SMC Networks TigerSwitch 1000 Скачать руководство пользователя страница 121 | Manualshive

Страница: 121 / 480

SMC Networks TigerSwitch 1000 Скачать руководство пользователя страница 121

A

CCESS

C

ONTROL

L

ISTS

3-73

2. Allow TCP packets from class C addresses 192.168.1.0 to any

destination address when set for destination TCP port 80 (i.e., HTTP).

3. Permit all TCP packets from class C addresses 192.168.1.0 with the

TCP control code set to “SYN.”

Binding a Port to an Access Control List

After configuring the Access Control Lists (ACL), you can bind the ports
that need to filter traffic to the appropriate ACLs. You can assign one IP
access list to any port.

Command Usage

•

Each ACL can have up to 60 rules.

•

This switch supports ACLs for ingress filtering only. However, you can
only bind one IP ACL to any port for ingress filtering. In other words,
only one ACL can be bound to an interface - Ingress IP ACL.

Command Attributes

•

Port

– Fixed port or SFP module. (Range: 1-50)

•

IP

– Specifies the IP ACL to bind to a port.

•

IN

– ACL for ingress packets.

•

ACL Name

– Name of the ACL.

Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any

4-116

Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any dport 80
Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any tcp

control-code 2 2

Console(config-std-acl)#

«
...
119
120
121
122
123
...
»

Содержание TigerSwitch 1000

Страница 1: ...switching architecture Support for a redundant power unit Spanning Tree Protocol and Rapid STP Up to six LACP or static 8 port trunks CoS support for four level priority Full support for VLANs with GV...

Страница 2: ......

Страница 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 1000 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions November 2005...

Страница 4: ...d by implication or oth erwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2005 by SMC Networks Inc 38 Tesla Irvine CA...

Страница 5: ...corporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinua...

Страница 6: ...IDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUN...

Страница 7: ...Dynamic Configuration 2 7 Enabling SNMP Management Access 2 8 Community Strings 2 9 Trap Receivers 2 10 Saving Configuration Settings 2 10 Managing System Files 2 11 3 Configuring the Switch 3 1 Usin...

Страница 8: ...ss Strings 3 39 Specifying Trap Managers and Trap Types 3 40 User Authentication 3 42 Configuring User Accounts 3 42 Configuring Local Remote Logon Authentication 3 44 Configuring HTTPS 3 48 Replacing...

Страница 9: ...Configuring Rate Limits 3 100 Rate Limit Configuration 3 100 Showing Port Statistics 3 101 Address Table Settings 3 108 Setting Static Addresses 3 108 Displaying the Address Table 3 110 Changing the...

Страница 10: ...DSCP Priority 3 160 Mapping DSCP Priority 3 160 Mapping CoS Values to ACLs 3 162 Multicast Filtering 3 164 Layer 2 IGMP Snooping and Query 3 165 Configuring IGMP Snooping and Query Parameters 3 165 D...

Страница 11: ...4 17 exec timeout 4 18 password thresh 4 19 silent time 4 20 databits 4 20 parity 4 21 speed 4 22 stopbits 4 23 disconnect 4 23 show line 4 24 General Commands 4 25 enable 4 26 disable 4 27 configure...

Страница 12: ...ip ssh server key size 4 50 delete public key 4 50 ip ssh crypto host key generate 4 51 ip ssh crypto zeroize 4 52 ip ssh save host key 4 52 show ip ssh 4 53 show ssh 4 53 show public key 4 55 Event L...

Страница 13: ...w version 4 80 Frame Size Commands 4 81 jumbo frame 4 81 Flash File Commands 4 83 copy 4 83 delete 4 86 dir 4 87 whichboot 4 88 boot system 4 89 Authentication Commands 4 90 Authentication Sequence 4...

Страница 14: ...d 4 108 dot1x timeout tx period 4 109 show dot1x 4 109 Access Control List Commands 4 112 IP ACLs 4 114 access list ip 4 114 permit deny Standard ACL 4 115 permit deny Extended ACL 4 116 show ip acces...

Страница 15: ...e limit 4 147 Link Aggregation Commands 4 149 channel group 4 151 lacp 4 151 lacp system priority 4 154 lacp admin key Ethernet Interface 4 155 lacp admin key Port Channel 4 156 lacp port priority 4 1...

Страница 16: ...LAN Interfaces 4 185 interface vlan 4 186 switchport mode 4 187 switchport acceptable frame types 4 188 switchport ingress filtering 4 189 switchport native vlan 4 190 switchport allowed vlan 4 191 sw...

Страница 17: ...g Commands 4 219 IGMP Snooping Commands 4 220 ip igmp snooping 4 220 ip igmp snooping vlan static 4 221 ip igmp snooping version 4 222 show ip igmp snooping 4 222 show mac address table multicast 4 22...

Страница 18: ...cts 4 234 ping 4 235 A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 3 Management Information Bases A 3 B Troubleshooting B 1 Problems Accessing the Management...

Страница 19: ...CONTENTS xv...

Страница 20: ...le 3 13 CoS to ACL Mapping 3 162 Table 4 1 Command Modes 4 7 Table 4 2 Configuration Commands 4 9 Table 4 3 Keystroke Commands 4 10 Table 4 4 Command Group Index 4 11 Table 4 5 Line Command Syntax 4 1...

Страница 21: ...Priority Mapping 4 120 Table 4 36 ACL Information 4 122 Table 4 37 SNMP Commands 4 123 Table 4 38 Interface Commands 4 131 Table 4 39 show interfaces switchport display description 4 144 Table 4 40 Mi...

Страница 22: ...ayer 3 and 4 4 216 Table 4 59 Mapping IP DSCP to CoS Values 4 217 Table 4 60 Multicast Filtering Commands 4 219 Table 4 61 IGMP Snooping Commands 4 220 Table 4 62 IGMP Query Commands Layer 2 4 224 Tab...

Страница 23: ...TABLES xix...

Страница 24: ...30 Figure 3 15 System Logs 3 32 Figure 3 16 Remote Logs 3 34 Figure 3 17 Displaying Logs 3 35 Figure 3 18 Resetting the System 3 35 Figure 3 19 SNTP Configuration 3 37 Figure 3 20 Setting the Time Zo...

Страница 25: ...N Statistics 3 107 Figure 3 51 Mapping Ports to Static Addresses 3 109 Figure 3 52 Displaying the MAC Dynamic Address Table 3 111 Figure 3 53 Setting the Aging Time 3 112 Figure 3 54 Displaying the Sp...

Страница 26: ...ority Status 3 160 Figure 3 75 Mapping IP DSCP Priority to Class of Service Values 3 161 Figure 3 76 Configuring Internet Group Management Protocol 3 167 Figure 3 77 Mapping Multicast Switch Ports to...

Страница 27: ...he switch s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Te...

Страница 28: ...ations Some of the management features are briefly described below Port Trunking Supports up to 25 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Address...

Страница 29: ...anagement access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filte...

Страница 30: ...uld fail The switch supports up to 25 trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffi...

Страница 31: ...nce by allowing two or more redundant connections to be created between a pair of LAN segments When there are multiple physical paths between segments this protocol will choose a single path and disab...

Страница 32: ...ity by restricting all traffic to the originating VLAN Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN...

Страница 33: ...m Defaults The switch s system defaults are provided in the configuration file Factory_Default_Config cfg To reset the switch defaults this file should be set as the startup configuration file page 3...

Страница 34: ...mits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Status Enabled all ports Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Ena...

Страница 35: ...t Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Disabled BOOTP Disabled Multicast Filtering IGMP Snooping Snooping Enabled Querier Enabled System Log Status Enabled Messages Logged Levels 0 6 all...

Страница 36: ...INTRODUCTION 1 10...

Страница 37: ...nt allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Microsoft IE version 5 0...

Страница 38: ...filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spanning Tree parameters Configure Class of Service CoS priority queuing Confi...

Страница 39: ...bit and no parity Set flow control to none Set the emulation mode to VT100 With HyperTerminal select Terminal keys not Windows keys Notes 1 When using HyperTerminal with Microsoft Windows 2000 make s...

Страница 40: ...d using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above or from a...

Страница 41: ...etting Passwords Note If this is your first time to log into the CLI program you should define new passwords for both default user names using the username command record them and put them in a safe p...

Страница 42: ...ou may also need to specify a default gateway that resides between this device and management stations on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated...

Страница 43: ...ou select the bootp or dhcp option IP will be enabled but will not function until a BOOTP or DHCP reply has been received You therefore need to use the ip dhcp restart client command to start broadcas...

Страница 44: ...face command Press Enter 6 Then save your configuration changes by typing copy running config startup config Enter the startup file name and press Enter Enabling SNMP Management Access The switch can...

Страница 45: ...ess level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects private with read write access Authorized management stations are ab...

Страница 46: ...n order to configure the switch to send SNMP notifications you must enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link u...

Страница 47: ...uration files can be selected as a system start up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot b...

Страница 48: ...f each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that...

Страница 49: ...a Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configu...

Страница 50: ...password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses t...

Страница 51: ...s and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The ho...

Страница 52: ...Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web...

Страница 53: ...re firmware version numbers and power status 3 13 Bridge Extension Shows the bridge extension parameters 3 15 IP Configuration Sets the IP address for management access 3 17 File 3 22 Copy Allows the...

Страница 54: ...ttings Configures Secure Shell server settings 3 55 Host Key Settings Generates the host key pair public and private 3 53 Port Security Configures per port security including status response for secur...

Страница 55: ...7 Port Counters Information Displays statistics for LACP protocol messages 3 90 Port Internal Information Displays settings and operational state for local side 3 92 Port Neighbors Information Display...

Страница 56: ...ttings for STA 3 121 Port Configuration Configures individual port settings for STA 3 125 Trunk Configuration Configures individual trunk settings for STA 3 125 VLAN 3 129 802 1Q VLAN GVRP Status Enab...

Страница 57: ...ype and associates the interfaces with a private VLAN 3 151 Trunk Information Shows VLAN port type and associated primary or secondary VLANs 3 149 Trunk Configuration Sets the private VLAN interface t...

Страница 58: ...ast filtering configures parameters for multicast query 3 165 Multicast Router Port Information Displays the ports that are attached to a neighboring multicast router for each VLAN ID 3 168 Static Mul...

Страница 59: ...the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled...

Страница 60: ...tem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line In...

Страница 61: ...6 Console config snmp server contact Geoff 4 126 Console config exit Console show system 4 79 System description SMC8748L2 Layer 2 Gigabit Ethernet Intelligent Switch System OID string 1 3 6 1 4 1 202...

Страница 62: ...gement Software Loader Version Version number of loader code Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Expansion Slot Expa...

Страница 63: ...Displaying Private VLAN Interface Information on page 3 149 Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses Refer to Setting Static Addresses on pa...

Страница 64: ...MRP it uses the Internet Group Management Protocol IGMP to provide automatic multicast filtering Web Click System Bridge Extension Figure 3 5 Bridge Extension Configuration CLI Enter the following com...

Страница 65: ...he CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all ports on the switch are members of VLAN 1 However the management station can be atta...

Страница 66: ...tion Web Click System IP Configuration Select the VLAN through which the management station is attached set the IP Address Mode to Static enter the IP address subnet mask and gateway then click Apply...

Страница 67: ...agement station is attached set the IP Address Mode to DHCP or BOOTP Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadc...

Страница 68: ...to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP service v...

Страница 69: ...ument in this Batch Upgrade folder Command Attributes File Transfer Method The firmware copy operation includes these options file to file Copies a file within the switch directory assigning it a new...

Страница 70: ...of the TFTP server set the file type to opcode enter the file name of the software to download select a file on the switch to overwrite or specify a new file name then click Apply If you replaced the...

Страница 71: ...toring Configuration Settings You can upload download configuration settings to from a TFTP server The configuration file can be later downloaded to restore the switch s settings Command Attributes Fi...

Страница 72: ...g to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to running config Copies a file from a...

Страница 73: ...tartup config or tftp to file and enter the IP address of the TFTP server Specify the name of the file to download and select a file on the switch to overwrite or specify a new file name then click Ap...

Страница 74: ...via the web or CLI interface Command Attributes Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the...

Страница 75: ...Defines the generation of a parity bit Communication protocols provided by some terminals can require a specific parity bit setting Specify Even Odd or None Default None Speed Sets the terminal line...

Страница 76: ...assword 0 secret 4 12 Console config line timeout login response 0 4 13 Console config line exec timeout 0 4 13 Console config line password thresh 3 4 14 Console config line silent time 60 4 15 Conso...

Страница 77: ...e connection is terminated for the session Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected withi...

Страница 78: ...d To display the current virtual terminal settings use the show line command from the Normal Exec level Console config line vty 4 10 Console config line login local 4 11 Console config line password 0...

Страница 79: ...s Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you...

Страница 80: ...be logged to RAM and flash memory then click Apply Figure 3 15 System Logs Table 3 3 Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages on...

Страница 81: ...erver to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by...

Страница 82: ...syslog server host IP address choose the facility type and set the logging trap Console config logging host 192 168 1 15 4 45 Console config logging facility 23 4 45 Console config logging trap 4 4 4...

Страница 83: ...b Click System Log Logs Figure 3 17 Displaying Logs CLI This example shows the event message stored in RAM Resetting the System Web Click System Reset Reset to reboot the switch When prompted confirm...

Страница 84: ...ill only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You can c...

Страница 85: ...Figure 3 19 SNTP Configuration CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp client 4 70 Console conf...

Страница 86: ...Attributes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before...

Страница 87: ...rights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for conf...

Страница 88: ...Configuring SNMP Community Strings CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the...

Страница 89: ...message whenever an invalid community string is submitted during the SNMP access authentication process The default is enabled Enable Link up and Link down Traps Issues link up or link down traps The...

Страница 90: ...b SNMP or Telnet interface Configuring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboar...

Страница 91: ...name select the user s access level then enter a password and confirm it Click Add to save the new user account and add it to the Account List To change the password for a specific user enter the use...

Страница 92: ...S aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the s...

Страница 93: ...n server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on t...

Страница 94: ...acters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch...

Страница 95: ...4 94 Console config radius server port 181 4 95 Console config radius server key green 4 95 Console config radius server retransmit 5 4 96 Console config radius server timeout 10 4 97 Console show rad...

Страница 96: ...ng the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data...

Страница 97: ...Certificate When you log onto the web interface using HTTPS for secure access a Secure Sockets Layer SSL certificate appears for the switch By default the certificate that Netscape and Internet Explor...

Страница 98: ...n remote login rsh remote shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkley...

Страница 99: ...create a host public private key pair 2 Provide Host Public Key to Clients Many SSH client programs automatically import the host public key during the initial connection setup with the switch Otherw...

Страница 100: ...switch the SSH server uses the host key pair to negotiate a session key and encryption method Only clients that have a private key corresponding to the public keys stored on the switch can access The...

Страница 101: ...encoded modulus DSA The first field indicates that the encryption method used by SSH is based on the Digital Signature Standard DSS The last string is the encoded modulus Host Key Type The key type us...

Страница 102: ...emory RAM and non volatile memory Flash Web Click Security SSH Host Key Settings Select the host key type from the drop down box select the option to save the host key from memory to flash if required...

Страница 103: ...st key 4 47 Console show public key host 4 47 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 63...

Страница 104: ...es the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits W...

Страница 105: ...n automatically take action by disabling the port and sending a trap message To use port security first allow the switch to dynamically learn the source MAC address VLAN pair for frames received on a...

Страница 106: ...connection device If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 80 Command Attributes Port Port number Name De...

Страница 107: ...work resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access...

Страница 108: ...ent version of the firmware supports only the MD5 authentication method The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies...

Страница 109: ...server and client also have to support the same EAP authentication type The current version of the firmware supports only the EAP MD5 authetication type Some clients have native support in Windows oth...

Страница 110: ...abled Web Select Security 802 1x Configuration Enable dot1x globally for the switch and click Apply Figure 3 30 802 1x Global Configuration CLI This enables 802 1x globally for the switch Console show...

Страница 111: ...s Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authen...

Страница 112: ...3600 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Authorized Yes Connected clien...

Страница 113: ...s Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 52 disabled Single Host ForceAuthorized n a 802 1X Port Details 802 1X is disabled on p...

Страница 114: ...The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth...

Страница 115: ...he statistics Figure 3 32 Displaying 802 1x Port Statistics Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request fram...

Страница 116: ...uential list of permit or deny conditions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by o...

Страница 117: ...Ingress IP ACL for ingress ports 2 Explicit default rule permit any any in the ingress IP ACL for ingress ports 3 If no explicit rule is matched the implicit default is permit all Setting the ACL Name...

Страница 118: ...source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Optio...

Страница 119: ...dress range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain either all permit rules or all deny rules Default Permit rules Src Dst I...

Страница 120: ...ecify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet a...

Страница 121: ...t to any port Command Usage Each ACL can have up to 60 rules This switch supports ACLs for ingress filtering only However you can only bind one IP ACL to any port for ingress filtering In other words...

Страница 122: ...ing Management Access You can specify the client IP addresses that are allowed management access to the switch through the web interface SNMP or Telnet Command Usage The management interfaces are open...

Страница 123: ...for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can...

Страница 124: ...e the Port Information or Trunk Information pages to display the current connection status including link state speed duplex mode flow control and auto negotiation Field Attributes Web Name Interface...

Страница 125: ...if port is a trunk member Creation2 Shows if a trunk is manually configured or dynamically set via LACP 1 Port Information only 2 Trunk Information only Web Click Port Port Information or Trunk Inform...

Страница 126: ...half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Supports 1000 Mbps full duplex operation Sym Transmits and receives pause frames for flow control FC Supports flow contro...

Страница 127: ...one CLI This example shows the connection status for Port 5 Console show interfaces status ethernet 1 5 4 140 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 30 f1 47 58 46 Con...

Страница 128: ...duplex mode Flow Control Allows automatic or manual selection of flow control Autonegotiation Port Capabilities Allows auto negotiation to be enabled disabled When auto negotiation is enabled you need...

Страница 129: ...grade overall performance for the segment attached to the hub Default Autonegotiation enabled Advertised capabilities for 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full T...

Страница 130: ...nfigured ports on another device You can configure any number of ports on the switch as LACP as long as they are not already configured as part of a static trunk If ports on another device are also co...

Страница 131: ...onfiguring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at both ends of a trunk must be configured in an identical manner includi...

Страница 132: ...d trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier Range 1 25 Port Port identifier Range 1 50 Web Click Port Trunk Membership Enter a trunk ID of 1 25...

Страница 133: ...nsole config interface ethernet 1 1 4 132 Console config if channel group 1 4 151 Console config if exit Console config interface ethernet 1 2 Console config if channel group 1 Console config if end C...

Страница 134: ...one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation Command Attributes Member List Current Shows configured trunks Port New I...

Страница 135: ...e port channel admin key lacp admin key page 4 156 is Console config interface ethernet 1 1 4 132 Console config if lacp 4 151 Console config if exit Console config interface ethernet 1 6 Console conf...

Страница 136: ...system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations wi...

Страница 137: ...ionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is...

Страница 138: ...e config if lacp actor system priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console sh lacp sysid 4 158 Channel Group Syste...

Страница 139: ...DUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not c...

Страница 140: ...ACPDUs Sent 21 LACPDUs Received 21 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 7 LACP Settings Field Description Oper Key Current operational value of...

Страница 141: ...this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The Sy...

Страница 142: ...P configuration settings and operational state for the local side of port channel 1 Console show 1 lacp internal 4 158 Channel group 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP Syste...

Страница 143: ...ative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current ad...

Страница 144: ...e side of port channel 1 Console show 1 lacp neighbors 4 158 Channel group 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 32768 00 00 00 00 00 01 Partner Ad...

Страница 145: ...t traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does not effect IP mu...

Страница 146: ...2 Console config if no switchport broadcast 4 138 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 500 4 138 Console config if end Consol...

Страница 147: ...affic may be dropped from the monitor port All mirror sessions have to share the same destination port When mirroring port traffic the target port must be included in the same VLAN as the source port...

Страница 148: ...ximum rate for traffic received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic coming into the switch Packets that exceed the acceptable amount of...

Страница 149: ...set the Rate Limit Level and click Apply Figure 3 48 Configuring Input Port Rate Limiting CLI This example sets the rate limit for input traffic passing through port 3 Showing Port Statistics You can...

Страница 150: ...ed on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets The number of packets...

Страница 151: ...arded or not sent Transmit Broadcast Packets The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer includin...

Страница 152: ...ls due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Erro...

Страница 153: ...good frames received that were directed to the broadcast address Note that this does not include multicast packets Multicast Frames The total number of good frames received that were directed to this...

Страница 154: ...luding bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets 65 127 Byte Frames 128 255 Byte Frames 256 511 Byte Frames 512 1023 Byte Frame...

Страница 155: ...PORT CONFIGURATION 3 107 Figure 3 50 Displaying Etherlike and RMON Statistics...

Страница 156: ...tats Octets input 868453 Octets output 3492122 Unicast input 7315 Unitcast output 6658 Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftab...

Страница 157: ...of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Web Only Web Click Address Table Static Addresses Specify the interface the MAC address and VLAN then click Add Static Address Fi...

Страница 158: ...dress are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interface Indicates a port or trunk MAC Address Physical address associated with th...

Страница 159: ...splaying the MAC Dynamic Address Table CLI This example also displays the address table entries for port 1 Changing the Aging Time You can set the aging time for entries in the dynamic address table C...

Страница 160: ...network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your n...

Страница 161: ...etwork packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for He...

Страница 162: ...figure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes...

Страница 163: ...tree used on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The dev...

Страница 164: ...rt needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interval between the tran...

Страница 165: ...pports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below Console s...

Страница 166: ...ree Protocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default Priority Bridge priorit...

Страница 167: ...ed to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward...

Страница 168: ...terface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 65535 Transmission Limit The maximum transmission rat...

Страница 169: ...begins learning addresses Forwarding Port forwards packets and continues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device i...

Страница 170: ...s of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 3 125 Oper...

Страница 171: ...this port in the Spanning Tree Algorithm If the path cost for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spannin...

Страница 172: ...for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not ca...

Страница 173: ...oint connection or shared media connection and edge port to indicate if the attached device can support fast forwarding Console show spanning tree ethernet 1 5 4 181 Eth 1 5 information Admin status e...

Страница 174: ...forwards packets and continues learning addresses Trunk Indicates if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enable...

Страница 175: ...ne other bridge Shared A connection to two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media This is the default setting...

Страница 176: ...b Click Spanning Tree STA Port Configuration or Trunk Configuration Modify the required attributes then click Apply Figure 3 57 Configuring Spanning Tree Algorithm per Port CLI This example sets STA a...

Страница 177: ...t having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R D usage groups such as e mail or multicast groups used for multimedia ap...

Страница 178: ...ticipate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port...

Страница 179: ...switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IEEE 802 1Q VLAN protocol it can be configured to broadcast...

Страница 180: ...ched directly to a single switch you can assign ports to the same untagged VLAN However to participate in a VLAN group that crosses several switches you should create a VLAN for that group and enable...

Страница 181: ...red based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local sw...

Страница 182: ...nd whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN f...

Страница 183: ...Q VLAN Current Table Select any ID from the scroll down list Figure 3 60 Displaying VLAN Information by Port Membership Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type...

Страница 184: ...s only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or dis...

Страница 185: ...ick Add Figure 3 61 Creating Virtual LANs CLI This example creates a new VLAN Console config vlan database 4 183 Console config vlan vlan 2 name R D media ethernet state active 4 184 Console config vl...

Страница 186: ...ports to a VLAN as tagged members 2 VLAN 1 is the default untagged VLAN containing all ports on the switch and can only be modified by first reassigning the default port VLAN ID as described under Co...

Страница 187: ...the VLAN via GVRP For more information see Automatic VLAN Registration on page 3 131 None Interface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interf...

Страница 188: ...AN Static Membership Select an interface from the scroll down box Port or Trunk Click Query to display membership information for the interface Select a VLAN ID and then click Add to add the interface...

Страница 189: ...y for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network GARP Group Address Registration Protocol is used by GVRP to register or der...

Страница 190: ...always enabled Default Enabled Ingress filtering only affects tagged frames If a port receives frames tagged for VLANs for which it is not a member these frames will be discarded Ingress filtering do...

Страница 191: ...VLAN membership mode for an interface Default Hybrid 1Q Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two switches so the port transmits tagged frames that i...

Страница 192: ...sets the GARP timers and then sets the switchport mode to hybrid Console config interface ethernet 1 3 4 132 Console config if switchport acceptable frame types tagged 4 188 Console config if switchp...

Страница 193: ...ernet while the community or isolated ports provide restricted access to local users Multiple primary VLANs can be configured on this switch and multiple community VLANs can be associated with each pr...

Страница 194: ...solated VLAN Displaying Current Private VLANs The Private VLAN Information page displays information on the private VLANs configured on the switch including primary community and isolated VLANs and th...

Страница 195: ...d as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLANs The Private VLAN Configuration page is used to create r...

Страница 196: ...Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entry in the Current list box and then click Remov...

Страница 197: ...t box and click Add to associate these entries with the selected primary VLAN A community VLAN can only be associated with one primary VLAN Figure 3 67 Private VLAN Association CLI This example associ...

Страница 198: ...iscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associate...

Страница 199: ...e VLAN Host The port is a community port or an isolated port A community port can communicate with other ports in its own community VLAN and with designated promiscuous port s An isolated port can onl...

Страница 200: ...Port Type to Host then specify an isolated VLAN by marking the check box for an Isolated VLAN and selecting the required VLAN from the drop down box Web Click VLAN Private VLAN Port Configuration or T...

Страница 201: ...ags to the switch s priority queues Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch All untagged packets entering the switch are...

Страница 202: ...an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Command Attributes Default Priority The priority that is assigned to untagged frames received...

Страница 203: ...lowing table However you can map the priority levels to the switch s output queues in any way that benefits application traffic for your own network Console config interface ethernet 1 3 4 132 Console...

Страница 204: ...display the current mapping of CoS values to output queues Assign priorities to the traffic classes i e output queues for the selected interface then click Apply Figure 3 71 Configuring Ports and Trun...

Страница 205: ...ime the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin sh...

Страница 206: ...port You can assign a weight to each of these queues and thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently...

Страница 207: ...rame using the number of the TCP port When these service is enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Beca...

Страница 208: ...ority IP DSCP Priority Status Check Enabled then click Apply Figure 3 74 IP DSCP Priority Status Mapping DSCP Priority The DSCP is six bits wide allowing coding for up to 64 different forwarding behav...

Страница 209: ...ity and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Service Value fiel...

Страница 210: ...e Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to output queues see pag...

Страница 211: ...ays the configured information For information on configuring ACLs see page 3 68 Web Click Priority ACL CoS Priority Enable mapping for any port select an ACL from the scroll down list then click Appl...

Страница 212: ...ssed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It iden...

Страница 213: ...ppropriate interfaces within the switch Static IGMP Host Interface For multicast applications that you need to control more carefully you can manually assign a multicast service to specific interfaces...

Страница 214: ...s is also referred to as IGMP Snooping Default Enabled Act as IGMP Querier When enabled the switch can serve as the Querier which is responsible for asking hosts if they want to receive multicast traf...

Страница 215: ...is example modifies the settings for multicast filtering and then displays the current status Console config ip igmp snooping 4 220 Console config ip igmp snooping querier 4 224 Console config ip igmp...

Страница 216: ...n the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID...

Страница 217: ...nsure that multicast traffic is passed to all the appropriate interfaces within the switch Command Attributes Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propaga...

Страница 218: ...e VLAN ID Selects the VLAN for which to display port members Multicast IP Address The IP address for a specific multicast service Multicast Group Port List Shows the interfaces that have already been...

Страница 219: ...if this entry was learned dynamically or was statically configured Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages...

Страница 220: ...ffic coming from the attached multicast router switch Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Web Click...

Страница 221: ...ll the known multicast services supported on VLAN 1 Console config ip igmp snooping vlan 1 static 224 1 1 12 ethernet 1 12 4 221 Console config exit Console show mac address table multicast vlan 1 4 2...

Страница 222: ...CONFIGURING THE SWITCH 3 174...

Страница 223: ...on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and gues...

Страница 224: ...address for the switch and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network outside your office o...

Страница 225: ...t command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI comma...

Страница 226: ...CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further inpu...

Страница 227: ...interfaces Interface information ip IP information lacp LACP statistics line TTY line information log Login records logging Login setting mac address table Configuration of the address table managemen...

Страница 228: ...mand will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI main...

Страница 229: ...you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Only a limited nu...

Страница 230: ...ng config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as ho...

Страница 231: ...s To enter the other modes at the configuration prompt type one of the following commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following comman...

Страница 232: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Страница 233: ...lso configures port security and IEEE 802 1X port access control 4 90 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP f...

Страница 234: ...figures VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 183 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning...

Страница 235: ...ets the interval that the command interpreter waits until user input is detected LC 4 18 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts LC 4 19...

Страница 236: ...et Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show...

Страница 237: ...by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by...

Страница 238: ...ection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You can use the password thresh command to set the...

Страница 239: ...ult Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the...

Страница 240: ...ting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the timeout interval the session is kept open otherwise the session is terminated T...

Страница 241: ...Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use...

Страница 242: ...console response Range 0 65535 0 no silent time Default Setting The default value is no silent time Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Rel...

Страница 243: ...ata bits per character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 21 parity This command defines the generat...

Страница 244: ...speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 57600 115200 bps or auto Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud...

Страница 245: ...bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits enter this command disconnect Use this command to terminate an SSH Telnet or console connection Syntax di...

Страница 246: ...isconnect an SSH or Telnet connection Example Related Commands show ssh 4 53 show users 4 80 show line This command displays the terminal line s parameters Syntax show line console vty console Console...

Страница 247: ...nsole Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 26 disable Returns to normal mode from privileged mode PE 4 27 configure Activates global configuratio...

Страница 248: ...s 0 Normal Exec 15 Privileged Exec Enter level 15 to access Privileged Exec mode Default Setting Level 15 Command Mode Normal Exec Command Usage super is the default password required to change the co...

Страница 249: ...is appended to the end of the prompt to indicate that the system is in normal access mode Example Related Commands enable 4 26 configure This command activates Global Configuration mode You must ente...

Страница 250: ...ec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this example the show history command lists the contents of the command history buff...

Страница 251: ...his command restarts the system Note When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy...

Страница 252: ...ion mode exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged...

Страница 253: ...Table 4 7 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4 32 User Access Configures the basic user names and pas...

Страница 254: ...ion System Status Displays system configuration active managers and version information 4 75 Frame Size Enables support for jumbo frames 4 81 Table 4 8 Device Designation Commands Command Function Mod...

Страница 255: ...nt access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 13 user authentication via a remote authentication serv...

Страница 256: ...m users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in 0 7 0...

Страница 257: ...ivileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable password level level 0 7 password no enable password level level level level Level 15 for Pri...

Страница 258: ...ous protocols Use the no form to restore the default setting Syntax no management all client http client snmp client telnet client start address end address all client Adds IP address es to the SNMP w...

Страница 259: ...r the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot...

Страница 260: ...management all client Management Ip Filter Http Client Start ip address End ip address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Snmp Client Start ip address End ip address 1 192 168 1...

Страница 261: ...ing 80 Command Mode Global Configuration Example Related Commands ip http server 4 39 ip http server This command allows this device to be monitored or configured from a browser Use the no form to dis...

Страница 262: ...nnection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default Setting Enabled Command Mode Global Configuration Command Usage Both HTTP and HT...

Страница 263: ...ing systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 3 49 Also refer to the copy command on page 4 83 Example Related Comm...

Страница 264: ...e Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must spe...

Страница 265: ...ort This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax no ip telnet port port number port number The TCP port to be used by the brow...

Страница 266: ...Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a pub...

Страница 267: ...the SSH server GC 4 48 ip ssh authentication retries Specifies the number of retries allowed by a client GC 4 49 ip ssh server key size Sets the SSH server key size GC 4 50 copy tftp public key Copies...

Страница 268: ...2 59566410486957427888146206 519417467729848654686157177393901647793559423035774130980227370877945452408397 1752646358058176716709574804776117 3 Import Client s Public Key to the Switch Use the copy t...

Страница 269: ...witch uses the public key to encrypt a random sequence of bytes and sends this string to the client d The client uses its private key to decrypt the bytes and sends the decrypted bytes back to the swi...

Страница 270: ...56 bit or 3DES 168 bit for data encryption You must generate the host key before enabling the SSH server Example Related Commands ip ssh crypto host key generate 4 51 show ssh 4 53 ip ssh timeout This...

Страница 271: ...3 ip ssh authentication retries This command configures the number of times the SSH server attempts to reauthenticate a user Use the no form to restore the default setting Syntax ip ssh authentication...

Страница 272: ...on Command Usage The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Example delete public key This command del...

Страница 273: ...RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration proces...

Страница 274: ...the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Relate...

Страница 275: ...SSH server Command Mode Privileged Exec Example show ssh This command displays the current SSH server connections Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Console...

Страница 276: ...ES Options for SSHv2 0 can include different algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfi...

Страница 277: ...g is the encoded modulus Example Console show public key host Host RSA 1024 65537 1568499540186766925933394677505461732531367489083654725415020245593 19986854435836165199992332978176606583095861082591...

Страница 278: ...hat are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 56 logging history Limits syslog messages saved to switch memory based on...

Страница 279: ...on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity...

Страница 280: ...rver host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default...

Страница 281: ...e A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The c...

Страница 282: ...gging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 57 Default Setting Disabled Level 7 0 Command Mode Glo...

Страница 283: ...ds show log 4 63 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging fla...

Страница 284: ...level debugging Console Table 4 19 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in F...

Страница 285: ...ow logging trap display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command REMOTELOG status Shows if remote logging has been enabled via t...

Страница 286: ...ification level 6 module 5 function 1 and event no 1 Console Table 4 21 SMTP Alert Commands Command Function Mode Page loggingsendmailhost Specifies SMTP servers that will be sent alert messages GC 4...

Страница 287: ...mand to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection t...

Страница 288: ...tes an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example...

Страница 289: ...of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters...

Страница 290: ...ion Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Console...

Страница 291: ...servers specified with the sntp servers command Use the no form to disable SNTP client requests Syntax no sntp client Default Setting Disabled Command Mode Global Configuration Table 4 22 Time Command...

Страница 292: ...ated Commands sntp client 4 69 sntp poll 4 71 show sntp 4 72 sntp server This command sets the IP address of the servers to which SNTP time requests are issued Use the this command with no arguments t...

Страница 293: ...on the interval set via the sntp poll command Example Related Commands Related Commands 4 70 sntp poll 4 71 show sntp 4 72 sntp poll This command sets the interval between sending time requests when...

Страница 294: ...ple clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Ra...

Страница 295: ...t after of UTC Example Related Commands show sntp 4 72 calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switc...

Страница 296: ...e shows how to set the system clock to 15 12 34 February 1st 2002 show calendar This command displays the system clock Default Setting None Command Mode Normal Exec Privileged Exec Example Console cal...

Страница 297: ...separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Table 4 23 System Status Commands Com...

Страница 298: ...ing config 4 76 show running config This command displays the configuration information currently in use Default Setting None Console show startup config building startup config please wait username a...

Страница 299: ...es Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information SNMP community strings Users names acc...

Страница 300: ...blic ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486...

Страница 301: ...tion SMC8748L2 System OID string 1 3 6 1 4 1 202 20 42 System information System Up time 0 days 2 hours 3 minutes and 47 49 seconds System Name R D 5 System Location WC 9 System Contact Geoff MAC addr...

Страница 302: ...e session index number Example show version This command displays hardware and software version information for the system Default Setting None Console show users Username accounts Username Privilege...

Страница 303: ...for jumbo frames Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Console show version Unit 1 Serial number A429048179 Hardware version R01 EPLD version 15 15 Number of por...

Страница 304: ...ation end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept...

Страница 305: ...onfig file startup config tftp copy startup config file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to cop...

Страница 306: ...tch Valid characters A Z a z 0 9 _ Due to the size limit of the flash memory the switch supports only two operation code files The maximum number of user defined configuration files depends on availab...

Страница 307: ...ile name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Programm...

Страница 308: ...iguration file or image name unit Stack unit Range 1 8 Default Setting None Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Fact...

Страница 309: ...dir unit boot rom config opcode filename The type of file or image to display includes boot rom Boot ROM or diagnostic image file config Switch configuration file opcode Run time operation code image...

Страница 310: ...chboot unit unit Stack unit Range 1 8 Default Setting None Table 4 26 File Directory Information Column Heading Description file name The name of the file file type File types Boot Rom Operation Code...

Страница 311: ...of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or image name unit Stack unit Range 1 8...

Страница 312: ...mand Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 90 RADIUS Client Configures settings for authentication via a RADIUS server 4 93 TACACS Client Con...

Страница 313: ...ts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege...

Страница 314: ...S server password only tacacs Use TACACS server password Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS uses TCP UDP only offers best effort deliver...

Страница 315: ...ntication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name password p...

Страница 316: ...ce until a server responds or the retransmit period expires host_ip_address IP address of server host_alias Symbolic name of server Maximum length 20 characters port_number RADIUS server UDP port used...

Страница 317: ...1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server...

Страница 318: ...re the default Syntax radius server retransmit number_of_retries no radius server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the RADIUS server Ra...

Страница 319: ...ch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS s...

Страница 320: ...host This command specifies the TACACS server Use the no form to restore the default Syntax tacacs server host host_ip_address no tacacs server host host_ip_address IP address of a TACACS server Defa...

Страница 321: ...65535 Default Setting 49 Command Mode Global Configuration Example tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_st...

Страница 322: ...ady stored in the dynamic or static address table for this port will be authorized to access the network The port will drop any incoming frames with a source MAC address that is unknown or has been pr...

Страница 323: ...ake when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable port max mac count address count The maximum numbe...

Страница 324: ...t the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port monit...

Страница 325: ...identity packet to the client before it times out the authentication session IC 4 105 dot1x port control Sets dot1x mode for a port interface IC 4 105 dot1x operation mode Allows single or multiple h...

Страница 326: ...Syntax no dot1x system auth control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable dot1x global and port settings to their default...

Страница 327: ...control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requir...

Страница 328: ...ngle host Allows only a single host to connect to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts...

Страница 329: ...unit Range 1 8 port Port number Range 1 24 48 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to dis...

Страница 330: ...d seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected clie...

Страница 331: ...seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x statistics inte...

Страница 332: ...henticated page 4 108 quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new client page 4 108 tx period Time a port waits during authentication session...

Страница 333: ...Reauthentication State Machine State Current state including initialize reauthenticate Example Console show dot1x Global 802 1X Parameters system auth control enable 802 1X Port Summary Port Name Stat...

Страница 334: ...riteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny ru...

Страница 335: ...are included in an ACL and you attempt to bind the ACL to an interface for egress checking the bind operation will fail The order in which active ACLs are checked is as follows 1 User defined rules i...

Страница 336: ...es an IP ACL and enters configuration mode for standard or extended IP ACLs GC 4 114 permit deny Filters packets matching a specified source IP address STD ACL 4 115 permit deny Filters packets meetin...

Страница 337: ...no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 32 rules Example Related Commands permit deny 4 115 ip access group 4 119 show ip acce...

Страница 338: ...for each IP packet entering the port s to which this ACL has been assigned Example This example configures one permit rule for the specific address 10 1 1 21 and another rule for the address range 16...

Страница 339: ...bits to match host Keyword followed by a specific IP address sport Protocol1 source port number Range 0 65535 dport Protocol1 destination port number Range 0 65535 end Upper bound of the protocol por...

Страница 340: ...ccess list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_n...

Страница 341: ...e Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the ol...

Страница 342: ...CL Maximum length 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL mask before you can map CoS val...

Страница 343: ...ut queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 Command Mode Privileged Exec Ex...

Страница 344: ...ws all ACLs and associated rules PE 4 122 show access group Shows the ACLs assigned to each port PE 4 123 Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 0 0...

Страница 345: ...ess list david IP access list jerry Console Table 4 37 SNMP Commands Command Function Mode Page show snmp Displays the status of SNMP communications NE PE 4 124 snmp server community Sets up the commu...

Страница 346: ...Example Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities 1 private and the privilege is read write 2 public and the privilege is read only 0 S...

Страница 347: ...nsitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are...

Страница 348: ...ion Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 126 snmp server location This command sets the system location...

Страница 349: ...trap destination IP address entries community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp serve...

Страница 350: ...for that host must be enabled Some notification types cannot be controlled with the snmp server enable traps command For example some notification types are always enabled The switch can send SNMP Ver...

Страница 351: ...an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must enter at least one snmp server enable tr...

Страница 352: ...COMMAND LINE INTERFACE 4 130 Example Related Commands snmp server host 4 127 Console config snmp server enable traps link up down Console config...

Страница 353: ...negotiation Enables autonegotiation of a given interface IC 4 134 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 135 flowcontrol Enables flow control on...

Страница 354: ...port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command add...

Страница 355: ...l duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by...

Страница 356: ...for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negoti...

Страница 357: ...100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol...

Страница 358: ...eed duplex 4 133 flowcontrol 4 136 flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Enabled Command Mode Interface Configurat...

Страница 359: ...on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Example The...

Страница 360: ...trol Syntax switchport broadcast packet rate rate no switchport broadcast rate Threshold level as a rate i e packets per second Range 500 262143 Default Setting Enabled for all ports Packet rate limit...

Страница 361: ...mand Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However i...

Страница 362: ...t Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 vlan vlan id Range 1 4093 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Com...

Страница 363: ...thernet 1 5 Information of Eth 1 5 Basic information Port type 1000T Mac address 00 30 F1 D4 73 A5 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000ful...

Страница 364: ...3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late colli...

Страница 365: ...Exec Command Usage If no interface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet...

Страница 366: ...enabled Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only page 4 188 Native VLAN Indicates the default Port VLAN ID page 4 190 Priority for untagged traffi...

Страница 367: ...t unit Stack unit Range 1 8 port Port number Range 1 24 48 rx Mirror received packets tx Mirror transmitted packets both Mirror both received and transmitted packets Default Setting No mirror session...

Страница 368: ...s must share the same destination port However you should avoid sending too much traffic to the destination port from multiple source ports Example The following example configures the switch to mirro...

Страница 369: ...the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes rate limit This command defines the rate limit for a specific interface Use this...

Страница 370: ...48 input Input rate rate Percentage Default Setting 100 percent Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 1 Console config if rate limit in...

Страница 371: ...perating at full duplex Table 4 42 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interfaceport channel Configures a trunk and enters interface configuration mode f...

Страница 372: ...annel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the followin...

Страница 373: ...tic trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interfaces port channel to remove a trunk from the switch Examp...

Страница 374: ...med with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connected ports the trunk will be activated autom...

Страница 375: ...11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if end Console show interfaces status port channel 1 Information of Trunk...

Страница 376: ...e Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG id...

Страница 377: ...m priority matches 2 the LACP port admin key matches and 3 the LACP port channel admin key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel gro...

Страница 378: ...ommand Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port chann...

Страница 379: ...ates a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port...

Страница 380: ...sages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sys id Summary of system priority and MAC address for...

Страница 381: ...ls group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU or an ille...

Страница 382: ...inistrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled...

Страница 383: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Страница 384: ...0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 4 46 show lacp sysid display description Field Description Channel group A link aggregation group configured on...

Страница 385: ...unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 vlan id VLAN ID Range 1 4093 action delete on reset Assignment lasts until the switch is reset permanent Assignment is...

Страница 386: ...dress is seen on another interface the address will be ignored and will not be written to the address table A static address cannot be learned on another port until the address is removed with the no...

Страница 387: ...Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic add...

Страница 388: ...ging time seconds Aging time Range 10 1000000 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learn...

Страница 389: ...Spanning Tree Commands Command Function Mode Page spanning tree Enables the spanning tree protocol GC 4 168 spanning tree mode Configures STP or RSTP mode GC 4 169 spanning tree forward time Configur...

Страница 390: ...e spanning disabled Disables spanning tree for an interface IC 4 175 spanning tree cost Configures the spanning tree path cost of an interface IC 4 175 spanning tree port priority Configures the spann...

Страница 391: ...Spanning Tree Protocol IEEE 802 1D rstp Rapid Spanning Tree Protocol IEEE 802 1w Default Setting rstp Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal...

Страница 392: ...xpires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Example The following example configures the switch to use Rapid Spanning Tree spanning tree forward time This c...

Страница 393: ...y data loops might result Example spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning t...

Страница 394: ...Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconf...

Страница 395: ...is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lo...

Страница 396: ...4 176 Example spanning tree transmission limit This command configures the minimum interval between the transmission of consecutive RSTP BPDUs Use the no form to restore the default Syntax spanning tr...

Страница 397: ...nnel Example This example disables the spanning tree algorithm for port 5 spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore...

Страница 398: ...ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 173 is set to short th...

Страница 399: ...nning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface Config...

Страница 400: ...o disable fast forwarding Syntax no spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the...

Страница 401: ...and configures the link type for Rapid Spanning Tree Use the no form to restore the default Syntax spanning tree link type auto point to point shared no spanning tree link type auto Automatically deri...

Страница 402: ...igration interface interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Command Mode Privileged Exec Command Usage If at any time th...

Страница 403: ...and Mode Privileged Exec Command Usage Use the show spanning tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree CST and for every in...

Страница 404: ...Current root cost 10000 Number of topology changes 1 Last topology changes time sec 21561 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root State forwarding...

Страница 405: ...fault Setting None Table 4 49 VLAN Commands Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 183 Configuring VLAN Interfaces Configures VLAN interfac...

Страница 406: ...le by entering the show running config command Example Related Commands show vlan 4 193 vlan This command configures a VLAN Use the no form to restore the default settings or delete a VLAN Syntax vlan...

Страница 407: ...RD5 The VLAN is activated by default Related Commands show vlan 4 193 Configuring VLAN Interfaces Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan...

Страница 408: ...ssign an IP address to the VLAN Related Commands shutdown 4 137 switchport native vlan Configures the PVID native VLAN of an interface IC 4 190 switchport allowed vlan Configures the VLANs associated...

Страница 409: ...to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Default Setting...

Страница 410: ...ged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to receive all frame types any received frame...

Страница 411: ...s filtering Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames With ingress filtering enabled a port will dis...

Страница 412: ...nnel Command Usage Setting the native VLAN for a port can only be performed when the port is a member of the VLAN and the VLAN is untagged The no switchport native vlan command will set the native VLA...

Страница 413: ...of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4093 Default Se...

Страница 414: ...The following example shows how to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port 1 switchport forbidden vlan This command configures forbidden VLANs Use the no form to remove the...

Страница 415: ...how vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4093 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCI...

Страница 416: ...d VLANs on the other hand consist a single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports In all cases the promiscuous ports are designed to provide open ac...

Страница 417: ...VLAN COMMANDS 4 195 This section describes commands used to configure private VLANs...

Страница 418: ...ry VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN Table 4 53 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private vlan Adds or d...

Страница 419: ...e show vlan private vlan command to verify your configuration settings private vlan Use this command to create a primary community or isolated private VLAN Use the no form to remove the specified priv...

Страница 420: ...rt has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked mode See switchport mode on page 187 Example private vlan ass...

Страница 421: ...of the primary VLAN via promiscuous ports Example switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the default setting Syntax swit...

Страница 422: ...host association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association Syntax switchport private vlan host association secondary vlan id no switc...

Страница 423: ...vlan isolated isolated vlan id no switchport private vlan isolated isolated vlan id ID of isolated VLAN Range 1 4094 Default Setting None Command Mode Interface Configuration Ethernet Port Channel Com...

Страница 424: ...VLAN can communicate with any other promiscuous ports in the same VLAN and with the group members within any associated secondary VLANs Example show vlan private vlan Use this command to show the priv...

Страница 425: ...ction describes how to enable GVRP for individual interfaces and globally for the switch as well as how to display default configuration settings for the Bridge Extension MIB Console show vlan private...

Страница 426: ...e enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example show bridge ext This command shows the configuration for bridge extension commands Def...

Страница 427: ...mmand enables GVRP for a port Use the no form to disable it Syntax no switchport gvrp Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Console show bridge ext Max su...

Страница 428: ...nfiguration Command Mode Normal Exec Privileged Exec Example garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax...

Страница 429: ...The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registratio...

Страница 430: ...n this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion This switch supports CoS with eight priority queues for each por...

Страница 431: ...of service values 4 216 Table 4 56 Priority Commands Layer 2 Command Function Mode Page queue mode Sets the queue mode to strict priority or Weighted Round Robin WRR GC 4 209 switchport priority defa...

Страница 432: ...Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue bef...

Страница 433: ...used This switch provides eight priority queues for each port It is configured to use Weighted Round Robin which can be viewed with the show queue bandwidth command Inbound frames that do not have VLA...

Страница 434: ...used by the WRR scheduler Range 1 15 Default Setting Weights 1 2 4 6 8 10 12 14 are assigned to queues 0 7 respectively Command Mode Interface Configuration Ethernet Port Channel Command Usage WRR con...

Страница 435: ...value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using eight priority queues with Weighted Round Robin queuing for each port Eight...

Страница 436: ...ueue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the eight priority queues Default Setting None Console config interface ethernet 1 1 Console config if queue...

Страница 437: ...nit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default Setting None Command Mode Privileged Exec Example Console show queue bandwidth Information...

Страница 438: ...ds Layer 3 and 4 Command Function Mode Page map ip dscp Enables IP DSCP class of service mapping GC 4 216 map ip dscp Maps IP DSCP value to a class of service IC 4 217 map access list ip Sets the CoS...

Страница 439: ...alue no map ip dscp dscp value 8 bit DSCP value Range 0 255 cos value Class of Service value Range 0 7 Default Setting The DSCP default values are defined in the following table Note that all the DSCP...

Страница 440: ...y queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip dscp This command shows the IP DSCP priorit...

Страница 441: ...tch router to ensure that it will continue to receive the multicast service Console show map ip dscp ethernet 1 1 DSCP mapping status disabled Port DSCP COS Eth 1 1 0 0 Eth 1 1 1 0 Eth 1 1 2 0 Eth 1 1...

Страница 442: ...Table 4 61 IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping GC 4 220 ip igmp snooping vlan static Adds an interface as a member of a multicast group GC 4 221 i...

Страница 443: ...lan id VLAN ID Range 1 4093 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 24 48 port channel channel id Range 1 32 Default S...

Страница 444: ...on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you will also have to configure this switch to use Version 1 Some commands are only...

Страница 445: ...ast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4093 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting N...

Страница 446: ...mac address table multicast vlan 1 igmp snooping VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 62 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snoop...

Страница 447: ...ast group Range 2 10 Default Setting 2 times Command Mode Global Configuration Command Usage The query count defines how long the querier waits for a response from a multicast client before taking act...

Страница 448: ...ery messages Range 60 125 Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds ip igmp snooping query max respon...

Страница 449: ...ient is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Related Commands ip igmp snooping version 4 222 ip igmp snoopin...

Страница 450: ...vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4...

Страница 451: ...r you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 11 as a multicast router port within VLAN 1 show ip igmp snooping...

Страница 452: ...er devices that exist on another network segment Basic IP Configuration Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12 Dynamic Console Table 4...

Страница 453: ...configure a specific IP address or direct the device to obtain an address from a BOOTP or DHCP server Valid IP addresses consist of four numbers 0 to 255 separated by periods Anything outside this for...

Страница 454: ...P client request Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the...

Страница 455: ...address of the default gateway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a differ...

Страница 456: ...shows the default gateway configured for this device Default Setting None Command Mode Privileged Exec Example Related Commands If the BOOTP or DHCP server has been moved to a different domain the ne...

Страница 457: ...tting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached Following are some resul...

Страница 458: ...9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms response time 10 ms response time 0 ms Ping statistics for 10 1 0 9 5 packets tran...

Страница 459: ...ps half full duplex 1000BASE T 10 100 Mbps at half full duplex 1000 Mbps at full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a...

Страница 460: ...n be configured by VLAN tag or port Layer 3 4 priority mapping IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client SNTP Simple Network Time Protocol SNMP Simple Network...

Страница 461: ...rnet IEEE 802 3u Fast Ethernet IEEE 802 3x Full duplex flow control ISO IEC 8802 3 IEEE 802 3z Gigabit Ethernet IEEE 802 3ab 1000BASE T IEEE 802 3ac VLAN tagging IEEE 802 3ad Link Aggregation Control...

Страница 462: ...3 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2...

Страница 463: ...the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the...

Страница 464: ...an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used C...

Страница 465: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 466: ...TROUBLESHOOTING B 4...

Страница 467: ...em in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set acc...

Страница 468: ...n Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work autom...

Страница 469: ...ice QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1s An IEEE standa...

Страница 470: ...Protocol IGMP A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is...

Страница 471: ...tion meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multicast frames for s...

Страница 472: ...Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network...

Страница 473: ...Tree Protocol STP A technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest a...

Страница 474: ...that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share...

Страница 475: ...DSCP 3 160 3 162 4 216 layer 3 4 priorities 3 159 4 216 queue mapping 3 155 4 213 queue mode 3 157 4 209 traffic class weights 3 158 4 212 D default gateway configuration 3 18 4 233 default priority...

Страница 476: ...authentication 3 42 4 90 RADIUS client 3 44 4 93 RADIUS server 3 44 4 93 TACACS client 3 44 4 98 TACACS server 3 44 4 98 logon authentication sequence 3 45 4 91 4 92 M main menu 3 5 Management Inform...

Страница 477: ...ap manager 3 40 4 127 software displaying version 3 13 4 80 downloading 3 22 4 83 Spanning Tree Protocol See STA specifications software A 1 SSH configuring 3 50 4 48 4 49 STA 3 112 4 167 edge port 3...

Страница 478: ...198 adding static members 3 138 3 140 4 191 creating 3 136 4 184 description 3 129 displaying basic information 3 133 4 204 displaying port members 3 134 4 193 egress mode 3 143 4 187 interface config...

Страница 479: ......

Страница 480: ...34 68 58 Italy 39 02 739 12 68 Fax 39 02 739 14 17 Benelux 31 0 654 776 790 Fax 31 0 172 242 393 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic and Baltics 46 0 566 622 83 Fax 45 0 566 6...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды