manual preview
KVM-4THD/4K
Бренд: Rose electronics Страницы: 14

Бренды по названию

Популярные бренды

Загрузить еще бренды