Supermicro SSE-G2252 Скачать руководство пользователя страница 330

Страница: 330 / 1401

Chapter 13: Security Measures
Configuring 802.1X Port Authentication

– 337 –

Figure 13-59: Configuring Port Security

ONFIGURING

802.1X P

ORT

UTHENTICATION

Network switches can provide open and easy access to network resources

by simply attaching a client PC. Although this automatic configuration and

access is a desirable feature, it also allows unauthorized personnel to easily

intrude and possibly gain access to sensitive network data.

The IEEE 802.1X (dot1X) standard defines a port-based access control

procedure that prevents unauthorized access to a network by requiring

users to first submit credentials for authentication. Access to all switch

ports in a network can be centrally controlled from a server, which means

that authorized users can use the same credentials for authentication from

any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL)

to exchange authentication protocol messages with the client, and a

remote RADIUS authentication server to verify user identity and access

rights. When a client (i.e., Supplicant) connects to a switch port, the switch

(i.e., Authenticator) responds with an EAPOL identity request. The client

provides its identity (such as a user name) in an EAPOL response to the

switch, which it forwards to the RADIUS server. The RADIUS server verifies

the client identity and sends an access challenge back to the client. The

EAP packet from the RADIUS server contains not only the challenge, but

the authentication method to be used. The client can reject the

authentication method and request another, depending on the

configuration of the client software and the RADIUS server. The encryption

method used to pass authentication messages can be MD5 (Message-

Digest 5), TLS (Transport Layer Security), PEAP (Protected Extensible

Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The

client responds to the appropriate method with its credentials, such as a

password or certificate. The RADIUS server verifies the client credentials

and responds with an accept or reject packet. If authentication is

successful, the switch allows the client to access the network. Otherwise,

non-EAP traffic on the port is blocked or assigned to a guest VLAN based on

the “intrusion-action” setting. In “multi-host” mode, only one host

connected to a port needs to pass authentication for all other hosts to be

granted network access. Similarly, a port can become unauthorized for all

Содержание SSE-G2252

Страница 1: ...SSE G2252 Switch SSE G2252P Switch USER S MANUAL Revison 1 0b SSE G2252P SSE G2252P Switch SSE G2252 SSE G2252 Switch...

Страница 2: ...l liability for all claims will not exceed the price paid for the hardware product FCC Statement This equipment has been tested and found to comply with the limits for a Class A digital device pursuan...

Страница 3: ...al switch functions the Internet Protocol IP and Simple Network Management Protocol SNMP CONVENTIONS The following conventions are used throughout this guide to show information NOTE Emphasizes import...

Страница 4: ...e first version of this guide This guide is valid for software release v2 0 0 4 REVISION 1 0A NOVEMBER 2015 REVISION This is the second version of this guide with new changes for the latest software r...

Страница 5: ...g Passwords 30 Setting an IP Address 31 Downloading a Configuration File and Other Parameters Provided by a DHCP Server 37 Enabling SNMP Management Access 39 Managing System Files 41 Saving or Restori...

Страница 6: ...5 Showing Port or Trunk Statistics 109 Displaying Statistical History 114 Displaying Transceiver Data 118 Configuring Transceiver Thresholds 119 Performing Cable Diagnostics 122 Trunk Configuration 12...

Страница 7: ...er 2 Queue Settings 223 Setting the Default Priority for Interfaces 223 Selecting the Queue Mode 224 Mapping CoS Values to Egress Queues 226 Layer 3 4 Priority Settings 229 Setting Priority Processing...

Страница 8: ...ction 326 Configuring VLAN Settings for ARP Inspection 328 Configuring Interface Settings for ARP Inspection 329 Displaying ARP Inspection Statistics 330 Displaying the ARP Inspection Log 332 Filterin...

Страница 9: ...figuring General Settings for Clusters 439 Cluster Member Configuration 440 Managing Cluster Members 442 Ethernet Ring Protection Switching 442 ERPS Global Configuration 447 ERPS Ring Configuration 44...

Страница 10: ...Source List 553 Multicast VLAN Registration for IPv4 554 Configuring MVR Global Settings 555 Configuring MVR Domain Settings 557 Configuring MVR Group Address Profiles 559 Configuring MVR Interface S...

Страница 11: ...solution Protocol 634 Proxy ARP Configuration 634 Configuring Static ARP Addresses 636 Displaying Dynamic or Local ARP Entries 637 Displaying ARP Statistics 638 Configuring Static Routes 639 Displayin...

Страница 12: ...973 Local Port Mirroring Commands 973 RSPAN Mirroring Commands 976 30 CONGESTION CONTROL COMMANDS 983 Rate Limit Commands 983 Storm Control Commands 984 Automatic Traffic Control Commands 986 31 LOOPB...

Страница 13: ...ME SERVICE COMMANDS 1321 44 DHCP COMMANDS 1329 DHCP Client 1329 DHCP Relay 1337 45 IP INTERFACE COMMANDS 1339 IPv4 Interface 1339 Basic IPv4 Configuration 1340 ARP Configuration 1346 IPv6 Interface 13...

Страница 14: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 15: ...ity Measures AAA ARP Inspection DHCP Snooping with Option 82 relay information DoS Protection IP Source Guard PPPoE Intermediate Agent Port Authentication IEEE 802 1X Port Security MAC address filteri...

Страница 16: ...hing Supported to ensure wire speed switching while eliminating bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs...

Страница 17: ...ocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols PORT CONFIGURATION You can manually configure the speed duplex mod...

Страница 18: ...s table facilitates data switching by learning addresses and then filtering or forwarding traffic based on this information The address table supports up to 16K addresses STORE AND FORWARD SWITCHING T...

Страница 19: ...can be dynamically learned via GVRP or ports can be manually assigned to a specific set of VLANs This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned By segm...

Страница 20: ...uted between any IP interfaces configured on the switch Routing to statically configured hosts or subnet addresses is provided based on next hop entries specified in the static routing table ADDRESS R...

Страница 21: ...to manage multicast group registration It also supports Multicast VLAN Registration MVR for IPv4 and MVR6 for IPv6 which allows common multicast traffic such as television channels to be transmitted a...

Страница 22: ...Timeout 600 seconds Authentication and Security Measures Privileged Exec Level Username ADMIN Password ADMIN Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Lev...

Страница 23: ...rol Rate Limiting Disabled Storm Control Broadcast Disabled 500 packets sec Multicast Disabled Unknown Unicast Disabled Auto Traffic Control Disabled Address Table Aging Time 300 seconds Spanning Tree...

Страница 24: ...sabled DNS Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Proxy Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Enabled Querier Disabled Multicast VLAN Registra...

Страница 25: ...s and display statistics using a standard web browser such as Internet Explorer 8 Mozilla Firefox 36 or Google Chrome 41 or more recent versions The switch s web management interface can be accessed f...

Страница 26: ...rmation and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable...

Страница 27: ...he attached network The onboard configuration program can be accessed using Telnet from any computer attached to the network The switch can also be managed by any computer using a web browser Internet...

Страница 28: ...haracters and are case sensitive To prevent unauthorized access to the switch set the passwords as follows 1 Open the console interface with the default user name and password ADMIN to access the Priv...

Страница 29: ...d through the DHCPv6 server or manually configured as described in Assigning an IPv6 Address on page 32 MANUAL CONFIGURATION You can manually assign an IP address to the switch You may also need to sp...

Страница 30: ...ss IP Version 6 on page 659 Link Local Address All link local addresses must be configured with a prefix in the range of FE80 FEBF Remember that this address type makes the switch accessible over IPv6...

Страница 31: ...rk address and is expressed as a decimal number For example all IPv6 addresses that start with the first byte of 73 hexadecimal could be expressed as 73 0 0 0 0 0 0 0 8 or 73 8 To generate an IPv6 glo...

Страница 32: ...backoff until IP configuration information is obtained from a BOOTP or DHCP server BOOTP and DHCP values can include the IP address subnet mask and default gateway If the DHCP BOOTP server is slow to...

Страница 33: ...g Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success OBTAINING AN IPV6 ADDRESS Link Local Address There are several ways to configure IPv6 addresses The s...

Страница 34: ...ration mode prompt type interface vlan 1 to access the interface configuration mode Press Enter 2 From the interface prompt type ipv6 address autoconfig and press Enter 3 Type ipv6 enable and press En...

Страница 35: ...uration file the download procedure will be terminated and the switch will not send any further DHCP client requests If the switch fails to download the bootup configuration file based on information...

Страница 36: ...ge 192 168 255 160 192 168 255 200 option routers 192 168 255 101 option tftp server name 192 168 255 100 Default Option 66 option bootfile name bootfile Default Option 67 class Option66 67_1 DHCP Opt...

Страница 37: ...need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized management stations are only able to retrieve MIB objects p...

Страница 38: ...ONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS To configure management access for SNMPv3 clients you need to first create a view that defines the portions of MIB that the client can read or write assign...

Страница 39: ...the switch operations and provides the CLI and web management interfaces See Managing System Files on page 129 for more information Diagnostic Code Software that is run during system boot up also know...

Страница 40: ...rrent configuration settings enter the following command 1 From the Privileged Exec mode prompt type copy running config startup config and press Enter 2 Enter the name of the start up file Press Ente...

Страница 41: ...gement Tasks on page 65 Interface Configuration on page 99 VLAN Configuration on page 147 Address Table Settings on page 179 Spanning Tree Algorithm on page 189 Congestion Control on page 213 Class of...

Страница 42: ...44 General IP Routing on page 627...

Страница 43: ...s and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on page 30...

Страница 44: ...switch s web agent the home page is displayed as shown below The home page displays the Main Menu on the left side of the screen and System Information on the right side The Main Menu links are used t...

Страница 45: ...Figure 3 2 Front Panel Indicators MAIN MENU Using the onboard web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions The following ta...

Страница 46: ...Shows list of configured NTP time servers 83 Add NTP Authentication Key Adds key index and corresponding MD5 key 85 Show NTP Authentication Key Shows list of configured authentication keys 85 Configu...

Страница 47: ...into static trunks 125 Show Member Shows the port members for the selected trunk 125 Configure General 125 Configure Configures trunk connection settings 125 Show Information Displays trunk connectio...

Страница 48: ...d administrative status 150 Edit Member by VLAN Specifies VLAN attributes per VLAN 150 Edit Member by Interface Specifies VLAN attributes per interface 153 Edit Member by Interface Range Specifies VLA...

Страница 49: ...plays dynamic entries in the address table 183 Clear Dynamic MAC Removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured...

Страница 50: ...reshold and the time to release the control response after traffic has fallen beneath the lower threshold 217 Configure Interface Sets the storm control mode broadcast or multicast the traffic thresho...

Страница 51: ...igure Interface Configures VoIP traffic settings for ports including the way in which a port is added to the Voice VLAN filtering of non VoIP packets the method of detecting VoIP traffic and the prior...

Страница 52: ...tocol settings 280 Configure Interface Enables Web Authentication for individual ports 281 Network Access MAC address based network access authentication 282 Configure Global Enables aging for authent...

Страница 53: ...L and time range Configure Binds a port to the specified ACL and time range 321 Add Mirror MIrrors matching traffic to the specified port 322 Show Mirror Shows ACLs mirrored to specified port 322 Show...

Страница 54: ...Pv6 Source Guard Filters IPv6 traffic based on static entries in the IP Source Guard table or dynamic entries in the DHCP Snooping table 355 Port Configuration Enables IPv6 source guard and selects fi...

Страница 55: ...ent status and sets related trap functions 402 Configure Engine 403 Set Engine ID Sets the SNMP v3 engine ID on this switch 403 Add Remote Engine Sets the SNMP v3 engine ID for a remote device 404 Sho...

Страница 56: ...ics on a physical interface 433 Statistics Enables collection of statistics on a physical interface 436 Show History Shows sampling parameters for each entry in the history group 433 Statistics Shows...

Страница 57: ...s list of configured maintenance associations 480 Configure MEP Configures Maintenance End Points 485 Add Configures MEPs at the domain boundary to provide management access for each maintenance assoc...

Страница 58: ...d recovery interval 514 Configure Interface Enables UDLD and aggressive mode which reduces the shut down delay after loss of bidirectional connectivity is detected 515 Show Information Displays UDLD n...

Страница 59: ...ave returned an ICMP packet too big message along with an acceptable MTU to this switch 608 IP Service 611 DNS Domain Name Service 611 General 611 Configure Global Enables DNS lookup defines the defau...

Страница 60: ...to a neighboring multicast router either through static or dynamic configuration 526 IGMP Member 528 Add Static Member Statically assigns multicast addresses to the selected VLAN 528 Show Static Memb...

Страница 61: ...resses statically configured on the selected VLAN 551 Show Current Member Shows multicast addresses associated with the selected VLAN either through static or dynamic configuration 551 Group Informati...

Страница 62: ...ing 575 Configure Interface Configures MVR interface type and immediate leave mode also displays MVR operational and active status 578 Configure Port Configures MVR attributes for a port 578 Configure...

Страница 63: ...Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port Sets console port connection parameters Configuring Telnet Settings Sets Telnet connection p...

Страница 64: ...39 102 SSE G2252P 1 3 6 1 4 1 259 10 1 39 102 ECS4210 52P 1 3 6 1 4 1 259 10 1 39 102 System Up Time Length of time the management agent has been up System Name Name assigned to the switch system Syst...

Страница 65: ...rts Hardware Version Hardware version of the main board Main Power Status Displays the status of the internal power supply Management Software Information Role Shows that this switch is operating as M...

Страница 66: ...s protocol encapsulation fields CLI REFERENCES System Management Commands on page 653 USAGE GUIDELINES To use jumbo frames both the source and destination end nodes such as a computer or server must s...

Страница 67: ...switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service on page 223 Static Entry Individual Port This switch allows static filtering for unicast and multicast...

Страница 68: ...ion information 1 Click System then Capability Figure 4 4 Displaying Bridge Extension Configuration MANAGING SYSTEM FILES This section describes how to upgrade the switch operating software or configu...

Страница 69: ...y the protocol versions and perform security checks SFTP connection setup includes verification of the DSS signature creation of session keys creation of client server and server client ciphers SSH ke...

Страница 70: ...n the file directory on the switch NOTE The maximum number of user defined configuration files is limited only by available flash memory space NOTE The file Factory_Default_Config cfg can be copied to...

Страница 71: ...artup file CLI REFERENCES copy on page 667 PARAMETERS The following parameters are displayed Copy Type The copy operation includes this option Running Config Copies the current configuration settings...

Страница 72: ...HE START UP FILE Use the System File Set Start Up page to specify the firmware or configuration file to use for system initialization CLI REFERENCES whichboot on page 672 boot system on page 666 WEB I...

Страница 73: ...the File List and click Delete Figure 4 8 Displaying System Files AUTOMATIC OPERATION CODE UPGRADE Use the System File Automatic Operation Code Upgrade page to automatically download an operation cod...

Страница 74: ...operating systems such as Unix and most Unix like systems FreeBSD NetBSD OpenBSD and most Linux distributions etc are case sensitive meaning that two files in the same directory sse G2252 series bix...

Страница 75: ...st be observed tftp host filedir tftp Defines TFTP protocol for the server connection host Defines the IP address of the TFTP server Valid IP addresses consist of four numbers 0 to 255 separated by pe...

Страница 76: ...ory tftp 192 168 0 1 switch opcode The image file is in the switch opcode directory relative to the TFTP root tftp 192 168 0 1 switches opcode The image file is in the opcode directory which is within...

Страница 77: ...restart after upgrade succeeds Downloading new image Flash programming started Flash programming completed The switch will now restart SETTING THE SYSTEM CLOCK Simple Network Time Protocol SNTP allow...

Страница 78: ...ows the current time set on the switch Hours Sets the hour Range 0 23 Minutes Sets the minute value Range 0 59 Seconds Sets the second value Range 0 59 Month Sets the month Range 1 12 Day Sets the day...

Страница 79: ...equests for a time update from a time server Range 16 16384 seconds Default 16 seconds WEB INTERFACE To set the polling interval for SNTP 1 Click System then Time 2 Select Configure General from the S...

Страница 80: ...and client Polling Interval Shows the interval between sending requests for a time update from NTP servers Fixed 1024 seconds WEB INTERFACE To set the clock maintenance type to NTP 1 Click System the...

Страница 81: ...ime Servers SPECIFYING NTP TIME SERVERS Use the System Time Configure Time Server Add NTP Server page to add the IP address for up to 50 NTP time servers CLI REFERENCES ntp server on page 704 PARAMETE...

Страница 82: ...ge 1 65535 WEB INTERFACE To add an NTP time server to the server list 1 Click System then Time 2 Select Configure Time Server from the Step list 3 Select Add NTP Server from the Action list 4 Enter th...

Страница 83: ...n this page Up to 255 keys can be configured on the switch Range 1 65535 Key Context An MD5 authentication key string The key string can be up to 32 case sensitive printable ASCII characters no spaces...

Страница 84: ...e zone is east before or west after of UTC You can choose one of the 80 predefined time zone definitions or your can manually configure the parameters for your local time zone CLI REFERENCES clock tim...

Страница 85: ...ion is terminated for the session Range 10 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the ti...

Страница 86: ...ection can only be configured through the CLI see password on page 682 NOTE Password checking can be enabled or disabled for logging in to the console connection see login on page 680 You can select a...

Страница 87: ...s not detected within the timeout interval the connection is terminated for the session Range 10 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input i...

Страница 88: ...age 656 PARAMETERS The following parameters are displayed CPU Guard Status Enables CPU Guard Default Disabled High Watermark If the percentage of CPU usage time is higher than the high watermark the s...

Страница 89: ...ilization must drop beneath the low watermark before the alarm is terminated and then exceed the high watermark again before another alarm is triggered Once the maximum threshold is exceeded utilizati...

Страница 90: ...Utilization CPU utilization over specified interval Show Information by Task Total The total number of tasks running on the CPU Index An index indentifying each task Task The name of the task Util The...

Страница 91: ...Utilization To display CPU utilization by task 1 Click System CPU Utilization Show Information by Task Figure 4 23 Displaying CPU Utilization by Task DISPLAYING MEMORY UTILIZATION Use the System Memor...

Страница 92: ...y at a specified time after a specified delay or at a periodic interval CLI REFERENCES reload Privileged Exec on page 650 reload Global Configuration on page 646 show reload on page 651 COMMAND USAGE...

Страница 93: ...reload the switch The specified time must be equal to or less than 24 days hours The number of hours combined with the minutes before the switch resets Range 0 576 minutes The number of minutes combi...

Страница 94: ...RFACE To restart the switch 1 Click System then Reset 2 Select the required reset mode 3 For any option other than to reset immediately fill in the required parameters 4 Click Apply 5 When prompted co...

Страница 95: ...Chapter 4 Basic Management Tasks Resetting the System 97 Figure 4 27 Restarting the Switch At Figure 4 28 Restarting the Switch Regularly...

Страница 96: ...rs which support DDM Configuring Transceiver Thresholds Configures thresholds for alarm and warning messages for optical transceivers which support DDM Cable Test Tests the cable attached to a port Tr...

Страница 97: ...bled the only attribute which can be advertised is flow control PARAMETERS These parameters are displayed Port Port identifier Range 1 52 Type Indicates the port type 100BASE FX 1000BASE T 1000BASE SF...

Страница 98: ...ormally IEEE 802 3x for full duplex operation Default Autonegotiation enabled Advertised capabilities for 100BASE FX SFP 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH SFP...

Страница 99: ...ommands on page 921 WEB INTERFACE To configure port connection parameters 1 Click Interface Port General 2 Select Configure by Port Range from the Action List 3 Enter to range of ports to which your c...

Страница 100: ...Flow Control Shows the flow control type used WEB INTERFACE To display port connection parameters 1 Click Interface Port General 2 Select Show Information from the Action List Figure 5 3 Displaying P...

Страница 101: ...target port cannot be set to the same target ports as that used for port mirroring by this command When traffic matches the rules for both port mirroring and for mirroring of VLAN traffic or packets b...

Страница 102: ...rror traffic from remote switches for analysis at a destination port on the local switch This feature also called Remote Switched Port Analyzer RSPAN carries traffic generated on the specified source...

Страница 103: ...the mirror session the switch s role Source the RSPAN VLAN and the uplink port1 Then specify the source port s and the traffic type to monitor Rx Tx or Both 3 Set up all intermediate switches on the...

Страница 104: ...is enabled after RSPAN has been configured MAC address learning will still not be re started on the RSPAN uplink ports IEEE 802 1X RSPAN and 802 1X are mutually exclusive functions When 802 1X is enab...

Страница 105: ...ned by the switch as members of the RSPAN VLAN Ports cannot be manually assigned to an RSPAN VLAN through the VLAN Static page Nor can GVRP dynamically add port members to an RSPAN VLAN Also note that...

Страница 106: ...TRUNK STATISTICS Use the Interface Port Trunk Statistics or Chart page to display standard statistics on network traffic from the Interfaces Group and Ethernet like MIBs as well as a detailed breakdow...

Страница 107: ...ddress including those that were discarded or not sent Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent the...

Страница 108: ...umber of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame Internal MAC Receive Errors A count of frames for which reception on a particular interfa...

Страница 109: ...yte Packets 128 255 Byte Packets 256 511 Byte Packets 512 1023 Byte Packets 1024 1518 Byte Packets 1519 1536 Byte Packets The total number of packets including bad packets received and transmitted whe...

Страница 110: ...how a chart of port statistics 1 Click Interface Port Chart 2 Select the statistics mode to display Interface Etherlike RMON or All 3 If Interface Etherlike RMON statistics mode is chosen select a por...

Страница 111: ...story page to display statistical history for the specified interfaces CLI REFERENCES history on page 926 show interfaces history on page 933 COMMAND USAGE For a description of the statistics displaye...

Страница 112: ...e number of samples to take Show Details Mode Status Shows the sample parameters Current Entry Shows current statistics for the specified port and named sample Input Previous Entries Shows statistical...

Страница 113: ...how from the Action menu 3 Select an interface from the Port or Trunk list Figure 5 14 Showing Entries for History Sampling To show the configured parameters for a sampling entry 1 Click Interface Por...

Страница 114: ...Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options for Mode 4 Select an interface from the Port or Trunk list 5 Select an sampling entry from the Name list F...

Страница 115: ...ng DDM CLI REFERENCES show interfaces transceiver on page 944 PARAMETERS These parameters are displayed Port Port number Range 49 52 General Information on connector type and vendor related parameters...

Страница 116: ...iver page to configure thresholds for alarm and warning messages for optical transceivers which support Digital Diagnostic Monitoring DDM This page also displays identifying information for supported...

Страница 117: ...ovides information on transceiver parameters Trap Sends a trap when any of the transceiver s operation values falls outside of specified thresholds Default Disabled Auto Mode Uses default threshold se...

Страница 118: ...to the threshold and the last sample value was greater than the threshold After a falling event has been generated another such event will not be generated until the sampled value has risen above the...

Страница 119: ...1 Gbps TDR analyses the cable by sending a pulsed signal into the cable and then examining the reflection of that pulse If the port link up speed is not 1 Gbps then Time Domain Reflectometry TDR test...

Страница 120: ...Link Status Shows if the port link is up or down Test Result The results include common cable failures as well as the status and approximate distance to a fault or the approximate cable length if no f...

Страница 121: ...d link with LACP configured ports on another device You can configure any number of ports on the switch as LACP as long as they are not already configured as part of a static trunk If ports on another...

Страница 122: ...hole when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk CONFIGURING A STATIC TRUNK Use the Interface Trunk Static page to create a trunk a...

Страница 123: ...te a static trunk 1 Click Interface Trunk Static 2 Select Configure Trunk from the Step list 3 Select Add from the Action list 4 Enter a trunk identifier 5 Set the unit and port for the initial trunk...

Страница 124: ...figure from the Action list 4 Modify the required interface settings Refer to Configuring by Port List on page 99 for a description of the parameters 5 Click Apply Figure 5 24 Configuring Connection P...

Страница 125: ...ttached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trun...

Страница 126: ...timeout of 3 seconds The timeout is set in the LACP timeout bit of the Actor State field in transmitted LACPDUs When the partner switch receives an LACPDU set with a short timeout from the actor swit...

Страница 127: ...he downed link However if two or more ports have the same LACP port priority the port with the lowest physical port number will be selected as the backup port If an LAG already exists with the maximum...

Страница 128: ...rom the Step list 3 Select Configure from the Action list 4 Click General 5 Enable LACP on the required ports 6 Click Apply Figure 5 28 Enabling LACP on a Port To configure LACP parameters for group m...

Страница 129: ...p list 3 Select Show Member from the Action list 4 Select a Trunk Figure 5 30 Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic...

Страница 130: ...TERS Use the Interface Trunk Dynamic Configure Aggregation Port Show Information Counters page to display statistics for LACP protocol messages CLI REFERENCES show lacp on page 960 PARAMETERS These pa...

Страница 131: ...gation Port Show Information Internal page to display the configuration settings and operational state for the local side of a link aggregation CLI REFERENCES show lacp on page 960 Marker Unknown Pkts...

Страница 132: ...ed state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on t...

Страница 133: ...Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number...

Страница 134: ...ce Trunk Load Balance page to set the load distribution method used among ports in aggregated links CLI REFERENCES COMMAND USAGE This command applies to all static and dynamic trunks on the switch To...

Страница 135: ...witch to switch trunk links where traffic through the switch is received from and destined for many different hosts Source IP Address All traffic with the same source IP address is output on the same...

Страница 136: ...en there is no link partner Under normal operation the switch continuously auto negotiates to find a link partner keeping the MAC interface powered up even if no link connection exists When using powe...

Страница 137: ...active link only works when connection speed is 1 Gbps and line length is less than 60 meters PARAMETERS These parameters are displayed Port Power saving mode only applies to the Gigabit Ethernet port...

Страница 138: ...e access to their uplink ports where security is less likely to be compromised ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation...

Страница 139: ...nctions such as VLANs and spanning tree protocol A port cannot be configured in both an uplink and downlink list A port can only be assigned to one traffic segmentation session A downlink port can onl...

Страница 140: ...or trunks Port Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 16 WEB INTERFACE To configure the members of the traffic segmentation group 1 Click Interface Traffic Segmentation 2 Select Con...

Страница 141: ...D and E Figure 5 41 Configuring VLAN Trunking Without VLAN trunking you would have to configure VLANs 1 and 2 on all intermediate switches C D and E otherwise these switches would drop any frames wit...

Страница 142: ...ll other ports where VLAN trunking is enabled In other words VLAN trunking will still be effectively enabled for the unknown VLAN PARAMETERS These parameters are displayed Interface Displays a list of...

Страница 143: ...switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eli...

Страница 144: ...up s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate n...

Страница 145: ...GARP VLAN Registration Protocol defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports th...

Страница 146: ...h along a path that contains any VLAN aware devices the switch should include VLAN tags When forwarding a frame from this switch along a path that does not contain any VLAN aware devices including the...

Страница 147: ...ce to support Layer 3 configuration and reserves memory space required to maintain additional information about this interface type This parameter must be enabled before you can assign an IP address t...

Страница 148: ...elect Modify from the Action list 3 Select the identifier of a configured VLAN 4 Modify the VLAN name operational status or Layer 3 Interface status as required 5 Click Apply Figure 6 4 Modifying Sett...

Страница 149: ...of configured VLAN 1 4094 Interface Displays a list of ports or trunks Port Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 16 Mode Indicates VLAN membership mode for an interface Default Hy...

Страница 150: ...t is not a member these frames will be discarded Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP Membe...

Страница 151: ...e frame type and ingress filtering parameters for each interface within the specified range must be configured on either the Edit Member by VLAN or Edit Member by Interface page WEB INTERFACE To confi...

Страница 152: ...Member by Interface Range from the Action list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameters as required Remember that the PVID acceptabl...

Страница 153: ...GVRP must be globally enabled for the switch before this setting can take effect using the Configure General page When disabled any GVRP packets received on this port will be discarded and no GVRP reg...

Страница 154: ...AN Identifier of a VLAN this switch has joined through GVRP Interface Displays a list of ports or trunks which have joined the selected VLAN through GVRP WEB INTERFACE To configure GVRP on the switch...

Страница 155: ...Dynamic 2 Select Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 6 11 Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN 1 Click...

Страница 156: ...VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port c...

Страница 157: ...ag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags If the incoming packet is un...

Страница 158: ...will be dropped when ingress filtering is enabled If ingress filtering is not enabled the packet will still be forwarded If the VLAN is not listed in the VLAN table the packet will be dropped 4 After...

Страница 159: ...t in the Ethernet Type field This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The default ethertype value is 0x8100 See Enabling Qi...

Страница 160: ...assigned to the VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as unt...

Страница 161: ...he outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate methods of queue management at intermediate nodes across the tunnel Rather than r...

Страница 162: ...ed port 6 Click Apply Figure 6 15 Configuring CVLAN to SPVLAN Mapping Entries To show the mapping table 1 Click VLAN Tunnel 2 Select Configure Service from the Step list 3 Select Show from the Action...

Страница 163: ...re Interface page to set the access interface on the edge switch to Access mode and set the uplink interface on the switch attached to the service provider network to Uplink mode PARAMETERS These para...

Страница 164: ...ort its VLAN membership can then be determined based on the protocol type being used by the inbound packets COMMAND USAGE To configure protocol based VLANs follow these steps 1 First configure VLAN gr...

Страница 165: ...which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet traffic must not be mapped to another VLAN or y...

Страница 166: ...will participate in the group CLI REFERENCES protocol vlan protocol group Configuring Interfaces on page 1108 COMMAND USAGE When creating a protocol based VLAN only assign interfaces using this confi...

Страница 167: ...rotocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Priority The priority assigned to untagged ingress tra...

Страница 168: ...o configure IP subnet based VLANs When using port based classification all untagged frames received by a port are classified as belonging to the VLAN whose VID PVID is associated with that port When I...

Страница 169: ...ity is applied in this sequence and then port based VLANs last PARAMETERS These parameters are displayed IP Address The IP address for a subnet Valid IP addresses consist of four decimal numbers 0 to...

Страница 170: ...to ingress untagged frames according to source MAC addresses When MAC based VLAN classification is enabled untagged frames received by a port are assigned to the VLAN which is mapped to the frame s s...

Страница 171: ...address 00 50 6e 00 5f b1 translated into binary MAC 00000000 01010000 01101110 00000000 01011111 10110001 could be 11111111 11xxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx So the mask in hexadecimal for...

Страница 172: ...obe to the target port and study the traffic crossing the source VLAN s in a completely unobtrusive manner CLI REFERENCES Port Mirroring Commands on page 973 COMMAND USAGE All active ports in a source...

Страница 173: ...matches the rules for both port mirroring and for mirroring of VLAN traffic or packets based on a MAC address the matching packets will not be sent to target port specified for port mirroring PARAMETE...

Страница 174: ...Chapter 6 VLAN Configuration Configuring VLAN Mirroring 178 Figure 6 27 Showing the VLANs to Mirror...

Страница 175: ...dress to a target port MAC Notification Traps Issue trap when a dynamic MAC address is added or removed CONFIGURING MAC ADDRESS LEARNING Use the MAC Address Learning Status page to enable or disable M...

Страница 176: ...Port Port identifier Range 1 52 Trunk Trunk identifier Range 1 16 VLAN VLAN identifier Range 1 4094 Status The status of MAC address learning Default Enabled WEB INTERFACE To enable or disable MAC ad...

Страница 177: ...e this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses are bound to the assigned interface and will not be moved When a st...

Страница 178: ...nk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 7 3 Configuring Static MAC Addresses To show the static addresses in MAC address table 1...

Страница 179: ...required 4 Specify a new aging time 5 Click Apply Figure 7 5 Setting the Address Aging Time DISPLAYING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Show Dynamic MAC page to display the MAC ad...

Страница 180: ...how the dynamic address table 1 Click MAC Address Dynamic 2 Select Show Dynamic MAC from the Action list 3 Select the Sort Key MAC Address VLAN or Interface 4 Enter the search parameters MAC Address V...

Страница 181: ...MAC ADDRESS MIRRORING Use the MAC Address Mirror Add page to mirror traffic matching a specified source address from any port on the switch to a target port for real time analysis You can then attach...

Страница 182: ...address the matching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed Source MAC MAC address in the form of xx xx xx xx xx xx or xxxxxxxxx...

Страница 183: ...d Default Disabled MAC Notification Trap Interval Specifies the interval between issuing two consecutive traps Range 1 3600 seconds Default 1 second Configure Interface Port Port Identifier Range 1 52...

Страница 184: ...Traps Global Configuration To enable MAC address traps at the interface level 1 Click MAC Address MAC Notification 2 Select Configure Interface from the Step list 3 Enable MAC notification traps for...

Страница 185: ...that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this...

Страница 186: ...forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs MSTP When using STP or RSTP it may be difficult to maintain a stable path between all VLAN member...

Страница 187: ...ause each instance is treated as an RSTP node in the Common Spanning Tree CST CONFIGURING LOOPBACK DETECTION Use the Spanning Tree Loopback Detection page to configure loopback detection on an interfa...

Страница 188: ...ows an interface to be manually released from discard mode This is only available if the interface is configured for manual release mode Action Sets the response for loopback detection to block user t...

Страница 189: ...vertently disabled to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol1 RSTP supports connections to...

Страница 190: ...displayed Basic Configuration of Global Settings Spanning Tree Status Enables disables STA on this switch Default Enabled Spanning Tree Type Specifies the type of spanning tree used on this switch ST...

Страница 191: ...RSTP according to the standard Path Cost Method The path cost is used to determine the best path between devices The path cost method is used to determine the range of values that can be assigned to...

Страница 192: ...firm that a port can transition to the forwarding state without having to rely on any timer configuration To achieve fast convergence RSTP relies on the use of edge ports and automatic detection of po...

Страница 193: ...Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Configure from the Action list 4 Modify any of the required attributes Note that the parameters displayed for the spanning tree...

Страница 194: ...Chapter 8 Spanning Tree Algorithm Configuring Global Settings for STA 198 Figure 8 6 Configuring Global Settings for STA RSTP Figure 8 7 Configuring Global Settings for STA MSTP...

Страница 195: ...nd MAC address where the address is taken from the switch system Designated Root The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device Root P...

Страница 196: ...erface Displays a list of ports or trunks Spanning Tree Enables disables STA on this interface Default Enabled BPDU Flooding Enables disables the flooding of BPDUs to other ports when global spanning...

Страница 197: ...is attached to a point to point link or to shared media This is the default setting Root Guard STA allows a bridge with a lower bridge identifier or same identifier and lower MAC address to take over...

Страница 198: ...ls the spanning tree s maximum age for configuration messages see maximum age under Configuring Global Settings for STA on page 193 An interface cannot function as an edge port under the following con...

Страница 199: ...cted interface to forced STP compatible mode However you can also use the Protocol Migration button to manually re check the appropriate BPDU format RSTP or STP compatible to send on the selected inte...

Страница 200: ...ected to the same segment and there is no other STA device attached to this segment the port with the smaller ID forwards packets and the other is discarding All ports are discarding when the switch i...

Страница 201: ...ugh the bridge to the root bridge i e designated port is the MSTI regional root i e master port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fa...

Страница 202: ...default all VLANs are assigned to the Internal Spanning Tree MST Instance 0 that connects all bridges and LANs within the MST region This switch supports up to 64 instances You should try to group VLA...

Страница 203: ...in steps of 4096 Options 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Default 32768 WEB INTERFACE To create instances for MSTP 1 Click Spanning Tree MSTP...

Страница 204: ...Select Modify from the Action list 4 Modify the priority for an MSTP Instance 5 Click Apply Figure 8 14 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning...

Страница 205: ...p list 3 Select Add Member from the Action list 4 Select an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not...

Страница 206: ...es STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory infor...

Страница 207: ...below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is...

Страница 208: ...Chapter 8 Spanning Tree Algorithm Configuring Interface Settings for MSTP 212 Figure 8 19 Displaying MSTP Interface Settings...

Страница 209: ...e Traffic Rate Limit page to apply rate limiting to ingress or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface Rat...

Страница 210: ...erly configured If there is too much traffic on your network performance can be severely degraded or everything can come to complete halt You can protect your network from traffic storms by setting a...

Страница 211: ...BASE FX 1000BASE T 1000BASE SFP Unknown Unicast Specifies storm control for unknown unicast traffic Multicast Specifies storm control for multicast traffic Broadcast Specifies storm control for broadc...

Страница 212: ...ow Alarm Fire Threshold The highest acceptable traffic rate When ingress traffic exceeds the threshold ATC sends a Storm Alarm Fire Trap and logs it Storm Alarm FireTRAP Alarm Fire Threshold 1 255kpps...

Страница 213: ...nually The control response of shutting down a port can only be released manually Figure 9 4 Storm Control by Shutting Down a Port The key elements of this diagram are the same as that described in th...

Страница 214: ...r The interval after the upper threshold has been exceeded at which to apply the control response to broadcast storms Range 1 300 seconds Default 300 seconds Broadcast Release Timer The time at which...

Страница 215: ...storm control is a software level control function Traffic storms can also be controlled at the hardware level using the Storm Control menu However only one of these control types can be applied to a...

Страница 216: ...igured by the Auto Release Control attribute Range 1 255 kilo packets per second Default 250 kpps If rate limiting has been configured as a control response and Auto Control Release is enabled rate li...

Страница 217: ...to Traffic Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the control response of...

Страница 218: ...This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags to queues SETTING THE DEFAULT P...

Страница 219: ...r any interface 4 Click Apply Figure 10 1 Setting the Default Port Priority SELECTING THE QUEUE MODE Use the Traffic Priority Queue page to set the queue mode for the egress queues on any interface Th...

Страница 220: ...es a combination of strict and weighted queuing The specified queue mode applies to all interfaces PARAMETERS These parameters are displayed Queue Mode Strict Services the egress queues in sequential...

Страница 221: ...ueues which are serviced first must be specified by enabling strict mode parameter in the table 5 Click Apply Figure 10 2 Setting the Queue Mode Strict Figure 10 3 Setting the Queue Mode WRR Figure 10...

Страница 222: ...els recommended in the IEEE 802 1p standard for various network applications are shown in Table 10 2 However priority levels can be mapped to the switch s output queues in any way that benefits applic...

Страница 223: ...ueues 1 Click Traffic Priority PHB to Queue 2 Select Configure from the Action list 3 Map an internal PHB to a hardware queue Depending on how an ingress packet is processed internally based on its Co...

Страница 224: ...put queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following manner The precedence for priority mapping is DS...

Страница 225: ...ed packet the default port priority see page 223 is used for priority processing If the QoS mapping mode is set to CoS and the ingress packet type is IPv4 then priority processing will be based on the...

Страница 226: ...one to one to the Class of Service values that is Precedence value 0 maps to PHB value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various application types The ToS...

Страница 227: ...or this router hop Range 0 7 Drop Precedence Drop precedence used for Random Early Detection in controlling traffic congestion Range 0 Green 3 Yellow 1 Red WEB INTERFACE To map IP Precedence to intern...

Страница 228: ...ut it retains backward compatibility with the three precedence bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of...

Страница 229: ...lick Apply Table 10 6 Default Mapping of DSCP Values to Internal PHB Drop Values ingress dscp1 ingress dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2...

Страница 230: ...Priority CoS to DSCP page to maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for priority processing CLI REFERENCES qos map cos dscp on page 1126 COMMAND USAGE...

Страница 231: ...s parameter to 0 to indicate that the MAC address information carried in the frame is in canonical format Range 0 1 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precede...

Страница 232: ...Settings 237 Figure 10 12 Configuring CoS to DSCP Internal Mapping To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list Figu...

Страница 233: ...etwork policies different kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding tre...

Страница 234: ...ured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign a...

Страница 235: ...IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP value contained in an IPv6 packet Range 0 63 VLAN ID A VLAN Range 1 4094 CoS A Co...

Страница 236: ...from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type of traffic for this class based on an access list a DSCP or IP Precedence value a VLAN or a C...

Страница 237: ...eviously defined class maps The class of service or per hop behavior i e the priority used for internal queue processing can be assigned to matching packets In addition the flow rate of inbound traffi...

Страница 238: ...d The marker re colors an IP packet according to the results of the meter The color is coded in the DS field RFC 2474 of the packet The behavior of the meter is specified in terms of its mode and two...

Страница 239: ...service value or drop a packet the switch will also mark the two color bits used to set the drop precedence of a packet for Random Early Detection A packet is marked red if it exceeds the PIR Otherwi...

Страница 240: ...of trTCM CLI REFERENCES Quality of Service Commands on page 1133 COMMAND USAGE A policy map can contain 200 class statements that can be applied to the same interface page 252 Up to 32 policy maps ca...

Страница 241: ...r maximum throughput committed burst size BC or burst rate and the action to take for conforming and non conforming traffic Policing is based on a token bucket where bucket depth that is the maximum b...

Страница 242: ...ed rate in kilobits per second Range 0 1000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower The rate cannot exceed the configured interface speed Committed Burst Size BC C...

Страница 243: ...f this section under trTCM Police Meter Committed Information Rate CIR Committed rate in kilobits per second Range 0 1000000 kbps at a granularity of 64 kbps or maximum port speed whichever is lower T...

Страница 244: ...ority for out of conformance traffic Range 0 63 Drop Drops out of conformance traffic WEB INTERFACE To configure a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Se...

Страница 245: ...havior for matching packets to specify the quality of service to be assigned to the matching traffic class Use one of the metering options to define parameters such as the maximum throughput and burst...

Страница 246: ...t CLI REFERENCES Quality of Service Commands on page 1133 COMMAND USAGE First define a class map define a policy map and then bind the service policy to the required interface Only one policy map can...

Страница 247: ...ervice Attaching a Policy Map to a Port 253 3 Check the box under the Ingress field to enable a policy map for a port 4 Select a policy map from the scroll down box 5 Click Apply Figure 11 9 Attaching...

Страница 248: ...It provides security by isolating the VoIP traffic from other data traffic End to end QoS policies and high priority can be applied to VoIP VLAN traffic across the network guaranteeing the bandwidth i...

Страница 249: ...ports Default Disabled Voice VLAN Sets the Voice VLAN ID for the network Only one Voice VLAN is supported and it must already be created on the switch Range 1 4094 Voice VLAN Aging Time The time after...

Страница 250: ...Telephony OUI Specifies a MAC address range to add to the list Format xx xx xx xx xx xx Mask Identifies a range of MAC addresses Setting a mask of FF FF FF 00 00 00 identifies all devices with the sam...

Страница 251: ...gure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic priority You can also enable security filtering to ensure that only VoIP tra...

Страница 252: ...ionally Unique Identifier OUI of the source MAC address OUI numbers are assigned to vendors and form the first three octets of a device MAC address MAC address OUI numbers must be configured in the Te...

Страница 253: ...Configuring VoIP Traffic Ports 260 1 Click Traffic VoIP 2 Select Configure Interface from the Step list 3 Configure any required changes to the VoIP settings each port 4 Click Apply Figure 12 4 Confi...

Страница 254: ...Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure web connection SSH Provide a secure shell for secure Telnet ac...

Страница 255: ...ts auditing and billing for services that users have accessed on the network The AAA functions require the use of configured RADIUS or TACACS servers in the network The security servers can be defined...

Страница 256: ...IUS or TACACS protocols to verify management access CLI REFERENCES Authentication Sequence on page 758 COMMAND USAGE By default management access is always checked against the authentication database...

Страница 257: ...cess Control System Plus TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authenticat...

Страница 258: ...ssage Digest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security PARAMETERS These parameters are displayed Configure Server RADIUS Global Provides globally applicable RADIUS setti...

Страница 259: ...uthentication Timeout The number of seconds the switch waits for a reply from the TACACS server before it resends the request Range 1 65535 Default 5 Authentication Retries Number of times the switch...

Страница 260: ...RADIUS or TACACS server type 4 Select Global to specify the parameters that apply globally to all specified servers or select a specific Server Index to specify the parameters that apply to a specifi...

Страница 261: ...rom the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS server type 5 Enter the group name followed by the index of the server to use for each priority level 6 Click Apply Figure...

Страница 262: ...st be enabled before accounting is enabled PARAMETERS These parameters are displayed Configure Global Periodic Update Specifies the interval at which the local accounting service updates information f...

Страница 263: ...or Exec as described in the preceding section 802 1X Method Name Specifies a user defined accounting method to apply to an interface This method must be defined in the Configure Method page Range 1 64...

Страница 264: ...the switch Time Elapsed Displays the length of time this entry has been active WEB INTERFACE To configure global settings for AAA accounting 1 Click Security AAA Accounting 2 Select Configure Global...

Страница 265: ...t Configure Method from the Step list 3 Select Show from the Action list Figure 13 9 Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces console commands e...

Страница 266: ...Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types 1 Click Security AAA Accounting 2 Select Show Information from the Step li...

Страница 267: ...S or TACACS server must be enabled before authorization is enabled PARAMETERS These parameters are displayed Configure Method Authorization Type Specifies the service as Command Administrative authori...

Страница 268: ...Name Displays the user defined or default accounting method Server Group Name Displays the authorization server group Interface Displays the console or Telnet interface to which these rules apply Thi...

Страница 269: ...authorization method applied to local console Telnet or SSH connections 1 Click Security AAA Authorization 2 Select Configure Service from the Step list 3 Enter the required authorization method 4 Cl...

Страница 270: ...safe place PARAMETERS These parameters are displayed User Name The name of the user Maximum length 32 characters maximum number of users 16 Access Level Specifies command access privileges Range 0 15...

Страница 271: ...d password Encrypted Password Encrypted password The encrypted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file duri...

Страница 272: ...CP assigned IP address and perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page...

Страница 273: ...it must re authenticate itself Range 300 3600 seconds Default 3600 seconds Quiet Period Configures how long a host must wait to attempt authentication again after it has exceeded the maximum allowable...

Страница 274: ...ining Session Time Indicates the remaining time until the current authorization session for the host expires Apply Enables web authentication if the Status box is checked Revert Restores the previous...

Страница 275: ...on trunk ports CLI REFERENCES Network Access MAC Address Authentication on page 824 COMMAND USAGE MAC address authentication controls access to the network by authenticating the MAC address of each ho...

Страница 276: ...ttribute The VLAN list can contain multiple VLAN identifiers in the format 1u 2t 3u where u indicates an untagged VLAN and t a tagged VLAN The RADIUS server may optionally return dynamic QoS assignmen...

Страница 277: ...result changes from success to failure when the following conditions occur Illegal characters found in a profile value for example a non digital character in an 802 1p profile value Failure to configu...

Страница 278: ...ation Time Sets the time period after which a connected host must be reauthenticated When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During...

Страница 279: ...page 150 Also when used with 802 1X authentication intrusion action must be set for Guest VLAN see Configuring Port Authenticator Settings for 802 1X on page 340 Dynamic VLAN Enables dynamic VLAN assi...

Страница 280: ...button 4 Make any configuration changes required to enable address authentication on a port set the maximum number of secure addresses supported the guest VLAN to use when MAC Authentication or 802 1...

Страница 281: ...TERFACE To configure link detection on switch ports 1 Click Security Network Access 2 Select Configure Interface from the Step list 3 Click the Link Detection button 4 Modify the link detection status...

Страница 282: ...dress Mask The filter rule will check for the range of MAC addresses defined by the MAC bit mask If you omit the mask the system will assign the default mask of an exact match Range 000000000000 FFFFF...

Страница 283: ...Query By Specifies parameters to use in the MAC address query Sort Key Sorts the information displayed based on MAC address port interface or attribute MAC Address Specifies a specific MAC address Int...

Страница 284: ...IGURING HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol HTTPS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s w...

Страница 285: ...currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 293 NOTE Users are automatically logged off of the HTTP server or HTTPS server if...

Страница 286: ...e replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority CAUTION For...

Страница 287: ...Click Security HTTPS 2 Select Copy Certificate from the Step list 3 Fill in the TFTP server certificate and private key file name and private password 4 Click Apply Figure 13 29 Downloading the Secure...

Страница 288: ...entication Settings To use the SSH server complete these steps 1 Generate a Host Key Pair On the SSH Host Key Settings page create a host public private key pair 2 Provide Host Public Key to Clients M...

Страница 289: ...in memory c If a match is found the connection is allowed NOTE To use SSH with only password authentication the host public key must still be given to the client either during initial connection or m...

Страница 290: ...le for authentication and if so it then checks whether the signature is correct If both checks succeed the client is authenticated NOTE The SSH server supports up to eight client sessions The maximum...

Страница 291: ...private key that is never shared outside the switch The host key is shared with the SSH client and is fixed at 1024 bits WEB INTERFACE To configure the SSH server 1 Click Security SSH 2 Select Config...

Страница 292: ...d then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption NOTE The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients Save H...

Страница 293: ...32 Showing the SSH Host Key Pair IMPORTING USER PUBLIC KEYS Use the Security SSH Configure User Key Copy page to upload a user s public key to the switch This public key must be stored on the switch...

Страница 294: ...the client to select either DES 56 bit or 3DES 168 bit for data encryption The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients TFTP Server IP Address The IP addr...

Страница 295: ...ype or any frames based on MAC address or Ethernet type To filter incoming packets first create an access list add the required rules and then bind the list to a specific port Configuring Access Contr...

Страница 296: ...resses the ACEs to reduce the number of required TCAM entries For example one ACL may include 128 ACEs which classify a continuous IP address range like 192 168 1 0 255 If compression is disabled the...

Страница 297: ...haracters Add Rule Time Range Name of a time range Mode Absolute Specifies a specific time or time range Start End Specifies the hours minutes month day and year at which to start or end Periodic Spec...

Страница 298: ...Configure Time Range from the Step list 3 Select Add Rule from the Action list 4 Select the name of time range from the drop down list 5 Select a mode option of Absolute or Periodic 6 Fill in the requ...

Страница 299: ...IP Source Guard filter rules Quality of Service QoS processes QinQ MAC based VLANs VLAN translation or traps For example when binding an ACL to a port each rule in an ACL will use two PCEs and when se...

Страница 300: ...th 32 characters Type The following filter modes are supported IP Standard IPv4 ACL mode filters packets based on the source IPv4 address IP Extended IPv4 ACL mode filters packets based on the source...

Страница 301: ...figure the name and type of an ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add from the Action list 4 Fill in the ACL Name field and select the ACL type 5 Click Apply F...

Страница 302: ...the Address field or IP to specify a range of addresses with the Address and Subnet Mask fields Options Any Host IP Default Any Source IP Address Source IP address Source Subnet Mask A subnet mask co...

Страница 303: ...e 902 Time Range on page 711 COMMAND USAGE Due to a ASIC limitation the switch only checks the leftmost six priority bits This presents no problem when checking DSCP or IP Precedence bits but limits t...

Страница 304: ...for the specified protocol type Range 0 65535 Source Destination Port Bit Mask Decimal number representing the port bits to match Range 0 65535 Protocol Specifies the protocol type to match as TCP UD...

Страница 305: ...ame of a time range WEB INTERFACE To add rules to an IPv4 Extended ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IP Extended from t...

Страница 306: ...matching the selected type Action An ACL can contain any combination of rules which permit or deny a packet Source Address Type Specifies the source IP address Use Any to include all possible addresse...

Страница 307: ...ect Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type Any...

Страница 308: ...ng Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields The swit...

Страница 309: ...ck Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the...

Страница 310: ...me Range on page 711 PARAMETERS These parameters are displayed Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain...

Страница 311: ...ed packets Range 0 ffff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bit Mask Protocol bit...

Страница 312: ...Ethernet type or packet format 10 Click Apply Figure 13 46 Configuring a MAC ACL CONFIGURING AN ARP ACL Use the Security ACL Configure ACL Add Rule ARP page to configure ACLs based on ARP message add...

Страница 313: ...on page 309 Source Destination MAC Address Type Use Any to include all possible addresses Host to indicate a specific MAC address or MAC to specify an address range with the Address and Mask fields O...

Страница 314: ...access list IPv4 IPv6 or MAC can be assigned to a port CLI REFERENCES ip access group Interface Configuration on page 901 show ip access group on page 902 mac access group Interface Configuration on...

Страница 315: ...48 Binding a Port to an ACL CONFIGURING ACL MIRRORING After configuring ACLs use the Security ACL Configure Interface Add Mirror page to mirror traffic matching an ACL from one or more source ports t...

Страница 316: ...S These parameters are displayed Port Port identifier ACL ACL used for ingress packets WEB INTERFACE To bind an ACL to a port 1 Click Security ACL 2 Select Configure Interface from the Step list 3 Sel...

Страница 317: ...the type of ACL Direction Displays statistics for ingress ACL Name The ACL bound this port Action Shows if action is to permit or deny specified packets Rules Shows the rules for the ACL bound to thi...

Страница 318: ...nooping binding database see DHCP Snooping Global Configuration on page 364 This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs ARP Inspection...

Страница 319: ...AGE ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the following validations enables ARP Inspection Validation globally Any combination of the fo...

Страница 320: ...spection globally Default Disabled ARP Inspection Validation Enables extended ARP Inspection Validation if any of the following options are enabled Default Disabled Dst MAC Validates the destination M...

Страница 321: ...red within the ARP ACL configuration page see page 319 ARP Inspection ACLs can be applied to any configured VLAN ARP Inspection uses the DHCP snooping bindings database for the list of valid IP to MAC...

Страница 322: ...hen validation against the DHCP Snooping Bindings database Default Disabled WEB INTERFACE To configure VLAN settings for ARP Inspection 1 Click Security ARP Inspection 2 Select Configure VLAN from the...

Страница 323: ...n trusted or untrusted ports Range 0 2048 Default 15 Setting the rate limit to 0 means that there is no restriction on the number of ARP packets that can be processed by the CPU The switch will drop a...

Страница 324: ...ped ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP packets that fa...

Страница 325: ...ct Show Log from the Action list Figure 13 56 Displaying the ARP Inspection Log FILTERING IP ADDRESSES FOR MANAGEMENT ACCESS Use the Security IP Filter page to create a list of up to 15 IP addresses o...

Страница 326: ...tering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the...

Страница 327: ...network When port security is enabled on a port the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number Only incoming traffic with source add...

Страница 328: ...table that attempts to use the port will be prevented from accessing the switch If a port is disabled shut down due to a security violation it must be manually re enabled from the Interface Port Gene...

Страница 329: ...sses currently associated with this interface MAC Filter Shows if MAC address filtering has been set under Security Network Access Configure MAC Filter as described on page 288 MAC Filter ID The ident...

Страница 330: ...henticator responds with an EAPOL identity request The client provides its identity such as a user name in an EAPOL response to the switch which it forwards to the RADIUS server The RADIUS server veri...

Страница 331: ...D5 PEAP TLS or TTLS Native support for these encryption methods is provided in Windows 8 7 Vista and XP and in Windows 2000 with Service Pack 4 To support these encryption methods in Windows 95 and 98...

Страница 332: ...ssword are used to identify this switch as a supplicant when responding to an MD5 challenge from the authenticator These parameters must be set when this switch passes client authentication requests t...

Страница 333: ...the authentication server configure the parameters for the exchange of EAP messages between the authenticator and clients on the Authenticator configuration page When devices attached to a port must s...

Страница 334: ...to connect to this port Multi Host Allows multiple host to connect to this port In this mode only one host connected to a port needs to pass authentication for all other hosts to be granted network a...

Страница 335: ...t Default 0 seconds A RADIUS server must be set before the correct operational value of 10 seconds will be displayed in this field See Configuring Remote Logon Authentication Servers on page 264 Re au...

Страница 336: ...ncluding request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier carried in t...

Страница 337: ...uthentication on page 792 COMMAND USAGE When devices attached to a port must submit requests to another authenticator on the network configure the Identity Profile parameters on the Configure Global p...

Страница 338: ...uthenticator Range 1 65535 seconds Default 30 seconds Held Period The time that a supplicant port waits before re sending its credentials to find a new an authenticator Range 1 65535 seconds Default 3...

Страница 339: ...that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx Las...

Страница 340: ...Rx Last EAPOLSrc The source MAC address carried in the most recent EAPOL frame received by this Supplicant Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Supplicant R...

Страница 341: ...s for 802 1X Port Supplicant DOS PROTECTION Use the Security DoS Protection page to protect against denial of service DoS attacks A DoS attack is an attempt to block the services provided by a compute...

Страница 342: ...get and never returns ACK packets These half open connections will bind resources on the target and no new connections can be made resulting in a denial of service Default Disabled TCP Flooding Attack...

Страница 343: ...the Microsoft Windows 3 1x 95 NT operating systems In this type of attack the perpetrator sends the string of OOB out of band OOB packets contained a TCP URG flag to the target computer on TCP port 13...

Страница 344: ...urce IP and MAC enables this function on the selected port Use the SIP option to check the VLAN ID source IP address and port number against all entries in the binding table Use the SIP MAC option to...

Страница 345: ...fault None None Disables IP source guard filtering on the port SIP Enables traffic filtering based on IP addresses stored in the binding table SIP MAC Enables traffic filtering based on IP addresses a...

Страница 346: ...ress a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entry is static IP source guard...

Страница 347: ...t 4 Click Apply Figure 13 68 Configuring Static Bindings for IPv4 Source Guard To display static bindings for IP Source Guard 1 Click Security IP Source Guard Static Binding 2 Select Show from the Act...

Страница 348: ...ace Port to which this entry is bound IP Address IP address corresponding to the client Lease Time The time for which this IP address is leased to the client WEB INTERFACE To display the binding table...

Страница 349: ...IPv6 source guard is enabled on an interface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6...

Страница 350: ...based on IPv6 global unicast source IPv6 addresses stored in the binding table Max Binding Entry The maximum number of entries that can be bound to an interface Range 1 5 Default 5 This parameter set...

Страница 351: ...ND Binding Dynamic DHCPv6 Binding VLAN identifier and port identifier CLI REFERENCES ipv6 source guard binding on page 870 COMMAND USAGE Traffic filtering is based only on the source IPv6 address VLAN...

Страница 352: ...be entered according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros...

Страница 353: ...d DISPLAYING INFORMATION FOR DYNAMIC IPV6 SOURCE GUARD BINDINGS Use the Security IPv6 Source Guard Dynamic Binding page to display the source guard binding table for a selected interface CLI REFERENCE...

Страница 354: ...Showing the IPv6 Source Guard Binding Table DHCP SNOOPING The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping...

Страница 355: ...re forwarded for a trusted port If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on t...

Страница 356: ...82 information to be inserted into request packets When the DHCP Snooping Information Option 82 is enabled the requesting client or an intermediate relay agent that has used the information fields to...

Страница 357: ...fies the MAC address IP address or arbitrary identifier of the requesting device i e the switch in this context MAC Address Inserts a MAC address in the remote ID sub option for the DHCP snooping agen...

Страница 358: ...snooping on specific VLANs CLI REFERENCES ip dhcp snooping vlan on page 848 COMMAND USAGE When DHCP snooping is enabled globally on the switch and enabled on the specified VLAN DHCP packet filtering...

Страница 359: ...Interface page to configure switch ports as trusted or untrusted CLI REFERENCES ip dhcp snooping trust on page 851 COMMAND USAGE A trusted interface is an interface that is configured to receive only...

Страница 360: ...ervice DHCP Snooping 2 Select Configure Interface from the Step list 3 Set any ports within the local network or firewall to trusted 4 Specify the mode used for sending circuit ID information and an a...

Страница 361: ...d to store the currently learned dynamic DHCP snooping entries to flash memory These entries will be restored to the snooping table when the switch is reset However note that the lease time shown for...

Страница 362: ...NMP Switch Clustering Configures centralized management by a single unit over a group of switches connected to the same local network Ethernet Ring Protection Switching ERPS Configures a protection sw...

Страница 363: ...Default Enabled Flash Level Limits log messages saved to the switch s permanent flash memory for all levels up to the specified level For example if level 3 is specified all messages from level 0 to l...

Страница 364: ...2 Select Configure Global from the Step list 3 Enable or disable system logging set the level of event messages to be logged to flash memory and RAM 4 Click Apply Figure 14 1 Configuring Settings for...

Страница 365: ...ed by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in syslog messages see RFC...

Страница 366: ...ogging events of a specified level The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients CLI REFERENCES SMTP Alerts on page 695 PARAMETERS These...

Страница 367: ...e Configuring a List of Name Servers on page 613 or Configuring Static DNS Host to Address Entries on page 615 WEB INTERFACE To configure SMTP alert messages 1 Click Administration Log SMTP 2 Enable S...

Страница 368: ...LLDP Commands on page 1245 PARAMETERS These parameters are displayed LLDP Enables LLDP globally on the switch Default Enabled Transmission Interval Configures the periodic transmit interval for LLDP...

Страница 369: ...tate changes that exist at the time of a notification are included in the transmission An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldp...

Страница 370: ...smission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notific...

Страница 371: ...nt address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifi...

Страница 372: ...controlled the port pins selected to deliver power and the power class MAC PHY Configuration Status The MAC PHY configuration and status which includes information about auto negotiation support capa...

Страница 373: ...ital ASCII letters Example DK DE or US Device entry refers to The type of device to which the location applies Location of DHCP server Location of network element closest to client Location of client...

Страница 374: ...the device attached to an interface including items such as the city street number building and room information The address location is specified as a type and value pair with the civic address type...

Страница 375: ...ce 1 Click Administration LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from the Action list 4 Select an interface from the Port or Trunk list 5 Specify a CA Type and CA Va...

Страница 376: ...the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to indicate the...

Страница 377: ...unk interface types When a trunk is listed the descriptions apply to the first port of the trunk Port Trunk Description A string that indicates the port or trunk description If RFC 2863 is implemented...

Страница 378: ...etwork Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory WEB INTERFACE To display LLDP information for the local device 1 Click Administration LLDP 2 Select...

Страница 379: ...ce Information for LLDP Port Details DISPLAYING LLDP REMOTE DEVICE INFORMATION Use the Administration LLDP Show Remote Device Information page to display information about devices connected directly t...

Страница 380: ...ied and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field See Table 14 3 Chassis ID Subtype on page 383 Chassis ID An octet string indicating the...

Страница 381: ...ote VLAN Name List VLAN names associated with a port Remote Protocol Identity List Information about particular protocols that are accessible through a port This object represents an arbitrary local i...

Страница 382: ...MDI power is supported on the given port associated with the remote system Remote Power Pair Controllable Indicates whether the pair selection can be controlled for sourcing power on the given port as...

Страница 383: ...f the IP communication systems Network Connectivity Device Devices that provide access to the IEEE 802 based LAN infrastructure for LLDP MED endpoint devices These may be any LAN access device includi...

Страница 384: ...ity level is significant and the default PVID of the ingress port is used instead DSCP Value The DSCP value to be used to provide Diffserv node behavior for the specified application type This field m...

Страница 385: ...vice Asset ID The asset identifier of the end point device End point devices are typically assigned asset identifiers to facilitate inventory management and assets tracking Firmware Revision The firmw...

Страница 386: ...otocols Link Layer Discovery Protocol 393 Figure 14 13 Displaying Remote Device Information for LLDP Port Details Additional information displayed by an end point device which advertises LLDP MED TLVs...

Страница 387: ...eneral Statistics on Remote Devices Neighbor Entries List Last Updated The time the LLDP neighbor entry list was last updated New Neighbor Entries Count The number of LLDP neighbors for which the remo...

Страница 388: ...gnized A count of all TLVs not recognized by the receiving LLDP local agent TLVs Discarded A count of all LLDPDUs received and then discarded due to insufficient memory space missing or out of sequenc...

Страница 389: ...s its power budget When a device is connected to a switch port its power requirements are detected by the switch before power is supplied If the power required by a device exceeds the power budget of...

Страница 390: ...hat were designed prior to the IEEE 802 3af PoE standard Default Disabled The switch automatically detects attached PoE devices by periodically transmitting test voltages that over the Gigabit Etherne...

Страница 391: ...4 current Afterwards the switch exchanges information with the PD such as duty cycle peak and average power needs For the SSE G2252P the total PoE power delivered by all ports cannot exceed the maxim...

Страница 392: ...Port The port number on the switch Admin Status Enables PoE power on a port Power is automatically supplied when a device is detected on a port providing that the power demanded does not exceed the sw...

Страница 393: ...ial problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A defined set of variables known as managed objects is maintained by the S...

Страница 394: ...views for the SNMP clients that require access COMMAND USAGE Configuring SNMPv1 2c Management Access To configure SNMPv1 or v2c management access to the switch follow these steps 1 Use the Administra...

Страница 395: ...nd write access views for the switch MIB tree 5 Use the Administration SNMP Configure User page to configure SNMP user groups with the required security model i e SNMP v1 v2c or v3 and security level...

Страница 396: ...types 4 Click Apply Figure 14 19 Configuring Global Settings for SNMP SETTING THE LOCAL ENGINE ID Use the Administration SNMP Configure Engine Set Engine ID page to change the local engine ID An SNMPv...

Страница 397: ...characters 5 Click Apply Figure 14 20 Configuring the Local Engine ID for SNMP SPECIFYING A REMOTE ENGINE ID Use the Administration SNMP Configure Engine Add Remote Engine page to configure a engine...

Страница 398: ...ost The IPv4 or IPv6 address of a remote management station which is using the specified engine ID WEB INTERFACE To configure a remote SNMP engine ID 1 Click Administration SNMP 2 Select Configure Eng...

Страница 399: ...ype Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view Add OID Subtree View Name Lists the SNMP views configured in the Add View page Range 1...

Страница 400: ...Select Show View from the Action list Figure 14 24 Showing SNMP Views To add an object identifier to an existing SNMP view of the switch s MIB database 1 Click Administration SNMP 2 Select Configure V...

Страница 401: ...ing the OID Subtree Configured for SNMP Views CONFIGURING SNMPV3 GROUPS Use the Administration SNMP Configure Group page to add an SNMPv3 group which can be used to set the access policy for its assig...

Страница 402: ...its election as the new root e g upon expiration of the Topology Change Timer immediately subsequent to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when an...

Страница 403: ...trap is sent when the port is being intruded This trap will only be sent when the portSecActionTrap is enabled swIpFilterRejectTrap 1 3 6 1 4 1 259 10 1 39 2 1 0 40 This trap is sent when an incorrect...

Страница 404: ...t1agCfmLoopFindTrap 1 3 6 1 4 1 259 10 1 17 10 1 39 2 1 0 10 0 This trap is sent when a MEP receives its own CCMs dot1agCfmMepUnknownTrap 1 3 6 1 4 1 259 10 1 17 10 1 39 2 1 0 10 1 This trap is sent w...

Страница 405: ...2 1 0 201 This trap is sent when user logs in logoutTrap 1 3 6 1 4 1 259 10 1 39 2 1 0 202 This trap is sent when user logs out fileCopyTrap 1 3 6 1 4 1 259 10 1 39 2 1 0 208 This trap is sent when f...

Страница 406: ...k Administration SNMP 2 Select Configure Group from the Step list 3 Select Show from the Action list Figure 14 28 Showing SNMP Groups SETTING COMMUNITY ACCESS STRINGS Use the Administration SNMP Confi...

Страница 407: ...ons are only able to retrieve MIB objects Read Write Authorized management stations are able to both retrieve and modify MIB objects WEB INTERFACE To set a community access string 1 Click Administrati...

Страница 408: ...meters are displayed User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Mo...

Страница 409: ...onfigure User from the Step list 3 Select Add SNMPv3 Local User from the Action list 4 Enter a name and assign it to a group If the security model is set to SNMPv3 and the security level is authNoPriv...

Страница 410: ...user resides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and the remote user See Specifying Trap Managers on pag...

Страница 411: ...ble Privacy Password Enter plain text characters for the privacy password Range 8 32 characters WEB INTERFACE To configure a remote SNMPv3 user 1 Click Administration SNMP 2 Select Configure User from...

Страница 412: ...NAGERS Use the Administration SNMP Configure Trap page to specify the host devices to be sent traps and the types of traps to send Traps indicating status changes are issued by the switch to the speci...

Страница 413: ...munity string specified on the Configure Trap Add page to include the required notify view page 408 4 Enable trap informs as described in the following pages To send an inform to a SNMPv3 host complet...

Страница 414: ...ore resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds Retry times The maximum number of times to resend an inform message if the recipient does not acknowledge rece...

Страница 415: ...ich is used to identify the source of SNMPv3 inform messages sent from the local switch Range 1 32 characters If an account for the specified user has not been created page 417 one will be automatical...

Страница 416: ...3 Figure 14 35 Configuring Trap Managers SNMPv1 Figure 14 36 Configuring Trap Managers SNMPv2c Figure 14 37 Configuring Trap Managers SNMPv3 To show configured trap managers 1 Click Administration SNM...

Страница 417: ...ndividual MIBs can now bear less responsibility to record transient information associated with an event against the possibility that the Notification message is lost and applications can poll the log...

Страница 418: ...ly It is not sent to a remote device This remote host parameter is only required to complete mandatory fields in the SNMP Notification MIB Filter Profile Name Notification log profile name Range 1 32...

Страница 419: ...P community name not known to said entity Illegal operation for community name supplied The total number of SNMP messages delivered to the SNMP entity which represented an SNMP operation which was not...

Страница 420: ...er of SNMP PDUs which were delivered to or generated by the SNMP protocol entity and for which the value of the error status field is noSuchName Bad values errors The total number of SNMP PDUs which w...

Страница 421: ...Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent then periodic...

Страница 422: ...ing Threshold If the current value is greater than or equal to the rising threshold and the last sample value was less than this threshold then an alarm will be generated After a rising event has been...

Страница 423: ...ON alarm 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Add from the Action list 4 Click Alarm 5 Enter an index number the MIB object to be polled etherStatsEntry n...

Страница 424: ...twork problems CLI REFERENCES Remote Monitoring Commands on page 745 COMMAND USAGE If an alarm is already defined for an index the entry must be deleted before any changes can be made One default even...

Страница 425: ...trap configuration page see Setting Community Access Strings on page 413 prior to configuring it here Range 1 127 characters Description A comment that describes this event Range 1 127 characters Owne...

Страница 426: ...to predict network growth and plan for expansion before your network becomes too overloaded CLI REFERENCES Remote Monitoring Commands on page 745 COMMAND USAGE Each index number equates to a port on...

Страница 427: ...t 1800 seconds Buckets The number of buckets requested for this entry Range 1 65536 Default 50 The number of buckets granted are displayed on the Show page Owner Name of the person who created this en...

Страница 428: ...elect Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click History Figure 14 47 Showing Configured RMON History Samples To show collected RMO...

Страница 429: ...ace the entry must be deleted before any changes can be made The information collected for each entry includes input octets packets broadcast packets multicast packets undersize packets oversize packe...

Страница 430: ...ured RMON statistical samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click Statistics Figure 14...

Страница 431: ...t or the web interface to communicate directly with the Commander through its IP address and then use the Commander to manage Member switches through the cluster s internal IP addresses Clustered swit...

Страница 432: ...ot conflict with the network IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander PARAMETERS These...

Страница 433: ...dministration Cluster Configure Member Add page to add Candidate switches to the cluster as Members CLI REFERENCES Switch Clustering on page 714 PARAMETERS These parameters are displayed Member ID Spe...

Страница 434: ...Configuring a Cluster Members To show the cluster members 1 Click Administration Cluster 2 Select Configure Member from the Step list 3 Select Show from the Action list Figure 14 54 Showing Cluster M...

Страница 435: ...of the switch in the cluster IP Address The internal cluster IP address assigned to the Member switch MAC Address The MAC address of the Member switch Description The system description string of the...

Страница 436: ...the RPL When a ring failure occurs the RPL owner is responsible for unblocking the RPL allowing this link to be used for traffic Ring nodes may be in one of two states Idle normal operation no link no...

Страница 437: ...r network If the network is in normal operating condition the RPL owner node of each ring blocks the transmission and reception of traffic over the RPL for that ring This figure presents the configura...

Страница 438: ...The traffic channels remain bi directionally blocked at the RPL connection point on ERP2 This prevents the formation of a loop Figure 14 58 Ring Interconnection Architecture Multi ring Ladder Net work...

Страница 439: ...p first globally enable ERPS on the switch If ERPS has not yet been enabled or has been disabled no ERPS rings will work 7 Enable an ERPS ring Configure Domain Configure Details Before an ERPS ring ca...

Страница 440: ...y Figure 14 59 Setting ERPS Global Status ERPS RING CONFIGURATION Use the Administration ERPS Configure Domain pages to configure ERPS rings CLI REFERENCES ERPS Commands on page 1049 COMMAND USAGE Rin...

Страница 441: ...rted but has not yet determined the status of the ring Idle If all nodes in a ring are in this state it means that all the links in the ring are up This state will switch to protection state if a link...

Страница 442: ...ociation for the specific users distinguished by the ring name maintenance level maintenance association s name and assigned VLAN Up to 26 ERPS rings can be configured on the switch Domain ID ERPS rin...

Страница 443: ...v2 When ring nodes running G 8032v1 and G 8032v2 co exist on a ring the ring ID of each node is configured as 1 In version 1 the MAC address 01 19 A7 00 00 01 is used for the node identifier The R APS...

Страница 444: ...th the Forced Switch or Manual Switch commands on the Configure Operation page The east and west connections to the ring must be specified for all ring nodes When this switch is configured as the RPL...

Страница 445: ...guard timer When another recovered ring node or nodes holding the link block receives this message it compares the Node ID information with its own Node ID If the received R APS NR message has the hig...

Страница 446: ...Switch mode is in effect The clear command removes any existing local operator commands and triggers reversion if the ring is in revertive behavior mode The ring node where the Forced Switch was clea...

Страница 447: ...ual Switching A Manual Switch command is removed by issuing the Clear command Configure Operation page at the same ring node where the Manual Switch is in effect The clear command removes any existing...

Страница 448: ...to the RPL transmits an R APS NR RB message over both ring ports informing the ring that the RPL is blocked and flushes its FDB c The acceptance of the R APS NR RB message triggers all ring nodes to u...

Страница 449: ...work data in the traffic channel will still flow across the network but the all R APS messages will be terminated at the interconnection points Sub ring with R APS Virtual Channel When using a virtual...

Страница 450: ...R APS messages are inserted or extracted by other rings or sub rings at the interconnection nodes where a sub ring is attached Hence there is no need for either additional bandwidth or for different...

Страница 451: ...a traffic on the major ring may suffer for a short period of time due to this flooding behavior Non ERPS Device Protection Sends non standard health check packets when an owner node enters protection...

Страница 452: ...to have a chance to fix the problem before switching at a client layer When a new defect or more severe defect occurs new Signal Failure this event will not be reported immediately to the protection s...

Страница 453: ...sed to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure Range 5 12 minutes If the switch goes into ring protection state due to a signal failure after t...

Страница 454: ...G Level parameter on this configuration page must match the authorized maintenance level of the CFM domain to which the specified MEP belongs See Configuring CFM Maintenance Domains on page 476 To ens...

Страница 455: ...gure Details from the Action list 4 Configure the ERPS parameters for this node Note that spanning tree protocol cannot be configured on the ring ports nor can these ports be members of a static or dy...

Страница 456: ...Ring Protection Switching 463 Figure 14 64 Creating an ERPS Ring To show the configured ERPS rings 1 Click Administration ERPS 2 Select Configure Domain from the Step list 3 Select Show from the Acti...

Страница 457: ...ng port b The ring node where the FS command was issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS...

Страница 458: ...als have the priorities as specified in the following table Recovery for forced switching under revertive and non revertive mode is described under the Revertive parameter When a ring is under an FS c...

Страница 459: ...d and that the traffic channel is blocked on one ring port c If no other higher priority commands exist and assuming the ring node was in Idle state before the manual switch command was issued the rin...

Страница 460: ...ode is operating in revertive mode Two steps are required to make a ring operating in non revertive mode return to Idle state from forced switch or manual switch state 1 Issue a Clear command to remov...

Страница 461: ...cross check messages which are used to verify a static list of remote maintenance points located on other devices in the same maintenance association against those found through continuity check messa...

Страница 462: ...main with DSAPs located on the domain boundary and Internal Service Access Points ISAPs inside the domain through which frames may pass between the DSAPs Figure 14 67 Single CFM Maintenance Domain The...

Страница 463: ...ndicated when a known MEP stops sending CCMs or a remote MEP configured in a static list does not come up Configuration errors such as a cross connect between different MAs are indicated when a CCM is...

Страница 464: ...o automatically verify the functionality of these remote end points by cross checking the static list configured on this device against information learned through continuity check messages 5 Enable C...

Страница 465: ...s check operation Range 1 65535 seconds Default 10 seconds This parameter sets the time to wait for a remote MEP to come up and the switch starts cross checking the list of statically configured remot...

Страница 466: ...nd point identifier MPID as its own but with a different source MAC address indicating that a CFM configuration error exists Connectivity Check Loop Sends a trap if this device receives a CCM with the...

Страница 467: ...ed in the static list7 WEB INTERFACE To configure global settings for CFM 1 Click Administration CFM 2 Select Configure Global from the Step list 3 Before enabling CFM processing on the switch first c...

Страница 468: ...ND USAGE An interface must be enabled before a MEP can be created see Configuring Maintenance End Points If a MEP has been configured on an interface it must first be deleted before CFM can be disable...

Страница 469: ...el than the ones it encompasses The higher to lower level domain types commonly include entities such as customer service provider and operator More than one domain can be configured at the same maint...

Страница 470: ...ssive agents which can only validate received CFM messages and respond to loop back and link trace messages The MIP creation method defined for an MA see Configuring CFM Maintenance Associations takes...

Страница 471: ...wer MA Level None No MIP can be created for any MA configured in this domain Configuring Detailed Settings for a Maintenance Domain MD Index Domain index Range 1 65535 3 remErrXcon DefErrorCCM DefXcon...

Страница 472: ...arm is issued Range 3 10 seconds Default 3 seconds MEP Fault Notify Reset Time The time after a fault alarm has been issued and no defect exists before another fault alarm can be issued Range 3 10 sec...

Страница 473: ...or Maintenance Domains CONFIGURING CFM MAINTENANCE ASSOCIATIONS Use the Administration CFM Configure MA pages to create and configure the Maintenance Associations MA which define a unique CFM service...

Страница 474: ...checked to verify that the MEP identifier field sent in the message does not match its own MEP ID which would indicate a duplicate MEP or network loop If these error types are not found the CCM is st...

Страница 475: ...cifies the name format for the maintenance association as IEEE 802 1ag character based or ITU T SG13 SG15 Y 1731 defined ICC based format Character String IEEE 802 1ag defined character string format...

Страница 476: ...conds Default 1 second AIS Transmit Level Configure the AIS maintenance level in an MA Range 0 7 Default is 0 AIS Level must follow this rule AIS Level Domain Level AIS Suppress Alarm Enables disables...

Страница 477: ...onfigure detailed settings for maintenance associations 1 Click Administration CFM 2 Select Configure MA from the Step list 3 Select Configure Details from the Action list 4 Select an entry from MD In...

Страница 478: ...EP s MA or the direction it faces first delete the MEP and then create a new one PARAMETERS These parameters are displayed MD Index Domain index Range 1 65535 MA Index MA identifier Range 1 2147483647...

Страница 479: ...ints CONFIGURING REMOTE MAINTENANCE END POINTS Use the Administration CFM Configure Remote MEP Add page to specify remote maintenance end points MEPs set on other CFM enabled devices within a common M...

Страница 480: ...e waits for remote MEPs to come up before starting the cross check operation can be configured on the Configure Global page see Configuring Global Settings for CFM SNMP traps for continuity check even...

Страница 481: ...nk Trace page to transmit link trace messages LTMs These messages can isolate connectivity faults by tracing the path through a network to the designated target node i e a remote maintenance end point...

Страница 482: ...er Parameters controlling the link trace cache including operational state entry hold time and maximum size can be configured on the Configure Global page see Configuring Global Settings for CFM PARAM...

Страница 483: ...tomatic detection of a fault or receipt of some other error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving maintenance point s...

Страница 484: ...either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx Count The number of times the loopback message is sent Range 1 1024 Packet Size The size of the loopback message Range 64 1518 bytes D...

Страница 485: ...a frame with DM request information and the receiving MEP responds with a frame with DM reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of...

Страница 486: ...sure messages Range 1 5 seconds Default 1 second Timeout The timeout to wait for a response Range 1 5 seconds Default 5 seconds WEB INTERFACE To transmit delay measure messages 1 Click Administration...

Страница 487: ...he MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Up indicates that the MEP faces inward toward the switch cross conn...

Страница 488: ...ce point Direction The direction in which the MEP faces on the Bridge port up or down Interface The port to which this MEP is attached CC Status Shows if the MEP will generate CCM messages MAC Address...

Страница 489: ...M 2 Select Show Information from the Step list 3 Select Show Local MEP Details from the Action list 4 Select an entry from MD Index and MA Index 5 Select a MEP ID Figure 14 85 Showing Detailed Informa...

Страница 490: ...CFM 2 Select Show Information from the Step list 3 Select Show Local MIP from the Action list Figure 14 86 Showing Information on Local MIPs DISPLAYING REMOTE MEPS Use the Administration CFM Show Info...

Страница 491: ...CFM 2 Select Show Information from the Step list 3 Select Show Remote MEP from the Action list Figure 14 87 Showing Information on Remote MEPs DISPLAYING DETAILS FOR REMOTE MEPS Use the Administration...

Страница 492: ...Up The port is functioning normally Blocked The port has been blocked by the Spanning Tree Protocol No port state Either no CCM has been received or nor port status TLV was received in the last CCM I...

Страница 493: ...rom MD Index and MA Index 5 Select a MEP ID Figure 14 88 Showing Detailed Information on Remote MEPs DISPLAYING THE LINK TRACE CACHE Use the Administration CFM Show Information Show Link Trace Cache p...

Страница 494: ...to be false IngBlocked The ingress port can be identified but the target data frame was not forwarded when received on this port due to active topology management i e the bridge port is not in the fo...

Страница 495: ...splay configuration settings for the fault notification generator CLI REFERENCES show ethernet cfm fault notify generator on page 1306 PARAMETERS These parameters are displayed MEP ID Maintenance end...

Страница 496: ...s are displayed Level Maintenance level associated with this entry Primary VLAN VLAN in which this error occurred MEP ID Identifier of remote MEP Interface Port at which the error was recorded Remote...

Страница 497: ...ntinuity check errors 1 Click Administration CFM 2 Select Show Information from the Step list 3 Select Show Continuity Check Error from the Action list Figure 14 91 Showing Continuity Check Errors OAM...

Страница 498: ...Disabled OAM is disabled on this interface via the OAM Admin Status Link Fault The link has detected a fault or the interface is not operational Passive Wait This value is returned only by OAM entitie...

Страница 499: ...d is reached or exceeded within the specified period If reporting is enabled and an errored frame link event occurs the local OAM entity this switch sends an Event Notification OAMPDU to the remote OA...

Страница 500: ...CES show efm oam counters interface on page 1316 clear efm oam counters on page 1313 PARAMETERS These parameters are displayed Port Port identifier Range 1 52 Clear Clears statistical counters for the...

Страница 501: ...whether the location is local or remote this information is entered in OAM event log When the log system becomes full older events are automatically deleted to make room for new entries The time of lo...

Страница 502: ...tion Shows if this function is supported by the OAM peer If supported this indicates that the OAM entity supports the transmission of OAMPDUs on links that are operating in unidirectional mode where t...

Страница 503: ...rm an OAM remote loop back test on the specified port The port that you specify to run this test must be connected to a peer OAM device capable of entering into OAM remote loop back mode During a remo...

Страница 504: ...during the last loopback test on this interface Loss Rate The percentage of packets for which there was no response WEB INTERFACE To initiate a loop back test to the peer device attached to the selec...

Страница 505: ...ting for each port for which this information is available CLI REFERENCES show efm oam remote loopback interface on page 1318 PARAMETERS These parameters are displayed Port Port identifier Range 1 52...

Страница 506: ...ntrol frame transmit interval and recover time may be adjusted to improve performance for your specific environment The shutdown mode may also need to be changed once you determine what kind of packet...

Страница 507: ...tead deemed bidirectional the curve will use Mfast for the first four subsequent message transmissions and then transition to an Mslow value for all other steady state transmissions Mslow is the value...

Страница 508: ...ault Disabled UDLD requires that all the devices connected to the same LAN segment be running the protocol in order for a potential mis configuration to be detected and for prompt corrective action to...

Страница 509: ...epeated last resort attempts to re establish communication with the other end of the link This mode of operation assumes that loss of communication with the neighbor is a meaningful network event in i...

Страница 510: ...DLD on a port interface Device ID Device identifier of neighbor sending the UDLD packet Port ID The physical port the UDLD packet is sent from Device Name The device name of this neighbor Neighbor Sta...

Страница 511: ...Chapter 14 Basic Administration Protocols UDLD Configuration 518 Figure 14 100 Displaying UDLD Neighbor Information...

Страница 512: ...es a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation OVERVIEW Multicasting is used to support real time appl...

Страница 513: ...lticast VLAN Registration for IPv4 on page 555 LAYER 2 IGMP SNOOPING AND QUERY FOR IPV4 IGMP Snooping and Query If multicast routing is not supported on other switches in your network you can use IGMP...

Страница 514: ...o 1023 multicast entries can be maintained for IGMP snooping Once the table is full no new entries are learned Any subsequent multicast traffic not found in the table is dropped if unregistered floodi...

Страница 515: ...is forwarded to that port However if no router port exists on the VLAN the traffic is dropped if unregistered data flooding is disabled default behavior or flooded throughout the VLAN if unregistered...

Страница 516: ...eceivers by default a switch in a VLAN with IGMP snooping enabled that receives a Bridge Protocol Data Unit BPDU with TC bit set by the root bridge will enter into multicast flooding mode for a period...

Страница 517: ...starts overloading multicast hosts by sending a large number of group and source specific queries each with a large source list and the Maximum Response Time set to a large value To protect against th...

Страница 518: ...ed Range 1 65535 Recommended Range 300 500 seconds Default 300 IGMP Snooping Version Sets the protocol version for compatibility with other devices on the network This is the IGMP Version the switch u...

Страница 519: ...rface and a specified VLAN can be manually configured to join all the current multicast groups supported by the attached router This can ensure that multicast traffic is passed to all the appropriate...

Страница 520: ...is static or dynamic Expire Time until this dynamic entry expires WEB INTERFACE To specify a static interface attached to a multicast router 1 Click Multicast IGMP Snooping Multicast Router 2 Select...

Страница 521: ...Interfaces Attached a Multicast Router ASSIGNING INTERFACES TO MULTICAST SERVICES Use the Multicast IGMP Snooping IGMP Member Add Static Member page to statically assign a multicast service to an inte...

Страница 522: ...cast group Multicast IP The IP address for a specific multicast service WEB INTERFACE To statically assign an interface to a multicast service 1 Click Multicast IGMP Snooping IGMP Member 2 Select Add...

Страница 523: ...ed for use by IGMP snooping and multicast routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast...

Страница 524: ...nation messages are sent by multicast routers when Multicast forwarding is disabled on an interface An interface is administratively disabled The router is gracefully shut down Advertisement and Termi...

Страница 525: ...multicast router or querier will send a group specific query message when an IGMPv2 group leave message is received The router querier stops forwarding traffic for that group only if no host replies t...

Страница 526: ...the IP source address in general and group specific query messages sent downstream and use the source address of the last IGMP message received from a downstream host in report and leave messages sen...

Страница 527: ...nt The number of IGMP proxy group specific or group and source specific query messages that are sent out before the system assumes there are no more local members Range 1 255 Default 2 This attribute...

Страница 528: ...ace settings for IGMP snooping 1 Click Multicast IGMP Snooping Interface 2 Select Show VLAN Information from the Action list Figure 15 9 Showing Interface Settings for IGMP Snooping FILTERING IGMP QUE...

Страница 529: ...rt i e the interfaces specified by this command Default Disabled WEB INTERFACE To drop IGMP query packets or multicast data packets 1 Click Multicast IGMP Snooping Interface 2 Select Configure Port or...

Страница 530: ...ically and statically configured multicast router ports Up Time Time that this multicast group has been known Expire Time until this entry expires Count The number of times this address has been learn...

Страница 531: ...eneral Query Sent The number of general queries sent from this interface Specific Query Received The number of specific queries received on this interface Specific Query Sent The number of specific qu...

Страница 532: ...successfully joined Group The number of IGMP groups active on this interface Output Statistics Report The number of IGMP membership reports sent from this interface Leave The number of leave messages...

Страница 533: ...ure 15 12 Displaying IGMP Snooping Statistics Query To display IGMP snooping protocol related statistics for a VLAN 1 Click Multicast IGMP Snooping Statistics 2 Select Show VLAN Statistics from the Ac...

Страница 534: ...limits the number of simultaneous multicast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the...

Страница 535: ...B INTERFACE To enable IGMP filtering and throttling on the switch 1 Click Multicast IGMP Snooping Filter 2 Select Configure General from the Step list 3 Enable IGMP Filter Status 4 Click Apply Figure...

Страница 536: ...Range Profile ID Selects an IGMP profile to configure Start Multicast IP Address Specifies the starting address of a range of multicast groups End Multicast IP Address Specifies the ending address of...

Страница 537: ...Add Multicast Group Range from the Action list 4 Select the profile to configure and add a multicast group address or range of addresses 5 Click Apply Figure 15 18 Adding Multicast Groups to an IGMP F...

Страница 538: ...f the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group PARAMET...

Страница 539: ...MLD snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4 That is MLD snooping dynamically configures switch ports to limit IPv6 multicast traffic so that it is f...

Страница 540: ...st traffic Default Disabled An IPv6 address must be configured on the VLAN interface from which the querier will act if elected When serving as the querier the switch uses this IPv6 address as the que...

Страница 541: ...fault 2 Unknown Multicast Mode The action for dealing with unknown multicast packets Options include Flood Floods any received IPv6 multicast packets that have not been requested by a host to all port...

Страница 542: ...e leave should only be enabled on an interface if it is connected to only one MLD enabled device either a service host or a neighbor running MLD snooping WEB INTERFACE To configure immediate leave for...

Страница 543: ...pecifies the interface attached to a multicast router WEB INTERFACE To specify a static interface attached to a multicast router 1 Click Multicast MLD Snooping Multicast Router 2 Select Add Static Mul...

Страница 544: ...TERFACES TO IPV6 MULTICAST SERVICES Use the Multicast MLD Snooping MLD Member Add Static Member page to statically assign an IPv6 multicast service to an interface Multicast filtering can be dynamical...

Страница 545: ...LD Snooping or is a data stream to which no other ports are subscribing i e the stream is flooded onto VLAN instead of being trapped to the CPU for processing or is being processed by MVR6 WEB INTERFA...

Страница 546: ...tatically or dynamically assigned to an IPv6 multicast service 1 Click Multicast MLD Snooping MLD Member 2 Select Show Current Member from the Action list 3 Select the VLAN for which to display this i...

Страница 547: ...ent to the specified multicast address In Exclude mode the router uses both the request list and exclude list indicating that the reception of packets sent to the given multicast address is requested...

Страница 548: ...bers This protocol can significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN This makes it possible to support com...

Страница 549: ...ning Static MVR Multicast Groups to Interfaces on page 565 Although MVR operates on the underlying mechanism of IGMP snooping the two features operate independently of each other One can be enabled or...

Страница 550: ...en receiver ports receive any query messages they are dropped When changes occurring in the downstream MVR groups are learned by the receiver ports through report and leave messages an MVR state chang...

Страница 551: ...is enabled the switch only forwards multicast streams which the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a mu...

Страница 552: ...specified MVR VLAN exists and a source port with a valid link has been configured see Configuring MVR Interface Status on page 562 MVR Current Learned Groups The number of MVR groups currently assigne...

Страница 553: ...ll receiver ports that have registered to receive data from that multicast group The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall wi...

Страница 554: ...le from the Step list 3 Select Add from the Action list 4 Enter the name of a group profile to be assigned to one or more domains and specify a multicast group that will stream traffic to participatin...

Страница 555: ...files assigned to a domain 1 Click Multicast MVR 2 Select Associate Profile from the Step list 3 Select Show from the Action list Figure 15 36 Showing the MVR Group Address Profiles Assigned to a Do m...

Страница 556: ...MVR groups or for groups which have been statically assigned see Assigning Static MVR Multicast Groups to Interfaces on page 565 All source ports must belong to the MVR VLAN Subscribers should not be...

Страница 557: ...Active if MVR is globally enabled on the switch MVR status for receiver ports is Active only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has be...

Страница 558: ...e set of hosts CLI REFERENCES mvr vlan group on page 1214 COMMAND USAGE Multicast groups can be statically assigned to a receiver port using this configuration page The IP address range from 224 0 0 0...

Страница 559: ...figure Static Group Member from the Step list 3 Select Add from the Action list 4 Select an MVR domain 5 Select a VLAN and interface to receive the multicast stream and then enter the multicast group...

Страница 560: ...to the MVR VLAN VLAN Indicates the MVR VLAN receiving the multicast service Note that this may be different from the MVR VLAN if the group address has been statically assigned Port Shows the interfac...

Страница 561: ...Range 1 5 VLAN VLAN identifier Range 1 4094 Port Port identifier Range 1 52 Trunk Trunk identifier Range 1 16 Query Statistics Querier IP Address The IP address of the querier on this interface Queri...

Страница 562: ...leave or query was dropped Packets may be dropped due to invalid format rate limiting packet content not allowed or MVR group report received Join Success The number of times a multicast group was su...

Страница 563: ...IPv4 570 Figure 15 41 Displaying MVR Statistics Query To display MVR protocol related statistics for a VLAN 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show VLAN Statist...

Страница 564: ...IPv4 571 Figure 15 42 Displaying MVR Statistics VLAN To display MVR protocol related statistics for a port 1 Click Multicast MVR 2 Select Show Statistics from the Step list 3 Select Show Port Statisti...

Страница 565: ...ing the multicast groups that will stream traffic to attached hosts and assign the profile to an MVR6 domain see Configuring MVR6 Group Address Profiles on page 576 3 Set the interfaces that will join...

Страница 566: ...urce port receives report and leave messages it only forwards them to other source ports When receiver ports receive any query messages they are dropped When changes occurring in the downstream MVR gr...

Страница 567: ...domain The multicast streams are sent to all source ports on the switch and to all receiver ports that have elected to receive data on that multicast address Dynamic When dynamic mode is enabled the s...

Страница 568: ...environment are satisfied Running status is Active as long as MVR6 is enabled the specified MVR6 VLAN exists and a source port with a valid link has been configured see Configuring MVR6 Interface Sta...

Страница 569: ...ddress for required services to one or more MVR6 domains CLI REFERENCES MVR for IPv6 on page 1226 COMMAND USAGE Use the Configure Profile page to statically configure all multicast group addresses tha...

Страница 570: ...ddress bits End IPv6 Address Ending IP address for an MVR6 multicast group This parameter must be a full IPv6 address including the network prefix and host address bits Associate Profile Domain ID An...

Страница 571: ...dress profile to a domain 1 Click Multicast MVR6 2 Select Associate Profile from the Step list 3 Select Add from the Action list 4 Select a domain from the scroll down list and enter the name of a gro...

Страница 572: ...ng Static MVR6 Multicast Groups to Interfaces on page 581 Receiver ports should not be statically configured as a member of the MVR6 VLAN If so configured its MVR6 status will be inactive Also note th...

Страница 573: ...ot be set to access mode see Adding Static Members to VLANs on page 153 Forwarding Status Shows if multicast traffic is being forwarded or blocked MVR6 Status Shows the MVR6 status MVR6 status for sou...

Страница 574: ...TICAST GROUPS TO INTERFACES Use the Multicast MVR6 Configure Static Group Member page to statically bind multicast groups to a port which will receive long term multicast streams associated with a sta...

Страница 575: ...CE To assign a static MVR6 group to an interface 1 Click Multicast MVR6 2 Select Configure Static Group Member from the Step list 3 Select Add from the Action list 4 Select an MVR6 domain 5 Select a V...

Страница 576: ...fferent from the MVR6 VLAN if the group address has been statically assigned Port Indicates the source address of the multicast service or displays an asterisk if the group address has been statically...

Страница 577: ...ange 1 4094 Port Port identifier Range 1 52 Trunk Trunk identifier Range 1 16 Query Statistics Querier IPv6 Address The IP address of the querier on this interface Querier Expire Time The time after w...

Страница 578: ...y be dropped due to invalid format rate limiting packet content not allowed or MVR6 group report received Join Success The number of times a multicast group was successfully joined Group The number of...

Страница 579: ...playing MVR6 Statistics Query To display MVR6 protocol related statistics for a VLAN 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show VLAN Statistics from the Action li...

Страница 580: ...v6 587 To display MVR6 protocol related statistics for a port 1 Click Multicast MVR6 2 Select Show Statistics from the Step list 3 Select Show Port Statistics from the Action list 4 Select an MVR6 dom...

Страница 581: ...via DHCP by default for VLAN 1 To configure a static address you need to change the switch s default settings to values that are compatible with your network You may also need to a establish a defaul...

Страница 582: ...r words secondary addresses need to be specified if more than one IP subnet can be accessed through this interface For initial configuration set this parameter to Primary Options Primary Secondary Def...

Страница 583: ...he Action list 3 Select any configured VLAN and set IP Address Mode to BOOTP or DHCP 4 Click Apply IP will be enabled but will not function until a BOOTP or DHCP reply is received Requests are broadca...

Страница 584: ...elect Show Address from the Action list 3 Select an entry from the VLAN list Figure 16 3 Showing the Configured IP Address for an Interface SETTING THE SWITCH S IP ADDRESS IP VERSION 6 This section de...

Страница 585: ...se parameters are displayed Default Gateway Sets the IPv6 address of the default next hop router to use when no routing information is known about an IPv6 address If no static routes are defined you m...

Страница 586: ...l not generate a global IPv6 address if auto configuration is not enabled In this case you can manually configure a global unicast address see Configuring an IPv6 Address on page 597 IPv6 Neighbor Dis...

Страница 587: ...ss must be manually configured using the Add Interface page described below Enable IPv6 Explicitly Enables IPv6 on an interface and assigns it a link local address Note that when an explicit address i...

Страница 588: ...ess is detected it is set to duplicate state and a warning message is sent to the console If a duplicate link local address is detected IPv6 processes are disabled on the interface If a duplicate glob...

Страница 589: ...nfiguration information such as a default gateway when DHCPv6 is restarted Prior to submitting a client request to a DHCPv6 server the switch should be configured with a link local address using the A...

Страница 590: ...which interfaces are connected to known routers and enable RA Guard on all other untrusted interfaces WEB INTERFACE To configure general IPv6 settings for the switch 1 Click IP IPv6 Configuration 2 Se...

Страница 591: ...riate number of zeros required to fill the undefined fields The switch must always be configured with a link local address Therefore any configuration process that enables IPv6 functionality or assign...

Страница 592: ...atically enabled and cannot be disabled until all assigned addresses have been removed PARAMETERS These parameters are displayed VLAN ID of a configured VLAN which is to be used for management access...

Страница 593: ...EUI 64 requirements i e 1 for globally defined addresses and 0 for locally defined addresses changing 28 to 2A Then the two bytes FFFE are inserted between the OUI i e organizationally unique identifi...

Страница 594: ...FF02 1 link local scope FF01 1 16 is the transient interface local multicast address for all attached IPv6 nodes and FF02 1 16 is the link local multicast address for all attached IPv6 nodes The inter...

Страница 595: ...show the configured IPv6 addresses 1 Click IP IPv6 Configuration 2 Select Show IPv6 Address from the Action list 3 Select a VLAN from the list Figure 16 8 Showing Configured IPv6 Addresses SHOWING THE...

Страница 596: ...packets Stale More than the ReachableTime interval has elapsed since the last positive confirmation was received that the forward path was functioning While in STALE state the device takes no action u...

Страница 597: ...the host to send traffic on a shorter route ICMP is also used by routers to feed back information about more suitable routes that is the next hop router to use for a specific destination UDP User Dat...

Страница 598: ...ams successfully reassembled Note that this counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the fragments...

Страница 599: ...ed by the interface Echo Reply Messages The number of ICMP Echo Reply messages received by the interface Redirect Messages The number of Redirect messages received by the interface Group Membership Qu...

Страница 600: ...essages The number of ICMP Router Advertisement messages sent by the interface Redirect Messages The number of Redirect messages sent For a host this object will always be zero since hosts do not send...

Страница 601: ...Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 607 Figure 16 10 Showing IPv6 Statistics IPv6 Figure 16 11 Showing IPv6 Statistics ICMPv6...

Страница 602: ...ipv6 mtu on page 1214 PARAMETERS These parameters are displayed WEB INTERFACE To show the MTU reported from other devices 1 Click IP IPv6 Configuration 2 Select Show MTU from the Action list Figure 1...

Страница 603: ...Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 609...

Страница 604: ...ween a client and broadband remote access servers DOMAIN NAME SERVICE DNS service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other na...

Страница 605: ...domain name 4 Click Apply Figure 17 1 Configuring General Settings for DNS CONFIGURING A LIST OF DOMAIN NAMES Use the IP Service DNS General Add Domain Name page to configure a list of domain names t...

Страница 606: ...he host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters WEB INTERFACE To create a list domain names 1 Click IP Service DNS 2 Select Add Domain Na...

Страница 607: ...se If all name servers are deleted DNS will automatically be disabled This is done by disabling the domain lookup status PARAMETERS These parameters are displayed Name Server IP Address Specifies the...

Страница 608: ...MAND USAGE Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network PARAMETERS These parameters are displ...

Страница 609: ...ERENCES show dns cache on page 1327 COMMAND USAGE Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host n...

Страница 610: ...on of the switch to the DHCP server which then uses this information to decide on how to service the client or the type of information to return The general framework for this DHCP option is set out i...

Страница 611: ...are displayed in the web interface Vendor Class ID The following options are supported when the check box is marked to enable this feature the unit model number A text string Range 1 32 characters A h...

Страница 612: ...sponse received from the server to the client Figure 17 10 Layer 2 DHCP Relay Service CLI REFERENCES DHCP Relay on page 1337 Up to five DHCP servers can be specified in order of preference DHCP relay...

Страница 613: ...p dynamic provision command By default the parameters for DHCP option 66 67 are not carried by the reply sent from the DHCP server To ask for a DHCP reply with option 66 67 the client can inform the s...

Страница 614: ...to all trusted ports designated on the Configure Interface page The BRAS detects the presence of the subscriber s circuit ID tag inserted by the switch during the PPPoE discovery phase and sends this...

Страница 615: ...Configuring Global Settings for PPPoE Intermediate Agent CONFIGURING PPPOE IA INTERFACE SETTINGS Use the IP Service PPPoE Intermediate Agent Configure Interface page to enable PPPoE IA on an interfac...

Страница 616: ...he switch intercepts PPPoE discovery frames from the client and inserts a unique line identifier using the PPPoE Vendor Specific tag 0x0105 to PPPoE Active Discovery Initiation PADI and Request PADR p...

Страница 617: ...s are displayed Interface Port or trunk selection Received Received PPPoE active discovery messages All All PPPoE active discovery message types PADI PPPoE Active Discovery Initiation messages PADO PP...

Страница 618: ...Agent 625 WEB INTERFACE To show statistics for PPPoE IA protocol messages 1 Click IP Service PPPoE Intermediate Agent 2 Select Show Statistics from the Step list 3 Select Port or Trunk interface type...

Страница 619: ...ks However when the switch is first booted default routing can only forward traffic between local IP interfaces As with all traditional routers static and dynamic routing functions must first be confi...

Страница 620: ...eplacing destination source MAC addresses for each hop Incrementing the hop count Decrementing the time to live Verifying and recalculating the Layer 3 checksum If the destination node is on the same...

Страница 621: ...n ARP packet to all the ports on the destination VLAN to find out the destination MAC address After the MAC address is discovered the packet is reformatted and sent out to the destination The reformat...

Страница 622: ...In other words a router interface address defines the network segment that is connected to that interface and allows you to send IP packets to or from the router You can specify the IP subnets connect...

Страница 623: ...s on page 613 or Configuring Static DNS Host to Address Entries on page 615 Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet IPV4 32 512 bytes IPV6 0 1500 bytes...

Страница 624: ...rameters 3 Click Apply Figure 18 2 Pinging a Network Device USING THE TRACE ROUTE FUNCTION Use the IP General Trace Route page to show the route packets take to the specified destination CLI REFERENCE...

Страница 625: ...probes by returning an ICMP port unreachable message If the timer goes off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long seque...

Страница 626: ...sage However if it does match they write their own hardware address into the destination MAC address field and send the message back to the source hardware address When the source device receives a re...

Страница 627: ...require Proxy ARP must view the entire network as a single network These nodes must therefore use a smaller subnet mask than that used by the router or other relevant network devices Extensive use of...

Страница 628: ...cations may not respond to ARP requests or the response arrives too late causing network operations to time out Static entries will not be aged out or deleted when power is reset You can only remove a...

Страница 629: ...YNAMIC OR LOCAL ARP ENTRIES Use the IP ARP Show Information page to display dynamic or local entries in the ARP cache The ARP cache contains static entries and entries for local interfaces including s...

Страница 630: ...n page to display statistics for ARP messages crossing all interfaces on this router CLI REFERENCES show ip traffic on page 1343 PARAMETERS These parameters are displayed WEB INTERFACE To display ARP...

Страница 631: ...ility CLI REFERENCES ip route on page 1377 ip sw route on page 1378 COMMAND USAGE Up to 24 static routes can be configured Due to a hardware limitation on the SSE G2252 static routes do not work with...

Страница 632: ...s 2 Select Add from the Action List 3 Enter the destination address subnet mask and next hop router 4 Click Apply Figure 18 11 Configuring Static Routes To display static routes 1 Click IP Routing Sta...

Страница 633: ...ontain any secondary paths A FIB entry consists of the minimum amount of information necessary to make a forwarding decision on a particular packet The typical components within a FIB entry are a netw...

Страница 634: ...Chapter 18 General IP Routing Displaying the Routing Table 642 1 Click IP Routing Routing Table Figure 18 13 Displaying the Routing Table...

Страница 635: ...ds on page 721 Remote Monitoring Commands on page 745 Authentication Commands on page 753 General Security Measures on page 817 Access Control Lists on page 895 Interface Commands on page 921 Link Agg...

Страница 636: ...ands on page 1121 Quality of Service Commands on page 1133 Multicast Filtering Commands on page 1151 LLDP Commands on page 1245 CFM Commands on page 1269 OAM Commands on page 1309 Domain Name Service...

Страница 637: ...mpt GC reload Restarts the system at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the com...

Страница 638: ...of week monthly day cancel at in regularity reload at A specified time at which to reload the switch hour The hour at which to reload Range 0 23 minute The minute at which to reload Range 0 59 month...

Страница 639: ...Exec mode In privileged mode additional commands are available and certain commands display additional information See Understanding Command Modes on page 718 SYNTAX enable level level Privilege leve...

Страница 640: ...privileged access mode EXAMPLE Console enable Password privileged level password Console RELATED COMMANDS disable 650 enable password 754 quit This command exits the configuration program DEFAULT SET...

Страница 641: ...history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer when you are in any of the configuration modes In this example the 2 comm...

Страница 642: ...EFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE The character is appended to the end of the prompt to indicate that the system is in normal access mode EXAMPLE Console disable Console R...

Страница 643: ...ebooted at January 1 02 11 50 2001 Remaining Time 0 days 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode DEFAULT SETTING None COMMAND MODE Global Configuration I...

Страница 644: ...EXAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 645: ...System Status Displays system configuration active managers and version information Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line S...

Страница 646: ...Shows CPU utilization parameters NE PE show process cpu guard Shows the CPU utilization watermark and threshold NE PE show process cpu task Shows CPU utilization per process NE PE show running config...

Страница 647: ...on Total Policy Control Entries 768 Free Policy Control Entries 756 Entries Used by System 12 Entries Used by User 0 TCAM Utilization 1 56 Console show memory This command shows memory utilization par...

Страница 648: ...ion watermark and threshold settings COMMAND MODE Normal Exec Privileged Exec EXAMPLE Console show process cpu guard CPU Guard Configuration Status Disabled High Watermark 90 Low Watermark 70 Maximum...

Страница 649: ...0 00 0 00 DOT1X_SUP_GROUP 1 00 1 03 2 46 DOT1X_SUP_PROC 0 00 0 00 0 00 DRIVER_GROUP 1 00 1 18 3 03 DRIVER_GROUP_DI 0 00 0 00 0 00 Low Watermark If packet flow has been stopped after exceeding the high...

Страница 650: ...SM_GROUP 0 00 0 00 0 00 NSM_PROC 0 00 0 00 0 00 NSM_TD 0 00 0 00 0 00 NTP_TD 0 00 0 00 0 00 OAM_GROUP 0 00 0 00 0 00 OAM_TXLBK_TD 0 00 0 00 0 00 POE_PROC 0 00 0 00 0 00 POE_TASK 0 00 0 00 0 00 POEDRV_...

Страница 651: ...interface keyword to display configuration data for the specified interface Use this command in conjunction with the show startup config command to compare the information in running memory to the inf...

Страница 652: ...el 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database VLAN 1 name DefaultVlan media ethernet state active spanning t...

Страница 653: ...els VLAN database VLAN ID name and state Multiple spanning tree instances name and interfaces Interface settings and VLAN configuration settings for each interface IP address for management VLAN Any c...

Страница 654: ...is command generates a long list of information including detailed system and interface settings It is therefore advisable to direct the output to a file using any suitable output capture function pro...

Страница 655: ...19 SSH 1 steve 0 00 06 192 168 1 19 Web Online Users Line User Name Idle time h m s Remote IP addr HTTP ADMIN 0 00 00 192 168 0 99 Console show version This command displays hardware and software vers...

Страница 656: ...s the system if any of these processes are not responding correctly SYNTAX watchdog software disable enable DEFAULT SETTING Disabled COMMAND MODE Privileged Exec EXAMPLE Console watchdog Console FRAME...

Страница 657: ...n the two end nodes must be able to accept the extended frame size And for half duplex connections all devices in the collision domain would need to support jumbo frames The current setting for jumbo...

Страница 658: ...e General Commands boot system Specifies the file or image used to start up the system GC copy Copies a code image or a switch configuration to or from flash memory or an FTP SFTP TFTP server PE delet...

Страница 659: ...n later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the FTP SFTP TFTP server and the quality of the network connection SYNT...

Страница 660: ...ust use startup config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the FTP SFTP TFTP server You must follow the instructions in the release notes for new firmware...

Страница 661: ...w to download new firmware from a TFTP server Console copy tftp file TFTP server ip address 10 1 0 19 Choose file type 1 config 2 opcode 1 2 2 Source file name m360 bix Destination file name m360 bix...

Страница 662: ...e name SS private Private password Success Console reload System will be restarted continue y n y This example shows how to copy a public key used by SSH from an TFTP server Note that public key authe...

Страница 663: ...Password Press y to allow connect to new sftp server and N to deny connect to new sftp server y Success Console delete This command deletes a file or image SYNTAX delete file name filename filename N...

Страница 664: ...llowing example shows how to display all file information Console dir File Name Type Startup Modify Time Size bytes Unit 1 SSE G2252P_V1 0 14 0 bix OpCode Y 1970 01 01 00 00 00 8559848 Factory_Default...

Страница 665: ...a new version is detected on the server indicated by the upgrade opcode path command Use the no form of this command to restore the default setting SYNTAX no upgrade opcode auto DEFAULT SETTING Disab...

Страница 666: ...h tftp 192 168 0 1 sm24 Console config If a new image is found at the specified location the following type of messages will be displayed during bootup Automatic Upgrade is looking for a new image New...

Страница 667: ...ntax must be used where filedir indicates the path to the directory containing the new image ftp username password 192 168 0 1 filedir If the user name is omitted anonymous will be used for the connec...

Страница 668: ...d Path File Name SSE G2252 series bix Console TFTP Configuration Commands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP server after wa...

Страница 669: ...o ip tftp timeout seconds The the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out Range 1 65535 seconds DEFAULT SETTING 5 seconds COMMAND MODE...

Страница 670: ...tions LC databits Sets the number of data bits per character that are interpreted and generated by hardware LC exec timeout Sets the interval that the command interpreter waits until user input is det...

Страница 671: ...e config line RELATED COMMANDS show line 687 show users 662 databits This command sets the number of data bits per character that are interpreted and generated by the console port Use the no form to r...

Страница 672: ...MODE Line Configuration COMMAND USAGE If user input is detected within the timeout interval the session is kept open otherwise the session is terminated This command applies to both the local console...

Страница 673: ...ame command i e default setting When using this method the management interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no logi...

Страница 674: ...length 32 characters plain text or encrypted case sensitive DEFAULT SETTING No password is specified COMMAND MODE Line Configuration COMMAND USAGE When a connection is started on a line with password...

Страница 675: ...ine Configuration COMMAND USAGE When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent tim...

Страница 676: ...and sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting SYNTAX speed bps no speed bps Bau...

Страница 677: ...Console config line stopbits 2 Console config line timeout login response This command sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default set...

Страница 678: ...nection Range 0 8 COMMAND MODE Privileged Exec COMMAND USAGE Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconne...

Страница 679: ...i bbs ANSI BBS vt 100 VT 100 vt 102 VT 102 width The number of character columns displayed on the terminal Range 0 80 DEFAULT SETTING Escape Character 27 ASCII number History 10 Length 24 Terminal Typ...

Страница 680: ...nsole EVENT LOGGING This section describes commands used to configure event logging on the switch Table 20 9 Event Logging Commands Command Function Mode logging command Controls logging of commands e...

Страница 681: ...config logging facility This command sets the facility type for remote logging of syslog messages Use the no form to return the type to the default SYNTAX logging facility type no logging facility typ...

Страница 682: ...tion COMMAND USAGE The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM EXAMPLE Console config logging history ram 0 Console config...

Страница 683: ...EXAMPLE Console config logging host 10 1 0 3 Console config logging on This command controls logging of error messages sending debug or error messages to a logging process The no form disables the log...

Страница 684: ...le on page 690 Messages sent include the selected level through level 0 DEFAULT SETTING Disabled Level 7 COMMAND MODE Global Configuration COMMAND USAGE Using this command with a specified level enabl...

Страница 685: ...NG None COMMAND MODE Privileged Exec COMMAND USAGE All log messages are retained in RAM and Flash after a warm restart i e power is reset through the command interface All log messages are retained in...

Страница 686: ...MMAND MODE Privileged Exec EXAMPLE The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 and the message level for RAM is debugg...

Страница 687: ...te Log Status Shows if remote logging has been enabled via the logging trap command Remote Log Facility Type The facility type for remote logging of syslog messages as specified in the logging facilit...

Страница 688: ...to specify each server To send email alerts the switch first opens a connection sends all the email alerts waiting in the queue one by one and finally closes the connection To open a connection the s...

Страница 689: ...vel 0 EXAMPLE This example will send email alerts for system errors from level 3 through 0 Console config logging sendmail level 3 Console config logging sendmail destination email This command specif...

Страница 690: ...ODE Global Configuration COMMAND USAGE You may use an symbolic email address that identifies the switch or the address of an administrator responsible for the switch EXAMPLE Console config logging sen...

Страница 691: ...ls for time GC sntp server Specifies one or more time servers GC show sntp Shows current SNTP configuration settings NE PE NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp a...

Страница 692: ...command EXAMPLE Console config sntp server 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current Time Dec 23 02 52 44 2002 Poll Interval 60 Cur...

Страница 693: ...Range 1 3 addresses DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE This command specifies time servers from which the switch will poll for time updates when set to SNTP client mo...

Страница 694: ...on SYNTAX no ntp authenticate DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE You can enable NTP authentication to ensure that reliable updates are received from only authoriz...

Страница 695: ...ed on the switch Re enter this command for each server you want to configure Note that NTP authentication key numbers and values must match on both the server and client NTP authentication is optional...

Страница 696: ...ient 699 ntp server 704 ntp server This command sets the IP addresses of the servers to which NTP time requests are issued Use the no form of the command to clear a specific time server or all servers...

Страница 697: ...ient 703 show ntp 705 show ntp This command displays the current time and configuration settings for the NTP client and indicates whether or not the local time has been properly updated COMMAND MODE N...

Страница 698: ...l begin b hour The hour summer time will begin Range 0 23 hours b minute The minute summer time will begin Range 0 59 minutes e date Day of the month when summer time will end Range 1 31 e month The m...

Страница 699: ...predefined australia europe new zealand usa no clock summer time name Name of the timezone while summer time is in effect usually an acronym Range 1 30 characters DEFAULT SETTING Disabled COMMAND MOD...

Страница 700: ...ay The day of the week when summer time will begin Options sunday monday tuesday wednesday thursday friday saturday b month The month when summer time will begin Options january february march april m...

Страница 701: ...afternoons have more daylight and mornings have less This is known as Summer Time or Daylight Savings Time DST Typically clocks are adjusted forward one hour at the start of spring and then adjusted b...

Страница 702: ...a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC EXAMPLE Console config clock timezone Japan hours 8 minute...

Страница 703: ...ivileged Exec EXAMPLE Console show calendar Current Time Dec 28 18 14 47 2013 Time Zone UTC 00 00 Summer Time Not configured Summer Time in Effect No Console TIME RANGE This section describes the comm...

Страница 704: ...of seven rules can be configured for a time range EXAMPLE Console config time range r d Console config time range RELATED COMMANDS Access Control Lists 895 absolute This command sets the time range fo...

Страница 705: ...ence of an event Console config time range r d Console config time range absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console config time range periodic This command sets the time range for th...

Страница 706: ...LE This example configures a time range for the periodic occurrence of an event Console config time range sales Console config time range periodic daily 1 1 to 2 1 Console config time range show time...

Страница 707: ...ted by the administrator through the management station The cluster VLAN 4093 is not configured by default Before using clustering take the following actions to set up this VLAN 1 Create VLAN 4093 see...

Страница 708: ...nd are used for communication between Member switches and the Commander Switch clusters are limited to the same Ethernet broadcast domain There can be up to 100 candidates and 36 member switches in on...

Страница 709: ...x x DEFAULT SETTING 10 254 254 1 COMMAND MODE Global Configuration COMMAND USAGE An internal IP address pool is used to assign IP addresses to Member switches in the cluster Internal cluster IP addres...

Страница 710: ...le config cluster member mac address 00 12 34 56 78 9a id 5 Console config rcommand This command provides access to a cluster Member CLI for configuration SYNTAX rcommand id member id member id The ID...

Страница 711: ...tch cluster members COMMAND MODE Privileged Exec EXAMPLE Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 E0 0C 00 00 FE Description SSE G225...

Страница 712: ...p the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC show snmp Displays the...

Страница 713: ...ol IC Port snmp server enable port traps atc multicast control apply Sends a trap when multicast traffic exceeds the upper threshold for automatic storm control and the apply timer expires IC Port snm...

Страница 714: ...y string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management s...

Страница 715: ...Use the no form to remove the system contact information SYNTAX snmp server contact string no snmp server contact string String that describes the system contact information Maximum length 255 charac...

Страница 716: ...units and whether or not SNMP logging has been enabled with the snmp server enable traps command EXAMPLE Console show snmp SNMP Agent Enabled SNMP Traps Authentication Enabled Link up down Enabled MA...

Страница 717: ...dress is added or removed interval Specifies the interval between issuing two consecutive traps Range 1 3600 seconds Default 1 second DEFAULT SETTING Issues authentication and link up down traps Other...

Страница 718: ...re sent as inform messages Note that this option is only available for version 2c and 3 hosts Default traps are used retries The maximum number of times to resend an inform message if the recipient do...

Страница 719: ...snmp server enable traps command For example some notification types are always enabled Notifications are issued by the switch as trap messages by default The recipient of a trap message does not send...

Страница 720: ...f you specify an SNMP Version 3 host then the community string is interpreted as an SNMP user name The user name must first be defined with the snmp server user command Otherwise an SNMPv3 group will...

Страница 721: ...interfaces SYNTAX show snmp server enable port traps interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 COMMA...

Страница 722: ...of packets passed between the switch and a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote a...

Страница 723: ...T SETTING Default groups public1 read only private2 read write readview Every object belonging to the Internet OID space 1 writeview Nothing is defined notifyview Nothing is defined COMMAND MODE Globa...

Страница 724: ...assword Authentication password Enter as plain text if the encrypted option is not used Otherwise enter an encrypted password Range 8 32 characters priv des56 Uses SNMPv3 with privacy with DES56 encry...

Страница 725: ...nfig snmp server user steve group r d v3 auth md5 greenpeace priv des56 einstien Console config snmp server user mark group r d remote 192 168 1 19 v3 auth md5 greenpeace priv des56 einstien Console c...

Страница 726: ...ivileged Exec EXAMPLE This example shows the default engine ID Console show snmp engine id Local SNMP EngineID 8000002a8000000000e8666672 Local SNMP EngineBoots 1 Remote SNMP EngineID IP address 80000...

Страница 727: ...ge Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Securit...

Страница 728: ...mation on the SNMP views COMMAND MODE Privileged Exec EXAMPLE Console show snmp view View Name mib 2 Subtree OID 1 2 2 3 6 2 1 View Type included Storage Type permanent Row Status active View Name def...

Страница 729: ...is enabled by the nlm command Disabling logging with this command does not delete the entries stored in the notification log EXAMPLE This example enables the notification log A1 Console config nlm A1...

Страница 730: ...tions can poll the log to verify that they have not missed any important Notifications If notification logging is not configured and enabled when the switch reboots some SNMP traps such as warm start...

Страница 731: ...lter Name A1 Oper Status Operational Console show snmp notify filter This command displays the configured notification logs COMMAND MODE Privileged Exec EXAMPLE This example displays the configured no...

Страница 732: ...655 process cpu This command sets an SNMP trap based on configured thresholds for CPU utilization Use the no form to restore the default setting SYNTAX process cpu rising rising threshold falling fal...

Страница 733: ...me falls below the low watermark low watermark If packet flow has been stopped after exceeding the high watermark normal flow will be restored after usaage falls beneath the low watermark max threshol...

Страница 734: ...efore another alarm is triggered Once the maximum threshold is exceeded utilization must drop beneath the minimum threshold before the alarm is terminated and then exceed the maximum threshold again b...

Страница 735: ...on in the relevant RMON database group A management agent then periodically communicates with the switch using the SNMP protocol However if the switch encounters a critical event it can automatically...

Страница 736: ...entry Range 1 127 characters DEFAULT SETTING 1 3 6 1 2 1 16 1 1 1 6 1 1 3 6 1 2 1 16 1 1 1 6 52 Taking delta samples every 30 seconds Rising threshold is 892800 assigned to event 0 Falling threshold i...

Страница 737: ...ty A password like community string sent with the trap operation to SNMP v1 and v2c hosts Although this string can be set using the rmon event command by itself it is recommended that the string be de...

Страница 738: ...figuration Ethernet COMMAND USAGE By default each index number equates to a port on the switch but can be changed to any number not currently in use If periodic sampling is already enabled on an inter...

Страница 739: ...wner name no rmon collection rmon1 controlEntry index index Index to this entry Range 1 65535 name Name of the person who created this entry Range 1 127 characters DEFAULT SETTING Enabled COMMAND MODE...

Страница 740: ...id owned by mike Description is urgent Event firing causes log and trap to community last fired 00 00 00 Console show rmon history This command shows the sampling parameters configured for each entry...

Страница 741: ...tistics Interface 1 is valid and owned by Monitors 1 3 6 1 2 1 2 2 1 1 1 which has Received 164289 octets 2372 packets 120 broadcast and 2211 multicast packets 0 undersized and 0 oversized packets 0 f...

Страница 742: ...Privilege Levels Configures the basic user names and passwords for management access and assigns a privilege level to specified command groups or individual commands Authentication Sequence Defines l...

Страница 743: ...ame default access privileges including additional commands in Normal Exec mode and a subset of commands in Privileged Exec mode under the Console command prompt Level 15 provides full access to all c...

Страница 744: ...The device has two predefined users guest which is assigned privilege level 0 Normal Exec and ADMIN which is assigned privilege level 15 and has full access to all commands under both Normal Exec and...

Страница 745: ...nfiguration file during system bootup or when downloading the configuration file from an FTP server There is no need for you to manually configure encrypted passwords EXAMPLE This example shows how th...

Страница 746: ...hose controlling various authentication and security features Level 15 provides full access to all commands COMMAND MODE Global Configuration EXAMPLE This example sets the privilege level for the ping...

Страница 747: ...ers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADI...

Страница 748: ...connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the server while TACACS encrypts the entire body of the packet RADIUS and...

Страница 749: ...ing messages Use the no form to restore the default SYNTAX radius server acct port port number no radius server acct port port number RADIUS server UDP port used for accounting messages Range 1 65535...

Страница 750: ...e default values SYNTAX no radius server index host host ip address acct port acct port auth port auth port key key retransmit retransmit timeout timeout index Allows you to specify up to five servers...

Страница 751: ...ing no radius server key key string Encryption key used to authenticate logon access for client Enclose any string containing blank spaces in double quotes Maximum length 48 characters DEFAULT SETTING...

Страница 752: ...ut number of seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 DEFAULT SETTING 5 COMMAND MODE Global Configuration EXAMPLE Console config radius server ti...

Страница 753: ...r to restore the default values SYNTAX tacacs server index host host ip address key key port port number retransmit retransmit timeout timeout no tacacs server index index The index for this server Ra...

Страница 754: ...smit 5 key green Console config tacacs server key This command sets the TACACS encryption key Use the no form to restore the default SYNTAX tacacs server key key string no tacacs server key key string...

Страница 755: ...cacs server retransmit number of retries Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 DEFAULT SETTING 2 COMMAND MODE Global Configuration EXAMPLE C...

Страница 756: ...Retransmit Times 2 Timeout 5 Server 1 Server IP Address 192 168 1 25 Server Port Number 181 Retransmit Times 2 Timeout 4 TACACS Server Group Group Name Member Index tacacs 1 Console AAA The Authentica...

Страница 757: ...red with the aaa group server command Range 1 64 characters DEFAULT SETTING Accounting is not enabled No servers are specified COMMAND MODE Global Configuration aaa accounting exec Enables accounting...

Страница 758: ...ot1x default method name default Specifies the default accounting method for service requests method name Specifies an accounting method for service requests Range 1 64 characters start stop Records a...

Страница 759: ...up Specifies the server group to use radius Specifies all RADIUS hosts configure with the radius server host command tacacs Specifies all TACACS hosts configure with the tacacs server host command ser...

Страница 760: ...interim interval enables updates but does not change the current interval setting EXAMPLE Console config aaa accounting update periodic 30 Console config aaa authorization exec This command enables th...

Страница 761: ...tly defined EXAMPLE Console config aaa authorization exec default group tacacs Console config aaa group server Use this command to name a group of security server hosts To remove a server group from t...

Страница 762: ...server host command EXAMPLE Console config aaa group server radius tps Console config sg radius server 10 2 68 120 Console config sg radius accounting dot1x This command applies an accounting method f...

Страница 763: ...ULT SETTING None COMMAND MODE Line Configuration EXAMPLE Console config line console Console config line accounting commands 15 default Console config line accounting exec This command applies an acco...

Страница 764: ...ne Configuration EXAMPLE Console config line console Console config line authorization exec tps Console config line exit Console config line vty Console config line authorization exec default Console...

Страница 765: ...ommands used to configure web browser management access to the switch NOTE Users are automatically logged off of the HTTP server or HTTPS server if no input is detected for 300 seconds ip http port Th...

Страница 766: ...erver 777 show system 661 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function SYNTAX no ip http server DEFAULT SETTING...

Страница 767: ...cure port 1000 Console config RELATED COMMANDS ip http secure server 778 show system 661 ip http secure server This command enables the secure hypertext transfer protocol HTTPS over the Secure Socket...

Страница 768: ...rsions The following web browsers and operating systems currently support HTTPS To specify a secure site certificate see Replacing the Default Secure site Certificate on page 293 Also refer to the cop...

Страница 769: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 DEFAULT SETTING 4 sessions COMMAND MODE Global Configuration COMMAND USAGE A maximum of eight sessions can b...

Страница 770: ...l Configuration EXAMPLE Console config ip telnet port 123 Console config ip telnet server This command allows this device to be monitored or configured from Telnet Use the no form to disable this func...

Страница 771: ...n Note that regardless of whether you Table 23 11 Secure Shell Commands Command Function Mode ip ssh authentication retries Specifies the number of retries allowed by a client GC ip ssh server Enables...

Страница 772: ...blic Key to the Switch Use the copy tftp public key command to copy a file containing the public key for all the SSH client s granted management access to the switch Note that these clients must be co...

Страница 773: ...6 bit string as a challenge encrypts this string with the user s public key and sends it to the client d The client uses its private key to decrypt the challenge string computes the MD5 checksum and s...

Страница 774: ...p ssh authentication retries count no ip ssh authentication retries count The number of authentication attempts permitted after which the interface is reset Range 1 5 DEFAULT SETTING 3 COMMAND MODE Gl...

Страница 775: ...key generate 787 show ssh 790 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting SYNTAX ip ssh server key size key size no ip ssh server ke...

Страница 776: ...ut is controlled by the exec timeout command for vty sessions EXAMPLE Console config ip ssh timeout 60 Console config RELATED COMMANDS exec timeout 680 show ip ssh 789 delete public key This command d...

Страница 777: ...me SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must manually create a known hosts file and place the host public key...

Страница 778: ...sh save host key 789 no ip ssh server 785 ip ssh save host key This command saves the host key from RAM to flash memory SYNTAX ip ssh save host key DEFAULT SETTING Saves both the DSA and RSA key COMMA...

Страница 779: ...e encoded modulus EXAMPLE Console show public key host Host RSA 1024 65537 13236940658254764031382795526536375927835525327972629521130241 07194210616557594245909392360969540503627752575562510038661309...

Страница 780: ...ion Started ADMIN ctos aes128 cbc hmac md5 stoc aes128 cbc hmac md5 Console Table 23 12 show ssh display description Field Description Connection The session number Range 0 3 Version The Secure Shell...

Страница 781: ...single or multiple hosts on an dot1x port IC dot1x port control Sets dot1x mode for a port interface IC dot1x re authentication Enables re authentication for all ports IC dot1x timeout quiet period Se...

Страница 782: ...ontrol multi host max count dot1x operation mode dot1x max req dot1x timeout quiet period dot1x timeout tx period dot1x timeout re authperiod dot1x timeout sup timeout dot1x re authentication dot1x in...

Страница 783: ...arried out by switches located on the edge of the network When this device is functioning as an edge switch but does not require any attached clients to be authenticated the no dot1x eapol pass throug...

Страница 784: ...nfiguration COMMAND USAGE For guest VLAN assignment to be successful the VLAN must be configured and set as active see the vlan database command and assigned as the guest VLAN for the port see the net...

Страница 785: ...onfig if dot1x max req 2 Console config if dot1x operation mode This command allows hosts clients to connect to an 802 1X authorized port Use the no form with no keywords to restore the default to sin...

Страница 786: ...ss to a port operating in this mode is limited only by the available space in the secure address table i e up to 1024 addresses EXAMPLE Console config interface eth 1 2 Console config if dot1x operati...

Страница 787: ...the process is handled transparently by the dot1x client software Only if re authentication fails is the port blocked The connected client is re authenticated after the interval specified by the dot1x...

Страница 788: ...3600 seconds COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout re authperiod 300 Console config if dot1x timeout supp timeout This command s...

Страница 789: ...out tx period This command sets the time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the default value SYNTA...

Страница 790: ...d username Specifies the supplicant user name Range 1 11 characters password Specifies the supplicant password Range 1 8 characters DEFAULT No user name or password COMMAND MODE Global Configuration C...

Страница 791: ...st submit requests to another authenticator on the network configure the identity profile parameters see dot1x identity profile command which identify this switch as a supplicant and enable dot1x supp...

Страница 792: ...FAULT 30 seconds COMMAND MODE Interface Configuration COMMAND USAGE This command sets the time that the supplicant waits for a response from the authenticator for packets other than EAPOL Start EXAMPL...

Страница 793: ...eriod seconds The number of seconds Range 1 65535 DEFAULT 30 seconds COMMAND MODE Interface Configuration EXAMPLE Console config interface eth 1 2 Console config if dot1x timeout start period 60 Conso...

Страница 794: ...ss control parameters for each interface including the following items Reauthentication Periodic re authentication page 798 Reauth Period Time after which a connected client must be re authenticated p...

Страница 795: ...e initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier carried in the most recent EAP Success Failure or Request pack...

Страница 796: ...State Machine State Idle Request Count 0 Identifier Server 2 Reauthentication State Machine State Initialize Console MANAGEMENT IP FILTER This section describes commands used to configure IP managemen...

Страница 797: ...d address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respect...

Страница 798: ...addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Displays IP addresses for the Telnet group COMMAND MODE Privileged Exec EXAMPLE Console show management a...

Страница 799: ...p information from the client s PPPoE Active Discovery Request and forwards this information to all trusted ports Table 23 15 PPPoE Intermediate Agent Commands Command Function Mode pppoe intermediate...

Страница 800: ...SYNTAX pppoe intermediate agent format type access node identifier id string generic error message error message no pppoe intermediate agent format type access node identifier generic error message i...

Страница 801: ...rface ethernet 1 5 Console config if pppoe intermediate agent port enable Console config if pppoe intermediate agent port format type This command sets the circuit id or remote id for an interface Use...

Страница 802: ...sent from the PPPoE Server include the Circuit ID tag inserted by the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients using the pppoe int...

Страница 803: ...AGE This command only applies to trusted interfaces It is used to strip off vendor specific tags which carry subscriber and line identification information in PPPoE Discovery packets received from an...

Страница 804: ...ccess Node Identifier 192 168 0 2 PPPoE Intermediate Agent Oper Access Node Identifier 192 168 0 2 PPPoE Intermediate Agent Admin Generic Error Message PPPoE Discover packet too large to process Try r...

Страница 805: ...rom untrusted Request towards untrusted Malformed 0 0 0 Console Table 23 16 show pppoe intermediate agent statistics display description Field Description Received PADI PPPoE Active Discovery Initiati...

Страница 806: ...t Authentication Configures host authentication on specific ports using 802 1X Network Access Configures MAC authentication and dynamic VLAN assignment Web Authentication Configures Web authentication...

Страница 807: ...g a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning SYNTAX no mac learning DEFAULT SETTING Enabled COMMAND...

Страница 808: ...AC address learning for port 2 Console config interface ethernet 1 2 Console config if no mac learning Console config if RELATED COMMANDS show interfaces status 936 port security This command enables...

Страница 809: ...frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port using the ma...

Страница 810: ...static entries SYNTAX port security mac address as permanent interface interface interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 52 COMMAND MODE P...

Страница 811: ...AC Filter ID field is configured by the network access port mac filter command If this field displays Disabled then any unknown source MAC address can be learned as a secure MAC address If it displays...

Страница 812: ...on about a detected intrusion Console show port security interface ethernet 1 2 Global Port Security Parameters Secure MAC Aging Mode Disabled Port Security Details Port 1 2 Port Security Enabled Port...

Страница 813: ...network access link detection Enables the link detection feature IC network access link detection link down Configures the link detection feature to detect and act upon link down events IC network ac...

Страница 814: ...ddress Authentication process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Based authe...

Страница 815: ...mac filter 1 mac address 11 22 33 44 55 66 Console config mac authentication reauth time Use this command to set the time period after which a connected MAC address must be re authenticated Use the no...

Страница 816: ...returned dynamic QoS profile that is different from users already logged on to the same port the user is denied access While a port has an assigned dynamic QoS profile any manual QoS configuration ch...

Страница 817: ...he first authenticated MAC address are implemented for a port Other authenticated MAC addresses on the port must have same VLAN configuration or they are treated as an authentication failure If dynami...

Страница 818: ...mmand EXAMPLE Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if network access link detection Use this command to enable link detection for the sel...

Страница 819: ...ace ethernet 1 1 Console config if network access link detection link down action trap Console config if network access link detection link up Use this command to detect link up events When detected t...

Страница 820: ...onse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port DEFAULT SETTING Disabled COMMAND...

Страница 821: ...en enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being au...

Страница 822: ...port mac filter Use this command to enable the specified MAC address filter Use the no form of this command to disable the specified MAC address filter SYNTAX network access port mac filter filter id...

Страница 823: ...d to restore the default SYNTAX mac authentication max mac count count no mac authentication max mac count count The maximum number of MAC authenticated MAC addresses allowed Range 1 1024 DEFAULT SETT...

Страница 824: ...interface interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 DEFAULT SETTING Displays the settings for all interfaces COMMAND MODE Privil...

Страница 825: ...it identifier Range 1 port Port number Range 1 52 sort Sorts displayed entries by either MAC address or interface DEFAULT SETTING Displays all filters COMMAND MODE Privileged Exec COMMAND USAGE When u...

Страница 826: ...perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates user name...

Страница 827: ...se the no form to restore the default SYNTAX web auth quiet period time no web auth quiet period time The amount of time the host must wait before attempting authentication again Range 1 180 seconds w...

Страница 828: ...time data transmission takes place Use the no form to restore the default SYNTAX web auth session timeout timeout no web auth session timeout timeout The amount of time that an authenticated session...

Страница 829: ...AULT SETTING Disabled COMMAND MODE Interface Configuration COMMAND USAGE Both web auth system auth control for the switch and web auth for a port must be enabled for the web authentication feature to...

Страница 830: ...net unit port unit This is unit 1 port Port number Range 1 52 ip IPv4 formatted IP address DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console web auth re authenticate interface ethernet...

Страница 831: ...Web Auth Status Enabled Host Summary IP address Web Auth State Remaining Session Time 1 1 1 1 Authenticated 295 1 1 1 2 Authenticated 111 Console show web auth summary This command displays a summary...

Страница 832: ...mation option policy for DHCP client packets that include Option 82 information GC ip dhcp snooping limit rate Sets the maximum number of DHCP packets that can be trapped for DHCP snooping GC ip dhcp...

Страница 833: ...emented as follows If global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received all DHCP packe...

Страница 834: ...s example enables DHCP snooping globally for the switch Console config ip dhcp snooping Console config RELATED COMMANDS ip dhcp snooping vlan 848 ip dhcp snooping trust 851 ip dhcp snooping informatio...

Страница 835: ...in reply packets sent back from the DHCP server When the DHCP Snooping Information Option 82 is enabled clients can be identified by the switch port to which they are connected rather than just their...

Страница 836: ...ay agent itself inserts the relay agent s address when DHCP snooping is enabled and forwards the packets to trusted ports DEFAULT SETTING replace COMMAND MODE Global Configuration COMMAND USAGE When t...

Страница 837: ...no ip dhcp snooping verify mac address DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE If MAC address verification is enabled and the source MAC address in the Ethernet header...

Страница 838: ...re enabled When DHCP snooping is globally enabled and then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table EXAMPLE This example enables DHCP snooping...

Страница 839: ...ess node identifier ASCII string Default is the MAC address of the switch s CPU This field is set by the ip dhcp snooping information option command eth The second field is the fixed string eth slot T...

Страница 840: ...cp snooping command and enabled on a VLAN with ip dhcp snooping vlan command DHCP packet filtering will be performed on any untrusted ports within the VLAN according to the default status or as specif...

Страница 841: ...Privileged Exec EXAMPLE Console clear ip dhcp snooping database flash Console ip dhcp snooping database flash This command writes all dynamically learned snooping entries to flash memory COMMAND MODE...

Страница 842: ...ace DHCP Snooping is configured on the following VLANs Verify Source MAC Address enabled DHCP Snooping rate limit unlimited Interface Trusted Circuit ID mode Circuit ID Value Eth 1 1 No Vlan Unit Port...

Страница 843: ...essages received on an untrusted interface as Table 24 9 DHCP Snooping Commands Command Function Mode ipv6 dhcp snooping Enables DHCPv6 snooping globally GC ipv6 dhcp snooping option remote id Enables...

Страница 844: ...described below If DHCPv6 snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received but the port is not trusted DHCP packets are processed according to message type...

Страница 845: ...ck the relay message option in Relay Forward or Relay Reply packet and process client and server packets as described above If DHCPv6 snooping is globally disabled all dynamic bindings are removed fro...

Страница 846: ...identified in the DHCPv6 request packets forwarded by the switch and in reply packets sent back from the DHCPv6 server When the DHCPv6 Snooping Option 37 is enabled clients can be identified by the s...

Страница 847: ...d of relaying it keep Retains the Option 37 information in the client request and forwards the packets to trusted ports replace Replaces the Option 37 remote ID in the client s request with the relay...

Страница 848: ...usted ports within the VLAN as specified by the ipv6 dhcp snooping trust command When the DHCPv6 snooping is globally disabled DHCPv6 snooping can still be configured for specific VLANs but the change...

Страница 849: ...network An untrusted interface is an interface that is configured to receive messages from outside the network or fire wall Set all ports connected to DHCv6 servers within the local network or fire w...

Страница 850: ...entry Format xx xx xx xx xx xx ipv6 address Corresponding IPv6 address This address must be entered according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values...

Страница 851: ...ding table entries COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 dhcp snooping binding NA Non temporary address TA Temporary address Link layer Address 00 13 49 aa 39 26 IPv6 Address Lifetime...

Страница 852: ...ress binding table Use the no form to remove a static entry SYNTAX ip source guard binding mode acl mac mac address vlan vlan id ip address interface ethernet unit port no ip source guard binding mode...

Страница 853: ...ed with a value of zero by the show ip source guard command page 868 When source guard is enabled traffic is filtered based upon dynamic entries learned via DHCP snooping or static addresses configure...

Страница 854: ...ce Configuration Ethernet COMMAND USAGE Source guard is used to filter traffic on an insecure port which receives messages from outside the network or fire wall and therefore may be subject to traffic...

Страница 855: ...P snooping is enabled IP source guard will check the VLAN ID source IP address port number and source MAC address for the sip mac option If a matching entry is found in the binding table and the entry...

Страница 856: ...ic entries set by the ip source guard command EXAMPLE This example sets the maximum number of allowed entries in the binding table for port 5 to one entry The mode is not specified and therefore defau...

Страница 857: ...urce guard binding blocked command A maximum of 512 blocked records can be stored before the switch overwrites the oldest record with new blocked records Use the clear ip source guard binding blocked...

Страница 858: ...tic Shows static entries configured with the ip source guard binding command see page 863 acl Shows static entries in the ACL binding table mac Shows static entries in the MAC address binding table bl...

Страница 859: ...urce guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ipv6 address Corresponding IPv6 address This address must be entered ac...

Страница 860: ...ings are processed as follows If there is no entry with same and MAC address and IPv6 address a new entry is added to binding table using static IPv6 source guard binding If there is an entry with sam...

Страница 861: ...Pv6 packets allowed by DHCPv6 snooping A port access control list ACL is applied to the interface Traffic is then filtered based upon dynamic entries learned via ND snooping or DHCPv6 snooping or stat...

Страница 862: ...kets and DHCPv6 packets Only IPv6 global unicast addresses are accepted for static bindings EXAMPLE This example enables IP source guard on port 5 Console config interface ethernet 1 5 Console config...

Страница 863: ...he maximum number of allowed bindings is changed to a lower value precedence is given to deleting entries learned through DHCPv6 snooping ND snooping and then manually configured IPv6 source guard sta...

Страница 864: ...Inspection validates the MAC to IP address bindings in Address Resolution Protocol ARP packets It protects against ARP traffic with invalid address bindings which forms the basis for certain man in th...

Страница 865: ...g buffer logs Sets the maximum number of entries saved in a log message and the rate at these messages are sent GC ip arp inspection validate Specifies additional validation of address components in a...

Страница 866: ...ly to one or more VLANs Use the no form to remove an ACL binding Use the no form to remove an ACL binding SYNTAX ip arp inspection filter arp acl name vlan vlan id vlan range static no ip arp inspecti...

Страница 867: ...ed in a log message Range 0 256 where 0 means no events are saved and no messages sent seconds The interval at which log messages are sent Range 0 86400 DEFAULT SETTING Message Number 5 Interval 1 sec...

Страница 868: ...get MAC address in the ARP body This check is performed for ARP responses When enabled packets with different MAC addresses are classified as invalid and are dropped ip Checks the ARP body for invalid...

Страница 869: ...led with this command When ARP Inspection is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by...

Страница 870: ...AND USAGE This command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit EXAMPLE Co...

Страница 871: ...on Global IP ARP Inspection status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspe...

Страница 872: ...cs ARP packets received before rate limit 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0...

Страница 873: ...sent to it and the chargen character generator service generates a continuous stream of data When used together they create an infinite loop and result in a denial of service Use the no form to disabl...

Страница 874: ...any interrupts required to send ICMP Echo response packets Use the no form to disable this feature SYNTAX no dos protection smurf DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Cons...

Страница 875: ...mply discards the TCP NULL scan Use the no form to disable this feature SYNTAX no dos protection tcp null scan DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE Console config dos prot...

Страница 876: ...to zero forward Forwards all packets with the Layer 4 source port or destination port set to zero DEFAULT SETTING Drop COMMAND MODE Global Configuration EXAMPLE Console config dos protection tcp udp...

Страница 877: ...Disabled 1000 kbits second COMMAND MODE Global Configuration EXAMPLE Console config dos protection udp flooding 65 Console config dos protection win nuke This command protects against DoS WinNuke att...

Страница 878: ...ter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider port based traffic segmentation can be use...

Страница 879: ...the uplink and downlink ports assigned to different client sessions is shown below traffic segmentation uplink to uplink Specifies whether or not traffic can be forwarded between uplink ports assigne...

Страница 880: ...n globally on the switch Console config traffic segmentation Console config traffic segmentation session This command creates a traffic segmentation client session Use the no form to remove a client s...

Страница 881: ...wnlink list A port can only be assigned to one traffic segmentation session When specifying an uplink or downlink a list of ports may be entered by using a hyphen or comma in the port field Note that...

Страница 882: ...Forwards traffic between uplink ports assigned to different sessions DEFAULT SETTING Blocking COMMAND MODE Global Configuration EXAMPLE This example enables forwarding of traffic between uplink ports...

Страница 883: ...Chapter 24 General Security Measures Port based Traffic Segmentation 894...

Страница 884: ...res ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses DSCP traffic class or next header type MAC ACLs Configures ACL...

Страница 885: ...onfiguration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To remove a rule use the...

Страница 886: ...le config RELATED COMMANDS show ip access list 902 Time Range 711 permit deny Standard IP ACL This command adds a rule to a Standard IPv4 ACL The rule sets a filter condition for packets emanating fro...

Страница 887: ...permit deny Extended IPv4 ACL This command adds a rule to an Extended IPv4 ACL The rule sets a filter condition for packets with specific source or destination IP addresses protocol types source or de...

Страница 888: ...g the port bits to match Range 0 65535 control flags Decimal number representing a bit string that specifies flag bits in byte 14 of the TCP header Range 0 63 flag bitmask Decimal number representing...

Страница 889: ...o problem when checking DSCP or IP Precedence bits but limits the checking of ToS bits underlined in the following example to the leftmost three bits ignoring the rightmost fourth bit For example if y...

Страница 890: ...e the no form to remove the port SYNTAX ip access group acl name in time range time range name counter no ip access group acl name in acl name Name of the ACL Maximum length 32 characters in Indicates...

Страница 891: ...access group Interface Configuration 901 show ip access list This command displays the rules for configured IPv4 ACLs SYNTAX show ip access list standard extended acl name standard Specifies a standa...

Страница 892: ...ODE Global Configuration COMMAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an...

Страница 893: ...the port SYNTAX ipv6 access group acl name in time range time range name counter no ipv6 access group acl name in acl name Name of the ACL Maximum length 32 characters in Indicates that this list app...

Страница 894: ...rated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields prefix length A decimal value indicating h...

Страница 895: ...n the address to indicate the appropriate number of zeros required to fill the undefined fields destination ipv6 address An IPv6 destination address or network class The address must be formatted acco...

Страница 896: ...FC 2460 EXAMPLE This example accepts any incoming packets if the destination address is 2009 DB9 2229 79 8 Console config ext ipv6 acl permit 2009 DB9 2229 79 8 Console config ext ipv6 acl This allows...

Страница 897: ...GE A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one IPv6 ACLs can only be applied to...

Страница 898: ...rface Configuration 907 MAC ACLS The commands in this section configure ACLs based on hardware addresses packet format and Ethernet type The ACLs can further specify optional IP and IPv6 addresses inc...

Страница 899: ...MAND USAGE When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To remove a rule use the no permit or no...

Страница 900: ...in Console config RELATED COMMANDS show mac access list 916 Time Range 711 permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destina...

Страница 901: ...on ipv6 destination ipv6 prefix length protocol protocol l4 source port sport port bitmask l4 destination port dport port bitmask time range time range name no permit deny tagged eth2 any host source...

Страница 902: ...ce address bitmask any host destination destination address bitmask time range time range name no permit deny untagged 802 3 any host source source address bitmask any host destination destination add...

Страница 903: ...535 time range name Name of the time range Range 1 16 characters DEFAULT SETTING None COMMAND MODE MAC ACL COMMAND USAGE New rules are added to the end of the list The ethertype option can only be use...

Страница 904: ...stics DEFAULT SETTING None COMMAND MODE Interface Configuration Ethernet COMMAND USAGE Only one ACL can be bound to a port If an ACL is already bound to a port and you bind a different ACL to it the s...

Страница 905: ...MAC address contained in ARP request and reply messages To configure ARP ACLs first create an access list containing the required permit or deny rules and then bind the access list to one or more VLA...

Страница 906: ...This command adds a rule to an ARP ACL The rule filters packets matching a specified source or destination address in ARP messages Use the no form to remove a rule SYNTAX no permit deny ip any host s...

Страница 907: ...mits packets from any source IP and MAC address to the destination subnet address 192 168 0 0 Console config arp acl permit response ip any 192 168 0 0 255 255 0 0 mac any any Console config mac acl R...

Страница 908: ...t unit Unit identifier Range 1 port Port number Range 1 52 acl name Name of the ACL Maximum length 32 characters COMMAND MODE Privileged Exec EXAMPLE Console clear access list hardware counters Consol...

Страница 909: ...Shows ingress rules for Standard IPv6 ACLs mac Shows ingress rules for MAC ACLs tcam utilization Shows the percentage of user configured ACL rules as a percentage of total ACL rules acl name Name of t...

Страница 910: ...ed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC clear counters Clears statistics on an interface PE show discard Displays if CDP and PVST p...

Страница 911: ...perature which can be used to trigger an alarm or warning message IC transceiver threshold tx power Sets thresholds for the transceiver power level of the transmitted signal which can be used to trigg...

Страница 912: ...n file An example of the value which a network manager might store in this object for a WAN interface is the Telco s circuit number identifier of the interface EXAMPLE The following example adds an al...

Страница 913: ...te the best settings for a link based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands EXAMPLE...

Страница 914: ...RD SW 3 Console config if discard This command discards CDP or PVST packets Use the no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cdp pvst cdp C...

Страница 915: ...ontrol on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto n...

Страница 916: ...tatistical values on port 1 Console config interface ethernet 1 1 Console config if history 15min 15 10 Console config if media type This command forces the transceiver mode to use for SFP ports Use t...

Страница 917: ...ased on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands If auto negotiation is disabled auto MDI...

Страница 918: ...ll duplex operation 10half Forces 10 Mbps half duplex operation DEFAULT SETTING Auto negotiation is enabled by default When auto negotiation is disabled the default speed duplex setting is 100full for...

Страница 919: ...r Range 1 port Port number Range 1 52 port channel channel id Range 1 16 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Statistics are only initialized for a power reset This command...

Страница 920: ...t priority speed duplex mode and port type for all ports COMMAND MODE Privileged Exec EXAMPLE Console show interfaces brief Interface Name Status PVID Pri Speed Duplex Type Trunk Eth 1 1 Down 1 0 Auto...

Страница 921: ...xtended Iftable Stats 23 Multi cast Input 5525 Multi cast Output 170 Broadcast Input 11 Broadcast Output Ether like Stats 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision...

Страница 922: ...1 32 characters current Statistics recorded in current interval previous Statistics recorded in previous intervals index An index into the buckets containing previous samples Range 1 96 count The num...

Страница 923: ...val 86400 second s Buckets Requested 7 Buckets Granted 0 Status Active Current Entries Start Time Octets Input Unicast Multicast Broadcast 00d 00 00 00 0 00 3009496 14174 13187 5931 Discards Errors 0...

Страница 924: ...37 0 00 902 7 0 0 00d 06 52 38 0 00 64 0 1 0 Start Time Discards Errors 00d 06 52 29 0 0 00d 06 52 30 0 0 00d 06 52 31 0 0 00d 06 52 32 0 0 00d 06 52 33 0 0 00d 06 52 34 0 0 00d 06 52 35 0 0 00d 06 5...

Страница 925: ...ation on all interfaces is displayed For a description of the items displayed by this command see Displaying Connection Status on page 102 EXAMPLE Console show interfaces status ethernet 1 21 Informat...

Страница 926: ...l Exec Privileged Exec COMMAND USAGE If no interface is specified information on all interfaces is displayed EXAMPLE This example shows the configuration setting for port 21 Console show interfaces sw...

Страница 927: ...t Shows if rate limiting is enabled and the current rate limit page 983 VLAN Membership Mode Indicates membership mode as Trunk or Hybrid page 1090 Ingress Rule Shows if ingress filtering is enabled o...

Страница 928: ...nsceiver threshold auto Console transceiver threshold current This command sets thresholds for transceiver current which can be used to trigger an alarm or warning message SYNTAX transceiver threshold...

Страница 929: ...triggered as described above to avoid a hysteresis effect which would continuously trigger event messages if the power level were to fluctuate just above and below either the high threshold or the low...

Страница 930: ...nfigured by the snmp server host command EXAMPLE The following example sets alarm thresholds for the signal power received at port 1 Console config interface ethernet 1 52 Console config if transceive...

Страница 931: ...ansceiver temperature at port 1 Console config interface ethernet 1 52 Console config if transceiver threshold temperature low alarm 97 Console config if transceiver threshold temperature high alarm 8...

Страница 932: ...m thresholds for the signal power transmitted at port 1 Console config interface ethernet 1 52 Console config if transceiver threshold tx power low alarm 8 Console config if transceiver threshold tx p...

Страница 933: ...52 Console config if transceiver threshold voltage low alarm 4 Console config if transceiver threshold voltage high alarm 2 Console show interfaces transceiver This command displays identifying infor...

Страница 934: ...endor Rev V1 1 Vendor SN A492101711 Date Code 09 05 19 DDM Information Temperature 35 64 degree C Vcc 3 25 V Bias Current 12 13 mA TX Power 2 36 dBm RX Power 24 20 dBm DDM Thresholds Low Alarm Low War...

Страница 935: ...iver monitor Disabled Transceiver threshold auto Enabled Low Alarm Low Warning High Warning High Alarm Temperature Celsius 123 00 0 00 70 00 75 00 Voltage Volts 3 10 3 15 3 45 3 50 Current mA 6 00 7 0...

Страница 936: ...nated pair ON Open Open pair no link partner ST Short Shorted pair IE Impedance error Terminating impedance is not in the reference range NC No cable attached NT Not tested NS Not supported This messa...

Страница 937: ...ength if no fault is found To ensure more accurate measurement of the length to a fault first disable power saving mode on the link partner before running cable diagnostics For link down ports the rep...

Страница 938: ...link partner If none is detected the switch automatically turns off the transmitter and most of the receive circuitry entering Sleep Mode In this mode the low power energy detection circuit continuou...

Страница 939: ...wer save This command shows the configuration settings for power savings SYNTAX show power save interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 4...

Страница 940: ...o 8 ports Table 27 1 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode for the trunk GC po...

Страница 941: ...Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key la...

Страница 942: ...runk This mode works best for switch to switch trunk links where traffic through the switch is destined for many different hosts Do not use this mode for switch to router trunk links where the destina...

Страница 943: ...ring static trunks the switches must comply with the Cisco EtherChannel standard Use no channel group to remove a port group from a trunk Use no interface port channel to remove a trunk from the switc...

Страница 944: ...has been established Console config interface ethernet 1 10 Console config if lacp Console config if interface ethernet 1 11 Console config if lacp Console config if interface ethernet 1 12 Console c...

Страница 945: ...t admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value...

Страница 946: ...ximum number of allowed port members and LACP is subsequently enabled on another port using a higher priority than an existing member the newly configured port will replace an existing port member tha...

Страница 947: ...tings for the partner only applies to its administrative state not its operational state and will only take effect the next time an aggregate link is established with the partner EXAMPLE Console confi...

Страница 948: ...meout to wait for the next LACP data unit LACPDU Use the no form to restore the default setting SYNTAX lacp timeout long short no lacp timeout long Specifies a slow timeout of 90 seconds short Specifi...

Страница 949: ...ort channel counters internal neighbors sys id port channel Local identifier for a link aggregation group Range 1 12 counters Statistics for LACP protocol messages internal Configuration settings and...

Страница 950: ...Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to t...

Страница 951: ...ocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or cha...

Страница 952: ...Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative...

Страница 953: ...Chapter 27 Link Aggregation Commands 964 EXAMPLE Console show port channel load balance Trunk Load Balance Mode Destination IP address Console...

Страница 954: ...to powered devices that were designed prior to the IEEE 802 3af PoE standard Use the no form to disable this feature SYNTAX no power inline compatible DEFAULT SETTING Enabled COMMAND MODE Global Conf...

Страница 955: ...to the RJ 45 ports EXAMPLE Console config power inline compatible Console config end Console show power inline status Unit 1 Unit 1 Compatible mode Disabled Time Max Used Interface Admin Range Oper Po...

Страница 956: ...Use the no form to turn off power for a port or the no form with the time range keyword to remove the time range settings SYNTAX power inline time range time range name no power inline time range tim...

Страница 957: ...power budget of 400W All the RJ 45 ports support both the IEEE 802 3af and IEEE 802 3at standards The maximum number of ports which can supply power simultaneously at the specified levels are shown i...

Страница 958: ...switch can drop power to one or more lower priority ports and thereby remain within its overall budget If a device is connected to a port after the switch has finished booting up and would cause the s...

Страница 959: ...power inline time range rd Console config if RELATED COMMANDS time range 712 show power inline status This command displays the current power status for all ports or for specific ports SYNTAX show pow...

Страница 960: ...ange 1 30 characters interface ethernet unit Unit identifier Range 1 port Port number Range 1 48 COMMAND MODE Privileged Exec EXAMPLE Console show power inline time range ethernet 1 5 Interface Time R...

Страница 961: ...tatus On PoE Power Consumption 7 3 Watts Software Version Version 0068 Hex Build 00 Hex Console Table 28 5 show power mainpower display description Field Description PoE Maximum Available Power The av...

Страница 962: ...ddress mac address access list acl name no port monitor interface vlan vlan id mac address mac address access list acl name interface ethernet unit port source port unit Unit identifier Range 1 port P...

Страница 963: ...port monitor command to specify the source of the traffic to mirror Note that the destination port cannot be a trunk or trunk member port When mirroring traffic from a port or trunk the mirror port t...

Страница 964: ...xample configures port 2 to monitor packets matching the MAC address 00 12 CF XX XX XX received by port 1 Console config access list mac m1 Console config mac acl permit 00 12 cf 00 00 00 ff ff ff 00...

Страница 965: ...the following steps to configure an RSPAN session 1 Use the vlan rspan command to configure a VLAN to use for RSPAN Default VLAN 1 is prohibited 2 Use the rspan source command to specify the interface...

Страница 966: ...no session can be configured for RSPAN Spanning Tree If the spanning tree is disabled BPDUs will not be flooded onto the RSPAN VLAN MAC address learning is not supported on RSPAN uplink ports when RS...

Страница 967: ...itted packets both Mirror both received and transmitted packets DEFAULT SETTING Both TX and RX traffic is mirrored COMMAND MODE Global Configuration COMMAND USAGE One or more source ports can be assig...

Страница 968: ...Traffic exiting the destination port is untagged COMMAND MODE Global Configuration COMMAND USAGE Only one destination port can be configured on the same switch per session but a destination port can...

Страница 969: ...intermediate switch transparently passing mirrored traffic from one or more sources to one or more destinations destination Specifies this device as a switch configured with a destination port which...

Страница 970: ...ession is allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then no session can be configured for RSPAN COMMAND MODE Global Configuration CO...

Страница 971: ...sole show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Switch Role Desti...

Страница 972: ...runks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped rate limit This command defines the ra...

Страница 973: ...ll designed or properly configured If there is too much traffic on your network performance can be severely degraded or everything can come to complete halt You can protect your network from traffic s...

Страница 974: ...ms can be controlled at the hardware level using this command or at the software level using the auto traffic control command However only one of these control types can be applied to a port Enabling...

Страница 975: ...icast storms IC Port auto traffic control action Sets the control action to limit ingress traffic or shut down the offending port IC Port auto traffic control alarm clear threshold Sets the lower thre...

Страница 976: ...rol and the apply timer expires IC Port snmp server enable port traps atc multicast control release Sends a trap when multicast traffic falls beneath the lower threshold after a storm control response...

Страница 977: ...traffic control response of rate limiting can be released automatically or manually The control response of shutting down a port can only be released manually Figure 30 2 Storm Control by Shutting Do...

Страница 978: ...enable port traps atc broadcast control apply command or snmp server enable port traps atc multicast control apply command EXAMPLE This example sets the apply timer to 200 seconds for all ports Conso...

Страница 979: ...ic traffic control for broadcast or multicast storms Use the no form to disable this feature SYNTAX no auto traffic control broadcast multicast broadcast Specifies automatic storm control for broadcas...

Страница 980: ...utdown If a control response is triggered the port is administratively disabled A port disabled by automatic traffic control can only be manually re enabled DEFAULT SETTING rate control COMMAND MODE I...

Страница 981: ...beneath which a cleared storm control trap is sent Range 1 255 kilo packets per second DEFAULT SETTING 250 kilo packets per second COMMAND MODE Interface Configuration Ethernet COMMAND USAGE Once the...

Страница 982: ...DE Interface Configuration Ethernet COMMAND USAGE Once the upper threshold is exceeded a trap message may be sent if configured by the snmp server enable port traps atc broadcast alarm fire command or...

Страница 983: ...c control control release command EXAMPLE Console config interface ethernet 1 1 Console config if auto traffic control broadcast auto control release Console config if auto traffic control control rel...

Страница 984: ...config if snmp server enable port traps atc broadcast alarm clear Console config if RELATED COMMANDS auto traffic control action 991 auto traffic control alarm clear threshold 992 snmp server enable...

Страница 985: ...pply Console config if RELATED COMMANDS auto traffic control alarm fire threshold 993 auto traffic control apply timer 988 snmp server enable port traps atc broadcast control release This command send...

Страница 986: ...1 Console config if snmp server enable port traps atc multicast alarm clear Console config if RELATED COMMANDS auto traffic control action 991 auto traffic control alarm clear threshold 992 snmp serv...

Страница 987: ...pply Console config if RELATED COMMANDS auto traffic control alarm fire threshold 993 auto traffic control apply timer 988 snmp server enable port traps atc multicast control release This command send...

Страница 988: ...command shows interface configuration settings and storm control status for the specified port SYNTAX show auto traffic control interface interface interface ethernet unit port unit Unit identifier R...

Страница 989: ...Chapter 30 Congestion Control Commands Automatic Traffic Control Commands 1000 Console...

Страница 990: ...tate caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globally and on an interface for loopback detection to take effe...

Страница 991: ...Console config loopback detection Console config interface ethernet 1 1 Console config if no spanning tree loopback detection Console config if loopback detection Console config loopback detection ac...

Страница 992: ...operation regardless of the remaining recover time EXAMPLE This example sets the loopback detection mode to block user traffic Console config loopback detection action block Console config loopback de...

Страница 993: ...onfiguration EXAMPLE Console config loopback detection transmit interval 60 Console config loopback detection trap This command sends a trap when a loopback condition is detected or when the switch re...

Страница 994: ...tion feature SYNTAX loopback detection release COMMAND MODE Privileged Exec EXAMPLE Console loopback detection release Console config show loopback detection This command shows loopback detection conf...

Страница 995: ...t Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabled Disabled Console show loopback detection ethernet 1 1 Loopback Detection Information of Eth...

Страница 996: ...SYNTAX udld message interval message interval no message interval message interval The interval at which a port sends UDLD probe messages after linkup or detection phases Range 7 90 seconds DEFAULT S...

Страница 997: ...based on information received in UDLD messages whether that s information about the exchange of proper neighbor identification or the absence of such Hence albeit bound by a timer normal mode determi...

Страница 998: ...o be taken Whenever a UDLD device learns about a new neighbor or receives a re synchronization request from an out of synch neighbor it re starts the detection process on its side of the connection an...

Страница 999: ...Oper State Msg Invl Trunk Port State Det Invl Trunk 1 Enabled Normal Console show udld This command shows UDLD configuration settings and operational status for the switch or for a specified interface...

Страница 1000: ...DLD operational state Disabled Link down Link up Advertisement Detection Disabled port Advertisement Single neighbor Advertisement Multiple neighbors Port State Shows the UDLD port state Unknown Bidir...

Страница 1001: ...Sets the aging time of the address table GC mac address table hash lookup depth Sets the hash lookup depth of address table GC mac address table static Maps a static address to a port in a VLAN GC ma...

Страница 1002: ...kup depth Range 4 32 in multiples of 4 DEFAULT SETTING 4 COMMAND MODE Global Configuration EXAMPLE Console config mac address table hash lookup depth 32 Console config RELATED COMMANDS show mac addres...

Страница 1003: ...a given interface link is down Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be...

Страница 1004: ...ss mask Bits to match in the address interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 vlan id VLAN ID Range 1 4094 sort Sort by...

Страница 1005: ...on Timeout Console show mac address table aging time This command shows the aging time for entries in the address table DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show mac addre...

Страница 1006: ...ress table hash lookup depth Configured Hash Lookup Depth 4 Activated Hash Lookup Depth 4 Console show mac address table mac learning config This command shows if MAC address learning has been enabled...

Страница 1007: ...Chapter 33 Address Table Commands 1019...

Страница 1008: ...DUs to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC max hops...

Страница 1009: ...ree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPDUs to...

Страница 1010: ...fig spanning tree cisco prestandard Console config spanning tree forward time This command configures the spanning tree bridge forward time globally for this switch Use the no form to restore the defa...

Страница 1011: ...guration COMMAND USAGE This command sets the time interval in seconds at which the root device transmits a configuration message EXAMPLE Console config spanning tree hello time 5 Console config RELATE...

Страница 1012: ...e mode This command selects the spanning tree mode for this switch Use the no form to restore the default SYNTAX spanning tree mode stp rstp mstp no spanning tree mode stp Spanning Tree Protocol IEEE...

Страница 1013: ...ing tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning tree modes Changing modes stops all spanning tree instances for th...

Страница 1014: ...e spanning tree priority globally for this switch Use the no form to restore the default SYNTAX spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 61440...

Страница 1015: ...panning tree is disabled globally on the switch or disabled on a specific port Use the no form to restore the default SYNTAX spanning tree system bpdu flooding to all to vlan no spanning tree system b...

Страница 1016: ...ommand configures the maximum number of hops in the region before a BPDU is discarded Use the no form to restore the default SYNTAX max hops hop number hop number Maximum hop number for multiple spann...

Страница 1017: ...Configuration COMMAND USAGE MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the...

Страница 1018: ...64 instances You should try to group VLANs which cover the same general area of your network However remember that you must configure all bridges within the same MSTI Region page 1031 with the same s...

Страница 1019: ...5 DEFAULT SETTING 0 COMMAND MODE MST Configuration COMMAND USAGE The MST region name page 1031 and revision number are used to designate a unique MST region A bridge i e spanning tree compliant device...

Страница 1020: ...n edge port with the spanning tree edge port command EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree edge port Console config if spanning tree bpdu filter Console config...

Страница 1021: ...isabled 1043 spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default auto configuration mode SYNTAX spanning tree cost...

Страница 1022: ...for path cost is 65 535 EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree cost 50 Console config if spanning tree edge port This command specifies an interface as an edge p...

Страница 1023: ...figures the link type for Rapid Spanning Tree and Multiple Spanning Tree Use the no form to restore the default SYNTAX spanning tree link type auto point to point shared no spanning tree link type aut...

Страница 1024: ...hen the port will drop the loopback BPDU according to IEEE Standard 802 1W 2001 9 3 4 Note 1 Port Loopback Detection will not be active if Spanning Tree is disabled on the switch EXAMPLE Console confi...

Страница 1025: ...command configures the release mode for a port that was placed in the discarding state because a loopback BPDU was received Use the no form to restore the default SYNTAX spanning tree loopback detect...

Страница 1026: ...les SNMP trap notification for Spanning Tree loopback BPDU detections Use the no form to restore the default SYNTAX no spanning tree loopback detection trap DEFAULT SETTING Disabled COMMAND MODE Inter...

Страница 1027: ...e spanning tree algorithm to determine the best path between devices Therefore lower values should be assigned to interfaces attached to faster media and higher values assigned to interfaces with slow...

Страница 1028: ...ELATED COMMANDS spanning tree mst cost 1039 spanning tree port bpdu flooding This command floods BPDUs to other ports when spanning tree is disabled globally or disabled on a specific port Use the no...

Страница 1029: ...ed as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled EXAMPLE Console config interface ethernet 1...

Страница 1030: ...interface the switch will wait for 20 seconds to ensure that the spanning tree has converged before enabling Root Guard EXAMPLE Console config interface ethernet 1 5 Console config if spanning tree ed...

Страница 1031: ...ase This command manually releases a port placed in discarding state by loopback detection SYNTAX spanning tree loopback detection release interface interface ethernet unit port unit Unit identifier R...

Страница 1032: ...nd on the selected interfaces i e RSTP or STP compatible EXAMPLE Console spanning tree protocol migration eth 1 5 Console show spanning tree This command shows the configuration for the common spannin...

Страница 1033: ...tings and settings for all interfaces For a description of the items displayed under Spanning tree information see Configuring Global Settings for STA on page 193 For a description of the items displa...

Страница 1034: ...ed BPDU Guard Auto Recovery Interval 300 BPDU Filter Status Disabled TC Propagate Stop Disabled This example shows a brief summary of global and interface setting for the spanning tree Console show sp...

Страница 1035: ...Chapter 34 Spanning Tree Commands 1048 EXAMPLE Console show spanning tree mst configuration Mstp Configuration Information Configuration Name R D Revision Level 0 Instance VLANs 0 1 4094 Console...

Страница 1036: ...ets when in protection state ERPS non revertive Enables non revertive mode which requires the protection state on the RPL to manually cleared ERPS propagate tc Enables propagation of topology change m...

Страница 1037: ...filter out intermittent link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal failure 5 Configure the ERPS Control VLAN CVL...

Страница 1038: ...AULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE ERPS must be enabled globally on the switch before it can enabled on an ERPS ring using the enable command EXAMPLE Console config...

Страница 1039: ...Control VLAN SYNTAX no control vlan vlan id vlan id VLAN ID Range 1 4094 DEFAULT SETTING None COMMAND MODE ERPS Configuration COMMAND USAGE Configure one control VLAN for each ERPS ring First create...

Страница 1040: ...activates the current ERPS ring Use the no form to disable the current ring SYNTAX no enable DEFAULT SETTING Disabled COMMAND MODE ERPS Configuration COMMAND USAGE Before enabling a ring the east and...

Страница 1041: ...s duration a node will be unaware of new or existing ring requests transmitted from other nodes EXAMPLE Console config erps guard timer 300 Console config erps holdoff timer This command sets the time...

Страница 1042: ...PS ring used for sending control packets Range 1 32 characters DEFAULT SETTING None COMMAND MODE ERPS Configuration COMMAND USAGE This switch can support up to six rings However ERPS control packets c...

Страница 1043: ...pecified by the mep monitor command then the MEG level set by the meg level command must match the authorized maintenance level of the CFM domain to which the specified MEP belongs The MEP s primary V...

Страница 1044: ...ps mep monitor east mep 1 Console config erps RELATED COMMANDS ethernet cfm domain 1275 ethernet cfm mep 1279 node id This command sets the MAC address for a ring node Use the no form to restore the d...

Страница 1045: ...from nodes adjacent to the failed link The owner then enters protection state by unblocking the RPL However using this standard recovery procedure may cause a non EPRS device to become isolated when t...

Страница 1046: ...he default revertive mode SYNTAX no non revertive DEFAULT SETTING Disabled COMMAND MODE ERPS Configuration COMMAND USAGE Revertive behavior allows the switch to automatically return the RPL from Prote...

Страница 1047: ...an R APS NR RB message over both ring ports informing the ring that the RPL is blocked and performing a flush FDB action d The acceptance of the R APS NR RB message causes all ring nodes to unblock a...

Страница 1048: ...NR message causes the RPL Owner Node to start the WTB timer b The WTB timer is cancelled if during the WTB period a higher priority request than NR is accepted by the RPL Owner Node or is declared lo...

Страница 1049: ...re the Manual Switch was cleared receives an R APS NR message with a Node ID higher than its own Node ID it unblocks any ring port which does not have an SF condition and stops transmitting R APS NR m...

Страница 1050: ...isable this feature SYNTAX no propagate tc DEFAULT SETTING Disabled COMMAND MODE ERPS Configuration COMMAND USAGE When a secondary ring detects a topology change it can pass a message about this event...

Страница 1051: ...hout vc DEFAULT SETTING R APS with Virtual Channel COMMAND MODE ERPS Configuration COMMAND USAGE A sub ring may be attached to a primary ring with or without a virtual channel A virtual channel is use...

Страница 1052: ...mstances it may not be desirable to use a virtual channel to interconnect the sub ring over an arbitrary Ethernet network In this situation the R APS messages are terminated on the interconnection poi...

Страница 1053: ...nge 1 port Port number Range 1 12 port channel channel id Range 1 12 DEFAULT SETTING Not associated COMMAND MODE ERPS Configuration COMMAND USAGE Each node must be connected to two neighbors on the ri...

Страница 1054: ...Configuration COMMAND USAGE The RPL neighbor node when configured is a ring node adjacent to the RPL that is responsible for blocking its end of the RPL under normal conditions i e the ring is establ...

Страница 1055: ...ction state that is when a signal fault is detected on the ring or the protection state is enabled with the erps forced switch or erps manual switch command The east and west connections to the ring m...

Страница 1056: ...ly set to 1 when a ring node supporting only the functionalities of G 8032v1 exists on the same ring with other nodes that support G 8032v2 When ring nodes running G 8032v1 and G 8032v2 co exist on a...

Страница 1057: ...s COMMAND MODE Privileged Exec EXAMPLE Console clear erps statistics domain r d Console erps clear This command manually clears the protection state which has been invoked by a forced switch or manual...

Страница 1058: ...witching as follows a The ring node where a forced switch command was issued blocks the traffic channel and R APS channel on the ring port to which the command was issued and unblocks the other ring p...

Страница 1059: ...or more forced switches are allowed in the ring which may inadvertently cause the segmentation of an ring It is the responsibility of the operator to prevent this effect if it is undesirable Ring pro...

Страница 1060: ...n this situation the erps manual switch command triggers protection switching as follows a If no other higher priority commands exist the ring node where a manual switch command was issued blocks the...

Страница 1061: ...pted b A ring node with a local manual switch command which receives an R APS MS message with a different Node ID clears its manual switch request and starts transmitting R APS NR messages The ring no...

Страница 1062: ...sages Enabled Shows if the specified ring is enabled Ver Shows the ERPS version MEL The maintenance entity group MEG level providing a communication channel for ring automatic protection switching R A...

Страница 1063: ...eception of traffic is blocked and the forwarding of R APS messages is blocked but the transmission of locally generated R APS messages is allowed and the reception of all R APS messages is allowed Fo...

Страница 1064: ...n R APS messages Propagate TC Shows if the ring is configured to propagate topology change notification messages Non ERPS Device Protect Shows if the RPL owner node is configured to send non standard...

Страница 1065: ...Clear SF The number of times a clear command was issued to terminate protection state entered through a forced switch or manual switch SF The number of signal fault messages NR The number of no reques...

Страница 1066: ...nsion MIB Editing VLAN Groups Sets up VLAN groups including name VID and state Configuring VLAN Interfaces Configures VLAN interface parameters including ingress and egress tagging mode ingress filter...

Страница 1067: ...cal switch EXAMPLE Console config bridge ext gvrp Console config garp timer This command sets the values for the join leave and leaveall timers Use the no form to restore the timers default values SYN...

Страница 1068: ...or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration deregistration Timer values are applied to GVRP for all the ports on all VLANs...

Страница 1069: ...GVRP If a VLAN has been added to the set of allowed VLANs for an interface then you cannot add it to the set of forbidden VLANs for that same interface GVRP cannot be enabled for ports set to Access m...

Страница 1070: ...bridge ext Maximum Supported VLAN Numbers 4094 Maximum Supported VLAN ID 4094 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Version Number 2 VLAN Learning IVL Configur...

Страница 1071: ...Range 1 port Port number Range 1 52 port channel channel id Range 1 16 DEFAULT SETTING Shows both global and interface specific configuration COMMAND MODE Normal Exec Privileged Exec EXAMPLE Console...

Страница 1072: ...the no form to restore the default settings or delete a VLAN SYNTAX vlan vlan id name vlan name media ethernet state active suspend rspan no vlan vlan id name state vlan id VLAN ID specified as a sin...

Страница 1073: ...lan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan RELATED COMMANDS show vlan 1093 CONFIGURING VLAN INTERFACES Table 36 4 Commands for Configuring VLAN Interfaces Co...

Страница 1074: ...VLAN enter any Layer 3 configuration commands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command EXAMPLE The following example sho...

Страница 1075: ...e config interface ethernet 1 1 Console config if switchport acceptable frame types tagged Console config if RELATED COMMANDS switchport mode 1090 switchport allowed vlan This command configures VLAN...

Страница 1076: ...ed member Otherwise it is only necessary to add at most one VLAN as untagged and this should correspond to the native VLAN for the interface If a VLAN on the forbidden list for an interface is manuall...

Страница 1077: ...pecifies an access VLAN interface The port transmits and receives untagged frames on a single VLAN only hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames trunk S...

Страница 1078: ...hen using Access mode and an interface is assigned to a new VLAN its PVID is automatically set to the identifier for that VLAN When using Hybrid mode the PVID for an interface can be set to any VLAN f...

Страница 1079: ...oup tags 1 and 2 groups that are unknown to those switches to pass through their VLAN trunking ports VLAN trunking is mutually exclusive with the access switchport mode see the switchport mode command...

Страница 1080: ...ive Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1...

Страница 1081: ...ol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Страница 1082: ...fore advisable to disable spanning tree on these ports dot1q tunnel system tunnel control This command sets the switch to operate in QinQ mode Use the no form to disable QinQ operating mode SYNTAX no...

Страница 1083: ...service provider s tag is stripped off and the packet passed on to the VLAN indicated by the inner tag If no inner tag is found the packet is passed onto the native VLAN defined for the uplink port E...

Страница 1084: ...s Note that all customer interfaces should be configured as access interfaces that is a user to network interface and service provider interfaces as uplink interfaces that is a network to network inte...

Страница 1085: ...match cvid 30 6 Configures port 1 as member of VLANs 10 20 and 30 to avoid filtering out incoming frames tagged with VID 10 20 or 30 on port 1 Console config interface ethernet 1 1 Console config if...

Страница 1086: ...dard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as untagged frames and assigned to the native VLAN of that port The specified ethertype only applies to por...

Страница 1087: ...nsole show dot1q tunnel service 100 802 1Q Tunnel Service Subscriptions Port Match C VID S VID Eth 1 5 1 100 Eth 1 6 1 100 Console RELATED COMMANDS switchport dot1q tunnel mode 1095 CONFIGURING L2CP T...

Страница 1088: ...es 10 12 CF 00 00 02 a reserved address for other specified protocol types as defined in IEEE 802 1ad Provider Bridges or a user defined address All intermediate switches carrying this traffic across...

Страница 1089: ...d on an uplink port and recognized as a CDP VTP STP PVST protocol packet where STP means STP RSTP MSTP it is forwarded to the following ports in the same S VLAN a all access ports for which L2PT has b...

Страница 1090: ...ole config l2protocol tunnel tunnel dmac 01 80 C2 00 00 01 Console config switchport l2protocol tunnel This command enables Layer 2 Protocol Tunneling L2PT for the specified protocol Use the no form t...

Страница 1091: ...gs on traffic crossing the service provider s network However if any switch in the path crossing the service provider s network does not support this feature then the switches directly connected to th...

Страница 1092: ...ort 1 and VLAN 100 to VLAN 10 for downstream traffic leaving port 1 then the VLAN IDs will be swapped as shown below Figure 36 3 Configuring VLAN Translation The maximum number of VLAN translation ent...

Страница 1093: ...ole show vlan translation Interface Old VID New VID Eth 1 1 10 100 Console CONFIGURING PROTOCOL BASED VLANS The network devices required to support multiple protocols cannot be easily grouped into a c...

Страница 1094: ...lan protocol group group id add remove frame type frame protocol type protocol no protocol vlan protocol group group id group id Group identifier of this protocol group Range 1 2147483647 frame2 Frame...

Страница 1095: ...ic is forwarded Range 1 4094 priority The priority assigned to untagged ingress traffic Range 0 7 where 7 is the highest priority DEFAULT SETTING No protocol groups are mapped for any interface Priori...

Страница 1096: ...ociated with protocol groups SYNTAX show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 DEFAULT SETTING All protocol groups are displayed COMMA...

Страница 1097: ...ingress frames are checked against the IP subnet to VLAN mapping table If an entry is found for that subnet these frames are assigned to the VLAN indicated in the entry If no IP subnet is matched the...

Страница 1098: ...frame If no mapping is found the PVID of the receiving port is assigned to the frame The IP subnet cannot be a broadcast or multicast IP address When MAC based IP subnet based or protocol based VLANs...

Страница 1099: ...d to the VLAN indicated in the entry If no MAC address is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID mac vlan This command configures MAC address to V...

Страница 1100: ...nnot be 101 or 001 A mask for the MAC address 00 50 6e 00 5f b1 translated into binary MAC 00000000 01010000 01101110 00000000 01011111 10110001 could be 11111111 11xxxxxx xxxxxxxx xxxxxxxx xxxxxxxx x...

Страница 1101: ...oice vlan voice vlan id Specifies the voice VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE When IP telephony is deployed in an enterprise network it is r...

Страница 1102: ...e config voice vlan 1234 Console config voice vlan aging This command sets the Voice VLAN ID time out Use the no form to restore the default SYNTAX voice vlan aging minutes no voice vlan minutes Speci...

Страница 1103: ...x xx xx xx or xxxxxxxxxxxx Range 80 00 00 00 00 00 to FF FF FF FF FF FF description User defined text that identifies the VoIP devices Range 1 32 characters DEFAULT SETTING None COMMAND MODE Global Co...

Страница 1104: ...elected you must select the method to use for detecting VoIP traffic either OUI or 802 1AB LLDP using the switchport voice vlan rule command When OUI is selected be sure to configure the MAC address r...

Страница 1105: ...cts a method for detecting VoIP traffic on a port Use the no form to disable the detection method on the port SYNTAX no switchport voice vlan rule oui lldp oui Traffic from VoIP devices is detected by...

Страница 1106: ...port that are tagged with the voice VLAN ID VoIP traffic is identified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch P...

Страница 1107: ...to Enabled OUI 6 100 Eth 1 2 Disabled Disabled OUI 6 NA Eth 1 3 Manual Enabled OUI 5 100 Eth 1 4 Auto Enabled OUI 6 100 Eth 1 5 Disabled Disabled OUI 6 NA Eth 1 6 Disabled Disabled OUI 6 NA Eth 1 7 Di...

Страница 1108: ...t and weighted queuing Use the no form to restore the default value SYNTAX queue mode strict wrr strict wrr queue type list Table 37 1 Priority Commands Command Group Function Priority Commands Layer...

Страница 1109: ...ced Weighted Round Robin WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prev...

Страница 1110: ...0 weight3 The ratio of weights for queues 0 3 determines the weights used by the WRR scheduler Range 1 255 DEFAULT SETTING Weights 1 2 4 6 are assigned to queues 0 3 respectively COMMAND MODE Global C...

Страница 1111: ...tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used The switch provides four priority queues for each port It can be configured to u...

Страница 1112: ...ch Table 37 3 Priority Commands Layer 3 and 4 Command Function Mode qos map cos dscp Maps CoS CFI values in incoming packets to per hop behavior and drop precedence values for internal priority proces...

Страница 1113: ...7 cfi Canonical Format Indicator Set to this parameter to 0 to indicate that the MAC address information carried in the frame is in canonical format Range 0 1 DEFAULT SETTING COMMAND MODE Global Conf...

Страница 1114: ...ch a packet is sent and two bits for drop precedence namely color which is used by Random Early Detection RED to control traffic congestion The specified mapping applies to all interfaces EXAMPLE Cons...

Страница 1115: ...1 Referring to Table 37 5 note that the DSCP value for these packets is now set to 25 3x23 1 and passed on to the egress interface Console config qos map dscp mutation 3 1 from 1 Console config qos m...

Страница 1116: ...pping applies to all interfaces EXAMPLE Console config qos map phb queue 0 from 1 2 3 Console config qos map trust mode This command sets QoS mapping to DSCP or CoS Use the no form to restore the defa...

Страница 1117: ...ess packet type is IPv4 then priority processing will be based on the CoS and CFI values in the ingress packet For an untagged packet the default port priority see page 1124 is used for priority proce...

Страница 1118: ...le Console show qos map dscp mutation DSCP mutation map x y x PHB y drop precedence d1 d2 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0 0 3 0 0 0 1 0 0 0 3 1 0 1 1 1 1 0 1 3 1 0 1 1 1 0 1 3 2 0 2 1 2 0 2 3 2 2 0...

Страница 1119: ...face ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 COMMAND MODE Privileged Exec EXAMPLE The following shows that the trust mode is set to CoS Console show qos map trust m...

Страница 1120: ...affic classification for the policy to act on PM rename Redefines the name of a policy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm colo...

Страница 1121: ...c that exceeds the specified rate or just reduce the DSCP service level for traffic exceeding the specified rate 6 Use the service policy command to assign a policy map to a specific interface NOTE Cr...

Страница 1122: ...ription of a class map or policy map SYNTAX description string string Description of the class map or policy map Range 1 64 characters COMMAND MODE Class Map Configuration Policy Map Configuration EXA...

Страница 1123: ...ap If match criteria includes a MAC ACL or VLAN rule then neither an IP ACL nor IP priority rule can be included in the same class map Up to 16 match entries can be included in a class map EXAMPLE Thi...

Страница 1124: ...characters DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE Use the policy map command to specify the name of the policy map and then use the class command to configure policies f...

Страница 1125: ...t command and one of the police commands to specify the match criteria where the set phb command sets the per hop behavior value in matching packets This modifies packet priority for internal processi...

Страница 1126: ...packet is within the CIR and BC There are enough tokens to service the packet the packet is set green violate action Action to take when packet exceeds the CIR and BC There are not enough tokens to se...

Страница 1127: ...e that incoming packets will receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate to 4000 bytes and configure the response to drop any violating...

Страница 1128: ...rate cannot exceed the configured interface speed and the committed burst and excess burst cannot exceed 16 Mbytes The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets a...

Страница 1129: ...decremented by B down to the minimum value of 0 else If the packet has been precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of...

Страница 1130: ...ize BC in bytes Range 0 16000000 at a granularity of 4k bytes peak rate Peak information rate PIR in kilobits per second Range 0 1000000 kbps at a granularity of 64 kbps or maximum port speed whicheve...

Страница 1131: ...ed the incoming packet stream so that each packet is either green yellow or red The marker re colors an IP packet according to the results of the meter The color is coded in the DS field RFC 2474 of t...

Страница 1132: ...rate Console config policy map rd policy Console config pmap class rd class Console config pmap c set phb 3 Console config pmap c police trtcm color blind 100000 4000 1000000 6000 conform action tran...

Страница 1133: ...nfiguration COMMAND USAGE The set ip dscp command is used to set the priority values in the packet s ToS field for matching packets EXAMPLE This example creates a policy called rd policy uses the clas...

Страница 1134: ...le creates a policy called rd policy uses the class command to specify the previously defined rd class uses the set phb command to classify the service that incoming packets will receive and then uses...

Страница 1135: ...ess interface Console config interface ethernet 1 1 Console config if service policy input rd policy Console config if show class map This command displays the QoS class maps which define matching cri...

Страница 1136: ...Displays all policy maps and all classes COMMAND MODE Privileged Exec EXAMPLE Console show policy map Policy Map rd policy Description class rd class set PHB 3 Console show policy map rd policy class...

Страница 1137: ...Chapter 38 Quality of Service Commands 1150...

Страница 1138: ...traffic to the attached VLANs IGMP Filtering and Throttling Configures IGMP filtering and throttling MLD Snooping Configures Multicast Listener Discovery snooping for IPv6 MLD Filtering and Throttling...

Страница 1139: ...p snooping vlan last memb query intvl Configures the last member query interval GC ip igmp snooping vlan mrd Sends multicast router solicitation messages GC ip igmp snooping vlan proxy address Configu...

Страница 1140: ...interface settings will not take effect until snooping is re enabled globally EXAMPLE The following example enables IGMP snooping globally Console config ip igmp snooping Console config ip igmp snoopi...

Страница 1141: ...Disabled VLAN Based on global setting COMMAND MODE Global Configuration COMMAND USAGE When proxy reporting is enabled with this command the switch performs IGMP Snooping with Proxy Reporting as define...

Страница 1142: ...COMMAND MODE Global Configuration COMMAND USAGE As described in Section 9 1 of RFC 3376 for IGMP Version 3 the Router Alert Option can be used to protect against DOS attacks One common method of attac...

Страница 1143: ...n flood This command enables flooding of multicast traffic if a spanning tree topology change notification TCN occurs Use the no form to disable flooding SYNTAX no ip igmp snooping tcn flood DEFAULT S...

Страница 1144: ...p port relations for multicast channels The root bridge also sends an unsolicited Multicast Router Discover MRD request to quickly locate the multicast routers in this VLAN The proxy query and unsolic...

Страница 1145: ...TING Disabled COMMAND MODE Global Configuration COMMAND USAGE Once the table used to store multicast entries for IGMP snooping and multicast routing is filled no new entries are learned If no router p...

Страница 1146: ...tore the default SYNTAX ip igmp snooping vlan vlan id version 1 2 3 no ip igmp snooping version vlan id VLAN ID Range 1 4094 1 IGMP Version 1 2 IGMP Version 2 3 IGMP Version 3 DEFAULT SETTING Global I...

Страница 1147: ...COMMAND USAGE If version exclusive is disabled on a VLAN then this setting is based on the global setting If it is enabled on a VLAN then this setting takes precedence over the global setting When thi...

Страница 1148: ...OMMAND MODE Global Configuration COMMAND USAGE If immediate leave is not used a multicast router or querier will send a group specific query message when an IGMPv2 v3 group leave message is received T...

Страница 1149: ...ere are no more group members Range 1 255 DEFAULT SETTING 2 COMMAND MODE Global Configuration COMMAND USAGE This command will take effect only if IGMP snooping proxy reporting or IGMP querier is enabl...

Страница 1150: ...lan id VLAN ID Range 1 4094 DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE Multicast Router Discovery MRD uses multicast router advertisement multicast router solicitation an...

Страница 1151: ...ource address vlan id VLAN ID Range 1 4094 source address The source address used for proxied IGMP query and report and leave messages Any valid IP unicast address DEFAULT SETTING 0 0 0 0 COMMAND MODE...

Страница 1152: ...last IGMP message received from a downstream host in report and leave messages sent upstream from the multicast router port EXAMPLE The following example sets the source address for proxied IGMP quer...

Страница 1153: ...ooping vlan vlan id query resp intvl vlan id VLAN ID Range 1 4094 interval The maximum time the system waits for a response to general queries Range 10 31740 tenths of a second DEFAULT SETTING 100 10...

Страница 1154: ...MPLE The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static 224 0 0 12 ethernet 1 5 Console config clear ip igmp snooping groups dyna...

Страница 1155: ...ing vlan vlan id vlan id VLAN ID 1 4094 COMMAND MODE Privileged Exec COMMAND USAGE This command displays global and VLAN specific IGMP configuration settings See Configuring IGMP Snooping and Query Pa...

Страница 1156: ...Port 1 224 1 1 1 Eth 1 1 show ip igmp snooping group This command shows known multicast group source and host port mappings for the specified VLAN interface or for all interfaces if none is specified...

Страница 1157: ...time m s VLAN Group Port Up time Expire Count 1 224 1 1 1 00 00 00 37 2 P Eth 1 1 R Eth 1 2 M 0 H Console show ip igmp snooping mrouter This command displays information on statically configured and...

Страница 1158: ...put interface ethernet 1 1 Interface Report Leave G Query G S S Query Drop Join Succ Group Eth 1 1 23 11 4 10 5 14 5 Console Table 39 3 show ip igmp snooping statistics input display description Field...

Страница 1159: ...splay description Field Description Interface Shows interface Report The number of IGMP membership reports sent from this interface Leave The number of leave messages sent from this interface G Query...

Страница 1160: ...ved The number of specific queries received on this interface Specific Query Sent The number of specific queries sent from this interface Warn Rate Limit The rate at which received query messages of t...

Страница 1161: ...service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits th...

Страница 1162: ...ed multicast group is denied the IGMP join report is dropped IGMP filtering and throttling only applies to dynamically learned multicast groups it does not apply to statically configured groups The IG...

Страница 1163: ...eny EXAMPLE Console config ip igmp profile 19 Console config igmp profile permit deny This command sets the access mode for an IGMP filter profile Use the no form to delete a profile number SYNTAX per...

Страница 1164: ...39 1 1 1 Console config igmp profile range 239 2 3 1 239 2 3 100 Console config igmp profile ip igmp authentication This command enables IGMP authentication on the specified interface When enabled and...

Страница 1165: ...initiate RADIUS authentication IS_EX MODE_IS_EXCLUDE Indicates that the interface s filter mode is EXCLUDE for the specified multicast address The Source Address fields in this Group Record contain t...

Страница 1166: ...E The IGMP filtering profile must first be created with the ip igmp profile command before being able to assign it to an interface Only one profile can be assigned to an interface A profile can also b...

Страница 1167: ...trunk members the trunk uses the throttling settings of the first port member in the trunk EXAMPLE Console config interface ethernet 1 1 Console config if ip igmp max groups 10 Console config if ip ig...

Страница 1168: ...ommand can be used to drop any query packets received on the specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier EX...

Страница 1169: ...t port unit Unit identifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Using this command without specifying...

Страница 1170: ...1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239 2 3 100 Console show ip igmp profile This command displays IGMP filtering profiles created on the switch...

Страница 1171: ...OMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Console show ip igmp query drop interface ethernet 1 1 Ethernet 1 1 Enabled Console show ip igmp throttl...

Страница 1172: ...COMMAND USAGE Using this command without specifying an interface displays all interfaces EXAMPLE Console show ip multicast data drop interface ethernet 1 1 Ethernet 1 1 Enabled Console MLD SNOOPING M...

Страница 1173: ...stness Configures the robustness variable GC ipv6 mld snooping router port expire time Configures the router port expire time GC ipv6 mld snooping unknown multicast mode Sets an action for unknown mul...

Страница 1174: ...no form to disable this feature SYNTAX no ipv6 mld snooping querier DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If enabled the switch will serve as querier if elected The...

Страница 1175: ...by this command When this message is received by downstream hosts all receivers build an MLD report for the multicast groups they have joined EXAMPLE Console config ipv6 mld snooping query interval 15...

Страница 1176: ...GE A port will be removed from the receiver list for a multicast service when no MLD reports are detected in response to a number of MLD queries The robustness variable sets the number of queries on p...

Страница 1177: ...g unknown multicast mode flood Floods the unknown multicast data packets to all ports to router port Forwards the unknown multicast data packets to router ports DEFAULT SETTING to router port COMMAND...

Страница 1178: ...sabled COMMAND MODE Global Configuration COMMAND USAGE If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave message is rece...

Страница 1179: ...onnections MLD snooping may not always be able to locate the MLD querier Therefore if the MLD querier is a known multicast router switch connected over the network to an interface port or trunk on the...

Страница 1180: ...ear ipv6 mld snooping groups dynamic This command clears multicast group information dynamically learned through MLD snooping SYNTAX clear ipv6 mld snooping groups dynamic COMMAND MODE Privileged Exec...

Страница 1181: ...ipv6 mld snooping COMMAND MODE Privileged Exec EXAMPLE The following shows MLD Snooping configuration information Console show ipv6 mld snooping Service Status Disabled Querier Status Disabled Robust...

Страница 1182: ...list COMMAND MODE Privileged Exec EXAMPLE The following shows MLD Snooping group mapping information Console show ipv6 mld snooping group source list Console show ipv6 mld snooping group source list...

Страница 1183: ...e Table 39 10 IGMP Filtering and Throttling Commands Command Function Mode ipv6 mld filter Enables MLD filtering and throttling on the switch GC ipv6 mld profile Sets a profile number and enters MLD f...

Страница 1184: ...rmitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD filtering and throttling only applies to dynamically learned multicast gr...

Страница 1185: ...X permit deny DEFAULT SETTING deny COMMAND MODE MLD Profile Configuration COMMAND USAGE Each profile has only one access mode either permit or deny When the access mode is set to permit MLD join repor...

Страница 1186: ...to an interface on the switch Use the no form to remove a profile from an interface SYNTAX no ipv6 mld filter profile number profile number An MLD filter profile number Range 1 4294967295 DEFAULT SETT...

Страница 1187: ...the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group MLD throttling can also be set on a trunk interface When ports are configured as...

Страница 1188: ...ipv6 mld query drop This command drops any received MLD query packets Use the no form to restore the default setting SYNTAX no ipv6 mld query drop DEFAULT SETTING Disabled COMMAND MODE Interface Conf...

Страница 1189: ...ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 mld filter ML...

Страница 1190: ...drop MLD query packets SYNTAX show ipv6 mld throttle interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 52 port channel channel id Range 1 16 DEFAULT SET...

Страница 1191: ...can be used to transmit multicast traffic such as television channels across a service provider s network Any multicast traffic entering an MVR VLAN is sent to all subscribers This can significantly...

Страница 1192: ...ets sent upstream GC mvr vlan Specifies the VLAN through which MVR multicast data is received GC mvr immediate leave Enables immediate leave capability IC mvr type Configures an interface as an MVR re...

Страница 1193: ...emove the binding SYNTAX no mvr domain domain id associated profile profile name domain id An independent multicast domain Range 1 5 profile name The name of a profile containing one or more MVR group...

Страница 1194: ...the no form of this command to restore the default setting SYNTAX mvr priority priority no mvr priority priority The CoS priority assigned to all multicast traffic forwarded into the MVR VLAN Range 0...

Страница 1195: ...registered to receive data from that multicast group The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multica...

Страница 1196: ...switching is enabled an MVR source port serves as the upstream or host interface The source port performs only the host portion of MVR by sending summarized membership reports and automatically disabl...

Страница 1197: ...expected packet loss and thereby the number of times to generate report and group specific queries Use the no form to restore the default setting SYNTAX mvr robustness value value no mvr robustness va...

Страница 1198: ...rds multicast streams which the source port has dynamically joined In other words both the receiver port and source port must subscribe to a multicast group before a multicast stream is forwarded to a...

Страница 1199: ...ration COMMAND USAGE This command specifies the VLAN through which MVR multicast data is received This is the VLAN to which all source ports must be assigned The VLAN specified by this command must be...

Страница 1200: ...not send out a group specific query when an IGMPv2 v3 leave message is received the same as it would without this option having been used Instead of immediately deleting that group it will look up the...

Страница 1201: ...ports cannot be set to access mode see the switchport mode command One or more interfaces may be configured as MVR source ports A source port is able to both receive and send data for multicast groups...

Страница 1202: ...eiver port using this command The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224...

Страница 1203: ...number Range 1 52 port channel channel id Range 1 16 vlan vlan id VLAN identifier Range 1 4094 COMMAND MODE Privileged Exec EXAMPLE Console clear ip igmp snooping statistics Console show mvr This com...

Страница 1204: ...t traffic forwarded into the MVR VLAN MVR Proxy Switching Shows if MVR proxy switching is enabled MVR Robustness Value Shows the number of reports or query messages sent when proxy switching is enable...

Страница 1205: ...s for all attached interfaces COMMAND MODE Privileged Exec EXAMPLE The following displays information about the interfaces attached to the MVR VLAN in domain 1 Console show mvr domain 1 interface MVR...

Страница 1206: ...ifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 unknown Entry created by receiving a multicast stream user Snooping entry learned from user s configuration settings DEFAUL...

Страница 1207: ...1 MVR Forwarding Entry Count 1 Flag S Source port R Receiver port H Host counts number of hosts joined to group on this port P Port counts number of ports joined to group Up time Group elapsed time d...

Страница 1208: ...st domain Range 1 5 interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 vlan vlan id VLAN ID Range 1 4094 query Displays MVR query...

Страница 1209: ...on this interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific or grou...

Страница 1210: ...ace Other Querier Expire The time after which this querier is assumed to have expired Other Querier Uptime Other querier s time up Self Querier This querier s IP address Self Querier Expire This queri...

Страница 1211: ...Transmit General Number of general queries transmitted Group Specific Number of group specific queries transmitted Received General Number of general queries received Group Specific Number of group sp...

Страница 1212: ...ceived General Number of general queries received Group Specific Number of group specific queries received V Warning Count Number of queries received on MVR that were configured by IGMP version 1 2 or...

Страница 1213: ...al queries GC mvr6 proxy switching Enables MVR proxy switching where the source port acts as a host and the receiver port acts as an MVR router with querier service enabled GC mvr6 robustness value Co...

Страница 1214: ...V6 profile can only be associated with one MVR6 domain EXAMPLE The following an MVR6 group address profile to domain 1 Console config mvr6 domain 1 associated profile rd Console config mvr6 domain Thi...

Страница 1215: ...he no form of this command to restore the default setting SYNTAX mvr6 priority priority no mvr6 priority priority The CoS priority assigned to all multicast traffic forwarded into the MVR6 VLAN Range...

Страница 1216: ...registered to receive data from that multicast group IGMP snooping and MVR share a maximum number of 1023 groups Any multicast streams received in excess of this limitation will be flooded to all por...

Страница 1217: ...ervice enabled Use the no form to disable this function SYNTAX no mvr6 proxy switching DEFAULT SETTING Enabled COMMAND MODE Global Configuration COMMAND USAGE When MVR proxy switching is enabled an MV...

Страница 1218: ...LE The following example enable MVR6 proxy switching Console config mvr6 proxy switching Console config RELATED COMMANDS mvr6 robustness value 1231 mvr6 robustness value This command configures the ex...

Страница 1219: ...ce ports on the switch and to all receiver ports that have elected to receive data on that multicast address When the mvr6 source port mode dynamic command is used the switch only forwards multicast s...

Страница 1220: ...d fields Note that the IP address ff02 X is reserved EXAMPLE Console config mvr6 domain 1 upstream source ip 2001 DB8 2222 7223 72 Console config mvr6 vlan This command specifies the VLAN through whic...

Страница 1221: ...the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if there are any remaining subscribers for that multicast group bef...

Страница 1222: ...eiver or source port can join or leave multicast groups configured under MVR6 A port which is not configured as an MVR receiver or source port can use MLD snooping to join or leave multicast groups us...

Страница 1223: ...multicast traffic is flooded Range 1 4094 group Defines a multicast service sent to the selected port ip address Statically configures an interface to receive multicast traffic from the IPv6 address...

Страница 1224: ...DE Privileged Exec COMMAND USAGE This command only clears entries learned though MVR6 Statically configured multicast addresses are not cleared EXAMPLE Console clear mvr6 groups dynamic Console clear...

Страница 1225: ...VR6 settings Console show mvr6 MVR6 802 1p Forwarding Priority Disabled MVR6 Proxy Switching Enabled MVR6 Robustness Value 2 MVR6 Proxy Query Interval 125 sec MVR6 Source Port Mode Always Forward Doma...

Страница 1226: ...ndependent multicast domain Range 1 5 DEFAULT SETTING Displays configuration settings for all attached interfaces MVR6 Source Port Mode Shows if the switch only forwards multicast streams which the so...

Страница 1227: ...dress for an MVR multicast group DEFAULT SETTING Displays configuration settings for all domains and all forwarding entries COMMAND MODE Privileged Exec EXAMPLE The following shows information about t...

Страница 1228: ...rwarding Entry Count 1 Flag S Source port R Receiver port H Host counts number of hosts join the group on this port P Port counts number of forwarding ports Up time Group elapsed time d h m s Expire G...

Страница 1229: ...e query domain id An independent multicast domain Range 1 5 interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 port channel channel id Range 1 16 vlan vlan id VLAN I...

Страница 1230: ...ceived on this interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The number of group specific...

Страница 1231: ...ire Time The time after which this querier is assumed to have expired Self Querier Address This querier s IPv6 address Self Querier Uptime This querier s time up Self Querier Expire Time This querier...

Страница 1232: ...globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many medFastStart packets are transmit...

Страница 1233: ...ransmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv ext poeb Configures an LLDP MED enabled port to advertise its extended Power over Ethernet configuration and usage informa...

Страница 1234: ...ultiplier or 65536 Range 2 10 DEFAULT SETTING Holdtime multiplier 4 TTL 4 30 120 seconds COMMAND MODE Global Configuration COMMAND USAGE The time to live tells the receiving LLDP agent how long to ret...

Страница 1235: ...s Use the no form to restore the default setting SYNTAX lldp notification interval seconds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Ra...

Страница 1236: ...conds COMMAND MODE Global Configuration EXAMPLE Console config lldp refresh interval 60 Console config lldp reinit delay This command configures the delay before attempting to re initialize after LLDP...

Страница 1237: ...es of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in each trans...

Страница 1238: ...clude information about the specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address The inter...

Страница 1239: ...ription Console config if lldp basic tlv system capabilities This command configures an LLDP enabled port to advertise its system capabilities Use the no form to disable this feature SYNTAX no lldp ba...

Страница 1240: ...m name This command configures an LLDP enabled port to advertise the system name Use the no form to disable this feature SYNTAX no lldp basic tlv system name DEFAULT SETTING Enabled COMMAND MODE Inter...

Страница 1241: ...VLAN information Use the no form to disable this feature SYNTAX no lldp dot1 tlv proto vid DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This option...

Страница 1242: ...his feature SYNTAX no lldp dot1 tlv vlan name DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This option advertises the name of all VLANs to which thi...

Страница 1243: ...his feature SYNTAX no lldp dot3 tlv mac phy DEFAULT SETTING Enabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This option advertises MAC PHY configuration status which i...

Страница 1244: ...Ethernet capabilities including whether or not PoE is supported currently enabled if the port pins through which power is delivered can be controlled the port pins selected to deliver power and the po...

Страница 1245: ...nformation The address location is specified as a type and value pair with the civic address CA type being defined in RFC 4776 The following table describes some of the CA type numbers and provides ex...

Страница 1246: ...if lldp med location civic addr country US Console config if lldp med location civic addr what 2 Console config if lldp med notification This command enables the transmission of SNMP trap notificatio...

Страница 1247: ...etails such as power availability from the switch and power state of the switch including whether the switch is operating from primary or backup power the Endpoint Device could use this information to...

Страница 1248: ...nabled COMMAND MODE Interface Configuration Ethernet Port Channel COMMAND USAGE This option advertises location identification details EXAMPLE Console config interface ethernet 1 1 Console config if l...

Страница 1249: ...network policy configurations frequently result in voice quality degradation or complete service disruption EXAMPLE Console config interface ethernet 1 1 Console config if lldp med tlv network policy...

Страница 1250: ...fig if show lldp config This command shows LLDP configuration settings for all ports SYNTAX show lldp config detail interface detail Shows configuration summary interface ethernet unit port unit Unit...

Страница 1251: ...ame MED Notification Status Enabled MED Enabled TLVs Advertised med cap network policy location ext poe inventory MED Location Identification Location Data Format Civic Address LCI Country Name US Wha...

Страница 1252: ...00 1A 7E AC 2B 16 Ethernet Port on unit 1 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Local Port Information Detail Port Eth 1 1 Port ID Type MAC Address Port ID B4 0E DC 34 9...

Страница 1253: ...rnet Port on unit 1 port 1 System Description SSE G2252P System Capabilities Bridge Enabled Capabilities Bridge Management Address 192 168 0 4 IPv4 Port VLAN ID 1 Port and Protocol VLAN ID VLAN 2 supp...

Страница 1254: ...Entries List Last Updated 49 seconds New Neighbor Entries Count 4 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Port NumFramesRecvd NumFramesSent N...

Страница 1255: ...ace messages Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when connectivity faults or configuration errors are detected in the local maint...

Страница 1256: ...nance association GC snmp server enable traps ethernet cfm cc Enables SNMP traps for CFM continuity check events GC mep archive hold time Sets the time that data from a missing MEP is kept in the cont...

Страница 1257: ...et cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache Cl...

Страница 1258: ...cross check messages page 1295 Defining CFM Structures ethernet cfm ais level This command configures the maintenance level at which Alarm Indication Signal AIS information will be sent within the spe...

Страница 1259: ...in the CFM domain Frames with AIS information can be issued at the client s maintenance level by a MEP upon detecting defect conditions For example defect conditions may include Signal failure conditi...

Страница 1260: ...rd Console config ethernet cfm ais suppress alarm This command suppresses sending frames containing AIS information following the detection of defect conditions Use the no form to restore the default...

Страница 1261: ...ais suppress alarm md voip ma rd Console config ethernet cfm domain This command defines a CFM maintenance domain sets the authorized maintenance level and enters CFM configuration mode Use the no fo...

Страница 1262: ...Ps within an MA MIPs are automatically generated by the CFM protocol when the mip creation option in this command is set to default or explicit and the MIP creation state machine is invoked as defined...

Страница 1263: ...Global Configuration COMMAND USAGE To avoid generating an excessive number of traps the complete CFM maintenance structure and process parameters should be configured prior to globally enabling CFM p...

Страница 1264: ...configuration mode the MA name and VLAN identifier specified by this command and the DSAPs configured with the mep crosscheck mpid command create a unique service instance for each customer If only th...

Страница 1265: ...ING character string COMMAND MODE CFM Domain Configuration EXAMPLE This example specifies the name format as character string Console config ethernet cfm domain index 1 name voip level 3 Console confi...

Страница 1266: ...command and 3 finally the MEP using this command An interface may belong to more than one domain This command can be used to configure an interface as a MEP for different MAs in different domains To...

Страница 1267: ...clears AIS defect information for the specified MEP SYNTAX clear ethernet cfm ais mpid mpid md domain name ma ma name mpid Maintenance end point identifier Range 1 8191 domain name Domain name Range 1...

Страница 1268: ...T SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the global settings for CFM Console show ethernet cfm configuration global CFM Global Status Enabled Crosscheck Start Delay 10 se...

Страница 1269: ...om a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivity has been restored to a remote MEP w...

Страница 1270: ...MIP Creation steve 1 voip 1 4 Default Console show ethernet cfm maintenance points local This command displays the maintenance points configured on this device SYNTAX show ethernet cfm maintenance poi...

Страница 1271: ...MD Name Level Direct VLAN Port CC Status MAC Address 1 rd 0 UP 1 Eth 1 1 Enabled 00 12 CF 3A A8 C0 Console show ethernet cfm maintenance points local detail mep This command displays detailed CFM inf...

Страница 1272: ...the Bridge port up or down Interface The port to which this MEP is attached CC Status Shows if the MEP will generate CCM messages MAC Address MAC address of the local maintenance point If a CCM for t...

Страница 1273: ...evel for this domain Range 0 7 ma name Maintenance association name Range 1 43 alphanumeric characters DEFAULT SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Use the mpid keyword with this co...

Страница 1274: ...CC Lifetime Length of time to hold messages about this MEP in the CCM database Age of Last CC Message Length of time the last CCM message about this MEP has been in the CCM database Frame Loss Percen...

Страница 1275: ...nature and size of the MA The maintenance of a MIP CCM database by a MIP presents some difficulty for bridges carrying a large number of Service Instances and for whose MEPs are issuing CCMs at a hig...

Страница 1276: ...ntinuity check messages for the specified maintenance association Console config ethernet cfm cc enable md voip ma rd Console config snmp server enable traps ethernet cfm cc This command enables SNMP...

Страница 1277: ...ts the time that data from a missing MEP is retained in the continuity check message CCM database before being purged Use the no form to restore the default setting SYNTAX mep archive hold time hold t...

Страница 1278: ...ain or the level keyword to clear it for a specific maintenance level EXAMPLE Console clear ethernet cfm maintenance points remote domain voip Console clear ethernet cfm errors This command clears con...

Страница 1279: ...orized maintenance level for this domain Range 0 7 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE Console show ethernet cfm errors Level VLAN MPID Interface Remote MAC Reason MA Name 5 2 40...

Страница 1280: ...ed with a specific VID lista one or more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher...

Страница 1281: ...AULT SETTING All continuity checks are enabled COMMAND MODE Global Configuration COMMAND USAGE For this trap type to function cross checking must be enabled on the required maintenance associations us...

Страница 1282: ...access points DSAPs have already been created with the ethernet cfm mep command at the same maintenance level and in the same MA DSAPs are MEPs that exist on the edge of the domain and act as primary...

Страница 1283: ...arted using this command with the enable keyword EXAMPLE This example enables cross checking within the specified maintenance association Console ethernet cfm mep crosscheck enable md voip ma rd Conso...

Страница 1284: ...se this command to enable the link trace cache to store the results of link trace operations initiated on this device Use the ethernet cfm linktrace command to transmit a link trace message Link trace...

Страница 1285: ...ace cache size entries entries The number of link trace responses stored in the link trace cache Range 1 4095 entries DEFAULT SETTING 100 entries COMMAND MODE Global Configuration COMMAND USAGE Before...

Страница 1286: ...SETTING None COMMAND MODE Privileged Exec COMMAND USAGE Link trace messages can be targeted to MEPs not MIPs Before sending a link trace message be sure you have configured the target MEP for the spec...

Страница 1287: ...m linktrace cache This command displays the contents of the link trace cache COMMAND MODE Privileged Exec EXAMPLE Console show ethernet cfm linktrace cache Hops MA IP Alias Ingress MAC Ing Action Rela...

Страница 1288: ...ally Down MEP that has another Down MEP at a higher MD level on the same bridge port that is causing the bridge port s MAC_Operational parameter to be false IngBlocked The ingress port can be identifi...

Страница 1289: ...on of a fault or receipt of some other error report Loopback messages can also used to confirm the successful restoration or initiation of connectivity The receiving maintenance point should respond t...

Страница 1290: ...t notify lowest priority priority Lowest priority default allowed to generate a fault alarm Range 1 6 DEFAULT SETTING Priority level 2 COMMAND MODE CFM Domain Configuration COMMAND USAGE A fault alarm...

Страница 1291: ...efore another fault alarm can be generated Range 3 10 seconds Table 41 7 Remote MEP Priority Levels Priority Level Level Name Description 1 allDef All defects 2 macRemErrXcon DefMACstatus DefRemoteCCM...

Страница 1292: ...nce end point identifier Range 1 8191 DEFAULT SETTING None COMMAND MODE Privileged Exec EXAMPLE This example shows the fault notification settings configured for one MEP Console show ethernet cfm faul...

Страница 1293: ...xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to retry sending t...

Страница 1294: ...mation with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTimeStampb Timestamp at the time of transmitti...

Страница 1295: ...errored frame link events IC efm oam link monitor frame window Sets the monitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam...

Страница 1296: ...the no form to disable this function SYNTAX no efm oam critical link event critical event dying gasp critical event If a critical event occurs the local OAM entity this switch indicates this to its pe...

Страница 1297: ...face Configuration COMMAND USAGE An errored frame is a frame in which one or more bits are errored If this feature is enabled and an errored frame link event occurs the local OAM entity this switch se...

Страница 1298: ...size no efm oam link monitor frame window size The period of time in which to check the reporting threshold for errored frame link events Range 10 65535 units of 10 milliseconds DEFAULT SETTING 10 uni...

Страница 1299: ...o discovery messages EXAMPLE Console config interface ethernet 1 1 Console config if efm oam mode active Console config if clear efm oam counters This command clears statistical counters for various O...

Страница 1300: ...start stop interface start Starts remote loopback test mode stop Stops remote loopback test mode interface unit port unit Unit identifier Range 1 port Port number Range 1 52 DEFAULT SETTING None COMMA...

Страница 1301: ...rface number of packets packet size interface unit port unit Unit identifier Range 1 port Port number Range 1 52 number of packets Number of packets to send Range 1 99999999 packet size Size of packet...

Страница 1302: ...a hyphen to designate a range of ports Range 1 52 COMMAND MODE Normal Exec Privileged Exec EXAMPLE Console show efm oam counters interface 1 1 Port OAMPDU Type TX RX 1 1 Information 1121 1444 1 1 Eve...

Страница 1303: ...t 1 Port 1 Connection to remote device is up at Local When the link is up this event will be written to OAM event log Console clear efm oam event log Use he clear efm oam event log command to clear th...

Страница 1304: ...oam status interface This command displays OAM configuration settings and event counters SYNTAX show efm oam status interface interface list brief interface unit port unit Unit identifier Range 1 por...

Страница 1305: ...ched OAM enabled devices SYNTAX show efm oam status remote interface interface list interface list unit port unit Unit identifier Range 1 port Port number or list of ports To enter a list separate non...

Страница 1306: ...domain list name name Name of the host Do not include the initial dot that separates the host name from the domain name Range 1 68 characters DEFAULT SETTING None Table 43 1 Address Table Commands Co...

Страница 1307: ...ed EXAMPLE This example adds two domain names to the current list and then displays the list Console config ip domain list sample com jp Console config ip domain list sample com uk Console config end...

Страница 1308: ...mand defines the default domain name appended to incomplete host names i e host names passed from a client that are not formatted with dotted notation Use the no form to remove the current domain name...

Страница 1309: ...r static entries or the clear host command to clear dynamic entries EXAMPLE This example maps an IPv4 address to a host name Console config ip host rd5 192 168 1 55 Console config end Console show hos...

Страница 1310: ...t 192 168 1 55 10 1 0 55 Console RELATED COMMANDS ip domain name 1323 ip domain lookup 1322 ipv6 host This command creates a static entry in the DNS table that maps a host name to an IPv6 address Use...

Страница 1311: ...ole show dns cache No Flag Type IP Address TTL Domain Console clear host This command deletes dynamic entries from the DNS table SYNTAX clear host name name Name of the host Range 1 100 characters Rem...

Страница 1312: ...com 5 4 CNAME POINTER TO 3 115 www wa1 b yahoo com Console show hosts This command displays the static host name to address mapping table COMMAND MODE Privileged Exec Table 43 2 show dns cache displa...

Страница 1313: ...1 b yahoo com Console Table 43 3 show hosts display description Field Description No The entry number for each resource record Flag The field displays 2 for a static entry or 4 for a dynamic entry sto...

Страница 1314: ...ure SYNTAX no ip dhcp dynamic provision Table 44 1 DHCP Commands Command Group Function DHCP Client Allows interfaces to dynamically acquire IP address information DHCP Relay Relays DHCP requests from...

Страница 1315: ...m the DHCP server To ask for a DHCP reply with option 66 67 the client can inform the server that it is interested in option 66 67 by sending a DHCP request that includes a parameter request list opti...

Страница 1316: ...1 0 netmask 255 255 255 0 pool allow members of OPT66_67 range 192 168 1 10 192 168 1 20 EXAMPLE In the following example enables dhcp dynamic provisioning Console config ip dhcp dynamic provisioning...

Страница 1317: ...default DHCP option 66 67 parameters are not carried in a DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter reque...

Страница 1318: ...st for any IP interface that has been set to BOOTP or DHCP mode through the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server h...

Страница 1319: ...server through a normal four message exchange solicit advertise request reply or through a rapid two message exchange solicit reply The rapid commit option must be enabled on both client and server fo...

Страница 1320: ...flags are set to 1 DHCPv6 is used for both address and other configuration settings This combination is known as DHCPv6 stateful in which a DHCPv6 server assigns stateful addresses to IPv6 hosts The...

Страница 1321: ...E Console show ipv6 dhcp duid DHCPv6 Unique Identifier DUID 0001 0001 50AB9A72 B40EDC34E63C Console show ipv6 dhcp vlan This command shows DHCPv6 information for the specified interface s SYNTAX show...

Страница 1322: ...subnet where the client is located Then the switch forwards the packet to a DHCP server on another network When the server receives the DHCP request it allocates a free IP address for the DHCP client...

Страница 1323: ...s own IP address into the request so the DHCP server will know the subnet where the client is located Then the switch forwards the packet to the DHCP server on another network When the server receives...

Страница 1324: ...switch by default You must manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway b...

Страница 1325: ...mmand which provides the same function bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP DEFAULT SETTING DHCP COMMAND MODE Interface Configuration VLAN COMMAND USAGE An IP address...

Страница 1326: ...P or DHCP IP is enabled but will not function until a BOOTP or DHCP reply has been received Requests are broadcast periodically by the router in an effort to learn its IP address BOOTP and DHCP values...

Страница 1327: ...ocal address for a default gateway include zone id information indicating the VLAN identifier after the delimiter For example FE80 7272 1 identifies VLAN 1 as the interface EXAMPLE The following examp...

Страница 1328: ...utes generated fragments fragment succeeded fragment failed ICMP Statistics ICMP received input errors destination unreachable messages time exceeded messages parameter problem message echo request me...

Страница 1329: ...with the TTL value set at one This causes the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and di...

Страница 1330: ...he size specified because the switch adds header information DEFAULT SETTING count 5 size 32 bytes COMMAND MODE Normal Exec Privileged Exec COMMAND USAGE Use the ping command to see if another site on...

Страница 1331: ...ARP CONFIGURATION This section describes commands used to configure the Address Resolution Protocol ARP on the switch clear arp cache This command deletes all dynamic entries from the Address Resolut...

Страница 1332: ...an IPv6 default gateway for traffic GC ipv6 address Configures an IPv6 global unicast address and enables IPv6 on an interface IC ipv6 address autoconfig Enables automatic configuration of IPv6 global...

Страница 1333: ...ocal address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the d...

Страница 1334: ...dicating how many contiguous bits from the left of the address comprise the prefix i e the network portion of the address DEFAULT SETTING No IPv6 addresses are defined COMMAND MODE Interface Configura...

Страница 1335: ...0 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised router lifetime is 1800 seconds...

Страница 1336: ...ch Console config interface vlan 1 Console config if ipv6 address autoconfig Console config if ipv6 enable Console config if end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link local add...

Страница 1337: ...Note that the value specified in the ipv6 prefix may include some of the high order host bits if the specified prefix length is less than 64 bits If the specified prefix length exceeds 64 bits then t...

Страница 1338: ...1 ff34 9608 ff02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable...

Страница 1339: ...addresses and the first 16 bit group in the host address is padded with a zero in the form 0269 Console config interface vlan 1 Console config if ipv6 address FE80 269 3EF9 FE19 6779 link local Consol...

Страница 1340: ...for an interface that has been explicitly configured with an IPv6 address EXAMPLE In this example IPv6 is enabled on VLAN 1 and the link local address FE80 2E0 CFF FE00 FD 64 is automatically generat...

Страница 1341: ...4094 ipv6 prefix The IPv6 network portion of the address assigned to the interface The prefix must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexad...

Страница 1342: ...nsmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX...

Страница 1343: ...or all IPv6 unicast and multicast traffic as well as ICMP UDP and TCP statistics Console show ipv6 traffic IPv6 Statistics IPv6 received 0 total received 0 header errors 0 too big errors 0 no routes 0...

Страница 1344: ...6 headers including version number mismatch other format errors hop count exceeded IPv6 options etc too big errors The number of input datagrams that could not be forwarded because their size exceeded...

Страница 1345: ...number of output datagrams which this entity received and forwarded to their final destinations In entities which do not act as IPv6 routers this counter will include only those packets which were So...

Страница 1346: ...ges The number of Redirect messages received by the interface group membership query messages The number of ICMPv6 Group Membership Query messages received by the interface group membership response m...

Страница 1347: ...ges sent For a host this object will always be zero since hosts do not send redirects group membership query messages The number of ICMPv6 Group Membership Query messages sent by the interface group m...

Страница 1348: ...ent zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the delimiter For example FE80 7272 1 identifies VLAN 1 as the interf...

Страница 1349: ...reach a specified destination The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id informat...

Страница 1350: ...MODE Interface Configuration Ethernet Port Channel COMMAND USAGE IPv6 Router Advertisements RA convey information that enables nodes to auto configure on the network This information may include the d...

Страница 1351: ...ge 1 52 port channel channel id Range 1 16 COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd raguard interface ethernet 1 1 Interface RA Guard Eth 1 1 Yes Console show ipv6 neighbors This comm...

Страница 1352: ...ng RFC 4293 R Reachable Positive confirmation was received within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACH state the device takes no special...

Страница 1353: ...ND Snooping 1368 ND SNOOPING Neighbor Discover ND Snooping maintains an IPv6 prefix table and user address binding table These tables can be used for stateless address auto configuration or for addres...

Страница 1354: ...re SYNTAX no ipv6 nd snooping vlan vlan id vlan range Table 45 9 ND Snooping Commands Command Function Mode ipv6 nd snooping Enables ND snooping globally or on a specified VLAN or range of VLANs GC ip...

Страница 1355: ...g a table entry with the same prefix for a specified timeout period the entry is deleted Once ND snooping is enabled both globally and on the required VLANs the switch will start monitoring NS message...

Страница 1356: ...form to disable this feature SYNTAX no ipv6 nd snooping auto detect DEFAULT SETTING Disabled COMMAND MODE Global Configuration COMMAND USAGE If auto detection is enabled the switch periodically sends...

Страница 1357: ...val between which the auto detection process sends NS messages to determine if a dynamic user binding is still valid Use the no form to restore the default setting SYNTAX ipv6 nd snooping auto detect...

Страница 1358: ...n entry in the prefix table based upon the Prefix Information contained in the message If an RA message is not received for a table entry with the same prefix for the specified timeout period the entr...

Страница 1359: ...ork Discovery protocol are configured as trusted interfaces RA messages received from a trusted interface are added to the prefix table and forwarded toward their destination NS messages received from...

Страница 1360: ...ace Console show ipv6 nd snooping This command shows the configuration settings for ND snooping SYNTAX show ipv6 nd snooping COMMAND MODE Privileged Exec EXAMPLE Console show ipv6 nd snooping Global N...

Страница 1361: ...100 1 Eth 1 1 0012 cf01 0203 2001 1 3400 2 Eth 1 2 Console show ipv6 nd snooping prefix This command shows all entries in the address prefix table SYNTAX show ipv6 nd snooping prefix interface vlan v...

Страница 1362: ...r to the enterprise network GLOBAL ROUTING CONFIGURATION IPv4 Commands ip route This command configures static routes Use the no form to remove static routes SYNTAX ip route destination ip netmask nex...

Страница 1363: ...route and the same destination can be reached through a dynamic route at a lower administration distance then the dynamic route will be used If both static and dynamic paths have the same lowest cost...

Страница 1364: ...USAGE The FIB contains information required to forward IP traffic It contains the interface identifier and next hop information for each reachable destination network prefix based on the IP routing ta...

Страница 1365: ...ains the set of all available routes from which optimal entries are selected for use by the Forwarding Information Base see Command Usage under the show ip route command EXAMPLE Console show ip route...

Страница 1366: ...Chapter 46 IP Routing Commands Global Routing Configuration 1381 Connected 2 Total 2 FIB 0 Console...

Страница 1367: ...1383 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 1385 Troubleshooting on page 1389 License Information on page 1391...

Страница 1368: ...ex 1000BASE SX LX LH 1000 Mbps at full duplex SFP FLOW CONTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a critical thr...

Страница 1369: ...ooping Layer 2 Multicast VLAN Registration ADDITIONAL FEATURES BOOTP Client DHCP Client DNS Client Proxy LLDP Link Layer Discover Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts SNMP...

Страница 1370: ...duplex flow control ISO IEC 8802 3 IEEE 802 3ac VLAN tagging DHCP Client RFC 2131 DHCPv6 Client RFC 3315 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2 RFC 2236 IGMPv3 RFC 3376 partial support IPv4 IGMP RFC...

Страница 1371: ...P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RADIUS Authentication C...

Страница 1372: ...eeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the ma...

Страница 1373: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1374: ...re and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can...

Страница 1375: ...e at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such interactive...

Страница 1376: ...itions for copying distributing or modifying the Program or works based on it 7 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license f...

Страница 1377: ...tions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRAN...

Страница 1378: ...ss of the TFTP server that contains the devices system files and the name of the boot file CFM Connectivity Fault Management provides fault monitoring for end to end connections within a designated se...

Страница 1379: ...ding treatment or per hop behavior at each network node DiffServ allocates different levels of service to users on the network with mechanisms such as traffic meters shapers droppers packet markers at...

Страница 1380: ...MAC address the 7th bit in the high order byte is set to 1 equivalent to the IEEE Global Local bit to indicate the uniqueness of the 48 bit address GARP Generic Attribute Registration Protocol GARP i...

Страница 1381: ...to first enter a user ID and password for authentication IEEE 802 3AC Defines frame extensions for VLAN tagging IEEE 802 3X Defines Ethernet frame start stop requests and timers used for flow control...

Страница 1382: ...lows ports to automatically negotiate a trunked link with LACP configured ports on another device LAYER 2 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to th...

Страница 1383: ...n demand across a service provider s network MVR simplifies the configuration of multicast services by using a common VLAN for distribution while still preserving security and data isolation for subsc...

Страница 1384: ...rver to control access to RADIUS compliant devices on the network RMON Remote Monitoring RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP...

Страница 1385: ...sed for software downloads UDP User Datagram Protocol UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like serv...

Страница 1386: ...ntrol action auto traffic control alarm clear threshold auto traffic control alarm fire threshold auto traffic control apply timer auto traffic control auto control release auto traffic control contro...

Страница 1387: ...groups dynamic clear mvr6 statistics clear network access clear pppoe intermediate agent statistics clock summer time date clock summer time predefined clock summer time recurring clock timezone clus...

Страница 1388: ...nk monitor frame window efm oam mode efm oam remote loopback efm oam remote loopback test enable enable enable password end erps erps clear erps domain erps forced switch erps manual switch ethernet c...

Страница 1389: ...art client ip dhcp restart relay ip dhcp snooping ip dhcp snooping database flash ip dhcp snooping information option ip dhcp snooping information option circuit id ip dhcp snooping information policy...

Страница 1390: ...resp intvl ip multicast data drop ip name server ip proxy arp ip route ip source guard ip source guard binding ip source guard max binding ip source guard mode ip ssh authentication retries ip ssh cr...

Страница 1391: ...eachable time ipv6 nd snooping ipv6 nd snooping auto detect ipv6 nd snooping auto detect retransmit count ipv6 nd snooping auto detect retransmit interval ipv6 nd snooping max binding ipv6 nd snooping...

Страница 1392: ...gging sendmail level logging sendmail source email logging trap login loopback detection trap loopback detection loopback detection action loopback detection recover time loopback detection release lo...

Страница 1393: ...erval mvr6 proxy switching mvr6 robustness value mvr6 source port mode dynamic mvr6 type mvr6 upstream source ip mvr6 vlan mvr6 vlan group N name negotiation network access aging network access dynami...

Страница 1394: ...power inline compatible power inline maximum allocation power inline priority power inline time range power mainpower maximum allocation power save pppoe intermediate agent pppoe intermediate agent f...

Страница 1395: ...n rspan remote vlan rspan source S server service policy set cos set ip dscp set phb show access group show access list show access list arp show access list tcam utilization show accounting show arp...

Страница 1396: ...interfaces transceiver threshold show ip access group show ip access list show ip arp inspection configuration show ip arp inspection interface show ip arp inspection log show ip arp inspection statis...

Страница 1397: ...ice show lldp info remote device show lldp info statistics show log show logging show logging sendmail show loopback detection show mac access group show mac access list show mac address table show ma...

Страница 1398: ...queue weight show radius server show reload show rmon alarms show rmon events show rmon history show rmon statistics show rspan show running config show snmp show snmp engine id show snmp group show...

Страница 1399: ...p server view sntp client sntp poll sntp server spanning tree spanning tree bpdu filter spanning tree bpdu guard spanning tree cisco prestandard spanning tree cost spanning tree edge port spanning tre...

Страница 1400: ...port tacacs server retransmit tacacs server timeout terminal test cable diagnostics timeout login response time range traceroute traceroute6 traffic segmentation traffic segmentation session traffic s...

Страница 1401: ...List 1418 W watchdog software web auth web auth login attempts web auth quiet period web auth re authenticate IP web auth re authenticate Port web auth session timeout web auth system auth control wh...

Результаты поиска

Содержание SSE-G2252

Отзывы:

Похожие инструкции для SSE-G2252

Бренды по названию

Популярные бренды

Supermicro SSE-G2252, Руководство пользователя

Результаты поиска

Содержание SSE-G2252

Отзывы:

Похожие инструкции для SSE-G2252

Бренды по названию

Популярные бренды