background image

Access Control Lists

3-67

3

CLI 

– This example displays the 802.1X statistics for port 4. 

Access Control Lists 

Access Control Lists (ACL) provide packet filtering for IP frames (based on address, 
protocol, Layer 4 protocol port number or TCP control code) or any frames (based 
on MAC address or Ethernet type). To filter incoming packets, first create an access 
list, add the required rules, and then bind the list to a specific port.

Configuring Access Control Lists

An ACL is a sequential list of permit or deny conditions that apply to IP addresses, 
MAC addresses, or other more specific criteria. This switch tests ingress or egress 
packets against the conditions in an ACL one by one. A packet will be accepted as 
soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no 
rules match for a list of all permit rules, the packet is dropped; and if no rules match 
for a list of all deny rules, the packet is accepted.

Command Usage

The following restrictions apply to ACLs:

• Each ACL can have up to 32 rules.
• The maximum number of ACLs is also 32.
• The maximum number of rules that can be bound to the ports is 96 for each of the 

following list types: MAC ACLs, IP ACLs (including Standard and Extended ACLs).

• When an ACL is bound to an interface as an egress filter, all entries in the ACL 

must be deny rules. Otherwise, the bind operation will fail.

• The switch does not support the explicit “deny any any” rule for the egress IP ACL. 

If these rules are included in ACL, and you attempt to bind the ACL to an interface 
for egress checking, the bind operation will fail.

The order in which active ACLs are checked is as follows:

1.

User-defined rules in the Egress IP ACL for egress ports.

2.

User-defined rules in the Ingress IP ACL for ingress ports.

Console#show dot1x statistics interface ethernet 1/4

4-86

Eth 1/4
Rx: EAPOL      EAPOL      EAPOL      EAPOL      EAP      EAP      EAP
    Start      Logoff    Invalid     Total    Resp/Id  Resp/Oth LenError
        2          0          0       1007      672        0        0

    Last      Last
EAPOLVer     EAPOLSrc
       1     00-12-CF-94-34-DE

Tx: EAPOL      EAP      EAP
    Total     Req/Id   Req/Oth
     2017     1005        0
Console#

Содержание TL-SG5426 -

Страница 1: ...TL SG5426 26 Port Gigabit Managed Switch Rev 1 0 0 1910010105...

Страница 2: ...are trademarks or registered trademarks of their respective holders No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation tran...

Страница 3: ...orrect the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an out...

Страница 4: ...1 and 2c clients 2 6 Trap Receivers 2 7 Configuring Access for SNMP Version 3 Clients 2 8 Saving Configuration Settings 2 8 Managing System Files 2 9 Chapter 3 Configuring the Switch 3 1 Using the We...

Страница 5: ...D 3 36 Specifying a Remote Engine ID 3 37 Configuring SNMPv3 Users 3 37 Configuring Remote SNMPv3 Users 3 40 Configuring SNMPv3 Groups 3 41 Setting SNMPv3 Views 3 45 User Authentication 3 46 Configuri...

Страница 6: ...e 3 100 Changing the Aging Time 3 102 Spanning Tree Algorithm Configuration 3 102 Displaying Global Settings 3 105 Configuring Global Settings 3 107 Displaying Interface Settings 3 111 Configuring Int...

Страница 7: ...162 Configuring IGMP Snooping and Query Parameters 3 163 Enabling IGMP Immediate Leave 3 164 Displaying Interfaces Attached to a Multicast Router 3 165 Specifying Static Interfaces for a Multicast Ro...

Страница 8: ...mand Line Interface 4 1 Using the Command Line Interface 4 1 Accessing the CLI 4 1 Console Connection 4 1 Telnet Connection 4 2 Entering Commands 4 3 Keywords and Arguments 4 3 Minimum Abbreviation 4...

Страница 9: ...nt 4 28 Web Server Commands 4 29 ip http port 4 29 ip http server 4 30 ip http secure server 4 30 ip http secure port 4 31 Telnet Server Commands 4 32 ip telnet port 4 32 ip telnet server 4 33 Secure...

Страница 10: ...ck timezone 4 56 calendar set 4 56 show calendar 4 57 System Status Commands 4 57 show startup config 4 57 show running config 4 59 show system 4 61 show users 4 61 show version 4 62 Frame Size Comman...

Страница 11: ...imeout tx period 4 85 show dot1x 4 86 Access Control List Commands 4 89 IP ACLs 4 90 access list ip 4 90 permit deny Standard ACL 4 91 permit deny Extended ACL 4 91 show ip access list 4 93 ip access...

Страница 12: ...Port Commands 4 127 port monitor 4 127 show port monitor 4 128 Rate Limit Commands 4 129 rate limit 4 129 Link Aggregation Commands 4 130 channel group 4 131 lacp 4 132 lacp system priority 4 133 lac...

Страница 13: ...60 show spanning tree mst configuration 4 162 VLAN Commands 4 163 GVRP and Bridge Extension Commands 4 163 bridge ext gvrp 4 164 show bridge ext 4 164 switchport gvrp 4 165 show gvrp configuration 4 1...

Страница 14: ...ueue bandwidth 4 188 show queue cos map 4 189 Priority Commands Layer 3 and 4 4 189 map ip dscp Global Configuration 4 189 map ip dscp Interface Configuration 4 190 show map ip dscp 4 191 Quality of S...

Страница 15: ...p profile 4 216 show ip igmp throttle interface 4 216 Multicast VLAN Registration Commands 4 217 mvr Global Configuration 4 218 mvr Interface Configuration 4 219 show mvr 4 221 IP Interface Commands 4...

Страница 16: ...uster 4 241 show cluster members 4 241 show cluster candidates 4 242 Appendix A Software Specifications A 1 Software Features A 1 Management Features A 2 Standards A 2 Management Information Bases A 3...

Страница 17: ...Contents xiv...

Страница 18: ...mand Line Processing 4 8 Table 4 4 Command Groups 4 9 Table 4 5 Line Commands 4 10 Table 4 6 General Commands 4 19 Table 4 7 System Management Commands 4 24 Table 4 8 Device Designation Commands 4 24...

Страница 19: ...ble 4 47 show lacp counters display description 4 137 Table 4 48 show lacp internal display description 4 138 Table 4 49 show lacp neighbors display description 4 139 Table 4 50 show lacp sysid displa...

Страница 20: ...LAN Registration Commands 4 217 Table 4 73 show mvr display description 4 221 Table 4 74 show mvr interface display description 4 222 Table 4 75 show mvr members display description 4 222 Table 4 76 I...

Страница 21: ...Tables xviii...

Страница 22: ...3 20 Renumbering the System 3 30 Figure 3 21 Resetting the System 3 30 Figure 3 22 SNTP Configuration 3 31 Figure 3 23 Setting the System Clock 3 32 Figure 3 24 Configuring SNMP Community Strings 3 34...

Страница 23: ...ress Aging Time 3 102 Figure 3 64 Displaying Spanning Tree Information 3 106 Figure 3 65 Configuring Spanning Tree 3 110 Figure 3 66 Displaying Spanning Tree Port Information 3 113 Figure 3 67 Configu...

Страница 24: ...05 IGMP Profile Configuration 3 173 Figure 3 106 MVR Global Configuration 3 176 Figure 3 107 MVR Port Information 3 177 Figure 3 108 MVR Group IP Information 3 178 Figure 3 109 MVR Port Configuration...

Страница 25: ...Figures xxii...

Страница 26: ...ption 82 relay information Port Configuration Speed duplex mode and flow control Rate Limiting Input rate and output limiting per port Port Mirroring One or more port mirrored to a single analysis por...

Страница 27: ...tensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then verifies the client s right to access the network via an authentication server Other authen...

Страница 28: ...nterface the address will be ignored and will not be written to the address table Static addresses can be used to provide network security by restricting access for a known host to a specific port IEE...

Страница 29: ...nection Provide data security by restricting all traffic to the originating VLAN Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent p...

Страница 30: ...required priority level for the designated VLAN The switch uses IGMP Snooping and Query to manage multicast group registration It also supports Multicast VLAN Registration MVR which allows common mult...

Страница 31: ...cation Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest Enable Privileged Exec from Normal Exec Level Password super RADIUS Authentication Disabled T...

Страница 32: ...g Time 300 seconds Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Enabled Switchport Mode Egress Mode Hybrid tagged untagged frames GVRP global Disabled GVRP port inter...

Страница 33: ...sh Levels 0 3 SMTP Email Alerts Event Handler Enabled but no server defined SNTP Clock Synchronization Disabled DHCP Snooping Status Disabled IP Source Guard Status Disabled all ports Switch Clusterin...

Страница 34: ...RS 232 serial console port on the switch or remotely by a Telnet connection over the network The switch s management agent also supports SNMP Simple Network Management Protocol This SNMP agent permit...

Страница 35: ...erial port on a terminal or a PC running terminal emulation software and tighten the captive retaining screws on the RS 232 connector 2 Connect the other end of the cable to the RS 232 serial port on...

Страница 36: ...basic configuration functions To access the full range of SNMP management functions you must use SNMP based network management software Basic Configuration Console Connection The CLI program provides...

Страница 37: ...rmation for the stack to obtain management access through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If...

Страница 38: ...therefore need to use the ip dhcp restart command to start broadcasting service requests Requests will be sent periodically in an effort to obtain IP configuration information BOOTP and DHCP values ca...

Страница 39: ...clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community str...

Страница 40: ...re no community strings then SNMP management access from SNMP v1 and v2c clients is disabled Trap Receivers You can also specify SNMP stations that are to receive traps from the switch To configure a...

Страница 41: ...work Management Protocol on page 3 33 or refer to the specific CLI commands for SNMP starting on page 4 100 Saving Configuration Settings Configuration commands only modify the running configuration f...

Страница 42: ...Initial Configuration 2 10 2...

Страница 43: ...user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setting Passwords on...

Страница 44: ...tatistics The default user name and password for the administrator is admin Home Page When your web browser connects with the switch s web agent the home page is displayed as shown below The home page...

Страница 45: ...be Every visit to the page 2 When using Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button Panel Display The...

Страница 46: ...lows the transfer and copying files 3 17 Delete Allows deletion of files from the flash memory 3 18 Set Start Up Sets the startup file 3 18 Line 3 21 Console Sets console port connection parameters 3...

Страница 47: ...each and maximum allowed MAC addresses 3 59 802 1X Port authentication 3 60 Information Displays global configuration settings 3 62 Configuration Configures the global configuration setting 3 62 Port...

Страница 48: ...rt statistics 3 95 Address Table 3 99 Static Addresses Displays entries for interface address or VLAN 3 99 Dynamic Addresses Displays or edits static entries in the Address Table 3 100 Address Aging S...

Страница 49: ...Configuration Adds trunks to a QinQ tunnel 3 138 Private VLAN 3 141 Status Enables or disables the private VLAN 3 141 Link Status Configures the private VLAN 3 141 Protocol VLAN 3 142 Configuration C...

Страница 50: ...r Port Configuration Assigns ports that are attached to a neighboring multicast router 3 166 IP Multicast Registration Table Displays all multicast groups active on this switch including multicast IP...

Страница 51: ...7 VLAN Configuration Enables DHCP Snooping for a VLAN 3 188 Information Option Configuration Enables DHCP Snooping Information Option 3 188 Port Configuration Selects the DHCP Snooping Information Opt...

Страница 52: ...is switch Web server Shows if management access via HTTP is enabled Web server port Shows the TCP port number used by the web interface Web secure server Shows if management access via HTTPS is enable...

Страница 53: ...after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces See Managing Firmware on page 3 17 for more information Diagnostic Co...

Страница 54: ...Boot ROM Version Version of Power On Self Test POST and boot code Operation Code Version Version number of runtime code Role Shows that this switch is operating as Master or Slave Console config host...

Страница 55: ...owing command to display version information Console show version 4 62 Unit 1 Serial Number Hardware Version EPLD Version 1 02 Number of Ports 26 Main Power Status Up Redundant Power Status Not presen...

Страница 56: ...ic filtering for unicast and multicast addresses Refer to Setting Static Addresses on page 3 99 VLAN Learning This switch uses Shared VLAN Learning SVL where all VLANs share the same address table Con...

Страница 57: ...has been assigned an IP address IP Address Mode Specifies whether IP functionality is enabled via manual configuration Static Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BO...

Страница 58: ...Static enter the IP address subnet mask and gateway then click Apply Figure 3 6 Manual IP Configuration CLI Specify the management interface IP address and default gateway Console config Console conf...

Страница 59: ...onnection and enter show ip interface to determine the new switch address CLI Specify the management interface and set the IP address mode to DHCP or BOOTP and then enter the ip dhcp restart command R...

Страница 60: ...erver or copy files to and from switch units in a stack By saving runtime code to a file on a TFTP server that file can later be downloaded to the switch to restore operation You can also set the swit...

Страница 61: ...wnload the file using a different name from the current runtime code file and then set the new file as the startup file Web Click System File Management Copy Operation Select tftp to file as the file...

Страница 62: ...options file to file Copies a file within the switch directory assigning it a new name file to running config Copies a file in the switch to the running configuration file to startup config Copies a f...

Страница 63: ...memory space Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file or you can specify the current startup...

Страница 64: ...nfigured via the web or CLI interface Command Attributes Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout inte...

Страница 65: ...Even Odd or None Default None Speed Sets the terminal line s baud rate for transmit to terminal and receive from terminal Set the speed to match the baud rate of the device connected to the serial por...

Страница 66: ...Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range...

Страница 67: ...with password protection the system prompts for the password If you enter the correct password the system shows a prompt Default No password Login2 Enables password checking at login You can select a...

Страница 68: ...The switch can store up to 2048 log entries in temporary random access memory RAM i e memory flushed on power reset and up to 4096 entries in permanent flash memory Web Click System Log Logs Figure 3...

Страница 69: ...d level For example if level 3 is specified all messages from level 0 to level 3 will be logged to flash Range 0 7 Default 3 RAM Level Limits log messages saved to the switch s temporary RAM memory fo...

Страница 70: ...ility types specified by values of 16 to 23 The facility type is used by the syslog server to dispatch log messages to an appropriate service The attribute specifies the facility type tag sent in sysl...

Страница 71: ...between servers The messages can be retrieved using POP or IMAP clients Command Attributes Admin Status Enables disables the SMTP function Default Enabled Email Source Address This command specifies...

Страница 72: ...or free memory error resource exhausted Level 2 Alert Sends urgent notification that immediate action must be taken Level 1 Emergency Sends an emergency notification that the system is now unusable L...

Страница 73: ...l always run the Power On Self Test Resetting the System Web Click System Reset Click the Reset button to reboot the switch When prompted confirm that you want reset the switch Figure 3 21 Resetting t...

Страница 74: ...to three time server IP addresses The switch will attempt to poll each server in the configured sequence Configuring SNTP You can configure the switch to send time synchronization requests to time se...

Страница 75: ...2 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Direction Configures the time zone to be before east or after west UTC Web Select SNTP Clock Time Zone Set th...

Страница 76: ...ust first submit a valid community string for authentication The options for configuring community strings trap functions and restricting access to clients with specified IP addresses are described in...

Страница 77: ...switch Command Attributes Trap Manager Capability This switch supports up to five trap managers Current Displays a list of the trap managers currently configured Trap Manager IP Address IP address of...

Страница 78: ...Figure 3 25 Configuring IP Trap Managers CLI This example adds a trap manager and enables both authentication and link up link down traps Enabling SNMP Agent Status Enables SNMPv3 service for all mana...

Страница 79: ...th user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the de...

Страница 80: ...specified a trailing zero is added to the value to fill the octet For example entering the value 123456789 results in an engine ID of 1234567890 Web Click SNMP SNMPv3 Remote Engine ID Figure 3 28 Set...

Страница 81: ...available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication The method used for user authen...

Страница 82: ...ed group of a user click Change Group in the Actions column of the users table and select the new group Figure 3 29 Configuring SNMPv3 Users CLI Use the snmp server user command to configure a new use...

Страница 83: ...the remote engine identifier must be specified before you configure a remote user See Specifying a Remote Engine ID on page 44 Model The user security model SNMP v1 v2c or v3 Level The security level...

Страница 84: ...thentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 secu...

Страница 85: ...3 1 1 5 1 A coldStart trap signifies that the SNMPv2 entity acting in an agent role is reinitializing itself and that its configuration may have been altered warmStart 1 3 6 1 6 3 1 1 5 2 A warmStart...

Страница 86: ...11863 6 10 58 1 0 1 This trap is sent when the power state changes swPortSecurityTrap 1 3 6 1 4 1 11863 6 10 58 1 0 36 This trap is sent when the port is being intruded This trap will only be sent wh...

Страница 87: ...Delete Figure 3 31 Configuring SNMPv3 Groups CLI Use the snmp server group command to configure a new group specifying the security model and level and restricting MIB access to defined read and write...

Страница 88: ...n the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view We...

Страница 89: ...ring User Accounts The guest only has read access for most configuration parameters However the administrator has write access for all parameters governing the onboard agent You should therefore assig...

Страница 90: ...oves an account from the list Web Click Security User Accounts To configure a new user account specify a user name select the user s access level then enter a password and confirm it Click Add to save...

Страница 91: ...e packet Command Usage By default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the auth...

Страница 92: ...n server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length...

Страница 93: ...ication Settings To configure local or remote authentication preferences specify the authentication sequence i e one to three methods fill in the parameters for RADIUS or TACACS authentication if sele...

Страница 94: ...mote RADIUS server configuration Global settings Communication key with RADIUS server Server port number 181 Retransmit times 5 Request timeout 10 Server 1 Server IP address 192 168 1 25 Communication...

Страница 95: ...decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above and Netscape Navigator 6 2 or above The...

Страница 96: ...rom a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity This is because the default certific...

Страница 97: ...ord authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settin...

Страница 98: ...SSH server on the switch 6 Challenge Response Authentication When an SSH client attempts to contact the switch the SSH server uses the host key pair to negotiate a session key and encryption method O...

Страница 99: ...120 seconds Default 120 seconds SSH Authentication Retries Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authen...

Страница 100: ...Version 1 DSA Version 2 Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select ei...

Страница 101: ...320102524878965977592168322225584652387791546479807396314033 86925793105105765212243052807865885485789272602937866089236841423275912127 6032591968369705343933643844522333518828717389689451172929051081...

Страница 102: ...port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the switch...

Страница 103: ...resources by simply attaching a client PC Although this automatic configuration and access is a desirable feature it also allows unauthorized personnel to easily intrude and possibly gain access to s...

Страница 104: ...network Otherwise network access is denied and the port remains blocked The operation of 802 1X on the switch requires the following The switch must have an IP address assigned RADIUS authentication m...

Страница 105: ...obal setting for 802 1X Default Disabled Web Select Security 802 1X Configuration Enable 802 1X globally for the switch and click Apply Figure 3 40 802 1X Global Configuration CLI This example enables...

Страница 106: ...nauthorized Forces the port to deny access to all clients either dot1x aware or otherwise Re authen Sets the client to be re authenticated after the interval specified by the Re authentication Period...

Страница 107: ...Configuring the Switch 3 64 3 Figure 3 41 802 1X Port Configuration...

Страница 108: ...1X Parameters system auth control enable 802 1X Port Summary Port Name Status Operation Mode Mode Authorized 1 1 disabled Single Host ForceAuthorized n a 1 2 enabled Single Host auto yes 1 26 disabled...

Страница 109: ...s of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been received by this Authenticator Rx EAP Resp Oth The number of valid EAP Respon...

Страница 110: ...et is accepted Command Usage The following restrictions apply to ACLs Each ACL can have up to 32 rules The maximum number of ACLs is also 32 The maximum number of rules that can be bound to the ports...

Страница 111: ...ed on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well as protocol type and protocol port number MAC MAC ACL mode that filters packets...

Страница 112: ...for each IP packet entering the port s to which this ACL has been assigned Web Specify the action i e Permit or Deny Select the address type Any Host or IP If you select Host enter a specific address...

Страница 113: ...at specifies flag bits in byte 14 of the TCP header Range 0 63 Control Code Bit Mask Decimal number representing the code bits to match The control bitmask is a decimal number for an equivalent binary...

Страница 114: ...i e the rule 10 7 1 0 255 255 255 0 equals the masked address 10 7 1 2 255 255 255 0 the packet passes through 2 Allow TCP packets from class C addresses 192 168 1 0 to any destination address when s...

Страница 115: ...ound in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Ethernet Type Bitmask Protocol bitmask Range 600 fff hex Packet Format This attribute includes the following packet ty...

Страница 116: ...ge This switch supports ACLs for ingress filtering only Command Attributes Port Fixed port or SFP module Range 1 26 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL to bind to a por...

Страница 117: ...ace on the switch from an invalid address the switch will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SN...

Страница 118: ...ddress es for the SNMP group Telnet IP Filter Configures IP address es for the Telnet group IP Filter List IP address which are allowed management access to this interface Start IP Address A single IP...

Страница 119: ...e Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure or None Autonegotiation Shows if auto negotiation is enabled or disabled Media Type3 Media type used...

Страница 120: ...capabilities to be advertised for a port during auto negotiation To access this item on the web see 3 78 The following capabilities are supported 10half Supports 10 Mbps half duplex operation 10full...

Страница 121: ...Configuration page to enable disable an interface set auto negotiation and the interface capabilities to advertise or manually fix the speed duplex mode and flow control Command Attributes Name Allow...

Страница 122: ...x operation 100full Supports 100 Mbps full duplex operation 1000full Combo ports only Supports 1000 Mbps full duplex operation Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10...

Страница 123: ...standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Command Usage Besides balancing the load across each port in the trunk the other p...

Страница 124: ...he static trunks on this switch are Cisco EtherChannel compatible To avoid creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and...

Страница 125: ...of an LACP trunk must be configured for full duplex and auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu see 3 81 Console...

Страница 126: ...w Includes entry fields for creating new trunks Port Port identifier Range 1 26 Web Click Port LACP Configuration Select any of the switch ports from the scroll down port list and click Add After you...

Страница 127: ...ibutes Set Port Actor This menu sets the local side of an aggregate link i e the ports on this switch Port Port number Range 1 26 System Priority LACP system priority is used to determine link aggrega...

Страница 128: ...ed device The command attributes have the same meaning as those used for the port actor However configuring LACP settings for the partner only applies to its administrative state not its operational s...

Страница 129: ...nsole show lacp sysid 4 136 Port Channel System Priority System MAC Address 1 3 00 12 CF 31 31 31 2 32768 00 12 CF 31 31 31 3 32768 00 12 CF 31 31 31 4 32768 00 12 CF 31 31 31 Console show lacp 1 inte...

Страница 130: ...value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry the Slow P...

Страница 131: ...nformation administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be e...

Страница 132: ...LACP configuration settings and operational state for the local side of port channel 1 Console show lacp 1 internal 4 136 Port channel 1 Oper Key 120 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP S...

Страница 133: ...igned by the LACP protocol Partner Admin Port Number Current administrative value of the port number for the protocol Partner Partner Oper Port Number Operational port number assigned to this aggregat...

Страница 134: ...ontrol is enabled by default Broadcast control does not effect IP multicast traffic Command Attributes Port Port number Type Indicates the port type 100BASE TX 1000BASE T or SFP Protect Status Shows w...

Страница 135: ...22 Console config if exit Console config interface ethernet 1 2 Console config if switchport broadcast packet rate 500 4 122 Console config if end Console show interfaces switchport ethernet 1 2 4 125...

Страница 136: ...d Attributes Mirror Sessions Displays a list of current mirror sessions Source Port The port whose traffic will be monitored Range 1 26 Type Allows you to select which traffic to mirror to the target...

Страница 137: ...rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes Rate Limit Configuration Use the rate limit configura...

Страница 138: ...ber of octetts received on the interface including framing characters Received Unicast Packets The number of subnetwork unicast packets delivered to a higher layer protocol Received Multicast Packets...

Страница 139: ...de frames received with frame too long or frame too short error Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions This counter d...

Страница 140: ...e number of CRC alignment errors FCS or alignment errors Undersize Frames The total number of frames received that were less than 64 octets long excluding framing bits but including FCS octets and wer...

Страница 141: ...ng the Switch 3 98 3 Web Click Port Port Statistics Select the required interface and click Query You can also use the Refresh button at the bottom of the page to update the screen Figure 3 60 Port St...

Страница 142: ...dress of a device mapped to this interface VLAN ID of configured VLAN 1 4094 Console show interfaces counters ethernet 1 13 4 124 Ethernet 1 13 Iftable stats Octets input 868453 Octets output 3492122...

Страница 143: ...for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Attributes Interf...

Страница 144: ...method of sorting the displayed addresses and then click Query Figure 3 62 Configuring a Dynamic Address Table CLI This example also displays the address table entries for port 1 Console show mac add...

Страница 145: ...backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE 802 1D RSTP Rapid...

Страница 146: ...s or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding data...

Страница 147: ...d acts as a virtual bridge node for communications with STP or RSTP nodes in the global network MSTP connects all bridges and LAN segments with a single Common and Internal Spanning Tree CIST The CIST...

Страница 148: ...before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In additi...

Страница 149: ...orts in this section means interfaces which includes both ports and trunks Root Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to for...

Страница 150: ...cally adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU i e STP BPDU after a port s migration delay timer expires the sw...

Страница 151: ...rt and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root d...

Страница 152: ...The path cost method is used to determine the range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifi...

Страница 153: ...nfigures the STA and RSTP parameters Console config spanning tree 4 145 Console config spanning tree mode rstp 4 145 Console config spanning tree priority 45056 4 148 Console config spanning tree hell...

Страница 154: ...Learning state to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the higher the cost D...

Страница 155: ...Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops Where more than one port is assigned the highest priority the port with...

Страница 156: ...to The switch automatically determines if the interface is attached to a point to point link or to shared media Web Click Spanning Tree STA Port Information or STA Trunk Information Figure 3 66 Displa...

Страница 157: ...es if a port is a member of a trunk STA Port Configuration only The following interface attributes can be configured Spanning Tree Enables disables STA on this interface Default Enabled Priority Defin...

Страница 158: ...ree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only be enabled for ports connected to an...

Страница 159: ...note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration page 3...

Страница 160: ...ly To add the VLAN members to an MSTI instance enter the instance identifier the VLAN identifier and click Add Figure 3 68 Configuring Multiple Spanning Trees CLI This example sets the priority for MS...

Страница 161: ...iguration 2 Priority 4096 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max hops 20 Remaining hops 20 De...

Страница 162: ...e Algorithm Configuration 3 119 3 Web Click Spanning Tree MSTP Port or Trunk Information Select the required MST instance to display the current spanning tree values Figure 3 69 Displaying MSTP Interf...

Страница 163: ...ormation Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 32768 Bridge Hello Time sec 2 Bridge Max Age sec 20 Bridge Forward Delay sec 15 Root...

Страница 164: ...ue will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than o...

Страница 165: ...02 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you...

Страница 166: ...participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged p...

Страница 167: ...ports GVRP it will also place the receiving port in the specified VLANs and pass the message on to all other ports VLAN requirements are propagated in this way throughout the network This allows GVRP...

Страница 168: ...ing the frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device...

Страница 169: ...Current VLANs The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches s...

Страница 170: ...Select any ID from the scroll down list Figure 3 73 Displaying Current VLANs Command Attributes CLI VLAN ID of configured VLAN 1 4094 no leading zeroes Type Shows how this VLAN was added to the switch...

Страница 171: ...4 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters Status Web Enables or disables the specified VLAN Enabled VLAN is operational Disabled VLAN is suspended i e does not pass packets Sta...

Страница 172: ...ing it to a VLAN via the GVRP protocol Notes 1 You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index page 3 131 However note that this configuration...

Страница 173: ...f the VLAN All packets transmitted by the port will be untagged that is not carry a tag and therefore not carry VLAN or CoS information Note that an interface can only have one untagged VLAN which mus...

Страница 174: ...ace Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface After configuring VLAN membership for each interface click Apply Figure 3 76 VLA...

Страница 175: ...ed or untagged member Acceptable Frame Type Sets the interface to accept all frame types including tagged or untagged frames or only tagged frames When set to receive all frame types any received fram...

Страница 176: ...ternal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might...

Страница 177: ...runk port on the service provider s egress switch the outer tag is again stripped for packet processing However the SPVLAN tag is not added when it is sent out the tunnel access port on the edge switc...

Страница 178: ...are untagged the PVID VLAN native tag is added 2 If the ether type of an incoming packet single or double tagged is not equal to the TPID of the uplink port the VLAN tag is determined to be a Custome...

Страница 179: ...not support IP Access Control Lists Layer 3 Quality of Service QoS and other QoS features containing Layer 3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU...

Страница 180: ...area network Command Attributes 802 1Q Tunnel Sets the switch to QinQ mode and allows the QinQ tunnel port to be configured The default is for the switch to function in normal mode 802 1Q Ethernet Ty...

Страница 181: ...the VLAN contained in the tag following the ethertype field as they would be with a standard 802 1Q trunk Frames arriving on the port containing any other ethertype are looked upon as untagged frames...

Страница 182: ...provider network Web Click VLAN 802 1Q VLAN Tunnel Configuration or Tunnel Trunk Configuration Set the mode for a tunnel access port to 802 1Q Tunnel and a tunnel uplink port to 802 1Q Tunnel Uplink...

Страница 183: ...1q tunnel 52 16 Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x9100 The dot1q tunnel mode of the set interface 1 2 is Upl...

Страница 184: ...d from uplink ports Note that private VLANs and normal VLANs can exist simultaneously within the same switch Enabling Private VLANs Use the Private VLAN Status page to enable disable the Private VLAN...

Страница 185: ...nd port 5 and 6 as downlinks Protocol VLANs You can configure VLAN behavior to support multiple protocols to allow traffic to pass through different VLANS When a packet is received at a port its VLAN...

Страница 186: ...guration Configuring Protocol VLAN Interfaces Use the Protocol VLAN Port Configuration menu to set the protocol VLAN settings per port Command Attributes Interface Port or Trunk indentifier Protocol G...

Страница 187: ...ity and then sorted into the appropriate priority queue at the output port Command Usage This switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue b...

Страница 188: ...s are assigned according to recommendations in the IEEE 802 1p standard as shown in the following table Console config interface ethernet 1 3 4 116 Console config if switchport priority default 5 4 18...

Страница 189: ...utput queue buffer Range 0 3 where 3 is the highest CoS priority queue Web Click Priority Traffic Classes Select a port or trunk for the current mapping of CoS values to output queues to be displayed...

Страница 190: ...ach queue that determines the percentage of service time the switch services each queue before moving on to the next queue This prevents the head of line blocking that can occur with strict priority q...

Страница 191: ...nd thereby to the corresponding traffic priorities This weight sets the frequency at which each queue will be polled for service and subsequently affects the response time for software applications as...

Страница 192: ...the traffic then sent to the corresponding output queue Because different priority information may be contained in the traffic this switch maps priority values to the output queues in the following m...

Страница 193: ...IP Precedence values are mapped one to one to Class of Service values i e Precedence value 0 maps to CoS value 0 and so forth Bits 6 and 7 are used for network control and the other bits for various a...

Страница 194: ...port 1 and then displays the IP Precedence settings Note Mapping specific values for IP Precedence is implemented as an interface configuration command but any changes will apply to the all interface...

Страница 195: ...he DSCP values that are not specified are mapped to CoS value 0 Command Attributes DSCP Priority Table Shows the DSCP Priority to CoS map Class of Service Value Maps a CoS value to the selected DSCP P...

Страница 196: ...TP 21 Telnet 23 and POP3 110 Command Attributes IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS map IP Port Number TCP UDP Set a new IP...

Страница 197: ...configure Quality of Service QoS classification criteria and service policies Differentiated Services DiffServ provides policy based management mechanisms used for prioritizing network resources to me...

Страница 198: ...ctions cannot be enabled at the same time Thus if the user has already enabled the IP source guard function it needs to be disabled first in order for the QoS function to work and vice versa Configuri...

Страница 199: ...Class Opens the Class Configuration page Enter a class name and description on this page and click Add to open the Match Class Settings page Enter the criteria used to classify ingress traffic on this...

Страница 200: ...les to change the rules of an existing class Figure 3 94 Configuring Class Maps CLI This example creates a class map call rd class and sets it to match packets marked for DSCP service value 3 Console...

Страница 201: ...so note that the maximum number of classes that can be applied to a policy map is 16 Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is specifi...

Страница 202: ...p Action Configures the service provided to ingress traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified in Match Class Settings on 3 155 Range CoS 0 7 DSCP 0 63 IP P...

Страница 203: ...g Policy Maps CLI This example creates a policy map called rd policy sets the average bandwidth the 1 Mbps the burst rate to 1522 bps and the response to reduce the DSCP value for violating packets to...

Страница 204: ...an egress queue Command Attributes Ports Specifies a port Ingress Applies the rule to ingress traffic Enabled Check this to enable a policy map on the specified port Policy Map Select the appropriate...

Страница 205: ...his procedure is called multicast filtering The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing...

Страница 206: ...otocol such as DVMRP or PIM to support IP multicasting across the Internet Command Attributes IGMP Status When enabled the switch will monitor network traffic to determine which hosts want to receive...

Страница 207: ...ry for that multicast group unless a multicast router was learned on the port IGMP immediate leave improves bandwidth management for all hosts in a switched network Console config ip igmp snooping 4 2...

Страница 208: ...vered by the switch or statically assigned to an interface on the switch You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast...

Страница 209: ...if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your switch you can manually configure the interface and a specified VLAN to join al...

Страница 210: ...within VLAN 1 Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service Command Attributes VLAN ID Selects the VLAN for whic...

Страница 211: ...ations that require tighter control you may need to statically configure a multicast service on the switch First add all the ports attached to participating hosts to a common VLAN and then assign the...

Страница 212: ...lticast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multcast groups that are permitted or denied on the port An IGMP filter profile can contai...

Страница 213: ...lobally for the switch Default Disabled IGMP Profile Creates IGMP profile numbers Range 1 4294967295 Web Click IGMP Snooping IGMP Filter Configuration Create a profile number by entering the number in...

Страница 214: ...ns either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the...

Страница 215: ...t groups to filter and set the access mode Command Usage Each profile has only one access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multic...

Страница 216: ...icast group range by entering a start and end IP address Specify a single multicast group by entering the same IP address for the start and end of the range Click the Add button to add a range to the...

Страница 217: ...or disabling MVR for the switch selecting the VLAN that will serve as the sole channel for common multicast streams supported by the service provider and assigning the multicast group address for eac...

Страница 218: ...tree for a normal multicast VLAN This makes it possible to support common multicast services over a wide part of the network without having to use any multicast routing protocol MVR maintains the use...

Страница 219: ...e MVR VLAN Field Attributes Type Shows the MVR port type Oper Status Shows the link status MVR Status Shows the MVR status MVR status for source ports is ACTIVE if MVR is globally enabled on the switc...

Страница 220: ...ormation Figure 3 107 MVR Port Information CLI This example shows information about interfaces attached to the MVR VLAN Console show mvr interface 4 221 Port Type Status Immediate Leave eth1 1 SOURCE...

Страница 221: ...ed through the MVR VLAN Web Click MVR Group IP Information Figure 3 108 MVR Group IP Information CLI This example following shows information about the interfaces associated with multicast groups assi...

Страница 222: ...ified in the leave message When immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if ther...

Страница 223: ...enu see Configuring Global MVR Settings on page 3 175 The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multic...

Страница 224: ...esolve host names into IP addresses by forwarding DNS queries to the switch and waiting for a response You can manually configure entries in the DNS table used for mapping domain names to IP addresses...

Страница 225: ...Lookup Status Enables DNS host name to address translation Default Domain Name14 Defines the default domain name appended to incomplete host names Range 1 64 alphanumeric characters Domain Name List...

Страница 226: ...atic table or via information returned from a name server a DNS client can try each address in succession until it establishes a connection with the target device Field Attributes Host Name Name of a...

Страница 227: ...ly Figure 3 112 DNS Static Host Table CLI This example maps two address to a host name and then configures an alias host name for the same addresses Console config ip host rd5 192 168 1 55 10 1 0 55 4...

Страница 228: ...ys 4 indicating a cache entry and therefore unreliable Type This field includes CNAME which specifies the canonical or primary name for the owner and ALIAS which specifies multiple domain names which...

Страница 229: ...If the received packet is a DHCP ACK message a dynamic DHCP snooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is...

Страница 230: ...e that the switch will not add a dynamic entry for itself to the binding table when it receives an ACK message from a DHCP server Also when the switch sends out DHCP client packets for itself no filte...

Страница 231: ...ption 82 it allows compatible DHCP servers to use the information when assigning IP addresses or to set other services or policies for clients When the DHCP Snooping Information Option is enabled clie...

Страница 232: ...Click DHCP Snooping Information Option Configuration Figure 3 116 DHCP Snooping Information Option Configuration CLI This example enables DHCP Snooping Information Option and sets the policy as repla...

Страница 233: ...binding information Command Attributes No Entry number for DHCP snooping binding information Unit Stack unit Port Port number VLAN ID ID of a configured VLAN Range 1 4094 MAC Address A valid unicast M...

Страница 234: ...QoS functions cannot be enabled at the same time Thus if the user has already enabled the IP source guard function it needs to be disabled first in order for the QoS function to work and vice versa IP...

Страница 235: ...119 IP Source Guard Port Configuration CLI This example shows how to enable IP source guard on port 5 Static IP Source Guard Binding Configuration Adds a static addresses to the source guard binding...

Страница 236: ...his example shows how to configure a static source guard binding on port 5 Dynamic IP Source Guard Binding Information Displays the source guard binding table for a selected interface Command Attribut...

Страница 237: ...itch type as long as they are connected to the same local network A switch cluster has a Commander unit that is used to manage all other Member switches in the cluster The management station can use b...

Страница 238: ...network IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Command Attributes Cluster Status Ena...

Страница 239: ...Cluster Member Configuration Adds Candidate switches to the cluster as Members Command Attributes Member ID Specify a Member ID number for the selected Candidate switch Range 1 16 MAC Address Select...

Страница 240: ...rmation Command Attributes Member ID The ID number of the Member switch Range 1 16 Role Indicates the current status of the switch in the cluster IP Address The internal cluster IP address assigned to...

Страница 241: ...MAC address of the Candidate switch Description The system description string of the Candidate switch Web Click Cluster Candidate Information Figure 3 126 Cluster Candidate Information CLI This examp...

Страница 242: ...t the console prompt enter the user name and password The default user names are admin and guest with corresponding passwords of admin and guest When the administrator user name and password is entere...

Страница 243: ...n isolated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by perform...

Страница 244: ...ow startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username ad...

Страница 245: ...ip IP information lacp LACP statistics line TTY line information log Login records logging Logging setting mac MAC access list mac address table Configuration of the address table management Show man...

Страница 246: ...he up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands...

Страница 247: ...mode by entering the enable command followed by the privileged level password super page 4 26 To enter Privileged Exec mode enter the following user names and passwords Table 4 1 Command Modes Class M...

Страница 248: ...bal Configuration mode enter the command configure in Privileged Exec mode The system prompt will change to Console config which gives you access privilege to all Global Configuration commands To ente...

Страница 249: ...line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one...

Страница 250: ...rrors data to another port for analysis without affecting the data passing through or the performance of the monitored port 4 127 Rate Limiting Controls the maximum rate for traffic transmitted or rec...

Страница 251: ...login LC 4 11 password Specifies a password on a line LC 4 12 timeout login response Sets the interval that the system waits for a user to log into the CLI LC 4 13 exec timeout Sets the interval that...

Страница 252: ...rial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command Related Commands show line 4 18 show users 4 61 login This co...

Страница 253: ...vers Example Related Commands username 4 25 password 4 12 password This command specifies the password for a line Use the no form to remove the password Syntax password 0 7 password no password 0 7 0...

Страница 254: ...led 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout interval the connection is terminated for the session This command...

Страница 255: ...Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command Related Commands silent time 4 15 ti...

Страница 256: ...ement console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Syntax silent tim...

Страница 257: ...character If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Related Commands parity 4 16 parity This command defines the generation of a par...

Страница 258: ...age Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed...

Страница 259: ...fier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Related Commands show ssh 4 40 show users 4 61...

Страница 260: ...sabled Login timeout Disabled Silent time Disabled Baudrate 9600 Databits 8 Parity none Stopbits 1 VTY configuration Password threshold 3 times Interactive timeout 600 sec Login timeout 300 sec consol...

Страница 261: ...20 enable password 4 26 disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet st...

Страница 262: ...e Command Mode Privileged Exec Example Related Commands end 4 22 show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exe...

Страница 263: ...o retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command rese...

Страница 264: ...n mode and then quit the CLI session quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both e...

Страница 265: ...basic user names and passwords for management access 4 25 IP Filter Configures IP addresses that are allowed management access 4 27 Web Server Enables management access via a web browser 4 29 Telnet S...

Страница 266: ...cation via a remote authentication server page 4 70 and host access authentication for specific ports page 4 81 username This command adds named users requires authentication at login specifies or cha...

Страница 267: ...encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Exa...

Страница 268: ...o need for you to manually configure encrypted passwords Example Related Commands enable 4 19 authentication enable 4 72 IP Filter Commands management This command specifies the client IP addresses th...

Страница 269: ...entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter t...

Страница 270: ...ess End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 TELNET Client Start IP ad...

Страница 271: ...PS over the Secure Socket Layer SSL providing secure access i e an encrypted connection to the switch s web interface Use the no form to disable this function Syntax no ip http secure server Default S...

Страница 272: ...n page 3 53 Also refer to the copy command on page 4 64 Example Related Commands ip http secure port 4 31 copy tftp https certificate 4 64 ip http secure port This command specifies the UDP port numbe...

Страница 273: ...use the default port Syntax ip telnet port port number no ip telnet port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 23 Command Mode Global Configuratio...

Страница 274: ...a secure replacement for Telnet When a client contacts the switch via the SSH protocol the switch uses a public key that the client must match along with a local user name and password for access auth...

Страница 275: ...3674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 519417467729848654686157177393901647793...

Страница 276: ...n access The following exchanges take place during this process a The client sends its public key to the switch b The switch compares the client s public key to those stored in memory c If a match is...

Страница 277: ...he default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configurati...

Страница 278: ...iguration Example Related Commands show ip ssh 4 40 ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key si...

Страница 279: ...rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage This command stores the host key pair in memory i e RAM Use the ip ssh sa...

Страница 280: ...s the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Rela...

Страница 281: ...y dsa Console Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console Console show ssh Connection Version State Username Enc...

Страница 282: ...sed by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Encryption The encryption method is automatically negotiated between the client and server Options...

Страница 283: ...ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV yrDbKStIlnzD Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBr...

Страница 284: ...story 4 44 clear logging 4 46 Table 4 17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 4 43 logging history Limits syslog messages saved to switch...

Страница 285: ...ode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that specified for RAM Example Table 4 18 Logging Levels Level...

Страница 286: ...ets the facility type for remote logging of syslog messages Use the no form to return the type to the default Syntax no logging facility type type A number that indicates the facility used by the sysl...

Страница 287: ...44 Default Setting Enabled Level 6 0 Command Mode Global Configuration Command Usage Using this command with a specified level enables remote logging and sets the minimum severity level to be saved U...

Страница 288: ...ting None Command Mode Privileged Exec Example The following example shows that system logging is enabled the message level for flash memory is errors i e default level 3 0 the message level for RAM i...

Страница 289: ...ow logging trap Syslog logging Enable REMOTELOG status disable REMOTELOG facility type local use 7 REMOTELOG level type Debugging messages REMOTELOG server IP address 1 2 3 4 REMOTELOG server IP addre...

Страница 290: ...1 01 STA root change notification level 6 module 6 function 1 and event no 1 3 00 00 54 2001 01 01 STA root change notification level 6 module 6 function 1 and event no 1 2 00 00 50 2001 01 01 STA top...

Страница 291: ...process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Example logging sendmail level This command sets the severity threshold used to trigger ale...

Страница 292: ...r the switch Example This example will set the source email john acme com logging sendmail destination email This command specifies the email recipients of alert messages Use the no form to remove a r...

Страница 293: ...iguration Example show logging sendmail This command displays the settings for the SMTP event handler Command Mode Normal Exec Privileged Exec Example Console config logging sendmail Console config Co...

Страница 294: ...om time servers is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001...

Страница 295: ...time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time sync...

Страница 296: ...sntp This command displays the current time and configuration settings for the SNTP client and indicates whether or not the local time has been properly updated Command Mode Normal Exec Privileged Exe...

Страница 297: ...enwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone i...

Страница 298: ...None Command Mode Privileged Exec Console calendar set 15 12 34 1 April 2004 Console Console show calendar 15 12 43 April 1 2004 Console Table 4 23 System Status Commands Command Function Mode Page sh...

Страница 299: ...nfiguration settings for each interface IP address configured for the switch Spanning tree settings Any configured settings for the console port and Telnet Example Console show startup config building...

Страница 300: ...ry This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the followi...

Страница 301: ...erver community private rw SNMP server community public ro username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest passwo...

Страница 302: ...name idle time and IP address of Telnet client Default Setting None Command Mode Normal Exec Privileged Exec Console show system System Description TL SG5426 System OID String 1 3 6 1 4 1 11863 6 10...

Страница 303: ...Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 11 for detailed information on the items displayed by this command Console show users Username accounts Username Privileg...

Страница 304: ...he source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes mu...

Страница 305: ...quality of the network connection Syntax copy file file running config startup config tftp unit copy running config file startup config tftp copy startup config file running config tftp copy tftp fil...

Страница 306: ...nly two operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default co...

Страница 307: ...file name startup TFTP server ip address 10 1 0 99 Destination file name startup 01 TFTP completed Success Console Console copy running config file destination file name startup Write to FLASH Progra...

Страница 308: ...ileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted A colon is required after the specified unit number...

Страница 309: ...mmand dir without any parameters the system displays all files A colon is required after the specified unit number File information is shown below Example The following example shows how to display al...

Страница 310: ...em This command specifies the image used to start up the system Syntax boot system unit boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config...

Страница 311: ...system config startup Console config Table 4 27 Authentication Commands Command Group Function Page Authentication Sequence Defines logon authentication method and precedence 4 70 RADIUS Client Confi...

Страница 312: ...e server while TACACS encrypts the entire body of the packet RADIUS and TACACS logon authentication assigns a specific privilege level for each user name and password pair The user name password and p...

Страница 313: ...nd mode to Privileged Exec command mode with the enable command see page 4 19 Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use...

Страница 314: ...If the TACACS server is not available the local user name and password is checked Example Related Commands enable password sets the password for changing command modes 4 26 RADIUS Client Remote Authen...

Страница 315: ...sages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the...

Страница 316: ...Setting None Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Use the no form to restore the default Syntax radius server retransmit number_of...

Страница 317: ...lt Setting 5 Command Mode Global Configuration Example show radius server This command displays the current settings for the RADIUS server Default Setting None Command Mode Privileged Exec Example Con...

Страница 318: ...tacacs server host host_ip_address IP address of a TACACS server Default Setting 10 11 12 13 Command Mode Global Configuration Example tacacs server port This command specifies the TACACS server netwo...

Страница 319: ...spaces in the string Maximum length 20 characters Default Setting None Command Mode Global Configuration Example show tacacs server This command displays the current settings for the TACACS server De...

Страница 320: ...the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number o...

Страница 321: ...et the maximum number of addresses to the default You can also manually add secure addresses with the mac address table static command A secure port has the following restrictions Cannot use port moni...

Страница 322: ...dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity packet to the client before it times out the authentication session IC 4 82 dot1x port control Sets...

Страница 323: ...d Mode Interface Configuration Example dot1x port control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized fo...

Страница 324: ...Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The m...

Страница 325: ...he no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Example dot1x timeout quiet period This command sets the time that a switch port waits af...

Страница 326: ...le dot1x timeout tx period This command sets the time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Use the no form to reset to the defaul...

Страница 327: ...e This command displays the following information Global 802 1X Parameters Shows whether or not 802 1X port authentication is globally enabled on the switch 802 1X Port Summary Displays the port acces...

Страница 328: ...le or multiple hosts clients can connect to an 802 1X authorized port Max Count The maximum number of hosts allowed to access this port page 4 83 Port control Shows the dot1x mode on a port as auto fo...

Страница 329: ...disabled on port 1 1 802 1X is enabled on port 1 2 reauth enabled Enable reauth period 1800 quiet period 30 tx period 40 supplicant timeout 30 server timeout 10 reauth max 2 max req 5 Status Authoriz...

Страница 330: ...d on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number The following restrictions apply to...

Страница 331: ...y command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a p...

Страница 332: ...ntaining four integers from 0 to 255 each separated by a period The binary mask uses 1 bits to indicate match and 0 bits to indicate ignore The bitmask is bitwise ANDed with the specified source IP ad...

Страница 333: ...end Upper bound of the protocol port range Range 0 65535 Default Setting None Command Mode Extended ACL Command Usage All new rules are appended to the end of the list Address bitmasks are similar to...

Страница 334: ...gth 16 characters Command Mode Privileged Exec Example Related Commands permit deny 4 91 ip access group 4 93 ip access group This command binds a port to an IP ACL Use the no form to remove the port...

Страница 335: ...he permit or deny command to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the e...

Страница 336: ...nation address bitmask ethertype protocol protocol bitmask no permit deny tagged 802 3 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask no pe...

Страница 337: ...om any source MAC address to the destination address 00 e0 29 94 34 de where the Ethernet type is 0800 Related Commands access list mac 4 95 show mac access list This command displays the rules for co...

Страница 338: ...A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one Example Related Commands show mac a...

Страница 339: ...e a mask for an ACL rule before you can bind it to a port Example Related Commands show ip access list 4 93 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privilege...

Страница 340: ...le 4 36 ACL Information Command Function Mode Page show access list Show all ACLs and associated rules PE 4 99 show access group Shows the ACLs assigned to each port PE 4 99 Console show access list I...

Страница 341: ...s Command Function Mode Page snmp server Enables the SNMP agent GC 4 101 show snmp Displays the status of SNMP communications NE PE 4 101 snmp server community Sets up the community access string to p...

Страница 342: ...nfiguration Example show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides info...

Страница 343: ...nt stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects Console show snmp SNMP Agent e...

Страница 344: ...at describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server location 4 103 snmp server locatio...

Страница 345: ...0 255 Default 3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like...

Страница 346: ...re that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to networ...

Страница 347: ...thentication Keyword to issue authentication failure notifications link up down Keyword to issue link up or link down notifications Default Setting Issue authentication and link up down traps Command...

Страница 348: ...nt SNMP agent that resides either on this switch or on a remote device This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords t...

Страница 349: ...shows the default engine ID Console config snmp server engine id local 12345abcdef Console config snmp server engineID remote 54321fedcba Console config Console show snmp engine id Local SNMP engineI...

Страница 350: ...access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restrict user access to specified portions of the MIB tree The predefin...

Страница 351: ...Simple Network Management Protocol on page 5 1 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines th...

Страница 352: ...thm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages supported...

Страница 353: ...s active Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview W...

Страница 354: ...1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SHA authentication auth password Authentication password...

Страница 355: ...for the remote device where the user resides The remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configur...

Страница 356: ...e mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Table 4 41 show snmp user display description Field Description EngineId String identifying...

Страница 357: ...ption Adds a description to an interface configuration IC 4 117 speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC 4 117 negotiation Enable...

Страница 358: ...following example adds a description to port 24 speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the def...

Страница 359: ...negotiation the required mode must be specified in the capabilities list for an interface Example The following example configures port 5 to 100 Mbps half duplex operation Related Commands negotiatio...

Страница 360: ...ll Supports 10 Mbps full duplex operation 10half Supports 10 Mbps half duplex operation flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause fr...

Страница 361: ...802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface Whe...

Страница 362: ...and Mode Interface Configuration Ethernet Port Channel Command Usage This command allows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem...

Страница 363: ...specified threshold packets above that threshold are dropped This command can enable or disable broadcast storm control for the selected interface However the specified threshold value applies to all...

Страница 364: ...ars statistics on port 5 show interfaces status This command displays the status for an interface Syntax show interfaces status interface interface ethernet unit port unit Stack unit Range Unit 1 port...

Страница 365: ...e items displayed by this command see Showing Port Statistics on page 3 95 Console show interfaces status ethernet 1 5 Information of Eth 1 5 Basic information Port type 100TX Mac address 00 12 CF 12...

Страница 366: ...t 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment...

Страница 367: ...d the current rate limit page 4 129 Egress rate limit Shows if egress rate limiting is enabled and the current rate limit page 4 129 VLAN membership mode Indicates membership mode as Trunk or Hybrid p...

Страница 368: ...d Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossi...

Страница 369: ...ommand Mode Privileged Exec Command Usage This command displays the currently configured source port destination port and mirror mode i e RX TX Example The following shows mirroring configured from po...

Страница 370: ...ffic is dropped conforming traffic is forwarded without any changes rate limit Use this command to define the rate limit level for a specific interface Use this command without specifying a rate to re...

Страница 371: ...erating at full duplex Table 4 46 Link Aggregation Commands Command Function Mode Page Manual Configuration Commands interface port channel Configures a trunk and enters interface configuration mode f...

Страница 372: ...ty Ports must have the same port admin key Ethernet Interface If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this ke...

Страница 373: ...ll duplex and auto negotiation A trunk formed with another switch using LACP will automatically be assigned the next available port channel ID If the target switch has also enabled LACP on the connect...

Страница 374: ...ership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Console config interface ethernet 1 11 Console config if lacp Console config if exit Co...

Страница 375: ...ey Use the no form to restore the default setting Syntax lacp actor partner admin key key no lacp actor partner admin key actor The local side an aggregate link partner The remote side of an aggregate...

Страница 376: ...during local LACP setup on this switch Range 0 65535 Default Setting 0 Command Mode Interface Configuration Port Channel Command Usage Ports are only allowed to join the same LAG if 1 the LACP system...

Страница 377: ...h the lowest physical port number will be selected as the backup port Once the remote side of a link has been established LACP operational settings are already in use on that side Configuring LACP set...

Страница 378: ...r of valid Marker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addr...

Страница 379: ...ection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in received protocol inform...

Страница 380: ...e partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin State Administrative values of the par...

Страница 381: ...umber Range 1 26 port channel channel id Range 1 4 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No s...

Страница 382: ...this command Example clear mac address table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configure...

Страница 383: ...t 0 means to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 819...

Страница 384: ...ng time This command shows the aging time for entries in the address table Default Setting None Command Mode Privileged Exec Example Console config mac address table aging time 100 Console config Cons...

Страница 385: ...ng tree instance MST 4 151 name Configures the name for the multiple spanning tree MST 4 152 revision Configures the revision number for the multiple spanning tree MST 4 153 max hops Configures the ma...

Страница 386: ...rovide backup links which automatically take over when a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch spanning tree mode This command sele...

Страница 387: ...To allow multiple spanning trees to operate over the network you must configure a related set of bridges with the same MSTP configuration allowing them to participate in a specific set of spanning tre...

Страница 388: ...ning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree h...

Страница 389: ...t for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the...

Страница 390: ...t method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifi...

Страница 391: ...bal Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mod...

Страница 392: ...d to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST region This switch supports up to 58 instances You should try to group VLANs which cover the same general area...

Страница 393: ...cifying a priority of 16384 Example name This command configures the name for the multiple spanning tree region in which this switch is located Use the no form to clear the name Syntax name name name...

Страница 394: ...in the same region must be configured with the same MST instances Example Related Commands name 4 152 max hops This command configures the maximum number of hops in the region before a BPDU is discard...

Страница 395: ...command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cost cost no spanning tree cost cost The path cost for the port R...

Страница 396: ...ommand configures the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree port priority priority The priority for a...

Страница 397: ...vers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconf...

Страница 398: ...mand may be removed for future software versions Example Related Commands spanning tree edge port 4 156 spanning tree link type This command configures the link type for Rapid Spanning Tree and Multip...

Страница 399: ...eed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode Ethernet half duplex 2 000 000 full duple...

Страница 400: ...Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple spanning tree If the path cost for all interfaces on a s...

Страница 401: ...mpatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP comp...

Страница 402: ...items displayed under Spanning tree information see Configuring Global Settings on page 3 128 For a description of the items displayed for specific interfaces see Displaying Interface Settings on page...

Страница 403: ...al oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwar...

Страница 404: ...he configuration for bridge extension MIB 4 163 Editing VLAN Groups Sets up VLAN groups including name VID and state 4 167 Configuring VLAN Interfaces Configures VLAN interface parameters including in...

Страница 405: ...cal switch Example show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Informat...

Страница 406: ...P is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range Unit 1 port Port number Range 1 26 port channel channel id Range 1 4 Default Setting Shows both...

Страница 407: ...RP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These va...

Страница 408: ...n database This command enters VLAN database mode All commands in this mode will take effect immediately Default Setting None Command Mode Global Configuration Console show garp timer ethernet 1 1 Eth...

Страница 409: ...or delete a VLAN Syntax vlan vlan id name vlan name media ethernet state active suspend no vlan vlan id name state vlan id ID of configured VLAN Range 1 4094 no leading zeroes name Keyword to be foll...

Страница 410: ...Table 4 56 Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode for a specified VLAN GC 4 169 switchport mode Configures VLAN membership mode for...

Страница 411: ...port s default VLAN i e associated with the PVID are also transmitted as tagged frames hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames private vlan For an exp...

Страница 412: ...default VLAN Example The following example shows how to restrict the traffic received on port 1 to tagged frames Related Commands switchport mode 4 170 switchport ingress filtering This command enabl...

Страница 413: ...ve vlan vlan id no switchport native vlan vlan id Default VLAN ID for a port Range 1 4094 no leading zeroes Default Setting VLAN 1 Command Mode Interface Configuration Ethernet Port Channel Command Us...

Страница 414: ...ged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to a VLAN as untagged If a trunk has switchport mode...

Страница 415: ...designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage Th...

Страница 416: ...ANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Table 4 57 Show VLAN Commands Command Function Mode Page show vlan Shows VLAN inf...

Страница 417: ...y 802 1Q tagged frames The standard ethertype value is 0x8100 See switchport dot1q tunnel tpid page 4 178 5 Configure the QinQ tunnel access port to join the SPVLAN as an untagged member switchport al...

Страница 418: ...tunnel mode access uplink no switchport dot1q tunnel mode access Sets the port as an 802 1Q tunnel access port uplink Sets the port as an 802 1Q tunnel uplink port Default Setting Disabled Command Mod...

Страница 419: ...d interface This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example 0x1234 is set as the cus...

Страница 420: ...fig if end Console show dot1q tunnel Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x8100 The dot1q tunnel mode of the set...

Страница 421: ...multaneously within the same switch Entering the pvlan command without any parameters enables the private VLAN Entering no pvlan disables the private VLAN Example This example enables the private VLAN...

Страница 422: ...the protocols you want to assign to a VLAN using the protocol vlan protocol group command General Configuration mode 3 Then map the protocol for each interface to the appropriate VLAN using the protoc...

Страница 423: ...vlan id VLAN to which matching protocol traffic is forwarded Range 1 4094 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Co...

Страница 424: ...All protocol groups are displayed Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet show interfaces protocol vlan protocol group This command shows the...

Страница 425: ...an ID Eth 1 1 1 vlan2 Console Table 4 61 Priority Commands Command Groups Function Page Priority Layer 2 Configures default priority for untagged frames sets queue weights and maps class of service ta...

Страница 426: ...n a higher priority queue to be processed before lower priority queues are serviced or use Weighted Round Robin WRR queuing that specifies a relative weight of each queue WRR uses a predefined relativ...

Страница 427: ...with the input port s default ingress user priority and then placed in the appropriate priority queue at the output port The default priority for all ingress ports is zero Therefore any inbound frame...

Страница 428: ...re 0 to 3 where 3 is the highest priority queue cos1 cosn The CoS values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the hi...

Страница 429: ...Exec Example show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Console config...

Страница 430: ...uration This command enables IP DSCP mapping i e Differentiated Services Code Point mapping Use the no form to disable IP DSCP mapping Console show queue bandwidth Queue ID Weight 0 1 1 2 2 4 3 8 Cons...

Страница 431: ...ferentiated Services Code Point priority Use the no form to restore the default table Syntax map ip dscp dscp value cos cos value no map ip dscp dscp value 8 bit DSCP value Range 0 63 cos value Class...

Страница 432: ...to the four hardware priority queues This command sets the IP DSCP priority for all interfaces Example The following example shows how to map IP DSCP value 1 to CoS value 0 show map ip dscp This comma...

Страница 433: ...ANs Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Note Due to a chip limitation IP source guard and Quality of Service only for...

Страница 434: ...es 1 You can configure up to 16 rules per Class Map You can also include multiple classes in a Policy Map 2 You should create a Class Map page 4 194 before creating a Policy Map page 4 195 Otherwise y...

Страница 435: ...mands are permitted per class map The class map is used with a policy map page 4 195 to create a service policy page 4 199 for a specific interface that defines packet classification service tagging a...

Страница 436: ...ked for IP Precedence service value 5 This example creates a class map call rd_class 3 and sets it to match packets marked for VLAN 1 policy map This command creates a policy map that can be attached...

Страница 437: ...fication upon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map and return to Policy Map configuration mode Syntax no class class map name cla...

Страница 438: ...new dscp New Differentiated Service Code Point DSCP value Range 0 63 new precedence New IP Precedence value Range 0 7 Default Setting None Command Mode Policy Map Class Configuration Example This exam...

Страница 439: ...MAC ACL IP ACL including Standard ACL and Extended ACL Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is specified by the burst byte field an...

Страница 440: ...et Port Channel Command Usage You can only assign one policy map to an interface You must first define a class map then define a policy map and finally use the service policy command to bind the polic...

Страница 441: ...e Privileged Exec Example show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface ethernet uni...

Страница 442: ...4 201 IGMP Query Configures IGMP query parameters for multicast filtering at Layer 2 4 206 Static Multicast Routing Configures static multicast router ports 4 209 IGMP Filtering and Throttling Configu...

Страница 443: ...orm to remove the port Syntax no ip igmp snooping vlan vlan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stac...

Страница 444: ...tch to use Version 1 Some commands are only enabled for IGMPv2 including ip igmp query max response time and ip igmp query timeout Example The following configures the switch to use IGMP Version 1 ip...

Страница 445: ...g table without first sending an IGMP group specific query to the interface Upon receiving a group specific IGMPv2 leave message the switch immediately removes the interface from the Layer 2 forwardin...

Страница 446: ...nd Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected options Example The following shows the multicast entries learned through IGMP snooping for VLAN...

Страница 447: ...p igmp snooping query count count no ip igmp snooping query count count The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from t...

Страница 448: ...have left the multicast group Example The following shows how to configure the query count to 10 Related Commands ip igmp snooping query max response time 4 208 ip igmp snooping query interval This co...

Страница 449: ...ponded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicas...

Страница 450: ...the no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit Stack unit Range Unit 1 port Port numbe...

Страница 451: ...how ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID...

Страница 452: ...eports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the...

Страница 453: ...on Command Usage A profile defines the multicast groups that a subscriber is permitted or denied to join The same profile can be applied to many interfaces but only one profile can be assigned to one...

Страница 454: ...or the end of a multicast group range Default Setting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address...

Страница 455: ...ps number The maximum number of multicast groups an interface can join at the same time Range 0 64 Default Setting 64 Command Mode Interface Configuration Command Usage IGMP throttling sets a maximum...

Страница 456: ...place If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group...

Страница 457: ...erface This command displays the interface settings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit Stack unit Range 1 Console show ip igmp filte...

Страница 458: ...for a normal multicast VLAN Also note that MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers...

Страница 459: ...VR group address is defined The default number of contiguous addresses is 0 MVR VLAN ID is 1 Command Mode Global Configuration Command Usage Use the mvr group command to statically configure all multi...

Страница 460: ...port that can receive multicast data source Configure the interface as an uplink port that can send and receive multicast data for the configured multicast groups immediate Configures the switch to i...

Страница 461: ...immediate leave is disabled the switch follows the standard rules by sending a group specific query to the receiver port and waiting for a response to determine if there are any remaining subscribers...

Страница 462: ...play the global settings for MVR Use the interface keyword to display information about interfaces attached to the MVR VLAN Or use the members keyword to display information about multicast groups ass...

Страница 463: ...ving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or disabled Console show mvr mem...

Страница 464: ...bootp Obtains IP address from BOOTP dhcp Obtains IP address from DHCP Default Setting DHCP Command Mode Interface Configuration VLAN Command Usage You must assign an IP address to this device to gain...

Страница 465: ...riginal IP address and this becomes the new management VLAN Example In the following example the device is assigned an address in VLAN 1 Related Commands ip dhcp restart 4 225 ip default gateway This...

Страница 466: ...ount Number of packets to send Range 1 16 default 5 Default Setting This command has no default for the host Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if anoth...

Страница 467: ...ip source guard This command configures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address Use the no form to disable this function Console...

Страница 468: ...in the source guard binding table Table entries include a MAC address IP address lease time entry type Static IP SG Binding Dynamic DHCP Binding Static DHCP Binding VLAN identifier and port identifie...

Страница 469: ...s interface ethernet unit port no ip source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ip address A valid unicast IP ad...

Страница 470: ...new entry will replace the old one and the entry type will be changed to static IP source guard binding Example This example configures a static source guard binding on port 5 Related Commands ip sou...

Страница 471: ...show ip source guard binding MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console Table 4 78 DHCP Snooping Commands Command Function Mode Page...

Страница 472: ...e DHCP packet is received but the port is not trusted it is processed as follows If the DHCP packet is a reply packet from a DHCP server including OFFER ACK or NAK messages the packet is dropped If th...

Страница 473: ...Mode Global Configuration Command Usage When DHCP snooping enabled globally using the ip dhcp snooping command page 4 231 and enabled on a VLAN with this command DHCP packet filtering will be perform...

Страница 474: ...g enabled globally using the ip dhcp snooping command page 4 231 and enabled on a VLAN with this command DHCP packet filtering will be performed on any untrusted ports within the VLAN according to the...

Страница 475: ...s verification Related Commands ip dhcp snooping 4 231 ip dhcp snooping vlan 4 233 ip dhcp snooping trust 4 234 ip dhcp snooping information option This command enables the DHCP Option 82 information...

Страница 476: ...Syntax ip dhcp snooping information policy drop keep replace drop Discards the Option 82 information in a packet and then floods it to the entire VLAN keep Retains the client s DHCP information repla...

Страница 477: ...e Commander throught its IP address and the Commander manages Member switches using cluster internal IP addresses There can be up to 16 Member switches in one cluster Cluster switches are limited to w...

Страница 478: ...tween Member switches and the Commander Switch clusters are limited to a single IP subnet Layer 2 domain A switch can only be a Member of one cluster Configured switch clusters are maintained across p...

Страница 479: ...orm to reset to the default address Syntax cluster ip pool ip address no cluster ip pool ip address The base IP address for IP addresses assigned to cluster Members The IP address must start 10 x x x...

Страница 480: ...nd Mode Global Configuration Command Usage The maximum number of cluster Members is 16 The maximum number of switch Candidates is 100 Example rcommand This command provides access to a cluster Member...

Страница 481: ...ommand Mode Privileged Exec Example Vty 0 rcommand id 1 CLI session with the TL SG5426 is opened To end the CLI session enter Exit Vty 0 Console show cluster Role commander Interval heartbeat 30 Heart...

Страница 482: ...command shows the discovered Candidate switches in the network Command Mode Privileged Exec Example Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE MEMBER 00 12 cf 23 49...

Страница 483: ...a critical threshold Port Mirroring Multiple source ports one destination port Rate Limits Input limit Output limit Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggreg...

Страница 484: ...agement RS 232 console port Software Loading TFTP in band or XModem out of band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm...

Страница 485: ...oup MIB RFC 2233 Interfaces Evolution MIB RFC 2863 IP Multicasting related MIBs MAU MIB RFC 2668 MIB II RFC 1213 Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB Quality...

Страница 486: ...Software Specifications A 4 A...

Страница 487: ...the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum...

Страница 488: ...messages reported to include all categories 3 Designate the SNMP host that is to receive the error messages 4 Repeat the sequence of commands or other actions that lead up to the error 5 Make a list...

Страница 489: ...Point Service DSCP DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding T...

Страница 490: ...comply with the IEEE 802 1p standard Group Attribute Registration Protocol GARP See Generic Attribute Registration Protocol IEEE 802 1D Specifies a general method for the operation of MAC bridges inc...

Страница 491: ...t of the network from a station attached directly to the network IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts Layer 2 Data Link layer in...

Страница 492: ...the target port to be studied unobstructively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lo...

Страница 493: ...he shortest available path maximizing the performance and efficiency of the network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Terminal Access Cont...

Страница 494: ...less of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located...

Страница 495: ...the client will be based on this new domain Example In the following example the device is reassigned the same address Related Commands ip address 4 223 show ip interface This command displays the se...

Страница 496: ...189 queue mapping 3 145 4 187 queue mode 3 147 4 185 traffic class weights 3 148 4 186 D default gateway configuration 3 14 4 224 default priority ingress port 3 144 4 185 default settings system 1 6...

Страница 497: ...entries 4 229 setting filter criteria 4 227 J jumbo frame 4 63 L LACP local parameters 4 136 partner parameters 4 136 protocol message statistics 4 136 link type STA 3 113 3 115 3 117 3 119 3 122 4 15...

Страница 498: ...he system 3 30 4 22 RSTP 3 102 4 145 global configuration 3 105 4 145 S secure shell 3 54 4 33 configuration 3 54 4 36 4 37 serial port configuring 4 10 show dot1q tunnel 4 178 Simple Network Manageme...

Страница 499: ...B 1 trunk configuration 3 80 4 130 LACP 3 82 4 132 static 3 81 4 131 U upgrading software 3 18 user password 3 46 4 25 4 26 V VLANs 3 122 3 142 3 144 4 163 802 1Q tunnel mode 3 138 adding static membe...

Отзывы: