background image

VLAN C

ONFIGURATION

3-159

CLI

 – This example sets port 3 to accept only tagged frames, assigns 

PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, 
and then sets the switchport mode to hybrid.

Private VLANs

Private VLANs provide port-based security and isolation between ports 
within the assigned VLAN. This switch supports three types of private 
VLAN ports: promiscuous, isolated, and community ports. A promiscuous 
port can communicate with all interfaces within a private VLAN. An 
isolated port can only communicate with promiscuous ports within its own 
VLAN. Community ports can only communicate with other ports in their 
own community VLAN, and with their designated promiscuous ports. 
(Note that private VLANs and normal VLANs can exist simultaneously 
within the same switch.) 

Each private VLAN consists of two components: a primary VLAN and 
one or more community VLANs. A primary VLAN allows traffic to pass 
between promiscuous ports, and between promiscuous ports and 
community ports subordinate to the primary VLAN. A community VLAN 
conveys traffic between community ports, and from the community ports 
to their associated promiscuous ports. Multiple primary VLANs can be 
configured on this switch, and multiple community VLANs can be 
configured within each primary VLAN. 

Console(config)#interface ethernet 1/3

4-146

Console(config-if)#switchport acceptable-frame-types tagged

4-203

Console(config-if)#switchport ingress-filtering

4-204

Console(config-if)#switchport native vlan 3

4-205

Console(config-if)#switchport gvrp

4-218

Console(config-if)#garp timer join 20

4-219

Console(config-if)#garp timer leave 90

4-219

Console(config-if)#garp timer leaveall 2000

4-219

Console(config-if)#switchport mode hybrid

4-202

Console(config-if)#

Содержание TigerSwitch

Страница 1: ...act as Ethernet ports in standalone mode Stacks up to 8 units 12 8 Gbps of aggregate bandwidth Non blocking switching architecture Spanning Tree Protocol and Rapid STP Up to four LACP or static 4 por...

Страница 2: ......

Страница 3: ...38 Tesla Irvine CA 92618 Phone 949 679 8000 TigerSwitch 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions November 2004 Pub 149100005000H...

Страница 4: ...is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2004 by SMC Networks Inc 38 Tesla...

Страница 5: ...corporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinua...

Страница 6: ...IDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUN...

Страница 7: ...Interface for Management Access 2 6 Basic Configuration 2 6 Console Connection 2 6 Setting Passwords 2 7 Setting an IP Address 2 8 Manual Configuration 2 8 Dynamic Configuration 2 9 Enabling SNMP Man...

Страница 8: ...Protocol Alerts 3 39 Resetting the System 3 41 Setting the System Clock 3 42 Configuring SNTP 3 42 Setting the Time Zone 3 44 Simple Network Management Protocol 3 45 Setting Community Access Strings...

Страница 9: ...P Port Counters 3 103 Displaying LACP Settings and Status for the Local Side 3 104 Displaying LACP Settings and Status for the Remote Side 3 107 Setting Broadcast Storm Thresholds 3 109 Configuring Po...

Страница 10: ...Egress Queues 3 170 Selecting the Queue Mode 3 172 Setting the Service Weight for Traffic Classes 3 173 Layer 3 4 Priority Settings 3 174 Mapping Layer 3 4 Priorities to CoS Values 3 174 Selecting IP...

Страница 11: ...ry 4 7 Understanding Command Modes 4 8 Exec Commands 4 8 Configuration Commands 4 9 Command Line Processing 4 11 Command Groups 4 12 Line Commands 4 14 line 4 15 login 4 16 password 4 17 timeout login...

Страница 12: ...er 4 43 ip http secure port 4 44 Telnet Server Commands 4 45 ip telnet port 4 45 ip telnet server 4 46 Secure Shell Commands 4 47 ip ssh server 4 50 ip ssh timeout 4 51 ip ssh authentication retries 4...

Страница 13: ...t 4 73 sntp server 4 74 sntp poll 4 75 show sntp 4 75 clock timezone 4 76 calendar set 4 77 show calendar 4 78 System Status Commands 4 78 light unit 4 79 show startup config 4 79 show running config...

Страница 14: ...tication 4 108 dot1x system auth control 4 109 dot1x default 4 110 dot1x max req 4 110 dot1x port control 4 111 dot1x operation mode 4 112 dot1x re authenticate 4 113 dot1x re authentication 4 113 dot...

Страница 15: ...4 139 snmp server location 4 140 snmp server host 4 141 snmp server enable traps 4 142 show snmp 4 143 Interface Commands 4 145 interface 4 146 description 4 146 speed duplex 4 147 negotiation 4 148...

Страница 16: ...ng time 4 182 Spanning Tree Commands 4 183 spanning tree 4 184 spanning tree mode 4 185 spanning tree forward time 4 186 spanning tree hello time 4 187 spanning tree max age 4 187 spanning tree priori...

Страница 17: ...ivate vlan 4 215 GVRP and Bridge Extension Commands 4 216 bridge ext gvrp 4 217 show bridge ext 4 217 switchport gvrp 4 218 show gvrp configuration 4 219 garp timer 4 219 show garp timer 4 221 Priorit...

Страница 18: ...g query count 4 243 ip igmp snooping query interval 4 244 ip igmp snooping query max response time 4 245 ip igmp snooping router port expire time 4 246 Static Multicast Routing Commands 4 247 ip igmp...

Страница 19: ...CONTENTS xv Glossary Index...

Страница 20: ...CONTENTS xvi...

Страница 21: ...Egress Queue Priority Mapping 3 181 Table 4 1 Command Modes 4 8 Table 4 2 Configuration Modes 4 10 Table 4 3 Command Line Processing 4 11 Table 4 4 Command Groups 4 12 Table 4 5 Line Commands 4 14 Ta...

Страница 22: ...g 4 135 Table 4 38 ACL Information 4 136 Table 4 39 SNMP Commands 4 138 Table 4 40 Interface Commands 4 145 Table 4 41 Interfaces Switchport Statistics 4 158 Table 4 42 Mirror Port Commands 4 159 Tabl...

Страница 23: ...29 Table 4 61 Mapping IP Precedence Values 4 232 Table 4 62 IP DSCP to CoS Values 4 234 Table 4 63 Multicast Filtering Commands 4 238 Table 4 64 IGMP Snooping Commands 4 238 Table 4 65 IGMP Query Comm...

Страница 24: ...Logs 3 37 Figure 3 17 Displaying Logs 3 38 Figure 3 18 Enabling and Configuring SMTP Alerts 3 40 Figure 3 19 Resetting the System 3 41 Figure 3 20 SNTP Configuration 3 43 Figure 3 21 Setting the Syst...

Страница 25: ...120 Figure 3 53 Configuring a Static Address Table 3 123 Figure 3 54 Configuring a Dynamic Address Table 3 124 Figure 3 55 Setting the Address Aging Time 3 125 Figure 3 56 STA Information 3 129 Figure...

Страница 26: ...78 Mapping IP DSCP Priority Values 3 178 Figure 3 79 IP Port Priority Status 3 180 Figure 3 80 IP Port Priority 3 180 Figure 3 81 ACL CoS Priority 3 182 Figure 3 82 IGMP Configuration 3 186 Figure 3...

Страница 27: ...s performance for your particular network environment Key Features Table 1 1 Key Features Feature Description Configuration Backup and Restore Backup to TFTP server Authentication Console Telnet web U...

Страница 28: ...plications Some of the management features are briefly described below Port Trunking Supports up to 4 trunks using either static or dynamic trunking LACP Broadcast Storm Control Supported Static Addre...

Страница 29: ...ement access over a Telnet equivalent connection IP address filtering for SNMP web Telnet management access and MAC address filtering for port access Access Control Lists ACLs provide packet filtering...

Страница 30: ...ng over the load if a port in the trunk should fail The switch supports up to four trunks Broadcast Storm Control Broadcast suppression prevents broadcast traffic from overwhelming the network When en...

Страница 31: ...to ensure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path should fail for any reason an alternate path will b...

Страница 32: ...queues with strict or Weighted Round Robin Queuing It uses IEEE 802 1p and 802 1Q tags to prioritize incoming traffic based on input from the end station application These functions can be used to pro...

Страница 33: ...System Defaults Function Parameter Default Console Port Connection Baud Rate 9600 Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 disabled Authentication Privileged Exec Level Username ad...

Страница 34: ...in Status Enabled Auto negotiation Enabled Flow Control Disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP all ports Disabled Broadcast Storm Protection Stat...

Страница 35: ...6 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Disabled IP Settings IP Address 0 0 0 0 Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 DHCP Client Enabled BOOTP Disabled M...

Страница 36: ...INTRODUCTION 1 10...

