manualshive.com logo in svg

SMC Networks 6152PL2 FICHE, Руководство по управлению


Поделиться
Скачать
background image

General Security Measures

4-191

4

ARP Inspection validates the MAC-to-IP address bindings in Address Resolution 
Protocol (ARP) packets. It protects against ARP traffic with invalid address bindings, 
which forms the basis for certain “man-in-the-middle” attacks. This is accomplished 
by intercepting all ARP requests and responses and verifying each of these packets 
before the local ARP cache is updated or the packet is forwarded to the appropriate 
destination, dropping any invalid ARP packets.

ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC 
address bindings stored in a trusted database – the DHCP snooping binding 
database. ARP Inspection can also validate ARP packets against user-configured 
ARP access control lists (ACLs) for hosts with statically configured IP addresses.

This section describes commands used to configure ARP Inspection.

This command enables ARP Inspection globally on the switch. Use the 

no

 form to 

disable this function.

Syntax 

[

no

ip arp inspection

 

Default Setting 

Disabled

Table 4-48  ARP Inspection Commands

Command

Function

Mode

Page

ip arp inspection

Enables ARP Inspection globally on the switch

GC

4-191

ip arp inspection vlan

Enables ARP Inspection for a specified VLAN or range of VLANs GC

4-192

ip arp inspection filter

Specifies an ARP ACL to apply to one or more VLANs

GC

4-193

ip arp inspection 

validate

Specifies additional validation of address components in an ARP 

packet

GC

4-194

ip arp inspection 

log-buffer logs

Sets the maximum number of entries saved in a log message, 

and the rate at these messages are sent

GC

4-195

ip arp inspection trust

Sets a port as trusted, and thus exempted from ARP Inspection IC

4-196

ip arp inspection limit

Sets a rate limit for the ARP packets received on a port

IC

4-196

show ip arp inspection 

configuration

Displays the global configuration settings for ARP Inspection

PE

4-197

show ip arp inspection 

interface

Shows the trust status and inspection rate limit for ports

PE

4-197

show ip arp inspection 

vlan

Shows configuration setting for VLANs, including ARP 

Inspection status, the ARP ACL name, and if the DHCP 

Snooping database is used after ACL validation is completed 

PE

4-198

show ip arp inspection 

log

Shows information about entries stored in the log, including the 

associated VLAN, port, and address components

PE

4-198

show ip arp inspection 

statistics

Shows statistics about the number of ARP packets processed, 

or dropped for various reasons

PE

4-199

Содержание 6152PL2 FICHE

Страница 1: ...Management Guide SMC6128PL2 SMC6152PL2 TigerSwitchTM 10 100 24 Port 10 100 Switch with PoE IP Clustering and 4 Gigabit Ports ...

Страница 2: ......

Страница 3: ...20 Mason Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions May 2009 Pub 149100000007A E052009 MW R01 ...

Страница 4: ...e is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2009 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are trademarks...

Страница 5: ...v Warranty and Product Registration To register SMC products and to review the detailed warranty statement please refer to the Support Section of the SMC Website at http www smc com ...

Страница 6: ...vi ...

Страница 7: ... your attention to related features or instructions Caution Alerts you to a potential hazard that could cause loss of data or damage the system or equipment Warning Alerts you to a potential hazard that could cause personal injury Related Publications The following publication details the hardware features of the switch including the physical and performance related characteristics and how to inst...

Страница 8: ...viii ...

Страница 9: ...ersion 1 and 2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Managing System Files 2 8 Saving Configuration Settings 2 9 Chapter 3 Configuring the Switch 3 1 Using the Web Interface 3 1 Navigating the Web Browser Interface 3 2 Home Page 3 2 Configuration Options 3 3 Panel Display 3 3 Main Menu 3 4 Basic Configuration 3 13 Displaying System Information 3 13 Displ...

Страница 10: ...g Community Access Strings 3 51 Specifying Trap Managers and Trap Types 3 52 Configuring SNMPv3 Management Access 3 55 Setting the Local Engine ID 3 55 Specifying a Remote Engine ID 3 56 Configuring SNMPv3 Users 3 57 Configuring Remote SNMPv3 Users 3 59 Configuring SNMPv3 Groups 3 61 Setting SNMPv3 Views 3 64 Sampling Traffic Flows 3 65 Configuring sFlow Global Parameters 3 66 Configuring sFlow Po...

Страница 11: ...ion Port Information 3 113 Re authenticating Web Authenticated Ports 3 113 Network Access MAC Address Authentication 3 114 Configuring the MAC Authentication Reauthentication Time 3 116 Configuring MAC Authentication for Ports 3 117 Configuring Port Link Detection 3 119 Displaying Secure MAC Address Information 3 120 MAC Filter Configuration 3 121 Access Control Lists 3 123 Setting the ACL Name an...

Страница 12: ...etting Unknown Unicast Storm Thresholds 3 175 Configuring Port Mirroring 3 177 Configuring MAC Address Mirroring 3 178 Configuring Rate Limits 3 179 Rate Limit Configuration 3 179 Showing Port Statistics 3 180 Power Over Ethernet Settings 3 184 Switch Power Status 3 185 Setting a Switch Power Budget 3 186 Displaying Port Power Status 3 186 Configuring Port PoE Power 3 187 Address Table Settings 3 ...

Страница 13: ...Ns 3 243 Configuring Protocol VLAN Groups 3 244 Mapping Protocols to VLANs 3 245 Configuring VLAN Mirroring 3 246 Configuring IP Subnet VLANs 3 247 Configuring MAC based VLANs 3 248 Link Layer Discovery Protocol 3 249 Setting LLDP Timing Attributes 3 249 Configuring LLDP Interface Attributes 3 251 Displaying LLDP Local Device Information 3 254 Displaying LLDP Remote Port Information 3 257 Displayi...

Страница 14: ...GMP Filtering and Throttling for Interfaces 3 297 Multicast VLAN Registration 3 299 Configuring Global MVR Settings 3 300 Displaying MVR Interface Status 3 302 Displaying Port Members of Multicast Groups 3 303 Configuring MVR Interface Status 3 304 Assigning Static Multicast Groups to Interfaces 3 306 Configuring MVR Receiver VLAN and Group Addresses 3 307 Displaying MVR Receiver Groups 3 308 Conf...

Страница 15: ... history 4 13 reload Privileged Exec 4 14 reload Global Configuration 4 14 show reload 4 16 prompt 4 16 end 4 16 exit 4 17 quit 4 17 System Management Commands 4 18 Device Designation Commands 4 18 hostname 4 18 Banner Information Commands 4 19 banner configure 4 20 banner configure company 4 21 banner configure dc power info 4 22 banner configure department 4 22 banner configure equipment info 4 ...

Страница 16: ...out login response 4 48 exec timeout 4 48 password thresh 4 49 silent time 4 50 databits 4 50 parity 4 51 speed 4 52 stopbits 4 52 terminal length 4 53 terminal width 4 53 terminal escape character 4 54 terminal terminal type 4 54 terminal history 4 55 disconnect 4 55 show line 4 56 Event Logging Commands 4 57 logging on 4 57 logging history 4 58 logging host 4 59 logging facility 4 59 logging tra...

Страница 17: ...clock summer time predefined 4 77 clock summer time recurring 4 78 calendar set 4 80 show calendar 4 80 Switch Cluster Commands 4 81 cluster 4 81 cluster commander 4 82 cluster ip pool 4 83 cluster member 4 83 rcommand 4 84 show cluster 4 84 show cluster members 4 85 show cluster candidates 4 85 UPnP Commands 4 85 upnp device 4 86 upnp device ttl 4 86 upnp device advertise duration 4 87 show upnp ...

Страница 18: ...count and Privilege Level Commands 4 110 username 4 110 enable password 4 111 privilege 4 112 privilege rerun 4 113 show privilege 4 113 Authentication Sequence 4 114 authentication login 4 114 authentication enable 4 115 RADIUS Client 4 116 radius server host 4 116 radius server acct port 4 117 radius server auth port 4 117 radius server key 4 118 radius server retransmit 4 118 radius server time...

Страница 19: ...rver 4 139 ip ssh timeout 4 140 ip ssh authentication retries 4 140 ip ssh server key size 4 141 delete public key 4 141 ip ssh crypto host key generate 4 142 ip ssh crypto zeroize 4 142 ip ssh save host key 4 143 show ip ssh 4 143 show ssh 4 144 show public key 4 145 802 1X Port Authentication 4 146 dot1x system auth control 4 146 dot1x default 4 147 dot1x max req 4 147 dot1x port control 4 147 d...

Страница 20: ...ccess link detection link up 4 170 network access link detection link up down 4 170 clear network access 4 171 show network access 4 171 show network access mac address table 4 172 show network access mac filter 4 173 Web Authentication 4 174 web auth login attempts 4 174 web auth quiet period 4 175 web auth session timeout 4 175 web auth system auth control 4 176 web auth 4 176 web auth re authen...

Страница 21: ...7 show ip arp inspection vlan 4 198 show ip arp inspection log 4 198 show ip arp inspection statistics 4 199 Access Control List Commands 4 199 IPv4 ACLs 4 200 access list rule mode 4 200 access list ip 4 201 permit deny Standard IPv4 ACL 4 202 permit deny Extended IPv4 ACL 4 203 show ip access list 4 205 ip access group 4 205 show ip access group 4 206 IPv6 ACLs 4 206 access list ipv6 4 207 permi...

Страница 22: ...ntrol alarm clear threshold 4 240 auto traffic control action 4 241 auto traffic control control release 4 242 snmp server enable port traps atc broadcast alarm fire 4 242 snmp server enable port traps atc multicast alarm fire 4 243 snmp server enable port traps atc broadcast alarm clear 4 243 snmp server enable port traps atc multicast alarm clear 4 244 snmp server enable port traps atc broadcast...

Страница 23: ...address table aging time 4 272 show mac address table aging time 4 272 Spanning Tree Commands 4 274 spanning tree 4 275 spanning tree mode 4 276 spanning tree forward time 4 277 spanning tree hello time 4 277 spanning tree max age 4 278 spanning tree priority 4 279 spanning tree system bpdu flooding 4 279 spanning tree pathcost method 4 280 spanning tree transmission limit 4 280 spanning tree mst ...

Страница 24: ...w garp timer 4 303 Editing VLAN Groups 4 304 vlan database 4 304 vlan 4 305 Configuring VLAN Interfaces 4 306 interface vlan 4 306 switchport mode 4 307 switchport acceptable frame types 4 308 switchport ingress filtering 4 308 switchport native vlan 4 309 switchport allowed vlan 4 310 switchport forbidden vlan 4 311 vlan trunking 4 311 Displaying VLAN Information 4 313 show vlan 4 313 Configuring...

Страница 25: ... vlan 4 334 voice vlan aging 4 335 voice vlan mac address 4 336 switchport voice vlan 4 337 switchport voice vlan rule 4 337 switchport voice vlan security 4 338 switchport voice vlan priority 4 339 show voice vlan 4 339 LLDP Commands 4 341 lldp 4 343 lldp holdtime multiplier 4 343 lldp medFastStartCount 4 344 lldp notification interval 4 344 lldp refresh interval 4 345 lldp reinit delay 4 345 lld...

Страница 26: ...queue cos map 4 365 show queue mode 4 366 show queue bandwidth 4 366 show queue cos map 4 367 Priority Commands Layer 3 and 4 4 368 map ip dscp Global Configuration 4 368 map ip dscp Interface Configuration 4 368 show map ip dscp 4 370 Quality of Service Commands 4 371 class map 4 372 match 4 373 rename 4 374 description 4 374 policy map 4 375 police 4 375 set 4 376 police 4 377 service policy 4 3...

Страница 27: ...ermit deny 4 392 range 4 393 ip igmp filter Interface Configuration 4 393 ip igmp max groups 4 394 ip igmp max groups action 4 395 show ip igmp filter 4 395 show ip igmp profile 4 396 show ip igmp throttle interface 4 396 Multicast VLAN Registration Commands 4 397 mvr Global Configuration 4 398 mvr Interface Configuration 4 400 show mvr 4 402 Domain Name Service Commands 4 405 ip host 4 405 clear ...

Страница 28: ...ware Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3 Appendix B Troubleshooting B 1 Problems Accessing the Management Interface B 1 Using System Logs B 2 Glossary Index ...

Страница 29: ...3 17 Port ID Subtype 3 258 Table 3 18 Mapping CoS Values to Egress Queues 3 265 Table 3 19 CoS Priority Levels 3 265 Table 3 20 Mapping DSCP Priority Values 3 270 Table 4 1 Command Modes 4 6 Table 4 2 Configuration Modes 4 8 Table 4 3 Command Line Processing 4 9 Table 4 4 Command Groups 4 10 Table 4 5 General Commands 4 11 Table 4 6 System Management Commands 4 18 Table 4 7 Device Designation Comm...

Страница 30: ... 4 158 Table 4 42 Port Security Commands 4 159 Table 4 43 Network Access 4 161 Table 4 44 Dynamic QoS Profiles 4 168 Table 4 45 Web Authentication 4 174 Table 4 46 DHCP Snooping Commands 4 179 Table 4 47 IP Source Guard Commands 4 187 Table 4 48 ARP Inspection Commands 4 191 Table 4 49 Access Control Lists 4 199 Table 4 50 IPv4 ACL Commands 4 200 Table 4 52 ARP ACL Commands 4 212 Table 4 53 MAC AC...

Страница 31: ...ds 4 363 Table 4 88 Priority Commands Layer 2 4 363 Table 4 89 Default CoS Values to Egress Queues 4 365 Table 4 90 Priority Commands Layer 3 and 4 4 368 Table 4 91 IP DSCP to CoS Vales 4 369 Table 4 92 Quality of Service Commands 4 371 Table 4 93 Multicast Filtering Commands 4 380 Table 4 94 IGMP Snooping Commands 4 380 Table 4 95 IGMP Query Commands Layer 2 4 385 Table 4 96 Static Multicast Rout...

Страница 32: ...Tables xxxii ...

Страница 33: ... 19 System Logs 3 37 Figure 3 20 Remote Logs 3 38 Figure 3 21 Displaying Logs 3 39 Figure 3 22 Enabling and Configuring SMTP 3 40 Figure 3 23 Resetting the System 3 42 Figure 3 24 Current Time Configuration 3 43 Figure 3 25 SNTP Configuration 3 44 Figure 3 26 NTP Client Configuration 3 45 Figure 3 27 Setting the System Clock 3 47 Figure 3 28 Summer Time 3 49 Figure 3 29 Enabling SNMP Agent Status ...

Страница 34: ...re 3 65 Web Authentication Configuration 3 111 Figure 3 66 Web Authentication Port Configuration 3 112 Figure 3 67 Web Authentication Port Information 3 113 Figure 3 68 Web Authentication Port Re authentication 3 114 Figure 3 69 Network Access Configuration 3 117 Figure 3 70 Network Access Port Configuration 3 118 Figure 3 71 Network Access Port Link Detection Configuration 3 120 Figure 3 72 Netwo...

Страница 35: ...us 3 185 Figure 3 109 Setting the Switch Power Budget 3 186 Figure 3 110 Displaying Port PoE Status 3 187 Figure 3 111 Configuring Port PoE Power 3 188 Figure 3 112 Configuring a Static Address Table 3 189 Figure 3 113 Configuring a Dynamic Address Table 3 190 Figure 3 114 Setting the Address Aging Time 3 191 Figure 3 115 Configuring Port Loopback Detection 3 194 Figure 3 116 Displaying Spanning T...

Страница 36: ...guration 3 264 Figure 3 153 Traffic Classes 3 266 Figure 3 154 Queue Mode 3 267 Figure 3 155 Displaying Queue Scheduling 3 268 Figure 3 156 IP DSCP Priority Status 3 269 Figure 3 157 Mapping IP DSCP Priority Values 3 271 Figure 3 158 Configuring Class Maps 3 274 Figure 3 159 Configuring Policy Maps 3 277 Figure 3 160 Service Policy Settings 3 278 Figure 3 161 Configuring VoIP Traffic 3 280 Figure ...

Страница 37: ...309 Figure 3 181 DNS General Configuration 3 311 Figure 3 182 DNS Static Host Table 3 313 Figure 3 183 DNS Cache 3 314 Figure 3 184 Cluster Member Choice 3 315 Figure 3 185 Cluster Configuration 3 316 Figure 3 186 Cluster Member Configuration 3 317 Figure 3 187 Cluster Member Information 3 318 Figure 3 188 Cluster Candidate Information 3 319 Figure 3 189 UPnP Configuration 3 320 ...

Страница 38: ...Figures xxxviii ...

Страница 39: ...o TFTP server Authentication and Security Measures Console Telnet web User name password RADIUS TACACS AAA ARP inspection Web HTTPS Telnet SSH SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Port Authentication IEEE 802 1X Port Security MAC address filtering Private VLANs Network Access MAC Address Authentication Web Authentication Web access with RADIUS Authentication DHCP Snoopin...

Страница 40: ...thentication is also supported via the IEEE 802 1X protocol This protocol uses the Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then verifies the client s right to access the network via an authentication server Other authentication options include HTTPS for secure management access via the web SSH for secure management access over a Tel...

Страница 41: ... The switch can unobtrusively mirror traffic from any port VLAN or packets with a specified MAC address to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Port Trunking Ports can be combined into an aggregate connection Trunks can be manually set up or dynamically configured using Link Aggregation Control...

Страница 42: ...ol reduces the convergence time for network topology changes to 3 to 5 seconds compared to 30 seconds or more for the older IEEE 802 1D STP standard It is intended as a complete replacement for STP but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP compliant mode if they detect STP protocol messages from attached devices Multiple Spannin...

Страница 43: ... to meet the requirements of specific traffic types on a per hop basis Each packet is classified upon entry into the network based on access lists IP Precedence or DSCP values or VLAN lists Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of fo...

Страница 44: ...l Console Timeout 0 disabled Authentication and Security Measures Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled TACACS Authentication Disabled 802 1X Port Authentication Disabled Web Authentication Disabled MAC Authentication Disabled HTTPS Enabled SSH D...

Страница 45: ... Unknown Unicast disabled Rate Limit Broadcast 64 kbits per second Spanning Tree Algorithm Status Enabled RSTP Defaults Based on RSTP standard Fast Forwarding Edge Port Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Enabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port interface...

Страница 46: ...Snooping Enabled Querier Enabled Multicast VLAN Registration Disabled System Log Status Enabled Messages Logged Levels 0 7 all Messages Logged to Flash Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled NTP Clock Synchronization Disabled Switch Clustering Status Enabled Commander Disabled Table 1 2 System Defaults Continued Function Paramet...

Страница 47: ... RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permits the switch to be managed from any system in the network using network management software such as HP OpenView The switch s web interface CLI configuration program and SNMP agent allow you to perform...

Страница 48: ...the following steps 1 Connect the console cable to the serial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the DB 9 connector 2 Connect the other end of the cable to the RS 232 serial port on the switch 3 Make sure the terminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud ...

Страница 49: ...ccess to basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec and privileged access level Privileged Exec The commands available at the Normal Exec level are a limited subset of those availabl...

Страница 50: ...work This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP subnet as the switch you will also need to specify the default gateway router Dynamic The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network Manual Configuration You can ma...

Страница 51: ...TP or DHCP reply has been received Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values can include the IP address subnet mask and default gateway If the DHCP BOOTP server is slow to respond you may need to use the ip dhcp restart command to re start broadcasting service requests If the bootp or dhcp option is saved to the startup config file...

Страница 52: ... agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that provides read access to the entire MIB tree and a default view for the private community string that provides read write access to the entire MIB ...

Страница 53: ...here are no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a trap receiver use the snmp server host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community string version 1 2c 3 auth noauth priv...

Страница 54: ...stores system configuration information and is created when configuration settings are saved Saved configuration files can be selected as a system start up file or can be uploaded via FTP TFTP to a server for backup The file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system If the system is booted with the factory default settings the s...

Страница 55: ...files must have a name specified File names on the switch are case sensitive can be from 1 to 31 characters must not contain slashes or and the leading letter of the file name must not be a period Valid characters A Z a z 0 9 _ There can be more than one user defined configuration file saved in the switch s flash memory but only one is designated as the startup file that is loaded when the switch ...

Страница 56: ...Initial Configuration 2 10 2 ...

Страница 57: ...age 2 4 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on page 2 4 3 After you enter a user name and password you will have access to the system configuration program Notes 1 You are allowed three attempts to enter the correct password on the ...

Страница 58: ...th the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 3 1 Home Page Note The examples in this chapter are based on the SMC6128PL2 Other than the number of fixed p...

Страница 59: ...This option is available under Tools Internet Options General Browsing History Settings Temporary Internet Files 2 You may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web agent displays an image of the switch s ports The Mode can be set to display different information for the ports including Active i e up or dow...

Страница 60: ...e server 3 22 Copy Operation Allows the transfer and copying of files 3 22 HTTP Upgrade Copies operation code or configuration files from management station to the switch 3 30 HTTP Download Copies operation code or configuration files from the switch to the management station 3 30 Delete Allows deletion of files from the flash memory 3 26 Set Start Up Sets the startup file 3 26 Line 3 32 Console S...

Страница 61: ...d parameters and sampling interval 3 68 Security 3 70 User Accounts Assigns a new password for the current user 3 70 Authentication Settings Configures authentication sequence RADIUS and TACACS 3 72 Encryption Key Configures RADIUS and TACACS encryption key settings 3 75 AAA Authentication Authorization and Accounting 3 76 RADIUS Group Settings Defines the configured RADIUS servers to use for acco...

Страница 62: ...eters for individual ports 3 101 Statistics Displays protocol statistics for the selected port 3 104 Web Authentication 3 110 Configuration Configures Web Authentication settings 3 111 Port Configuration Enables Web Authentication for individual ports 3 112 Port Information Displays status information for individual ports 3 113 Re authentication Forces a host to re authenticate itself immediately ...

Страница 63: ... Port Counters Information Displays statistics for LACP protocol messages 3 167 Port Internal Information Displays settings and operational state for the local side 3 168 Port Neighbors Information Displays settings and operational state for the remote side 3 170 Port Broadcast Control Sets the broadcast storm threshold for each port 3 172 Trunk Broadcast Control Sets the broadcast storm threshold...

Страница 64: ...e 3 195 Configuration Configures global bridge settings for STA and RSTP 3 198 Port Information Displays individual port settings for STA 3 202 Trunk Information Displays individual trunk settings for STA 3 202 Port Configuration Configures individual port settings for STA 3 205 Trunk Configuration Configures individual trunk settings for STA 3 205 Port Edge Port Configuration Sets an interface to...

Страница 65: ...ffic between uplink ports assigned to different client sessions 3 236 Session Configuration Creates a client session and assigns the downlink and uplink ports to service the traffic 3 237 Private VLAN 3 238 Information Displays Private VLAN feature information 3 238 Configuration This page is used to create remove primary or community VLANs 3 239 Association Each community VLAN must be associated ...

Страница 66: ... statistics for remote devices on a selected port or trunk 3 261 Priority 3 263 Default Port Priority Sets the default priority for each port 3 263 Default Trunk Priority Sets the default priority for each trunk 3 263 Traffic Classes Maps IEEE 802 1p priority tags to output queues 3 265 Traffic Classes Status Enables disables traffic class priorities not implemented NA Queue Mode Sets queue mode t...

Страница 67: ... 294 IGMP Filter Throttling Trunk Configuration Configures IGMP Filtering and Throttling for trunks 3 294 MVR 3 299 Configuration Globally enables MVR sets the MVR VLAN adds multicast stream addresses 3 300 Port Information Displays MVR interface type MVR operational and activity status and immediate leave status 3 302 Trunk Information Displays MVR interface type MVR operational and activity stat...

Страница 68: ...he DHCP Snooping Information Option policy 3 147 Binding Information Displays the DHCP Snooping binding information 3 149 IP Source Guard 3 150 Port Configuration Enables IP source guard and selects filter type per port 3 150 Static Configuration Adds a static addresses to the source guard binding table 3 152 Dynamic Information Displays the source guard binding table for a selected interface 3 15...

Страница 69: ...tem System Up Time Length of time the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web Server Shows if management access via is enabled Web Server Port Shows the TCP port number used by the web interface Web Secure Server Shows if management access via HTTPS is enabled Web Secure Server Port Shows the TCP ...

Страница 70: ...n WC 9 4 92 Console config snmp server contact Ted 4 91 Console config exit Console show system 4 33 System Description 24 Fast Ethernet 2 Giga 2 ComboG L2 L4 PoE Standalone switch System OID string 1 3 6 1 4 1 202 20 65 System Information System Up Time 0 days 0 hours 38 minutes and 44 16 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC Address Unit1 00 01 02 03 0A 0A Web Ser...

Страница 71: ...ion Hardware version of the main board Chip Device ID Identifier for basic MAC Physical Layer switch chip Internal Power Status Displays the status of the internal power supply Management Software EPLD Version Version number of the Electronically Programmable Logic Device code Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation C...

Страница 72: ...sion 4 34 Unit 1 Serial Number A749023132 Hardware Version R01 Chip Device ID Marvell 98DX106 B0 88E6095 F EPLD Version 0 02 Number of Ports 28 Main Power Status Up Redundant Power Status Not present Agent Master Unit ID 1 Loader Version 1 0 2 2 Boot ROM Version 1 0 3 5 Operation Code Version 1 3 5 2 Console ...

Страница 73: ...tering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 189 VLAN Learning This switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port Refer to VLAN Configuration on...

Страница 74: ...N has been assigned an IP address IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not function until a reply has been received from the server Requests will be broadcast periodically by the switch for an IP address DHCP BOOTP values can include the IP addre...

Страница 75: ...o Static enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console config interface vlan 1 4 221 Console config if ip address 192 168 1 1 255 255 255 0 4 412 Console config if exit Console config ip default gateway 0 0 0 0 4 413 Console config ...

Страница 76: ...HCP IP Configuration Note If you lose your management connection use a console connection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart command Console config Console config interface vlan 1 4 221 Console config if ip address dhcp 4 412 Console config if end Consol...

Страница 77: ...ng jumbo frames up to 10 KB for the Gigabit Ethernet ports Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields Command Usage To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is ope...

Страница 78: ... to an FTP server ftp to file Copies a file from an FTP server to the switch TFTP FTP Server IP Address The IP address of an FTP or TFTP server User Name The user name for FTP server access Password The password for FTP server access File Type Specify opcode operational code to copy firmware File Name The file name should not contain slashes or the leading letter of the file name should not be a p...

Страница 79: ...grade file is stored as SMC6128_52PL2_op_V1 3 5 2 BIX or even SMC6128_52PL2_op_V1 3 5 2 bix on a case sensitive server then the switch requesting runtime bix will not be upgraded because the server does not recognize the requested file name and the stored file name as being equal A notable exception in the list of case sensitive Unix like operating systems is Mac OS X which by default is case inse...

Страница 80: ...grade file can be found Nested directory structures are accepted The directory name must be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL ftp username password host filedir ftp Defines FTP protocol for the server connection username Defines the user name for the FTP connect...

Страница 81: ...anonymous will be the user name and the password will be blank The image file is in the FTP root directory ftp switches upgrade 192 168 0 1 The user name is switches and the password is upgrade The image file is in the FTP root ftp switches upgrade 192 168 0 1 switches opcode The user name is switches and the password is upgrade The image file is in the opcode directory which is within the switche...

Страница 82: ...e as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the current firmware used for startup and want to start using the new operation code reboot the system via the System Reset menu Figure 3 10 Copy Firmwar...

Страница 83: ...ew firmware form a TFTP server enter the IP address of the TFTP server select opcode as the file type then enter the source and destination file names When the file has finished downloading set the new file to start up the system and then restart the switch To start the new firmware enter the reload command or reboot the system Console copy tftp file 4 37 TFTP server ip address 192 168 1 23 Choose...

Страница 84: ...es the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to ftp Copies the startup configuration to an FTP server startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server ttftp to file Copies a file from a TFTP server t...

Страница 85: ...the IP address of the TFTP server If you download from an FTP server enter the user name and password for an account on the server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then click Apply Figure 3 13 Downloading Configuration Settings for Startup If you download to a new file name using ftp tftp to startup config or ftp tftp ...

Страница 86: ... to copy a firmware file or config configuration to copy a switch configuration file Source File Name Use the Browse button to locate the file on the web management station The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the FTP TFTP server is 127 characters or 31 characters for files on the switch Vali...

Страница 87: ...ocal web management station Specify the name of a file on the switch to overwrite or specify a new file name then click Apply Figure 3 15 Uploading Files Using HTTP Web To download files using HTTP Click System File Management HTTP Download Select an operation code file or configuration file on the switch to download to the web management station Click Apply Figure 3 16 Downloading Files Using HTT...

Страница 88: ...tempts Silent Time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts has been exceeded Range 0 65535 Default 0 Data Bits Sets the number of data bits per character that are interpreted and generated by the console port If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per characte...

Страница 89: ...line login local 4 46 Console config line password 0 secret 4 47 Console config line timeout login response 0 4 48 Console config line exec timeout 0 4 48 Console config line password thresh 3 4 49 Console config line silent time 60 4 50 Console config line databits 8 4 50 Console config line parity none 4 51 Console config line speed 19200 4 52 Console config line stopbits 1 4 52 Console config l...

Страница 90: ...ets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds Default 600 seconds Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specif...

Страница 91: ...ent virtual terminal settings use the show line command from the Normal Exec level Console config line vty 4 45 Console config line login local 4 46 Console config line password 0 secret 4 47 Console config line timeout login response 300 4 48 Console config line exec timeout 600 4 48 Console config line password thresh 3 4 49 Console config line end Console show line vty 4 56 VTY Configuration Pa...

Страница 92: ... Enables disables the logging of debug or error messages to the logging process Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be logged to flash Range 0 7 Default 3 RAM Level Limits log messages saved to the switch s temporary RAM mem...

Страница 93: ...f 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages see RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to process messages such as sorting or storing messages in the corresponding database Range 1...

Страница 94: ... the facility type and set the logging trap Console config logging host 192 168 1 15 4 59 Console config logging facility 23 4 59 Console config logging trap 4 4 60 Console config end Console show logging trap 4 60 Syslog logging Enabled REMOTELOG status Enabled REMOTELOG facility type local use 7 REMOTELOG level type Warning conditions REMOTELOG server ip address 192 168 1 15 REMOTELOG server ip ...

Страница 95: ...f a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address Sets the email address used for the From field in alert messages You may use a symbolic email address that identifies the switch or the address of an administrator re...

Страница 96: ...pecifies the email recipients of alert messages You can specify up to five recipients Use the New Email Destination Address text field and the Add Remove buttons to configure the list Email Destination Address This command specifies SMTP servers that may receive alert messages Web Click System Log SMTP Enable SMTP specify a source email address and select the minimum severity level To add an IP ad...

Страница 97: ...ait combined with the hours before the switch resets Range 1 34560 Default 0 Reset Resets the switch after the specified time If the hour and minute fields are blank then the switch will reset immediately Refresh Refreshes the countdown timer of a pending delayed reset Cancel Cancels a pending delayed reset Note To rimmediately restart the switch enter 0 in both the Hours and Minutes fields and cl...

Страница 98: ...nfig command See paratext on page 4 37 Setting the System Clock Simple Network Time Protocol SNTP allows the switch to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also manually set the clock If the clock is not set manually or via SNTP...

Страница 99: ...guring SNTP You can configure the switch to send time synchronization requests to time servers Command Attributes SNTP Client Configures the switch to operate as an SNTP client This requires at least one NTP or SNTP time server to be specified in the SNTP Server field Default Disabled SNTP Poll Interval Sets the interval between sending requests for a time update from a time server Range 16 16384 ...

Страница 100: ...operate as an NTP client This requires at least one time server to be specified in the NTP Server list Default Disabled NTP Polling Interval Sets the interval between sending requests for a time update from NTP servers Range 16 16384 seconds Default 1024 seconds NTP Authenticate Enables authentication for time requests and updates between the switch and NTP servers Default Disabled NTP Server Sets...

Страница 101: ...pecifies a key value in the NTP Authentication Key List Up to 255 keys can be configured in the NTP Authentication Key List Note that key numbers and values must match on both the server and client Range 1 65535 Key Context Specifies an MD5 authentication key string The key string can be up to 32 case sensitive printable ASCII characters no spaces Note SNTP and NTP clients cannot both be enabled a...

Страница 102: ...t one major city or location covered by the time zone User defined Configuration Allows the user to define all parameters of the local time zone Direction Configures the time zone to be before east of or after west of UTC Name Assigns a name to the time zone Range 1 29 characters Hours 0 13 The number of hours before after UTC The maximum value before UTC is 12 The maximum value after UTC is 13 Mi...

Страница 103: ...rd one hour at the start of spring and then adjusted backward in autumn Command Attributes General Configuration Summer Time in Effect Shows if the system time has been adjusted Status Shows if summer time is set to take effect during the specified period Name Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters Mode Selects one of the following configurati...

Страница 104: ...ime zone in minutes Range 0 99 minutes From Start time for summer time offset To End time for summer time offset Recurring Mode Sets the start end and offset times of summer time for the switch on a recurring basis This mode sets the summer time zone relative to the currently configured time zone To specify a time corresponding to your local time when summer time is in effect you must indicate the...

Страница 105: ...NMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A defined set of variables known as managed objects is maintai...

Страница 106: ...ding and writing which are known as views The switch has a default view all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings Note The predefined default groups and view can be deleted from the system You can then define customized groups and views for the SNMP clients that requir...

Страница 107: ...isted in this table For security reasons you should consider removing the default strings Command Attributes SNMP Community Capability The switch supports up to five community strings Current Displays a list of the community strings currently configured Community String A community string that acts like a password and permits access to the SNMP protocol Default strings public read only private rea...

Страница 108: ...ryption options authNoPriv or authPriv the user name must first be defined in the SNMPv3 Users page page 3 57 Otherwise the authentication password and or privacy password will not exist and the switch will not authorize SNMP access for the host However if you specify a V3 host with the no authentication noAuth option an SNMP user account will be automatically generated and the switch will authori...

Страница 109: ...nagers table we recommend that you define this string in the SNMP Community section at the top of the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Default 162 Trap Version Specifies whether to send notifi...

Страница 110: ...sages specify the UDP port trap version trap security level for v3 clients trap inform settings for v2c v3 clients and then click Add Select the trap types required using the check boxes for Authentication and Link up down traps and then click Apply Figure 3 31 Configuring IP Trap Managers CLI This example adds a trap manager and enables both authentication and link up link down traps 3 These are ...

Страница 111: ...ds to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users A new engine ID can be specified by entering 9 to 64 hexadecimal characters...

Страница 112: ...ap Managers and Trap Types on page 3 52 and Configuring Remote SNMPv3 Users on page 3 59 The engine ID can be specified by entering 9 to 64 hexadecimal characters 5 to 32 octets in hexadecimal format If an odd number of characters are specified a trailing zero is added to the value to fill in the last octet For example the value 123456789 is equivalent to 1234567890 Web Click SNMP SNMPv3 Remote En...

Страница 113: ...ser noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication Protocol The method used for u...

Страница 114: ...up of a user click Change Group in the Actions column of the users table and select the new group Figure 3 34 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user chris group r d v3 auth md5 greenpeace priv des56 einstien 4 101 Console config exit Console show snmp user 4 102 EngineId 80000034030001f488f...

Страница 115: ...fier for the SNMP agent on the remote device where the remote user resides Note that the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 44 Remote IP The Internet address of the remote device where the user resides Security Model The user security model SNMP v1 v2c or v3 Default v3 Security Level The security level used for th...

Страница 116: ...lick Delete Figure 3 35 Configuring Remote SNMPv3 Users CLI Use the snmp server user command to configure a new user name and assign it to a group Console config snmp server user mark group r d remote 192 168 1 19 v3 auth md5 greenpeace priv des56 einstien 4 101 Console config exit Console show snmp user 4 102 No user exist SNMP remote user EngineId 80000000030004e2b316c54321 User Name mark Authen...

Страница 117: ...view for write access Range 1 64 characters Notify View The configured view for notifications Range 1 64 characters Table 3 4 Supported Notification Messages Object Label Object ID Description RFC 1493 Traps newRoot 1 3 6 1 2 1 17 0 1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree the trap is sent by a bridge soon after its election as the new root e...

Страница 118: ...otocol message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap will be generated RMON Events V2 risingAlarm 1 3 6 1 2 1 16 0 1 The SNMP trap that is generated when an alarm entry crosses its rising threshold and generates an event that is configured for sending SNMP traps...

Страница 119: ...click Delete Figure 3 36 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read write and notify views Console config snmp server group secure users v3 priv read defaultview write defaultview notify defaultview 4 99 Console config exit Console show snmp group 4 100 Group Name secure...

Страница 120: ... MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Web Click SNMP SNMPv3 Views Click New to configure a new view In the New View page define a name and specify OID subtrees in the switch MIB to be included or excluded in the view Click Back to save the new v...

Страница 121: ...oes not take place The wire speed transmission characteristic of the switch is thus preserved even at high traffic levels As the Collector receives streams from the various sFlow agents other switches or routers throughout the network a timely network wide picture of utilization and traffic flows is created Analysis of the sFlow stream s can reveal trends and information that can be leveraged in t...

Страница 122: ...X ports are organized into groups of 8 based on a restriction in the switch ASIC and the 4 Gigabit ports each in it s own separate group Status Enables sFlow on the ports in the indicated group Rate Configures the packet sampling rate Setting the rate to 0 disables sampling Setting the rate to 100 configures sampling to 1 packet out of every 100 received Range 0 10000000 Default 0 Table 3 5 sFlow ...

Страница 123: ...es the same sFlow settings for all port members in Group 1 Console config sflow 4 104 Console config interface ethernet 1 1 4 221 Console config if sflow source 4 104 Console config if sflow sample 10 4 105 Console config if end Console show sflow 4 108 sFlow global status Enabled Console show sflow interface ethernet 1 1 4 108 Interface of Ethernet 1 1 Interface status Enabled Owner name None Own...

Страница 124: ...port parameters receiver owner time out max header size max datagram size and flow interval A time out value of 0 seconds indicates no time out Range 0 10000000 seconds Default 0 seconds The check box is cleared by the system if flow sampling is currently under way To change the timeout mark the check box enter a timeout value and click Apply Max Header Size Maximum size of the sFlow datagram head...

Страница 125: ...et 1 1 4 221 Console config if sflow owner Bobby 4 106 Console config if sflow destination ipv4 192 168 0 4 4 107 Console config if sflow timeout 1000 4 106 Console config if sflow max header size 128 4 107 Console config if sflow max datagram size 1400 4 108 Console config if sflow polling interval 10 4 105 Console config if end Console show flow 4 108 Console show sflow interface ethernet 1 1 In...

Страница 126: ...figuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assign a new administrator password as soon as possible and store it in a safe place The default guest name is guest with the password guest The default administrator name is admin with the password admin Command Attributes Account List Displays the current list of u...

Страница 127: ...t Click Add to save the new user account and add it to the Account List To change the password for a specific user enter the user name and new password confirm the password by entering it again then click Apply Figure 3 40 Access Levels CLI Assign a user name to access level 15 i e administrator then specify the password Console config username bob access level 15 4 110 Console config username bob...

Страница 128: ...ed you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol Local and remote logon authentication control management access via the console port web browser or Telnet RADIUS and TACACS logon authentication assign a specific privilege level for each user name password pair The user name password and privilege level must be configured on th...

Страница 129: ...g messages Range 1 65535 Default 1813 Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a Reply The number of seconds the switch waits for a reply from the RADIUS server before it resends the request Range 1 65535 Default 5 TACACS Settings Global Provides globally applicable TACACS settings Server...

Страница 130: ...uthentication login radius 4 114 Console config radius server auth port 181 4 117 Console config radius server key green 4 118 Console config radius server retransmit 5 4 118 Console config radius server timeout 10 4 119 Console config radius server 1 host 192 168 1 25 4 116 Console config end Console show radius server 4 120 Global Settings Authentication Port 181 Accounting Port 1813 Retransmit ...

Страница 131: ...tings Global Provides globally applicable TACACS encryption key settings ServerIndex Specifies the index number of the TACACS server for which an encryption key may be configured The switch currently supports only one TACACS server Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Console configure Cons...

Страница 132: ...as follows Authentication Identifies users that request access to the network Authorization Determines if users can access specific services Accounting Provides reports auditing and billing for services that users have accessed on the network The AAA functions require the use of configured RADIUS or TACACS servers in the network The security servers can be defined as sequential groups that are the...

Страница 133: ...he method names to port or line interfaces Note This guide assumes that RADIUS and TACACS servers have already been configured to support AAA The configuration of RADIUS and TACACS server software is beyond the scope of this guide refer to the documentation provided with the RADIUS or TACACS server software Configuring AAA RADIUS Group Settings The AAA RADIUS Group Settings screen defines the conf...

Страница 134: ...nter the TACACS group name followed by the number of the server then click Add Figure 3 44 AAA TACACS Group Settings CLI Specify the group name for a list of TACACS servers and then specify the index number of a TACACS server to add it to the group Configuring AAA Accounting AAA accounting is a feature that enables the accounting of requested services for billing or security purposes Command Attri...

Страница 135: ...tions Accounting Notice Records user activity from log in to log off point Group Name Specifies the accounting server group Range 1 255 characters The group names radius and tacacs specifies all configured RADIUS and TACACS hosts see Configuring Local Remote Logon Authentication on page 3 72 Any other group name refers to a server group configured on the RADIUS or TACACS Group Settings pages Web C...

Страница 136: ...h the local accounting service updates information to the accounting server Range 1 2147483647 minutes Default Disabled Web Click Security AAA Accounting Periodic Update Enter the required update interval and click Apply Figure 3 46 AAA Accounting Update CLI This example sets the periodic accounting update interval at 10 minutes Console config aaa accounting dot1x tps start stop group radius 4 126...

Страница 137: ...ply to the interface This method must be defined in the AAA Accounting Settings menu page 3 77 Range 1 255 characters Web Click Security AAA Accounting 802 1X Port Settings Enter the required accounting method and click Apply Figure 3 47 AAA Accounting 802 1X Port Settings CLI Specify the accounting method to apply to the selected interface Console config interface ethernet 1 2 Console config if a...

Страница 138: ...red at the specified CLI privilege level Web Click Security AAA Accounting Command Privileges Enter a defined method name for console and Telnet privilege levels Click Apply Figure 3 48 AAA Accounting Exec Command Privileges CLI Specify the accounting method to use for Console and Telnet privilege levels Console config line console 4 45 Console config line accounting commands 15 tps method 4 130 C...

Страница 139: ...ser sessions Command Attributes AAA Accounting Summary Accounting Type Displays the accounting service Method List Displays the user defined or default accounting method Group List Displays the accounting server group Interface Displays the port or trunk to which these rules apply This field is null if the accounting method and associated server group has not been assigned to an interface AAA Acco...

Страница 140: ...ng the Switch 3 84 3 Web Click Security AAA Summary Figure 3 50 AAA Accounting Summary Management Guide SMC6128PL2 SMC6152PL2 TigerSwitchTM 10 100 24 Port 10 100 Switch with PoE IP Clustering and 4 Gigabit Ports ...

Страница 141: ...ers The group name tacacs specifies all configured TACACS hosts see Configuring Local Remote Logon Authentication on page 3 72 Any other group name refers to a server group configured on the TACACS Group Settings page Authorization is only supported for TACACS servers Console show accounting 4 132 Accounting Type dot1x Method List default Group List radius Interface Method List tps method Group Li...

Страница 142: ...roup Authorization EXEC Settings This feature specifies an authorization method name to apply to console and Telnet connections Command Attributes Method Name Specifies a user defined method name to apply to console and Telnet connections Web Click Security AAA Authorization Exec Settings Enter a defined method name for console and Telnet connections and click Apply Figure 3 52 AAA Authorization E...

Страница 143: ...ies This field is null if the authorization method and associated server group has not been assigned Web Click Security AAA Authorization Summary Figure 3 53 AAA Authorization Summary CLI This example displays the configured authorization methods and the interfaces to which they are applied Console config line console 4 45 Console config line authorization exec tps auth 4 132 Console config line e...

Страница 144: ... and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 89 Com...

Страница 145: ... that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certificate for the switch is not unique to the hardware you have purchased When you have obta...

Страница 146: ...Windows and other environments These tools including commands such as rlogin remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the...

Страница 147: ...ublic key in it An entry for a public key in the known hosts file would appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 519417467729848654686157177393901647793559423035774130980227370877945...

Страница 148: ... c If a match is found the switch uses its secret key to generate a random 256 bit string as a challenge encrypts this string with the user s public key and sends it to the client d The client uses its private key to decrypt the challenge string computes the MD5 checksum and sends the checksum back to the switch e The switch compares the checksum sent from the client against that computed for the ...

Страница 149: ...d modulus Host Key Type The key type used to generate the host key pair i e public and private keys Range RSA Version 1 DSA Version 2 Both Default Both The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Note The switch uses only RSA Version...

Страница 150: ...448320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 60325919683697053439336438445223335188287173896894511729290510813919642025 190932104328579045764891 DSA ssh dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE Re6hlasfEthIwmj hLY4O0jqJZpcEQUgCfYlum0Y2uoLka Py9ieGWQ8f2gobUZKIICuKg6vjO9XTs7XKc05xfzkBi KviDa 2...

Страница 151: ...you wish to manage Note that you must first create users on the User Accounts page See paratext on page 3 70 Public Key Type The type of public key to upload RSA The switch accepts a RSA version 1 encrypted public key DSA The switch accepts a DSA version 2 encrypted public key The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then ne...

Страница 152: ...H SSH User Public Key Settings Select the user name and the public key type from the respective drop down boxes input the TFTP server IP address and the public key source file name and then click Copy Public Key Figure 3 57 SSH User Public Key Settings ...

Страница 153: ...h2 dsa pub key Username admin TFTP Download Success Write to FLASH Programming Success Console show public key user admin 4 145 admin RSA 1024 37 154886675541099600242673908076171863880953984597454546825066951007 29617437427136900505591624068119579408716226078634780682201498685790475062 34519480679939485042653504179153032795337422103356695026441903823445835730 8882347288969084282166542903131593765...

Страница 154: ...host key pair on the SSH Host Key Settings page before you can enable the SSH server Figure 3 58 SSH Server Settings CLI This example enables SSH sets the authentication parameters and displays the current configuration It shows that the administrator has made a connection via SHH and then disables this connection Console config ip ssh server 4 139 Console config ip ssh timeout 100 4 140 Console c...

Страница 155: ...t can reject the authentication method and request another depending on the configuration of the client software and the RADIUS server The encryption method used to pass authentication messages can be MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security The client responds to the appropriate method with its cr...

Страница 156: ... To support these encryption methods in Windows 95 and 98 you can use the AEGIS dot1x client or other comparable client software Displaying 802 1X Global Settings The 802 1X protocol provides client authentication Command Attributes 802 1X System Authentication Control The global setting for 802 1X Web Click Security 802 1X Information Figure 3 59 802 1X Global Information CLI This example shows t...

Страница 157: ... switch and authentication server These parameters are described in this section Command Attributes Port Port number Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Options Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can con...

Страница 158: ...0 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Intrusion Action Sets the port s response to a failed authentication Block Traffic Blocks all non EAP traffic on the port This is the default setting Guest VLAN All traffic for the port is assigned to a guest VLAN The guest VLAN must ...

Страница 159: ...t1x 4 153 Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 28 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx perio...

Страница 160: ...er of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EAP LenError The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the mos...

Страница 161: ...ying 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 153 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Logoff Invalid Total Resp Id Resp Oth LenError 2 0 0 1007 672 0 0 Last Last EAPOLVer EAPOLSrc 1 00 12 CF 94 34 DE Tx EAPOL EAP EAP Total Req Id Req Oth 2017 1005 0 Console ...

Страница 162: ...ses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delet...

Страница 163: ...the filter list Figure 3 63 Creating an IP Filter List CLI This example allows SNMP access for a specific client Console config management snmp client 10 1 2 3 4 156 Console config end Console show management all client Management IP Filter HTTP Client Start IP address End IP address SNMP Client Start IP address End IP address 1 10 1 2 3 10 1 2 3 TELNET Client Start IP address End IP address Conso...

Страница 164: ...2 1X Port Authentication on page 3 99 Web Authentication Allows stations to authenticate and access the network in situations where 802 1X or Network Access authentication methods are infeasible or impractical Network Access Configures MAC authentication and dynamic VLAN assignment ACL Access Control Lists provide packet filtering for IPv4 frames based on address protocol Layer 4 protocol port num...

Страница 165: ...C addresses the selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the switch Command Usage A secure port has the following restrictions It cannot be used as a member of a static or dynamic trunk It should not be connected to a network interconnection d...

Страница 166: ...nauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates username and password authentication via RADIUS Once authentication is successful the web browser is forwarded on to the originally re...

Страница 167: ...ow long a host must wait to attempt authentication again after it has exceeded the maximum allowable failed login attempts Range 1 180 seconds Default 60 seconds Login Attempts Configures the amount of times a supplicant may attempt and fail authentication before it must wait the configured quiet period Range 1 3 attempts Default 3 attempts Web Click Security Web Authentication Configuration Figur...

Страница 168: ...us for the port Authenticated Host Counts Indicates how many authenticated hosts are connected to the port Web Click Security Web Authentication Port Configuration Set the status box to enabled for any port that requires web authentication and click Apply Figure 3 66 Web Authentication Port Configuration CLI This example enables web authentication for ethernet port 1 5 and displays a summary of we...

Страница 169: ...host expires Web Click Security Web Authentication Port Information Figure 3 67 Web Authentication Port Information CLI This example displays web authentication parameters for port 1 5 The switch allows an administrator to manually force re authentication of any web authenticated host connected to any port Command Attributes Interface Indicates the Ethernet port to query Host IP Indicates the IP a...

Страница 170: ...t on page 4 116 2 MAC authentication cannot be configured on trunk ports Command Usage Network Access authentication controls access to the network by authenticating the MAC address of each host that attempts to connect to a switch port Traffic received from a specific MAC address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RADIUS server Whi...

Страница 171: ...port for an authenticated user The Filter ID attribute attribute 11 can be configured on the RADIUS server to pass the following QoS information Multiple profiles can be specified in the Filter ID attribute by using a semicolon to separate each profile For example the attribute service policy in pp1 rate limit input 100 specifies that the diffserv profile name is pp1 the ingress rate limit profile...

Страница 172: ...r dynamic QoS are not saved to the switch configuration file MAC address authentication is configured on a per port basis however there are two configurable parameters that apply globally to all ports on the switch Command Attributes Authenticated Age The secure MAC address table aging time This parameter setting is the same as switch MAC address table aging time and is only configurable from the ...

Страница 173: ...secure MAC addresses supported for the switch system is 1024 When the limit is reached all new MAC addresses are treated as authentication failed Default 2048 Range 1 to 2048 MAC Filter ID Allows a MAC Filter to be assigned to the port MAC addresses or MAC address ranges present in a selected MAC Filter are exempt from authentication on the specified port as described under MAC Filter Configuratio...

Страница 174: ...ication failures If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still treated as a success and the host is assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table Dynamic QoS Enables dynamic QoS assignment fo...

Страница 175: ...or a port Condition The link event type which will trigger the port action Link Up Only link up events will trigger the port action Link Down Only link down events will trigger the port action Link Up and Down All link up and link down events will trigger the port action Action The switch can respond in three ways to a link up or down trigger event Trap An SNMP trap is sent Trap and Shutdown An SN...

Страница 176: ... table Command Attributes Network Access MAC Address Count The number of MAC addresses currently in the secure MAC address table Query By Specifies parameters to use in the MAC address query Port Specifies a port interface MAC Address Specifies a single MAC address information Attribute Displays static or dynamic addresses Address Table Sort Key Sorts the information displayed based on MAC address...

Страница 177: ... Query Figure 3 72 Network Access MAC Address Information CLI This example displays all entries currently in the secure MAC address table MAC Filter Configuration The MAC Filter allows you to designate specific MAC addresses or MAC address ranges as exempt from authentication MAC addresses present in MAC Filter tables activated on a port are treated as pre authenticated on that port Command Usage ...

Страница 178: ... the mask the system will assign the default mask of an exact match Range 000000000000 FFFFFFFFFFFF Default FFFFFFFFFFFF Add Adds a filter rule There is no limitation on the number of entries that can be used in a filter table Remove Removes the filter rule selected in the filter display Multiple rules can be selected and removed simultaneously Web Click Security Network Access MAC Filter Configur...

Страница 179: ...e maximum number of ACLs is 64 The maximum number of rules per system is 1024 rules for mixed mode or 500 rules for extended mode Each ACL can have up to 32 rules However due to resource restrictions the average number of rules bound to the ports should not exceed 20 The order in which active ACLs are checked is as follows 1 User defined rules in IP and MAC ACLs for ingress ports are checked in pa...

Страница 180: ... IPv6 address IPv6 Extended IPv6 ACL mode filters packets based on the source or destination IP address as well as the type of the next header and the flow label i e a request for special handling by IPv6 routers MAC MAC ACL mode filters packets based on the source or destination MAC address and the Ethernet frame type RFC 1060 ARP ARP ACL specifies static IP to MAC address bindings used for ARP i...

Страница 181: ...s for each IP packet entering the port s to which this ACL has been assigned Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Then click Add Figure 3 75 ACL Configuration Standard IPv4 CLI This example configures one permit rule for the specific addr...

Страница 182: ...for the specified protocol type Range 0 65535 Source Destination Port Bitmask Decimal number representing the port bits to match Range 0 65535 Control Code Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary ...

Страница 183: ...example adds two rules 1 Accept any incoming packets if the source address is in subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when set for destination TCP port 80 i e HTTP 3 Permit all TCP packets from...

Страница 184: ...ecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Source Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address Web Specify the action i e Permit or Deny Select the address type Any Host or IPv6 prefix If you se...

Страница 185: ...defined fields Source Prefix Length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix Range 0 128 Destination Address Type Specifies the destination IP address Use Any to include all possible addresses or IPv6 prefix to specify a range of addresses Options Any IPv6 prefix Default Any Destination IPv6 Address The address must be formatted according...

Страница 186: ...eria such as next header DSCP or flow label Then click Add Figure 3 78 ACL Configuration Extended IPv6 CLI This example adds three rules 1 Accepts any incoming packets for the destination 2009 DB9 2229 79 48 2 Allows packets to any destination address when the DSCP value is 5 Console config ext ipv6 acl permit 2009 DB9 2229 79 48 4 209 Console config ext ipv6 acl permit any dscp 5 Console config e...

Страница 187: ...ation Bitmask Hexadecimal mask for source or destination MAC address CoS Class of Service value Range 0 7 CoS Bitmask Class of Service bitmask Range 0 7 VID VLAN ID Range 1 4094 VID Mask VLAN bitmask Range 0 4095 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 0 ffff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the mor...

Страница 188: ...imal bitmask for an address range Set any other required criteria such as VID Ethernet type or packet format Then click Add Figure 3 79 ACL Configuration MAC CLI This example configures one permit rule for all source mac addresses to communicate with all destination mac addresses on VLAN 12 and another permit rule for source mac address to communicate with all destination mac addresses Console con...

Страница 189: ... field or IP to specify a range of addresses with the Address and Mask fields Options Any Host IP Default Any Sender Target IP Address Source or destination IP address Sender Target IP Address Mask Subnet mask for source or destination address See the description for Subnet Mask on page 3 125 Sender Target MAC Address Type Use Any to include all possible addresses Host to indicate a specific MAC a...

Страница 190: ...ific address If you select IP or MAC enter a base address and a hexadecimal bitmask for an address range Enable logging if required Then click Add Figure 3 80 ACL Configuration ARP CLI This rule permits packets from any source IP and MAC address to the destination subnet address 192 168 0 0 Console config arp acl permit response ip any 192 168 0 0 255 255 0 0 mac any any 4 213 Console config arp a...

Страница 191: ...tributes Port Fixed port or SFP module Range 1 28 52 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a port IPv6 Specifies the IPv6 ACL to bind to a port IN ACL for ingress packets Trunk Indicates if a port is a member of a trunk To create trunks and select port members see Creating Trunk Groups on page 3 160 Web Click Security ACL Port Binding Mark the Enabled check...

Страница 192: ...igured addresses see Configuring an ARP ACL on page 3 133 ARP Inspection must be activated both globally for the switch and per VLAN and inspection parameters set for each VLAN These functions as well as logging and configuration of trusted ports are provided on the ARP Inspection Configuration page ARP Inspection ACLs must be configured on the ARP ACL page before they can be activated here see pa...

Страница 193: ...ed against the selected ACL packets are filtered according to any matching rules packets not matching any rules are dropped and the DHCP snooping bindings database check is bypassed If static is not specified ARP packets are first validated against the selected ACL if no ACL rules match the packets then the DHCP snooping bindings database determines their validity ARP Inspection Validation By defa...

Страница 194: ...g on untrusted interfaces are subject to all configured ARP inspection tests ARP Packet Rate Limiting By default all untrusted ports are subject to ARP packet rate limiting By default all trusted ports are exempt from ARP packet rate limiting The switch will drop all ARP packets received on a port which exceeds the configured ARP packets per second rate limit Unless the default ARP rate limit has ...

Страница 195: ...ses Src MAC Validates the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses ARP Inspection Log Configures ARP Inspection logging parameters Message Number The maximum number of entries saved in a log message Range 0 256 Default 5 Interval The interval at which log messages are sent Range 0 86400 secon...

Страница 196: ...inspection vlan 1 2 4 192 Console config ip arp inspection filter sales vlan 1 static 4 193 Console config ip arp inspection validate dst mac 4 194 Console config ip arp inspection log buffer logs 10 interval 100 4 195 Console config interface ethernet 1 1 4 221 Console config if no ip arp inspection trust 4 196 Console config if ip arp inspection limit 50 4 196 Console config if exit Console show...

Страница 197: ... and dropped by ARP rate limiting Total ARP packets processed by ARP inspection Count of all ARP packets processed by the ARP Inspection engine ARP packets dropped by additional validation Src MAC Count of packets that failed the source MAC address test ARP packets dropped by additional validation Dst MAC Count of packets that failed the destination MAC address test ARP packets dropped by addition...

Страница 198: ...Address Src MAC Address Dst MAC Address Console show ip arp inspection statistics ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0 ARP packets dropped by additional validation destination MAC address 0 ARP packets dropped by additional validation IP a...

Страница 199: ...00 packets per second Any DHCP packets in excess of this limit are dropped When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and also enabled on the VLAN whe...

Страница 200: ...packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any packets received from untrusted ports are dropped Use the DHCP Snooping Configuration page to enable DHCP Snooping globally on the switch or to configure MAC Address Verification Command Attributes DHCP Snooping Status Enables DHCP snooping globally Default Disabled DHCP Snooping MAC Ad...

Страница 201: ... re enabled When DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table Command Attributes VLAN ID ID of a configured VLAN Range 1 4094 DHCP Snooping Status Enables or disables DHCP snooping for the selected VLAN When DHCP snooping is enabled globally on the switch and enabled on the specified VLA...

Страница 202: ...P client server exchange messages are then forwarded directly between the server and client without having to flood them to the entire VLAN If Option 82 is enabled on the switch information about the switch itself may be included in any relayed request packet In some cases the switch may receive DHCP packets from a client that already includes DHCP Option 82 information The switch can be configure...

Страница 203: ...VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other ports outside the local network or fire wall to untrusted state Console config...

Страница 204: ...shows how to enable the DHCP Snooping Trust Status for ports Console config interface ethernet 1 5 Console config if ip dhcp snooping trust 4 182 Console config if end Console show ip dhcp snooping 4 186 Global DHCP Snooping status disable DHCP Snooping Information Option Status disable DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs Verify Source Mac Ad...

Страница 205: ...nding entries from flash Removes all dynamically learned snooping entries from flash memory No Entry number for DHCP snooping binding information Unit Stack unit Port Port number VLAN ID VLAN for which DHCP snooping has been enabled MAC Address Physical address associated with the entry IP Address IP address corresponding to the client IP Address Type Indicates an IPv4 or IPv6 address type Lease T...

Страница 206: ...y is found the packet is dropped When enabled traffic is filtered based upon dynamic entries learned via DHCP snooping see DHCP Snooping Configuration on page 3 144 or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address SIP option or both its IP address and corresponding MAC address SIP MAC option will be checked against the bi...

Страница 207: ...ponding MAC addresses stored in the binding table Web Click IP Source Guard Port Configuration Set the required filtering type for each port and click Apply Figure 3 89 IP Source Guard Port Configuration CLI This example shows how to enable IP source guard on port 5 to check the source IP address for ingress packets against the binding table Console config interface ethernet 1 5 Console config if ...

Страница 208: ... new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with the same VLAN ID and MAC address and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the ...

Страница 209: ... be bound enter the MAC address and associated IP address then click Add Figure 3 90 Static IP Source Guard Binding Configuration CLI This example shows how to configure a static source guard binding on port 5 Console config ip source guard binding 11 22 33 44 55 66 vlan 1 192 168 0 99 interface ethernet 1 5 4 189 Console config ...

Страница 210: ...splays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table Web Click IP Source Guard Dynamic Information Figure 3 91 Dynamic IP Source Guard Binding Information CLI This example shows how to configure a static source guard binding on port 5 Console show ip source guard binding 4 190 MacAddress IpAddr...

Страница 211: ...n Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type7 Media type used for the combo ports Options Copper Forced SFP Forced or SFP Preferred Auto Default SFP Preferred Auto Trunk Member8 Sh...

Страница 212: ...st Storm Shows if broadcast storm control is enabled or disabled Broadcast Storm Limit Shows the broadcast storm threshold 240 1488100 packets per second Multicast Storm Shows if multicast storm control is enabled or disabled Multicast Storm Limit Shows the multicast storm threshold 64 1 000 000 kilobits per second Unknown Unicast Storm Shows if unknown unicast storm control is enabled or disabled...

Страница 213: ...settings will be negotiated between the link partners based on their advertised capabilities To set the speed duplex mode or flow control under auto negotiation the required operation modes must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or Cons...

Страница 214: ...1000full operation requires the ports at both ends of a link to establish their role in the connection process as a master or slave Before using this feature auto negotiation must first be disabled and the Speed Duplex attribute set to 1000full Then select compatible Giga PHY modes at both ends of the link Note that using one of the preferred modes ensures that the ports at both ends of a link wil...

Страница 215: ...port if both combination types are functioning and the SFP port has a valid link This is the default Trunk Indicates if a port is a member of a trunk To create trunks and select port members see Creating Trunk Groups on page 3 160 Web Click Port Port Configuration or Trunk Configuration Modify the required interface settings and click Apply Figure 3 93 Port Trunk Configuration CLI Select the inter...

Страница 216: ...fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk ...

Страница 217: ...nnecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Command Attributes Member List Current Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Range 1 8 Port Port identifier Range 1 28 52 Web Click Port Trunk Membership Enter a trunk ID of 1 8 in the Trunk field select any of...

Страница 218: ...rts on both ends of an LACP trunk must be configured for full duplex and auto negotiation Console config interface port channel 2 4 221 Console config if exit Console config interface ethernet 1 1 4 221 Console config if channel group 2 4 249 Console config if exit Console config interface ethernet 1 2 Console config if channel group 2 Console config if end Console show interfaces status port chan...

Страница 219: ...LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click Apply Figure 3 95 LACP Trunk Configuration CLI The following example enables LACP for ports 1 to 6 Just connect these ports to LACP enabled trunk ports on another switch to form a trunk Console config interface ethernet 1 1 4 221 Console conf...

Страница 220: ... is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default 32768 Ports must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with ...

Страница 221: ...y configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device After you have completed setting the port LACP parameters click Apply Figure 3 96 LACP Port Configuration CLI The following example configures LACP parameters for ports 1 4 Ports 1 ...

Страница 222: ...formed that is it has the null value of 0 this key is set to the same value as the port admin key used by the interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 Console show lacp sysid 4 255 Port Channel System Priority System MAC Address 1 3 00 12 CF 31 31 31 2 32768 00 12 CF 31 31 31 3 32768 00 12 CF 31 31 31 4 32768 00 12 CF 31 31 ...

Страница 223: ...r of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an un...

Страница 224: ...el 1 Eth 1 1 LACPDUs Sent 91 LACPDUs Receive 43 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 3 9 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port Admin Key Current administrative value of the key for the aggregation port LACPDUs Interval Number of seconds before invalidating receiv...

Страница 225: ...tocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers this link to be IN_SYNC i e it has been allocated to the correct Link Aggregation Group the group has been associated with a...

Страница 226: ...ption Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current adminis...

Страница 227: ...emote side of port channel 1 Console show lacp 1 neighbors 4 255 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 3 00 12 CF CE 2A 20 Partner Admin Port Number 5 Partner Oper Port Number 3 Port Admin Priority 32768 Port Oper Priority 128 Admin Key 0 Oper Key 120 Admin State defaulted distributing collecting synchronization long timeout Oper St...

Страница 228: ...wn unicast storm control is enabled both broadcast and multicast storm control are also enabled using the threshold value set by the unknown unicast storm control command The storm control feature provided on this configuration page is a hardware level control function Traffic storms can also be controlled at the software level using automatic storm control which triggers various control responses...

Страница 229: ...ole config if switchport broadcast packet rate 500 4 228 Console config if end Console show interfaces switchport ethernet 1 2 4 232 Information of Eth 1 2 Broadcast Threshold Enabled 500 Kbits second Multicast Threshold Disabled Unknown unicast Threshold Disabled LACP Status Disabled Ingress Rate Limit Disabled 100000 Kbits per second Egress Rate Limit Disabled 100000 Kbits per second VLAN Member...

Страница 230: ...d The storm control feature provided on this configuration page is a hardware level control function Traffic storms can also be controlled at the software level using automatic storm control which triggers various control responses This control type is only supported by the Command Line Interface as described under Automatic Traffic Control Commands on page 4 234 However note that only one of thes...

Страница 231: ...SIC chip limitation the supported storm control modes include broadcast broadcast multicast broadcast multicast unknown unicast This means that when mulicast storm control is enabled broadcast storm control is also enabled using the threshold value set by the multicast storm control command And when unknown unicast storm control is enabled both broadcast and multicast storm control are also enable...

Страница 232: ... unicast storm control Default Disabled Threshold Threshold as percentage of port bandwidth Range 64 100000 kilobits per second for Fast Ethernet ports 64 1000000 kilobits per second for Gigabit ports Default 64 kilobits per second Trunk Shows if port is a trunk member Web Click Configuration Port Port Unknown Unicast Control or Trunk Unknown Unicast Control Check the Enabled box for any interface...

Страница 233: ... page 3 192 Command Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 28 52 Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit or Both Default Rx Target Port The port that will mirror the traffic on the source port Range 1 28 52 Web Click Port Mirror Port Configuration Specify ...

Страница 234: ...traffic the target port must be included in the same VLAN as the source port when using MSTP see Spanning Tree Algorithm Configuration on page 3 192 Command Attributes Mirror Sessions Displays a list of current mirror sessions Source MAC Address MAC address in the form of xx xx xx xx xx xx or xxxxxxxxxxxx Destination Port The port that will mirror the traffic from the source port Range 1 28 52 Web...

Страница 235: ...o apply rate limiting Command Usage Input and output rate limits can be enabled or disabled for individual interfaces Command Attributes Port Trunk Displays the port trunk number Rate Limit Status Enables or disables the rate limit Default Disabled Rate Limit Sets the rate limit level Range 64 100000 kilobits per second for Fast Ethernet ports 64 to 1000000 kilobits per second for Gigabit Ethernet...

Страница 236: ...ub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding su...

Страница 237: ...ticular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR mes...

Страница 238: ...mber of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received and transmitte...

Страница 239: ...nfiguration 3 183 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 107 Port Statistics ...

Страница 240: ...he switch s budget ports set at critical or high priority have power enabled in preference to those ports set at low priority For example when a device is connected to a port set to critical priority the switch supplies the required power if necessary by dropping power to ports set for a lower priority If power is Console show interfaces counters ethernet 1 13 4 231 Ethernet 1 13 Iftable stats Oct...

Страница 241: ...onsumption The amount of power being consumed by PoE devices connected to the switch Thermal Temperature 9 The internal temperature of the switch Software Version The version of software running on the PoE controller subsystem in the switch Web Click PoE Power Status Figure 3 108 Displaying the Global PoE Status CLI This example displays the current power status for the switch 9 This parameter is ...

Страница 242: ...he supplied power Range 37 180 watts Default 180 Watts Web Click PoE Power Config Specify the desired power budget for the switch Click Apply Figure 3 109 Setting the Switch Power Budget CLI Use the power mainpower maximum allocation command to set the PoE power budget for the switch Displaying Port Power Status Use the Power Port Status page to display the current PoE power status for all ports C...

Страница 243: ... device is connected to a low priority port and causes the switch to exceed its budget port power is not turned on If a device is connected to a critical or high priority port and causes the switch to exceed its budget port power is turned on but the switch drops power to one or more lower priority ports Note Power is dropped from low priority ports in sequence starting from port number 1 Console ...

Страница 244: ...efault low Power Allocation Sets the power budget for the port Range 3000 15400 milliwatts Default 15400 milliwatts Web Click PoE Power Port Configuration Enable PoE power on selected ports set the priority and the power budget and then click Apply Figure 3 111 Configuring Port PoE Power CLI This example sets the PoE power budget for port 1 to 8 watts the priority to high 2 and then enables the po...

Страница 245: ...re bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Attributes Static Address Counts10 The number of manually configured addresses Current Static Address Table Lists all the static addresses Interface Port or trunk associated with the device assigned a static add...

Страница 246: ...e Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of addresses dynamically learned Current Dynamic Address Table Lists all the dynamic addresses Web Click Address Table Dynamic Ad...

Страница 247: ...learned entry is discarded Range 10 630 seconds Default 300 seconds Web Click Address Table Address Aging Specify the new aging time click Apply Figure 3 114 Setting the Address Aging Time CLI This example sets the aging time to 300 seconds Console show mac address table interface ethernet 1 1 4 271 Interface MAC Address VLAN Type Eth 1 1 00 12 CF 48 82 93 1 Delete on reset Eth 1 1 00 12 CF 94 34 ...

Страница 248: ...ng a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network t...

Страница 249: ...en builds a Internal Spanning Tree IST for the Region containing all commonly configured MSTP bridges An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration Digest see Configuring Multiple Spanning Trees on page 3 210 An MST Region may contain multiple MSTP Instances An Internal Spannin...

Страница 250: ...e port will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 2 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch 3 When configured for manual release mode then a link down up event will not release the port from the discarding state Field Attributes Port Indicates the interface to be configured Range 1 28 52 Status Enables Loopback Dete...

Страница 251: ... device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Hello Time Interval in seconds at which the root device transmits a configuration message Forward Delay The maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must re...

Страница 252: ... messages at regular intervals If the root port ages out STA information provided in the last configuration message a new root port is selected from among the device ports attached to the network References to ports in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to lear...

Страница 253: ...spanning tree 4 297 Spanning Tree Information Spanning Tree Mode RSTP Spanning Tree Enabled Disabled Enabled Instance 0 VLANs Configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 00201A25AC00 Current Root Port 54 Current Ro...

Страница 254: ...TP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance To allow multiple spanning trees to operate over the network you must configure a related set of bridge...

Страница 255: ...conds at which the root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA info...

Страница 256: ...mum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID mapping table In other words this key is a mapping of all VLANs to the CIST Region Revision12 The revis...

Страница 257: ...Spanning Tree Algorithm Configuration 3 201 3 Web Click Spanning Tree STA Configuration Modify the required attributes and click Apply Figure 3 117 Configuring Spanning Tree ...

Страница 258: ...switch are connected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch is booted then some of them change state to learning and then to forwarding Forward Transitions The number of times this port has transitioned from the Learning state to the Forwarding s...

Страница 259: ...ating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to the root bridge i e designated port is the MSTI regional root i e master port or is an alternate or backup port that may provide connectivity if other bridges bridge...

Страница 260: ...ce Fast forwarding This field provides the same information as Admin Edge port and is only included for backward compatibility with earlier products Admin Edge Port You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding ...

Страница 261: ...t does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the port begins learning addresses Forwarding Port forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only Console show ...

Страница 262: ...n steps of 16 Admin Path Cost This parameter is used by the STA to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority Range 0 for auto configuration 1 65535 for the short path cost method13 1 200 000 000 for the long path cost method B...

Страница 263: ...ree topology It could also be used to form a border around part of the network where the root bridge is allowed Default Disabled Migration If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the Protocol Migration button to manually re check ...

Страница 264: ...ooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an end node device Default Enabled Enabled Manually configures a port as an Edge Port Disabled Disable...

Страница 265: ...tion time when the port link type is point to point which is 3 seconds as defined in IEEE 802 3D 2004 17 20 4 otherwise it equals the maximum age for configuration messages see Displaying Global Settings for STA on page 3 195 BPDU Guard This feature prevents loops by disabling an edge port when a BPDU is received instead of putting it into the spanning tree blocking state In a valid configuration ...

Страница 266: ...for the selected MST instance MSTP VLAN Configuration 3 Add the VLANs that will share this MSTI MSTP VLAN Configuration Note All VLANs are automatically added to the IST Instance 0 Note All VLANs are automatically added to the IST Instance 0 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridges with the same MSTI settings Command Attributes M...

Страница 267: ...e STA settings for instance 1 followed by settings for each port Console config spanning tree mst configuration 4 281 Console config mst mst 1 priority 4096 4 282 Console config mstp mst 1 vlan 1 5 4 281 Console config mst Console config spanning tree mst configuration 4 281 Console config mst mst 1 priority 4096 4 282 Console config mstp mst 1 vlan 1 4 281 Console config mst end Console show span...

Страница 268: ...External Oper Path Cost 100000 Internal Oper Path Cost 100000 Priority 128 Designated Cost 0 Designated Port 128 1 Designated Root 32768 00201A25AC00 Designated Bridge 32768 00201A25AC00 Fast Forwarding Enabled Forward Transitions 0 Admin Edge Port Enabled Oper Edge Port Enabled Admin Link Type Auto Oper Link Type Point to point Flooding Behavior Enabled Spanning Tree Status Enabled Loopback Detec...

Страница 269: ... MST instance Command Attributes MST Instance ID Instance identifier to configure Default 0 Note The other attributes are described under Displaying Interface Settings for STA on page 3 202 Web Click Spanning Tree MSTP Port or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 122 Displaying MSTP Interface Settings ...

Страница 270: ...ent Root Cost 100000 Number of Topology Changes 4 Last Topology Change Time sec 539 Transmission Limit 3 Path Cost Method Long Flooding Behavior To VLAN Eth 1 1 Information Admin Status Enabled Role Disabled State Discarding External Admin Path Cost 0 Internal Admin Path Cost 0 External Oper Path Cost 100000 Internal Oper Path Cost 100000 Priority 128 Designated Cost 100000 Designated Port 128 1 D...

Страница 271: ...the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Admin MST Path Cost This para...

Страница 272: ...802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or mu...

Страница 273: ...VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but...

Страница 274: ...the message arrives at another switch that supports GVRP it will also place the receiving port in the specified VLANs and pass the message on to all other ports VLAN requirements are propagated in this way throughout the network This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host dev...

Страница 275: ...ag before forwarding the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it first decides where to forward the frame and then inserts a VLAN tag reflecting the ingress port s default VID Enabling or Disabling GVRP Global Setting GARP VLAN Registration Prot...

Страница 276: ...r of Supported VLANs Maximum number of VLANs that can be configured on this switch Web Click VLAN 802 1Q VLAN Basic Information Figure 3 125 Displaying Basic VLAN Information CLI Enter the following command 14 Web Only Console show bridge ext 4 301 Max Support VLAN Numbers 256 Max Support VLAN ID 4094 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Confi...

Страница 277: ...Up Time at Creation Time this VLAN was created i e System Up Time Status Shows how this VLAN was added to the switch Dynamic GVRP Automatically learned via GVRP Permanent Added as a static entry Egress Ports Shows all the VLAN port members Untagged Ports Shows the untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 126 Displaying Cur...

Страница 278: ...AN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 100 characters no spaces Status Web Enables or disables the specified VLAN Enabled VLAN is operational Disabled VLAN is suspended i e does not pass packets State CLI Enables or disables the specified VLAN Active VLAN i...

Страница 279: ...s Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1 19 S Eth1 20 S Eth1 21 S Eth1 22 S Eth1 23 S Eth1 24 S Eth1 25 S Eth1 26 S Eth1 27 S Eth1 28 S VLAN ID 2 Type Static Name R D Status Active Ports Port Channels VLAN ID 4093 Type Static Name Status Active Port...

Страница 280: ...100 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Membership Type Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk Tagged Interface is a member of the VLAN All packets transmitted by the port will be tagged that is carry a tag and there...

Страница 281: ...gure 3 128 Configuring a VLAN Static Table CLI The following example adds tagged and untagged ports to VLAN 2 Console config interface ethernet 1 1 4 221 Console config if switchport allowed vlan add 2 tagged 4 310 Console config if exit Console config interface ethernet 1 2 Console config if switchport allowed vlan add 2 untagged Console config if exit Console config interface ethernet 1 13 Conso...

Страница 282: ...t an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 129 VLAN Static Membership by Port CLI This example adds Port 3 to VLAN 1 as a tagged port a...

Страница 283: ...nly tagged frames When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Options All Tagged Default All Ingress Filtering Determines how to process frames tagged for VLANs for which the ingress port is not a member Ingress Filtering is always enabled Default Enabled Ingress filtering only affects tagged frames If ingress filtering is disabled and...

Страница 284: ...1000 Mode Indicates VLAN membership mode for an interface Default Hybrid Access Sets the port to operate as an untagged interface All frames are sent untagged 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated w...

Страница 285: ...rent customers is segregated within the service provider s network even when they use the same customer specific VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port configured to support QinQ tunneling must be set to tunnel port mode The Service Provider...

Страница 286: ...y already have The ingress process constructs and inserts the outer tag SPVLAN into the packet based on the default VLAN ID and Tag Protocol Identifier TPID that is the ether type of the tag This outer tag is used for learning and switching packets The priority of the inner tag is copied to the outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup t...

Страница 287: ...ether type of an incoming packet single or double tagged is equal to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is enabled If ingress filtering is not enabled the packet will still be forwarded If the VLAN is not listed in the VLAN table the packet will be drop...

Страница 288: ...e bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Configure the switch to QinQ mode see Enabling QinQ Tunneling on the Switch on page 3 233 2 Set the Tag Protocol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagge...

Страница 289: ...incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as untagged frames and assigned to the native VLAN of that port All ports on the switch will be set to the same ethertype Command Attributes 802 1Q Tunnel Sets t...

Страница 290: ...rt operates in its normal VLAN mode This is the default 802 1Q Tunnel Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network 802 1Q Tunnel Uplink Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network Trunk Member Shows if a port is a member ...

Страница 291: ...e config if interface ethernet 1 2 Console config if switchport dot1q tunnel mode uplink 4 315 Console config if end Console show dot1q tunnel 4 317 Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x9100 The dot1q tunnel mode of the set interface 1 2 is Uplink mode TPID is 0x8100 The dot1q tunnel mode of the set interface ...

Страница 292: ...Status page to enable traffic segmentation and to block or forward traffic between uplink ports assigned to different client sessions Command Attributes Traffic Segmentation Status Enables port based traffic segmentation Default Disabled Uplink to Uplink Specifies whether or not traffic can be forwarded between uplink ports assigned to different client sessions Default Blocking Web Click VLAN Traf...

Страница 293: ...interface Web Click VLAN Traffic Segmentation Session Configuration Set the session number specify whether an uplink or downlink is to be used select the interface and click Apply Figure 3 134 Traffic Segmentation Session Configuration CLI This example enables traffic segmentation and allows traffic to be forwarded across the uplink ports assigned to different client sessions Console config pvlan ...

Страница 294: ...dary associated groups follow these steps 1 Use the Private VLAN Configuration menu page 3 239 to designate one or more community VLANs and the primary VLAN that will channel traffic outside of the VLAN groups 2 Use the Private VLAN Association menu page 3 240 to map the secondary i e community VLAN s to the primary VLAN 3 Use the Private VLAN Port Configuration menu page 3 242 to set the port typ...

Страница 295: ...4 and 5 can only pass through port 3 The Private VLAN Configuration page is used to create remove primary or community VLANs Command Attributes VLAN ID ID of configured VLAN 2 4094 Type There are three types of private VLANs Primary VLANs Conveys traffic between promiscuous ports and to community ports within secondary or community VLANs Community VLANs Conveys traffic between community ports and ...

Страница 296: ...ith a primary VLAN Command Attributes Primary VLAN ID ID of primary VLAN 2 4094 Association Community VLANs associated with the selected primary VLAN Non Association Community VLANs not associated with the selected VLAN Web Click VLAN Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Ad...

Страница 297: ...can only communicate with the lone promiscuous port within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN A community VLAN conveys traffic between community ports and from co...

Страница 298: ...rivate VLAN Host The port is a community port A community port can communicate with other ports in its own community VLAN and with designated promiscuous port s Promiscuous A promiscuous port can communicate with all interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs If PVLA...

Страница 299: ...s in order to encompass all the devices participating in a specific protocol This kind of configuration deprives users of the basic benefits of VLANs including security and easy accessibility To avoid these problems you can configure this switch with protocol based VLANs that divide the physical network into logical VLAN groups for each required protocol When a frame is received at a port its VLAN...

Страница 300: ...protocol groups Command Attributes Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 Frame Type Choose either Ethernet RFC 1042 or LLC Other as the frame type used by this protocol Protocol Type Specifies the protocol type to match The available options are IP ARP and RARP If LLC Other is chosen for the Frame Type the only available Protocol Type is IPX Raw...

Страница 301: ... standard rules applied to tagged frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface Command Attributes Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which m...

Страница 302: ...nd again from the source mirrored VLAN The target port receives traffic from all monitored source VLANs and can become congested Some mirror traffic may therefore be dropped from the target port Note Spanning Tree BPDU packets are not mirrored to the target port Command Attributes Mirror Sessions Displays a list of current mirror sessions Source VLAN A VLAN whose traffic will be monitored Range 1 ...

Страница 303: ...ource IP address is checked against the IP subnet to VLAN mapping table and if an entry is found the corresponding VLAN ID is assigned to the frame If no mapping is found the PVID of the receiving port is assigned to the frame The IP subnet cannot be a broadcast or multicast IP address When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this se...

Страница 304: ...esses can be mapped to only one VLAN ID Configured MAC addresses cannot be broadcast or multicast addresses When MAC based IP subnet based and protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last Command Attributes MAC Address A source MAC address which is to be mapped to a specific VLAN The MAC address must be specified in the format ...

Страница 305: ...y troubleshooting enhance network management and maintain an accurate network topology Setting LLDP Timing Attributes Use the LLDP Configuration screen to set attributes for general functions such as globally enabling LLDP on the switch setting the message ageout time and setting the frequency for broadcasting general advertisements or reports about changes in the LLDP MIB Command Attributes LLDP ...

Страница 306: ...d interval for sending SNMP notifications about LLDP MIB changes Range 5 3600 seconds Default 5 seconds This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a notification are include...

Страница 307: ...ata Units Options Tx only Rx only TxRx Disabled Default TxRx SNMP Notification Enables the transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Interval in the preceding section Trap Console config lldp 4 343 Console config lldp refresh interv...

Страница 308: ...ncludes the IPv4 address of the switch If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address T...

Страница 309: ...tails such as power availability from the switch and power state of the switch including whether the switch is operating from primary or backup power the Endpoint Device could use this information to decide to enter power conservation mode Note that this device does not support PoE capabilities Inventory This option advertises device details useful for inventory management such as manufacturer mod...

Страница 310: ...onsole config if lldp basic tlv management ip address 4 349 Console config if lldp basic tlv system name 4 351 Console config if lldp basic tlv system capabilities 4 350 Console config if lldp medtlv extPoe 4 355 Console config if lldp medtlv inventory 4 356 Console config if lldp medtlv location 4 356 Console config if lldp medtlv med cap 4 357 Console config if lldp medtlv network policy 4 357 C...

Страница 311: ...l packet includes the IPv4 address of the switch If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement Interface Settings The attributes listed below apply to both port and trunk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Description A string that indicates the port s...

Страница 312: ...a 2 ComboG L2 L4 PoE Standal one switch System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information Interface PortID Type PortID PortDesc Eth 1 1 MAC Address 00 20 1A 25 AC 01 Ethernet Port on unit 1 port 1 Eth 1 2 MAC Address 00 20 1A 25 AC 02 Ethernet Port on unit 1 port 2 Eth 1 3 MAC Address 00 20 1A 25 AC 03 Ethernet Port on ...

Страница 313: ...itted Port Name A string that indicates the port s description If RFC 2863 is implemented the ifDescr object should be used for this field System Name An string that indicates the system s administratively assigned name Web Click LLDP Remote Port Trunk Information Figure 3 148 LLDP Remote Port Information CLI This example displays LLDP information for remote devices attached to this switch which a...

Страница 314: ...ring that contains the specific identifier for the port from which this LLDPDU was transmitted System Name An string that indicates the system s assigned name System Description A textual description of the network entity System Capabilities Supported The capabilities that define the primary function s of the system See Table 3 16 paratext on page 3 255 System Capabilities Enabled The primary func...

Страница 315: ...evice attached to a specific port on this switch Console show lldp info remote device detail ethernet 1 1 4 361 LLDP Remote Devices Information Detail Local PortName Eth 1 1 Chassis Type MAC Address Chassis Id 00 01 02 03 04 05 PortID Type MAC Address PortID 00 01 02 03 04 06 SysName SysDescr SMC6128PL2 PortDescr Ethernet Port on unit 1 port 1 SystemCapSupported Bridge SystemCapEnabled Bridge Remo...

Страница 316: ...ved from the LLDP remote systems MIB for any reason Neighbor Entries Dropped Count The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The number of times that a neighbor s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired Interface Statistics on LLDP Pro...

Страница 317: ...ived Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recognized by the receiving LLDP local agent TLVs Discarded A count of all LLDPDUs received and then discarded due to insufficient memory space missing or out of sequence attributes or any other reason Neighbor Ageouts A count of the times that a neighbor s information has been deleted from the LLDP remote s...

Страница 318: ...ys detailed LLDP statistics for an LLDP enabled remote device attached to a specific port on this switch switch show lldp info statistics detail ethernet 1 1 4 362 LLDP Port Statistics Detail PortName Eth 1 1 Frames Discarded 0 Frames Invalid 0 Frames Received 12 Frames Sent 13 TLVs Unrecognized 0 TLVs Discarded 0 Neighbor Ageouts 0 switch ...

Страница 319: ...riority and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q...

Страница 320: ...1 3 4 232 Information of Eth 1 3 Broadcast Threshold Enabled 64 Kbits second Multicast Threshold Disabled Unknown unicast Threshold Disabled LACP Status Disabled Ingress Rate Limit Disabled 100000 Kbits per second Egress Rate Limit Disabled 100000 Kbits per second VLAN Membership Mode Hybrid Ingress Rule Enabled Acceptable Frame Type All frames Native VLAN 1 Priority for Untagged Traffic 5 GVRP St...

Страница 321: ...work applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Command Attributes Priority CoS value Range 0 7 where 7 is the highest priority Traffic Class17 Output queue buffer Range 0 3 where 3 is the highest CoS priority queue Table 3 18 Mapping CoS Values to Egress Queue...

Страница 322: ...iced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue Command Usage Strict priority requires all traffic in a higher priority queue to be processed before lower priority queues are serviced WRR uses a relative weighting for each queue which determines the amount of packets the switch transmits every time it services each queue before moving on to the next queu...

Страница 323: ...ch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue As described in Mapping CoS Values to Egress Queues on page 3 265 the traffic classes are mapped to one of the four egress queues provided for each port This weight sets the limit for the number of packets the switch will transmit each time the queue is serviced and subsequently affec...

Страница 324: ...riority Queue Scheduling Figure 3 155 Displaying Queue Scheduling CLI The following example shows how to display the WRR weights assigned to each of the priority queues Console show queue bandwidth 4 366 Queue ID Weight 0 1 1 2 2 4 3 8 Console ...

Страница 325: ...value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP DSCP Priority and then Default Port Priority Enabling IP DSCP Priority The switch allows you to enable or disable the IP DSCP pri...

Страница 326: ...CP default mapping is defined in the following table Note that all the DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP Priority value Note that 0 represents low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Consol...

Страница 327: ... 1 on port 1 and then displays the DSCP Priority settings Mapping specific values for IP DSCP is implemented as an interface configuration command but any changes will apply to the all interfaces on the switch Console config map ip dscp 4 368 Console config interface ethernet 1 1 4 221 Console config if map ip dscp 1 cos 0 4 368 Console config if end Console show map ip dscp ethernet 1 1 4 370 DSC...

Страница 328: ...prioritize the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end QoS solution Notes 1 You can configure up to 16 rules per Class Map You can also include multiple classes in a Policy...

Страница 329: ... a brief description of a class map Range 1 16 characters for the name 1 64 characters for the description Edit Rules Opens the Match Class Settings page for the selected class entry Modify the criteria used to classify ingress traffic on this page Add Class Opens the Class Configuration page Enter a class name and description on this page and click Add to open the Match Class Settings page Enter ...

Страница 330: ...ied criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Web Click QoS DiffServ then click Add Class to create a new class or Edit Rules to change the rules of an existing class Figure 3 158 Configuring Class Maps ...

Страница 331: ... class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL Also note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is specified by the Burst field and the average rate at which tokens are removed from the bucket ...

Страница 332: ...d or the DSCP service level will be reduced Remove Class Deletes a class Policy Options Class Name Name of class map Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settings on page 3 273 Range CoS 0 7 DSCP 0 63 IP Precedence 0 7 IPv6 DSCP 0 63 Meter Check this to define the maximum throughput b...

Страница 333: ...3 277 3 Web Click QoS DiffServ Policy Map to display the list of existing policy maps To add a new policy map click Add Policy To configure the policy rule settings click Edit Classes Figure 3 159 Configuring Policy Maps ...

Страница 334: ... Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate policy map from the scroll down box Web Click QoS DiffServ Service Policy Settings Check Enabled and choose a Policy Map for a port from the scroll down box then click Apply Figure 3 160 Service Policy Settings CLI ...

Страница 335: ...the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member the Voice VLAN Alternatively switch ports can be manually configured To configure the switch for VoIP traffic first enable the automatic detection of VoIP devices attached to switch ports t...

Страница 336: ...oice VLAN when VoIP traffic is detected on the port You must select a method for detecting VoIP traffic either OUI or 802 1ab LLDP When OUI is selected be sure to configure the MAC address ranges in the Telephony OUI list Manual The Voice VLAN feature is enabled on the port but the port must be manually added to the Voice VLAN Security Enables security filtering that discards any non VoIP packets ...

Страница 337: ... on See Link Layer Discovery Protocol on page 3 249 for more information on LLDP Priority Defines a CoS priority for port traffic on the Voice VLAN The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is active for the port Web Click QoS VoIP Traffic Setting Port Configuration Set the mode for a VoIP traffic port select the detection mechanism t...

Страница 338: ...three octets Other masks restrict the MAC address range Selecting FF FF FF FF FF FF specifies a single MAC address Default FF FF FF 00 00 00 Description User defined text that identifies the VoIP devices Console config interface ethernet 1 2 Console config if switchport voice vlan auto 4 337 Console config if switchport voice vlan security 4 338 Console config if switchport voice vlan rule oui 4 3...

Страница 339: ...en click Add Figure 3 163 Telephony OUI List CLI This example adds an identifier to the list then displays the current list Console config voice vlan mac address 00 e0 bb 00 00 00 mask ff ff ff 00 00 00 description old phones 4 336 Console config exit Console show voice vlan oui 4 339 OUIAddress Mask Description 00 e0 bb 00 00 00 FF FF FF 00 00 00 old phones 00 11 22 33 44 55 FF FF FF 00 00 00 new...

Страница 340: ...r the ports that want to join a multicast group and set its filters accordingly If there is no multicast router attached to the local subnet multicast traffic and query messages may not be received by the switch In this case Layer 2 IGMP Query can be used to actively ask the attached hosts if they want to receive a specific multicast service IGMP Query thereby identifies the ports containing hosts...

Страница 341: ...s case traffic is filtered from sources in the Exclude list and forwarded from all other available sources Notes 1 When the switch is configured to use IGMPv3 snooping the snooping version may be downgraded to version 2 or version 1 depending on the version of the IGMP query packets detected on each VLAN 2 IGMP snooping will not function unless a multicast router port is enabled on the switch This...

Страница 342: ... or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to r...

Страница 343: ...t which the switch sends IGMP host query messages Range 60 125 seconds Default 125 IGMP Report Delay Sets the time between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list Range 5 25 seconds Default 10 IGMP Query Timeout The time the switch waits after the previous querier stops before it consi...

Страница 344: ...te leave should only be enabled on an interface if it is connected to only one IGMP enabled device either a service host or a neighbor running IGMP snooping Immediate leave is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is used Immediate leave does not apply to a port if the switch has learned that a multicast router is attached to it Immediate leave can improve bandwi...

Страница 345: ...Immediate Leave CLI This example enables IGMP immediate leave for VLAN 1 and then displays the current IGMP snooping status Console config interface vlan 1 Console config if ip igmp snooping immediate leave 4 383 Console config if end Console show ip igmp snooping 4 382 Service Status Enabled Querier Status Disabled Leave proxy status Enabled Query Count 2 Query Interval 125 sec Query Max Response...

Страница 346: ...icast router switch for each VLAN ID Command Attributes VLAN ID ID of configured VLAN 1 4094 Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch Web Click IGMP Snooping Multicast Router Port Information Select the required VLAN ID from the scroll down list to display the associated multicast routers Figu...

Страница 347: ...nterface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router Web Click IGMP Snooping Static Multicast Router Port Configuration Specify the interfaces attached to a multicast router indicate the VLAN which will forward all the correspon...

Страница 348: ...ast service Web Click IGMP Snooping IP Multicast Registration Table Select a VLAN ID and the IP address for a multicast service from the scroll down lists The switch will display all the interfaces that are propagating this multicast service Figure 3 168 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating t...

Страница 349: ...cific VLAN the corresponding traffic can only be forwarded to ports within that VLAN Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Range 1 4094 Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multic...

Страница 350: ...rwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to r...

Страница 351: ...ch profile has only one access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multicast group falls within the controlled range When the access mode is set to deny IGMP join reports are only processed when the multicast group is not in the controlled range Command Attributes Profile ID Selects an existing profile number to configure After se...

Страница 352: ...he profile number you want to configure then click Query to display the current settings Specify the access mode for the profile and then add multicast groups to the profile list Click Apply Figure 3 171 IGMP Profile Configuration CLI This example configures profile number 19 by setting the access mode to permit and then specifying a range of multicast groups that a user can join The current profi...

Страница 353: ...ce If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group Command Attributes Profile Selects an existing profile number to assign to an interface Max Multicast Groups Sets the maximum number of multicast groups an interface can join at the same time Range 0 255...

Страница 354: ...rrent IGMP filtering and throttling settings for the interface are then displayed Console config interface ethernet 1 1 4 221 Console config if ip igmp filter 19 4 393 Console config if ip igmp max groups 64 4 394 Console config if ip igmp max groups action deny 4 395 Console config if end Console show ip igmp filter interface ethernet 1 1 4 395 Information of Eth 1 1 IGMP Profile 19 permit range ...

Страница 355: ... different VLAN groups from the MVR VLAN users in different IEEE 802 1Q or private VLANs cannot exchange any information except through upper level routing services General Configuration Guidelines for MVR 1 Enable MVR globally on the switch select the MVR VLAN and add the multicast groups that will stream traffic to attached hosts see Configuring Global MVR Settings on page 3 300 2 Set the interf...

Страница 356: ...receive data from that multicast group Default Disabled MVR Running Status Indicates whether or not all necessary conditions in the MVR environment are satisfied Running status is true as long as MVR Status is enabled and the specified MVR VLAN exists MVR VLAN Identifier of the VLAN that serves as the channel for streaming multicast services using MVR MVR source ports should be configured as membe...

Страница 357: ...s that will stream traffic to attached hosts and then click Apply Figure 3 173 MVR Global Configuration CLI This example first enables IGMP snooping enables MVR globally and then configures a range of MVR group addresses Console config ip igmp snooping 4 381 Console config mvr 4 398 Console config mvr group 228 1 23 1 10 4 398 Console config ...

Страница 358: ... if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or disabled Trunk Member19 Shows if port is a trunk member Web Click MVR Port or Trunk Information Figure 3 174 MVR Port Information CLI This example shows information about interfaces attached to the ...

Страница 359: ...vided through the MVR VLAN Web Click MVR Group IP Information Figure 3 175 MVR Group IP Information CLI This example following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN Console show mvr interface 4 402 MVR Group IP Status Members 225 0 0 1 ACTIVE eth1 1 d eth1 2 s 225 0 0 2 INACTIVE None 225 0 0 3 INACTIVE None 225 0 0 4 INACTIVE None 225 0 0 ...

Страница 360: ...ch have been statically assigned see Assigning Static Multicast Groups to Interfaces on page 3 306 Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a...

Страница 361: ...gured as an MVR receiver Trunk20 Shows if port is a trunk member Web Click MVR Port or Trunk Configuration Figure 3 176 MVR Port Configuration CLI This example configures an MVR source port and receiver port and then enables immediate leave on the receiver port 20 Port Information only Console config interface ethernet 1 1 Console config if mvr type source 4 400 Console config if exit Console conf...

Страница 362: ...of 224 0 0 x Command Attributes Interface Indicates a port or trunk Member Shows the IP addresses for MVR multicast groups which have been statically assigned to the selected interface Non Member Shows the IP addresses for all MVR multicast groups which have not been statically assigned to the selected interface Web Click MVR Group Member Configuration Select a port or trunk from the Interface fie...

Страница 363: ...tags Command Attributes MVR Receiver VLAN Allows multicast traffic to be forwarded from the specified Receiver VLAN without revealing the identity of the MVR VLAN in tagged frames Range 1 4094 MVR Receiver Group IP Address Specifies groups to be managed through the receiver VLAN Web Click MVR Receiver Configuration Select a VLAN from the MVR Receiver VLAN field enter the required multicast groups ...

Страница 364: ...rs for multicast services provided through the MVR Receiver VLAN Web Click MVR Receiver Group IP Information Select a receiver group multicast address from the Group IP Address field to show the interfaces which have joined the selected group Figure 3 179 MVR Receiver Group Address Table CLI This example shows the interfaces which have joined MVR receiver groups and the status of MVR traffic for e...

Страница 365: ...AN see Configuring MVR Receiver VLAN and Group Addresses on page 3 307 Web Click MVR Receiver Group Member Configuration Select a port or trunk from the Interface field select a multicast group address from the member list and then click the Add or Remove button to modify the list Figure 3 180 Static MVR Receiver Group Member Configuration CLI This example sets the type of a port as an MVR receive...

Страница 366: ...the system will search it for a corresponding entry If none is found the default domain name is used When an incomplete host name is received by the DNS service on this switch and a domain name list has been specified the switch will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a match When more than one name ...

Страница 367: ...a domain list However remember that if a domain list is specified the default domain name is not used Console config ip domain name sample com 4 406 Console config ip domain list sample com uk 4 407 Console config ip domain list sample com jp Console config ip name server 192 168 1 55 10 1 0 55 4 408 Console config ip domain lookup 4 409 Console show dns 4 410 Domain Lookup Status DNS enabled Defa...

Страница 368: ...may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name in the static table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a host device that is mapped to one or more IP addresses Range 1 64 char...

Страница 369: ...ply Figure 3 182 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 4 405 Console config ip host rd6 10 1 0 55 Console show hosts 4 410 Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias rd6 Console ...

Страница 370: ... host address for the owner and CNAME which specifies an alias IP The IP address associated with this record TTL The time to live reported by the name server Domain The domain name associated with this record Web Select DNS Cache Figure 3 183 DNS Cache CLI This example displays all the resource records learned from the designated name servers Console show dns cache 4 411 NO FLAG TYPE DOMAIN TTL IP...

Страница 371: ... management station There can be up to 100 candidates and 36 member switches in one cluster A switch can only be a member of one cluster After the Commander and Members have been configured any switch in the cluster can be managed from the web agent by choosing the desired Member ID from the Cluster drop down menu To connect to the Member switch from the Commander CLI prompt use the rcommand see p...

Страница 372: ...254 254 1 Number of Members The current number of Member switches in the cluster Number of Candidates The current number of Candidate switches discovered in the network that are available to become Members Web Click Cluster Configuration Figure 3 185 Cluster Configuration CLI This example first enables clustering on the switch sets the switch as the cluster Commander and then configures the cluste...

Страница 373: ... specific MAC address of a known switch Web Click Cluster Member Configuration Figure 3 186 Cluster Member Configuration CLI This example creates a new cluster Member by specifying the Candidate switch MAC address and setting a Member ID Console config cluster member mac address 00 12 34 56 78 9a id 5 4 83 Console config end Console show cluster candidates 4 85 Cluster Candidates Role Mac Descript...

Страница 374: ...rnal cluster IP address assigned to the Member switch MAC Address The MAC address of the Member switch Description The system description string of the Member switch Web Click Cluster Member Information Figure 3 187 Cluster Member Information CLI This example shows information about cluster Member switches Console show cluster members 4 85 Cluster Members ID 1 Role Active member IP Address 10 254 ...

Страница 375: ...the network MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 188 Cluster Candidate Information CLI This example shows information about cluster Candidate switches Console show cluster candidates 4 85 Cluster Candidates Role Mac Description ACTIVE MEMBER 00 12 cf 23 49 c0 24 48 L2 L...

Страница 376: ...ice To do this a control point sends a suitable control message to the control URL for the service provided in the device description When a device is known to the control point periodic event notification messages are sent A UPnP description for a service includes a list of actions the service responds to and a list of variables that model the state of the service at run time If a device has a UR...

Страница 377: ... TTL to 6 and displays information about basic UPnP configuration Console config upnp device 4 86 Console config upnp device advertise duration 200 4 87 Console config upnp device ttl 6 4 86 Console config end Console show upnp 4 87 UPnP global settings Status Enabled Advertise duration 200 TTL 6 Console ...

Страница 378: ...Configuring the Switch 3 322 3 ...

Страница 379: ...the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal acc...

Страница 380: ... isolated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty ...

Страница 381: ...how startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username admin password 0 smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is am...

Страница 382: ...nformation hosts Host information interfaces Interface information ip IP information ipv6 IPv6 information lacp LACP statistics line TTY line information lldp LLDP log Login records logging Logging setting mac MAC access list mac address table Shows the MAC address table mac vlan MAC based VLAN information management Show management information map Maps priority memory Memory utilization mvr Shows...

Страница 383: ... been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands startup config Startup system configuration subnet vlan IP subnet based VLAN information system System information tacacs...

Страница 384: ...nly a limited number of the commands are available in this mode You can access all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system will now display the Console command prompt You can also enter Privileged Exec mode from within Normal Exec mode by entering the enable c...

Страница 385: ...dify the port configuration such as speed duplex and negotiation Line Configuration These commands modify the console port and Telnet configuration and include command such as parity and databits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple interfaces Serve...

Страница 386: ...ist ipv6 standard access list ipv6 extended access list mac Console config arp acl Console config std acl Console config ext acl Console config std ipv6 acl Console config ext ipv6 acl Console config mac acl 4 212 4 201 4 201 4 207 4 207 4 215 Class Map class map Console config cmap 4 375 Interface interface ethernet port port channel id vlan id Console config if 4 221 MSTP spanning tree mst confi...

Страница 387: ...ine Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K Deletes all characters from the cursor to the end of the line Ctrl L Repeats current command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Enters...

Страница 388: ...P UDP port number TCP control code ARP request response packets IPv6 frames based on destination address next header type or flow label or non IP frames based on MAC address or Ethernet type 4 199 Interface Configures the connection parameters for all Ethernet ports aggregated links and VLANs 4 220 Automatic Traffic Control Configures bounding thresholds for broadcast and multicast storms which ca...

Страница 389: ...0 Domain Name Service Configures DNS services 4 405 IP Interface Configures IP address for the switch 4 412 Table 4 5 General Commands Command Function Mode Page enable Activates privileged mode NE 4 12 disable Returns to normal mode from privileged mode PE 4 12 configure Activates global configuration mode PE 4 13 show history Shows the command history buffer NE PE 4 13 reload Restarts the system...

Страница 390: ...rmal Exec to Privileged Exec To set this password see the enable password command on page 4 111 The character is appended to the end of the prompt to indicate that the system is in privileged access mode Example Related Commands disable 4 12 enable password 4 111 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on th...

Страница 391: ...paratext on page 4 6 Command Mode Privileged Exec Example Related Commands end 4 16 show history This command shows the contents of the command history buffer Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buffer ...

Страница 392: ...Example This example shows how to reset the switch Global Configuration This command restarts the system at a specified time after a specified delay or at a periodic interval You can reboot the system immediately or you can configure the switch to reset after a specified amount of time Use the cancel option to remove a configured setting Syntax reload at hour minute month day day month year in hou...

Страница 393: ...oad Range 1 31 reload cancel Cancels the specified reload option Default Setting None Command Mode Global Configuration Command Usage This command resets the entire system Any combination of reload options may be specified If the same option is re specified the previous setting will be overwritten When the system is restarted it will always run the Power On Self Test It will also retain all config...

Страница 394: ...ing Console Command Mode Global Configuration Example end This command returns to Privileged Exec mode Command Mode Global Configuration Interface Configuration Line Configuration VLAN Database Configuration and Multiple Spanning Tree Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console show reload Reloading switch in time...

Страница 395: ...on mode and then quit the CLI session quit This command exits the configuration program Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console config exit Console exit Press ENTER to start session User Access Verification Username Console quit Press ENTER to start session...

Страница 396: ...m Status Displays system configuration active managers and version information 4 29 Frame Size Enables support for jumbo frames 4 35 File Management Manages code image or switch configuration files 4 36 Line Sets communication parameters for the serial port including baud rate and console time out 4 44 Event Logging Controls logging of error messages 4 57 SMTP Alerts Configures SMTP email alerts 4...

Страница 397: ...configure dc power info Configures the DC Power information that is displayed by banner GC 4 22 banner configure department Configures the Department information that is displayed by banner GC 4 22 banner configure equipment info Configures the Equipment information that is displayed by banner GC 4 23 banner configure equipment location Configures the Equipment Location information that is display...

Страница 398: ...esses the enter key the script prompts for the next piece of information and so on until all information has been entered Pressing enter without inputting information at any prompt during the script s operation will leave the field empty Spaces can be used during script mode because pressing the enter key signifies the end of data input The delete and left arrow keys terminate the script The use o...

Страница 399: ...ary for clarity Console config banner configure Company Edgecore Networks Responsible department R D Dept Name and telephone to Contact the management people Manager1 name Sr Network Admin phone number 123 555 1212 Manager2 name Jr Network Admin phone number 123 555 1213 Manager3 name Night shift Net Admin Janitor phone number 123 555 1214 The physical location of the equipment City and street add...

Страница 400: ...ation Command Usage Input strings cannot contain spaces The banner configure dc power info command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where white space is necessary for clarity Example banner configure department This command is used to configure the department information displayed in the banne...

Страница 401: ...or floor id row row id rack rack id shelf rack sr id manufacturer mfr name no banner configure equipment info floor manufacturer manufacturer id rack row shelf rack mfr id The name of the device model number floor id The floor number row id The row number rack id The rack number sr id The shelf number in the rack mfr name The name of the device manufacturer Maximum length of each parameter 32 char...

Страница 402: ...ut boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where white space is necessary for clarity Example banner configure ip lan This command is used to configure the device IP address and subnet mask information displayed in the banner Use the no form to restore the default setting Syntax banner configure ip lan ip mask no banner configure i...

Страница 403: ... banner Use the no form to restore the default setting Syntax banner configure lp number lp num no banner configure lp number lp num The LP number Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces The banner configure lp number command interprets spaces as data input boundaries The use of underscores _ or other uno...

Страница 404: ...number of the third manager Maximum length of each parameter 32 characters Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces The banner configure manager info command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where white space is necessary for clar...

Страница 405: ...r configure note note info Miscellaneous information that does not fit the other banner categories or any other information of importance to users of the switch CLI Maximum length 150 characters Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces The banner configure note command interprets spaces as data input boundaries The use of underscores ...

Страница 406: ...eve 123 555 9876 Lamar 123 555 3322 Station s information 710_Network_Path Indianapolis Edgecore Networks SMC6128PL2 Floor Row Rack Sub Rack 7 10 15 6 DC power supply Power Source A Floor Row Rack Electrical circuit 3 15 24 48V id_3 15 24 2 Number of LP 4 Position MUX telco 9734212kx_PVC 1 23 IP LAN 216 241 132 3 255 255 255 0 Note ROUTINE_MAINTENANCE_firmware upgrade_0100 0500_GMT 0500_20071022 _...

Страница 407: ...C address SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for the switch Spanning tree settings Interface settings Any configured settings for the console port and Telnet Table 4 9 System Status Commands Command Fun...

Страница 408: ...cf 12 34 56 sntp server 0 0 0 0 0 0 0 0 0 0 0 0 snmp server community public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethe...

Страница 409: ...mmand displays the following information Switch s MAC address SNTP server settings SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for the switch Spanning tree settings Interface settings Any configured settings for the console port and...

Страница 410: ...rname admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active vlan 4093 media ethernet state active spanning tree mst configuration interface vlan 1 ip address dhcp interface vlan 4093 interf...

Страница 411: ...ec Privileged Exec Command Usage The session used to execute this command is indicated by a symbol next to the Line i e session index number Console show system System Description 8 Fast Ethernet 2 Giga 2 ComboG L2 L4 PoE Standalone switch System OID String 1 3 6 1 4 1 259 6 10 94 System Information System Up Time 0 days 2 hours 52 minutes and 32 16 seconds System Name NONE System Location NONE Sy...

Страница 412: ... 15 RSA Online users Line Username Idle time h m s Remote IP addr 0 console admin 0 14 14 1 VTY 0 admin 0 00 00 192 168 1 19 2 SSH 1 steve 0 00 06 192 168 1 19 Web online users Line Remote IP addr Username Idle time h m s 1 HTTP 192 168 1 19 admin 0 00 00 Console Console show version Unit 1 Serial Number A733006612 Hardware Version R01 Chip Device ID Marvell 98DX107 A2 88E6095 F EPLD Version 1 03 ...

Страница 413: ... using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half ...

Страница 414: ...itch settings The configuration file can be downloaded under a new file name and then set as the startup file or the current startup configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the FTP TFTP server but cannot be used as the destination on the switch Table 4 11 Flash File Commands Command Function M...

Страница 415: ... running config Keyword that adds the settings listed in the specified file to the running configuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server running config Keyword that allows you to copy to from the current running configuration startup config The configuration used for system initialization tftp Keyword that allows you to ...

Страница 416: ...user name and password configured on the remote server Note that anonymous is set as the default user name Example The following example shows how to download new firmware from a TFTP server The following example shows how to upload the configuration settings to a file on the TFTP server The following example shows how to copy the running configuration to a startup file Console copy tftp file TFTP...

Страница 417: ...tup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS certificate Source private file name SS private Private password Success Console reload System will be restarted continue y n y Console copy tftp public key TFTP server IP address 192 168...

Страница 418: ...ration file from flash memory Related Commands dir 4 40 delete public key 4 141 This command displays a list of files in flash memory Syntax dir boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image file filename Name of the configuration file or code image Defau...

Страница 419: ... name The name of the file File type File types Boot Rom Operation Code and Config file Startup Shows if this file is used when the system is started Size The length of the file in bytes Console dir File name File type Startup Size byte Unit1 DIAG_phaseIV_1035 BIX Boot Rom Image Y 1476128 MOPOE bix Operation Code N 4507168 op_v1 3 5 2 bix Operation Code Y 4456740 Factory_Default_Config cfg Config ...

Страница 420: ...mand Mode Global Configuration Command Usage A colon is required after the specified file type If the file contains an error it cannot be set as the default file Example Related Commands dir 4 40 whichboot 4 41 This command automatically upgrades the current operational code when a new version is detected on the server indicated by the upgrade opcode path command Use the no form of this command to...

Страница 421: ...was successful 3 It sets the new version as the startup image 4 It then restarts the system to start using the new image Any changes made to the default setting can be displayed with the show running config page 4 30 or show startup config page 4 29 commands Example If a new image is found at the specified location the following type of messages will be displayed during bootup This command specifi...

Страница 422: ...nonymous will be used for the connection If the password is omitted a null string will be used for the connection Example This shows how to specify a TFTP server where new code is stored This shows how to specify an FTP server where new code is stored You can access the onboard configuration program by attaching a VT100 compatible device to the server s serial port These commands are used to set c...

Страница 423: ...sole is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command LC 4 50 databits Sets the number of data bits per character that are interpreted and generated by hardware LC 4 50 parity Defines the generation of a parity bit LC 4 51 speed Sets the terminal baud rate LC 4 52 stopbits Sets the number of the stop bits transmitted per byte ...

Страница 424: ...pecified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 NE 8 15 ...

Страница 425: ...ord protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility with legacy password settings i e plai...

Страница 426: ...on is terminated for the session This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command Related Commands silent time 4 50 exec timeout 4 14 This command sets the interval that the system waits until user in...

Страница 427: ...se the no form to remove the threshold value Syntax password thresh threshold no password thresh threshold The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing t...

Страница 428: ...ole response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Related Commands password thresh 4 49 This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syntax databit...

Страница 429: ...Commands parity 4 51 This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting Exampl...

Страница 430: ...device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported Example To specify 38400 bps enter this command This command sets the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 1 One stop bit 2 Two stop bits Defau...

Страница 431: ...2 where 0 means no pause for output displays Default Setting 24 Command Mode Privileged Exec Example This command sets the number of characters displayed across a terminal Use the no form to restore the default setting Syntax terminal width characters no terminal width characters The number of characters displayed across a terminal Range 0 80 Default Setting 80 Command Mode Privileged Exec Example...

Страница 432: ...the escape character specified by this command can be used to break off screen output Ctrl C can also be used to break off the current command line input string Example This command specifies the terminal type connected to the console port Use the no form to restore the default setting Syntax terminal terminal type ansi bbs vt 100 vt 102 no terminal terminal type ansi bbs ANSI BBS vt 100 VT100 vt ...

Страница 433: ...command history buffer The default history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example Related Commands show history 4 13 This command terminates an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Command Usage Specifying session ide...

Страница 434: ...l Exec Privileged Exec Example To show all lines enter this command Console disconnect 1 Console Console show line Terminal Configuration for this session Length 24 Width 80 History size 10 Escape character ASCII number 27 Terminal type VT100 Console Configuration Password Threshold 3 times Interactive Timeout 65535 sec Login Timeout Disabled Silent Time Disabled Baudrate 9600 Databits 8 Parity No...

Страница 435: ...pecified syslog servers Example Related Commands logging history 4 58 logging trap 4 60 clear log 4 60 Table 4 14 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 57 logging history Limits syslog messages saved to switch memory based on severity GC 4 58 logging host Adds a syslog server host IP address that will receive logging messages GC 4 59 l...

Страница 436: ...obal Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 15 Logging Levels Level Severity Name Description 7 debugging Debugging messages 6 informational Informational messages only 5 notifications Normal but significant condition such as cold start 4 warnings Warning conditions e g ret...

Страница 437: ...pe for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 316...

Страница 438: ...etting Enabled Level 7 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved Using this command without a specified level also enables remote logging but restores the minimum severity level to the default Example This command clears messages from the log buffer Syntax clear log flash ram fl...

Страница 439: ...le The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the message level for RAM is informational i e default level 7 0 Related Commands show logging sendmail 4 65 Console show logging flash Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM lev...

Страница 440: ...the time stamp message level page 4 58 program module function and event number Example The following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 4 00 01 00 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00 54 2001 01 01 STA root change notific...

Страница 441: ...tion the switch first selects the server that successfully sent mail during the last connection or the first server configured by this command If it fails to send mail the switch selects the next server in the list and tries to send mail again If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Exa...

Страница 442: ... 0 Example This example will send email alerts for system errors from level 4 through 0 This command sets the email address used for the From field in alert messages Use the no form to delete the source email address Syntax no logging sendmail source email email address email address The source email address used in alert messages Range 0 41 characters Default Setting None Command Mode Global Conf...

Страница 443: ...e You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Example This command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configuration Example This command displays the settings for the SMTP event handler Command Mode Normal Exec Pri...

Страница 444: ...e 4 66 4 Example Console show logging sendmail SMTP servers 1 192 168 1 200 SMTP Minimum Severity Level 4 SMTP destination email addresses 1 geoff acme com SMTP Source Email Address john acme com SMTP status Enabled Console ...

Страница 445: ...tp server Specifies NTP servers to poll for time updates GC 4 71 ntp poll Sets the interval at which the NTP client polls for time GC 4 72 ntp authenticate Enables authentication for NTP traffic GC 4 72 ntp authentication key Configures authentication keys GC 4 73 show ntp Shows current NTP configuration settings NE PE 4 74 Manual Configuration Commands clock timezone predefined Sets the time zone...

Страница 446: ...the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp server 4 69 sntp poll 4 69 show sntp 4 70 Console config sntp server 10 1 0 19 Console conf...

Страница 447: ...updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Related Commands sntp client 4 68 sntp poll 4 69 show sntp 4 70 This command sets the interval between sending time requests when the switch is set to SNTP client mode Use t...

Страница 448: ...th the ntp servers command Use the no form to disable NTP client requests Syntax no ntp client Default Setting Disabled Command Mode Global Configuration Command Usage The SNTP and NTP clients cannot be enabled at the same time First disable the SNTP client before using this command The time acquired from time servers is used to record accurate dates and times for log events Without NTP the switch...

Страница 449: ...to use in communications with the server Range 1 65535 Default Setting Version number 3 Command Mode Global Configuration Command Usage This command specifies time servers that the switch will poll for time updates when set to NTP client mode It issues time synchronization requests based on the interval set with the ntp poll command The client will poll all the time servers configured the response...

Страница 450: ...ds Default Setting 16 seconds Command Mode Global Configuration Example Related Commands ntp client 4 70 This command enables authentication for NTP client server communications Use the no form to disable authentication Syntax no ntp authenticate Default Setting Disabled Command Mode Global Configuration Console config ntp server 192 168 3 20 Console config ntp server 192 168 3 21 Console config n...

Страница 451: ...ation key number number The NTP authentication key ID number Range 1 65535 md5 Specifies that authentication is provided by using the message digest algorithm 5 key An MD5 authentication key string The key string can be up to 32 case sensitive printable ASCII characters no spaces Default Setting None Command Mode Global Configuration Command Usage The key number specifies a key value in the NTP au...

Страница 452: ...e config Console show ntp Current Time Jan 1 02 02 11 2001 Polling 1024 seconds Current Mode unicast NTP Status Disabled NTP Authenticate Status Disabled Last Update NTP Server 0 0 0 0 Port 0 Last Update Time Dec 31 00 00 00 2000 UTC NTP Server 192 168 3 20 version 3 NTP Server 192 168 3 21 version 3 NTP Server 192 168 3 22 version 2 NTP Server 192 168 4 50 version 3 key 30 NTP Server 192 168 5 35...

Страница 453: ...cal time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Related Commands show sntp 4 70 clock timezone This command sets the time zone for t...

Страница 454: ...hour e minute offset no clock summer time name Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters b month The month when summer time will begin Options january february march april may june july august september october november december b day The day summer time will begin Options sunday monday tuesday wednesday thursday friday saturday b year The year s...

Страница 455: ...gured time zone To specify a time corresponding to your local time when summer time is in effect you must indicate the number of minutes your summer time time zone deviates from your regular time zone Example Related Commands show sntp 4 70 clock summer time predefined This command configures the summer time daylight savings time status and settings for the switch using predefined configurations f...

Страница 456: ...witch on a recurring basis Use the no form to disable summer time Syntax clock summer time name recurring b week b day b month b hour b minute e week e day e month e hour e minute offset no clock summer time name Name of the timezone while summer time is in effect usually an acronym Range 1 30 characters b week The week of the month when summer time will begin Range 1 5 b day The day of the week w...

Страница 457: ...r time zone in minutes Range 0 99 minutes Default Setting Disabled Command Mode Global Configuration Command Usage In some countries or regions clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less This is known as Summer Time or Daylight Savings Time DST Typically clocks are adjusted forward one hour at the start of spring and then adjusted bac...

Страница 458: ... format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console calendar...

Страница 459: ... by the administrator through the management station Note Cluster Member switches can be managed either through a Telnet connection to the Commander or through a web management connection to the Commander When using a console connection from the Commander CLI prompt use the rcommand see page 4 84 to connect to the Member switch This command enables clustering on the switch Use the no form to disab...

Страница 460: ...itch clusters are maintained across power resets and network changes Example This command enables the switch as a cluster Commander Use the no form to disable the switch as cluster Commander Syntax no cluster commander Default Setting Disabled Command Mode Global Configuration Command Usage Once a switch has been configured to be a cluster Commander it automatically discovers other cluster enabled...

Страница 461: ... 1 and 36 Set a Cluster IP Pool that does not conflict with addresses in the network IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander You cannot change the cluster IP pool when the switch is currently in Commander mode Commander mode must first be disabled Example This command configures a Cand...

Страница 462: ... Commander switch Managing cluster Members using the local console CLI on the Commander is not supported There is no need to enter the username and password for access to the Member switch CLI Example This command shows the switch clustering configuration Command Mode Privileged Exec Example Console config cluster member mac address 00 12 34 56 78 9a id 5 Console config Vty 0 rcommand id 1 CLI ses...

Страница 463: ... compliant device When discovered by a host device basic information about this switch can be displayed and the web management interface accessed Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 12 cf 23 49 c0 Description 24 48 L2 L4 IPV4 IPV6 GE Switch Console Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE ...

Страница 464: ...nabled on the device Related Commands upnp device ttl 4 86 upnp device advertise duration 4 87 This command sets the time to live TTL value for sending of UPnP messages from the device Syntax upnp device ttl value value The number of router hops a UPnP packet can travel before it is discarded Range 1 255 Default Setting 4 Command Mode Global Configuration Command Usage UPnP devices and control poi...

Страница 465: ...Default Setting 100 seconds Command Mode Global Configuration Example In the following example the device advertise duration is set to 200 seconds Related Commands upnp device ttl 4 86 This command displays the UPnP management status and time out settings Command Mode Privileged Exec Example Console config upnp device ttl 6 Console config Console config upnp device advertise duration 200 Console c...

Страница 466: ...P Commands snmp server Enables the SNMP agent GC 4 89 show snmp Displays the status of SNMP communications NE PE 4 90 snmp server community Sets up the community access string to permit access to SNMP commands GC 4 91 snmp server contact Sets the system contact string GC 4 91 snmp server location Sets the system location string GC 4 92 SNMP Target Host Commands snmp server host Specifies the recip...

Страница 467: ...multicast traffic falls beneath the lower threshold after a storm control response has been triggered IC Port 4 244 snmp server enable port traps atc broadcast control apply Sends a trap when broadcast traffic exceeds the upper threshold for automatic storm control and the apply timer expires IC Port 4 244 snmp server enable port traps atc multicast control apply Sends a trap when multicast traffi...

Страница 468: ...ple Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get r...

Страница 469: ...ions are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Example This command sets the system contact string Use the no form to remove the system contact ...

Страница 470: ...form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 4 91 Console config snmp server location WC 19 Console config ...

Страница 471: ... like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP Version 1 2c or 3 traps Ran...

Страница 472: ...rget host that will receive inform messages with the snmp server host command as described in this section 4 Create a view with the required notification messages page 4 97 5 Create a group that includes the required notify view page 4 99 To send an inform to a SNMPv3 host complete these steps 1 Enable the SNMP agent page 4 89 2 Allow the switch to send SNMP traps i e notifications page 4 95 3 Spe...

Страница 473: ...ast one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the snmp server host command Use the snmp server host command to specify which host or ...

Страница 474: ...ting and encrypting SNMPv3 packets A remote engine ID is required when using SNMPv3 informs See snmp server host on page 4 93 The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent Y...

Страница 475: ... OID string Refer to the examples included Defines an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode Global Configuration Console show snmp engine id Local SNMP engineID 8000002a8000000000e8666672 Local SNMP engineBoots 1 Remote SNMP engineID IP address 80000000030004e2b316c54321 192 168 1 19 Console Table 4 22 show s...

Страница 476: ...eged Exec Example Console config snmp server view mib 2 1 3 6 1 2 1 included Console config Console config snmp server view ifEntry 2 1 3 6 1 2 1 2 2 1 2 included Console config Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name d...

Страница 477: ...write access 1 64 characters notifyview Defines the view for notifications 1 64 characters Default Setting Default groups public22 read only private23 read write readview Every object belonging to the Internet OID space 1 3 6 1 writeview Nothing is defined notifyview Nothing is defined Command Mode Global Configuration Command Usage A group sets the access policy for the assigned users When authen...

Страница 478: ...us active Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row St...

Страница 479: ... 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password A minimum of eight characters is required priv des56 Uses SNMPv3 with privacy with DES56 encryption priv password Privacy password En...

Страница 480: ...remote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it Example show snmp user This command shows information on SNMP users Command Mode Privileged Exec Example Console config snm...

Страница 481: ...atus The row status of this entry SNMP remote user A user associated with an SNMP engine on a remote device Table 4 26 sFlow Commands Command Function Mode Page sflow Enables sFlow globally for the switch GC 4 104 sflow source Due to the switch s hardware design these commands can only be enabled for specific port groups 1 8 9 16 17 24 25 32 33 48 However sampling for each of the Gigabit combinati...

Страница 482: ...Flow on the specified ports Syntax no sflow source Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The 100BASE TX ports are organized into groups of 8 based on a restriction in the switch ASIC 1 8 9 16 17 24 25 32 33 48 Selecting any port in one of these groups effectively configures all of the group members as an sFlow source port However the four Gigabit port...

Страница 483: ...nfigures the interval at which counters are added to the sample datagram Use the no form to restore the default polling interval Syntax sflow polling interval seconds no sflow polling interval seconds The interval at which the sFlow process adds counter values to the sample datagram Range 0 10000000 seconds where 0 disables this feature Default Setting Disabled Command Mode Interface Configuration...

Страница 484: ... port parameters Use the no form to restore the default time out Syntax sflow timeout seconds no sflow timeout seconds The length of time the sFlow process continuously sends samples to the Collector before resetting all sFlow port parameters Range 0 10000000 seconds where 0 indicates no time out Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The sFlow paramet...

Страница 485: ...t 6343 Command Mode Interface Configuration Ethernet Example This example configures the Collector s IP address and uses the default UDP port This command configures the maximum size of the sFlow datagram header Use the no form to restore the default setting Syntax sflow max header size max header size no max header size max header size The maximum size of the sFlow datagram header Range 64 256 by...

Страница 486: ...es Default Setting 1400 bytes Command Mode Interface Configuration Ethernet Example This command shows the global and interface settings for the sFlow process Syntax show sflow interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 Command Mode Privileged Exec Console config interface ethernet 1 9 Console config if sflow max header size 256 Console ...

Страница 487: ...on Commands Command Group Function Page User Accounts Configures the basic user names and passwords for management access 4 110 Authentication Sequence Defines logon authentication method and precedence 4 114 RADIUS Client Configures settings for authentication via a RADIUS server 4 116 TACACS Client Configures settings for authentication via a TACACS server 4 120 AAA Configures authentication aut...

Страница 488: ...anager 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 8 characters plain text 32 encrypted case sensitive Default Setting The default access level is Normal Exec The factory defaults for the user names and passwords are Table 4 28 User Acces...

Страница 489: ...ser After initially logging onto the system you should set the Privileged Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Privileged Exec Levels 0 14 are not use...

Страница 490: ...ommands under the specified command level level Specifies the privilege level for the specified command This device has three predefined privilege levels 0 Normal Exec 8 Manager 15 Privileged Exec Range 0 15 command Specifies any command contained within the specified mode Default Setting Privilege level 0 provides access to a limited number of the commands which display the current status of the ...

Страница 491: ...must therefore be used to correctly update these commands to the running config file Example This command shows the privilege level for the current user or the privilege level for commands modified by the privilege command see page 4 112 Syntax show privilege command command Displays the privilege level for all commands modified by the privilege command Command Mode Privileged Exec Example This ex...

Страница 492: ...cess request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication ...

Страница 493: ...e password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate...

Страница 494: ...r auth_port RADIUS server UDP port used for authentication messages Range 1 65535 acct_port RADIUS server UDP port used for accounting messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authentica...

Страница 495: ... Configuration Example This command sets the RADIUS server network port for authentication messages Use the no form to restore the default Syntax radius server auth port port_number no radius server auth port port_number RADIUS server UDP port used for authentication messages Range 1 65535 Default Setting 1812 Command Mode Global Configuration Example Console config radius server 1 host 192 168 1 ...

Страница 496: ...s Default Setting None Command Mode Global Configuration Example This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Co...

Страница 497: ...Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example Console config radius server timeout 10 Console config ...

Страница 498: ...figuration Global Settings Authentication Port 1812 Accounting Port 1813 Retransmit Times 2 Request Timeout 5 seconds Attributes NAS IP Address 4 192 168 1 1 Server 1 Server IP Address 10 1 2 3 Authentication Port 1812 Accounting Port 1813 Retransmit Times 2 Request Timeout 5 seconds Radius server group Group Name Member Index radius 1 Console Table 4 32 TACACS Commands Command Function Mode Page ...

Страница 499: ... 540 seconds retransmit Number of times the switch will resend an authentication request to the TACACS server Range 1 30 key Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting port 49 timeout 5 seconds retransmit 2 Command Mode Global Configuration Example tacacs server port This command specifies the TACAC...

Страница 500: ...ommand Mode Global Configuration Example tacacs server retransmit This command sets the number of retries Use the no form to restore the default Syntax tacacs server retransmit number_of_retries no tacacs server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example C...

Страница 501: ...mand Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console config tacacs server timeout 10 Console config Console show tacacs server Remote TACACS server configuration Global Settings Communication Key with TACACS Server Server Port Number 49 Retransmit Times 2 Request ...

Страница 502: ...ver Groups security servers in to defined lists GC 4 124 server Configures the IP address of a server in a group list SG 4 125 aaa accounting dot1x Enables accounting of 802 1X services GC 4 126 aaa accounting exec Enables accounting of Exec services GC 4 127 aaa accounting commands Enables accounting of Exec mode commands GC 4 128 aaa accounting update Enables periodoc updates to be sent to the a...

Страница 503: ...tting None Command Mode Server Group Configuration Command Usage When specifying the index for a RADIUS server that server index must already be defined by the radius server host command see page 4 116 When specifying the index for a TACACS server that server index must already be defined by the tacacs server host command see page 4 121 Example Console config aaa group server radius tps Console co...

Страница 504: ... use radius Specifies all RADIUS hosts configure with the radius server host command described on page 4 116 tacacs Specifies all TACACS hosts configure with the tacacs server host command described on page 4 121 server group Specifies the name of a server group configured with the aaa group server command described on 4 124 Range 1 255 characters Default Setting Accounting is not enabled No serve...

Страница 505: ...h the radius server host command described on page 4 116 tacacs Specifies all TACACS hosts configure with the tacacs server host command described on page 4 121 server group Specifies the name of a server group configured with the aaa group server command described on 4 124 Range 1 255 characters Default Setting Accounting is not enabled No servers are specified Command Mode Global Configuration C...

Страница 506: ... point group Specifies the server group to use tacacs Specifies all TACACS hosts configure with the tacacs server host command described on page 4 121 server group Specifies the name of a server group configured with the aaa group server command described on 4 124 Range 1 255 characters Default Setting Accounting is not enabled No servers are specified Command Mode Global Configuration Command Usa...

Страница 507: ...accounting records for all users on the system Using the command without specifying an interim interval enables updates but does not change the current interval setting Example accounting dot1x This command applies an accounting method for 802 1X service requests on an interface Use the no form to disable accounting on the interface Syntax accounting dot1x default list name no accounting dot1x def...

Страница 508: ...n accounting method to entered CLI commands Use the no form to disable accounting for entered CLI commands Syntax accounting commands level default list name no accounting commands level level The privilege level for executing commands Range 0 15 default Specifies the default method list created with the aaa accounting commands command page 4 128 list name Specifies a method list created with the ...

Страница 509: ... 4 121 server group Specifies the name of a server group configured with the aaa group server command described on 4 124 Range 1 255 characters Default Setting Authorization is not enabled No servers are specified Command Mode Global Configuration Command Usage This command performs authorization to determine if a user is allowed to run an Exec shell AAA authentication must be enabled before autho...

Страница 510: ...settings per function and per port Syntax show accounting commands level dot1x statistics username user name interface interface exec statistics statistics commands Displays command accounting information level Displays command accounting information for a specifiable command level dot1x Displays dot1x accounting information exec Displays Exec accounting records statistics Displays accounting reco...

Страница 511: ...lt Setting 80 Command Mode Global Configuration Console show accounting Accounting type dot1x Method list default Group list radius Interface Method list tps Group list radius Interface eth 1 2 Accounting type Exec Method list default Group list radius Interface vty Console Table 4 34 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser inter...

Страница 512: ...HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HTTPS service can be enabled independently on the switch However you cannot configure the HTTP and HTTPS servers to use ...

Страница 513: ...t Secure site Certificate on page 3 89 Also refer to the copy command on page 4 37 Example Related Commands ip http secure port 4 135 copy tftp https certificate 4 37 ip http secure port This command specifies the UDP port number used for HTTPS connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_num...

Страница 514: ...by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port used by the Telnet interface port number The TCP port number to be used by the browser interface Range 1 65535 Default Setting Server Enabled Server Port 23 Command Mo...

Страница 515: ...d to create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Table 4 37 SSH Commands Command Function Mode Page ip ssh server Enables the SSH server on the switch GC 4 139 ip ssh timeout Specifies the authentication timeout for the SSH server GC 4 140 ip ssh auth...

Страница 516: ...1781943722884025331159521348610229029789827213532671 31629432532818915045306393916643 steve 192 168 1 19 4 Set the Optional Parameters Set other optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the ip ssh server command to enable the SSH server on the switch 6 Authentication One of the following authentication methods i...

Страница 517: ...ther the supplied key is acceptable for authentication and if so it then checks whether the signature is correct If both checks succeed the client is authenticated Note The SSH server supports up to four client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions ip ssh server This command enables the Secure Shell SSH server on this switch Use the n...

Страница 518: ... wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty sessions Example Related Commands exec timeout 4 48 show ip ssh 4 143 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to ...

Страница 519: ...Configuration Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command deletes the specified user s public key Syntax delete public key username dsa rsa username Name of an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Sett...

Страница 520: ... key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example Relat...

Страница 521: ...y generate 4 142 ip ssh save host key 4 143 no ip ssh server 4 139 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key dsa rsa dsa DSA key type rsa RSA key type Default Setting Saves both the DSA and RSA key Command Mode Privileged Exec Example Related Commands ip ssh crypto host key generate 4 142 show ip ssh This command displays the connection s...

Страница 522: ...hentication Started Session Started Username The user name of the client Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish...

Страница 523: ...ing is the encoded modulus Example Console show public key host Host RSA 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868 5443583616519999233297817660658309586108259132128902337654680172627257141 3428762941301196195566782595664104869574278881462065194174677298486546861 5717739390164779355942303577413098022737087794545240839717526463580581767 16709574804776117 DSA s...

Страница 524: ... identity packet to the client before it times out the authentication session IC 4 147 dot1x port control Sets dot1x mode for a port interface IC 4 147 dot1x operation mode Allows single or multiple hosts on an dot1x port IC 4 148 dot1x re authenticate Forces re authentication on specific ports PE 4 149 dot1x re authentication Enables re authentication for all ports IC 4 149 dot1x timeout quiet pe...

Страница 525: ...and Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected client to be authorized by the RADIUS server Clients that are not dot1x aware will be denied access force authorized Conf...

Страница 526: ...Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by the dot1x port control command page 4 147 In multi host mode only one host connected to a port needs ...

Страница 527: ...N see dot1x intrusion action on page 4 152 Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Command Usage The re authentication process verifies the connected client s user ID and password on the RADIUS server During re authentica...

Страница 528: ...535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Use the no form of this command to reset the default Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface...

Страница 529: ...ration Example dot1x timeout supp timeout This command sets the time that an interface on the switch waits for a response to an EAP request from a client before re transmitting an EAP packet Use the no form to reset to the default value Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout seconds The number of seconds Range 1 65535 Default 30 seconds Command Mode Interface Confi...

Страница 530: ...sion action This command sets the port s response to a failed authentication either to block all traffic or to assign all traffic for the port to a guest VLAN Use the no form to reset the default Syntax dot1x intrusion action block traffic guest vlan no dot1x intrusion action Default block traffic Command Mode Interface Configuration Command Usage For guest VLAN assignment to be successful the VLA...

Страница 531: ...mode page 4 147 Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items reauth enabled Periodic re authentication page 4 149 reauth period Time after which a connected client must be re authenticated page 4 150 quiet period Time a port waits after Max Request Count is exceeded before ...

Страница 532: ...AN if authentication fails Authenticator State Machine State Current state including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request...

Страница 533: ...02 1X is disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authorized Operation mode Single Host Max count 5 Port control Auto Supplicant 00 12 cf 49 5e dc Current Identifier 3 Intrusion action Guest VLAN Authenticator State Machine State Authenticated Reauth...

Страница 534: ...gement interface on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the...

Страница 535: ...nmp client Adds IP address es to the SNMP group telnet client Adds IP address es to the Telnet group Command Mode Privileged Exec Example Console config management all client 192 168 1 19 Console config management all client 192 168 1 25 192 168 1 30 Console config Console show management all client Management IP Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 ...

Страница 536: ...322 Port Security The priority of execution for these filtering commands is Port Security Port Authentication Network Access Web Authentication Access Control Lists DHCP Snooping and then IP Source Guard Configures secure addresses for a port 4 159 Port Authentication Configures host authentication on specific ports using 802 1X 4 146 Network Access Configures MAC authentication and dynamic VLAN a...

Страница 537: ...e the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to a security violation or for the maximum number of allowed addresses Syntax port security action shutdown trap trap and shutdown max mac count address count no port security action max mac count action Response to take when port security is viola...

Страница 538: ... number of addresses allowed on a port You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot be connected to a network interconnection device Cannot be a trunk port If a port is disabled due to a security violation it must be manually re enabled using the no shutdown command Example The following example enables por...

Страница 539: ...C 4 165 mac authentication max mac count Sets a maximum number for mac authentication authenticated MAC addresses on an interface IC 4 166 mac authentication intrusion action Determines the port response when a connected host fails MAC authentication IC 4 166 network access dynamic vlan Enables dynamic VLAN assignment from a RADIUS server IC 4 167 network access guest vlan Specifies the guest VLAN...

Страница 540: ...me command page 4 272 The maximum number of secure MAC addresses supported for the switch system is 1024 Example Use this command to add a MAC address into a filter table Use the no form of this command to remove the specified MAC address Syntax no network access mac filter filter id mac address mac address mask mask address filter id Specifies a MAC address filter table Range 1 64 mac address Spe...

Страница 541: ...rk access port mac filter filter id no network access port mac filter filter id Specifies a MAC address filter table Range 1 64 Default Setting None Command Mode Interface Configuration Command Mode Only one filter table can be assigned to a port Example Use this command to set the maximum number of MAC addresses that can be authenticated on a port interface via all forms of authentication Use the...

Страница 542: ...to a configured RADIUS server The username and password are both equal to the MAC address being authenticated On the RADIUS server PAP username and passwords must be configured in the MAC address format XX XX XX XX XX XX all in upper case Authenticated MAC addresses are stored as dynamic entries in the switch s secure MAC address table and are removed when the aging time expires The maximum number...

Страница 543: ...he time period after which a connected MAC address must be re authenticated Use the no form of this command to restore the default value Syntax mac authentication reauth time seconds no mac authentication reauth time seconds The reauthentication time period Range 120 1000000 seconds Default Setting 1800 Command Mode Global Configuration Command Usage The reauthentication time is a global setting a...

Страница 544: ...set the maximum number of MAC addresses that can be authenticated on a port via 802 1X authentication or MAC authentication Use the no form of this command to restore the default Syntax mac authentication max mac count count no mac authentication max mac count count The maximum number of 802 1X and MAC authenticated MAC addresses allowed Range 1 1024 Default Setting 1024 Command Mode Interface Con...

Страница 545: ...tion or they are treated as authentication failures If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still treated as a success When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table Example The following example enables dynamic VLAN assignment on...

Страница 546: ... can be configured on the RADIUS server to pass the following QoS information When the last user logs off of a port with a dynamic QoS assignment the switch restores the original QoS configuration for the port When a user attempts to log into the network with a returned dynamic QoS profile that is different from users already logged on to the same port the user is denied access While a port has an...

Страница 547: ...ode Interface Configuration Example Use this command to detect link down events When detected the switch can shut down the port send an SNMP trap or both Use the no form of this command to disable this feature Syntax network access link detection link down action shutdown trap trap and shutdown no network access link detection Default Setting Disabled Command Mode Interface Configuration Console c...

Страница 548: ...the switch can shut down the port send an SNMP trap or both Use the no form of this command to disable this feature Syntax network access link detection link up down action shutdown trap trap and shutdown no network access link detection Default Setting Disabled Command Mode Interface Configuration Example Console config interface ethernet 1 1 Console config if network access link detection link d...

Страница 549: ...erface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 52 Default Setting None Command Mode Privileged Exec Example Use this command to display the MAC authentication settings for port interfaces Syntax show network access interface interface interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 52 Defa...

Страница 550: ...sort Sorts displayed entries by either MAC address or interface Default Setting Displays all entries Command Mode Privileged Exec Command Usage When using a bit mask to filter displayed MAC addresses a 1 means care and a 0 means don t care For example a MAC of 00 00 01 02 03 04 and mask FF FF FF 00 00 00 would result in all MACs in the range 00 00 01 00 00 00 to 00 00 01 FF FF FF to be displayed A...

Страница 551: ...Mode Privileged Exec Example Console show network access mac address table Port MAC Address RADIUS Server Attribute Time 1 1 00 00 01 02 03 04 172 155 120 17 Static 00d06h32m50s 1 1 00 00 01 02 03 05 172 155 120 17 Dynamic 00d06h33m20s 1 1 00 00 01 02 03 06 172 155 120 17 Static 00d06h35m10s 1 3 00 00 01 02 03 07 172 155 120 17 Dynamic 00d06h34m20s Console Console sh network access mac filter Filt...

Страница 552: ...pts until the quiet time expires Use the no form to restore the default Syntax web auth login attempts count no web auth login attempts count The limit of allowed failed login attempts Range 1 3 Table 4 45 Web Authentication Command Function Mode Page web auth login attempts Defines the limit for failed web authentication login attempts GC 4 174 web auth quiet period Defines the amount of time to ...

Страница 553: ...e 1 180 seconds Default Setting 60 seconds Command Mode Global Configuration Example This command defines the amount of time a web authentication session remains valid When the session timeout has been reached the host is logged off and must re authenticate itself the next time data transmission takes place Use the no form to restore the default Syntax web auth session timeout timeout no web auth ...

Страница 554: ...ust be enabled for the web authentication feature to be active Example This command enables web authentication for an interface Use the no form to restore the default Syntax no web auth Default Setting Disabled Command Mode Interface Configuration Command Usage Both web auth system auth control for the switch and web auth for a port must be enabled for the web authentication feature to be active E...

Страница 555: ...mple IP This command ends the web authentication session associated with the designated IP address and forces the user to re authenticate Syntax web auth re authenticate interface interface ip interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 52 ip IPv4 formatted IP address Default Setting None Command Mode Privileged Exec Example Console web a...

Страница 556: ...pecifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 52 Command Mode Privileged Exec Example Console show web auth Global Web Auth Parameters System Auth Control Enabled Session Timeout 3600 Quiet Period 60 Max Login Attempts 3 Console Console show web auth interface ethernet 1 2 Web Auth Status Enabled Host Summary IP address Web Auth State Remaining Sessio...

Страница 557: ...lly GC 4 180 ip dhcp snooping vlan Enables DHCP snooping on the specified VLAN GC 4 181 ip dhcp snooping trust Configures the specified interface as trusted IC 4 182 ip dhcp snooping verify mac address Verifies the client s hardware address stored in the DHCP packet against the source MAC address in the Ethernet header GC 4 183 ip dhcp snooping information option Enables or disables DHCP Option 82...

Страница 558: ...P snooping is enabled the rate limit for the number of DHCP messages that can be processed by the switch is 100 packets per second Any DHCP packets in excess of this limit are dropped Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received al...

Страница 559: ...lient request to the DHCP server must be configured as trusted ip dhcp snooping trust page 4 182 Note that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any packets receiv...

Страница 560: ... no ip dhcp snooping trust Default Setting All interfaces are untrusted Command Mode Interface Configuration Ethernet Port Channel Command Usage A trusted interface is an interface that is configured to receive only messages from within the network An untrusted interface is an interface that is configured to receive messages from outside the network or fire wall Set all ports connected to DHCP ser...

Страница 561: ...ed in the DHCP packet against the source MAC address in the Ethernet header Use the no form to disable this function Syntax no ip dhcp snooping verify mac address Default Setting Enabled Command Mode Global Configuration Command Usage If MAC address verification is enabled and the source MAC address in the Ethernet header of the packet is not same as the client s hardware address in the DHCP packe...

Страница 562: ... the requesting client or an intermediate relay agent that has used the information fields to describe itself can be identified in the DHCP request packets forwarded by the switch and in reply packets sent back from the DHCP server by the switch port to which they are connected rather than just their MAC address DHCP client server exchange messages are then forwarded directly between the server an...

Страница 563: ...efault Setting replace Command Mode Global Configuration Command Usage When the switch receives DHCP packets from clients that already include DHCP Option 82 information the switch can be configured to set the action policy for these packets The switch can drop the DHCP packets keep the existing information or replace it with the switch s relay information Example This command writes all dynamical...

Страница 564: ...ation settings Command Mode Privileged Exec Example This command shows the DHCP snooping binding table entries Command Mode Privileged Exec Example DHCP Snooping Information Option Status disable DHCP Snooping Information Policy replace Eth 1 5 Yes Console show ip dhcp snooping binding MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console ...

Страница 565: ...ode Interface Configuration Ethernet Command Usage Source guard is used to filter traffic on an insecure port which receives messages from outside the network or fire wall and therefore may be subject to traffic attacks caused by a host trying to use the IP address of a neighbor Setting source guard mode to sip or sip mac enables this function on the selected port Use the sip option to check the V...

Страница 566: ... snooping is disabled see page 4 180 IP source guard will check the VLAN ID source IP address port number and source MAC address for the sip mac option If a matching entry is found in the binding table and the entry type is static IP source guard binding the packet will be forwarded If the DHCP snooping is enabled IP source guard will check the VLAN ID source IP address port number and source MAC ...

Страница 567: ...cated with a value of zero by the show ip source guard command page 4 190 When source guard is enabled traffic is filtered based upon dynamic entries learned via DHCP snooping or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using t...

Страница 568: ...snooping static dhcp snooping Shows dynamic entries configured with DHCP Snooping commands see page 4 179 static Shows static entries configured with the ip source guard binding command see page 4 189 Command Mode Privileged Exec Example Console show ip source guard Interface Filter type Eth 1 1 DISABLED Eth 1 2 DISABLED Eth 1 3 DISABLED Eth 1 4 DISABLED Eth 1 5 SIP Eth 1 6 DISABLED Console show i...

Страница 569: ...bally on the switch GC 4 191 ip arp inspection vlan Enables ARP Inspection for a specified VLAN or range of VLANs GC 4 192 ip arp inspection filter Specifies an ARP ACL to apply to one or more VLANs GC 4 193 ip arp inspection validate Specifies additional validation of address components in an ARP packet GC 4 194 ip arp inspection log buffer logs Sets the maximum number of entries saved in a log m...

Страница 570: ...nd then re enabling global ARP Inspection will not affect the ARP Inspection configuration for any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration changes will only become active after ARP Inspection is globally enabled again Example This command enables ARP Inspection for a specified VLAN or range of VLANs Us...

Страница 571: ...mand specifies an ARP ACL to apply to one or more VLANs Use the no form to remove an ACL binding Syntax ip arp inspection filter arp acl name vlan vlan id vlan range static arp acl name Name of an ARP ACL Maximum length 16 characters vlan id VLAN ID Range 1 4094 vlan range A consecutive range of VLANs indicated by the use a hyphen or a random group of VLANs with each entry separated by a comma sta...

Страница 572: ... as invalid and are dropped ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are checked in all ARP requests and responses while target IP addresses are checked only in ARP responses src mac Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body Th...

Страница 573: ...ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VLAN the port number the source and destination IP addresses and the source and destination MAC addresses If multiple identical invalid ARP packets are received consecutively on the same VLAN then the logging facility will only generat...

Страница 574: ...mit for the ARP packets received on a port Use the no form to restore the default setting Syntax ip arp inspection limit rate pps none no ip arp inspection limit pps The maximum number of ARP packets that can be processed by the CPU per second Range 0 2048 where 0 means that no ARP packets can be forwarded none There is no limit on the number of ARP packets that can be processed by the CPU Default...

Страница 575: ...number Range 1 28 52 Command Mode Privileged Exec Example Console config interface ethernet 1 1 Console config if ip arp inspection limit 150 Console config if Console show ip arp inspection configuration ARP inspection global information Global IP ARP Inspection status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination M...

Страница 576: ...andom group of VLANs with each entry separated by a comma Command Mode Privileged Exec Example This command shows information about entries stored in the log including the associated VLAN port and address components Command Mode Privileged Exec Example Console show ip arp inspection vlan 1 VLAN ID DAI Status ACL Name ACL Status 1 disabled sales static Console Console show ip arp inspection log Tot...

Страница 577: ... show ip arp inspection statistics ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0 ARP packets dropped by additional validation destination MAC address 0 ARP packets dropped by additional validation IP address 0 ARP packets dropped by ARP ACLs 0 ARP ...

Страница 578: ... following features are not supported When the rule mode is changed the change must be saved in the startup configuration file and the switch rebooted for the new mode to take effect When using extended rule mode each rule used in an ACL occupies the space of two standard rules Table 4 50 IPv4 ACL Commands Command Function Mode Page access list rule mode Permits only extended rules or permits both...

Страница 579: ... remove the specified ACL Syntax no access list ip standard extended acl_name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the source or destination IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters no spaces Default Setting None Command Mode Global Configuration...

Страница 580: ...Standard IPv4 ACL Command Usage New rules are appended to the end of the list Address bitmasks are similar to a subnet mask containing four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the p...

Страница 581: ...port bitmask destination port dport port bitmask control flag control flags flag bitmask protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address precedence IP precedence level Range 0 7 tos Type of Service level Range 0 15 d...

Страница 582: ...he following bits may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer For example use the code value and mask below to catch packets with the following flags set SYN flag valid use control code 2 2 Both SYN and ACK valid use control code 18 18 SYN valid and ACK invalid use control code 2 18 Example This example accepts any incoming pa...

Страница 583: ... Exec Example Related Commands permit deny 4 202 ip access group 4 205 This command binds a port to an IPv4 ACL Use the no form to remove the port Syntax no ip access group acl_name in acl_name Name of the ACL Maximum length 16 characters no spaces in Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only...

Страница 584: ...r more ports Console config int eth 1 25 Console config if ip access group david in Console config if Console show ip access group Interface ethernet 1 25 IP access list david in Console Table 4 51 IPv6 ACL Commands Command Function Mode Page access list ipv6 Creates an IPv6 ACL and enters configuration mode for standard or extended IPv6 ACLs GC 4 207 permit deny Filters packets matching a specifi...

Страница 585: ...ress and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no per...

Страница 586: ...dress to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address host Keyword followed by a specific IP address Default Setting None Command Mode Standard IPv6 ACL Command Usage New rules are appended to the end of the list...

Страница 587: ...3 flow label A label for packets belonging to a particular traffic flow for which the sender requests special handling by IPv6 routers such as non default quality of service or real time service see RFC 2460 Range 0 16777215 next header Identifies the type of header immediately following the IPv6 header Range 0 255 Default Setting None Command Mode Extended IPv6 ACL Command Usage All new rules are...

Страница 588: ...1700 17 UDP Upper layer Header RFC 1700 43 Routing RFC 2460 44 Fragment RFC 2460 51 Authentication RFC 2402 50 Encapsulating Security Payload RFC 2406 60 Destination Options RFC 2460 Example This example accepts any incoming packets if the destination address is 2009 DB9 2229 79 48 This allows packets to any destination address when the DSCP value is 5 This allows any packets sent to the destinati...

Страница 589: ...Indicates that this list applies to ingress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one IPv6 ACLs can only be applied to ingress packets Example Related Commands show ipv6 access list 4 210 ...

Страница 590: ...the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a ...

Страница 591: ...e mac source mac mac address bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmask any host destination mac destination mac mac address bitmask log source ip Source IP address destination ip Destination IP address with bitmask ip address bitmask25 IPv4 n...

Страница 592: ...This command displays the rules for configured ARP ACLs Syntax show arp access list acl_name acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 213 Console config arp acl permit response ip any 192 168 0 0 255 255 0 0 mac any any Console config mac acl Console show arp access list ARP access list factory permit response ip any ...

Страница 593: ...ny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 216 mac access group 4 218 show mac access list 4 217 Table 4 53 MAC ACL Commands Command Function M...

Страница 594: ...t destination destination address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask cos cos cos bitmask vid vid vid bitmask no permit deny untagged 802 3 any host source source address bitmask any host destination destination address bitmask tagged eth2 Tagged Ethernet II packets untagged ...

Страница 595: ... of Ethernet protocol types can be found in RFC 1060 A few of the more common types include the following 0800 IP 0806 ARP 8137 IPX Example This rule permits packets from any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 4 215 This command displays the rules for configured MAC ACLs Syntax show mac access list acl_na...

Страница 596: ...ess packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show mac access list 4 217 This command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example Rel...

Страница 597: ... 219 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 16 0 255 255 240 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 IP access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list...

Страница 598: ...selected for combination ports IC 4 226 giga phy mode Forces two connected ports in to a master slave configuration to enable 1000BASE T full duplex IC 4 226 shutdown Disables an interface IC 4 227 switchport packet rate Enabling hardware level storm control with this command on a port will disable software level automatic storm control on the same port if configured by the auto traffic control co...

Страница 599: ...e 1 8 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds a description to an interface Use the no form to remove the description Syntax description string no description string Comment or a description to help you remember what is attached to this interface Range 1 64 characters Defau...

Страница 600: ...iation is enabled by default When auto negotiation is disabled the default speed duplex setting for both 100BASE TX and Gigabit Ethernet ports is 100full Command Mode Interface Configuration Ethernet Port Channel Command Usage The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or trunk If not used the succe...

Страница 601: ... Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If autonegotiation is disabled auto MDI MDI X pin signal configuration will also be disabled for the RJ 45 ports Example The following example c...

Страница 602: ...ecified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full SFP 1000full Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled with the ne...

Страница 603: ...trol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connec...

Страница 604: ... 28 49 52 Example This forces the switch to use the built in RJ 45 port for the combination port 25 giga phy mode This command forces two connected ports in to a master slave configuration to enable 1000BASE T full duplex for Gigabit ports 25 28 SMC6128PL2 and 49 52 SMC6152PL2 Use the no form to restore the default mode Syntax giga phy mode mode no giga phy mode mode master Sets the selected port ...

Страница 605: ...s feature auto negotiation must first be disabled and the Speed Duplex attribute set to 1000full Then select compatible Giga PHY modes at both ends of the link Note that using one of the preferred modes ensures that the ports at both ends of a link will eventually cooperate to establish a valid master slave relationship Example This forces the switch port to master mode on port 24 shutdown This co...

Страница 606: ... threshold specified for broadcast and multicast or unknown unicast traffic packets exceeding the threshold are dropped until the rate falls back down beneath the threshold Due to an ASIC chip limitation the supported storm control modes include broadcast broadcast multicast broadcast multicast unknown unicast This means that when multicast storm control is enabled broadcast storm control is also ...

Страница 607: ...vileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following example clears statistics on port 5 show inte...

Страница 608: ...ec Privileged Exec Command Usage If no interface is specified information on all interfaces is displayed For a description of the items displayed by this command see paratext on page 3 155 Console show interfaces brief Console sh interfaces brief Interface Name Status PVID Pri Speed Duplex Type Trunk Eth 1 1 Up 1 0 Auto 100full 100TX None Eth 1 2 Down 1 0 Auto 100TX None Eth 1 3 Down 1 0 Auto 100T...

Страница 609: ...00 12 CF 12 34 57 Configuration Name Port Admin Up Speed duplex 100full Capabilities 100full Broadcast Storm Enabled Broadcast Storm Limit 64 Kbits second Multicast Storm Disabled Multicast Storm Limit 64 Kbits second UnknownUnicast Storm Disabled UnknownUnicast Storm Limit 64 Kbits second Flow Control Disabled VLAN Trunking Disabled LACP Disabled Port Security Disabled Max MAC Count 0 Port Securi...

Страница 610: ...Input 0 Discard Output 0 Error Input 0 Error Output 0 Unknown Protos Input 0 QLen Output 0 Extended Iftable Stats Multi cast Input 4642 Multi cast Output 4921 Broadcast Input 258 Broadcast Output 6 Ether like Stats Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal Mac Tr...

Страница 611: ...rt Statistics Field Description Broadcast Threshold Shows if broadcast storm suppression is enabled or disabled if enabled it also shows the threshold level page 4 228 Multicast Threshold Shows if multicast storm suppression is enabled or disabled if enabled it also shows the threshold level page 4 228 Unknown unicast Threshold Shows if unknown unicast storm suppression is enabled or disabled if e...

Страница 612: ...el or 802 1Q Tunnel Uplink page 4 315 802 1Q tunnel TPID Shows the Tag Protocol Identifier used for learning and switching packets page 4 316 Table 4 57 ATC Commands Command Function Mode Page Threshold Commands auto traffic control apply timer Sets the time at which to apply the control response after ingress traffic has exceeded the upper threshold GC 4 237 auto traffic control release timer Set...

Страница 613: ...pires IC Port 4 244 snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper threshold for automatic storm control and the apply timer expires IC Port 4 245 snmp server enable port traps atc broadcast control release Sends a trap when broadcast traffic falls beneath the lower threshold after a storm control response has been triggered and the ...

Страница 614: ...en traffic exceeds the alarm fire threshold and the apply timer expires a traffic control response is applied and a Traffic Control Apply Trap is sent and logged Alarm Clear Threshold The lower threshold beneath which an control response can be automatically terminated after the release timer expires When ingress traffic falls below this threshold ATC sends a Storm Alarm Clear Trap and logs it Whe...

Страница 615: ...d Use the no form to restore the default setting Syntax auto traffic control broadcast multicast apply timer seconds no auto traffic control broadcast multicast apply timer broadcast Specifies automatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic seconds The interval after the upper threshold has been exceeded at which to apply the control ...

Страница 616: ...g 900 seconds Command Mode Global Configuration Command Usage The release timer only applies to a rate limiting control response set by the auto traffic control action command page 4 241 When a port has been shut down by a control response it must be manually re enabled by the no shutdown command page 4 227 Example This example sets the release timer to 800 seconds for all ports auto traffic contr...

Страница 617: ...t alarm fire threshold threshold no auto traffic control broadcast multicast alarm fire threshold broadcast Specifies automatic storm control for broadcast traffic multicast Specifies automatic storm control for multicast traffic threshold The upper threshold for ingress traffic beyond which a storm control response is triggered after the apply timer expires Range 1 255 kilo packets per second sec...

Страница 618: ... Usage Once the traffic rate falls beneath the lower threshold a trap message may be sent if configured by the snmp server enable port traps atc broadcast alarm clear command page 4 243 or snmp server enable port traps atc multicast alarm clear command page 4 244 If rate limiting has been configured as a control response it will discontinued after the traffic rate has fallen beneath the lower thre...

Страница 619: ...ed Default Setting rate control Command Mode Interface Configuration Ethernet Command Usage When the upper threshold is exceeded and the apply timer expires a control response will be triggered based on this command When the control response is set to rate limiting by this command the rate limits are determined by the auto traffic control alarm clear threshold command page 4 240 If the control res...

Страница 620: ...t can re enabled using this command or using the no shutdown command page 4 227 Example snmp server enable port traps atc broadcast alarm fire This command sends a trap when broadcast traffic exceeds the upper threshold for automatic storm control Use the no form to disable this trap Syntax no snmp server enable port traps atc broadcast alarm fire Default Setting Disabled Command Mode Interface Co...

Страница 621: ...cast alarm clear This command sends a trap when broadcast traffic falls beneath the lower threshold after a storm control response has been triggered Use the no form to disable this trap Syntax no snmp server enable port traps atc broadcast alarm clear Default Setting Disabled Command Mode Interface Configuration Ethernet Example Related Commands auto traffic control action 4 241 auto traffic cont...

Страница 622: ... port traps atc broadcast control apply This command sends a trap when broadcast traffic exceeds the upper threshold for automatic storm control and the apply timer expires Use the no form to disable this trap Syntax no snmp server enable port traps atc broadcast control apply Default Setting Disabled Command Mode Interface Configuration Ethernet Example Related Commands auto traffic control alarm...

Страница 623: ...ontrol apply timer 4 237 snmp server enable port traps atc broadcast control release This command sends a trap when broadcast traffic falls beneath the lower threshold after a storm control response has been triggered and the release timer expires Use the no form to disable this trap Syntax no snmp server enable port traps atc broadcast control release Default Setting Disabled Command Mode Interfa...

Страница 624: ...t control release Default Setting Disabled Command Mode Interface Configuration Ethernet Example Related Commands auto traffic control alarm clear threshold 4 240 auto traffic control action 4 241 auto traffic control release timer 4 238 show auto traffic control This command shows global configuration settings for automatic storm control Command Mode Privileged Exec Example Console config interfa...

Страница 625: ...ort Port number Range 1 28 52 Command Mode Privileged Exec Example Console show auto traffic control interface e 1 1 Eth 1 1 Information Storm Control Broadcast Multicast State Disabled Disabled Action rate control rate control Auto Release Control Disabled Disabled Alarm Fire Threshold Kpps 128 128 Alarm Clear Threshold Kpps 128 128 Trap Storm Fire Disabled Disabled Trap Storm Clear Disabled Disa...

Страница 626: ...de and flow control VLAN assignments and CoS settings Any of the 100BASE TX ports can be trunked together Any of the 1000BASE TX ports Ports 25 28 49 52 can also be trunked together including those of different media types All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN via the specified port channel Table 4 58 Link Aggregation Commands Comman...

Страница 627: ...t be set to the same value for a port to be allowed to join a channel group If a link goes down LACP port priority is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channel id no channel group channel id Trunk index Range 1 8 Default Setting The current port will be added to this trunk Command Mode...

Страница 628: ... an LACP trunk must be configured for full duplex and auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically If more than eight ports attached to the same target switch have LACP enabled the additional ports will be pl...

Страница 629: ... other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console config interface ethernet 1 13 Console config if lacp Console config if exit Console config exit Console show interfaces status port channel 1 Inf...

Страница 630: ...key Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate link key The port admin key must be set to the same value for ports that belong to the same link aggregation group LAG Range 0 65535 Default Setting 0 Command Mode Interface Configuration Ethernet C...

Страница 631: ... during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is f...

Страница 632: ...cates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that sid...

Страница 633: ...de Interface Configuration Ethernet Command Usage Regardless of the LACP initiation mode if the target switch has also enabled LACP on the connected ports and negotiations are successfully completed the trunk will be activated automatically Example show lacp This command displays LACP information Syntax show lacp port channel counters internal neighbors sysid port channel Local identifier for a li...

Страница 634: ... of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do n...

Страница 635: ...state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of...

Страница 636: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol part...

Страница 637: ...0 12 CF 8F 2C A7 4 32768 00 12 CF 8F 2C A7 Console Table 4 62 show lacp sysid display description Field Description Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form the LAG system ID ...

Страница 638: ...ssion is defined When enabled for an interface default mirroring is for both received and transmitted packets When enabled for a VLAN or a MAC address mirroring is restricted to received packets Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the de...

Страница 639: ...ll sessions must share the same destination port Example The following example configures the switch to mirror received packets from port 6 to 11 show port monitor This command displays mirror information Syntax show port monitor interface vlan vlan id mac address mac address interface ethernet unit port source port unit Stack unit Range 1 port Port number Range 1 28 52 vlan id VLAN ID Range 1 409...

Страница 640: ... configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 rx Console config if end Console show port monitor Port Mirroring Destination port listen port Eth1 11 Source port monitored port Eth1 6 Mode RX Console ...

Страница 641: ...e Use this command without specifying a rate to restore the default rate limit level Use the no form to restore the default status of disabled Syntax rate limit input output rate no rate limit input output input Input rate limit output Input rate limit rate The traffic rate limit level Range 64 100000 kilobits per second for 100 Mbps ports 64 1000000 kilobits per second for 1 Gbps ports Default Se...

Страница 642: ...t watts The power budget for the switch Range 37 180 watts unit Specifies the stack unit Range 1 Default Setting 180 watts Command Mode Global Configuration Command Usage Setting a maximum power budget for the switch enables power to be centrally managed preventing overload conditions at the power source If the power demand from devices connected to the switch exceeds the power budget setting the ...

Страница 643: ...y then turn on the power to this device When the power inline compatible command is used this switch can detect 802 3af compliant devices and the more recent 802 3af non compliant devices that also reflect the test voltages back to the switch It cannot detect other legacy devices that do not reflect back the test voltages For legacy devices to be supported by this switch they must be able to accep...

Страница 644: ...et Example power inline maximum allocation This command limits the power allocated to specific ports Use the no form to restore the default setting Syntax power inline maximum allocation milliwatts no power inline maximum allocation milliwatts The maximum power budget for the port Range 3000 15400 milliwatts Default Setting 15400 milliwatts Command Mode Interface Configuration Command Usage If a d...

Страница 645: ...riority settings to control the supplied power For example A device connected to a low priority port that causes the switch to exceed its budget is not supplied power A device connected to a critical or high priority port that causes the switch to exceed its budget is supplied power but the switch drops power to one or more lower priority ports Power is dropped from low priority ports in sequence ...

Страница 646: ...5400 7505 low Eth 1 4 enable off 15400 0 low Eth 1 5 enable off 15400 0 low Eth 1 6 enable off 15400 0 low Eth 1 7 enable on 15400 8597 low Eth 1 23 enable off 15400 0 low Eth 1 24 enable off 15400 0 low Console Table 4 66 show power inline status parameters Parameter Description Admin The power mode set on the port see power inline on page 4 266 Oper The current operating power status displays on...

Страница 647: ...h see power mainpower maximum allocation on page 4 264 System Operation Status The current operating power status displays on or off Mainpower Consumption The current power consumption on the switch in watts Software Version The version of software running on the PoE controller subsystem in the switch This software can be updated using the copy file controller command see page 4 36 Table 4 68 Addr...

Страница 648: ...default mode is permanent Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses will not be removed from the address table when a given interface link is down Static addresses ...

Страница 649: ...ce ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 vlan id VLAN ID Range 1 4094 sort Sort by address vlan or interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic addr...

Страница 650: ...onds no mac address table aging time seconds Aging time Range 10 30000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table aging time This command shows the aging time for entries in the address table Default Setting None Command Mode Privil...

Страница 651: ...Address Table Commands 4 273 4 Example Console show mac address table aging time Aging time 100 sec Console ...

Страница 652: ...figuration mode GC 4 281 mst vlan Adds VLANs to a spanning tree instance MST 4 281 mst priority Configures the priority of a spanning tree instance MST 4 282 name Configures the name for the multiple spanning tree MST 4 283 revision Configures the revision number for the multiple spanning tree MST 4 283 max hops Configures the maximum number of hops allowed in the region before a BPDU is discarded...

Страница 653: ...ample shows how to enable the Spanning Tree Algorithm for the switch spanning tree loopback detection release mode Configures loopback release mode for a port IC 4 293 spanning tree loopback detection trap Enables BPDU loopback SNMP trap notification for a port IC 4 294 spanning tree mst cost Configures the path cost of an instance in the MST IC 4 294 spanning tree mst port priority Configures the...

Страница 654: ...es by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU after a port s migration delay timer expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP ...

Страница 655: ...states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding state otherwise temporary data loops might result Example This command configures the spanning tree bridge hel...

Страница 656: ...lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided ...

Страница 657: ...the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example This command configures the system to flood BPDUs to all other ports on the switch or just to all other ports in the same VLAN when spanning tree is disabled globally on the switch or disabled on a specific port Use the no form to restore the default Syn...

Страница 658: ...hod is based on the IEEE 802 1 Spanning Tree Protocol Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Note that path cost page 4 285 takes precedence over port priority p...

Страница 659: ...mands mst vlan 4 281 mst priority 4 282 name 4 283 revision 4 283 max hops 4 284 This command adds VLANs to a spanning tree instance Use the no form to remove the specified VLANs Using the no form without any VLAN parameters to remove all VLANs Syntax no mst instance_id vlan vlan range instance_id Instance identifier of the spanning tree Range 0 4094 vlan range Range of VLANs Range 1 4094 Default ...

Страница 660: ...egion as a single node connecting all regions to the Common Spanning Tree Example This command configures the priority of a spanning tree instance Use the no form to restore the default Syntax mst instance_id priority priority no mst instance_id priority instance_id Instance identifier of the spanning tree Range 0 4094 priority Priority of the a spanning tree instance Range 0 61440 in steps of 409...

Страница 661: ... bridge i e spanning tree compliant device such as this switch can only belong to one MST region And all bridges in the same region must be configured with the same MST instances Example Related Commands revision 4 283 This command configures the revision number for this multiple spanning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revisio...

Страница 662: ...Configuration Command Usage An MSTI region is treated as a single node by the STP and RSTP protocols Therefore the message age for BPDUs inside an MSTI region is never changed However each spanning tree instance within a region and the internal spanning tree IST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements ...

Страница 663: ...h cost method Console config interface ethernet 1 5 Console config if spanning tree spanning disabled Console config if 27 Use the spanning tree pathcost method command on page 4 280 to set the path cost method Table 4 70 Recommended STA Path Cost Range Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 000 20 000 000 Fast Ethernet 10 60 20 000 2 000 000 Gigabit Ethernet 3 10 2 000 20...

Страница 664: ...to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 280 is set to short the maximum value for path cost is 65 535 Example This command configures the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree por...

Страница 665: ...sage You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amoun...

Страница 666: ...xpired If the port does not receive any BPDUs after the edge delay timer expires its role changes to designated port and it immediately enters forwarding state see paratext on page 3 202 The edge delay time equals the protocol migration time when the port link type is point to point which is 3 seconds as defined in IEEE 802 3D 2004 17 20 4 otherwise it equals the maximum age for configuration mess...

Страница 667: ...yntax no spanning tree bpdu filter Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command filters all Bridge Protocol Data Units BPDUs received on an interface to save CPU processing time This function is designed to work in conjunction with edge ports which should only connect end stations to the switch and therefore do not need to process B...

Страница 668: ... must be manually re enabled using the no spanning tree spanning disabled command Before enabling BPDU Guard the interface must be configured as an edge port with the spanning tree edge port or spanning tree portfast command Also note that if the edge port attribute is disabled on an interface BPDU Guard will also be disabled on that interface Example Related Commands spanning tree edge port 4 287...

Страница 669: ...ddress can take over as the root bridge at any time When Root Guard is enabled and the switch receives a superior BPDU on this port it is set to the Discarding state until it stops receiving superior BPDUs for a fixed recovery period While in the discarding state no traffic is forwarded across the port Root Guard can be used to ensure that the root bridge is not formed at a suboptimal location Roo...

Страница 670: ...tch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is forbidden Since MSTP is an extension of RSTP this same restriction applies Example This command enables the detection an...

Страница 671: ...an only be released from the discarding state manually Default Setting auto Command Mode Interface Configuration Ethernet Port Channel Command Usage If the port is configured for automatic loopback release then the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes...

Страница 672: ...cost method29 1 200 000 000 for long path cost method The recommended path cost range is listed in Table 4 70 on page 4 285 The recommended path cost is listed in Table 4 71 on page 4 285 Default Setting By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto config...

Страница 673: ...nning Tree Use the no form to restore the default Syntax spanning tree mst instance_id port priority priority no spanning tree mst instance_id port priority instance_id Instance identifier of the spanning tree Range 0 4094 no leading zeroes priority Priority for an interface Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This...

Страница 674: ...mand Usage If at any time the switch detects STP BPDUs including Configuration or Topology Change Notification BPDUs it will automatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP compatible Example Con...

Страница 675: ...ommand Usage Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the...

Страница 676: ...nges 1 Last Topology Change Time sec 15263 Transmission Limit 3 Path Cost Method Long Flooding Behavior To VLAN Eth 1 1 Information Admin Status Enabled Role Disabled State Discarding External Admin Path Cost 0 Internal Admin Path Cost 0 External Oper Path Cost 100000 Internal Oper Path Cost 100000 Priority 128 Designated Cost 100000 Designated Port 128 3 Designated Root 32768 0 0001ECF8D8C6 Desig...

Страница 677: ... extension MIB 4 300 Editing VLAN Groups Sets up VLAN groups including name VID and state 4 304 Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filtering PVID and GVRP 4 306 Displaying VLAN Information Displays VLAN groups status port members and MAC addresses 4 313 Configuring 802 1Q Tunneling Configures 802 1Q Tunneling QinQ Tunn...

Страница 678: ...to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example Table 4 74 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally for the switch GC 4 300 show bridge ext Shows the global bridg...

Страница 679: ... the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console show bridge ext Max support vlan numbers 256 Max support vlan ID 4092 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Configurable PVID tagging Yes Local VLAN capable No Traffic classes Enabled Global GV...

Страница 680: ...command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall join leave leaveall Which timer to set timer_value Value of timer Ranges join 20 1000 centiseconds leave 60 3000 centiseconds leaveall 500 18000 centiseconds Default Setting join 20 centiseconds leave...

Страница 681: ... Set GVRP timers on all Layer 2 devices connected in the same network to the same values Otherwise GVRP may not operate successfully Example Related Commands show garp timer 4 303 show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id R...

Страница 682: ...N settings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 313 Table 4 75 Editing VLAN Groups Command Function Mode Page...

Страница 683: ...Suspended VLANs do not pass packets Default Setting By default only VLAN 1 exists and is active Command Mode VLAN Database Configuration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLANs on the switch Note The switch allows 255 user manageable VLANs One e...

Страница 684: ...or a specified VLAN GC 4 306 switchport mode Configures VLAN membership mode for an interface IC 4 307 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 308 switchport ingress filtering Enables ingress filtering on an interface IC 4 308 switchport native vlan Configures the PVID native VLAN of an interface IC 4 309 switchport allowed vlan Configures the V...

Страница 685: ...g to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames private vlan For an explanation of this command see paratext on page 4 324 Default Setting All ports are in hybrid mode with the PVID set to VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage Access mode is mutually exclusive with VLAN trunking see the vlan trunking command ...

Страница 686: ... Command Usage When set to receive all frame types any received frames that are untagged are assigned to the default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 307 switchport ingress filtering This command enables ingress filtering for an interface Syntax no switchport ingress filtering Default Setting...

Страница 687: ...yntax switchport native vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Usage If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an...

Страница 688: ...witchport mode set to trunk i e 1Q Trunk then you can only assign an interface to VLAN groups as a tagged member Frames are always tagged within the switch The tagged untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress If none of the intermediate network devices nor the host at the other end of the connection supports...

Страница 689: ...st Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set of forbidden VLANs for that same interface Example The following example shows how to prevent port 1 from being added to VLA...

Страница 690: ...apply to this feature VLAN trunking can only be enabled on Gigabit Ethernet ports or trunks VLAN trunking is mutually exclusive with the access switchport mode see the switchport mode command on page 4 307 If VLAN trunking is enabled on an interface then that interface cannot be set to access mode and vice versa To prevent loops from forming in the spanning tree all unknown VLANs will be bound to ...

Страница 691: ...Privileged Exec Example The following example shows how to display information for VLAN 1 Table 4 77 Show VLAN Commands Command Function Mode Page show vlan Shows VLAN information NE PE 4 313 show interfaces status vlan Displays status for the specified VLAN interface NE PE 4 230 show interfaces switchport Displays the administrative and operational status of an interface NE PE 4 232 Console show ...

Страница 692: ... 5 Configure the QinQ tunnel access port to join the SPVLAN as an untagged member switchport allowed vlan page 4 310 6 Configure the SPVLAN ID as the native VID on the QinQ tunnel access port switchport native vlan page 4 309 7 Configure the QinQ tunnel uplink port to dot1Q tunnel uplink mode switchport dot1q tunnel mode page 4 315 8 Configure the QinQ tunnel uplink port to join the SPVLAN as a ta...

Страница 693: ...Commands show dot1q tunnel 4 317 show interfaces switchport 4 232 This command configures an interface as a QinQ tunnel port Use the no form to disable QinQ on the interface Syntax switchport dot1q tunnel mode access uplink no switchport dot1q tunnel mode access Sets the port as an 802 1Q tunnel access port uplink Sets the port as an 802 1Q tunnel uplink port Default Setting Disabled Command Mode ...

Страница 694: ...identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 Range 0800 FFFF hexadecimal Default Setting 0x8100 Command Mode Interface Configuration Ethernet Port Channel Command Usage Use the switchport dot1q tunnel tpid command to set a custom 802 1Q ethertype value on the selected interface This feature allows the switch to ...

Страница 695: ...ot1q tunnel system tunnel control Console config interface ethernet 1 1 Console config if switchport dot1q tunnel mode access Console config if interface ethernet 1 2 Console config if switchport dot1q tunnel mode uplink Console config if end Console show dot1q tunnel Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x8100 ...

Страница 696: ...ther clients allowing different clients to share access to their uplink ports where security is less likely to be compromised This section describes commands used to configure traffic segmentation pvlan This command enables port based traffic segmentation Use the no form to disable this feature Syntax no pvlan Default Setting Disabled Command Mode Global Configuration Table 4 79 Traffic Segmentati...

Страница 697: ...n Range 1 15 interface list One or more uplink or downlink interfaces ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 Default Setting None Command Mode Global Configuration Table 4 80 Traffic Segmentation Forwarding Destination Source Session 1 Downlinks Session 1 Uplinks Session 2 Downlinks Session 2 Uplinks Normal Ports Session 1 Downli...

Страница 698: ...rts will operate as normal ports Due to switch ASIC limitations ports 1 8 9 16 17 24 are grouped together when any group member is configured as an uplink or downlink interface Example pvlan session This command creates a traffic segmentation client session Use the no form to remove a client session Syntax no pvlan session session id session id Traffic segmentation session Range 1 15 Default Setti...

Страница 699: ...en uplink ports assigned to different sessions Default Setting Blocking Command Mode Global Configuration Example This example enables forwarding of traffic between uplink ports assigned to different client sessions show pvlan This command displays the traffic segmentation configuration settings Syntax show pvlan session session id session id Traffic segmentation session Range 1 15 Command Mode Pr...

Страница 700: ...ity associated groups follow these steps 1 Use the private vlan command to designate one or more community VLANs and the primary VLAN that will channel traffic outside of the community groups 2 Use the private vlan association command to map the community VLAN s to the primary VLAN 3 Use the switchport mode private vlan command to configure ports as promiscuous i e having access to all ports in th...

Страница 701: ...s to channel traffic between community VLANs and other locations Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs are used to restrict traffic to ports within the same community and channel traffic passing outside the community through promiscuous ports When using community VLANs they must be mapped to an associated primary VLAN that contains promiscuous ports Port ...

Страница 702: ...curity for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the primary VLAN via promiscuous ports Example switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the default setti...

Страница 703: ...iation secondary vlan id ID of secondary i e community VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via promiscuous ports in the associated primary VLAN Example Conso...

Страница 704: ...VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the private VLAN configuration settings on this switch Syntax show vlan private vlan community primary community Displays all community VLANs along with their associated primary VLAN and assigned host interfa...

Страница 705: ...up for each of the protocols you want to assign to a VLAN using the protocol vlan protocol group add command 3 Then map the protocol group to the appropriate VLAN using the protocol vlan protocol group vlan command Note Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet traffic must not be...

Страница 706: ... The options for all other frames types include ip arp and rarp Default Setting No protocol groups are configured Command Mode Global Configuration Example The following creates protocol group 2 and specifies Ethernet frames transmitting ARP protocol type traffic protocol vlan protocol group Configuring VLANs This command globally maps a protocol group to a VLAN Use the no form to remove the proto...

Страница 707: ...d frames If the frame is untagged and the protocol type matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for the interface Example The following example maps traffic matching the protocol type specified in protocol group 2 to VLAN 2 show protocol vlan protocol group This command shows the...

Страница 708: ... belonging to the VLAN whose VID PVID is associated with that port When IP subnet based VLAN classification is enabled the source address of untagged ingress frames are checked against the IP subnet to VLAN mapping table If an entry is found for that subnet these frames are assigned to the VLAN indicated in the entry If no IP subnet is matched the untagged frames are classified as belonging to the...

Страница 709: ...ntagged frame is received by a port the source IP address is checked against the IP subnet to VLAN mapping table and if an entry is found the corresponding VLAN ID is assigned to the frame If no mapping is found the PVID of the receiving port is assigned to the frame The IP subnet cannot be a broadcast or multicast IP address When MAC based IP subnet based and protocol based VLANs are supported co...

Страница 710: ...he no form to remove an assignment Syntax mac vlan mac address mac address vlan vlan id no mac vlan mac address mac address all mac address The source MAC address to be matched Configured MAC addresses can only be unicast addresses The MAC address must be specified in the format xx xx xx xx xx xx or xxxxxxxxxxxx vlan id VLAN to which the matching source MAC address traffic is forwarded Range 1 409...

Страница 711: ...applied in this sequence and then port based VLANs last Example The following example assigns traffic from source MAC address 00 00 00 11 22 33 to VLAN 10 show mac vlan This command displays MAC address to VLAN assignments Command Mode Privileged Exec Command Usage Use this command to display MAC address to VLAN mappings Example The following example displays all configured MAC address based VLANs...

Страница 712: ...it is recommended to isolate the Voice over IP VoIP network traffic from other data traffic Traffic isolation helps prevent excessive packet delays packet loss and jitter which results in higher voice quality This is best achieved by assigning all VoIP traffic to a single VLAN VoIP traffic can be detected on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to d...

Страница 713: ...detection and specifies the Voice VLAN ID as 1234 voice vlan aging This command sets the Voice VLAN ID time out Use the no form to restore the default Syntax voice vlan aging minutes no voice vlan minutes Specifies the port Voice VLAN membership time out Range 5 43200 minutes Default Setting 1440 minutes Command Mode Global Configuration Command Usage The Voice VLAN aging time is the time after wh...

Страница 714: ...ne Command Mode Global Configuration Command Usage VoIP devices attached to the switch can be identified by the manufacturer s Organizational Unique Identifier OUI in the source MAC address of received packets OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses The MAC OUI numbers for VoIP equipment can be configured on the switch so that traffic from ...

Страница 715: ...r OUI or 802 1ab LLDP using the switchport voice vlan rule command page 4 337 When OUI is selected be sure to configure the MAC address ranges in the Telephony OUI list using the voice vlan mac address command page 4 336 Example The following example sets port 1 to Voice VLAN auto mode switchport voice vlan rule This command selects a method for detecting VoIP traffic on a port Use the no form to ...

Страница 716: ...e the no form to disable filtering on a port Syntax no switchport voice vlan security Default Setting Disabled Command Mode Interface Configuration Command Usage Security filtering discards any non VoIP packets received on the port that are tagged with the voice VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devic...

Страница 717: ...he port VoIP traffic on the Voice VLAN The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is active for the port Example The following example sets the CoS priority to 5 on port 1 show voice vlan This command displays the Voice VLAN settings on the switch and the OUI Telephony list Syntax show voice vlan oui status oui Displays the OUI Telepho...

Страница 718: ...led Disabled OUI 6 Eth 1 3 Manual Enabled OUI 5 Eth 1 4 Auto Enabled OUI 6 Eth 1 5 Disabled Disabled OUI 6 Eth 1 6 Disabled Disabled OUI 6 Eth 1 7 Disabled Disabled OUI 6 Eth 1 8 Disabled Disabled OUI 6 Eth 1 9 Disabled Disabled OUI 6 Eth 1 10 Disabled Disabled OUI 6 Console show voice vlan oui OUIAddress Mask Description 00 12 34 56 78 9A FF FF FF 00 00 00 old phones 00 11 22 33 44 55 FF FF FF 00...

Страница 719: ...value sent in LLDP advertisements GC 4 343 medFastStartCount Configures how many medFastStart packets are transmitted GC 4 344 lldp notification interval Configures the allowed interval for sending SNMP notifications about LLDP changes GC 4 344 lldp refresh interval Configures the periodic transmit interval for LLDP advertisements GC 4 345 lldp reinit delay Configures the delay before attempting t...

Страница 720: ... an LLDP enabled port to advertise its Power over Ethernet capabilities IC 4 355 lldp medtlv extpoe Configures an LLDP MED enabled port to advertise its extended Power over Ethernet configuration and usage information IC 4 355 lldp medtlv inventory Configures an LLDP MED enabled port to advertise its inventory identification details IC 4 356 lldp medtlv location Configures an LLDP MED enabled port...

Страница 721: ... default setting Syntax lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on holdtime multiplier refresh interval 65536 Range 2 10 Default Setting Holdtime multiplier 4 TTL 4 30 120 seconds Command Mode Global Configuration Command Usage The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LL...

Страница 722: ...id availability of Emergency Call Service Example lldp notification interval This command configures the allowed interval for sending SNMP notifications about LLDP MIB changes Use the no form to restore the default setting Syntax lldp notification interval seconds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Range 5 3600 seconds Default...

Страница 723: ...nterval at which LLDP advertisements are sent Range 5 32768 seconds Default Setting 30 seconds Command Mode Global Configuration Command Usage This attribute must comply with the following rule refresh interval holdtime multiplier 65536 Example lldp reinit delay This command configures the delay before attempting to re initialize after LLDP ports are disabled or the link goes down Use the no form ...

Страница 724: ...tax lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds Default Setting 2 seconds Command Mode Global Configuration Command Usage The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are rep...

Страница 725: ...tification Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option sends out SNMP trap notifications to designated target stations at the interval specified by the lldp notification interval command page 4 344 Trap notifications include information about state changes in the LLDP MIB IEEE 802 1AB or organization specific LLDP EXT DOT1 and LLDP E...

Страница 726: ...ap notifications include information about state changes in the LLDP MIB IEEE 802 1AB the LLDP MED MIB ANSI TIA 1057 or organization specific LLDP EXT DOT1 and LLDP EXT DOT3 MIBs SNMP trap destinations are defined using the snmp server host command page 4 93 Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist...

Страница 727: ...interface number and OID are included to assist SNMP applications to perform network discovery by indicating enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV tha...

Страница 728: ...bled Command Mode Interface Configuration Ethernet Port Channel Command Usage The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Example lldp basic tlv system description This command configures an LLDP enabled port to advertise the system description Use ...

Страница 729: ...tem name Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage The system name is taken from the sysName object in RFC 3418 which contains the system s administratively assigned name and is in turn based on the hostname command page 4 18 Example This command configures an LLDP enabled port to advertise the supported protocols Use the no form to disable th...

Страница 730: ...ernet Port Channel Command Usage This option advertises the port based and protocol based VLANs configured on this interface see paratext on page 4 306 and paratext on page 4 327 Example This command configures an LLDP enabled port to advertise its default VLAN ID Use the no form to disable this feature Syntax no lldp dot1 tlv pvid Default Setting Enabled Command Mode Interface Configuration Ether...

Страница 731: ...e This option advertises the name of all VLANs to which this interface has been assigned See paratext on page 4 310 and paratext on page 4 328 Example lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link aggregation capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv link agg Default Setting Enabled Command Mode Interface Configuration Ethe...

Страница 732: ...guration Ethernet Port Channel Command Usage This option advertises MAC PHY configuration status which includes information about auto negotiation support capabilities and operational Multistation Access Unit MAU type Example lldp dot3 tlv max frame This command configures an LLDP enabled port to advertise its maximum frame size Use the no form to disable this feature Syntax no lldp dot3 tlv max f...

Страница 733: ...upported currently enabled if the port pins through which power is delivered can be controlled the port pins selected to deliver power and the power class Note that this device does not support PoE capabilities Example lldp medtlv extpoe This command configures an LLDP MED enabled port to advertise and accept Extended Power over Ethernet configuration and usage information Use the no form to disab...

Страница 734: ...this feature Syntax no lldp medtlv inventory Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises device details useful for inventory management such as manufacturer model software version and other pertinent information Example lldp medtlv location This command configures an LLDP MED enabled port to advertise its location identifi...

Страница 735: ...V capabilities allowing Media Endpoint and Connectivity Devices to efficiently discover which LLDP MED related TLVs are supported on the switch Example lldp medtlv network policy This command configures an LLDP MED enabled port to advertise its network policy configuration Use the no form to disable this feature Syntax no lldp medtlv network policy Default Setting Enabled Command Mode Interface Co...

Страница 736: ...uality degradation or complete service disruption Example show lldp config This command shows LLDP configuration settings for all ports Syntax show lldp config detail interface detail Shows configuration summary interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 Command Mode Privileged Exec Console config interface ethernet 1 1 Con...

Страница 737: ... Tx Rx True Eth 1 4 Tx Rx True Eth 1 5 Tx Rx True Console show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin Status Tx Rx Notification Enabled True Basic TLVs Advertised port description system name system description system capabilities management ip address 802 1 specific TLVs Advertised port vid vlan name proto vlan proto ident 802 3 specific TLVs Advertised ...

Страница 738: ...03 04 05 System Name System Description Edgecore Networks SMC6128PL2 System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information Interface PortID Type PortID PortDesc Eth 1 1 MAC Address 00 01 02 03 04 06 Ethernet Port on unit 1 port 1 Eth 1 2 MAC Address 00 01 02 03 04 07 Ethernet Port on unit 1 port 2 Eth 1 3 MAC Address 00 01 ...

Страница 739: ...ommand Mode Privileged Exec Example Console show lldp info remote device LLDP Remote Devices Information Interface ChassisId PortId SysName Eth 1 1 00 01 02 03 04 05 00 01 02 03 04 06 Console show lldp info remote device detail ethernet 1 1 LLDP Remote Devices Information Detail Local PortName Eth 1 1 Chassis Type MAC Address Chassis Id 00 01 02 03 04 05 PortID Type MAC Address PortID 00 01 02 03 ...

Страница 740: ...e switch show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Interface NumFramesRecvd NumFramesSent NumFramesDiscarded Eth 1 1 10 11 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 switch show lldp info statistics d...

Страница 741: ...uential order transmitting all traffic in the higher priority queues before servicing lower priority queues wrr Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for queues 0 3 respectively Table 4 87 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of servic...

Страница 742: ...rity service mode switchport priority default This command sets a priority for incoming untagged frames Use the no form to restore the default value Syntax switchport priority default default priority id no switchport priority default default priority id The priority number for untagged ingress traffic The priority is a number from 0 to 7 Seven is the highest priority Default Setting The priority ...

Страница 743: ...y on port 3 to 5 Related Commands show interfaces switchport 4 232 queue cos map This command assigns class of service CoS values to the priority queues i e hardware output queues 0 3 Use the no form set the CoS map to the default values Syntax queue cos map queue_id cos1 cosn no queue cos map queue_id The ID of the priority queue Ranges are 0 to 3 where 3 is the highest priority queue cos1 cosn T...

Страница 744: ...ple shows how to change the CoS assignments Related Commands show queue cos map 4 367 show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Priority Queue 0 1 2 1 2 2...

Страница 745: ...hernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Queue ID Weight 0 1 1 2 2 4 3 8 Console Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 1 0 0 1 2 2 3 3 Console ...

Страница 746: ...priority Example The following example shows how to enable IP DSCP mapping globally Interface Configuration This command sets IP DSCP priority i e Differentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class of Service value Range 0 7 Table 4 90 Priority Com...

Страница 747: ...iority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 Table 4 91 IP DSCP to CoS Vales IP DSCP Value CoS Value 0 0 8 1 10 12 14 16 2 18 ...

Страница 748: ... Range 1 28 52 port channel channel id Range 1 8 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 368 map ip dscp Interface Configuration 4 368 Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1 3 0 Eth 1 1 61 0 Eth 1 1 62 0 Eth 1 1 63 0 Console ...

Страница 749: ...c class and use the policer command to monitor the average flow and burst rate and drop Table 4 92 Quality of Service Commands Command Function Mode Page class map Creates a class map for a type of traffic GC 4 372 match Defines the criteria used to classify traffic CM 4 373 rename Redefines the name of a class map CM 4 374 description Specifies the description of a class map CM 4 374 policy map C...

Страница 750: ...class map name Name of the class map Range 1 16 characters Default Setting None Command Mode Global Configuration Command Usage First enter this command to designate a class map and enter the Class Map configuration mode Then use the match command page 4 373 to specify the criteria for ingress traffic that will be classified under this class map Up to 16 match commands are permitted per class map ...

Страница 751: ...ress packets that must match to qualify for this class map If an ingress packet matches an ACL specified by this command any deny rules included in the ACL will be ignored If match criteria includes an IP ACL or IP priority rule then a VLAN rule cannot be included in the same class map If match criteria includes a MAC ACL or VLAN rule then neither an IP ACL nor IP priority rule can be included in ...

Страница 752: ...n This command specifies the description of a class map or policy map Syntax description string string Description of the class map or policy map Range 1 64 characters Command Mode Class Map Configuration Policy Map Configuration Example Console config class map rd_class 3 match any Console config cmap match vlan 1 Console config cmap Console config class map rd class 1 Console config cmap rename ...

Страница 753: ...te a Class Map page 4 375 before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response t...

Страница 754: ...es the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any violating packets set This command services IP traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified by the match command on page 4 373 Use the no form to remove the traffic classification Syntax no set cos new cos ip dscp new dsc...

Страница 755: ...ACL and Extended ACL IPv6 Standard ACL and IPv6 Extended ACL Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is specified by the burst byte field and the average rate at which tokens are removed from the bucket is specified by the rate bps option Example This example creates a policy called rd_policy uses the class command to specify the pre...

Страница 756: ...olicy map can be assigned to an interface First define a class map then define a policy map and finally use the service policy command to bind the policy map to the required interface The switch does not allow a policy map to be bound to an interface for egress traffic Example This example applies a service policy to an ingress interface show class map This command displays the QoS class maps whic...

Страница 757: ...d Mode Privileged Exec Example show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 Console show class map Class Map match any rd_class 1 Match ip dscp 3 Class Map match any rd_class ...

Страница 758: ...ers 4 380 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 385 Static Multicast Routing Configures static multicast router ports 4 389 IGMP Filtering and Throttling Configures IGMP filtering and throttling 4 391 Multicast VLAN Registration Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving sec...

Страница 759: ... igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 Default Setting None Command Mode Global Configuration Command Usage Static multicast entries are never aged out When a multicast entry is assigned to an i...

Страница 760: ...3 are all supported and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the snooping version employed Some commands are only enabled for IGMPv2 and or v3 including ip igmp snooping querier ip igmp snooping query max response time ip igmp snooping query interval and ip igmp snooping immediate leave Example The following configures the switch to us...

Страница 761: ...ry timer for that port When the conditions in the preceding item all apply except that the receiving port is a router port then the switch will not send a GS query but will immediately start the last member query timer for that port Example This command immediately deletes a member port of a multicast service if a leave packet is received at that port and immediate leave is enabled for the parent ...

Страница 762: ...ion Default Setting None Command Mode Privileged Exec Command Usage See paratext on page 3 286 for a description of the displayed items Example The following shows the current IGMP snooping configuration This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4092 Console config interface vlan 1 Console config if ip ...

Страница 763: ...he switch as an IGMP querier Use the no form to disable it Syntax no ip igmp snooping querier Default Setting Enabled Console show mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 95 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the querier for IGMP snooping...

Страница 764: ...p a client from the multicast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action If a querier has sent a number of queries defined by this command but a client has not responded a countdown timer is started using the time defined by ip igmp snooping q...

Страница 765: ...ime seconds no ip igmp snooping query max response time seconds The report delay advertised in IGMP queries Range 5 25 Default Setting 10 seconds Command Mode Global Configuration Command Usage The switch must be using IGMPv2 or v3 snooping for this command to take effect This command defines the time after a query during which a response is expected from a multicast client If a querier has sent a...

Страница 766: ...fter the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 or v3 snooping for this command to take effect Example The following shows how to configure the default timeout to 300 seconds Related Command...

Страница 767: ...iguration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your router you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 a...

Страница 768: ...d VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Static Console ...

Страница 769: ...eived on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP filtering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups Table 4 97 IGMP Filtering and Throttling Commands...

Страница 770: ...A profile defines the multicast groups that a subscriber is permitted or denied to join The same profile can be applied to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny Example permit deny This command sets the access mode for an IGMP filter profile Use the no form to delete a profile number Syntax permit deny Defa...

Страница 771: ...oup range Default Setting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address range for a profile Example ip igmp filter This command assigns an IGMP filtering profile to an interface on the switch Use the no form to remove a profile from an interface Syntax no ip igmp filter profile number profile numbe...

Страница 772: ...n at the same time Range 0 64 Default Setting 64 Command Mode Interface Configuration Command Usage IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is...

Страница 773: ...wo actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group Example show ip igmp filter This command displays the global and interface settings for IGMP filtering Syntax show ip igmp filter interface interface interface ethernet uni...

Страница 774: ...tings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 8 Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny range 239 1 1 1 239 1 1 1 range 239 2 3 1 239 2 3 100 Console ...

Страница 775: ...tains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong Console show ip igmp throttle interface ethernet 1 1 Eth 1 1 Information Status TRUE Action Deny Max Multicast Groups 32 Current Multicast Groups 0 Console Table 4 98 Multicast VLAN Registration Commands Command Function Mode Page mvr Globally e...

Страница 776: ...group Range 224 0 1 0 239 255 255 255 count The number of contiguous MVR group addresses Range 1 255 vlan Specifies the VLAN through which MVR multicast data is received This is also the VLAN to which all source ports must be assigned Range 1 4094 vlan id MVR VLAN ID Range 1 4094 receiver group Specifies groups to be managed through the receiver VLAN receiver vlan Allows multicast traffic to be fo...

Страница 777: ...tion will be flooded to all ports in the associated VLAN Multicast traffic forwarded to subscribers is normally stripped of frame tags to prevent the hosts from discovering the identity of the MVR VLAN To allow multicast traffic with tagged frames to be sent to subscribers without revealing the identity of the MVR VLAN both the receiver group and receiver vlan attributes must be specifically defin...

Страница 778: ... an MVR multicast group Range 224 0 1 0 239 255 255 255 static receiver group Statically assigns a multicast receiver group to the selected interface Note that the specified multicast service must already be configured as a receiver group which will managed through the MVR receiver VLAN see mvr global configuration command on page 4 398 Default Setting The port type is not defined Immediate leave ...

Страница 779: ...ng for a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list Using immediate leave can speed up leave latency but should only be enabled on a port attached to one multicast subscriber to avoid disrupting services to other group members attached to the same interface Immediate leave does not apply to multicast groups whi...

Страница 780: ...ge 1 8 ip address IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 receiver group members Displays interfaces assigned to the MVR receiver groups and the current MVR status for each group Default Setting Displays global configuration settings for MVR when no keywords are used Command Mode Privileged Exec Command Usage Enter this command without any keywords to display the glob...

Страница 781: ...without revealing the identity of the MVR VLAN MVR Supported Receiver Multicast Groups Number of multicast groups to be managed through the receiver VLAN MVR Used Receiver Multicast Groups Number of multicast groups currently active within the receiver VLAN eth1 5 RECEIVER INACTIVE DOWN Disable eth1 6 RECEIVER INACTIVE DOWN Disable eth1 7 RECEIVER INACTIVE DOWN Disable Console Table 4 100 show mvr...

Страница 782: ...ceiver VLAN VLAN used to froward multicast traffic with tagged frames without revealing the identity of the MVR VLAN Members Shows the interfaces with subscribers for multicast services provided through the MVR VLAN Also shows if an interface has dynamically joined a multicast group d or if a multicast group has been statically bound to the interface s Console show mvr receiver group members MVR G...

Страница 783: ...ress1 Corresponding IP address address2 address8 Additional corresponding IP addresses Default Setting No static entries Command Mode Global Configuration Table 4 103 DNS Commands Command Function Mode Page ip host Creates a static host name to address mapping GC 4 405 clear host Deletes entries from the host name to address table PE 4 406 ip domain name Defines a default domain name for incomplet...

Страница 784: ...Syntax clear host name name Name of the host Range 1 64 characters Removes all entries Default Setting None Command Mode Privileged Exec Example This example clears all static entries from the DNS table ip domain name This command defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remo...

Страница 785: ...main name Range 1 64 characters Default Setting None Command Mode Global Configuration Command Usage Domain names are added to the end of the list one at a time When an incomplete host name is received by the DNS service on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified name servers for a match If there is no...

Страница 786: ... server address1 IP address of domain name server server address2 server address6 IP address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a response is received or the end of the list is reached with no response Console config ip domain list sample com jp Console config ip ...

Страница 787: ...ore you can enable DNS If all name servers are deleted DNS will automatically be disabled Example This example enables DNS and then displays the configuration Console config ip domain server 192 168 1 55 10 1 0 55 Console config end Console show dns Domain Lookup Status DNS disabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Server List 192 168 1 55 10 1 0 55 ...

Страница 788: ... an alias if it is mapped to the same address es as a previously configured entry This command displays the configuration of the DNS service Command Mode Privileged Exec Example Console show hosts Hostname rd5 Inet address 10 1 0 55 192 168 1 55 Alias 1 rd6 Console Console show dns Domain Lookup Status DNS enabled Default Domain Name sample com Domain Name List sample com jp sample com uk Name Ser...

Страница 789: ...nytimes com 19 POINTER TO 2 4 4 CNAME graphics478 nytimes com edgesui 19 POINTER TO 2 Console Table 4 104 show dns cache display description Field Description NO The entry number for each resource record FLAG The flag is always 4 indicating a cache entry and therefore unreliable TYPE This field includes ADDRESS which specifies the host address for the owner and CNAME which specifies an alias IP Th...

Страница 790: ...ress from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configuration VLAN Command Usage You must assign an IP address to this device to gain management access over the network You can manually configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by p...

Страница 791: ...w management VLAN Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart 4 414 ip default gateway This command establishes a static route between this switch and devices that exist on another network segment Use the no form to remove the static route Syntax ip default gateway gateway no ip default gateway gateway IP address of the default gate...

Страница 792: ...twork portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Related Commands ip address 4 412 show ip interface This command displays the settings of an IP interface Default Setting All interfaces Command Mode Normal Exec Privileged Exec Example Console config interface vlan 1 Console config if ip a...

Страница 793: ...hows each cache entry including the corresponding IP address MAC address type dynamic other and VLAN interface Note that entry type other indicates local addresses for this switch Example ping This command sends ICMP echo request packets to another node on the network Syntax ping host count count size size host IP address or IP alias of the host Console show ip redirects IP default gateway 10 1 0 ...

Страница 794: ...ffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging Example Related Commands interface 4 221 Console ping 10 1 0 9 Type ESC to abort PING t...

Страница 795: ... Control Broadcast multicast or unknown unicast traffic throttled above a critical threshold Port Mirroring Destination single port Source Multiple ports VLANs MAC addresses Rate Limits Input limit Output limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Protocol STP IEEE 802 1D 2004 Rapid Spanning ...

Страница 796: ...ement Features In Band Management Telnet web based HTTP or HTTPS SNMP manager or Secure Shell Out of Band Management RS 232 DB 9 console port Software Loading FTP TFTP in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Standards IEEE 802 1AB Link Layer Discovery Protocol IEEE 802 1D 2004 Spanni...

Страница 797: ...6 TFTP RFC 1350 Management Information Bases Bridge MIB RFC 1493 Differentiated Services MIB RFC 3289 Entity MIB RFC 2737 Ether like MIB RFC 3635 Extended Bridge MIB RFC 2674 Extensible SNMP Agents MIB RFC 2742 Forwarding Table MIB RFC 2096 IGMP MIB RFC 2933 Interface Group MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 3636 MIB II RFC 1213 Port Access Enti...

Страница 798: ...munity MIB RFC 3584 SNMP Framework MIB RFC 3411 SNMP MPD MIB RFC 3412 SNMP Target MIB SNMP Notification MIB RFC 3413 SNMP User Based SM MIB RFC 3414 SNMP View Based ACM MIB RFC 3415 TACACS Authentication Client MIB TCP MIB RFC 2012 Trap RFC 1215 UDP MIB RFC 2013 ...

Страница 799: ...d the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Be sure the control parameters for the SSH server are properly configured on the switch and that the SSH clien...

Страница 800: ...r messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 6 Contact your distributor s service engineer For example Console config logging on Console con...

Страница 801: ...etworks by employing a well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particular forwarding treatment or per hop behavior at each network node DiffServ allocates different levels of service to users on the network with mechanisms such as traffic meters shapers droppers pac...

Страница 802: ...to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard File Transfer Protocol FTP A TCP IP protocol commonly used for software downloads GARP VLAN Registration Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs d...

Страница 803: ... Spanning Tree Protocol RSTP which reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Now incorporated in IEEE 802 1D 2004 IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE...

Страница 804: ...t may be configured differently to suit the requirements for specific network applications Layer 2 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses Link Aggregation See Port Trunk Link Aggregation Control Protocol Allows ports to automatically negotiate a trunked link ...

Страница 805: ...ocol MSTP can provide an independent spanning tree for different VLANs It simplifies network management provides for even faster convergence than RSTP by limiting the size of each region and prevents VLAN members from being segmented from the rest of the group Network Time Protocol NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master ...

Страница 806: ...ority of one flow or limiting the priority of another flow Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network RMON RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a ...

Страница 807: ...ludes TCP as the primary transport protocol and IP as the network layer protocol TFTP A TCP IP protocol commonly used for software downloads UTC UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not have daylight saving time UDP UDP provides a datagram mode for packet switched communications It uses IP as th...

Страница 808: ...Glossary Glossary 8 A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected ...

Страница 809: ... 227 4 308 Access Control List See ACL ACL 3 123 4 199 ARP 3 133 4 212 binding to a port 3 135 4 205 IPv4 Extended 3 124 3 125 4 200 4 203 IPv4 Standard 3 124 3 125 4 200 4 202 IPv6 Extended 3 124 3 129 4 206 4 209 IPv6 Standard 3 124 3 128 4 206 4 208 MAC 3 131 4 215 restricting rule types 4 200 address table 3 189 4 269 aging time 3 191 4 272 ARP ACL 3 133 4 193 ARP inspection 3 136 4 191 ACL fi...

Страница 810: ...mic configuration 2 5 DHCP snooping enabling 3 144 4 180 global configuration 3 144 4 180 information option 3 146 4 184 information option policy 3 146 4 185 information option enabling 3 146 4 184 policy selection 3 146 4 185 specifying trusted interfaces 3 147 4 182 verifying MAC addresses 3 144 4 183 VLAN configuration 3 145 4 181 Differentiated Code Point Service See DSCP Differentiated Servi...

Страница 811: ...2 1X 3 99 4 146 IGMP filter profiles configuration 3 295 4 392 filter parameters 3 295 filtering throttling 3 294 4 391 filtering throttling configuring profile 4 392 4 393 filtering throttling creating profile 3 294 4 392 filtering throttling enabling 3 294 4 391 filtering throttling interface configuration 3 297 4 393 filtering throttling interface settings 4 393 4 395 filtering throttling statu...

Страница 812: ...n 3 253 4 356 TLV network policy 3 253 4 357 TLV PoE 3 253 4 355 TLV port capabilities 3 253 4 357 logging syslog traps 3 37 4 60 to syslog servers 3 37 4 59 log in web interface 3 2 logon authentication 3 70 4 109 encryption keys 3 75 4 118 4 122 RADIUS client 3 73 4 116 RADIUS server 3 73 4 116 sequence 3 73 4 114 4 115 settings 3 73 4 114 TACACS client 3 72 4 120 TACACS server 3 72 4 120 logon ...

Страница 813: ... status 3 186 4 268 maximum allocation 3 186 4 266 priority 3 188 4 267 showing mainpower 3 186 4 269 port priority configuring 3 263 4 363 default ingress 3 263 4 364 STA 3 204 4 286 port security configuring 3 109 4 159 port statistics 3 180 4 231 ports autonegotiation 3 158 4 223 broadcast storm threshold 3 172 4 228 capabilities 3 158 4 224 configuring 3 155 4 220 duplex mode 3 158 4 222 flow ...

Страница 814: ...4 44 sFlow flow configuration 3 68 4 104 4 108 port groups source 3 66 4 104 target device 3 68 4 107 Simple Mail Transfer Protocol See SMTP Simple Network Management Protocol See SNMP SMTP sending log events 3 39 4 63 SNMP 3 49 4 88 community string 3 51 4 91 enabling traps 3 52 4 95 engine identifier local 3 55 4 96 engine identifier remote 3 56 4 96 filtering IP addresses 3 106 4 156 groups 3 6...

Страница 815: ...ion 3 72 4 120 settings 3 73 4 120 Telnet server enabling 3 34 4 136 time zone setting 3 46 4 75 time setting 3 42 4 67 TPID 3 233 4 316 traffic class weights 3 267 4 366 traffic segmentation 3 236 4 318 enabling 3 236 4 318 sessions assigning ports 3 237 4 319 sessions creating 3 237 4 320 uplink to uplink blocking 3 236 4 321 uplink to uplink forwarding 3 236 4 321 trap manager 2 7 3 52 4 93 tro...

Страница 816: ...334 detecting VoIP devices 3 279 4 334 enabling for ports 3 280 4 337 4 339 identifying client devices 3 282 4 336 VoIP traffic 3 279 4 334 ports configuring 3 280 4 337 4 339 telephony OUI configuring 3 282 4 336 voice VLAN configuring 3 279 4 334 W web authentication 3 110 4 176 address re authenticating 3 113 4 177 configuring 3 111 4 176 port information displaying 3 113 4 178 ports configurin...

Страница 817: ......

Страница 818: ...SMC6128PL2 SMC6152PL2 149100000007A R01 ...

Отзывы:

Нет отзывов

Похожие инструкции для 6152PL2 FICHE

4B M800 Elite Series Operation Manual preview
M800 Elite Series
Бренд: 4B Страницы: 12
Conrad 97 49 89 Operating Instructions Manual preview
97 49 89
Бренд: Conrad Страницы: 8
3Com 3C17205 - SuperStack 3 Switch 4400 PWR Getting Started Manual preview
3C17205 - SuperStack 3 Switch 4400 PWR
Бренд: 3Com Страницы: 90
Balluff BNI EIP-950-000-Z009 User Manual preview
BNI EIP-950-000-Z009
Бренд: Balluff Страницы: 12
Topex multiSwitch User Manual preview
multiSwitch
Бренд: Topex Страницы: 170
Pilz PSEN 1.2p-25 Operating Instructions Manual preview
PSEN 1.2p-25
Бренд: Pilz Страницы: 8
FCI FS10A Installation & Operation Manual preview
FS10A
Бренд: FCI Страницы: 78
Leonton EG2-1600 Series User Manual preview
EG2-1600 Series
Бренд: Leonton Страницы: 19
Labgear HDS3K User Manual preview
HDS3K
Бренд: Labgear Страницы: 8
Endress+Hauser Nivotester FTC325 Instruction Manual preview
Nivotester FTC325
Бренд: Endress+Hauser Страницы: 40
Generac Power Systems TRANSFER SWITCH Warranty Information Booklet preview
TRANSFER SWITCH
Бренд: Generac Power Systems Страницы: 1
Black Box LGB5028A Installation Manual preview
LGB5028A
Бренд: Black Box Страницы: 44
Sandberg Mini Hub 5 port Quick Start Manual preview
Mini Hub 5 port
Бренд: Sandberg Страницы: 12
Kathrein EXE 1512 Manual preview
EXE 1512
Бренд: Kathrein Страницы: 41
Virtualfly SOLO Airliner RS User Manual preview
SOLO Airliner RS
Бренд: Virtualfly Страницы: 32
Hailink MX44NN00RK User Manual preview
MX44NN00RK
Бренд: Hailink Страницы: 6
iNels RFJA-12B Manual preview
RFJA-12B
Бренд: iNels Страницы: 4
Smart-M DVNET-4Duo User Manual preview
DVNET-4Duo
Бренд: Smart-M Страницы: 2

Бренды по названию

Популярные бренды

Загрузить еще бренды