Страница 37: ...itch s HTTP Web agent allows you to configure switch parameters monitor port connections and display statistics using a standard Web browser such as Netscape Navigator version 6 2 and higher or Micros...

Страница 38: ...2 1Q VLANs Enable GVRP automatic VLAN registration Configure IGMP multicast filtering Upload and download system firmware via TFTP Upload and download switch configuration files via TFTP Configure Spa...

Страница 39: ...erminal emulation software is set as follows Select the appropriate serial port COM port 1 or COM port 2 Set the baud rate to 9600 bps Set the data format to 8 data bits 1 stop bit and no parity Set f...

Страница 40: ...mic address assignment via DHCP or BOOTP see Setting an IP Address on page 2 8 Note This switch supports four concurrent Telnet SSH sessions After configuring the switch s IP parameters you can access...

Страница 41: ...elected on the front panel graphic of the web interface or from the CLI If more than one stack Master is selected using the Master push button on the switch s front panel the stack will not function I...

Страница 42: ...veral units within the primary VLAN used for stack management Basic Configuration Console Connection The CLI program provides two different command levels normal access level Normal Exec and privilege...

Страница 43: ...ss to the switch set the passwords as follows 1 Open the console interface with the default user name and password admin to access the Privileged Exec level 2 Type configure and press Enter 3 Type use...

Страница 44: ...en this device and management stations that exist on another network segment Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Anything outside this format will not be a...

Страница 45: ...TP and DHCP values can include the IP address subnet mask and default gateway If the bootp or dhcp option is saved to the startup config file step 6 then the switch will start broadcasting service req...

Страница 46: ...C EliteView You can configure the switch to 1 respond to SNMP requests or 2 generate SNMP traps When SNMP management stations send requests to the switch either to return information or to set a param...

Страница 47: ...lete both of the default community strings If there are no community strings then SNMP management access to the switch is disabled To prevent unauthorized access to the switch via SNMP it is recommend...

Страница 48: ...st enter at least one snmp server enable traps command Type snmp server enable traps type where type is either authentication or link up down Press Enter Saving Configuration Settings Configuration co...

Страница 49: ...up file or can be uploaded via TFTP to a server for backup A file named Factory_Default_Config cfg contains all the system default settings and cannot be deleted from the system See Saving or Restori...

Страница 50: ...f each type must be set as the start up file During a system boot the diagnostic and operation code files set as the start up file are run and then the start up configuration file is loaded Note that...

Страница 51: ...a Telnet For more information on using the CLI refer to Chapter 4 Command Line Interface Prior to accessing the switch from a Web browser be sure you have first performed the following tasks 1 Configu...

Страница 52: ...password If you log in as admin Privileged Exec level you can change the settings on any page 3 If the path between your management station and this switch does not pass through any device that uses t...

Страница 53: ...and statistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The hom...

Страница 54: ...Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The web...

Страница 55: ...3 Bridge Extension Shows the bridge extension parameters 3 15 IP Configuration Sets the IP address for management access 3 17 File 3 21 Copy Allows the transfer and copying files 3 21 Delete Allows de...

Страница 56: ...st Key Settings Generates the host key pair public and private 3 60 Settings Configures Secure Shell server settings 3 62 Port Security Configures per port security including status response for secur...

Страница 57: ...99 Port Counters Displays statistics for LACP protocol messages 3 103 Port Internal Information Displays settings and operational state for the local side 3 104 Port Neighbors Information Displays set...

Страница 58: ...res global bridge settings for STA and RSTP 3 131 Port Information Displays individual port settings for STA 3 135 Trunk Information Displays individual trunk settings for STA 3 135 Port Configuration...

Страница 59: ...secondary VLANs 3 164 Port Configuration Sets the private VLAN interface type and associates the interfaces with a private VLAN 3 165 Trunk Information Shows VLAN port type and associated primary or...

Страница 60: ...nd associated class of service value 3 179 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3 181 IGMP Snooping 3 183 IGMP Configuration Enables mult...

Страница 61: ...the management agent has been up These additional parameters are displayed for the CLI MAC Address The physical layer address for this switch Web server Shows if management access via HTTP is enabled...

Страница 62: ...tem Information Specify the system name location and contact information for the system administrator then click Apply This page also includes a Telnet button that allows access to the Command Line In...

Страница 63: ...er location WC 9 4 140 Console config snmp server contact Ted 4 139 Console config exit Console show system 4 84 System description 24 Port 10 100Mbps Stackable Managed Switch with 2 optional uplink m...

Страница 64: ...T and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Expansion Slot Expansion Slot 1 2 Combination RJ 45 SFP ports These ad...

Страница 65: ...asses This switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration on page 3 168 Static Entry Individual Port This switch allows static filtering...

Страница 66: ...LAN Capable This switch does not support multiple local bridges outside of the scope of 802 1Q defined VLANs GMRP GARP Multicast Registration Protocol GMRP allows network devices to register endstatio...

Страница 67: ...255 separated by periods Anything outside this format will not be accepted by the CLI program Command Attributes Management VLAN ID of the configured VLAN 1 4094 no leading zeroes By default all port...

Страница 68: ...address bits used for routing to specific subnets Default 255 0 0 0 Gateway IP address IP address of the gateway router between this device and management stations that exist on other network segments...

Страница 69: ...Click Apply to save your changes Then click Restart DHCP to immediately request a new address Note that the switch will also broadcast a request for IP configuration settings on each power reset Figu...

Страница 70: ...uest to restart DHCP service via the CLI Web If the address assigned by DHCP is no longer functioning you will not be able to renew the IP settings via the web interface You can only restart DHCP serv...

Страница 71: ...e switch to a TFTP server tftp to file Copies a file from a TFTP server to the switch file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another u...

Страница 72: ...p file Web Click System File Management Copy Operation Select tftp to file as the file transfer method enter the IP address of the TFTP server set the file type to opcode enter the file name of the so...

Страница 73: ...click Apply To start the new firmware reboot the system via the System Reset menu Figure 3 9 Select Start Up Operation File To delete a file select System File Delete Select the file name from the gi...

Страница 74: ...the switch s settings Command Attributes File Transfer Method The configuration copy operation includes these options file to file Copies a file within the switch directory assigning it a new name fil...

Страница 75: ...p config Copies a file from a TFTP server to the startup config file to unit Copies a file from this switch to another unit in the stack unit to file Copies a file from another unit in the stack to th...

Страница 76: ...on file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Web Click System File Copy Select tftp...

Страница 77: ...ttings CLI Enter the IP address of the TFTP server specify the source file on the server set the startup file name on the switch and then restart the switch To select another configuration file as the...

Страница 78: ...urrent session is terminated Range 0 65535 seconds Default 0 Password Threshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold...

Страница 79: ...a password for the line connection When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt Defau...

Страница 80: ...bles Telnet access to the switch Default Enabled Console config line console 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login resp...

Страница 81: ...reshold Sets the password intrusion threshold which limits the number of failed logon attempts When the logon attempt threshold is reached the system interface becomes silent for a specified amount of...

Страница 82: ...onsole config line vty 4 15 Console config line login local 4 16 Console config line password 0 secret 4 17 Console config line timeout login response 300 4 18 Console config line exec timeout 600 4 1...

Страница 83: ...s Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you...

Страница 84: ...Logging Levels Level Severity Name Description 7 Debug Debugging messages 6 Informational Informational messages only 5 Notice Normal but significant condition such as cold start 4 Warning Warning co...

Страница 85: ...f messages that are sent to syslog servers or other management stations You can also limit the error messages sent to only those messages below a specified level Command Attributes Remote Log Status E...

Страница 86: ...sorting or storing messages in the corresponding database Range 16 23 Default 23 Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level Fo...

Страница 87: ...e facility type and set the logging trap Console config logging host 192 168 1 15 4 61 Console config logging facility 23 4 62 Console config logging trap 4 4 63 Console config end Console show loggin...

Страница 88: ...emory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3 17 Displaying Logs CLI This example shows the event message stored in RAM Console show...

Страница 89: ...or the address of an administrator responsible for the switch Severity Sets the syslog severity threshold level see table on page 3 34 used to trigger alert messages All events at this level or higher...

Страница 90: ...y level To add an IP address to the SMTP Server List type the new IP address in the SMTP Server field and click Add To delete an IP address click the entry in the SMTP Server List and click Remove Spe...

Страница 91: ...set to reboot the switch When prompted confirm that you want reset the switch Figure 3 19 Resetting the System Console config logging sendmail host 192 168 1 200 4 68 Console config logging sendmail l...

Страница 92: ...ch will only record the time from the factory default set at the last bootup When the SNTP client is enabled the switch periodically sends a request for a time update to a configured time server You c...

Страница 93: ...Figure 3 20 SNTP Configuration CLI This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings Console config sntp server 10 1 0 19 137 82...

Страница 94: ...butes Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after...

Страница 95: ...ights to the onboard agent are controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication The options for confi...

Страница 96: ...Add Figure 3 22 Configuring SNMP CLI The following example adds the string spiderman with read write access Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the s...

Страница 97: ...ies whether to send notifications as SNMP v1 or v2c traps The default is version 1 Enable Authentication Traps Issues a trap message whenever an invalid community string is submitted during the SNMP a...

Страница 98: ...addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface Configuring User A...

Страница 99: ...Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user name Add Remove Adds or removes an account from the list Web Click...

Страница 100: ...ces on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the switch RADIUS...

Страница 101: ...n server You can specify up to three authentication methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on t...

Страница 102: ...the string Maximum length 20 characters Number of Server Transmits Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Timeout for a reply...

Страница 103: ...tion Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if selecte...

Страница 104: ...radius server retransmit 5 4 101 Console config radius server timeout 10 4 102 Console config radius server 1 host 192 168 1 25 4 99 Console config end Console show radius server 4 102 Remote RADIUS...

Страница 105: ...et Explorer 5 x or above and Netscape Navigator 4 x or above The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Sec...

Страница 106: ...a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a messa...

Страница 107: ...s intended as a secure replacement for the older Berkley remote access tools SSH can also provide remote management access to this switch as a secure replacement for Telnet When the client contacts th...

Страница 108: ...nable the SSH server Authentication Settings To use the SSH server complete these steps 1 Generate a Host Key Pair On the SSH Host Key Settings page create a host public private key pair 2 Provide Hos...

Страница 109: ...29029789827213532671316294325328189150 45306393916643 steve 192 168 1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout t...

Страница 110: ...cations between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the pro...

Страница 111: ...r Generate This button is used to generate the host key pair Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page Clear This button...

Страница 112: ...ey 4 50 Console show public key host 4 50 Host RSA 1024 65537 127250922544926402131336514546131189679055192360076028653006761 8240969094744832010252487896597759216832222558465238779154647980739 631403...

Страница 113: ...the SSH server key size Range 512 896 bits Default 768 The server key is a private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits Web...

Страница 114: ...trusion will be detected and the switch can automatically take action by disabling the port and sending a trap message To use port security specify a maximum number of addresses to allow on the port a...

Страница 115: ...ount from 1 1024 for the port to allow access If a port is disabled shut down due to a security violation it must be manually re enabled from the Port Port Configuration page page 3 91 Command Attribu...

Страница 116: ...ork resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access t...

Страница 117: ...lient responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an accept or reject packet If authen...

Страница 118: ...ion type MD5 Some clients have native support in Windows otherwise the dot1x client must support it Displaying 802 1X Global Settings The 802 1X protocol provides port authentication The 802 1X protoc...

Страница 119: ...on Control Sets the global setting for 802 1X Default Disabled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 31 802 1X Configuration Console s...

Страница 120: ...lti Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mode to...

Страница 121: ...which a connected client must be re authenticated Range 1 65535 seconds Default 3600 Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP...

Страница 122: ...ameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 26 disabled Singl...

Страница 123: ...f EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator Rx EA...

Страница 124: ...ing 802 1X Port Statistics CLI This example displays the 802 1X statistics for port 4 Console show dot1x statistics interface ethernet 1 4 4 115 Eth 1 4 Rx EAPOL EAPOL EAPOL EAPOL EAP EAP EAP Start Lo...

Страница 125: ...ss respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet...

Страница 126: ...end address of a range Add Remove Filtering Entry Adds removes an IP address from the list Web Click Security IP Filter Enter the IP addresses or range of addresses that are allowed management access...

Страница 127: ...y to IP addresses MAC addresses or other more specific criteria This switch tests ingress or egress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches...

Страница 128: ...s ports 2 User defined rules in the Ingress IP ACL for ingress ports 3 Explicit default rule permit any any in the ingress IP ACL for ingress ports 4 Explicit default rule permit any any in the ingres...

Страница 129: ...Web Click Security ACL Configuration Enter an ACL name in the Name field select the list type IP Standard IP Extended or MAC and click Add to open the configuration page for the new list Figure 3 35...

Страница 130: ...Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers...

Страница 131: ...cific address 10 1 1 21 and another rule for the address range 168 92 16 x 168 92 31 x using a bitmask Configuring an Extended IP ACL Command Attributes Action An ACL can contain any combination of pe...

Страница 132: ...P UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Source destination port number for the specified protocol type Range...

Страница 133: ...elect Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code The...

Страница 134: ...rce Destination MAC Address Source or destination MAC address Source Destination Bitmask Hexidecimal mask for source or destination MAC address VID VLAN ID Range 1 4094 Ethernet Type This option can o...

Страница 135: ...u select MAC enter a base address and a hexidecimal bitmask for an address range Set any other required criteria such as VID or Ethernet type Then click Add Figure 3 38 ACL Configuration MAC CLI This...

Страница 136: ...the ports on the switch Command Usage You must configure a mask for an ACL rule before you can bind it to a port This switch only supports ACLs for ingress filtering You can only bind one IP ACL to an...

Страница 137: ...gure 3 39 Binding a Port to an ACL CLI This example assigns an IP and MAC access list to port 1 and an IP access list to port 3 Console config interface ethernet 1 1 4 146 Console config if ip access...

Страница 138: ...T or SFP Admin Status Shows if the interface is enabled or disabled Oper Status Indicates if the link is Up or Down Speed Duplex Status Shows the current speed and duplex mode Auto or fixed choice Flo...

Страница 139: ...the web see Setting the Switch s IP Address on page 3 17 Configuration Name Interface label Port admin Shows if the interface is enabled or disabled i e up or down Speed duplex Shows the current spee...

Страница 140: ...ontrol is enabled or disabled LACP Shows if LACP is enabled or disabled Port Security Shows if port security is enabled or disabled Max MAC count Shows the maximum number of MAC address that can be le...

Страница 141: ...after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to manually set the port speed and duplex mode i e with auto negotiation disabled Fl...

Страница 142: ...ts symmetric pause frames FC Supports flow control Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When e...

Страница 143: ...four trunks at a time The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switche...

Страница 144: ...r before making any physical connections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a port trunk take note of the following points Finish...

Страница 145: ...le To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via t...

Страница 146: ...Trunk Membership Enter a trunk ID of 1 4 in the Trunk field select any of the switch ports from the scroll down port list and click Add After you have completed adding ports to the member list click...

Страница 147: ...exit Console config interface ethernet 1 1 4 146 Console config if channel group 2 4 166 Console config if exit Console config interface ethernet 1 2 Console config if channel group 2 Console config i...

Страница 148: ...ed for full duplex either by forced mode or auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see page 3 96 Command Attrib...

Страница 149: ...port to be allowed to join a channel group Console config interface ethernet 1 1 4 146 Console config if lacp 4 167 Console config if exit Console config interface ethernet 1 6 Console config if lacp...

Страница 150: ...ust be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific...

Страница 151: ...can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate...

Страница 152: ...tem priority 3 Console config if lacp actor admin key 120 Console config if lacp actor port priority 512 Console config if end Console show lacp sysid 4 173 Port Channel System Priority System MAC Add...

Страница 153: ...r of valid LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group...

Страница 154: ...1 1 LACPDUs Sent 91 LACPDUs Receive 43 Marker Sent 0 Marker Receive 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Console Table 3 7 LACP Internal Configuration Information Field Description Oper Key...

Страница 155: ...ection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol inform...

Страница 156: ...P configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 173 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP Syst...

Страница 157: ...e of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrati...

Страница 158: ...side of port channel 1 Console show lacp 1 neighbors 4 173 Port channel 1 neighbors Eth 1 1 Partner Admin System ID 32768 00 00 00 00 00 00 Partner Oper System ID 3 00 30 F1 CE 2A 20 Partner Admin Po...

Страница 159: ...ing a threshold for broadcast traffic Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Storm Control is enabled by default Broadcast control does no...

Страница 160: ...CONFIGURING THE SWITCH 3 110 Web Click Port Port Trunk Broadcast Control Set the threshold mark the Enabled field for the desired interface and click Apply Figure 3 48 Port Broadcast Control...

Страница 161: ...ng port traffic the target port must be included in the same VLAN as the source port Console config interface ethernet 1 1 4 146 Console config if no switchport broadcast 4 152 Console config if exit...

Страница 162: ...uplicate or mirror the traffic on the source port Target Port The port that will mirror the traffic on the source port Web Click Port Mirror Port Configuration Specify the source port unit the traffic...

Страница 163: ...rming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Granularity Rate limit granularity is an additional feature enabling the network manager greater control over tr...

Страница 164: ...nterfaces Command Attributes Port Trunk Displays the port number Rate Limit Status Enables or disables the rate limit Default Disabled Rate Limit Level Sets the rate limit level Range 1 255 Default 25...

Страница 165: ...on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port This information can be used to identify potential problems with the switch such as a f...

Страница 166: ...o a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being delive...

Страница 167: ...errors Etherlike Statistics Alignment Errors The number of alignment errors missynchronized data packets Late Collisions The number of times that a collision is detected later than 512 bit times into...

Страница 168: ...ount of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error RMON Statistics Drop Events The total number of events in which packets were dropped du...

Страница 169: ...wise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes...

Страница 170: ...ING THE SWITCH 3 120 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 52 Port St...

Страница 171: ...ors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac...

Страница 172: ...address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the addres...

Страница 173: ...ddress Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in...

Страница 174: ...s Table Lists all the dynamic addresses Web Click Address Table Dynamic Addresses Specify the search type i e mark the Interface MAC Address or VLAN checkbox select the method of sorting the displayed...

Страница 175: ...ress Aging Time CLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide...

Страница 176: ...spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible...

Страница 177: ...nfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message become...

Страница 178: ...d on this switch STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid Spanning Tree IEEE 802 1w Priority Bridge priority is used in selecting the root device root port and designated port The device with...

Страница 179: ...In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Transmission limit The minimum interv...

Страница 180: ...tree 4 196 Spanning tree information Spanning tree mode RSTP Spanning tree enable disable enabled Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Ti...

Страница 181: ...tch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP re...

Страница 182: ...root device transmits a configuration message Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Maximum Age The maximum time in seconds a device can wait without receiving a configura...

Страница 183: ...data loops might result Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 Configuration Settings for RSTP Path Cost Method The path cost is used to determine the best path between...

Страница 184: ...res the STA and RSTP parameters Console config spanning tree 4 184 Console config spanning tree mode rstp 4 185 Console config spanning tree priority 45056 4 188 Console config spanning tree hello tim...

Страница 185: ...ontinues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to th...

Страница 186: ...age 3 139 i e true or false but will be set to false if a BPDU is received indicating that another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of...

Страница 187: ...t for all ports on a switch is the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely...

Страница 188: ...red to rebuild address tables during reconfiguration events does not cause the spanning tree to reconfigure when the interface changes state and also overcomes other STA related timeout problems Howev...

Страница 189: ...utes are read only and cannot be changed STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings on page 3 135 for additional information Discarding Po...

Страница 190: ...be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port...

Страница 191: ...can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the current forwarding database...

Страница 192: ...y group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure...

Страница 193: ...t or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware...

Страница 194: ...ow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can...

Страница 195: ...twork This allows GVRP compliant devices to be automatically configured for VLAN groups based solely on endstation requests To implement GVRP in a network first add the host devices to the required VL...

Страница 196: ...en forwarding a frame from this switch along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain...

Страница 197: ...n and to support VLANs which extend beyond the local switch Default Disabled Web Click VLAN 802 1Q VLAN GVRP Status Enable or disable GVRP and click Apply Figure 3 60 Enabling GVRP CLI This example en...

Страница 198: ...ge VLAN group that crosses several switches should use VLAN tagging However if you just want to create a small port based VLAN for one or two switches you can disable tagging Command Attributes Web VL...

Страница 199: ...agged Ports Shows the untagged VLAN port members Web Click VLAN 802 1Q VLAN Current Table Select any ID from the scroll down list Figure 3 62 Displaying Current VLANs Command Attributes CLI VLAN ID of...

Страница 200: ...be defined VLAN 1 is the default untagged VLAN New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added...

Страница 201: ...vate the VLAN and then click Add Figure 3 63 Configuring a VLAN Static List CLI This example creates a new VLAN Console config vlan database 4 198 Console config vlan vlan 2 name R D media ethernet st...

Страница 202: ...Static Membership by Port page to configure VLAN groups based on the port index page 3 154 However note that this configuration page can only add ports to a VLAN as tagged members 2 VLAN 1 is the def...

Страница 203: ...t will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface must be assigned to at least one group as an untagged port Forbidden Interface is forb...

Страница 204: ...orts to VLAN 2 Adding Static Members to VLANs Port Index Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member Command Attributes Interface Por...

Страница 205: ...rship information for the interface Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each inter...

Страница 206: ...ged unless you are experiencing difficulties with GVRP registration deregistration Command Attributes PVID VLAN ID assigned to untagged frames received on the interface Default 1 If an interface is no...

Страница 207: ...on this port will be discarded and no GVRP registrations will be propagated from other ports Default Disabled GARP Join Timer8 The interval between transmitting requests queries to participate in a V...

Страница 208: ...ing to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Member...

Страница 209: ...the same switch Each private VLAN consists of two components a primary VLAN and one or more community VLANs A primary VLAN allows traffic to pass between promiscuous ports and between promiscuous por...

Страница 210: ...scuous ports in its own VLAN or host i e having access restricted to community VLAN members and channeling all other traffic through a promiscuous port Then assign any promiscuous ports to a primary V...

Страница 211: ...uous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring...

Страница 212: ...configured VLANs Web Click VLAN Private VLAN Configuration Enter the VLAN ID number select Primary Isolated or Community type then click Add To remove a private VLAN from the switch highlight an entr...

Страница 213: ...Private VLAN Association Select the required primary VLAN from the scroll down box highlight one or more community VLANs in the Non Association list box and click Add to associate these entries with...

Страница 214: ...ous port s Isolated The port is an isolated port that can only communicate with promiscuous ports within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces wi...

Страница 215: ...VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Configuring Private VLAN Interfaces Use the Private VLAN Port Configuration and Private VLAN Trunk Configuration menus to...

Страница 216: ...If PVLAN type is Promiscuous then specify the associated primary VLAN For Host type the Primary VLAN displayed is the one to which the selected secondary VLAN has been associated Community VLAN A comm...

Страница 217: ...promiscuous port and mapped to VLAN 5 while ports 4 and 5 have been configured as a host ports and associated with VLAN 6 This means that traffic for port 4 and 5 can only pass through port 3 Console...

Страница 218: ...default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue...

Страница 219: ...f 5 to port 3 9 CLI displays this information as Priority for untagged traffic Console config interface ethernet 1 3 4 146 Console config if switchport priority default 5 4 224 Console config if end C...

Страница 220: ...levels recommended in the IEEE 802 1p standard for various network applications are shown in the following table However you can map the priority levels to the switch s output queues in any way that b...

Страница 221: ...le shows how to change the CoS assignments to a one to one mapping Note Mapping specific values for CoS priorities is implemented as an interface configuration command but any changes will apply to th...

Страница 222: ...This prevents the head of line blocking that can occur with strict priority queuing Command Attributes WRR Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4...

Страница 223: ...esponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications assigned a specific prio...

Страница 224: ...r Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding out...

Страница 225: ...from the scroll down menu then click Apply Figure 3 76 IP Precedence DSCP Priority Status CLI The following example enables IP Precedence service on the switch Mapping IP Precedence The Type of Servi...

Страница 226: ...sent high priority Web Click Priority IP Precedence Priority Select an entry from the IP Precedence Priority Table enter a value in the Class of Service Value field and then click Apply Figure 3 77 Ma...

Страница 227: ...bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSC...

Страница 228: ...nts low priority and 7 represent high priority Note IP DSCP settings apply to all interfaces Web Click Priority IP DSCP Priority Select an entry from the DSCP table enter a value in the Class of Servi...

Страница 229: ...P service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP...

Страница 230: ...IP Port Priority Status to Enabled Figure 3 79 IP Port Priority Status Click Priority IP Port Priority Enter the port number for a network application in the IP Port Number box and the new CoS value i...

Страница 231: ...n the following table Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to the packet itself For information on mapping the CoS values to o...

Страница 232: ...ty ACL CoS Priority Enable mapping for any port select an ACL from the scroll down list then click Add Figure 3 81 ACL CoS Priority CLI This example assigns a CoS value of zero to packets matching rul...

Страница 233: ...sed on to the hosts which subscribed to this service This switch uses IGMP Internet Group Management Protocol to query for any attached hosts that want to receive a specific multicast service It ident...

Страница 234: ...that you need to control more carefully you can manually assign a multicast service to specific interfaces on the switch page 3 191 Configuring IGMP Snooping and Query Parameters You can configure the...

Страница 235: ...ing hosts if they want to receive multicast traffic Default Enabled IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to dr...

Страница 236: ...splays the current status Console config ip igmp snooping 4 239 Console config ip igmp snooping querier 4 243 Console config ip igmp snooping query count 10 4 243 Console config ip igmp snooping query...

Страница 237: ...e switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router switch for each VLAN ID Command Attributes VLAN ID ID of...

Страница 238: ...switch you can manually configure the interface and a specified VLAN to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all t...

Страница 239: ...ithin VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for which...

Страница 240: ...this multicast service Figure 3 85 IP Multicast Registration Table CLI This example displays all the known multicast services supported on VLAN 1 along with the ports propagating the corresponding ser...

Страница 241: ...common VLAN and then assign the multicast service to that VLAN group Command Usage Static multicast addresses are never aged out When a multicast address is assigned to an interface in a specific VLAN...

Страница 242: ...dd After you have completed adding ports to the member list click Apply Figure 3 86 IGMP Member Port Table CLI This example assigns a multicast address to VLAN 1 and then displays all the known multic...

Страница 243: ...on a UNIX system Console Connection To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user names are admin and gues...

Страница 244: ...t set the IP address for the Master unit and set the default gateway if you are managing the switch from a different IP subnet For example If your corporate network is connected to another network out...

Страница 245: ...you are using normal access mode i e Normal Exec where n indicates the number of the current Telnet session 3 Enter the necessary commands to complete your desired tasks 4 When finished exit the sessi...

Страница 246: ...a simple command enter the command keyword To enter multiple commands enter each command in the required order For example to enable Privileged Exec command mode and display the startup configuration...

Страница 247: ...rd up to the point of ambiguity In the logging history example typing log followed by a tab will result in printing the command up to logging Getting Help on Commands You can display a brief descripti...

Страница 248: ...nformation lacp LACP statistic line TTY line information log Login records logging Show the contents of logging buffers mac MAC access lists mac address table Configuration of the address table manage...

Страница 249: ...command will log system messages to a host server To disable logging specify the no logging command This guide describes the negation effect for all applicable commands Using Command History The CLI...

Страница 250: ...Commands When you open a new console session on the switch with the user name and password guest the system enters the Normal Exec command mode or guest mode displaying the Console command prompt Onl...

Страница 251: ...g config startup config command The configuration commands are organized into different modes Global Configuration These commands modify the system level configuration and include commands such as hos...

Страница 252: ...owing commands Use the exit or end command to return to the Privileged Exec mode For example you can use the following commands to enter interface configuration mode and then return to Privileged Exec...

Страница 253: ...e Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ch...

Страница 254: ...also configures port security and IEEE 802 1X port access control 4 95 Access Control List Provides filtering for IP frames based on address protocol TCP UDP port number or TCP control code or non IP...

Страница 255: ...s VLAN settings and defines port membership for VLAN groups also enables or configures private VLANs 4 198 GVRP and Bridge Extension Configures GVRP settings that permit automatic VLAN learning shows...

Страница 256: ...meout Sets the interval that the command interpreter waits until user input is detected LC 4 19 password thresh Sets the password intrusion threshold which limits the number of failed logon attempts L...

Страница 257: ...fault Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as Vty in screen displays such as show users...

Страница 258: ...fied by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specifie...

Страница 259: ...ode Line Configuration Command Usage When a connection is started on a line with password protection the system prompts for the password If you enter the correct password the system shows a prompt You...

Страница 260: ...seconds no silent time seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Com...

Страница 261: ...specifies the number of seconds Range 0 65535 seconds 0 no timeout Default Setting CLI No timeout Telnet 10 minutes Command Mode Line Configuration Command Usage If user input is detected within the t...

Страница 262: ...d The number of allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold...

Страница 263: ...set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range 0 65535 0 n...

Страница 264: ...its per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 da...

Страница 265: ...tion protocols provided by devices such as terminals and modems often require a specific parity bit setting Example To specify no parity enter this command speed This command sets the terminal line s...

Страница 266: ...if the speed you selected is not supported Example To specify 57600 bps enter this command stopbits This command sets the number of the stop bits transmitted per byte Use the no form to restore the d...

Страница 267: ...0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 56 show users 4 85 show...

Страница 268: ...how line Console configuration Password threshold 3 times Interactive timeout Disabled Login timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 VTY configuration Pas...

Страница 269: ...Privileged Exec mode Default Setting Level 15 Table 4 6 General Commands Command Function Mode Page enable Activates privileged mode NE 4 27 disable Returns to normal mode from privileged mode PE 4 28...

Страница 270: ...ommands disable 4 28 enable password 4 37 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configurati...

Страница 271: ...some of the other configuration modes including Interface Configuration Line Configuration and VLAN Database Configuration See Understanding Command Modes on page 4 8 Default Setting None Command Mode...

Страница 272: ...when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config reload This command restarts the system Note When the sys...

Страница 273: ...nd Mode Global Configuration Interface Configuration Line Configuration and VLAN Database Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configur...

Страница 274: ...configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to q...

Страница 275: ...eb Server Enables management access via a web browser 4 41 Telnet Server Enables management access via Telnet 4 45 Secure Shell Provides secure replacement for Telnet 4 47 Event Logging Controls loggi...

Страница 276: ...mpt Maximum length 255 characters Default Setting Console Command Mode Global Configuration Example hostname This command specifies or modifies the host name for this device Use the no form to restore...

Страница 277: ...Telnet connection page 4 14 user authentication via a remote authentication server page 4 95 and host access authentication for specific ports page 4 108 Console config hostname RD 1 Console config Ta...

Страница 278: ...Maximum users 16 access level level Specifies the user level The device has two predefined privilege levels 0 Normal Exec 15 Privileged Exec nopassword No password is required for this user to log in...

Страница 279: ...ged Exec password Remember to record it in a safe place This command controls access to the Privileged Exec level from the Normal Exec level Use the no form to reset the default password Syntax enable...

Страница 280: ...figuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Related Commands enable 4...

Страница 281: ...range Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the switch from an invalid address the switch will reject the c...

Страница 282: ...management access to the switch through various protocols Syntax show management all client http client snmp client telnet client all client Adds IP address es to the SNMP web and Telnet groups http...

Страница 283: ...25 192 168 1 30 TELNET Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 Console Table 4 12 Web Server Commands Command Function Mode Page ip http port Sp...

Страница 284: ...TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 4 42 ip http server This command allows this de...

Страница 285: ...the switch However you cannot configure the HTTP and HTTPS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_num...

Страница 286: ...ommand specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure po...

Страница 287: ...4 43 Telnet Server Commands ip telnet port This command specifies the TCP port number used by the Telnet interface Use the no form to use the default port Syntax ip telnet port port number no ip teln...

Страница 288: ...r This command allows this device to be monitored or configured from Telnet Use the no form to disable this function Syntax no ip telnet server Default Setting Enabled Command Mode Global Configuratio...

Страница 289: ...a local user name and password for access authentication SSH also encrypts all data transfers passing between the switch and SSH enabled management station clients and ensures that data traveling over...

Страница 290: ...use the SSH server complete these steps 1 Generate a Host Key Pair Use the ip ssh crypto host key generate command to create a host public private key pair delete public key Deletes the public key for...

Страница 291: ...switch via the User Accounts page as described on page 3 48 The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format...

Страница 292: ...tication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys ip s...

Страница 293: ...1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase...

Страница 294: ...attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Related Commands show ip ssh 4 56 ip ssh server key size This command sets...

Страница 295: ...f an SSH user Range 1 8 characters dsa DSA public key type rsa RSA public key type Default Setting Deletes both the DSA and RSA key Command Mode Privileged Exec Example ip ssh crypto host key generate...

Страница 296: ...anually create a known hosts file and place the host public key in it The SSH server uses this host key to negotiate a session key and encryption method with the client trying to connect to it Example...

Страница 297: ...ated Commands ip ssh crypto host key generate 4 53 ip ssh save host key 4 55 no ip ssh server 4 50 ip ssh save host key This command saves host key from RAM to flash memory Syntax ip ssh save host key...

Страница 298: ...1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes128 cbc h...

Страница 299: ...client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256...

Страница 300: ...61732531367489083654725415020245593 1998685443583616519999233297817660658309586108259132128902337654680 1726272571413428762941301196195566782595664104869574278881462065194 1746772984865468615717739390...

Страница 301: ...that are stored Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 59 logging history Limits syslog messages saved to switch memory based...

Страница 302: ...power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Console config logging on Console config Table 4 18 Logging Levels Level Severity N...

Страница 303: ...slog server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server D...

Страница 304: ...A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Command Usage The com...

Страница 305: ...logging trap level One of the level arguments listed below Messages sent include the selected level up through level 0 Refer to the table on page 4 60 Default Setting Enabled Level 7 0 Command Mode G...

Страница 306: ...ommand Mode Privileged Exec Example Related Commands show logging 4 64 show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handle...

Страница 307: ...s debugging i e default level 7 0 Console show logging flash Syslog logging Enabled History logging in FLASH level errors Console show logging ram Syslog logging Enabled History logging in RAM level d...

Страница 308: ...address 1 2 3 4 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 REMOTELOG server IP address 0 0 0 0 Console Table 4 20 show logging trap dis...

Страница 309: ...e following example shows sample messages stored in RAM Console show log ram 5 00 01 06 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 4 00 01 00 2001 01 01 STA roo...

Страница 310: ...mand Mode Global Configuration Command Usage You can specify up to three SMTP servers for event handing However you must enter a separate command to specify each server Table 4 21 SMTP Alert Commands...

Страница 311: ...fully open a connection Example logging sendmail level This command sets the severity threshold used to trigger alert messages Syntax logging sendmail level level level One of the system message level...

Страница 312: ...on Command Usage You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch Example This example will set the source email john acme...

Страница 313: ...his command enables SMTP event handling Use the no form to disable this function Syntax no logging sendmail Default Setting Enabled Command Mode Global Configuration Example show logging sendmail This...

Страница 314: ...minimum severity level 4 SMTP destination email addresses 1 geoff acme com SMTP source email address john acme com SMTP status Enabled Console Table 4 22 Time Commands Command Function Mode Page sntp...

Страница 315: ...cords the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issu...

Страница 316: ...addresses Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode The cli...

Страница 317: ...tting 16 seconds Command Mode Global Configuration Example Related Commands sntp client 4 73 show sntp This command displays the current time and configuration settings for the SNTP client and indicat...

Страница 318: ...Sets the local time zone after west of UTC Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time UTC fo...

Страница 319: ...h day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october nove...

Страница 320: ...f a switch using its front panel LED indicators NE PE 4 79 show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the system PE 4 79 show r...

Страница 321: ...ED indicators for ports 1 to 8 When the light unit command is entered the LED corresponding to the switch s ID will flash for about 15 seconds Example show startup config This command displays the con...

Страница 322: ...ation mode command and corresponding commands This command displays the following information SNMP community strings Users names and access levels VLAN database VLAN ID name and state VLAN configurati...

Страница 323: ...guest access level 0 username guest password 0 guest enable password level 15 0 super snmp server community public ro snmp server community private rw logging history ram 6 logging history flash 3 vl...

Страница 324: ...displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information M...

Страница 325: ...blic ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable passwo...

Страница 326: ...tem information Default Setting None Command Mode Normal Exec Privileged Exec Command Usage For a description of the items shown by this command refer to Displaying System Information on page 11 The P...

Страница 327: ...n 24 Port 10 100Mbps Stackable Managed Switch with 2 optional uplink modules System OID string 1 3 6 1 4 1 202 20 43 System information System Up time 0 days 0 hours 0 minutes and 7 18 seconds System...

Страница 328: ...rsions on page 3 13 for detailed information on the items displayed by this command Console show users Username accounts Username Privilege Public Key admin 15 None guest 0 None steve 15 RSA Online us...

Страница 329: ...porting jumbo frames up to 9216 bytes Compared to standard Ethernet frames that run only up to 1 5 KB Console show version Unit 1 Serial number S416000963 Service tag Hardware version R0A Module A typ...

Страница 330: ...support jumbo frames Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second See the switchport broadcast command on page 152 Example Flash File Com...

Страница 331: ...nfig file running config tftp copy tftp file running config startup config https certificate public key copy unit file file Keyword that allows you to copy to from a file running config Keyword that a...

Страница 332: ...ation Use the copy file unit command to copy a local file to another switch in the stack Use the copy unit file command to copy a file from another switch in the stack The Boot ROM and Loader cannot b...

Страница 333: ...e name startup Write to FLASH Programming Write to FLASH finish Success Console Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup conf...

Страница 334: ...m startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number Example This example shows how to delete the test2 cfg confi...

Страница 335: ...mber File information is shown below Example The following example shows how to display all file information Table 4 26 File Directory Information Column Heading Description file name The name of the...

Страница 336: ...of the file information displayed by this command boot system This command specifies the image used to start up the system Syntax boot system unit boot rom config opcode filename The type of file or i...

Страница 337: ...s You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods You can also enable port based authentication for netwo...

Страница 338: ...s UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the Port Security Configures secur...

Страница 339: ...ed first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is checked Example Related C...

Страница 340: ...ord pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication sequ...

Страница 341: ...s server index host host_ip_address host_alias auth port auth_port timeout timeout retransmit retransmit key key index Allows you to specify up to five servers These servers are queried in sequence un...

Страница 342: ...not use blank spaces in the string Maximum length 20 characters Default Setting auth port 1812 timeout 5 seconds retransmit 2 Command Mode Global Configuration Example radius server port This command...

Страница 343: ...um length 20 characters Default Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax ra...

Страница 344: ...t number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode Global Configurati...

Страница 345: ...itch Console show radius server Remote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 1812 Retransmit times 2 Request timeout 5 Sever 1 Server IP a...

Страница 346: ...Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server network port Use the no form to restore the default Syntax tacacs serv...

Страница 347: ...used to authenticate logon access for the client Do not use blank spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server T...

Страница 348: ...unknown or has been previously learned from another port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically ta...

Страница 349: ...message and disable port max mac count address count The maximum number of MAC addresses that can be learned on a port Range 0 1024 Default Setting Status Disabled Action None Maximum Addresses 0 Comm...

Страница 350: ...ue a trap message Related Commands shutdown 4 151 mac address table static 4 179 show mac address table 4 181 802 1X Port Authentication The switch supports IEEE 802 1X dot1x port based access control...

Страница 351: ...dot1x port IC 4 112 dot1x re authenticate Forces re authentication on specific ports PE 4 113 dot1x re authentication Enables re authentication for all ports IC 4 113 dot1x timeout quiet period Sets t...

Страница 352: ...q This command sets the maximum number of times the switch port will retransmit an EAP request identity packet to the client before it times out the authentication session Use the no form to restore t...

Страница 353: ...S server Clients that are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the po...

Страница 354: ...max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 20 Default 5 Default Single host Command Mode Interface Configuration Command Us...

Страница 355: ...8 port Port number Range 1 26 Command Mode Privileged Exec Example dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authent...

Страница 356: ...d seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example dot1x timeout re authperiod This command sets the time period after which a connected clie...

Страница 357: ...Default 30 seconds Command Mode Interface Configuration Example show dot1x This command shows general port authentication related settings on the switch or a specific interface Syntax show dot1x stati...

Страница 358: ...terface including the following items reauth enabled Periodic re authentication page 4 113 reauth period Time after which a connected client must be re authenticated page 4 114 quiet period Time a por...

Страница 359: ...e including initialize disconnected connecting authenticating authenticated aborting held force_authorized force_unauthorized Reauth Count Number of times connecting state is re entered Backend State...

Страница 360: ...disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authoriz...

Страница 361: ...le or dropped as soon as it matches a deny rule If no rules match for a list of all permit rules the packet is dropped and if no rules match for a list of all deny rules the packet is accepted There a...

Страница 362: ...ports 5 If no explicit rule is matched the implicit default is permit all IP ACLs Table 4 33 Access Control Lists Command Groups Function Page IP ACLs Configures ACLs based on IP addresses TCP UDP po...

Страница 363: ...stination IP address and other more specific criteria acl_name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration show ip access list Displays the rule...

Страница 364: ...mple Related Commands permit deny 4 122 ip access group 4 126 show ip access list 4 126 permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for pack...

Страница 365: ...x 168 92 31 x using a bitmask Related Commands access list ip 4 121 permit deny Extended ACL This command adds a rule to an Extended IP ACL The rule sets a filter condition for packets with specific...

Страница 366: ...ge 0 65535 control flags Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing the code bits to match Range...

Страница 367: ...lid use control code 2 18 Example This example accepts any incoming packets if the source address is within subnet 10 7 1 x For example if the rule is matched i e the rule 10 7 1 0 255 255 255 0 equal...

Страница 368: ...length 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 122 ip access group 4 126 ip access group This command binds a port to an IP ACL Use the no form to remove the...

Страница 369: ...one You must configure a mask for an ACL rule before you can bind it to a port Example Related Commands show ip access list 4 126 show ip access group This command shows the ports assigned to IP ACLs...

Страница 370: ...s cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage A packet matching a rule within the specified ACL is mapped to one of the output queues...

Страница 371: ...alue determines the output queue for packets matching an ACL rule Syntax show map access list ip interface interface ethernet unit port unit This is device 1 port Port number Command Mode Privileged E...

Страница 372: ...Creates a MAC ACL and enters configuration mode GC 4 130 permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL 4 131 show mac access...

Страница 373: ...4 133 show mac access list 4 133 permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destination address i e physical layer address o...

Страница 374: ...of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include...

Страница 375: ...ds permit deny 4 131 mac access group 4 133 mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in acl_name Name of the ACL Maxi...

Страница 376: ...ess group 4 133 map access list mac This command sets the output queue for packets matching an ACL rule The specified CoS value is only used to map the matching packet to an output queue it is not wri...

Страница 377: ...ds queue cos map 4 226 show map access list mac 4 135 show map access list mac This command shows the CoS value mapped to a MAC ACL for the current interface The CoS value determines the output queue...

Страница 378: ...Privileged Exec Command Usage Once the ACL is bound to an interface i e the ACL is active the order in which the rules are displayed is determined by the associated mask Console show map access list...

Страница 379: ...ob permit 10 7 1 1 0 0 0 255 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 2 MAC access list jerry permit any host 00...

Страница 380: ...to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects Table 4...

Страница 381: ...Mode Global Configuration Command Usage The first snmp server community command you enter enables SNMP SNMPv1 The no snmp server community command disables SNMP Example snmp server contact This comma...

Страница 382: ...the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Conf...

Страница 383: ...he snmp server community command prior to using the snmp server host command Maximum length 32 characters version Specifies whether to send notifications as SNMP v1 or v2c traps Default Setting Host A...

Страница 384: ...efault is to send SNMP version 1 notifications Example Related Commands snmp server enable traps 4 142 snmp server enable traps This command enables this device to send Simple Network Management Proto...

Страница 385: ...used in conjunction with the snmp server host command Use the snmp server host command to specify which host or hosts receive SNMP notifications In order to send notifications you must configure at le...

Страница 386: ...ivilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number...

Страница 387: ...negotiation Enables autonegotiation of a given interface IC 4 148 capabilities Advertises the capabilities of a given interface for use in autonegotiation IC 4 149 flowcontrol Enables flow control on...

Страница 388: ...port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting None Command Mode Global Configuration Example To specify port 24 enter the following command description This command adds...

Страница 389: ...Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation Default Setting Auto negotiation is enabled by default When auto negotiat...

Страница 390: ...for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negoti...

Страница 391: ...eration 100full Supports 100 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 10full Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flow...

Страница 392: ...commands Example The following example configures Ethernet port 5 capabilities to 100half 100full and flow control Related Commands negotiation 4 148 speed duplex 4 147 flowcontrol 4 150 flowcontrol...

Страница 393: ...ties command To enable flow control under auto negotiation flowcontrol must be included in the capabilities list for any port Avoid using flow control on a port connected to a hub unless it is actuall...

Страница 394: ...to disable broadcast storm control Syntax switchport broadcast octet rate rate no switchport broadcast rate Threshold level as a rate i e octets per second Range 64 95232000 Default Setting Enabled fo...

Страница 395: ...rivileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log o...

Страница 396: ...nit Range 1 8 port Port number Range 1 26 port channel channel id Range 1 4 vlan vlan id Range 1 4094 Default Setting Shows the status for all interfaces Command Mode Normal Exec Privileged Exec Comma...

Страница 397: ...ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 00 AB CD 00 01 Configuration Name Port admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadc...

Страница 398: ...3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late colli...

Страница 399: ...erface is specified information on all interfaces is displayed Example This example shows the configuration setting for port 24 Console show interfaces switchport ethernet 1 24 Broadcast threshold Ena...

Страница 400: ...ows if acceptable VLAN frames include all types or tagged frames only page 4 203 Native VLAN Indicates the default Port VLAN ID page 4 205 Priority for untagged traffic Indicates the default priority...

Страница 401: ...mitted packets Default Setting No mirror session is defined Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination po...

Страница 402: ...11 show port monitor This command displays mirror information Syntax show port monitor interface interface ethernet unit port source port unit Stack unit Range 1 8 port Port number Range 1 26 Default...

Страница 403: ...to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Note The rate limit granularity is multiplied by the rate limit page 4 162 to set the actual...

Страница 404: ...ge 1 255 Default Setting 30 Command Mode Interface Configuration Ethernet Port Channel Command Usage Actual rate limit Rate limit level Granularity Example rate limit granularity Use this command to d...

Страница 405: ...Actual rate limit Rate limit level Granularity Example The following sets Fast Ethernet granularity to 1 Mbps and Gigabit Ethernet granularity to 33 3 Mbps show rate limit Use this command to display...

Страница 406: ...0 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex Console show rate limit Fast ethernet granularity 1000 Gigabit ethernet granularity 33300 Console Table 4 44 Lin...

Страница 407: ...ings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have t...

Страница 408: ...p channel id Trunk index Range 1 4 Default Setting The current port will be added to this trunk Command Mode Interface Configuration Ethernet Command Usage When configuring static trunks the switches...

Страница 409: ...P trunk must be configured for full duplex either by forced mode or auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If...

Страница 410: ...n aggregate link Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console config if lacp Console config if exit Console confi...

Страница 411: ...bined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Once the remote side of a link has been es...

Страница 412: ...tem priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group i...

Страница 413: ...rt Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If th...

Страница 414: ...tes a higher effective priority If an active port link goes down the backup port with the highest priority is selected to replace the downed link However if two or more ports have the same LACP port p...

Страница 415: ...sages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sysid Summary of system priority and MAC address for a...

Страница 416: ...m this channel group Marker Received Number of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type valu...

Страница 417: ...ronization aggregation long timeout LACP activity Table 4 46 show lacp internal display description Field Description Oper Key Current operational value of the key for the aggregation port Admin Key C...

Страница 418: ...nabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol information Synchronization The System considers...

Страница 419: ...signed by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partn...

Страница 420: ...p configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address The LACP system priority and system MAC address are concatenated to form t...

Страница 421: ...lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The stat...

Страница 422: ...This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Default Setting None Command Mode Privilege...

Страница 423: ...ommand Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic addre...

Страница 424: ...sable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example show mac address table agin...

Страница 425: ...time Configures the spanning tree bridge forward time GC 4 186 spanning tree hello time Configures the spanning tree bridge hello time GC 4 187 spanning tree max age Configures the spanning tree bridg...

Страница 426: ...dging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically...

Страница 427: ...Command Mode Global Configuration Command Usage Spanning Tree Protocol Uses RSTP for the internal state machine but sends only 802 1D BPDUs Rapid Spanning Tree Protocol RSTP supports connections to e...

Страница 428: ...e seconds Time in seconds Range 4 30 seconds The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximu...

Страница 429: ...uration Command Usage This command sets the time interval in seconds at which the root device transmits a configuration message Example spanning tree max age This command configures the spanning tree...

Страница 430: ...port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example spanning tree priority This command configures the spanning tree...

Страница 431: ...ree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 0 200 000 000 short Specifies 16 bit based values that range from 0 65535 Default Set...

Страница 432: ...ng 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree cost This command configures the spanning tree path cost for the...

Страница 433: ...to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority When the spanning tree pathcost method page 4 189 is set to short...

Страница 434: ...anning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface Confi...

Страница 435: ...o disable fast forwarding Syntax no spanning tree portfast Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used to enable disable the...

Страница 436: ...xample Related Commands spanning tree edge port 4 192 spanning tree link type This command configures the link type for Rapid Spanning Tree Use the no form to restore the default Syntax spanning tree...

Страница 437: ...tion This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack unit Range 1 8 port...

Страница 438: ...w spanning tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree Use the show spanning tree interface command to display the spa...

Страница 439: ...rent root port 1 Current root cost 50000 Number of topology changes 5 Last topology changes time sec 226 Transmission limit 3 Path Cost Method long Eth 1 1 information Admin status enabled Role root S...

Страница 440: ...ately Default Setting None Table 4 51 VLANs Command Groups Function Page Editing VLAN Groups Sets up VLAN groups including name VID and state 4 198 Configuring VLAN Interfaces Configures VLAN interfac...

Страница 441: ...n to the running configuration file and you can display this file by entering the show running config command Example Related Commands show vlan 4 208 vlan This command configures a VLAN Use the no fo...

Страница 442: ...uration Command Usage no vlan vlan id deletes the VLAN no vlan vlan id name removes the VLAN name no vlan vlan id state returns the VLAN to the default state i e active You can configure up to 255 VLA...

Страница 443: ...a specified VLAN IC 4 201 switchport mode Configures VLAN membership mode for an interface IC 4 202 switchport acceptable frame types Configures frame types to be accepted by an interface IC 4 203 sw...

Страница 444: ...a direct link between two switches so the port transmits tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmi...

Страница 445: ...ll The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage W...

Страница 446: ...ged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives...

Страница 447: ...s not a member of VLAN 1 and you assign its PVID to this VLAN the interface will automatically be added to VLAN 1 as an untagged member For all other VLANs an interface must first be configured as an...

Страница 448: ...tagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to at least one VLAN as untagged If a trunk has sw...

Страница 449: ...VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do n...

Страница 450: ...e vlan name ASCII string from 1 to 32 characters private vlan For an explanation of this command see show vlan private vlan on page 215 Default Setting Shows all VLANs Command Mode Normal Exec Privile...

Страница 451: ...lan Status Active Ports Port channel Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Et...

Страница 452: ...hport private vlan host association command to assign a port to a secondary VLAN 5 Use the switchport private vlan mapping command to assign a port to a primary VLAN 6 Use the show vlan private vlan c...

Страница 453: ...LAN Port membership for private VLANs is static Once a port has been assigned to a private VLAN it cannot be dynamically moved to another VLAN via GVRP Private VLAN ports cannot be set to trunked mode...

Страница 454: ...Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members The associated primary VLAN provides a common interface for access to other network resources within th...

Страница 455: ...his port type can communicate with all other promiscuous ports in the same primary VLAN as well as with all the ports in the associated secondary VLANs Default Setting Normal VLAN Command Mode Interfa...

Страница 456: ...uration Ethernet Port Channel Command Usage All ports assigned to a secondary i e community VLAN can pass traffic between group members but must communicate with resources outside of the group via a p...

Страница 457: ...LAN configuration settings on this switch Syntax show vlan private vlan community isolated primary community Displays all community VLANs along with their associated primary VLAN and assigned host int...

Страница 458: ...condary Type Interfaces 5 primary Eth1 3 5 6 community Eth1 4 Eth1 5 0 8 isolated Console Table 4 56 GVRP and Bridge Extension Commands Command Function Mode Page bridge ext gvrp Enables GVRP globally...

Страница 459: ...members on ports across the network This function should be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Example show bridge ext This command...

Страница 460: ...ernet Port Channel Example Console show bridge ext Max support vlan numbers 255 Max support vlan ID 4094 Extended multicast filtering services No Static entry individual port Yes VLAN learning IVL Con...

Страница 461: ...figuration Command Mode Normal Exec Privileged Exec Example garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values Syntax g...

Страница 462: ...nt of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration deregistration Timer values are applied to GVRP fo...

Страница 463: ...port unit Stack unit Range 1 8 port Port number Range 1 26 port channel channel id Range 1 4 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec Example Related Commands ga...

Страница 464: ...Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service tags to hardware queues 4 222 Priority Layer 3 and 4 Maps TCP ports I...

Страница 465: ...obal Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues a...

Страница 466: ...The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame t...

Страница 467: ...ult weights Syntax queue bandwidth weight1 weight3 no queue bandwidth weight1 weight3 The ratio of weights for queues 0 3 determines the weights used by the WRR scheduler However note that Queue 0 is...

Страница 468: ...ated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin...

Страница 469: ...ged Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Console config interface ethernet 1 1 Co...

Страница 470: ...interface ethernet unit port unit Stack unit Range 1 8 port Port number Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Console show queue bandw...

Страница 471: ...cedence value to a class of service IC 4 232 map ip dscp Enables IP DSCP class of service mapping GC 4 233 map ip dscp Maps IP DSCP value to a class of service IC 4 233 map access list ip Sets the CoS...

Страница 472: ...priority i e TCP UDP port priority Use the no form to remove a specific setting Syntax map ip port port number cos cos value no map ip port port number port number 16 bit TCP UDP port number Range 1...

Страница 473: ...Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence and IP DSCP cannot both be enable...

Страница 474: ...Channel Command Usage The precedence for priority mapping is IP Port IP Precedence or IP DSCP and default switchport priority IP Precedence values are mapped to default Class of Service values on a on...

Страница 475: ...tchport priority IP Precedence and IP DSCP cannot both be enabled Enabling one of these priority types will automatically disable the other type Example The following example shows how to enable IP DS...

Страница 476: ...y DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802 1p standard and then subsequently mapped to the four hardware priority queues This com...

Страница 477: ...ort Port number Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0 Related Comm...

Страница 478: ...er Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip port Global Configuration 4 229 map ip precedence Interface Configurat...

Страница 479: ...number Range 1 26 port channel channel id Range 1 4 Default Setting None Command Mode Privileged Exec Example Related Commands map ip dscp Global Configuration 4 233 map ip dscp Interface Configurati...

Страница 480: ...cast groups via IGMP snooping or static assignment sets the IGMP version displays current snooping and query settings and displays the multicast service and group members 4 238 IGMP Query Configures I...

Страница 481: ...les IGMP snooping ip igmp snooping vlan static This command adds a port to a multicast group Use the no form to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan...

Страница 482: ...ng IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version If there are legacy devices in your network that only support Version 1 you wi...

Страница 483: ...ation show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only...

Страница 484: ...g VLAN M cast IP addr Member ports Type 1 224 1 2 3 Eth1 11 IGMP Console Table 4 65 IGMP Query Commands Layer 2 Command Function Mode Page ip igmp snooping querier Allows this device to act as the que...

Страница 485: ...e for asking hosts if they want to receive multicast traffic Example ip igmp snooping query count This command configures the query count Use the no form to restore the default Syntax ip igmp snooping...

Страница 486: ...mple The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 245 ip igmp snooping query interval This command configures the query interv...

Страница 487: ...ommand defines the time after a query during which a response is expected from a multicast client If a querier has sent a number of queries defined by the ip igmp snooping query count but a client has...

Страница 488: ...r the previous querier stops before it considers the router port i e the interface which had been receiving query packets to have expired Range 300 500 Default Setting 300 seconds Command Mode Global...

Страница 489: ...static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Ther...

Страница 490: ...er vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed i...

Страница 491: ...ess Syntax ip address ip address netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits used for routing to...

Страница 492: ...t periodically by this device in an effort to learn its IP address BOOTP and DHCP values can include the IP address default gateway and subnet mask You can start broadcasting BOOTP or DHCP requests by...

Страница 493: ...n the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Exa...

Страница 494: ...eway Default Setting No static route is established Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment Example The...

Страница 495: ...er node on the network Syntax ping host size size count count host IP address or IP alias of the host size Number of bytes in a packet Range 32 512 default 32 The actual packet size will be eight byte...

Страница 496: ...nds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press...

Страница 497: ...0 100 Mbps half full duplex 1000BASE T 1000 Mbps full duplex Flow Control Full Duplex IEEE 802 3x Half Duplex Back pressure Broadcast Storm Control Traffic throttled above a critical threshold Port Mi...

Страница 498: ...ayer 3 4 priority mapping IP Port IP Precedence IP DSCP Multicast Filtering IGMP Snooping Layer 2 Additional Features BOOTP client CIDR Classless Inter Domain Routing SNTP Simple Network Time Protocol...

Страница 499: ...d Spanning Tree Protocol IEEE 802 1X Port Authentication IEEE 802 3 2002 Ethernet Fast Ethernet Gigabit Ethernet IEEE 802 3 2002 Full duplex flow control IEEE 802 3 2002 Link Aggregation Control Proto...

Страница 500: ...up MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP MIB RFC 2011 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1212 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB...

Страница 501: ...the VLAN interface through which the management station is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the...

Страница 502: ...an account on the switch for each SSH user including user name authentication level and password Be sure you have imported the client s public key to the switch if public key authentication is used C...

Страница 503: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 504: ...TROUBLESHOOTING B 4...

Страница 505: ...appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to...

Страница 506: ...n Protocol GVRP Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work autom...

Страница 507: ...networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value IEEE 802 1X Port Authentication controls acces...

Страница 508: ...bership In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participat...

Страница 509: ...ne way hash function meaning that it takes a message and converts it into a fixed string of digits also called a message digest Multicast Switching A process whereby the switch filters incoming multic...

Страница 510: ...Remote Authentication Dial in User Service RADIUS RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network...

Страница 511: ...cated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communi...

Страница 512: ...targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of thei...

Страница 513: ...r restoring 2 12 3 24 4 89 console port required connections 2 2 CoS configuring 3 168 4 222 DSCP 3 177 3 181 4 233 IP precedence 3 175 4 229 4 230 4 231 layer 3 4 priorities 3 174 4 229 queue mapping...

Страница 514: ...75 4 229 4 230 4 231 mapping priorities 3 175 4 232 J jumbo frame 4 87 L LACP local parameters 4 173 partner parameters 4 173 protocol message statistics 4 173 link type STA 3 138 3 141 4 194 logging...

Страница 515: ...scuous ports 3 159 protocol migration 3 141 4 195 PVLAN association 3 163 community ports 3 159 interface configuration 3 165 primary VLAN 3 160 promiscuous ports 3 159 Q queue weights 3 173 4 225 R R...

Страница 516: ...clock setting 3 42 4 72 System Logs 3 33 system software downloading from server 3 22 4 89 T TACACS logon authentication 3 50 4 103 time setting 3 42 4 72 traffic class weights 3 173 4 225 trap manage...

Страница 517: ......

Страница 518: ...73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Switzerland 41 0 1 9409971 Fax 41 0 1 9409972 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Northern Europe 44 0 118 974 8700 Fax 44 0 118 974 870...

Отзывы: