SMC Networks TigerAccess SMC7816M Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 962 Seiten
- 11.76 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Switch
SMC Networks Edge-core ES4710BD
2 Seiten 0.15 mb -
Switch
SMC Networks SMC6709GL2
2 Seiten 0.05 mb -
Switch
SMC Networks SMC6709L2
150 Seiten 1.78 mb -
Switch
SMC Networks SMC6709FL2
2 Seiten 0.1 mb -
Switch
SMC Networks SMC7824M/ESW
104 Seiten 5.56 mb -
Switch
SMC Networks SMC-EZ6505TX
2 Seiten 0.05 mb -
Switch
SMC Networks SMC6924VF
174 Seiten 1.2 mb -
Switch
SMC Networks SMC6724L2GSSC
28 Seiten 0.28 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung SMC Networks TigerAccess SMC7816M an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von SMC Networks TigerAccess SMC7816M, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung SMC Networks TigerAccess SMC7816M die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung SMC Networks TigerAccess SMC7816M. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung SMC Networks TigerAccess SMC7816M sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts SMC Networks TigerAccess SMC7816M
- Den Namen des Produzenten und das Produktionsjahr des Geräts SMC Networks TigerAccess SMC7816M
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts SMC Networks TigerAccess SMC7816M
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von SMC Networks TigerAccess SMC7816M zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von SMC Networks TigerAccess SMC7816M und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service SMC Networks finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von SMC Networks TigerAccess SMC7816M zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts SMC Networks TigerAccess SMC7816M, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von SMC Networks TigerAccess SMC7816M widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
T igerAccess ™ EE 6-Band VDSL2 Switch ◆ 16 VDSL Downlink Ports (1 RJ-21 Connecto r) ◆ 2 Gigab it Eth ernet Combin atio n Ports (RJ-45/ SFP) ◆ 1 F ast Et hernet Managemen t Port (RJ-45) ◆ Non-blocking switching archit ecture ◆ Spanning T ree Protocol, RSTP , an d MSTP ◆ Up to 1 2 LA CP or st atic 8-p ort trunks ◆ Layer 2/3/4 CoS supp[...]
-
Seite 2
[...]
-
Seite 3
20 Ma son Irvi ne, CA 9261 8 Phone: (949) 679-80 00 T igerAccess ™ EE Ma nage ment Gui de From S MC’ s T iger line of f eature-ri ch w orkgro up LAN solut ions Ja nua ry 20 07 Pub. # 14910 001 2100H[...]
-
Seite 4
Information furnished b y SM C Netw orks , Inc . (SMC) i s bel iev ed t o be accur ate a nd reli able . Ho wev er , no respon sibil ity is assu med by SMC for it s use, nor for any inf ring ement s of pate nts or ot her right s of third par t ies which may resul t fr o m its use. N o li cens e is g ra nted by i mpl icat ion or o the rwis e un der a[...]
-
Seite 5
v L IMITED W ARRANTY Limited W ar ranty Statement: SM C Networks, Inc. (“SMC ”) war ran ts it s produ cts to b e free f rom defects i n wor kmanship and materials , under nor mal use and ser vice, for the applicable w arr anty term . All SMC products car ry a s tandard 90-day lim ited warr anty f rom the date of purchase f rom SMC or its Author[...]
-
Seite 6
vi WARRA NTI ES E X CLU SIVE : IF AN SMC PR ODUCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’ S SOLE REM ED Y SHALL BE R EP AI R OR REPLA CEMENT OF THE PR OD UCT IN Q UES TION , A T SMC’S OPTION . THE FOREGOING W ARRANTIES AND REMEDIES ARE EXCL USIVE AND ARE IN LIEU OF ALL OTHER W AR RANTIES OR CONDITIONS , EXPRESS OR IM PLIED , EITHER IN[...]
-
Seite 7
vii T ABLE OF C ONTENTS Section I Getting Started 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descr iption o f Software F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 S[...]
-
Seite 8
T ABLE OF C ONTENTS viii Main Men u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 4 Basic Ma nagement Tasks . . . . . . . . . . . . . . . . . . . . . . 4-1 Display ing System Informat ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Display ing System Healt h . . . . . . . . . . . . .[...]
-
Seite 9
T ABLE OF C ONTENTS ix Settin g SNMPv3 View s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24 6 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Configu ring User Ac counts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Configu ring Loca l/Remote Logon A uthenti cation . . . . .[...]
-
Seite 10
T ABLE OF C ONTENTS x 9 Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Display ing Conn ection Stat us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Configu ring Inter face Con nections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Creatin g Trunk Group s . . . . . . . . . . . [...]
-
Seite 11
T ABLE OF C ONTENTS xi Configu ring Interf ace Settings fo r MSTP . . . . . . . . . . . . . . . . . . . . . . 12-27 13 VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Selectin g the V LAN Opera tion Mode . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 IEEE 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Seite 12
T ABLE OF C ONTENTS xii 15 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Configu ring Quality of Se rvice Parame ters . . . . . . . . . . . . . . . . . . . . . 15-2 Configu ring a Cla ss Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 Creatin g QoS Policies . . . . . . . . . . . . . . . . . . .[...]
-
Seite 13
T ABLE OF C ONTENTS xiii Conso le Conne ction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1 Telnet C onnectio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2 Enter ing Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3 Keywo rds and A rgumen ts . . . .[...]
-
Seite 14
T ABLE OF C ONTENTS xiv show bme version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-10 show cpu utiliza tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11 show memory status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12 System Mo de Com mands . . . . . . . . . . . . .[...]
-
Seite 15
T ABLE OF C ONTENTS xv SMTP Alert C ommand s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 loggin g sendmail ho st . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 loggin g sendmail le vel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-49 loggin g sendmail so urce-e mail . . .[...]
-
Seite 16
T ABLE OF C ONTENTS xvi Authe ntication Se quence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authent ication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authent ication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-7 RADIUS Clien t . . . . . . . . . .[...]
-
Seite 17
T ABLE OF C ONTENTS xvii dot1x max- req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x p ort-contro l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x o peration -mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-37 dot1x re -authent icate . . . . . . . . . [...]
-
Seite 18
T ABLE OF C ONTENTS xviii 24 Access Control List Commands . . . . . . . . . . . . . . . . . 24-1 IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 access -list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-3 permit , deny (Stan dard IP ACL) . . . [...]
-
Seite 19
T ABLE OF C ONTENTS xix show interfaces c ounter s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14 show interface s switch port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-16 26 Link Aggregation Comm ands . . . . . . . . . . . . . . . . . . 26-1 channel -group . . . . . . . . . . . . . . . . . . [...]
-
Seite 20
T ABLE OF C ONTENTS xx lre inte rleave-ma x-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-25 lre da tarate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-26 lre rate -set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-27 lre nois e-mgn t arget . . . .[...]
-
Seite 21
T ABLE OF C ONTENTS xxi Display ing VDSL I nformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-61 show lre band-pla n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-62 show lre option-b and . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-63 show lre ham-band . . . . . . . . . . . . . [...]
-
Seite 22
T ABLE OF C ONTENTS xxii 31 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . 31-1 spannin g-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3 spannin g-tree mod e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-4 spannin g-tree for ward-time . . . . .[...]
-
Seite 23
T ABLE OF C ONTENTS xxiii vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-8 Configu ring VLA N Interfac es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-9 interfa ce vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-9 switchp ort mode . [...]
-
Seite 24
T ABLE OF C ONTENTS xxiv show queue b andwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-9 show queue cos -map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-10 Priority Commands (L ayer 3 and 4) . . . . . . . . . . . . . . . . . . . . . . . . . . 33-11 map ip port (Glob al Configu ration) . . . . . . . [...]
-
Seite 25
T ABLE OF C ONTENTS xxv ip igmp sn ooping q uery-inte rval . . . . . . . . . . . . . . . . . . . . . . . . 35-9 ip igmp sn ooping qu ery-max-re sponse-time . . . . . . . . . . . . . . 35-10 ip igmp sn ooping r outer-po rt-expire -time . . . . . . . . . . . . . . . . 35-11 Static Multic ast Routin g Command s . . . . . . . . . . . . . . . . . . . . [...]
-
Seite 26
T ABLE OF C ONTENTS xxvi 37 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 DHCP Clie nt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 ip dhcp re start clie nt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 DHCP Rela y . . . . . . . . . . . . . . . . .[...]
-
Seite 27
T ABLE OF C ONTENTS xxv ii Section IV Ap pendices A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Manag ement Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Standards[...]
-
Seite 28
T ABLE OF C ONTENTS xxviii[...]
-
Seite 29
xxi x T ABLES Table 1-1 Key Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 Syst em Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Table 3-1 Web Pa ge Confi guration B uttons . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2 Switc h Main Me nu . . . . . . . . . . . [...]
-
Seite 30
T ABLES xxx Table 20-4 show b me version - d isplay des cription . . . . . . . . . . . . . 20-11 Table 20-5 show cpu utilization - display description . . . . . . . . . . . 20-12 Table 20-7 System Mod e Commands . . . . . . . . . . . . . . . . . . . . . . . . 20-13 Table 20-6 show memo ry status - dis play des cription . . . . . . . . . . . 20-13 T[...]
-
Seite 31
T AB LES xxxi Table 24-1 Access Control L ist Comma nds . . . . . . . . . . . . . . . . . . . . 24-1 Table 24-2 IP ACL Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 Table 24-3 MAC ACL Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . 24-16 Table 24-4 ACL Informat ion Comman ds . . . . . . . . . . . . . . . . .[...]
-
Seite 32
T ABLES xxxii Table 32-5 Commands for Dis playing VLAN I nformation . . . . . . 32-16 Table 32-6 Private VLAN C ommand s . . . . . . . . . . . . . . . . . . . . . . . 32-17 Table 32-7 Protocol- based VL AN Command s . . . . . . . . . . . . . . . . 32-20 Table 32-8 IEEE 802.1Q Tun neling Commands . . . . . . . . . . . . . . 32-25 Table 32-9 V LAN Sw[...]
-
Seite 33
xxxiii F IGUR ES Figur e 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figur e 3-2 Front Panel Indic ators . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figur e 4-1 Syste m Informati on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Figure 4-2 System Hea lth Infor mation . . . .[...]
-
Seite 34
F IGU RES xxxiv Figure 6-5 SSH Server Setting s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 Figure 6-6 802.1X Global I nformation . . . . . . . . . . . . . . . . . . . . . . 6-21 Figure 6-7 802.1X Global Co nfiguration . . . . . . . . . . . . . . . . . . . . . 6-22 Figure 6-8 802.1X Port Config uration . . . . . . . . . . . . . .[...]
-
Seite 35
F IGU R ES xxxv Figure 10-5 VDSL Perfo rmance Stati stics . . . . . . . . . . . . . . . . . . . . 10-28 Figure 10-6 Alarm Profile Configuratio n . . . . . . . . . . . . . . . . . . . . . 10-35 Figure 10-7 CPE Informa tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39 Figure 10-8 CPE Informa tion . . . . . . . . . . . . . . . . . .[...]
-
Seite 36
F IGU RES xxxvi Figure 14-10 IP Port Pr iority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 Figure 15-1 Configu ring Class Maps . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Figure 15-2 Configu ring Policy Maps . . . . . . . . . . . . . . . . . . . . . . . . 15-9 Figure 15-3 Service Policy Sett ings . . . . . . . . .[...]
-
Seite 37
S ECTION I G ETTING S TARTED This sect ion pr ovides an o v er view of th e swit ch , and int roduce s so me bas ic co ncept s abo ut netw ork swi tc he s . It also d escri be s th e ba sic sett ing s require d to acces s t he management inte rface . Introd uction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Seite 38
G ETTING S TAR TE D[...]
-
Seite 39
1-1 C HAPTER 1 I NTRODUCTION Th is switch provides a broad rang e of features for La yer 2 switc h ing. It incl udes a managemen t agent t hat allo ws yo u to con fig ure th e featu res listed in this manual. The default c onfiguration can be used for most of t he featu res pro v id ed b y this swit c h. Ho w ev er , the re ar e man y op tio ns t h[...]
-
Seite 40
K EY F EATURES 1-2 User Authentication Console , Telnet, we b – User na me / pass word, RADIUS, TACACS+ Web – HTTPS Telnet – SSH SNMP v1/2c - Com munity string s SNMP version 3 – MD5 or SHA pas sword Port – IEEE 802.1X Client Security Private VLAN s, IEEE 802.1X, MAC address filtering , IP/MAC addres s pair filtering , NetBIOS filtering, [...]
-
Seite 41
I NTR ODUCTION 1-3 Descri ptio n of Softwar e Featu res Th e swit ch provides a wide rang e of advanc ed per for mance enhan cing featu res . Flo w control elimi nates the loss of pac kets d ue to bott len ecks caus ed by por t satura tion. Sto r m suppr ession p revents broadca st, multica st and unkn o wn unicast tr affi c sto r ms from engul fin[...]
-
Seite 42
D ESCRIPTION OF S OF TWAR E F EATURES 1-4 ser v er to v erify the cli ent’ s r igh t to a ccess the ne tw ork via an authent icat ion ser v er (i.e., RADIU S ser v er). Othe r authent ica tion o ptio ns inc lude HT TPS for s ecure m anagement acces s via th e w eb , SSH for secur e man agement access o v er a T elnet-equi v alent conn ecti on, SN[...]
-
Seite 43
I NTR ODUCTION 1-5 P or t T r unking – P or ts can be co mbine d in to an ag greg ate co nnect ion. T r unks can be man ually set up or dyna mically configured using IEEE 802.3-2002 (for merly IEEE 8 02.3ad) Link Ag g reg ation Control Protocol (LA CP). The addition al ports dramatically in crease th e throu ghput a cross any c onnecti on, a nd p[...]
-
Seite 44
D ESCRIPTION OF S OF TWAR E F EATURES 1-6 Spanning T ree Algorithm – The switc h s upp orts thes e span nin g tr ee prot ocol s: Spanning T ree Pr otocol (STP , IEEE 802.1D) – This protocol provides loop dete ction. W hen there are multiple physical paths between segme nts , this protoc ol will choose a single path and disable all others to ens[...]
-
Seite 45
I NTR ODUCTION 1-7 • Si mplif y networ k manag emen t f or no de ch ange s/mov es b y r emotel y con figuri ng VLA N members hip fo r any p ort, ra th er th an havi ng to manu ally change the netwo rk co nnecti on . • Provide data security by restricting all traffic to the orig inating VLAN . • Use p rivate V LANs to restrict traffic to pa ss[...]
-
Seite 46
D ESCRIPTION OF S OF TWAR E F EATURES 1-8 Multicast Fi ltering – Specific multicast traffic can be assign ed to its own VLAN to ensure th at it do es no t inte rfer e with n or mal net w ork tr affic an d to guarantee real-time deliv er y by setting the required priority leve l for the desig nate d VLA N . The switc h uses IGMP s noo ping o r qu [...]
-
Seite 47
I NTR ODUCTION 1-9 System Default s Th e switch’ s system defaults are provided in the config uration file “Fac tory_D efault_ Config.cf g.” To re set the s witch defaul ts, this fi le should be set as the star tup conf iguratio n file ( page 4-20). Th e follo wing table lists so me of the basic sys tem defaults . Table 1-2 System Defaults Fu[...]
-
Seite 48
S YSTEM D EFAULTS 1-10 Web Managem ent HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Communit y Strings “public” (read only) “pr ivate ” (re ad/w rit e) Traps Authent ication tra ps: enabl ed Link-up-do wn events: enab led SNMP V3 View: defaultview Group: pu blic (read[...]
-
Seite 49
I NTR ODUCTION 1-11 Virtual LANs Default VLAN 1 PVID 1 Acceptable Fra me Type All Ingres s Filtering Disabled Switchport Mo de (Egre ss Mode) Hybrid: tag ged/unta gged frame s GVRP (g lobal) Disabled GVRP (port interface) Disabled QinQ Tunneling Disabled Traffic Prioritization Ingress Port Priority 0 Queu e Mod e WRR Weighted Round Robin Queue: 0 1[...]
-
Seite 50
S YSTEM D EFAULTS 1-12 Multica st Filtering IGMP Snooping Snooping: Enabl ed Querier: Dis abled IGMP F iltering/Throttling Disab led Multicast VLAN Registration Disabled System Log Status Enabled Messages Logged Levels 0-7 (all ) Messa ges Logged to Flash Levels 0-3 SMTP Email Alerts Even t Handler Enabled (but no serve r defined) SNTP Clock Synchr[...]
-
Seite 51
2-1 C HAPTER 2 I NITI AL C ONFI GURATION Connect in g to the Switc h Configura tion Options The swi tc h incl udes a bui lt-in netw ork managem ent agent. The agent offe rs a variet y of man age ment option s , includ ing SNM P , RM ON and a web-ba sed inter face. A PC may al so be conn ect ed d irec tly to the s wit ch for config urati on an d mon[...]
-
Seite 52
C ONNECTING TO THE S WITCH 2-2 The sw itc h’ s w eb in terf ace , CLI conf igur atio n program, and SNMP agent allow you to per for m the following manag emen t func tions: • Set user nam es an d p assw ords • Set an IP inter fac e fo r a mana geme nt VLAN • Con fig ure SNM P pa ram ete rs • Enable /disa ble any por t • Se t the s peed/[...]
-
Seite 53
I NITIAL C ONFIGURATION 2-3 T o co nnect a term in al to the co nso le p ort, comple te th e fol lo wing steps: 1. Connect the consol e cab le to t he seri al port on a term in al, or a PC r unnin g ter minal emulation software, and tighte n the captive retaining scr ews o n the D B-9 co nne ctor. 2. Connect the other end of the ca ble to the RS-23[...]
-
Seite 54
B ASIC C ONFIGURATION 2-4 Remote Connections Pri or to acc essi ng th e switc h ’ s onboa rd agent via a net w ork co nnect ion, y ou m ust fir st co nfigur e it wi th a v alid IP addres s , subnet mas k, and de fault g ateway using a consol e con nectio n, DHC P or BOO TP prot ocol. An IP address for th is switch is obtained via DHCP by default.[...]
-
Seite 55
I NITIAL C ONFIGURATION 2-5 Acces s to bo th CLI le v els are co ntro lled by use r name s and pass w or ds . The swit c h has a default user name and passw ord for eac h lev el. T o log into the CLI at t he Pri vileg ed Exec lev el using the default use r name and pas sw ord, perform thes e steps: 1. T o ini tia te y our consol e conn ecti on, pre[...]
-
Seite 56
B ASIC C ONFIGURATION 2-6 4. T ype “us er name admin pa ssword 0 passw ord , ” for t he Pri vil eg ed E x ec level, where passw ord is yo ur new pa ssw ord. Pres s < Ente r>. Setting an IP Address Y ou must est ablish IP addre ss infor mation for the switch to obtain man agement acc ess t hrou gh t he net w ork. The swi tc h ca n be ma na[...]
-
Seite 57
I NITIAL C ONFIGURATION 2-7 Usi ng the dedi cated ma nagement p ort pro vid es a bac k c han nel for troub les hoot ing when t he sw itch ca nnot b e reach ed thro ugh t he da ta network. T o provide addition al se curity ag ai nst eavesdro pping o n manag em ent traffic , leav e the IP addres s for the d ata network (i.e., the VLAN cont ainin g po[...]
-
Seite 58
B ASIC C ONFIGURATION 2-8 9. T hen follow the steps indicated in t he next s ection to assi gn an IP address to this VLAN using manual configurat ion or automatic config urati on via DH CP o r BOOTP . Note: If you put the uplink ports (Ports 17 and 18) in a separate managemen t VLAN, do not change th eir default VLAN ID. Nor shoul d you remove thes[...]
-
Seite 59
I NITIAL C ONFIGURATION 2-9 Before y ou can assig n an IP a ddress to the s witc h, y ou m us t obtai n t he following inf or matio n from you r network ad minist rat or : • IP ad dres s for the switch • Netwo rk mask fo r this ne twor k • Defa ult gat eway f or the n etwork T o ass ign an IP addres s to the sw itch, co mplete th e following [...]
-
Seite 60
B ASIC C ONFIGURATION 2-10 T o auto matica lly config ure th e swit ch b y com m unica ting with BOOT P or DHCP add ress a llocatio n ser vers on the ne twork, complete the following ste ps: 1. Fro m t he Globa l Co nfig uratio n mod e pr ompt , typ e “int erfa ce vl an 1” to acce ss the i nterfa ce-config ura tion mo de . Press <Ent er>.[...]
-
Seite 61
I NITIAL C ONFIGURATION 2-11 Enabling SNMP Management Access The sw itc h can be conf ig ured to accep t ma nagement com mand s from Simpl e Network Manag e ment Prot ocol ( SNMP) app lication s such as HP OpenV iew . Y ou ca n con figur e the swi tc h to (1) r espo nd to SNM P req uests or (2 ) generate SNMP traps . When SN MP m ana gement st at i[...]
-
Seite 62
B ASIC C ONFIGURATION 2-12 T o pr ev ent un autho rized a cces s to t he sw itc h f rom SNMP v ersi on 1 or 2c clients , it is recommend ed that you c hange th e default community strings. T o confi gure a comm unity string , co mplete t he fo llo wing steps: 1. F rom the Priv ileged E x e c lev el global confi gura tio n mode pro mpt, type “s nm[...]
-
Seite 63
I NITIAL C ONFIGURATION 2-13 Then press <Ent er>. F or a mo re det ailed de scri ption of t hese para mete rs , see “snmp -ser v er host” on p age 21-6. The foll o wing exam ple crea tes a trap ho st fo r each type of SNM P clie nt. Confi guring Access fo r SNMP Version 3 Clients T o confi gure mana g emen t access for SN MPv3 clien ts , [...]
-
Seite 64
M ANA GING S YSTEM F ILES 2-14 Managi ng Sys tem F iles Th e switch’ s f lash memo r y sup por ts three types of sy stem file s that can be man aged b y the CLI pr ogram, w eb i nte rface , or SNMP . The swit ch’ s file syste m all ow s file s to be up loade d and dow nlo aded, copie d, del ete d, an d set as a s tar t-up file . Th e t hree ty [...]
-
Seite 65
I NITIAL C ONFIGURATION 2-15 In th e system flash memory , one file of eac h type m ust be set as the start-up file. During a system b oot, the diag nostic an d operation code files set as t he start-up file are run, and then t he start-up configurat ion file is loaded. Note that conf iguration files should be do wnloaded using a file name that ref[...]
-
Seite 66
M ANA GING S YSTEM F ILES 2-16 T o s av e the c ur re nt confi gura tio n set ting s , enter t he follo wing comm and: 1. Fro m the P rivileg ed Exec mo de pr ompt , type “c opy r unni ng-co nfig st ar tup -con fig ” a nd pr ess <Ent er >. 2. Enter t he n ame of t he st art-up file . Press <Ent er>. Console#copy running-co nfig star[...]
-
Seite 67
S ECTION II S WITC H M ANAGEMENT This sect ion descr ibes the basi c sw itc h featu res , alo ng wi th a d etai led desc ript io n of ho w to conf igure ea ch featu re vi a a we b br ow ser , and a bri ef exa mple for t he Co mmand L ine Inter face . Configu ring the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Seite 68
S WITCH M ANA GEME NT[...]
-
Seite 69
3-1 C HAPTER 3 C ONFI GURIN G THE S WITC H Using th e Web In terfac e Th is switch pr ovides an e mbed ded HTTP web age nt. U sing a web brows er y ou can con figure th e swit ch and vi ew st atis tics t o mo nito r netw ork acti vit y . The w eb agent ca n be ac cesse d b y a ny comp ute r on th e netw ork usin g a stand ard web browse r (Inte r n[...]
-
Seite 70
C ONFIGURING THE S WI T CH 3-2 Notes: 1. You ar e allow ed three attemp ts to en ter the correc t passw ord; on th e thir d fail ed at tem pt the curr ent co nnec tion i s termina ted. 2. If you log into th e web interface as guest (Normal Exe c level), you c an view t he co nfig urati on s ett ings or c hange the gues t password. If you log in as [...]
-
Seite 71
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-3 Naviga ting the We b Br owse r Inter face T o acces s the we b-bro w ser in terface y ou m ust first enter a user name a nd passw ord. The administrato r has R ead/W rite acces s to all conf igurat ion parame ters and statistic s . T he de fault use r name an d password “admin ” is used for t [...]
-
Seite 72
C ONFIGURING THE S WI T CH 3-4 Configura tion Options Config urabl e par amet ers ha ve a di alog bo x o r a dro p-d ow n list . Once a config urati on chan ge has been made on a pag e, be su re to c lick on the Apply button to conf ir m the new se tting . Th e following t able su mmarize s the we b pa ge confi gura tio n but ton s . Notes: 1. To e[...]
-
Seite 73
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-5 Main Menu Using the onbo ard w eb a g ent, y o u can def ine sys tem param eters , man age and cont rol the switch, and all its por ts , or moni tor network conditions . Th e follo wing table brief ly describes the selection s av ailab le from this prog ram. Table 3-2 Switch Main Menu Menu Des cri[...]
-
Seite 74
C ONFIGURING THE S WI T CH 3-6 Reset Restarts the switch 4-36 SNTP 4-37 Configurat ion C onfigure s SNTP clie nt settings, including a speci fied list of servers 4-3 7 Clock Time Zone Sets th e local time zone for the system clock 4-39 SNMP 5-1 Config uration Configure s communi ty st rings and relat ed tra p function s 5-4 Agent St atus Ena bles o[...]
-
Seite 75
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-7 802.1X Port authentic ation 6-19 Inform ation Displays g lobal config uration s ettings 6-21 Config uration Co nfigures glob al configura tion paramet ers 6-22 Port Configurat ion Sets the authentication mode fo r individual ports 6-23 Statistic s Displa ys protocol stat istics for the selected po[...]
-
Seite 76
C ONFIGURING THE S WI T CH 3-8 Trunk Conf iguratio n Config ures trunk co nnection sett ings 9-4 Trunk Membership Specif ies ports to group into static trunks 9-9 LACP 9-11 Configurat ion Allows ports to dynamic ally join trunks 9-11 Aggrega tion Port Config ures parame ters for link aggre gation group members 9-1 3 Port Counters Infor mation Displ[...]
-
Seite 77
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-9 VDSL 1 0-1 Global Configuration Co nfigure s global VDSL vari ables which can be applied to all ports 10- 1 VDS L Po rt Config uration Config ures comm unication parameters for VD SL ports 10- 7 Line Profile Config uration Config ures a list of communica tion paramet ers which can be appli ed to a[...]
-
Seite 78
C ONFIGURING THE S WI T CH 3-10 Spanning Tree 12-1 STA Information Displa ys STA values used for the bridge 12-4 Config uration Co nfigure s global bridge s ettings for STP, RST P and MSTP 12- 8 Port Informat ion Displa ys individua l port settings for STA 12-13 Trunk Information Displays individ ual trunk settings for STA 12-13 Port Configuration [...]
-
Seite 79
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-11 Static Membership by Port Configure s membership type for interfaces, incl uding tagged, untagg ed or fo rbidde n 13-14 Port Configura tion Specifies d efault PVID and VLAN attribute s 13 -15 Trunk Configuration Specifies default trunk VID and VLA N attributes 13-15 Privat e VLAN 13-18 Status Ena[...]
-
Seite 80
C ONFIGURING THE S WI T CH 3-12 IPv6 Mapp ing Assigns IP v6 traffic clas ses to one of the Class-of- Service v alues 14-15 IP Port Priority Status Globally enables or disables IP Port Priority 14-16 IP Port Priori ty Sets TCP/UDP port priority, defi ning the socket number and associated clas s-of-s ervice value 14-11 QoS 15-1 DiffServ Config ure Qo[...]
-
Seite 81
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-13 IG MP F ilt er / Thr ottli ng Trunk Configuratio n Assigns IGMP filter pro files to trunk interfaces and sets throttle mode 16-18 MVR 16 -20 Configura tion Globally enables MVR, sets the MVR VLAN, adds multicast stream add resses 16-21 Port Information Displays MVR interfa ce type, MVR operation [...]
-
Seite 82
C ONFIGURING THE S WI T CH 3-14[...]
-
Seite 83
4-1 C HAPTER 4 B ASIC M ANAGEMENT T ASKS This c h apte r descr ibes the ba sic func tions re quired t o set up m ana gement acces s to the swi tc h, dis pla y or upgrade op eratin g so ftw are , or res et th e syst em. Disp laying Sy stem Info rmati on Y ou can e asil y i dentify the syst em b y dis pla ying the devi ce n ame , loc atio n and c ont[...]
-
Seite 84
B ASIC M ANA GEME NT T ASK S 4-2 • Web Secure Server P ort – Shows the TCP po rt used by the HTTPS interface. • Telnet Server – Shows if management access via Telnet is enabled. • Telnet Server Port – Shows th e TCP por t used b y the Tel net int erf ace. • Authentication Log in – S ho ws the us er l ogi n au then tica tio n sequen [...]
-
Seite 85
D ISPLA YIN G S YSTEM I NFOR MATION 4-3 CLI – Specify the hostname, location and con tact infor m ation. Console(config)#hostname R&D 5 20- 2 Console(config)#snmp-server locatio n WC 9 21-5 Console(config)#snmp-server contact Ted 21 -5 Console(config)#exit Console#show system 20- 8 System Description: TigerAccess(TM) SMC7816M/VSW System OID S[...]
-
Seite 86
B ASIC M ANA GEME NT T ASK S 4-4 Disp laying Syste m Health Use the S ystem He alth In for m ation p age to disp lay the status of the fa ns , internal temperature, main board , CPU , and system memory . Field Att ributes Gener al St atus • Fan Status – The fan’s functioning status. • Fan Failed Times – T he nu mber of tim es t he fan h a[...]
-
Seite 87
D IS PLAYI NG S YSTEM H EALTH 4-5 • Free Amount – Am ount of memo ry curr entl y free for u se. • Freed / Total – Percen tage of fr ee mem ory co mpar ed to to ta l memory. • Utiliz ation Ra ising Alarm Thr eshold 1 – Ris ing thre shol d for memo ry utilization alarm. (Range: 1-100%; Default: 90% ) • Util izat io n Fal li ng Ala rm Th[...]
-
Seite 88
B ASIC M ANA GEME NT T ASK S 4-6 CLI – Use th e fol low ing co mm ands t o dis pla y t he stat us of t he CPU a nd syst em m em or y . Console#show cpu utiliz ation 20-11 CPU current utilizatio n : 73% Max utilization in 10s: 73% Avg utilization in 10s: 73% peak utilization: 73% peak utilization b egin : 02:33:50 01/01/2001 peak utilization d uri[...]
-
Seite 89
D ISPLA YIN G H ARDW AR E /S OFTW AR E V ERSIONS 4-7 Displayin g Hardware/Software Versions Use the Switch Infor mation p age to display hardware/fir mware version n umbers for the main board an d management s oftwa re, as w ell as the po w er st atus of t he s ystem. Field Att ributes Main Bo ard • Serial Number – Serial number of main board. [...]
-
Seite 90
B ASIC M ANA GEME NT T ASK S 4-8 These addit ional parame ter s are d ispl aye d for t he CLI . • Unit ID – Unit number in stack. • BME firmware version – Versio n num ber of Burst Mo de E ngine. We b – Click System, Switch Infor m ation. Figure 4-3 Switch Information[...]
-
Seite 91
D ISPLA YI N G B RIDGE E XTE NS IO N C APABILITIES 4-9 CLI – Use the following command to di splay v e rsion infor mation. Disp laying Bridge E xtens ion Capab ilitie s Th e Brid g e MIB includ es ex tension s for ma nag ed devic es th at sup por t Multicast Filte ring, T raffic Classe s , and Virtual LANs . Y ou can access thes e exten sio ns to[...]
-
Seite 92
B ASIC M ANA GEME NT T ASK S 4-10 • Configurable PVID Tagging – This switch allo ws you to ove rride the de faul t P or t VL AN I D (PVI D u sed in fra me ta gs) and eg res s st at us (VLAN -Tag ged o r Unta gged ) o n each port. (R efer to “VL AN Configuration” on page 13-1.) • Local VLAN Capable – This sw itch does not support multipl[...]
-
Seite 93
S ETTING THE S WITCH ’ S IP A DDRESS 4-11 CLI – Enter the follo wing comman d. Setti ng the Swi tch’ s IP Addr ess Th is sec tion des crib es how to co nfig ure a n IP inte rface for man age ment acces s o v er th e net w ork. The IP ad dress for t his sw itc h is o btained vi a DHCP b y default. T o manual ly config ure an addr ess , yo u ne[...]
-
Seite 94
B ASIC M ANA GEME NT T ASK S 4-12 wil l not func tio n unti l a re ply has b een rec eived from t he s erver. Reques ts w ill be bro adcast peri odical ly by th e swit ch fo r an IP addres s. (DHCP /BOOTP values can i nclude the I P ad dress, subn et ma sk, and defau lt gatew ay.) • IP Address – Add ress of th e VLAN to which the manage ment st[...]
-
Seite 95
S ETTING THE S WITCH ’ S IP A DDRESS 4-13 CLI – Specif y the m anagement interf ace, IP ad dress an d de fault gatew ay . This examp le firs t se ts up a de dica ted V LAN for manageme nt a ccess . It adds P ort 19 (the management port) to that VLA N and als o remov es this port from the V LAN 1, whic h is left fo r u se b y th e da ta ne tw or[...]
-
Seite 96
B ASIC M ANA GEME NT T ASK S 4-14 Using DHCP/ BOOTP If y ou r network pr ovides DHC P/B OOT P ser v ice s , you ca n c onf igur e th e swit ch to be d yna mical ly confi gur ed b y th ese se r vices . We b – Click System, IP Config uration. Spe cify the VLAN to which the manag em ent sta tion is atta ched, se t the IP Address Mode to DHCP o r BOO[...]
-
Seite 97
S ETTING THE S WITCH ’ S IP A DDRESS 4-15 This examp le firs t se ts up a de dica ted V LAN for manageme nt a ccess . It adds P ort 19 (the management port) to that VLA N and als o remov es this port from the V LAN 1, whic h is left fo r u se b y th e da ta ne tw ork. It then specifies the m anageme nt int erface , IP address and default g at ewa[...]
-
Seite 98
B ASIC M ANA GEME NT T ASK S 4-16 Configu rin g Suppo rt for Jumb o Frames The switc h prov ides mor e eff icient throug hput fo r lar ge sequen tial d ata trans fers by sup por ting ju mbo fram es up to 9216 bytes . C ompar ed to stand ard Et hernet frames that run only up t o 1.5 KB , using jumbo frames sign ifi cantly reduce s th e per -pac k et[...]
-
Seite 99
M ANAG ING F IR MW AR E 4-17 Managi ng Fir mwar e Y ou can up load/ download fir m ware to or from a TFTP ser ver. By sav ing r untime code to a file on a TFTP ser v er , that file can later be downloaded to the switch to re store oper ation. Y ou ca n also se t the switch to us e new fir mware without overwriting th e previous version. Y ou must s[...]
-
Seite 100
B ASIC M ANA GEME NT T ASK S 4-18 Downloading System Software from a Server When d ow nlo ading runtime cod e, yo u ca n spe cify t he de sti nati on f ile name t o replace t he cu r rent image, o r firs t do wnl oad the file us ing a differe nt na me fro m th e current r unt ime co de fi le , and t hen s et the new file as t he star tup file . We [...]
-
Seite 101
M ANAG ING F IR MW AR E 4-19 If you do wnload to a ne w destinatio n file, go to the File Mana gement , Set Start -Up menu, mark the operation code file used at star tup , and click Appl y . T o st art the new fir mw are , reboot the s ystem via the System /R eset menu. Figure 4-9 Setting the Startup Code T o delete a file select Syst em, File Mana[...]
-
Seite 102
B ASIC M ANA GEME NT T ASK S 4-20 T o start the new fi r mware , en ter t he “ reload” com mand or reboo t th e syst em. Saving or Restori ng Confi gurat ion Set tings Y ou can up load/ download configu ratio n setting s to/f rom a TF TP ser ver , or copy file s to and from switch units in a s tack. The con figuration file can be late r downloa[...]
-
Seite 103
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-21 - runnin g-c on fig to file – Copies th e running config uration to a file. - runnin g-c onf ig to startup -co nfig – Copies the r unn ing co nfig to the startu p config. - runni ng- con fi g to tf tp – Cop ies the r unni ng co nfig ura tio n to a TFTP server . - s tartup-con fig to file –[...]
-
Seite 104
B ASIC M ANA GEME NT T ASK S 4-22 Downloading Configurati on Settings fr om a Server Y ou ca n do wnlo ad th e co nfig ur ation fi le under a new file na me and t hen set i t as the s tartup file , or y ou can sp ecify the c ur rent startup configurati on file as th e destination file to directly re place it. N ote that t he file “Factor y_D efau[...]
-
Seite 105
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-23 If you down load to a new file name us ing “tf tp to s tar tup -config ” or “tf tp to file, ” t he file is automatic ally set as the st art-up configuration file. T o use the new s ettin gs , reboo t the s yst em via t he Sys tem/R eset me nu . Y ou c an also select any conf iguration file[...]
-
Seite 106
B ASIC M ANA GEME NT T ASK S 4-24 Console Port Setti ngs Y ou can access the onboard c onfiguration prog ram b y attaching a VT100 compa tib le de vice to the s witc h ’ s ser ial consol e po rt. Managemen t acce ss thro ugh t he co nsole po r t is co ntro lled by vario us par amete rs , incl udin g a password, t imeouts, and bas ic com municatio[...]
-
Seite 107
C ONSOLE P OR T S ETTINGS 4-25 device connected to the serial por t. (Range: 9600, 19200, 38400, 57600, or 115200 baud, A uto; Default: Auto) • Stop Bits – Sets the numbe r of the sto p bits t ransmitte d per byte. ( R a n g e :1 - 2 ;D e f a u l t : 1 s t o p b i t ) • Password 2 – Speci fies a pass w ord fo r th e line conn ection. When a[...]
-
Seite 108
B ASIC M ANA GEME NT T ASK S 4-26 CLI – Ente r Lin e Config urati on mo de for th e con sole , t hen spec ify t he con nectio n para m ete rs as requir ed. T o dis pla y the cur r ent cons ol e port sett ings , use th e show line comm and fr om the Nor mal Ex ec leve l. Telnet Se ttings Y ou ca n acce ss t he on board co nfig urati on program o v[...]
-
Seite 109
T ELNET S ETTINGS 4-27 • Login Timeout – Sets the int er v al that the s ystem w aits for a user t o log in to t he CLI . If a logi n a ttem pt i s n ot de tected w ith in the t im eou t inte rval, the conne ction is ter minat ed for th e ses sion. (Range: 0 - 300 sec onds; Defa ult: 300 seconds) • Exec Timeo ut – Sets the inter val that th[...]
-
Seite 110
B ASIC M ANA GEME NT T ASK S 4-28 We b – Clic k Syst em, Line , T eln et. Spe cify t he co nnect ion p aramet ers fo r T elnet access , then clic k App ly . Figure 4-14 Configuring the Telnet Interface CLI – Enter Line Con figuration mode fo r a vir tual ter m inal, then specify the co nnect ion p arameters as re quire d. T o di spla y the c ur[...]
-
Seite 111
C ONFIGURING E VENT L OG GI NG 4-29 Conf igu ring E ven t Loggi ng Th e switc h allows y ou to control the log ging of e rro r messages , including the type o f ev ents that are reco rd ed in sw itc h memor y , log ging to a r emot e Syst em Log (sys log) server , and dis pla ys a list o f re cent ev ent messages . System Log Configuration The syst[...]
-
Seite 112
B ASIC M ANA GEME NT T ASK S 4-30 • RAM Level – Limits lo g m essag es s aved t o th e swit ch’s tem pora ry RAM memory for all levels up to th e specifi e d level. For example, if level 7 is specified, al l messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: Th e Flash L evel must be equal to or less th an [...]
-
Seite 113
C ONFIGURING E VENT L OG GI NG 4-31 CLI – Enab le sy stem log ging and then s peci fy th e lev el of m ess ages to b e log ged to RAM and flas h memo r y . U se th e sho w lo g ging command to di spl ay t he curren t set ti ngs . Remote Log Configura tion Th e R e mote Logs pag e allows you to configure the log gin g of messag es that are sent t [...]
-
Seite 114
B ASIC M ANA GEME NT T ASK S 4-32 • Host IP Address – Sp ecifi es a ne w ser ver IP a ddres s to ad d to the Host IP Li st. We b – Click System, Log s , Remo te Logs . T o add an IP add ress to th e Host I P L i s t , t y p e t h e n e w I P a d d r e s s i n t h e H o s t I P A d d r e s s b o x , a n d t h e n c l i c k Add. T o delete an I[...]
-
Seite 115
C ONFIGURING E VENT L OG GI NG 4-33 CLI – Enter the sy slog ser v er host IP address, c hoose the facility ty pe and set the log ging trap . Displaying Log M essa ges Use th e Logs page to scroll thro ugh th e log ged system and ev en t mes sages . The switch can store up to 2048 log entries in temporar y random ac cess memor y (RAM; i.e ., memor[...]
-
Seite 116
B ASIC M ANA GEME NT T ASK S 4-34 CLI – This exam ple sh o ws th e ev ent mess age sto red i n RAM. Sending Simple Mail Transfer Protocol Aler ts T o alert sy stem admin istra to rs of proble ms , th e swit ch can us e SMTP (Simpl e Mail T ransfe r Pr otocol ) t o send email messag es when trig g ered by log ging ev ents o f a spe cified lev e l.[...]
-
Seite 117
C ONFIGURING E VENT L OG GI NG 4-35 We b – Clic k System, Log , SMTP . Enable SMT P , specify a source ema il addre ss , and select the minimum sev erity lev e l. T o add an IP address to the SMTP Ser v er List, t ype the new IP add ress in t he SMTP Ser ver fie ld and click Add. T o delete an I P address , click the entr y in the SMTP Ser ver Li[...]
-
Seite 118
B ASIC M ANA GEME NT T ASK S 4-36 CLI – Enter t he IP a ddr ess o f at le ast on e SMT P ser v er , set th e sys log severity lev el to trig ger an email me ssage, and spec ify the switch (source) and up to fiv e recipie nt (dest inati on) em ail add resses . Enable SMTP w ith the lo g ging sendmail co mmand to co mplet e the co nfigur atio n. Us[...]
-
Seite 119
S ETTING THE S YSTEM C LOCK 4-37 CLI – Use the r el oad com mand to r est art th e s witc h . Note: Wh en restarting the system, it will alway s run the Power-On Self-Test. Setti ng the Sys tem Cloc k Simple Network Time Protocol (SNTP) allows the switch to set its int er nal cloc k b ased on pe riod ic up dates from a tim e ser ve r ( SNTP or NT[...]
-
Seite 120
B ASIC M ANA GEME NT T ASK S 4-38 • SNTP Se rver – Set s the I P ad dress for up to thr ee time s erver s. Th e switch a ttempts to update the t ime from the fir st server , if this fails it attemp ts an up date from th e next se rver in the sequ ence. We b – Select SNTP , Configur ation . Modify a ny of t he re quired parameters , and click [...]
-
Seite 121
S ETTING THE S YSTEM C LOCK 4-39 Setting the Time Zone SNTP uses Coord inated Uni v ersa l Time ( or UT C , fo r merly Greenw ic h Mean Time , or G MT) bas ed on t he ti me at th e Ea r th ’ s pr ime m eri dian , zero deg rees lo ngitud e . T o display a time cor r esponding to your local time, you mu st i nd icat e t he numb er o f ho urs and mi[...]
-
Seite 122
B ASIC M ANA GEME NT T ASK S 4-40[...]
-
Seite 123
5-1 C HAPTER 5 S IMPLE N ETWORK M ANAGEME NT P ROTOCOL Simpl e Network Manag eme nt Prot ocol ( SNMP) is a communica tion prot ocol designe d spec ifica lly for managi ng dev ices on a network. Equipm ent co mmonly managed wit h SNMP i nclude s swit ch es , routers and hos t comp ut ers . S NMP is typ ical ly use d to co nfi gur e th ese de vice s [...]
-
Seite 124
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-2 Access to the sw itch using from clients using SNMPv3 provides additio nal secu rity featur es th at co ver message i nte g rity , auth enti cati on, an d encr yptio n; as well as c ont rolling user access to spe cific areas of th e MIB tree. Th e SNM Pv 3 secu rity st r u ctur e con sists o f se cur[...]
-
Seite 125
5-3 Note: The prede fined defaul t grou ps and view can be dele ted fr om t he syst em. Yo u can then d efine customized groups a nd views f or the SNMP clients that require access. v3 AuthNoPriv user defined user d efined user defined user defined Prov i des user authentica ti on via MD5 or SH A algor ithms v3 AuthPriv user defined user defined us[...]
-
Seite 126
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-4 Enablin g the SN MP Agent Enables SNMPv3 ser vice for all manag ement client s (i.e., v ersions 1, 2c , 3). Command A ttri butes SNMP A gent Status – Enables SNMP on the sw itch. We b – Click SNMP , Ag ent Status . Enable the SNMP Agent by mar king the En abled c h ec kbo x, and c lick App ly . F[...]
-
Seite 127
S ETTING C OMMUNITY A CCESS S TRINGS 5-5 • Community String – A communit y string that ac ts like a passw ord and perm its acc ess t o the SN MP pr otoc ol. Default strings: “p ublic” (re ad-only access ), “pri vate” (rea d/write access ) Range: 1-32 charact ers, ca se sensi tive • Acc ess Mo de – Sp eci fie s the acce ss ri ght s f[...]
-
Seite 128
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-6 Speci fying Tr ap Man agers an d Tra p Type s T raps in dicatin g stat us chang es are iss ued b y the sw itch to sp ecified trap mana gers . Y ou m ust specify t rap ma nagers so th at key ev ents are r e ported by this switch to y our man ag ement station (us ing ne tw ork mana geme nt plat for ms [...]
-
Seite 129
S PECIFYING T RAP M ANA GERS AND T RAP T YPES 5-7 To se nd an info rm to a SNMPv3 h ost , comp lete these s teps : 1. Ena ble the S NMP ag en t (pag e 5-4). 2. Enable trap infor ms as des c ribed in the following p age s . 3. Creat e a view with the required no tific atio n messages (page 5-24). 4. Creat e a group that i ncludes the requir ed no ti[...]
-
Seite 130
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-8 • Trap Inform – No tificatio ns are sent as inform me ssages. Note that th is option is only av ailable for version 2c and 3 hosts . (Default: traps are used ) - Timeout – The number of secon ds to w ait for an acknow ledgm ent before resending an inform message. (Range: 0-2147483647 centisecon[...]
-
Seite 131
S PECIFYING T RAP M ANA GERS AND T RAP T YPES 5-9 We b – Click SNMP , Con figuration. En ter th e IP add ress and comm uni ty string for each manag ement s tation that will re cei ve trap messag es , specify the UDP por t, SNMP trap version, trap security lev el (for v3 client s), trap infor m settings (for v2c/v3 clients), and then click Add. Se[...]
-
Seite 132
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-10 Conf igurin g SN MPv3 Ma nageme nt Acc ess T o confi gure SNMPv3 management a ccess to the swi tc h, fol low these ste ps: 1. I f you want to chang e the defa ult e ngine ID , do so be fore conf igurin g other SNM P parameters . 2. Specif y read a nd wri te a ccess views fo r the switc h MIB tr ee .[...]
-
Seite 133
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-11 We b – Click SNMP , SNMPv3 , Engine ID . Enter an ID of up to 26 hexadecimal c harac ters and then clic k Sa v e . Figure 5-4 Setting the SNMPv3 Engine ID CLI – T his e xample sets an SNMPv3 e ngine ID . Specifying a Remote Engine ID T o send infor m messages to an SNMPv3 us er on a remote de vi[...]
-
Seite 134
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-12 We b – Click SNMP , SNM Pv3, R emot e Engine ID . En ter an ID of up to 26 hexadecimal c harac ters and then clic k Sa v e. Figure 5-5 Setting an Engi ne ID CLI – This example s pecifies a rem ote SNMPv3 en gine ID . Configur ing SNMPv3 Users Each SNMPv 3 us er is def ined by a uniqu e nam e. Us[...]
-
Seite 135
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-13 - Auth Priv – SN MP comm unica tions use both authenti cati on an d encr yption (on ly ava ilable f o r th e SNM Pv3 securit y mo del). • Authentication Prot oc ol – Th e method u sed fo r user a uthent ication . (Options: MD5, SHA; Default: MD5) • Authentication Password – A m inimum of e[...]
-
Seite 136
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-14 We b – Click SNMP , SNMPv3, Use rs . Click New to configure a user name. In the New User page, define a name and assign it to a g roup , then clic k Add to sav e the conf iguration and retur n to the Use r Name list. T o d elete a user , ch eck t he bo x nex t to the use r name , then clic k Delet[...]
-
Seite 137
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-15 CLI – Use the snm p-s er ver use r command to co nfi gure a new us er name and a ssign it t o a g roup . Configur ing Remote SNMPv3 Users Each SNMPv 3 us er is def ined by a uniqu e nam e. User s must be config ure d with a specific se curity lev el and assigned to a group . The SNMPv3 g roup rest[...]
-
Seite 138
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-16 • Security Model – The user secur ity model; SNMP v1, v2c or v3. (Default: v1) • Security Level – The s ecuri ty level used for t he use r: - noAuthNo Priv – Th ere i s no aut hent icati on or encry pti on us ed in SNMP comm unications. ( This is the d efault for SN MPv3.) - AuthNo Pri v ?[...]
-
Seite 139
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-17 We b – Click SNMP , SNM Pv3, R emote Users . Click New to configure a user name . In the New User page, define a name and a ssign it to a group , then click Ad d to save the configurat ion and retur n to the Us er Name lis t. T o d elet e a use r , check th e box nex t to the user name, th en clic[...]
-
Seite 140
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-18 CLI – Use the snm p-s er ver use r command to c onfi gure a new us er name and as sig n i t to a g rou p . Configur ing SNMPv3 Gro ups An SNM Pv3 gro up set s the acce ss po licy f or its assi gned us er s, re strict ing them to spec ific re ad, w rite, a nd n oti fy v iews . Y ou c an use the p r[...]
-
Seite 141
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-19 • Notify View – The con figured view f or no tifica tio ns. (Ra nge: 1-64 chara cters) Table 5-2 Suppor ted Notification Messages Object L abel Ob ject ID Description RFC 1493 Traps newRoot 1.3.6. 1.2.1.17.0.1 The newRoo t trap i ndicates tha t the sending agen t has become the new root of the S[...]
-
Seite 142
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-20 linkDown * 1. 3.6.1.6.3.1. 1.5.3 A linkDown trap signifi es that the SNMP entity, acting in an agent role, has d etected that the ifOperStatus obj ect for one of its communication links is a bout to enter the down state from some other state (but not from the notPresent state). This o ther state is [...]
-
Seite 143
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-21 RMON Events ( V2) ris i ngA la rm 1.3 .6 .1. 2.1 .1 6.0 . 1 Th e SN MP tr ap th at is g ene ra ted when an alarm entry cros ses its rising thresho ld and generates an event that is config ured for sending SNMP traps. falling Alarm 1.3.6. 1.2.1.16.0.2 The SNMP trap tha t is generated when an alarm en[...]
-
Seite 144
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-22 swThermalRising Notification 1.3.6. 1.4.1.202.40. 2.6.2.1. 0.58 Th is trap is sent when the temperature exc eeds the switchThermalAction RisingThre shold. swThermalFal ling Notification 1.3.6. 1.4.1.202.40. 2.6.2.1. 0.59 Th is trap is sent when the temperature falls belo w the switchThermalAction Fa[...]
-
Seite 145
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-23 We b – Click SNMP , SNM Pv3, Groups . Clic k New to conf igure a new g roup . In the New Grou p pag e, define a name, ass ign a se curity model an d level, and then select read , write, and notify views . Click Add to sav e th e new grou p an d ret urn to th e Gr oups lis t. T o delete a group , c[...]
-
Seite 146
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-24 CLI – Use th e snm p-s er ver g ro up command t o con figu re a new group , spe cifyin g the s ecur ity model and lev el, an d rest ricti ng MI B acces s t o def in ed rea d an d w rit e vi ews . Setting SNMPv3 Views SNMPv3 views are used to restr ict user access to specifi ed po r tion s of the M[...]
-
Seite 147
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-25 We b – Click SNMP , SNMPv3, Views . Clic k New to configure a new view . In th e New View p age, defin e a name and specify OID s ubtr ees in t he switc h M IB to be i nclud ed or e x cluded in th e view . Clic k Ba ck t o sa v e the new view and return to th e SNMPv3 V iews li st. F or a specifi [...]
-
Seite 148
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-26 CLI – Us e th e snmp-ser v er view comma nd to conf igur e a n ew vi ew . T hi s exa mple view incl udes the MIB -2 interf aces t able , and the wildca rd mas k selects all ind ex entries . Console(config)#snmp-server view if Entry.a 1.3.6.1.2.1.2.2.1.1.* included 21-13 Console(config)#exit Consol[...]
-
Seite 149
6-1 C HAPTER 6 U SER A UTH EN TICA TION Y ou can conf i gur e th is switc h to authen tica te u sers logg in g in to th e sys tem for manag em ent acce ss using local or re mote auth entica tion me thods . P or t-based authentic ation using IEEE 802.1X can also be configured to con trol eit her ma nagement acces s to th e upl ink po r ts or cl ient[...]
-
Seite 150
U SER A UT HE N T IC AT ION 6-2 The default guest name is “guest ” with the pa ssw ord “guest. ” The default administ rator name is “ad min” wit h the pa ssw ord “a dmin.” Command A ttri butes • Account List – Disp lays the cur rent l ist o f use r accoun ts an d asso ciat ed acces s l evels. ( Defau lts: admin , and gu est) •[...]
-
Seite 151
C ONFIGURING L OCAL /R EMO TE L OGO N A UTHENTICATION 6-3 CLI – Assig n a us er nam e to acces s-lev el 15 (i.e ., admin istra to r), then spe cify t he p assw ord. Co nfigu ring L oc al/Rem ote Lo gon Aut henti cat ion Use th e Authentica tion Settings men u to restric t manag ement access bas ed on specifi ed us er names a nd pas swords . Y ou [...]
-
Seite 152
U SER A UT HE N T IC AT ION 6-4 Command U sage • By defau lt, man ageme nt ac cess is always checke d agai nst t he auth enti ca tion d at aba se st ored o n th e lo cal s witch . If a remo te auth enti cati on ser ver i s us ed, y ou must spec ify t he aut henti cation seque nce an d the co rresp onding parameter s f or the re mote auth enti cat[...]
-
Seite 153
C ONFIGURING L OCAL /R EMO TE L OGO N A UTHENTICATION 6-5 - ServerIndex – Spe ci fies one o f fiv e RAD IUS ser vers that may be con figur ed. T he s wit ch att emp ts au th entica tion usi ng the l is ted seque nce o f serv ers. T he p roc ess ends when a s erver eith er app ro ves or d enie s acces s to a u ser. - Server IP Address – A dd res[...]
-
Seite 154
U SER A UT HE N T IC AT ION 6-6 We b – Click Security , A uthen ticatio n Settin gs . T o config ure loc al or rem ote au then tica tio n pref erences , speci fy th e a uthen tic atio n seq uen ce (i.e., one to th ree meth ods), fill in the para meters for RADIUS or T A CA CS+ aut henti cation if s elected , and cli ck A pply . Figure 6-2 Authent[...]
-
Seite 155
C ONFIGURING HT TPS 6-7 Conf igu ring HTTP S Y ou can c onfi gure the swit ch to en able the Secur e Hyp ertext T rans fer Proto col (HT TP S) over the Se cure S ocket Layer (S SL), providing secur e acces s (i .e ., an encrypted con nect ion) t o th e s witc h’ s web i nte rface . Command U sage • Both t he HTTP an d HT TPS servi ce can be en [...]
-
Seite 156
U SER A UT HE N T IC AT ION 6-8 • T he foll owing w eb bro wsers a nd op erating s yste ms cur rentl y supp ort HTTPS: • To specify a sec ure-sit e certifi cate, see “Replaci ng the Defau lt Secure-s ite Ce rt if ic at e” on pa ge 6- 9. Command A ttri butes • HTTP S Status – Allows you to enable /disable the HT TPS server featu re o n t[...]
-
Seite 157
C ONFIGURING HT TPS 6-9 Replacing the Default Secure-site Certificate Whe n y ou log onto the web interface using HTT PS (for secure acce ss), a Secure Soc k ets L aye r (SSL) certificate a ppears for the switc h. By default, the cer tifica te that Netsc ape and In ter net Explore r display will be associ ated with a w ar ni ng tha t the s ite is n[...]
-
Seite 158
U SER A UT HE N T IC AT ION 6-10 Conf igur ing th e Secu re Shel l The B erkley-standard includes remote access to ols originally designed for Unix s ystem s . Some of thes e tool s hav e al so bee n implem en ted fo r Micros oft W indows and othe r envir onmen ts . The se to ols , inc luding comm and s suc h as rlogin (r emot e logi n), rsh (remot[...]
-
Seite 159
C ONFIGURING THE S ECUR E S HELL 6-11 T o u se the S SH se r ver, com plete thes e ste ps : 1. Generate a Host Key P air – On t he SSH Ho st K ey Set tings page , crea te a hos t publ ic/private key pa ir . 2. Pr ovide Ho st Public Key to Clien ts – Man y SSH c lient pr og ra ms automatica lly impor t the host pub lic k ey during the initial co[...]
-
Seite 160
U SER A UT HE N T IC AT ION 6-12 6. Authentication – One of the followin g auth entica tion meth ods is emplo yed: P assword Authentication (for SS H v1.5 or V2 Clients) a. Th e clie nt se nds its pa ssword to the se r ver . b . T he s witch co mpa res th e cl ient 's pa ssword to those stor ed in me mory . c . If a match is found, the c onn[...]
-
Seite 161
C ONFIGURING THE S ECUR E S HELL 6-13 Authenticating SS H v2 Client s a. The client first queries the switch to dete r mine if DSA public key auth entica tion usin g a pref er re d alg or ithm is a cce ptable. b . If the s pecified alg o rithm is su ppor te d by the switch, it not ifies the client to pro ceed with th e auth entica tion pro cess . O[...]
-
Seite 162
U SER A UT HE N T IC AT ION 6-14 • Host-Key Type – The key ty pe used to generat e the ho st key pa ir (i.e. , public and private keys ). (Rang e: RSA, DSA, Both: Defa ult: Both) The SSH se rver uses RSA or DSA for key exch ange wh en the client first esta blis hes a co nnect ion wi th the s witch , an d the n negot iates wit h th e client to s[...]
-
Seite 163
C ONFIGURING THE S ECUR E S HELL 6-15 We b – Click Sec urity , SSH, Host-Key Se ttings . Select the host-ke y type from th e dr op-down bo x, sele ct the option to save the ho st key from memor y to flash (if re quired) prior to ge nera ting the k ey , and then clic k Generate. Figure 6-4 SSH Host-Key Settings[...]
-
Seite 164
U SER A UT HE N T IC AT ION 6-16 CLI – This exam ple generat es a h ost-k ey pair usi ng both the RSA and DSA alg orithms , stores the keys to flash memor y , and then displays the host’ s p ublic keys . Configur ing the SSH Server The SSH se r ver incl udes b asic sett ings for aut henti catio n. Field Att ributes • SSH Serve r Sta tus – A[...]
-
Seite 165
C ONFIGURING THE S ECUR E S HELL 6-17 • SSH Authenticati on Retries – Speci fies the num ber of auth entic ati on attempts th at a client is allowed b efore authentication fails and the client has to r estart th e auth entica tion proce ss. (Ran ge: 1-5 times; Default: 3) • SSH Server-Key Size – Specifi es the SSH se rver key size . (R ange[...]
-
Seite 166
U SER A UT HE N T IC AT ION 6-18 CLI – This exampl e ena bles SSH, s ets th e auth entica tion par ameter s , and disp la ys the cur rent confi gur atio n. It sho ws th at the admini str ator has mad e a con nectio n via SH H, and t hen disa bles t his conn ectio n. Console(config)#ip ssh server 22-25 Console(config)#ip ssh timeout 100 22-26 Cons[...]
-
Seite 167
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-19 Config uring 80 2.1X Port Authe ntication Netw ork switc hes can pro vid e open and e asy acc ess t o net w ork resources by simply attaching a client PC . Althoug h this automatic config uration and access is a desirable featur e, it also allows unauthorized person nel to easily intr ud e and possibl[...]
-
Seite 168
U SER A UT HE N T IC AT ION 6-20 releases . T he c lient responds to th e appropriate meth od with its crede ntials , suc h as a pass w o rd or certificat e . The RADIUS s er ver v erifies the clien t cred ential s an d resp onds wi th an accept o r rej ect pa ck et. If auth enti cati on is succe ss ful, t he sw itc h a llo ws t he cl ient to ac ce[...]
-
Seite 169
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-21 Displaying 802.1X Global Settings The 802. 1X protocol pro vides port authenticatio n. Command A ttri butes 802.1X System Authentication Control – The gl obal settin g for 802.1X. We b – Clic k Security , 802.1X, Infor mati on. Figure 6-6 802.1X Global Information CLI – T his example sho ws the [...]
-
Seite 170
U SER A UT HE N T IC AT ION 6-22 Configur ing 802.1X Global Settings The 802.1X protocol pro vides port authentication. T he 802.1X protocol mu st be ena bled glob all y for t he sw itc h sys tem befor e po rt setti ngs are acti v e . Command A ttri butes 802.1X System Authentication Control – Se ts the gl obal se tting for 802.1X. (Default : Dis[...]
-
Seite 171
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-23 Configur ing Port Sett ings for 802.1X When 802.1X is enabled, y ou need to configure the parameter s for the auth enti ca tion p ro cess that r uns b etw ee n the cli ent and t he sw itc h (i.e ., auth enti cato r), as w ell as th e cli ent ident ity loo kup pro cess that runs betw een t he s witc h [...]
-
Seite 172
U SER A UT HE N T IC AT ION 6-24 • Re-authentication Period – Se ts t he time per iod aft er w hich a connecte d client must be re -authenticated. (Range: 1-65535 seconds; Default: 3600 seco nds ) • TX Period – Sets the ti me p eri od du ring an a uth enti ca tio n ses sio n tha t the s wit ch waits before re-tr ansmitting an EAP packet. (R[...]
-
Seite 173
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-25 CLI – T his example sets the 802.1X parameters o n por t 2. For a description of the addition al fields displayed in th is exampl e, see “sho w dot1x” on page 22-41. Console(config)#interfa ce ethernet 1/2 25-2 Console(config-if)#dot1 x port-control auto 22-36 Console(config-if)#dot1 x re-authen[...]
-
Seite 174
U SER A UT HE N T IC AT ION 6-26 Displaying 802.1X Statistics Th is switch can display statistic s for dot1x protocol e x c hang es for any por t. Reauthentication State Machine State I nitialize . . . . 802.1X is disabled on p ort 1/19 Console# Table 6-2 802.1X S tatistics Parameter Description Rx EAPOL Start The number of EAPOL St art frames that[...]
-
Seite 175
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-27 We b – Select Sec urity , 802.1X, Statist ics . Select the r equired p ort and then click Quer y . Click R efresh to update the statist ics . Figure 6-9 802.1X Port Statistics CLI – T his example displays the dot1x st atistics for por t 4. Tx EAP Req/Id The number of EAP Re q/Id frames tha t have [...]
-
Seite 176
U SER A UT HE N T IC AT ION 6-28 Filte ring IP Addre sses for Manageme nt Acc ess Y ou can creat e a list of up t o 16 IP addres ses or IP addr ess groups that are allowe d manag ement access to the switch through the web interface, SNMP , or T elnet. Command U sage • The management interfac es are open to all I P addres ses by default . Onc e yo[...]
-
Seite 177
F ILTERING IP A DDR ES SES FOR M ANA GEME NT A CCE SS 6-29 We b – Click Security , IP Filter . Enter the IP addresses or range of addre sses that ar e allo wed mana gement access to an interfac e, and clic k Add I P Filte ring Entr y . Figure 6-10 IP Filter CLI – T his exampl e rest rict s manag em ent ac cess for T elnet client s. Console(conf[...]
-
Seite 178
U SER A UT HE N T IC AT ION 6-30[...]
-
Seite 179
7-1 C HAPTER 7 C LIEN T S ECURITY Th is switch suppo rt s many meth ods of seg r egatin g traffic for clients attache d to ea c h of th e da ta por ts, and for ensu ring that only autho rized clie nts gain a ccess to t he ne tw ork. P ri v a te VL ANs and po rt-bas ed authentica tion using IEEE 802.1X are commonly used for these p urposes . In add [...]
-
Seite 180
C LIE NT S ECURITY 7-2 Th is switch provides client se curity using th e following optio ns: • Priva te VL ANs – Pr ovide po rt-ba s ed s ecur ity and iso lati on be tween ports w ithin the assigne d VLAN. (See “Configu ring P rivate VLANs” on page 13-18.) • 802.1X – Use IEEE 802.1X por t authentica tion to control acce ss to specific p[...]
-
Seite 181
C ONFIGURING P OR T S ECUR IT Y 7-3 T o use p ort securi ty , spec ify a max im um n umber of add res ses t o all ow on the port and then let t he sw itch dynam ica lly l earn the < sourc e MA C addr ess, VLAN> pair f or fra mes re ceived on the po rt . Not e tha t you can also ma nua lly add secur e addres ses to the po r t us ing the Static[...]
-
Seite 182
C LIE NT S ECURITY 7-4 • Max MA C Co unt – The maximum number of MAC addres ses that can be learned o n a port. (Range: 0 - 1024, where 0 means disabled) • Trunk – Trunk number if port is a membe r (page 9-9 and 9-11). We b – Click Security , P or t S ecurity . Set the action to ta ke when an invalid addr ess i s dete cted on a por t, ma [...]
-
Seite 183
C ONFIGURING IP S OUR CE G UARD 7-5 Conf igurin g IP Sourc e Guard IP So urce Guard is a securi ty f eature that fi lters IP tr affic o n unsecu re network int erfac es base d on s tatic e n tries configured in the IP Source Guard ta ble, or dyna mic entrie s in the DHC P Snoop ing ta ble. Command U sage • Source gua rd is used t o filte r traffi[...]
-
Seite 184
C LIE NT S ECURITY 7-6 • If the IP s ource gu ard is e nabled, an in bound pa cket’s I P addre ss (sip optio n) or both its I P ad dre ss an d co rres pond ing MA C ad dress (sip- ma c opt ion ) will be chec ked aga i nst t he bin din g tabl e. If no match ing entr y is found, the pac ket will be dropped. • F iltering rules are imple mented a[...]
-
Seite 185
C ONFIGURING IP S OUR CE G UARD 7-7 IP Source Guard Fil ter • Port – Port for which to filter static entries. • Source IP – Filter s traf fic b ased on IP add resse s store d in th e bind ing table. • Source IP and MAC – Fil ter s traf fic b ased o n IP ad dress es an d cor r espo nding MA C addres ses st ore d in the bi nding table. We[...]
-
Seite 186
C LIE NT S ECURITY 7-8 CLI – T his example configures a stat ic sourc e-guard binding on port 1. Configu rin g DHCP Snooping The add resse s a ssign ed to DH CP clie nt s on unsecu re ports c an be careful ly co ntro lled us ing t he dy namic b ind ings regist ered w ith DHCP Snoo ping (or u sin g th e sta tic bindi ngs confi gure d with IP Sourc[...]
-
Seite 187
C ONFIGURING DHC P S NOOPING 7-9 • Wh en DH CP s noopi ng is en abled, DHCP message s en tering an untrusted interface are filtered base d upon dynamic entries le arned via DHCP sn oopin g. • F iltering rules are imple mented as follo ws: - If the D HCP sn oopin g is disab led glo bally, a ll DHCP packets are forwarde d. - If DH CP snoo pi ng i[...]
-
Seite 188
C LIE NT S ECURITY 7-10 • Additional considerations wh en the switch itself is a DHCP client – The p ort( s) through which the switch submits a client request to the DHCP serve r must be configured as trust ed. Note that the switch will no t add a dynamic entry for itse lf to the binding table w hen it receives an ACK messa ge from a DHCP ser v[...]
-
Seite 189
C ONFIGURING DHC P S NOOPING 7-11 • DHCP Snooping Service Provider Mode – Once an I P address is ass igned t o th e h ost b y a DHCP server , the switc h sets thi s en try to stat ic mode in the MA C add ress tab le, and r egister s th e host as a valid e ntr y in the DHCP snoo pin g ta ble . (De fault : Di sab led) - This functio n applies to [...]
-
Seite 190
C LIE NT S ECURITY 7-12 We b – Click DHCP Snooping , DHCP Snooping Config uration. Enable DHCP snoopin g status globally , enable it for the required VLAN s , select whe ther or not to v erify th e clie nt’ s MA C ad dre ss , configu re th ose por ts that will receive messages only from wi thin th e local netw ork as tr usted, and th en cl ick [...]
-
Seite 191
D IS PLAYI NG DHCP S NOOPING I NFOR MATION 7-13 Displaying DHC P Sn ooping Inf orma tio n Th e configuration se ttings and bindin g table entries can be disp layed on the DH CP Snoo ping In for matio n pag e. Command A ttri butes DHC P Sno opi ng Co nfig urat ion Se ttin gs • DHCP Snooping Status – D HCP sno oping globa l conf igura tion stat u[...]
-
Seite 192
C LIE NT S ECURITY 7-14 We b – Clic k DH CP Snoo ping, D HCP Snoo pin g In for mation. Figure 7-4 DHCP Snooping Information[...]
-
Seite 193
C ONFIGURING P ACK ET F ILT E RI N G 7-15 CLI – The se exa mples show the D HCP sno oping conf igura tion se tting s and b ind ing t able en tri es . Conf igur ing Pac ket Filt eri ng P ack et filter ing p rov ides securi ty b arriers be tw een t he cus tomer a nd th e ser vic e pr ovider, as well as be tween d iffer ent cust omer s att ached to [...]
-
Seite 194
C LIE NT S ECURITY 7-16 • Blo cking NetBIOS traffic common ly used for resource sharing in a peer -to-pee r en vironm ent to ensur e tha t no privil eged clien t data is pass ed to oth er d ata po rts. Command A ttri butes • DHCP Request – B locks DH CP r eq ues t pa ckets . (D efa ult: D isabl ed ) - In cases wh ere the IP addres s for a cl [...]
-
Seite 195
C ONFIGURING P ACK ET F ILT E RI N G 7-17 • NetBIOS – B locks Ne tBIO S packet s . (D efa ult: D isa bled ) - NetBIOS is commonly use d in local area networks to facilitate sh aring reso urc es such a s prin ters or fi le s betwe en comp uters . Howe ver, when p rovid ing n etwor k se rvices o ver the Int ernet to d ifferen t customers , all in[...]
-
Seite 196
C LIE NT S ECURITY 7-18 We b – Click Security , P ac ket Filter , Base Filter Configuration. Sele ct the type of ser vice packe ts to filte r , an d click Apply . Figure 7-5 Packet Filtering – Base Filter CLI – This examp le b loc ks DHCP ser vic e reques ts , DHCP repl y pac kets , and a ll NetB IOS pa cket s on port 1. Filtering I P/MAC Add[...]
-
Seite 197
C ONFIGURING P ACK ET F ILT E RI N G 7-19 • Thi s swit ch provides a t otal of 7 masks for filtering fun ctions, including IP-MAC address pack et filtering, NetBI OS packet filtering, DHCP packet fi lterin g, a nd ACL s. One mas k is allocate d to I P-MAC p acket filtering if any e ntries are defined. Th is mask w ill be released for use by other[...]
-
Seite 198
C LIE NT S ECURITY 7-20[...]
-
Seite 199
8-1 C HAPTER 8 A CCESS C ONTROL L ISTS Acce ss Co ntrol Lists (A CL) pro vide pac k et fi lteri ng f or IP fr ames (bas ed on add ress , pro toco l, La yer 4 protoc ol po rt nu mber o r TCP control code ), or an y frames (bas ed on MA C addr ess o r Ethernet typ e). To fil ter incom ing packets , firs t crea te an acce ss list, add t he req uired r[...]
-
Seite 200
A CCESS C ONTR OL L ISTS 8-2 Th e following filtering mo des are suppor ted: • Standar d IP ACL m ode (S TD-ACL) filte rs pac kets b ased o n th e sour ce IP add ress. • Extende d IP A CL m ode (EXT-A CL) fil ters packe ts bas ed on sou rce or dest inati on IP a ddress , as wel l as prot ocol t ype and p roto col port numbe r. If t he TC P pro [...]
-
Seite 201
C ONFIGURING A CCE SS C ONTR OL L IST S 8-3 • Egress MA C AC Ls onl y wor k for destina tion -mac-k now n pack ets, not for multic ast, br oadcas t, or destin ation- mac-unkn own pa ckets . Th e order in which activ e A CLs are chec ked is as follows: 1. User -defi ned rules in the Egr ess MAC ACL for egress po r ts . 2. User -defi ned rules in t[...]
-
Seite 202
A CCESS C ONTR OL L ISTS 8-4 We b – Click Security , A CL, Configuration. E nter an A CL name in the Name fi eld, sele ct the lis t type (IP St andard, IP Exte nded, or MA C ), and click Add to open the configuration p age for the new list. Figure 8-1 Selecting ACL Type CLI – This example creat es a st andard IP A CL name d bill. Configur ing a[...]
-
Seite 203
C ONFIGURING A CCE SS C ONTR OL L IST S 8-5 We b – Spec ify t he act ion ( i. e. , P er mit or Deny ). Se lect t he addr ess t ype (Any , Host, or I P). If y ou sel ect “Ho st, ” ente r a sp ecific a ddress . If y ou sele ct “IP ,” enter a su bnet addre ss an d the ma sk for an ad dres s ran ge. T hen click Add. Figure 8-2 ACL Configurati[...]
-
Seite 204
A CCESS C ONTR OL L ISTS 8-6 • Source/Destination Subnet Mask – Subnet m ask for s ource o r dest in ation addr ess. (See th e des cript ion f or Su bMas k on page 8-4.) • Service Type – Packet priority setting s based on the following c riteria: - Precedence – IP precede nce level. (Range: 0-7) - TOS – Type of Servi ce le vel. (Ra nge:[...]
-
Seite 205
C ONFIGURING A CCE SS C ONTR OL L IST S 8-7 We b – Specify th e acti on (i. e ., P er mit or Den y). Specif y the s ource an d/or dest inati on addr esses . Se lect the addres s typ e (A ny , H ost, or I P). If y ou selec t “Hos t, ” e nter a speci fic ad dress . If y ou sel ect “IP , ” enter a subn et addre ss and t he mask for an addr e[...]
-
Seite 206
A CCESS C ONTR OL L ISTS 8-8 3. Pe r m it all TCP pac k ets from class C addresses 192.168.1.0 with the TCP cont rol code s et to “SYN . ” Configur ing a MAC ACL Command A ttri butes • Act ion – An ACL ca n con tai n any co mbin atio n of p ermit or deny ru les. • Source/Destination A ddress T ype – Us e “Any” t o include all po ssi[...]
-
Seite 207
C ONFIGURING A CCE SS C ONTR OL L IST S 8-9 Command U sage Egress MA C A CL s onl y w ork f or dest ina tion-m ac-kn ow n pa ck ets , not f or multicast, broad cast, or d estin ation-ma c-unk nown packets . We b – Specify th e acti on (i. e ., P er mit or Den y). Specif y the s ource an d/or dest inati on add resse s . Select the addres s type ( [...]
-
Seite 208
A CCESS C ONTR OL L ISTS 8-10 Configur ing ACL Mas ks Y ou must spec ify masks that cont rol the order in which A C L r ules are c hec k ed. A CL r ules mat ch ing the first entry in the mask a re c h ec k ed first. R ule s mat ch ing sub sequen t entri es in the m ask ar e then ch ec ked in t he specified order . The swi tc h incl udes tw o system[...]
-
Seite 209
C ONFIGURING A CCE SS C ONTR OL L IST S 8-11 We b – Click Security , A C L, Mask Configuration. Click Edit for one of the bas ic m ask ty pes t o op en th e co nfig ur atio n page . Figure 8-5 Selecting ACL Mask Types CLI – This ex ample crea tes a n IP ingre ss m ask , and th en add s tw o r ules . Each rule is c hec ked in order of pre cedenc[...]
-
Seite 210
A CCESS C ONTR OL L ISTS 8-12 • Source/Destination S ubnet Mask – Sour ce or dest ina tio n addres s of rule mu st matc h this bi tmask. (See th e de scriptio n for S ubM ask on page 8-4.) • Proto col M ask – Check t he pr otoc ol fi el d. • Service Type Mask – Check the rule for the specifie d priority type. (Opti ons : Prece dence, T [...]
-
Seite 211
C ONFIGURING A CCE SS C ONTR OL L IST S 8-13 We b – C onfigur e the mask to m atch the requir ed r ules in the IP ing res s or egress A CLs . Set th e mask to c hec k for any source or dest ination addres s , a speci fic h ost add ress , or an add ress range . Incl ude ot her c riteri a to searc h for i n the r ul es , suc h as a prot oc ol ty pe[...]
-
Seite 212
A CCESS C ONTR OL L ISTS 8-14 CLI – This sh ow s th at th e ent ries in th e mas k o ver r ide th e prece den ce in which th e r ules are en ter ed int o the A CL. I n the f oll owing exa mpl e, pac k ets with the s ource add ress 10.1. 1.1 are dro pped bec ause t he “d eny 10.1.1.1 255.255.25 5.255” r ule has the higher preceden ce acco rdin[...]
-
Seite 213
C ONFIGURING A CCE SS C ONTR OL L IST S 8-15 We b – Configure the mask to match the re quired r ules in the MA C ing ress or egress A CLs . Set t he mask t o c hec k for a ny source or des tinati on addre ss , a host ad dress , or a n address ran ge. Us e a bit mask to se arch for specific VLAN ID(s ) or Ethe rn et type (s). Or check for r ules w[...]
-
Seite 214
A CCESS C ONTR OL L ISTS 8-16 CLI – T his examp le shows how to cre ate an Ing r ess MAC A CL and bin d it to a port. You can t hen see that the ord er of th e rules have b een cha nged by th e mask. Bindi ng a Port to an Acc ess Contro l List After configurin g the Access Cont rol Lists (A CL), you should bind them to th e p or ts th at n eed to[...]
-
Seite 215
B IND ING A P ORT TO AN A CCESS C ONTR OL L IST 8-17 • When an ACL i s bo und t o an in terf ace as an egress filter, all entries in the ACL must be deny rules. Otherwise , the bind op eration will fail. • The swit ch does not s uppor t the expli cit “ deny a ny a ny” r ule for t he egre ss IP ACL or the eg ress MAC A CLs. I f these rules a[...]
-
Seite 216
A CCESS C ONTR OL L ISTS 8-18 CLI – This examples assig ns an I P and MA C ingress A CL to po r t 1, an d an IP in gr ess A CL to por t 2. Console(config)#interfa ce ethernet 1/1 25-2 Console(config-if)#ip a ccess-group tom in 24-14 Console(config-if)#mac access-group jerry in 24-25 Console(config-if)#exit Console(config)#interfa ce ethernet 1/2 [...]
-
Seite 217
9-1 C HAPTER 9 P ORT C ONFI GURATION Displa ying Conn ecti on Sta tus Y ou can us e the P o rt Info r m ation or T r u nk In for matio n pag e s to disp lay the current con necti on stat us , includi ng link sta te , sp eed/dup lex m ode , flow co ntro l, and aut o-n egotiation . Field Attrib utes (W eb) • Name – Inter face labe l. • Type –[...]
-
Seite 218
P OR T C ONFIGURATI ON 9-2 We b – Click P or t, Po r t Infor mation o r T r unk Infor matio n. Figure 9-1 Port - Port In formation Field Attrib utes (CLI) Basic infor mation: • Port type – Indicates the port type. (100BASE-TX , 1000BASE-T, SFP) • MAC address – The physi cal layer addres s for t his po rt. ( To ac cess t hi s item on the w[...]
-
Seite 219
D ISPLA YI N G C ONNECTION S TATUS 9-3 “Conf iguri ng Int erfac e Conn ectio ns” on page 3- 48.) The follo wing capabilit ies are supporte d. - 10half - Suppor ts 10 Mbps half-d uplex op eratio n - 10full - Suppo rts 10 Mbps full-duple x ope ration - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-dup lex op[...]
-
Seite 220
P OR T C ONFIGURATI ON 9-4 CLI – This exampl e sho ws t he co nnect ion s tatus fo r P ort 5. Conf igu ring In te rface Conn ectio ns Y ou can use the P ort Configuration o r T r unk Configuration page to enable/disable an int erface , set auto -ne g otia tio n a nd th e in te rfac e capabilities to adv er tise, or man ually fix the sp eed and du[...]
-
Seite 221
C ONFIGURING I NTE RF A CE C ONNECTIONS 9-5 required operation mod es must be spec ified in the capab ilities list fo r an interface. • Auto-ne gotiatio n m ust be d isabl ed be fore you ca n co nfigur e or f orce the inte rface to use t he Sp eed /Duple x Mo de or Flow Cont rol optio ns. Command A ttri butes • Name – Allows you to label an i[...]
-
Seite 222
P OR T C ONFIGURATI ON 9-6 and IEEE 802.3x for full-duplex operat ion. (Avoid using flo w control on a port conn ected to a hub un less it is actually requir ed to solve a proble m. Othe rwise back pr essure jamming sig nals ma y degr ade overal l perf ormance for the s egment att ached to t he hub .) (Def ault: Au tone goti a tion i s per mane ntl[...]
-
Seite 223
C ONFIGURING I NTE RF A CE C ONNECTIONS 9-7 We b – Click P or t, P or t Config uration or T r unk Configuration. Modi fy the required interface settings , and click Apply . Figure 9-2 Port - Port Co nfiguration CLI – Select the inte rface, and t hen ent er the r equire d settin gs . Console(config)#interfa ce ethernet 1/19 25-2 Console(config-i[...]
-
Seite 224
P OR T C ONFIGURATI ON 9-8 Creati ng Trunk Grou ps Y ou can c reate m u ltiple li nks bet wee n devices that w ork as on e virtual, ag g reg ate lin k. A port tr unk offers a d ramatic in crease in bandwid th for network segments w here bottlene cks exist, as well as providing a fault-t oleran t link be tw een t w o de vices . Y ou can cre ate up t[...]
-
Seite 225
C RE AT I N G T RUN K G RO UP S 9-9 • The ports at both en ds o f a trunk mus t be configu red in a n identical manner , inclu ding co mmuni ca tion m ode (i.e. , sp eed, dupl ex mod e and flow cont rol), V LAN a ssignm ents, and Co S settin gs. • Any of th e Gi gabi t p orts on t he f ront pane l can be trunk ed t oget her , incl udin g port s[...]
-
Seite 226
P OR T C ONFIGURATI ON 9-10 We b – Click P or t, T r unk Membership . Enter a tr unk ID of 1-12 in the T runk field, s elect an y of the swit ch ports fro m th e scro ll-do wn port list, and c lic k Add. Aft er y ou ha v e comple ted ad din g ports to t he me mber lis t, click Apply . Figure 9-3 Static Trunk Configuration[...]
-
Seite 227
C RE AT I N G T RUN K G RO UP S 9-11 CLI – T his example creates tr unk 1 with port s 9 and 10. J ust connect the se po r ts to tw o static trunk ports on an othe r swi tc h t o for m a trunk. Enabling LACP on Selected Ports Command U sage • To avoi d creat ing a loop in t he net work, be sure you enable LACP b efore conn ect ing t he port s, a[...]
-
Seite 228
P OR T C ONFIGURATI ON 9-12 • A trunk fo rmed with another switc h using LACP will automatically be assi gned the n ext availab le trun k ID. • If mo re than e ight po rts attac hed to th e same ta rget sw itch have LACP enabled, th e additional ports will b e placed in stand by mode, and will only be enable d if one of the active links fails. [...]
-
Seite 229
C RE AT I N G T RUN K G RO UP S 9-13 CLI – T he f oll owing exa mp le en able s LACP f or p or ts 1 t o 6. Ju st co nnec t these ports t o LA CP-enab led trunk po r ts on anot he r swit ch to fo r m a tr unk. Configur ing LACP Parameter s Dynamically Creating a P or t Channel – P or ts ass igned to a common por t channel must meet the following[...]
-
Seite 230
P OR T C ONFIGURATI ON 9-14 Note: If the po rt ch annel adm in key (la cp admin ke y, pa ge 26-8) is not s et (t hrough th e CL I) wh en a c hanne l group is for med (i.e ., it has a null value of 0), this key is set to the same value as the por t admi n key us ed by th e inte rface s th at joi ned t he gr oup (lacp a dmin k ey, as desc ribe d in t[...]
-
Seite 231
C RE AT I N G T RUN K G RO UP S 9-15 We b – Click P or t, LA CP , Ag g re g ation P or t. Set the Sys tem Priority , Ad min Key , and P or t Priority for the P o rt Actor . Y ou can optio nally configure thes e settings for the P o rt P a rt ner . (Be aware that the se se ttings only affect the ad ministra tiv e state of the p art ner , and will [...]
-
Seite 232
P OR T C ONFIGURATI ON 9-16 CLI – The follo wing exampl e con figures LA CP para mete rs for ports 1-10. P or ts 1-8 are used as acti v e membe rs o f the L A G , po r ts 9 and 10 are set t o backu p mode. Console(config)#interfa ce ethernet 1/1 25-2 Console(config-if)#lacp actor system-priority 3 26-6 Console(config-if)#lacp actor admin-key 120 [...]
-
Seite 233
C RE AT I N G T RUN K G RO UP S 9-17 Displaying LACP P ort Counters Y ou can display sta tis tics fo r LA CP prot ocol mes sag es . We b – Click P or t, LA CP , P or t Counters In for mation. Select a member port to di sp la y the correspond ing i nfor mati on. Figure 9-6 LACP - Port Counters Information Table 9-1 LACP Port Coun ters Parameter De[...]
-
Seite 234
P OR T C ONFIGURATI ON 9-18 CLI – The follo wing examp le dis pla ys LA CP counte rs for port ch annel 1. Displaying LACP Setti ngs and Status for the Local Side Y ou can dis pla y config uration setting s and the operation al state for the local side of an link ag g re g ation. Console#show lacp 1 cou nters 26-10 Port channel: 1 ----------------[...]
-
Seite 235
C RE AT I N G T RUN K G RO UP S 9-19 LACPDUs Inte rnal Number of seconds bef ore invalidating rec eived LACPDU informat ion. Adm in S tat e, Oper Sta te Administrat ive or operationa l values of the actor’s state parameters: • Expi red – The a ctor’s recei ve machine is in the expi red state; • D efaulted – The ac tor’s receive m achi[...]
-
Seite 236
P OR T C ONFIGURATI ON 9-20 We b – Click P or t, LA CP , P or t Inter nal Infor mation. Se lect a por t c hannel to disp la y th e cor resp on ding i nfor mat ion. Figure 9-7 LACP - Port Internal Information CLI – The follo wing examp le dis pla ys the LA CP co nfigurat ion s ettin gs and o perati onal sta te for the lo cal s ide of po rt chan [...]
-
Seite 237
C RE AT I N G T RUN K G RO UP S 9-21 Displaying LACP Setti ngs and Status for the Remote Side Y ou can dis pla y config uration setting s and the operation al state for the remote side of an link ag g reg ation . Tabl e 9-3 L ACP Neig hbor Con figurati on Informat ion Field Description Partner Admin Syst em ID LAG partner’s sys tem ID assigned by[...]
-
Seite 238
P OR T C ONFIGURATI ON 9-22 We b – Click P or t, LA CP , P o rt Neigh bors Infor mation. Select a por t channel to display the cor re sponding info r matio n. Figure 9-8 LACP - P ort Nei ghbors Information CLI – The follo wing examp le dis pla ys the LA CP co nfigurat ion s ettin gs and o perati onal sta te for the r emote s ide of port ch anne[...]
-
Seite 239
S ETTING B RO AD C AS T S TORM T HR ES HOLDS 9-23 Setting Broad cast Storm Thre sholds Broadc ast s tor ms ma y o ccur wh en a d evice on yo ur net w ork i s malfunctionin g, or if application prog rams are no t w ell design ed or pro perl y config ured. If th er e is to o mu ch broad cast t ra ffic o n y our network, pe rfor manc e can be se v ere[...]
-
Seite 240
P OR T C ONFIGURATI ON 9-24 We b – C l i c k Po r t , Po r t B r o a d c a s t C o n t rol or T r unk Br oadcas t Control. Chec k th e Enab led bo x for any in terfac e , set the t hres hold, and cli c k Apply . Figure 9-9 Port Broadcast Control CLI – Specif y any inter face, a nd th en en ter the thre shol d. T he f ollowin g di sables br oadc[...]
-
Seite 241
C ONFIGURING P ORT M IR R ORING 9-25 Conf igurin g Po rt Mirrori ng Y ou can m ir ror t ra ffic from any s ource por t t o a targ e t por t for re al-time analysis . Y ou can t hen attac h a logic analyz er or RM ON pr obe t o the t arget port and s tudy the traffic cross ing the sou rce port in a compl etely uno btrusiv e manner . Command U sage ?[...]
-
Seite 242
P OR T C ONFIGURATI ON 9-26 We b – Click P or t, Mir ror Po r t Configuration. Spec ify the source port , the traf fic typ e to be mir rored, a nd th e monitor por t, th en click Ad d. Figure 9-10 Mir ror Port Configuration CLI – Use the int erfa ce comm and to se lect the mo nitor por t , the n us e th e por t moni tor c ommand t o specify the[...]
-
Seite 243
C ONFIGURING R ATE L IMITS 9-27 Note: You can al so set an SN MP tra p if tra ffic ex ceeds the co nfig ured rate limit using the CLI (see the “rate-limit trap-input” comman d on page 28-3). Comman d Attri but e Rate Limit – Set s the i npu t o r o utpu t r ate limit for an Et hernet interface, or th e input rate limit for a VLAN p ort member[...]
-
Seite 244
P OR T C ONFIGURATI ON 9-28 CLI - T his example sets the rate lim it for input and output traffic pass ing through por t 1 to 64 Kbps. Configuring the Rate Limit for a VLAN P ort Member We b - Click P or t, Rate Limit , Input VL AN Configuration. Se lect the por t , and the VLAN to which the por t belong s . S et the in put rat e limit for th e sel[...]
-
Seite 245
S HOWING P OR T S TAT IST IC S 9-29 Showing Port Statistics Y ou can d isp la y stand ard stati stics o n net w ork tr affic fro m th e Inter faces Group and Ether net-like MIBs , as well as a detailed breakdown of traffic bas ed on th e RMON MI B . Interfaces and E thernet-lik e st atist ics dis pla y errors on the t raf fic pa ssing thr ough eac [...]
-
Seite 246
P OR T C ONFIGURATI ON 9-30 Received Unkn own Packets The number of pac kets received via the interfa ce which were disc arded beca use of an unknow n or unsupported protocol . Received Errors The number of inbound pac kets tha t contained e rrors preventing them from being de liverable t o a higher-laye r protocol. Transmit Octets The tota l numbe[...]
-
Seite 247
S HOWING P OR T S TAT IST IC S 9-31 FCS Errors A count of frames rece ived on a particular interface that are a n integral number o f octets in len gth but do not pass the FCS check. This cou nt does not include frames receive d with frame-to o-long or frame-t oo-short error. Excessi ve Collisions A count of frames for which transmission on a parti[...]
-
Seite 248
P OR T C ONFIGURATI ON 9-32 RMON Stat isti cs Drop Events The total number of events in which packets were dropped d ue to lack of resource s. Jabbers The total number of frames received that were long er than 1518 octets (excluding framing bits, but including FCS octets ), and had either an FCS or alignment error. Received Bytes Total number of by[...]
-
Seite 249
S HOWING P OR T S TAT IST IC S 9-33 64 Bytes Frame s The total number of fra mes (includi ng bad pac kets) received an d transmitted that were 64 octets in len gth (excluding framing b its but includin g FCS oc tets). 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frame s 1519-1536 Byte Frame s The to[...]
-
Seite 250
P OR T C ONFIGURATI ON 9-34 We b – Click P or t, P ort Statistic s . Select the required interface, and clic k Quer y . Y ou can also us e the Refr esh but ton at the b ottom o f the pa g e to update the scre en. Fig ur e 9 - 13 Por t Sta ti st ics[...]
-
Seite 251
S HOWING P OR T S TAT IST IC S 9-35 CLI – T his e xample sho ws st atistics for port 12. Console#show interfaces counters ethernet 1/12 25-14 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets output: 34 92122 Unicast input: 7315, Unitcast output: 6 658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos inpu[...]
-
Seite 252
P OR T C ONFIGURATI ON 9-36[...]
-
Seite 253
10-1 C HAPTER 10 VDSL C ONFI GURATION VDSL co mm unic atio n para meters can be set for indi vid ual p orts , or multiple parameters c an be defined in a profile and applied globall y to the swit c h or to a group o f po r ts . Al ar m thr esho lds c an b e de fine d in a prof ile and the n applied globally t o the sw itch or to selecte d por ts . [...]
-
Seite 254
VDSL C ONFIGURATION 10-2 - Power Value – A power level for e ach of th e PSD bre akpo ints . (Range: An integer from 0 to 25 5, which is used to calculate a pow er level in terms of -140 + ( pow er -value ) * 0.5 dBm/Hz; Default: 255, w hic h is equiv alent to -12.5 dBm/Hz) Bre akpoi nts , whi ch a re de fine d b y a sig nal freq uency an d corre[...]
-
Seite 255
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR T S 10-3 the op timal transmis sion rat e for the cur rent c ondition s , se tting th e rate wi thi n th e bou nds def ined b y t he Da ta Rate . When ra te adapt ation is e nabled and the si gnal qualit y deterior ates on any line or th e link is re-established after being dropp ed, that por t will auto[...]
-
Seite 256
VDSL C ONFIGURATION 10-4 Upstre am po wer bac k-o ff (UPBO) i s used to mitigate far -end cr osstal k caus ed by upst ream tr ansm ission s from s hor ter to lo ng er lo ops . The boundi ng po we r lev els specifi ed i n th is tab le a re used to re shap e the PSD , en suring that th e sign als on shor t to lo ng loop s are c ompa tible. Th e trans[...]
-
Seite 257
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR T S 10-5 We b – Click VDSL, Glob al Configuration. Configure the required items , and click Apply . (Not e tha t the pa rame ters in the followin g screen are all set to the ir defa ult values .)[...]
-
Seite 258
VDSL C ONFIGURATION 10-6 Figure 10-1 VDSL Global Configur ation CLI – T his example disp lay s sample set tings for some of the VDSL global config urati on comma nds . Console(config)#lre psd-breakpoint 5 29-12 Console(config)#lre psd-frequencies 1 3750 29-13 Console(config)#lre psd-value 1 240 29-15 Console(config)#lre psd-mask-level 5 29-16 Con[...]
-
Seite 259
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-7 Conf igur ing In terfa ce Se tti ngs for V DSL Port s Th is section d escribes how to config ure communication paramet ers for VDSL p orts suc h as spec ifying dat a ba nd usa ge plan s , setti ng not ch es with in th e fre quency bands to a void i nter fere nce wi th ham r adio signa ls ,[...]
-
Seite 260
VDSL C ONFIGURATION 10-8 Confi gurat ion Table s • Channel Mode – Sets th e chan nel mode to fast or interle aved. (Default : Interl eaved) Inte rleavi ng pro tect s dat a ag ains t bur sts of e r ro rs by usin g the R e ed-Solom on error co r rec tion a lgorithm to s pread the e rrors ov er a n umber o f co de w o rds . A g re ater d eg ree of[...]
-
Seite 261
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-9 • Region Ham Band – Sets the h am rad io b and that w ill be bl ock ed to VDSL sig nals b ased o n defin ed usa ge type s. (Opti ons : S ee Table 2 9-5 , “HAM Band No tche s for Usage Type s, ” on page 2 9-1 0. Defa ul t: n one) Using a HAM ban d mask prev ents int erf erence with [...]
-
Seite 262
VDSL C ONFIGURATION 10-10 • PSD B reakpoints – See “Configuring Glo bal Settings for V DSL Ports” on p age 10-1. • PSD M ask Lev el – See “Configuring Glo bal Settings for V DSL Ports” on p age 10-1. • UPBO – See “Configuring Glo bal Settings for V DSL Ports” on p age 10-1. • Tone – Disab les do wnst rea m or upst ream V[...]
-
Seite 263
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-11 Th is minimum marg in indic ates the amoun t of inc rease in i mpulse noi se that the sy stem can tolerate under operational con ditions while stil l ensurin g required tran smission quality . Th is parameter is used to set the time span of impulse no ise protectio n, as se en at the in p[...]
-
Seite 264
VDSL C ONFIGURATION 10-12 We b – Click VDSL, VDSL P ort Conf iguration. Select one of the VDSL por ts from the scroll-down list , set the required paramete rs , and click Apply . ( Note t hat th e param eters in the fo llo wing scree n are al l set to the ir defa ult values .)[...]
-
Seite 265
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-13[...]
-
Seite 266
VDSL C ONFIGURATION 10-14[...]
-
Seite 267
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-15 Figure 10-2 VDSL Port Configuration[...]
-
Seite 268
VDSL C ONFIGURATION 10-16 CLI – This ex ampl e di spl ays s ample set ting s f or so me o f t he VD SL port config urati on comma nds . Conf igu ring L in e Profi les Th is section d escribes how to configure a list o f communication para meters such as da ta ra tes and acce pt able noi se ma rgins which can b e appli ed t o a ll VD SL po r ts or[...]
-
Seite 269
C ONFIGURING L INE P RO FI L E S 10-17 We b – Click VDSL, Line Profile Conf iguration. Select a line profile from the d rop- down list a bov e the L ine Pr ofile ta ble of c onnec tion par amete rs , configure th e required items in t his table, and then click the Appl y button ben eath th e tabl e to st ore the pr ofile sett in gs . No w sele ct[...]
-
Seite 270
VDSL C ONFIGURATION 10-18[...]
-
Seite 271
C ONFIGURING L INE P RO FI L E S 10-19[...]
-
Seite 272
VDSL C ONFIGURATION 10-20 Figure 10-3 Line Profile Configuration CLI – T his example displays sample settings for a line profile. Console(config)#line-profile southp ort 29-36 Console(config-line-profile)#channe l interleave 29-45 Console(config-line-profile)#ham-ba nd 11 29-40 Console(config-line-profile)#region -ham-band 34 29-41 Console(config[...]
-
Seite 273
D ISPLA YI N G VDSL S TATUS I NFOR MATION 10-21 Displaying VDSL Status Information Th is section d escribes th e infor matio n displayed for VDSL configuratio n settings , signal stat us , an d comm unicat ion statistics . Field Att ributes LRE Status – Communica tion s tatus of the VDSL line Table 10-1 LRE St atus Parameter Description Port Stat[...]
-
Seite 274
VDSL C ONFIGURATION 10-22 LRE Rate Information – Data Rates for the VD SL line Avg SNR Margin Average sig nal-to-n oise margin ab ove the SNR. Avg SNR Av era ge s ign al-t o- nois e ratio . Tabl e 10- 2 Ra te Status Parameter Description Port Status Indicates if the po rt is adminis tratively ena bled or disa bled. Line Rate The downstrea m and u[...]
-
Seite 275
D ISPLA YI N G VDSL S TATUS I NFOR MATION 10-23 We b – Click VDS L, VDSL Status Infor mation. Select a VDSL port from the d rop- down l ist, an d cli ck Quer y . Figu re 1 0-4 VDSL St at us Info rmati on[...]
-
Seite 276
VDSL C ONFIGURATION 10-24 CLI – This exam ple di spl ays conn ectio n st atu s and data ra te s for th e sele cted VD SL po rt . Console#show lre 1/1 29-79 port 1 status : port enable(provisioned ) port 1 status : port activating Downstream Training Margin: 8.0 dB Upstream Training Margin: 9.1 dB Downstream Line Protection (Slow Pa th): 0.0 DMT S[...]
-
Seite 277
D IS PLAYING VDSL P ERFO R MAN CE S TAT IST IC S 10-25 Displaying VDSL Pe rformance Sta tis tics Th is section d escribes the p erfor mance in for matio n displayed for VDSL lines , including common er ror cond itions over prede fined inter vals . Field Att ributes E rro r S t a t i s t i c s Ether net Recei ve Performance Counters Table 10-3 Erro [...]
-
Seite 278
VDSL C ONFIGURATION 10-26 Ether net T ransmit Perfor ma nce Counter s Alignment Errors Number of alignment errors (missynchroni zed data packet s). Oversize Number of frames received that were longe r than 1518 octets (excludi ng framing bits , but including FCS octets) and were otherwise well formed. Undersize Number of frames received tha t were [...]
-
Seite 279
D IS PLAYING VDSL P ERFO R MAN CE S TAT IST IC S 10-27 High-Le vel Data-Lin k Contr ol (H .D .L .C.) Perfor mance Co unters Table 10-6 H.D.L. C. Performan ce Counters Parameter Description CRC Errors Number of CRC errors (FCS or alignment errors). Invalid Frames Number of frame s not properly bou nded by flags , not containing an integral number of[...]
-
Seite 280
VDSL C ONFIGURATION 10-28 We b – Click VDS L, VDSL P e rfor mance Stat istics . Select a VDSL po r t from the drop -down list, and click Quer y . Figure 10-5 VDSL Performance Statistics[...]
-
Seite 281
D IS PLAYING VDSL P ERFO R MAN CE S TAT IST IC S 10-29 CLI – This exampl e di spla ys p erformance infor mat ion fo r the select ed VDSL po r t. Console#show lre perf 1/1 29-82 port 1 performance counters since l ast reset : Loss of frame : 0 Los s of signal : 0 Loss of power : 0 Err ored seconds : 17 Severely error seconds: 0 Una valiable second[...]
-
Seite 282
VDSL C ONFIGURATION 10-30 Conf igu ring an Ala rm Profi le Th is sect ion describe s how to c onfigur e a lis t of thre shold v alues for er ror state s whi c h ca n be a ppl ied to a sel ected group of po rts . Command A ttri butes • Alar m Profi le – Name of the profile. (Range: 1-31 alphanumeric cha ra c te rs ) The de fault profile includes[...]
-
Seite 283
C ONFIGURING AN A LAR M P RO FI L E 10-31 This parameter sets the thresho ld for t he n umber of se v erely errored seco nds wit hin any 1 5 mi nu te colle cti on int er va l for pe rfo r mance data. If t he num ber o f sev erely er r ored seco nds i n a p articular 15-min ute coll ectio n inte r val reac hes or ex ceeds thi s v alue, a v dslPe rfS[...]
-
Seite 284
VDSL C ONFIGURATION 10-32 inte r val reac h es or ex ceeds thi s v alu e , a v dslP erfLossThres hNotifi catio n notification will be ge nerated. (R efer to RFC 3728 for infor mation on this notific ation mess age.) No more than on e notific ation will be s ent per inte r val. • thresh-15min- uass – T hresh old for Unav ailable Seconds (U ASs) [...]
-
Seite 285
C ONFIGURING AN A LAR M P RO FI L E 10-33 • ini t-f ailu re – T hresh old for initialization failures that can o ccur wi thin any gi v en 1 5 min utes . (Rang e: 0-900 seconds , where 0 disables the threshol d; Default: 1) Th ere are many fact ors w hich can c ause an i nitialization failure , including lo ssOfFraming, lossO fSignal, lossO fP o[...]
-
Seite 286
VDSL C ONFIGURATION 10-34 We b – Click VDSL, Alar m Profile Configuration. Select a profil e from the drop -do wn l ist ab o v e th e Al ar m Profil e tab le o f thre shol ds , con fig ure th e requi red it ems in thi s tabl e , and then clic k the App ly bu tton beneat h th e table to store th e profile settings. No w sele ct the r equire d alar[...]
-
Seite 287
C ONFIGURING AN A LAR M P RO FI L E 10-35 Figure 10-6 Alarm Profile Configuration CLI – T his example displays sample settings for an alar m profile. Console(config)#alarm-profile south port 29-52 Console(config-alarm-profile)#thres h-15min-ess 25 2 9-54 Console(config-alarm-profile)#thres h-15min-sess 15 29-59 Console(config-alarm-profile)#thres[...]
-
Seite 288
VDSL C ONFIGURATION 10-36 Displaying CP E Information Th is section des cribes the infor mation d isplayed for an attac hed CPE, including fir mware module v ers ions , and pe rfor mance counte rs . Field Att ributes CPE Firmware Ve rsions CO Firmware Buffe r Information Table 10-7 CPE Firmware Versions Parameter Description Protocol Manuf acturer [...]
-
Seite 289
D ISPLA YI N G CPE I NFOR MATION 10-37 CPE Performance Counters Table 10-9 CPE Perfor mance Counters Parameter Descript ion cpe p erfermanc e counters FeFEC_F Far end Forward Error Correction on fast path FeCRC _F Far end CRC e rrors o n fast pa th FeFEC_S Far end Forward Error Correction on slow path FeCRC _S Far end CR C errors o n slow pa th FeF[...]
-
Seite 290
VDSL C ONFIGURATION 10-38 We b – Click VDSL, CPE Infor mation. Se lect a VDSL port from the drop-down list, and c lic k Quer y .[...]
-
Seite 291
D ISPLA YI N G CPE I NFOR MATION 10-39 Figure 10-7 CPE Information[...]
-
Seite 292
VDSL C ONFIGURATION 10-40 CLI – T his example displays infor mation about the CPE attached to the sele cted VD SL po rt . Console#show cpe-info 1/1 Protocol ID: Ikanos EOC Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff (H EX), -1 (DECIMAL) Host Application Version: 7.2.5 r7IK104012 BME Firmware Vers[...]
-
Seite 293
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW AR E 10-41 Conf igur ing O AM Functi ons and Upgradin g CPE Firmware Th is sectio n des cribe s operatio n an d mainte nance (O A M) fun ctions f or remot e cust omer pr emise s equipm ent (CPE) , su ch as cl earin g count ers , enabling lo opback testing, and upg rading fir mware. Command U s[...]
-
Seite 294
VDSL C ONFIGURATION 10-42 CPE , an d v erif ying th at the sig na l is ret urned fr om the CP E withou t any errors . Upgrading CPE Firmware • Upgrade Firmware – Transfers firmware from r eserved buffer space in the s witch to a remote CPE. • Firmware A ctive – Activates the alte rn ate ( inactive) BM E fir mwa re v ersio n on th e CPE . (B[...]
-
Seite 295
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW AR E 10-43 We b – Click VDS L, VDSL O AM. Select a VDSL po r t from the drop-d own list, and perfor m any of the local or re mote O AM function s lis ted un der t he Act io n field . Befor e upg r ading fir mware on an att ached CPE, fi rst download it to t he re ser ved buf fer space on the[...]
-
Seite 296
VDSL C ONFIGURATION 10-44 CLI – This exam ple shows how t o perf or m c omm on O AM fu nctio ns , and how to do wnload f ir mware to a CPE. Console(config)#interface ethernet 1/1 25-13 Console(config-if)#oam local clear counter 29-86 port 1 : success to clear pe rfermance counters! Console(config-if)#exit Console#copy tftp firmware 29-87 TFTP ser[...]
-
Seite 297
11-1 C HAPTER 11 A DDRESS T ABLE S ETTINGS Switches store t he add resse s for all known devices . This info r matio n is used to p ass t raff ic dir ect ly be twee n t he inb ou nd and outb ou nd po rts . All the add res ses learned b y mon ito ring tra ffic are stored in th e dy namic addre ss table . Y ou can also manua lly co nfigure static a d[...]
-
Seite 298
A DDR ES S T AB LE S ETTING S 11-2 We b – Click Address T a ble, Static Addresses . Specify the interface, the MA C address and V LAN , then clic k Ad d Static Addr ess . Figure 11-1 Stati c Addresses CLI – T his e xample adds an add ress to t he static ad dress table , but sets it to be delete d when the sw itch is reset. Disp layin g the Addr[...]
-
Seite 299
D ISPLA YI N G THE A DDRESS T ABLE 11-3 Command A ttri butes • Interface – I ndicates a port o r trunk. • MAC Address – Physic al address associated w ith this in terface. • VLAN – ID o f configured VLAN (1-4094). • Address Table Sort Key – Yo u can s ort th e inform ation di spla yed base d on M AC add re ss, VLA N or in terf ace ([...]
-
Seite 300
A DDR ES S T AB LE S ETTING S 11-4 CLI – This exampl e al so dis pla ys t he ad dress t able entrie s fo r port 1. Changing the Aging Tim e Y ou can set th e agin g time for e ntries in the d ynamic a ddres s table. Command A ttri butes • Agin g Stat us – Enable s/dis ables th e aging f unct ion. • Agin g Time – T he tim e afte r whi ch a[...]
-
Seite 301
12-1 C HAPTER 12 S PANNING T REE A LG ORITH M Th e Sp anni ng T re e Al g orit hm (STA) ca n be use d to d etec t and d isabl e network loo ps , and to provide ba ckup link s betwee n swit ches , bridg e s or routers . Th is allows t he switch t o interact w ith oth er bridging devices (t hat is , an ST A-comp liant swi tc h, brid ge or rou ter ) i[...]
-
Seite 302
S PANNING T RE E A LGORIT HM 12-2 Once a s table network topolo g y h as been e stablishe d, all brid ges listen fo r Hello BPDU s (Bridge Proto col Data Units) t ransmitted from the R oot Bridge. If a bridge does n ot get a Hello BPDU afte r a predefined inter v al (Maximum Age ), the bridg e assum es that the link t o the R oot Bridge is down. Th[...]
-
Seite 303
12-3 main ta in conn ecti vi ty amo ng eac h of the as sign ed VLA N g r oups . MST P then builds a Inter nal Span ning T ree (IS T) for th e R egi on conta ining all comm only co nfigure d MST P bridges . An MS T R egion consist s of a g roup of interc onne cted b ridg es tha t have the s ame MST Config uratio n Ident ifie rs (includ ing t he R eg[...]
-
Seite 304
S PANNING T RE E A LGORIT HM 12-4 MST P conn ects al l b ridges an d LAN se gmen ts wi th a sing le Co mmon an d Internal Span nin g T ree (CIST) . The CIST is for med as a resul t of the r unn ing sp anning tree alg orith m betwee n swi tches tha t supp or t the S TP , RSTP , MS TP pr otocols. Disp layin g Global Sett ings Y ou can d isp la y a su[...]
-
Seite 305
D ISPLA YI N G G LOBAL S ETTINGS 12-5 make it r eturn to a d iscardin g state; o therwise, temp orary d ata loops might result. • Designated Root – Th e pr iori ty and MAC ad dress of the dev ice in the Span ning Tre e tha t thi s switch ha s accep ted a s th e root de vice. - Root Po rt – The numb er of th e port o n this switch that is clos[...]
-
Seite 306
S PANNING T RE E A LGORIT HM 12-6 configur ation messag es at re gular in tervals. If t he root por t ages out STA information (provided in the last conf igurat ion mes sage) , a new ro ot po rt is s elected from among t he de vice p orts at tach ed to th e net work. (Refer ences to “po rts ” in this sec tion m eans “ interf aces ,” wh ich [...]
-
Seite 307
D ISPLA YI N G G LOBAL S ETTINGS 12-7 CLI – This command displays global ST A settings , follo we d by settings for each port . Note: The curren t roo t po rt an d curren t ro ot cost disp lay as zero when this device i s n ot conn ected to t he ne twork. Console#show spanning-t ree 31-25 Spanning-tree informati on ----------------------- -------[...]
-
Seite 308
S PANNING T RE E A LGORIT HM 12-8 Conf igu ring Glo ba l Sett ings Global se ttings apply to the ent ire switch. Command U sage • Span nin g Tre e Pr otoc ol 13 Uses RST P for the internal s tate m achine, b ut se nds only 802.1D BPDUs . This create s one spa nni ng t ree i nstanc e for t he en ti re netwo rk. If m ulti ple VLAN s ar e imp lement[...]
-
Seite 309
C ONFIGURING G LOBAL S ETTINGS 12-9 - Be care ful w hen s wit ch ing be twee n s pan ning tr ee m odes . Ch ang ing modes st ops a ll spannin g-tree insta nces for the prev ious mo de and restar ts the sy stem in the new mod e, tempo rarily dis rupting u ser traf fic. Command A ttri butes Bas ic Co nfig urati on of Glob al Se tti ngs • Spanning T[...]
-
Seite 310
S PANNING T RE E A LGORIT HM 12-10 reco nfigure. All de vice port s (excep t for de signat ed po rts) should receive configur ation messages at regular intervals. Any port that ages out STA information (provided in the last conf igur ation mess age) becom es t he design ated po rt for the atta ched LA N. If it is a root port , a new root port is s [...]
-
Seite 311
C ONFIGURING G LOBAL S ETTINGS 12-11 Confi gurat ion Se ttings fo r MSTP • Max Instance Numbers – The max imum number o f MST P in stan ces to wh ich th is swit ch can be as sign ed. (D efault: 33) • Configuration Digest – An M D5 sig natur e key that contai ns th e VLAN ID t o MST I D ma pp ing t able . In othe r word s, t his key is a map[...]
-
Seite 312
S PANNING T RE E A LGORIT HM 12-12 We b – Click Spanning T ree, ST A, Configuration. Modify the required attributes , and click Apply . Figure 12-2 STA Global Configura tion[...]
-
Seite 313
D ISPLA YIN G I NTERFACE S ETTINGS 12-13 CLI – Thi s exa mple ena bles S pan ning T ree Proto col, s ets th e m ode t o MST , and then confi gure s the ST A and MS TP par ameters . Disp laying Inter face Settings The ST A P or t Infor mation and ST A T r unk Infor mation pages d ispla y t he cur re nt sta tus of por ts and tr u nks in the S panni[...]
-
Seite 314
S PANNING T RE E A LGORIT HM 12-14 - If two por ts of a swit ch are conn ected to the sa me segm ent and the re is n o ot he r STA de vice a ttach ed to th is se gment , the port wi th the smalle r ID forward s packe ts and the other is discar ding. - A ll port s are disc ardin g wh en th e swit ch i s bo oted , th en so me o f th em ch an ge st at[...]
-
Seite 315
D ISPLA YIN G I NTERFACE S ETTINGS 12-15 • Trunk Member – Indicates if a po rt is a member of a trun k. (STA Port Informat ion only) These additio nal parame ter s are only displa y ed for the CLI: • Admin status – Shows if this in terface is enabled. • External path cost – The pat h cost for th e IST. Th is parameter is used by th e ST[...]
-
Seite 316
S PANNING T RE E A LGORIT HM 12-16 loop s. W here m ore t han o ne po rt is a ssi gned the h ighes t pr iorit y, t he port wit h the l owe st nu mer ic id enti fier wil l be en ab led. • Designated root – The pr iorit y and MAC ad dress of t he device in th e Span ning Tre e tha t thi s switch ha s accep ted a s th e root de vice. • Fast forw[...]
-
Seite 317
D ISPLA YIN G I NTERFACE S ETTINGS 12-17 CLI – This exampl e sho ws t he ST A attr ibutes for port 5. Console#show spanning-tree ethernet 1/5 31-25 Eth 1/ 5 information ----------------------------------- --------------------------- Admin Status: Enabled Role: Disabled State: Discardi ng External Admin Path Cost: 100000 Internal Admin Path Cost: [...]
-
Seite 318
S PANNING T RE E A LGORIT HM 12-18 Configur ing In terfa ce Settings Y ou can c onfi gure RSTP a nd MSTP a ttrib utes for sp ecific interfa ces , including p or t priority , path cost, link type, and edg e por t. Y ou may use a dif ferent pr iority o r pa th cos t for ports of the s ame m edia t ype to in dicate the p refer red path , link type t o[...]
-
Seite 319
C ONFIGURING I NTERFACE S ETTINGS 12-19 loop s. W here m ore t han o ne po rt is a ssi gned the h ighes t pr iorit y, t he port wit h lowest numeric id entifier will be enabled. - Default: 128 - Range: 0-240, in steps of 16 • Adm in Pat h Cos t – Thi s pa ra mete r is used by the ST A to de ter mine the best path be twee n dev ices. There fore,[...]
-
Seite 320
S PANNING T RE E A LGORIT HM 12-20 • Admin Link Type – The link type attache d to this in terface . - Point-to -Poin t – A co nnect ion to e xactly one othe r brid ge. - Shar ed – A co nnec ti on to tw o or mor e bri dges. - Auto – The switch automatically determines if the interface is attac hed to a po int-to-p oint lin k or to sha red [...]
-
Seite 321
C ONFIGURING I NTERFACE S ETTINGS 12-21 We b – Click Spannin g T ree, S T A, P o r t Configu ratio n or T r u nk Configuration. Mo dify the requir ed attr ibutes , th en cl ick A pply . Fig ure 12 - 4 ST A Po rt Co nf igu ra ti on CLI – T his exa mple se ts ST A attribu tes for por t 7. Console(config)#interface ethernet 1/7 25- 2 Console(confi[...]
-
Seite 322
S PANNING T RE E A LGORIT HM 12-22 Configu rin g Multi ple Span ning Tree s MSTP gene rates a uni que spann ing tree for eac h instan ce . This pro vides multiple pa thways acros s the ne tw ork, ther eby balanc ing the tr affic loa d, prev enting wide -scale dis r uption when a br idge nod e in a sing le in stan ce fails , and allowing for fas ter[...]
-
Seite 323
C ONFIGURING M ULTIPLE S PANNING T REES 12-23 • VLANs in MST Ins tance – V LANs as sign ed th is in stan ce. • MST ID – Instance identifier to configure. (Range: 0-4094; Default: 0) • VLAN ID – VLAN to assign to this selected MST instan ce. (Range: 1-4093) The other global attributes are d escribe d unde r “Displ ayin g Global Sett in[...]
-
Seite 324
S PANNING T RE E A LGORIT HM 12-24 CLI – T his displays ST A s ettings for instan ce 1, follow ed by settings for eac h po rt. Console#show spanning-tree mst 1 31-25 Spanning-tree information ----------------------------------- ---------------------------- Spanning Tree Mode: MSTP Spanning Tree Enabled/Disabled: Enabled Instance: 1 VLANs Configur[...]
-
Seite 325
D ISPLA YI N G I NTERFACE S ETTINGS FOR MSTP 12-25 CLI – This exampl e sets the p riori ty for M STI 1, and ad ds VLA Ns 1-5 to this MSTI . Display ing In terfa ce Setti ngs for MST P Th e MSTP P or t Infor mat ion and MS TP T r unk Infor mati on pa ges display the current stat us of p orts a nd trunks in t he sele cted M ST i nst ance . Field At[...]
-
Seite 326
S PANNING T RE E A LGORIT HM 12-26 CLI – T his displays ST A s ettings for instan ce 0, follow ed by settings for each por t. T he se ttin gs for inst ance 0 are gl obal set tings th at a pply t o the IST (p age 12-4), t he s ettin gs fo r other ins tance s only appl y to t he lo cal spannin g tree. Console#show spanning-tree mst 0 31-25 Spanning[...]
-
Seite 327
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-27 Configurin g Interfa ce Se ttings fo r MSTP Y ou can c onfi gure the ST A interface s ett ings f or an M ST I nstance using the MSTP P ort Con figuration and MSTP T r un k Configuration pag es . Field Att ributes The follo wing attrib utes are read -only an d cann ot be c han ged: • STA St at e –[...]
-
Seite 328
S PANNING T RE E A LGORIT HM 12-28 • Admin MST Path Co st – Thi s par amete r is used by th e MS TP to det ermine the bes t pa th be tw een device s. Theref ore, lowe r va lues sho uld be as sign ed to p orts at ta ched t o fas ter med ia , and high er va lues assig ned to po rts with s lower media. (Path co st takes preced ence over port prio [...]
-
Seite 329
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-29 We b – Click Spanning T ree, MSTP , P or t Con figuration or T r unk Configuration. Ente r the priority and pa th cost for a n interface, and clic k Apply . Figure 12-7 MSTP Port Configuration CLI – T his ex ample sets the M STP attribu tes for port 4. Console(config)#interface ethernet 1/4 25- 2[...]
-
Seite 330
S PANNING T RE E A LGORIT HM 12-30[...]
-
Seite 331
13-1 C HAPTER 13 VLAN C ONFI GURATION Sele cting th e VLAN Op erati on Mode The syst em ca n be co nf igured t o op erate in n or mal mode or one o f the tunnel ing m odes u sed for pass ing La y er 2 traffi c across a se r vice pro vide r’ s metropolitan area netw ork, includin g IEEE 802.1Q tu nneling (Qi nQ) or st atic VL AN t ag sw ap pin g ([...]
-
Seite 332
VLAN C ONFIGURATION 13-2 We b – Clic k VLA N , System Mode . Select th e r equire d mode , c lic k Ap ply . Figure 13-1 Selecting the System Mode CLI – T his ex ample sets the s witch to operat e in QinQ mode . IEEE 802.1 Q VLA Ns In la rge netw orks , router s are u sed to is ola te broadc as t tra ffic for ea ch subnet int o separate domain s[...]
-
Seite 333
IEE E 802.1 Q VLAN S 13-3 VLAN s pro vide g reate r net w ork effi ci ency b y reducing br oad cast tr affi c , and a llo w yo u to ma ke ne tw ork c hanges wit hout ha vi ng t o upda te IP addr esses or IP subn ets . VLANs inhe rently provide a high level of netw ork secu rity since t raffic m ust pass thr ough a config ured La ye r 3 link to reac[...]
-
Seite 334
VLAN C ONFIGURATION 13-4 VLAN C lassi fication – When the sw itc h recei ves a frame , it clas sif ies the fram e in on e of t w o w a ys . If th e frame is unt ag ged, the s witc h as signs the frame t o an as socia ted VLA N (base d on th e defaul t VLA N ID of the recei vin g po r t) . But if th e frame is tagg ed, t he sw itc h uses the ta g [...]
-
Seite 335
IEE E 802.1 Q VLAN S 13-5 forw ard th e message to all other po r ts . When the messa ge ar riv es at another sw itch that suppor ts G VRP , it will also place the receiving por t in the spec if ie d VLA Ns , and pa ss the me ss age on t o al l ot her p orts . VLA N requi reme nts are pro pa gated in t his w a y thro ugho ut t he netw ork. Thi s al[...]
-
Seite 336
VLAN C ONFIGURATION 13-6 switc hes , you s hould create a V LAN for that group and e nable tagg ing on all por ts . P ort s ca n be as sign ed to m ultiple tag g ed or untag ged VLANs . Ea ch port on th e switc h i s theref ore capab le of pas sing tag ged or untag ged frames . When forw arding a frame fro m this switc h along a path that cont ains[...]
-
Seite 337
IEE E 802.1 Q VLAN S 13-7 CLI – T his example enables GV RP for the switch. Displaying Ba sic VLAN Inform ation The VLAN Bas ic Info r mation page di spl ays ba sic i nfor matio n on the VLAN t ype su ppor te d by the swit ch. Field Att ributes • VLAN Ver sion Numb er 18 – T h e V L A N v e r s i o n u s e d b y t h i s s w i t c h a s specif[...]
-
Seite 338
VLAN C ONFIGURATION 13-8 CLI – Enter the following comman d. Displaying Current VLANs The VL AN Current T able s ho ws t he current p ort member s o f ea ch VLAN and wh ethe r o r not t he po rt supports V LAN t ag ging . P orts ass igned to a lar ge VLAN group t ha t cro sses se v er al s witc h es sh ould use VLAN tag ging . Ho wev er , if y ou[...]
-
Seite 339
IEE E 802.1 Q VLAN S 13-9 We b – Click VLAN , 802.1Q VLAN , Current T able. Select an y ID from the s croll-down list. Figure 13-4 VLAN Current T able Command A ttri butes (CLI) • VLAN – ID of configure d VLAN (1-4094, no leading zeroes). • Type – Sho ws ho w th is V LAN wa s added t o the s wit ch. - Dynamic : Automa tically le arned via[...]
-
Seite 340
VLAN C ONFIGURATION 13-10 CLI – Cur rent VL AN infor mation can be displayed wit h the following command. Cre ating VLA Ns Use th e VLAN Stati c Li st to c reate or remov e VLAN groups . T o propagate info r mation about VLAN groups used on this s witch to external net w ork devices , you m ust specify a V LAN ID for eac h of t hese gr o u p s . [...]
-
Seite 341
IEE E 802.1 Q VLAN S 13-11 • Remove – Remo ves a VLAN gr oup fr om the curr ent list. I f any po rt is assig ned t o this group as u ntagge d, it wi ll be reassig ned t o VLAN gro up 1 as untagged. We b – Click VLAN , 802.1Q VLAN , Static List. T o create a new VLAN , enter the VLAN ID and VL AN name, mark t he Enable c heckb o x to activate [...]
-
Seite 342
VLAN C ONFIGURATION 13-12 Adding Stat ic Memb ers to VL ANs (VLAN In dex) Use th e VLAN S tati c T able t o con figure p ort member s for th e sel ected VLAN index. Assign por ts as tag g ed if they are connected to 802.1Q VLAN compl iant devices , or unta g g ed th ey a re not c onnec te d to a ny VLAN -aw ar e devi ces . Or con figure a port as f[...]
-
Seite 343
IEE E 802.1 Q VLAN S 13-13 - Forbidden : Inte rface is forbidden from automati cally joining the VLAN via GVRP. For more information , see “Auto matic VLAN Regist rat ion” on page 1 3-4. - None : Inter face i s not a member of the V LAN. Pa ckets assoc iated with this V LAN will not be transmit ted by the int erfac e. • Trunk Member – Indic[...]
-
Seite 344
VLAN C ONFIGURATION 13-14 Adding Stat ic Memb ers to VL ANs (Port I ndex) Use th e VLAN Static Memb ership by P or t men u to assign VLAN groups to th e sel ect ed in te rfac e as a tag g ed mem ber . Command A ttri butes • Interface – P ort or tru nk id en tifi er. • Member – VLANs fo r which the s elected int erface i s a ta gged member. [...]
-
Seite 345
IEE E 802.1 Q VLAN S 13-15 Configur ing VLAN Behavior for Int erfaces Y ou can config ure VLAN behavior for specific int erfaces , in cluding the default VLAN identifi er ( PVID), ac cepted fr ame typ es , ing ress filteri ng, GVRP status , and GARP t imers . Command U sage • GVR P – GARP VLA N Reg istratio n Prot ocol d efine s a way fo r swit[...]
-
Seite 346
VLAN C ONFIGURATION 13-16 - If ingress filt ering is d isab led and a port recei ves fr ames tagg ed for VLANs for which it is not a member, th ese frames will be flooded to all o ther po rts (e xcept fo r th ose V L ANs explic itly forbidden o n this port ). - If ingress filtering is enabled and a port receives frames tagged for VLAN s for wh ich [...]
-
Seite 347
IEE E 802.1 Q VLAN S 13-17 belo nging to the po rt’s defa ult VLAN (i.e., asso ciated with the PVID ) are also transm itted as tagged frames. - Hybrid – Specifies a hybrid V LAN inte rface. The port may trans mit tagg ed or u ntagge d frames . • Trunk Member – Indicates if a po rt is a member of a trun k. To add a trun k to the sel ected VL[...]
-
Seite 348
VLAN C ONFIGURATION 13-18 Conf igur ing Pri vate VLANs Pri vate VLA Ns p ro vide port-based securi ty and i solat ion be tw een ports with in th e assi gned V LAN . Data tr affi c on d ow nlink ports can on ly be forw arde d to , and fr om, up link ports . (Note t hat pri v ate VLANs and nor mal VLANs can exist simultane ously within the same sw it[...]
-
Seite 349
C ONFIGURING P RI VATE VLAN S 13-19 Configur ing Uplink and Downlink P orts Use the Pri vat e VLAN Link Stat us page to set ports as dow nlin k or uplink ports . P ort s de sig nate d as do wn link p orts can no t com m unicat e wi th an y othe r por ts o n the swit ch ex ce pt for the uplin k por ts. Uplink por ts can comm unicate with any othe r [...]
-
Seite 350
VLAN C ONFIGURATION 13-20 Configuri ng Protoc ol-Based VLAN s The ne tw ork dev ice s re quir ed to supp ort mu lti pl e pr otoc ols canno t be easily g rouped into a common VL AN . This may require non-stan dard devices to pass traffic betw een diff erent VL ANs in order to en com pass all the devices particip ating in a spec ific protoc ol. This [...]
-
Seite 351
C ONFIGURING P RO T O CO L -B AS ED VLAN S 13-21 Configur ing Protocol Groups Creat e a pro toco l group fo r one or m ore pr otoc ols . Command A ttri butes • Protocol Group ID – Group identifier of this protocol group. (Range : 1-21 474836 47) • Frame Type 20 – Fram e type use d by this pr otocol. (Optio ns: Et hernet , RFC_1042, LLC_othe[...]
-
Seite 352
VLAN C ONFIGURATION 13-22 Mapping Protocols to VLANs Map a protocol g roup to a VLAN for ea c h interface that will par tici pate in the g rou p . Command U sage • When cr eatin g a prot oc ol-ba sed VLA N, only assign inte rfaces us ing thi s con figurat ion sc reen . If you as sign in terfac es us ing an y of the o ther VLAN m enus suc h as the[...]
-
Seite 353
C ONFIGURING P RO T O CO L -B AS ED VLAN S 13-23 We b – Click VLAN , Protocol VL AN , P ort Con figuration. Select a a por t or t r unk, en ter a prot ocol group ID , the c or res pondi ng VLAN I D , and click Apply . Figure 13-12 Protocol VLAN Po rt Configuration CLI – T he fo llo w ing maps the traf fic enter ing P ort 1 whic h matc hes the p[...]
-
Seite 354
VLAN C ONFIGURATION 13-24 Co nfigu rin g IEE E 80 2.1Q Tunn elin g IEEE 802.1Q T unneling (QinQ) is design ed for ser v ice pro viders car r ying traffic for multiple custom ers across thei r networks . QinQ tunnelin g is used to mai ntain cu stomer -specifi c VLAN and La y er 2 pro toco l conf igurat ions ev en when diffe rent customers use t he s[...]
-
Seite 355
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-25 be added to th is SPVLAN . Th e uplink por t can be added to mu ltiple SPVLAN s to carr y inb ound traffi c for d iffere nt cust omer s onto the ser vice pro vi der’ s netw ork. When a doub le-ta g ged pac k et en ters anoth er trunk port i n an inter med iate or cor e switch in th e ser vice provider ?[...]
-
Seite 356
VLAN C ONFIGURATION 13-26 Th e ing ress pr ocess does s ource and destinati on lookups . If both loo kups are s uccess ful, the ingress pro cess wri tes the pa ck et t o me mory . T hen the egress pr ocess tran smit s th e p ack et. P ack ets ent ering a Qi nQ tunn el p ort are p roc essed in th e fol lo wing man ner: 1. New SPVLAN tags ar e added [...]
-
Seite 357
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-27 Th e ing ress proc ess does source and dest ination lo okups . If b oth lookups are s uccess ful, the ingress pro cess wri tes the pac k et t o me mory . T hen the eg r ess pr oces s tra nsmi ts the packet . P ackets e nteri ng a Qi nQ u plin k por t are p roc essed in th e fol lo wing man ner: 1. If inco[...]
-
Seite 358
VLAN C ONFIGURATION 13-28 8. If the egress po rt is an un tag ged member o f the SPVLAN , the out er tag will be st ripped. If it is a tag g ed member, the outg oing pac ket will ha v e tw o tags . Confi gurat ion Li mitation s for Q inQ • T he nat ive V LAN of u plink po rts s hould no t be u sed as the SP VLAN. If the SPVLAN is th e uplink port[...]
-
Seite 359
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-29 4. Set the T ag Protoco l Id enti fier (TPID ) v alue of th e tun nel port. This ste p is required is the attached client is using a no nstandard 2-byte ethe r type t o id entify 802.1Q t ag ged frames . The standa rd et hertype va lue is 0x8100. (See “ A dding an Interface to a QinQ T unnel” on page [...]
-
Seite 360
VLAN C ONFIGURATION 13-30 Adding an Interf ace to a QinQ Tunnel F ollo w t he gu ideli nes in the pr ecedi ng sect ion to set up a Q inQ tunn el on the sw itch. Set the in g res s por t on the se r v ice provider ’ s net w ork to dot1Q tunne l mode. Set the Tag Protocol Identifier (TPID) value of th e tunne l por t if the attached client is using[...]
-
Seite 361
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-31 nece ssary to s uppor t r eal-ti me se rvices ac ross the b ackbon e net work, then you may have to e nable prio rity b it mapping from the inner to outer VLAN t ag to ensu re timely servic e. We b – Click VLAN , 802.1 Q T unneling . Se t the mode for the tunnel port to Dot1q -T u nnel, se t the TPI D i[...]
-
Seite 362
VLAN C ONFIGURATION 13-32 CLI – This exam ple c onfigu res t he sw itc h to copy t he p rior ity bits f rom the inn er to ou ter VLA N ta g, it then s ets p ort 2 to t un nel mode , and indicates that the TPID used fo r 802.1Q tag g ed frames will be 9100 hexad ecimal. Console(config)#qinq pr iority map 32-26 Console(config)#interfa ce ethernet 1[...]
-
Seite 363
C ONFIGURING VLAN S WAP P IN G 13-33 Configu rin g VLAN Swappi ng QinQ t unne lin g uses do uble taggi ng t o pre serve t he cus tomer’ s VL AN tags on tr affic c ro ssing the se rvice p rov ider’s netw ork. Howeve r, i f any swit ch in t he p ath cr ossi ng the s ervic e provi der’ s net work does n ot sup port th is feature , then th e loca[...]
-
Seite 364
VLAN C ONFIGURATION 13-34 Field Attrib utes • Entry Counts – The num ber o f ent ries in th e VLAN swapp ing t able . • VLAN Swap Tab le – Cont ains each entr y in th e VLA N s wappin g ta ble. • InPort – Port throu gh which tr affic is enteri ng the swit ch. (Range: 1-18) • OutPort – Port through w hich traffic is leaving t he swit[...]
-
Seite 365
C ONFIGURING VLAN S WAP P IN G 13-35 CLI – T his e xample conf igures VLAN s w apping fo r upstre am traffic between port 1 and port 18, ex ch anging VLAN ID 1 for VLAN ID 3. It then set s VLAN sw app ing for do wnstream traffic to ex c hange VLAN ID 3 for VLAN I D 1. Console(config)#system mode vlan-swap 20-13 Console(config)#interfa ce ethernet[...]
-
Seite 366
VLAN C ONFIGURATION 13-36[...]
-
Seite 367
14-1 C HAPTER 14 C LASS OF S ERVICE Class of Ser vice (CoS) allows you to specify which data pack ets hav e greater pr ece dence whe n traf fic i s buf fered in th e swit ch due to cong e stion . Th is switch s uppor ts CoS wit h eigh t priorit y que ues for each por t. Data packets in a por t’ s high-prio rity queue will be transmitte d before t[...]
-
Seite 368
C LASS OF S ER VICE 14-2 Command A ttri butes • Default Priority 21 – The prior ity that is assigne d to unta gged frame s received on the specified interface . (Range: 0 - 7, Default: 0) • Number of Egress Traffic C lasses – The nu mber of queu e buf fers provid ed for each port. We b – Click Prior ity , Default Port Prio rity or De faul[...]
-
Seite 369
L AYER 2 Q UEUE S ETTINGS 14-3 CLI – T his examp le assig ns a default p riority of 5 to p or t 3. Mapp ing CoS Va lues to Egr ess Queue s Th is switch processes Class of Ser v ice (CoS) priority tag g ed traffic by using ei ght prio rity qu eues for ea ch po r t, wi th ser vice s c hedul es b ased o n strict o r W eighte d R ound R obin (WRR). U[...]
-
Seite 370
C LASS OF S ER VICE 14-4 The priority leve ls recommended in the IEEE 802.1p standard for v arious network applications are sh own in th e fo llo wing tabl e . H ow ever , y ou can map the priority le v els to the swit c h’ s output queues in any way that ben efit s applic atio n traff ic fo r y our o wn netw ork. Command A ttri butes • Priori [...]
-
Seite 371
L AYER 2 Q UEUE S ETTINGS 14-5 We b – Click Pr iority , T raffi c Classe s . Assign pr iorit ies to th e traf fic clas ses (i.e ., o utput que ues), th en clic k Apply . Figure 14-2 Traffic Classes CLI – The follo wi ng exam pl e sho ws ho w to c han ge the Co S assig nme nts to a one-t o-one ma pping . * Mapping specific v a lues for CoS p rio[...]
-
Seite 372
C LASS OF S ER VICE 14-6 Selecting the Queue Mode Y ou can se t the swit ch to ser vice the qu eues b ased o n a stric t r ule that require s a ll tr affi c in a h igh er pri orit y queue t o be pr ocess ed bef ore low er prior ity queu es are ser viced, W eigh ted R ound-R obin (WRR) que uing tha t specifies a relativ e weight of each queue , or a[...]
-
Seite 373
L AYER 2 Q UEUE S ETTINGS 14-7 We b – Click Priori ty , Queue Mode. Sele ct Strict or WRR, then click Apply . Figure 14-3 Queue Mode CLI – The follo wing set s the que ue mo de to strict prio rity service mode . Setting the Service Weigh t for Traffic Classes Th is sw itch uses the W eight ed Roun d R obin (WRR ) al g ori thm to deter min e the[...]
-
Seite 374
C LASS OF S ER VICE 14-8 Command A ttri butes • WRR Setting Table 23 – Di spla ys a lis t of wei ghts fo r each tr affic cl ass (i.e. , queue). • Weig ht Val ue – Set a new wei ght fo r the s elected traffi c cl ass. (Range: 0-15) Use q ueue weig hts 1-15 fo r queues allo cated service tim e based on WRR. Queu e weigh ts mu st be co nfig ur[...]
-
Seite 375
L AY ER 3/4 P RI ORI TY S ETTINGS 14-9 CLI – The follo wi ng exam ple s ho ws ho w to assi gn WRR w eight s to pri or ity queu es 0- 5, a nd stri ct p ri ori ty to qu eues 6 an d 7. Laye r 3/4 Prio rity Setting s Map pi ng L aye r 3/ 4 P rio ri tie s t o C oS V alu es Th is switch suppo rt s several common meth ods of pr ioritizing layer 3/4 traf[...]
-
Seite 376
C LASS OF S ER VICE 14-10 Selecting IP Precedence/DSCP Priority The s witch all ows you to ch oose be tween usi ng IP Prec ede nce or DSCP priorit y. Se lect on e of the method s or di sable th is fea ture. Command A ttri butes • Disabled – Disabl es both priority se rvices . (This is the defa ult sett ing.) • IP Precedence – Map s la yer 3[...]
-
Seite 377
L AY ER 3/4 P RI ORI TY S ETTINGS 14-11 Mapping IP Precedence The T ype of Se r vice (T oS ) oct et i n th e IPv4 he ader i ncludes thr ee prec edence bit s de finin g eig ht d iffere nt p riori ty l ev els ra nging from hig hest pri ori ty for ne tw ork co ntro l pac kets t o l ow est prio rity for ro uti ne tr affi c . The defaul t IP Pr eceden c[...]
-
Seite 378
C LASS OF S ER VICE 14-12 We b – Clic k Priori ty , IP Prece dence Prior ity . Select an en tr y fro m the I P Preced ence Pri orit y T able , en ter a v alue in th e Class o f Ser vice V alue fiel d, and th en cl ick A pply . Figure 14-6 IP Precedence Priority CLI – The follo wing examp le gl obal ly enab les IP Prece dence s er vice on the sw[...]
-
Seite 379
L AY ER 3/4 P RI ORI TY S ETTINGS 14-13 Mapping DSCP Prior ity The DSCP is six bits wide , allo wing codi ng for up t o 64 different forward ing beh aviors . The DSCP repl ace s the T oS bits, but it ret ains backw ard compatibility with the thre e precedence bi ts so that non -DSCP compliant, T oS-enable d devic es , will not conf lict w ith t he [...]
-
Seite 380
C LASS OF S ER VICE 14-14 We b – Click Priority , IP DSCP Priority . Select an entr y from the DSCP tabl e, ente r a v alue in the Clas s of Se r vice V alue field, then cli ck A pply . Figure 14-7 IP DSCP Pri ority CLI – T he following example globally enables DSCP Priority ser vice on the s witch, maps DSCP value 0 to Co S value 1 (on por t 1[...]
-
Seite 381
L AY ER 3/4 P RI ORI TY S ETTINGS 14-15 Mapping IPv6 Traffic Classe s The T raf fic C lass field in t he IP v6 he ader may be us ed by orig inat ing node s and/ or for war ding rout ers to id enti fy and distin guish be twee n different classes or priorities for IPv6 packets. (See RFC 2460.) Command U sage Nodes th at sup por t a sp ecific use of s[...]
-
Seite 382
C LASS OF S ER VICE 14-16 CLI – The follo wing exampl e maps t he T raffic Class v alue of 1 to Co S va l u e 0 . Ma ppin g IP Por t Pr iori ty Y ou can also map network ap plicatio ns to C lass of S er vice values ba sed on the I P por t number (i. e., TCP/UDP po rt num ber) in th e frame he ader . Some o f the more common T CP ser vice ports in[...]
-
Seite 383
L AY ER 3/4 P RI ORI TY S ETTINGS 14-17 Clic k Priority , IP P ort Priority . Enter the po rt number for a netw ork application in the I P P or t Numb er bo x and the new CoS value in the Class of Ser vic e bo x , a nd th en cl ick A ppl y . Figure 14-10 IP Port Priority CLI – T he following example globally enables IP P ort Priority ser vice on [...]
-
Seite 384
C LASS OF S ER VICE 14-18[...]
-
Seite 385
15-1 C HAPTER 15 Q UALITY OF S ERVICE Th e commands described in this section are used to config ure Quality of Ser vice ( QoS) cla ssi ficati on crit eri a and s er vice po licies . Different iate d Ser vi ces (DiffSer v) provides policy-b ased manag ement mechanism s used for p riori tizi ng net w ork res ource s to meet t he requi remen ts of sp[...]
-
Seite 386
Q UALITY OF S ER VI CE 15-2 Notes: 1. You ca n con figure up to 16 rules per C lass Map. Y ou can also include multiple cl asses in a Policy Map. 2. You sh ould crea te a Clas s Ma p b efore c reatin g a Pol ic y Map. Othe rwis e, yo u wil l no t be a ble to s elect a Cl ass M ap f rom th e Poli cy Rule Setti ngs screen (see page 15-9). Conf igurin[...]
-
Seite 387
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-3 Configur ing a Class Map A clas s ma p is us ed for matc hing pac kets t o a s pecif ied class . Command U sag e • To conf igure a Clas s Map , foll ow th ese s teps : - Open the Class Ma p page , and click A dd Cla ss. - When the Class Configuration page op ens, fill in the “Class Name” f[...]
-
Seite 388
Q UALITY OF S ER VI CE 15-4 Sett ings ” pag e. Ent er th e cri teria us ed to clas sif y ingre ss tr affic on this web pag e. • Remove Class – Rem oves the se lected clas s. Class Configuration • Class Name – Name of the class map. (Rang e: 1-16 chara cters) • Type – Onl y one mat ch com man d is pe rmi tted per cl ass map, so t he ma[...]
-
Seite 389
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-5 We b – Click Qo S , Di ffSer v , then cli ck Add C las s to cr eate a new cl ass, or Edit R ules to chang e the r ule s of an existing class . Figure 15-1 Configuring Class Maps CLI - This exam ple creat es a class m ap cal l “rd-cla ss , ” and sets it to mat ch packet s mar ked f or DS CP[...]
-
Seite 390
Q UALITY OF S ER VI CE 15-6 Creating QoS Policies This f unct ion crea tes a pol icy map t hat c an be att ac hed to m ult iple interfaces . Command U sag e • To conf igure a Pol icy Ma p, f ollow these step s: - Create a Class Map as describ ed on page 15-3. - Open the Policy Map page, and click Ad d Policy. - When the Policy Config uration page[...]
-
Seite 391
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-7 Command A ttri butes Pol i c y Ma p • Modify Name and Description – Co nfig ures t he na me and a b rief des cription of a policy ma p. (Ra nge: 1-16 ch arac ters f or the n ame; 1-80 chara cters fo r the des cription) • Edit Class es – Opens the “Policy Rule Settings” page for the s[...]
-
Seite 392
Q UALITY OF S ER VI CE 15-8 • Remove Class – Deletes a class. - Pol ic y Op ti ons - • Class Name – Name of class map. • Act ion – Config ures the ser vice provided to ing re ss traffic b y setti ng a CoS , DSCP , or IP Preced en ce v alue i n a ma tc hin g pac ke t (as specifi ed i n Match Cla ss S etting s on pag e 15 -3). (Ran ge - C[...]
-
Seite 393
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-9 We b – Click QoS , DiffSer v , P olicy Map to disp la y the list of existin g policy maps . T o add a new policy map click Add P o licy . T o configure the policy r ule se ttings click Edit Classes . Figure 15-2 Configuring Policy Maps[...]
-
Seite 394
Q UALITY OF S ER VI CE 15-10 CLI – T his example creates a pol icy map calle d “rd-policy , ” sets the av erag e bandwidth the 1 Mbps , the burst rate to 1522 bps , an d the res ponse to re duce the DS CP valu e for viola ti ng packets to 0. Attaching a Policy Map to Ingress Queues Th is function binds a po licy map to the ing ress queue of a[...]
-
Seite 395
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-11 We b – Click QoS , DiffSer v , Ser vice P olicy Set tings . Check Enabled and choose a P olicy Map for a por t from the scroll-d own box, then click A pply . Figu re 15- 3 Servic e Po licy Sett ings CLI - T his example app lies a ser vice policy to an ing re ss interface. Console(config)#inte[...]
-
Seite 396
Q UALITY OF S ER VI CE 15-12[...]
-
Seite 397
16-1 C HAPTER 16 M ULTICAST F ILTERING Multicasting is used to suppor t real-t ime application s such as videocon ferencing or streaming audio . A multicast ser ver doe s not have to estab lish a se para te conn ection with e ach client . It m erely broad casts its se r v ice to the network, and any h osts t hat w ant to re cei v e the multicast re[...]
-
Seite 398
M ULTICAST F ILTERING 16-2 thos e ports onl y . I t then pro pagates th e ser vice requ est up t o any neighbo ring multicast switch/route r to ensure th at it will continue to receiv e the multicast ser vice. Th e purpos e of IP multicast filterin g is to optimiz e a switched network’ s perfor mance, so multicast packets will only be forwarded t[...]
-
Seite 399
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-3 is forwarde d to the host s from each of th ese s ource s . IGMPv 3 hosts m ay also request tha t ser vice be forw a rded fro m all s ources ex cept for those specified. In this case, traffic is filtered from so urces in the Ex clude list, and f orw arded f rom all ot her a vail able sourc es . Notes: 1. [...]
-
Seite 400
M ULTICAST F ILTERING 16-4 Configur ing IGMP Snooping and Query Pa rameters Y ou can config ure the switch to forward multicast traffic intellig e ntly . Based on t he IG MP q uer y a nd report messages , the s witc h fo rw ards t raf fic only to the ports t hat request mu lticast traffic. T his prevents the switch from bro adcasting th e traffic t[...]
-
Seite 401
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-5 Command A ttri butes • IGMP Status — Wh en en abl ed , the s wit ch wi ll moni tor n etwo rk traff ic to determine which h osts want to rec eive multicast traffic. This is also referr ed to as IGMP Sn ooping. ( Default: Enable d) • Act as IGMP Q uer ier — When en abl ed, the swi tch c an ser ve as[...]
-
Seite 402
M ULTICAST F ILTERING 16-6 We b – Clic k I GMP Snoo pin g, I GMP Co nfiguration. Adjus t the IGMP sett ings as req uired, a nd then click Apply . (Th e default settings a re shown below .) Figure 16-1 IGMP Configuration CLI – T his example modifie s the settings fo r m ulticast filteri ng, and then disp la ys t he current s tatus . Console(conf[...]
-
Seite 403
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-7 Displaying Interfaces Attached to a Multicast Router Mult icas t rout ers t hat are attac hed to ports on the s wit ch use in for matio n obtained from IGMP , along with a m ulticast routin g protoco l suc h as D V MRP or PIM , to supp or t IP multic ast ing acro ss the Inter n et. T he se routers may be [...]
-
Seite 404
M ULTICAST F ILTERING 16-8 CLI – T his examp le shows th at P or t 11 h as been statically configured as a port attache d to a m ulticast r outer . Specifying Static Interfaces for a Multicast Router De pendin g on y our network conne ction s , IGMP snoop ing m ay not always be ab le to locate th e IGMP querie r . Therefore , i f the IGMP que rie[...]
-
Seite 405
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-9 CLI – T his example configures por t 11 as a multicast router por t within VLAN 1. Displaying P ort Member s of Mult icast Services Y ou can d isp la y th e port members associ ated with a spec ified V LAN an d multicast ser vice. Command A ttri butes • VLAN ID – Select s the VLAN for wh ich to disp[...]
-
Seite 406
M ULTICAST F ILTERING 16-10 We b – Click IGMP Snoop ing, IP Multicast R egi stration T able. Select a VLAN ID and the IP address fo r a m ulticast ser vice from the scroll-down lists . The switch will disp lay all the interfaces that are propag ating th is multicast ser vice. Figure 16-4 IP Multicast R egistrati on Table CLI – T his example dis[...]
-
Seite 407
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-11 Ass igning Port s to Mult icast Ser vic es Multicast fi ltering can be dynamical ly configured using IGM P Snoopin g and IG MP Qu er y mes sage s a s desc ribe d in “Conf iguri ng IGM P Sno oping and Quer y Par ameters ” on pag e 16-4. F or cer tain applications th at require tighter cont rol, you ma[...]
-
Seite 408
M ULTICAST F ILTERING 16-12 We b – Clic k IGMP Snoo ping , IG MP Me mber P or t T abl e . Spe cif y the interface attache d to a m ulticast ser v ice (via an IGMP-enabled sw itch or multicast rou ter), indica te the VLAN tha t will pr opag ate th e multicast ser vice, specify the multicast IP address, and click Add. After you ha ve complete d add[...]
-
Seite 409
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-13 Configur ing Immediat e Leave from Multicast Groups T he s wit ch can be co nfi gur ed t o im med ia tel y de lete a me mb er po rt of a multicast ser vi ce if a leav e pack et is recei v ed at that port and the immediate-leave function is enabled for the parent VLA N . Command U sage • If immed iate l[...]
-
Seite 410
M ULTICAST F ILTERING 16-14 We b – Clic k IGMP Sn oopi ng , IGMP Imm edia te Lea v e T able. Sel ect the VLAN interface to configure, set the status for immediate leav e , and click Apply . Figure 16-6 IGMP Immediate Leave Table CLI – This exampl e ena bles immedi ate le a ve on V LAN 1. IGMP Filte ring an d Th rottli ng In certain switc h appl[...]
-
Seite 411
IGM P F ILTERING AND T HR OTTLING 16-15 IGMP thr ottlin g sets a m aximum number of multicast g roups that a por t can join at the same time. When the maximum number of g roup s is reac hed o n a port, the swit ch can tak e o ne of tw o action s; eit her “de ny” or “replac e . ” If th e action is set to deny , any new IGMP join re por ts wi[...]
-
Seite 412
M ULTICAST F ILTERING 16-16 CLI – T his example enable s IGMP filtering and creates a profile number . It then displa ys the cu rrent stat us and the exist ing p rof ile n um ber s . Configur ing IGMP Filter Profiles When y ou hav e created an IG MP pro file n umber , you c an th en config ure the multi cast g r oups to filter and set the access [...]
-
Seite 413
IGM P F ILTERING AND T HR OTTLING 16-17 • Current Multicast Address Range List – Lists multicast groups currently included in the profile. Sele ct an entry and click the Remove but to n to de le te i t f rom t h e lis t. We b – Click IGMP Sn ooping, IGMP Profile Group Configuration . Select the pr ofil e n umb er y ou w ant to co nfigur e; th[...]
-
Seite 414
M ULTICAST F ILTERING 16-18 Configur ing IGMP Filter ing and Throttlin g for Interfaces Once y ou hav e configu red IGMP pr ofil es , y ou can assig n th em to int erfac es on th e switch. Also , you can set th e IG MP throt tlin g number to li mi t th e n umber of m ulticast g roups an interface can join at the same time . Command U sage • Only [...]
-
Seite 415
IGM P F ILTERING AND T HR OTTLING 16-19 We b – Click IGMP Snooping, IG MP Filt er/T hrott ling Port Configuratio n or IG MP Filter/ T hrottlin g T r unk C onfig uration. Select a profile to assign to an inte rface, th en set th e throttlin g number and a ction. C lick Apply . Figure 16-9 IGMP Filter and Throttling Port Configuration CLI – This [...]
-
Seite 416
M ULTICAST F ILTERING 16-20 Multi cast VLAN Regi strati on Multicast VLAN R egistration ( MVR) is a protocol that con trols acce ss to a single network-wi de VLAN most co mmonly used fo r tran smitting mult icast traffic (suc h as television ch annels or video-on-d emand) across a ser vice provider’ s netw ork. An y m ulticast traffic entering an[...]
-
Seite 417
M ULTICAST VLAN R EGISTRA TION 16-21 General Configuration Guidel ines for MVR 1. En able MVR globally on the switch, se lect the MVR VL AN , and add the multic ast g roup s that wi ll strea m traffic to at tached hosts (s ee “Confi guri ng Gl obal MVR Settin gs ” on p age 16-21) . 2. Set t he interfaces that will join the MVR as source ports o[...]
-
Seite 418
M ULTICAST F ILTERING 16-22 Field Att ributes •M V R D o m a i n – An inde pendent m ulticast d omain. (Range: 1-3; Default: 1) • MVR Status – Whe n MV R is en able d on bot h th e sw itch, any m ulti cast data as sociated an MVR gr oup is se nt from all design ated source p orts, and to all re ceiver port s th at have regis tered to rec ei[...]
-
Seite 419
M ULTICAST VLAN R EGISTRA TION 16-23 We b – Click MVR, Configuration . Select the MVR domain, enable MV R glob all y on the s wit ch , se le ct the MV R VLAN , add th e m ult ica st groups that will stream traffic to attached hosts , and then click Apply . Figure 16-10 MVR Global Configuration CLI – T his example first enables I GMP snoopin g, [...]
-
Seite 420
M ULTICAST F ILTERING 16-24 Displaying MVR Interface Status You c an di splay inform ation about the i nterfa ces atta ched to th e MVR VLAN. Field Att ributes •M V R D o m a i n – An inde pendent m ulticast d omain. • Type – Show s the MVR p ort type . • Oper Status – Sh ows th e lin k st atus . • MVR Statu s – Show s the M VR stat[...]
-
Seite 421
M ULTICAST VLAN R EGISTRA TION 16-25 CLI – This exam ple sh ows in for matio n abo ut i nterf aces at tach ed to the MVR V LAN . Console#show mvr interf ace 35-29 ======================= ================================ MVR domain : 1 Port Type Status Immediate Leave ------- -------- ------------- --------------- eth1/1 RECEIVER ACTIVE/UP Disable[...]
-
Seite 422
M ULTICAST F ILTERING 16-26 Configur ing MVR Interfaces Each interface that par ticipates in the MVR VLAN m ust be confi gure d as an MV R sour ce po rt or re ceiver por t . If on ly one subs crib er atta ched to an interface is receiving multicast ser v ices , you can enable the immediate leave fu nction . Command U sage • MVR source p orts and [...]
-
Seite 423
M ULTICAST VLAN R EGISTRA TION 16-27 - Using imm edia te leave can s peed up lea ve lat ency, but s houl d only be enab led on a port at tach ed to on e mul ticas t su bscrib er to avoid disr upting se rvices to oth er group membe rs atta ched t o the same interface. - Immedi ate le ave doe s not ap ply t o mult icas t gro ups whic h have been stat[...]
-
Seite 424
M ULTICAST F ILTERING 16-28 We b – Click MVR, P ort Config uration or T r unk Configuration. Figure 16-12 MVR Port Co nfiguration CLI – This example co nfig ures an M VR source p ort and rec ei ve r po rt, and then e nabl es imme diate l ea v e on the r ecei ver po r t. Display ing Port Memb ers of Mult icast Groups You c an di splay th e m ult[...]
-
Seite 425
M ULTICAST VLAN R EGISTRA TION 16-29 We b – Click MVR, Group IP In for matio n. Figure 16-13 MVR Group IP Information CLI – T his example following shows info rmation about t he interfaces ass ociated wit h m ulti cast groups assi gn ed to the M VR VL AN . Console#show mvr member s 35-29 MVR Group IP Statu s Members ---------------- ----- --- -[...]
-
Seite 426
M ULTICAST F ILTERING 16-30 Assigning St atic Multicas t Groups to Interfaces F or multicast s treams t hat will r un for a long ter m and be asso ciated wit h a stab le set of host s , you can st atic ally bi nd the multi cast g rou p to th e part icipating in terfaces . Command U sage • An y multicast groups that use the MVR VLAN must be static[...]
-
Seite 427
M ULTICAST VLAN R EGISTRA TION 16-31 We b – Click MVR, Group Membe r Configuration. Se lect a port or trunk from the “I nter face” fi el d, an d click Query to dis play the assign ed multicast groups . Select a multicast address from the displayed lists, and click the Add o r Remove button to modify the Memb er list. Figure 16-14 MVR Group Me[...]
-
Seite 428
M ULTICAST F ILTERING 16-32[...]
-
Seite 429
17-1 C HAPTER 17 D OMAIN N AME S ERVICE Th e Domain Naming System (DNS) ser vice on this switch allows host names t o be mapp ed to IP addres ses usi ng st atic table entrie s or by redir ecti on to ot her na me ser vers on the net w ork. W hen a client de vic e designat es this switch as a DNS ser v er, the client will attemp t to resolve host n a[...]
-
Seite 430
D OMAIN N AME S ER VICE 17-2 • When mo re th an o ne n ame s erver is specifi ed, the s erver s are queri ed i n the spec ified s eque nce un til a res ponse i s re ceived , or the en d of t he l ist is rea ched w ith n o resp onse . • If all na me servers are d eleted, DNS will automatically b e disabled. This is done by disabling the domain l[...]
-
Seite 431
C ONFIGURING G ENERAL DNS S ER VICE P ARAM ETE RS 17-3 We b – Select DNS , General Configuration. Set the default domain name or li st of domai n name s , specify one o r more n ame s er v ers to us e to us e for addre ss re solution, e nable d oma in lookup status , and cl ic k Apply . Figure 17-1 DNS General Configuration[...]
-
Seite 432
D OMAIN N AME S ER VICE 17-4 CLI - T his example sets a default domain name and a domain list . Howev e r , remember that if a domain list is specified, the default domain name is n ot used. Conf igur ing Sta tic DNS Hos t to Add ress E ntries Y ou can manually configure static entrie s in the DNS table that are used to map domain names to IP addre[...]
-
Seite 433
C ONFIGURING S TAT IC DNS H OST TO A DDR ESS E NTRIES 17-5 Field Att ributes • Host Name – Name of a ho st devic e th at is ma pp ed to on e or mo re IP addre sses. (Range: 1-127 characters) • IP Address – Intern et addres s(es) associated with a hos t name. (Range: 1 -8 addresse s) • Alias – Disp lays the host names t hat a re map ped [...]
-
Seite 434
D OMAIN N AME S ER VICE 17-6 CLI - T his exam ple ma ps tw o address to a host n ame , and then confi gur es an alias ho st na me for the same add resse s . Displaying the DN S Cache Y ou can d isp la y entr ies i n the D NS c ach e that ha v e b een learned vi a the des ignat ed na me se r vers . Field Att ributes • No – The entr y nu mber fo [...]
-
Seite 435
D ISPLA YIN G THE DNS C ACH E 17-7 We b – S e le c t D N S , C a ch e. Figure 17-3 DNS Cache CLI - T his e xample d isp la ys all the res ource record s le arned from th e designated name ser v ers . Console#show dns cache 36-9 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.13 4.222 51 www.microsoft.akadns.net 1 4 CNAME 207.46.13 4.190 51 www.micros[...]
-
Seite 436
D OMAIN N AME S ER VICE 17-8[...]
-
Seite 437
S ECTION III C OMMAND L INE I NTERF ACE Th is section p rovides a detailed description of th e Command Line Interf ace, alo ng with examples for all of the command s . Overview of th e Comma nd Li ne Inte rface . . . . . . . . . . . . . . . . . . . . . . 18-1 Gener al Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Seite 438
C OMMAND L IN E I NTE RF A CE IP Inte rface C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38-1[...]
-
Seite 439
18-1 C HAPTER 18 O VERV IEW OF THE C OMMAND L IN E I NTER FACE This c hap ter de scr ibes h ow to u se th e Com mand Line In terfac e ( CLI). Using th e Command Li ne Inte rface Accessing the CLI When ac cessin g th e man agement i nte rface for the s witc h o ve r a di rect con nectio n to the s er v er’ s co nso le port, or via a T eln et conn [...]
-
Seite 440
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-2 Aft er con nec ting to t he sy st em thr ough th e con sole p ort, th e logi n sc reen dis plays: Telnet Connection T elnet operat es o ver t he IP tran spo r t p rotocol . I n this e nvi ronmen t, y ou r mana gement st ation and any ne tw ork device y ou w a nt to manage ov er the network m ust [...]
-
Seite 441
E NTERING C OMMAN DS 18-3 2. At the pro mpt, enter th e user name and sy stem password. The CLI will di spla y the “Vty- n #” pr ompt for th e ad min istrat or to sho w that yo u are using privileg ed access mod e (i.e., Pri vileg ed Exe c), or “V ty- n >” for th e guest to sho w that yo u are us ing nor mal acces s mode (i. e ., Nor mal[...]
-
Seite 442
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-4 • To enter multiple comma nds, ent er each c ommand in the re quired o rder. For exam ple, to en abl e Privi leged Exec c ommand mod e, and displ ay th e start up configurat ion, enter: Console> enable Console# show startup-config • To enter commands that r equire paramet ers, en ter the r[...]
-
Seite 443
E NTERING C OMMAN DS 18-5 Sho win g Co mm ands If you enter a “?” at the command prompt , the syst em will display the first lev el of k eyw ords for t he current c omm and cl ass (N or mal Ex ec or Pri vile ged Ex ec) or co nfigur atio n cl ass (G lobal , A CL, In terfac e, Line , or VLAN Dat abase, or MSTP). Y ou can also display a list of v [...]
-
Seite 444
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-6 The c o mma nd “ sho w interfaces ? ” will display the following i nfor mation : Partial Keyword Lookup If y ou ter minate a p art ial k eyw ord with a que stion mark, alt ernativ es th at match the initial lett ers are provided. (R emember not t o lea ve a space betw ee n the com mand and qu[...]
-
Seite 445
E NTERING C OMMAN DS 18-7 Using Co mmand His tory The CLI ma intain s a histo r y of co mmands tha t ha v e b een ente red . Y ou can s crol l bac k throug h the his tory of comman ds b y press ing the up a r ro w ke y . An y com mand displ ay ed in the his tory list c an be ex e cuted again, or fir st mod ified a nd th en ex ecuted. Using the show[...]
-
Seite 446
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-8 Exec Commands When y ou open a ne w co nso le sess io n on t he s witc h wi th the us er nam e and p assw ord “gu est, ” the sy stem en ters the Nor mal Ex ec comman d mode ( o r gues t mo de), dis pla ying the “C onso le> ” com mand prom pt. Only a limited number of the com man ds are[...]
-
Seite 447
E NTERING C OMMAN DS 18-9 The co nfig uratio n com mand s a re organized int o di ffe rent mo des: • Glo bal Configuration - These comman ds modify the syst em level config ura tion, and in clud e co mmands such as hostname and snmp-server community . • Access Co ntro l Lis t Conf igurat ion - Thes e comm ands are used fo r packet fi lterin g. [...]
-
Seite 448
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-10 T o en ter t he ot her m odes , at the co nfigura tio n pro mpt type one o f the foll owi ng com mands . Use t he exi t or end co mma nd to re tur n to t he Pri vile ged Ex ec mo de . Ta ble 18 -2 Co nfi gurat ion Comm and M ode s Mode Comm and Prompt Page Line line {console | vty} Console (conf[...]
-
Seite 449
E NTERING C OMMAN DS 18-11 For e xample, you ca n u se th e foll owing comma nds to enter int erface configuration m ode, and then return to Privilege d Exec mode Command L ine Processi ng Comma nds ar e not ca se sens iti v e . Y ou ca n abb reviate comm ands and par ame ters as lon g as they c ont ain e nou gh lett ers to di ffer ent iat e the m [...]
-
Seite 450
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-12 Comma nd Grou ps The syst em co mmand s ca n be b rok en do wn i nto the fu nction al groups shown be low . Esc-F Moves the cursor forward one word. De le te ke y or bac k spa c e k ey Era s es a m is ta k e w hen e nt er ing a co mm a nd. Tabl e 18 -4 Comman d Grou p Inde x Command Group Descri[...]
-
Seite 451
C OMMAND G RO UP S 18-13 Interface Configure s the connect ion parameters for a ll Eth e rn et por t s, a gg reg ated l i nk s, a nd V LAN s 25-1 Link Aggregation Statically groups multiple ports into a si ngle logical trunk; configu res Link Aggreg ation C ontrol Protocol f or port t runks 26-1 Mirror Port Mirrors data to an other port for analys [...]
-
Seite 452
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-14 The access mode s ho wn in the fo llo wi ng ta bles is in dicated by thes e abbr evi ation s: ACL (Acce ss Contro l Li st Co nfi gurat ion) CM (Class Map Config uration) NE (Nor mal Exec) GC (Glo bal Configuration) IC (Int erfa ce Co nfi gura tion ) IPC (IGM P Profile Configuraiton) LC (Line Con[...]
-
Seite 453
19-1 C HAPTER 19 G ENERAL C OMMANDS These com mands are used t o con trol th e comm and acce ss m ode , config urati on m ode, and o ther ba sic func tions. Table 1 9-1 Gene ral Comman ds Comma nd Function Mode Page enable Activates privileg ed mode NE 19-2 disable Returns to norm al mode from privi leged mod e PE 19-3 configu re Acti vates globa l[...]
-
Seite 454
G ENERA L C OMMANDS 19-2 enable Th is command activates Pri vileg ed Exec mode . In privileg ed mode, additi onal comma nds are a v ailable, an d certain commands dis play additio nal infor matio n. See “Unde rstanding Comman d Modes” on pag e 18-7. Synta x ena ble [ level ] leve l - Privilege level to log into the device. The device has two pr[...]
-
Seite 455
DIS ABLE 19-3 disable Th is command retur ns to Nor mal Exec mode from privilege d mode. In nor mal access mod e, yo u ca n only dis pla y bas ic in form ati on o n th e switch's configuration or Ether net statistics . T o g ain access to all comm an ds , you must use t he privi leg ed mode. Se e “Und ers tand ing Command Modes” on p ag e [...]
-
Seite 456
G ENERA L C OMMANDS 19-4 Example Related Commands end (19-6) sho w hi sto ry This com mand sho ws the co nten ts o f the comman d hi sto r y buffer . Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage The histo r y bu ffer size is fix ed at 10 Ex ecution co mmand s and 10 Co nfig ur atio n com mand s . Example In this [...]
-
Seite 457
RE L O A D 19-5 The ! comma nd repeats c omm ands fro m th e Ex ecution co mmand hi story buffer when yo u are in No r mal Ex ec or Pri vil eged Ex ec Mode , and comm ands fro m the Con figu ration command his tory buffer when y ou are in any of the co nfiguration modes . In this example, the !2 command repeats the secon d com man d in th e E x ecu[...]
-
Seite 458
G ENERA L C OMMANDS 19-6 prompt This com mand cus tomi zes t he CLI prom pt. Us e the no fo r m to re st ore the defa ult pr ompt. Synta x prompt string no prompt string - Any a lp han u meri c st ring to u se fo r the C LI prom pt. (Maximu m length: 255 charac ters) Default Setting Cons ole Command Mode Glob al Conf igura tion Example end This com[...]
-
Seite 459
EXIT 19-7 exit Th is command retur ns to th e previous configuration mo de or exits the config urati on prog r am. Default Setting None Command Mode Any Example This examp le s ho ws ho w to re turn to t he Pri vileged Ex ec mode fro m t he Glob al Co nf igur atio n mo de , and th en quit the CLI sess ion : quit Th is command exit s the configurati[...]
-
Seite 460
G ENERA L C OMMANDS 19-8 Example Th is example shows h o w to qu it a CLI se ssion: Console#quit Press ENTER to start se ssion User Access Verification Username:[...]
-
Seite 461
20-1 C HAPTER 20 S YSTEM M ANAGEMENT C OMMANDS These comm ands are use d to cont rol system logs , pass w ords , us er nam es , man agement opti ons , and di spla y or conf igur e a v ariety of ot her sy stem infor mation. Table 20-1 System Management Comm ands Comma nd Group Function Page Device Designation Co nfigures i nformation that u niquely [...]
-
Seite 462
S YSTEM M ANAG EMEN T C OMMA NDS 20-2 Device Design at ion Comma nds Th is section d escribes c ommands used to config ure infor mation th at unique ly iden ti fies th e swi tc h. hostname This comman d speci fies or modi fies th e host n ame for t his devi ce . Us e the no for m t o rest ore th e defau lt hos t name. Synta x hostname name no hostn[...]
-
Seite 463
S YSTEM S TATUS C OMMAN DS 20-3 System Status Commands This sect ion de scr ibes co mm ands u sed t o di spla y sys tem infor mati on. show star tup-config Th is command displays the con figuration file stored in no n-volatile memor y that is u sed to s tar t up the syst em. Command Mode Pri vile ged Ex ec Command Usage Use this c ommand in conjunc[...]
-
Seite 464
S YSTEM M ANAG EMEN T C OMMA NDS 20-4 This co mmand dis plays s ettin gs for key comman d modes . Each mode group is separ ated b y “!” sy mbols, a nd incl udes the conf igura tion mode command, and correspo nding commands. This command displays the followin g information: - M AC address for th e switch - SNTP ser ver set ting s - SNMP communit[...]
-
Seite 465
S YSTEM S TATUS C OMMAN DS 20-5 Example Related Commands show r unning -config (20-6) Console#show startup-co nfig building startup-config , please wait..... !<stackingDB>00</stacki ngDB> !<stackingMac>01_00-20- 1a-df-9c-a0_00</stackingMac> ! phymap 00-20-1a-df-9c-a 0 ! SNTP server 0.0.0.0 0.0 .0.0 0.0.0.0 ! snmp-server comm[...]
-
Seite 466
S YSTEM M ANAG EMEN T C OMMA NDS 20-6 show runnin g-config This com mand di spl ays the config ur ation infor mation cur rently in use. Command Mode Pri vile ged Ex ec Command Usage Use this c ommand in conjunction with the show startup-config command to compare th e information in running me mory to the inf orma tio n st ored i n no n-vo lat ile m[...]
-
Seite 467
S YSTEM S TATUS C OMMAN DS 20-7 Example Console#show running-co nfig building running-config , please wait..... !<stackingDB>00</stacki ngDB> !<stackingMac>01_00-30- f1-d4-73-a0_00</stackingMac> ! phymap 00-30-f1-d4-73-a 0 ! SNTP server 0.0.0.0 0.0 .0.0 0.0.0.0 ! snmp-server community p rivate rw snmp-server community p ubli[...]
-
Seite 468
S YSTEM M ANAG EMEN T C OMMA NDS 20-8 Related Commands show star tup-config (20-3) show syst em Th is command dis plays system infor mation. Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage • F or a des cr ipt ion of th e it ems sh ow n by thi s com mand , refe r t o “Displaying System Information” on page 4-1.[...]
-
Seite 469
S YSTEM S TATUS C OMMAN DS 20-9 sho w use rs Shows all activ e console and T elne t session s , inc luding user name, idle time, and IP address o f T elnet client . Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage The sessio n used to ex ecute thi s command i s indi cated b y a “*” sy mbol next t o the Li ne (i.e[...]
-
Seite 470
S YSTEM M ANAG EMEN T C OMMA NDS 20-10 sho w versi on Th is command d isplays hardware and software v ersion in for mation for the syst em. Command Mode Nor m al Exe c, Pri vileged Exec Command Usage See “Displaying Hardware/Software V ersions” on page 4-7 for detailed infor mation on the item s displayed by this c ommand. Example sho w bme ver[...]
-
Seite 471
S YSTEM S TATUS C OMMAN DS 20-11 Example show cpu utilization Th is command shows t he CPU ut ilization parameters . Command Mode Nor m al Exe c, Pri vileged Exec Example Console#show bme versio n Firmware Fir mware-VTU-O:1.0.5r11IK004010 Time May 19 2006 18:16:42, RTOS Nuc leus BME R:9 6 AFE<num, ver> <0: b10> <1:b10> IFE<num:[...]
-
Seite 472
S YSTEM M ANAG EMEN T C OMMA NDS 20-12 show m emory statu s Th is command shows memor y utilization parameters . Command Mode Nor m al Exe c, Pri vileged Exec Example Tabl e 20-5 show cpu utilizat ion - displa y descripti on Field Description current utilization Current perc entage of CPU utiliza tion max utilizatio n Maximum stati stical utilizati[...]
-
Seite 473
S YSTEM M ODE C OMMAN DS 20-13 System Mode Commands This sect ion d es cribes co mmand used t o co nfigure the swi tc h to ope rate i n normal mo de or Qin Q mod e . syste m mode This comm and s ets t he swit ch to op er ate in Q inQ m ode . Us e the no for m to rest ore the default se tting o f nor ma l oper ating mod e . Synta x system mode { nor[...]
-
Seite 474
S YSTEM M ANAG EMEN T C OMMA NDS 20-14 Default Setting Nor m al operating mode Command Mode Glob al Conf igura tion Command Usage Make sure that no dot1q-tunn el por t is configured before exiting QinQ mode (see “sw itchp ort mo de dot 1q- tunn el ” on pag e 32-2 7). If t here a re any d ot1q-tu nn el po rts set o n th e swit c h, the no sys te[...]
-
Seite 475
F RAM E S IZE C OMMAN DS 20-15 Frame Size Commands This sect ion de scr ibes comm ands u sed to c onfigu re the Ethe rnet frame size on th e swi tch. jumbo frame Th is command enable s suppor t for jumbo frames for Gig abit Ethernet ports . Us e th e no for m to disable it. Synta x [ no ] jumb o frame Default Setting Disabled Command Mode Glob al C[...]
-
Seite 476
S YSTEM M ANAG EMEN T C OMMA NDS 20-16 Example File Mana gement Comma nds Manag ing Fir mware Fir mware can be uploaded an d dow nloaded to or from a TFTP ser ve r . By saving r untime code to a file on a TFTP ser ver , that file can later be do wnlo aded t o th e swit ch to re stor e oper ation. The swi tc h can also b e set to use n ew fir mware [...]
-
Seite 477
F ILE M ANAG EMEN T C OMMAN DS 20-17 copy Th is comm and mov es (u pload/ download ) a co de imag e o r conf iguratio n file b etw ee n the sw itc h’ s f lash me mory and a TFTP ser v er . W hen you s a ve the s ystem co de or con figur ation se ttings to a file on a TF TP ser ver , that file can lat er be downloaded to the switch to res tore sys[...]
-
Seite 478
S YSTEM M ANAG EMEN T C OMMA NDS 20-18 settings will be set to d efault values when the system is rebo oted using thi s file. • fir mware - Keyword that all ows yo u to c opy BME fi rmware use d for upg rading CPEs to reserved buffer space in the switch. (BME indi cates the Burst M ode E ngi ne us ed f or digi tal sig nal pr oces sing .) Default [...]
-
Seite 479
F ILE M ANAG EMEN T C OMMAN DS 20-19 •U s e t h e partial-running-config keyw ord to copy basic se tting s for the IP configuration, SNMP c ommunity st rings, and CL I user names and pa sswo rds t o a st artup con figurati on file. The sy stem can then be reset using th e par ameters copied fr om th e partial-running-co nfig, and defaul t setting[...]
-
Seite 480
S YSTEM M ANAG EMEN T C OMMA NDS 20-20 Th e fo llowing exam ple sh ows how to co py the r unnin g conf igura tion to a star tup file. Th e fo llowing exa mple shows how to do wnload a configur ation file: This examp le s ho ws ho w to co py a s ecure-s ite certificate from an TF TP ser ver . It then re boots the sw itch to act iv ate th e cer ti fi[...]
-
Seite 481
F ILE M ANAG EMEN T C OMMAN DS 20-21 This examp le sho w s h o w to co py a publ ic-k ey use d b y SSH from an TFTP ser v er . N o te th at publ ic k ey au then tica tio n vi a SSH is o nly su pporte d for users configure d locally on the swit c h. This examp le s ho ws ho w to co py B ME fir mwa re fo r CPEs to a r ese r ved buffer o n the swit ch[...]
-
Seite 482
S YSTEM M ANAG EMEN T C OMMA NDS 20-22 delete Th is command deletes a fi le or image. Synta x delete filena me filename - Name of configuration file or code ima g e . Default Setting None Command Mode Pri vile ged Ex ec Command Usage • If the file type is use d for system startu p, then this file can not be dele ted. • “Fa ctory _Defa ult_C o[...]
-
Seite 483
F ILE M ANAG EMEN T C OMMAN DS 20-23 dir Th is command displays a list of files in f lash memor y . Synta x dir {{ boot- rom: | config: | opcode: } [ fil ename ]} Th e type of file or imag e to disp lay includes: • boot-rom - Bo ot RO M (or diagnostic) imag e file. • config - Switch configuration file. • opcode - Run-time operation c ode imag[...]
-
Seite 484
S YSTEM M ANAG EMEN T C OMMA NDS 20-24 Example Th e following example shows how to display all file infor mation: whichboot This comma nd displ ay s wh ic h files were bo oted wh en the sys tem po w ered up . Default Setting None Command Mode Pri vile ged Ex ec Example This examp le s ho ws the information di spla ye d b y th e whichboot comm and. [...]
-
Seite 485
F ILE M ANAG EMEN T C OMMAN DS 20-25 boot system This com mand sp ecifies the file o r image us ed to start up th e sys tem. Synta x boot system { boot-ro m | config | opcode }: filename The type of file or imag e to set as a default incl udes: • boot-rom * - Bo ot ROM . • config * - Configuration file . • opcode * - Run-t ime ope ration c od[...]
-
Seite 486
S YSTEM M ANAG EMEN T C OMMA NDS 20-26 Line Comm ands Y ou can access the onboard c onfiguration prog ram b y attaching a VT100 compa tibl e devic e to th e ser v er’ s serial p ort. These co mmands ar e us ed to set co mmu nicat ion p arame ters f or th e seri al po rt or T el net (i .e ., a virtual ter minal) . Table 20-1 1 Line Comm ands Comma[...]
-
Seite 487
L INE C OMMAN DS 20-27 line This com mand id entifi es a specifi c l ine for conf igurat ion, an d to p roces s subs equent line co nfigu ration c ommand s . Synta x lin e { console | vty } • console - Cons ole terminal lin e. • vty - Virtual t erminal for remo te console acce ss (i.e., Teln et). Default Setting Th ere is no default line. Comma[...]
-
Seite 488
S YSTEM M ANAG EMEN T C OMMA NDS 20-28 login This comma nd ena bles pass w ord ch ecki ng at log in. Us e the no for m to disa ble pas sw ord che cking an d allow con nect ions w ithou t a pass w ord. Synta x login [ local ] no logi n local - Selects local pa ssw ord checking . Authent ication is ba sed on the us er nam e spec ified with t he user [...]
-
Seite 489
L INE C OMMAN DS 20-29 Example Related Commands usern ame (22-2) passw ord (20-29) password This com mand sp ecifies the pass w ord for a line . Use the no for m to remove the pa ssword. Synta x password { 0 | 7 } password no pass w ord •{ 0 | 7 } - 0 mean s p lai n pas swor d, 7 me an s enc ryp ted p as swor d • password - Char acter s tring t[...]
-
Seite 490
S YSTEM M ANAG EMEN T C OMMA NDS 20-30 configuration file from a TF TP server. There is no nee d for you to man ually con fig ure enc ryp ted p ass word s. Example Related Commands login (20-28) passw ord-thresh ( 20-32) timeout login r esponse Th is command s ets the int er val that th e system waits for a user to lo g into the C LI. Us e the no f[...]
-
Seite 491
L INE C OMMAN DS 20-31 Example T o s et the t im eou t to t w o mi nu tes , e nt er thi s c omm an d: exec-timeout Th is command sets th e inter va l that the system waits until user input is detect ed. Us e the no for m to res tor e the defaul t. Synta x ex ec-timeout [ sec onds ] no ex ec-timeo ut seconds - In teg er that sp ecifies the time out [...]
-
Seite 492
S YSTEM M ANAG EMEN T C OMMA NDS 20-32 password -thresh Th is command sets the pass w ord intr usio n thresho ld which limits the number of faile d log on a ttempts . Use the no for m to remov e the thresh old va l u e. Synta x pass w ord-thresh [ thr e sh old ] no pass w ord-thresh thr eshold - T he n umber of al lo w ed pass w ord at temp ts . (R[...]
-
Seite 493
L INE C OMMAN DS 20-33 sil ent-ti me Th is comm and sets th e amount of time th e manag eme nt conso le is inacce ssi ble aft er th e n umber of uns uccess ful l ogon atte mpts e x ceed s th e thresh old set by th e pass w ord- thresh co mmand . Us e the no for m to remov e the silent ti me v alue. Synta x silent- time [ seco nds ] no silent-time s[...]
-
Seite 494
S YSTEM M ANAG EMEN T C OMMA NDS 20-34 Default Setting 8 data bit s per c haracter Command Mode Line Con figuration Command Usage The databits co mma nd can be u sed to mas k the hi gh bit on inp ut from dev ices t hat g ene rate 7 data b its with pari ty . If pa rity is b eing generat ed, s pecif y 7 da ta bi ts per c haracter . If no pa rity i s [...]
-
Seite 495
L INE C OMMAN DS 20-35 Command Usage Commun ication prot ocol s provide d by dev ices s uch as ter minals and modems o ften r equi re a spec ific pari ty bit se tting . Example T o spec ify n o parit y , en te r this co mma nd: sp eed Th is comm and sets the te r minal li ne’ s baud rate. T his command sets both the t ransm it (t o te r minal) an[...]
-
Seite 496
S YSTEM M ANAG EMEN T C OMMA NDS 20-36 Example T o specify 57600 bps , enter this command: stopbit s Th is comm and sets th e number of the stop bits tr ansmitte d per byte . Use the no for m to re store th e default setting . Synta x stopbits { 1 | 2 } • 1 - One s top bit • 2 - Two s top bit s Default Setting 1 stop bit Command Mode Line Con f[...]
-
Seite 497
L INE C OMMAN DS 20-37 Command Usage Specifying s ession id entifier “0” will disconn ect the con sole conne ction. Spec ifying any oth er identifiers fo r an activ e session will disco nnect an SSH or T elnet co nnecti on. Example Related Commands show ssh (22-31 ) show users (20-9) sho w line Th is command displays the ter minal line’ s par[...]
-
Seite 498
S YSTEM M ANAG EMEN T C OMMA NDS 20-38 Example T o show all lines , enter this comman d: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabl ed Silent time: Disabled Baudrate: auto Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 times Interactive time[...]
-
Seite 499
E VENT L OG GI NG C OMMAN DS 20-39 Event Log ging Comm ands This s ection descr ibes comm ands u sed to c onfi gure e v ent logg in g on the switch. logging on Th is command controls lo g ging o f er ror messag es, sending debug or er ror messag es to a log ging proc ess . T he no for m d isables the log gin g process . Synta x [ no ] lo g gi ng on[...]
-
Seite 500
S YSTEM M ANAG EMEN T C OMMA NDS 20-40 comm and to co ntro l the t ype of e rror messages that are st or ed in memor y . Y ou can use the log gin g trap co mma nd to con trol th e type of er ror me ssag es th at are sent to spec ified syslog se r vers . Example Related Commands log gin g histor y (20-40) log gin g trap (20-43) clear log (20-44) log[...]
-
Seite 501
E VENT L OG GI NG C OMMAN DS 20-41 Default Setting Flash: errors (lev el 3 - 0) RAM: war nings (level 7 - 0) Command Mode Glob al Conf igura tion Command Usage Th e messag e level specified for f lash memo r y must be a hi gher prio rity (i.e ., n umerically low er) than that specif ied for RAM. Example logging host Th is command adds a syslog ser [...]
-
Seite 502
S YSTEM M ANAG EMEN T C OMMA NDS 20-42 Command Mode Glob al Conf igura tion Command Usage • Use th is command mor e than o nce to build u p a list of ho st IP addres ses. • The maximum num ber of host IP address es allowed is five. Example logging facility Th is command sets the facility type for remote log ging of sys log messag es . Use th e [...]
-
Seite 503
E VENT L OG GI NG C OMMAN DS 20-43 logging trap This comman d enab les th e log ging of sys tem me ssages to a remote s er ver , or l im its the sy slo g me ss ages sav ed to a r em ote s er v er based on sev erity . Use this command w ithout a specified level to en able remote lo g gi ng . Use the no for m to disab le remote log g ing . Synta x lo[...]
-
Seite 504
S YSTEM M ANAG EMEN T C OMMA NDS 20-44 clear log This comma nd clears mes sages from t he l og buffer . Synta x clear lo g [ fl a s h | ram ] • flash - Ev ent hi story st ored in flash memo ry (i. e., pe rmanent memory). • ram - Even t his tory stored in tempo rary RAM (i. e., memory flushed on po wer rese t). Default Setting Flash and RAM Comm[...]
-
Seite 505
E VENT L OG GI NG C OMMAN DS 20-45 show logging Th is command displays the configuratio n settin gs for log ging messag es to local switch memo r y , to an SMTP event handler , or to a remote syslo g ser ver . Synta x sho w lo g g ing { fl a s h | ra m | sendmai l | tra p } • flash - Displays set tings for st oring even t messages in flash memory[...]
-
Seite 506
S YSTEM M ANAG EMEN T C OMMA NDS 20-46 Example Th e following example shows that system log ging is enabled, the me ssag e level for flash m emor y is “ er rors” (i.e., default level 3 - 0), and the me ssage level for RAM is “debug gi ng” (i.e., default level 7 - 0). The follo wing exam ple displ ays set ting s for th e trap funct ion . Con[...]
-
Seite 507
E VENT L OG GI NG C OMMAN DS 20-47 Related Commands show log ging send mail (20-52) sho w lo g This com mand di spla ys the l og mes sages stor ed in local memory . Synta x sho w lo g { fl a s h | ram } • flash - Ev ent hi story st ored in flas h memory (i.e. , perm anent memory). • ram - Even t his tory stored in tempo rary RAM (i. e., memory [...]
-
Seite 508
S YSTEM M ANAG EMEN T C OMMA NDS 20-48 SMTP Alert Commands These commands configu re SMTP ev ent handling , and forwa rding of alert messa ges to th e spe cifi ed SMT P ser v ers and ema il reci pien ts . logging sendm ail host Th is command spec ifies SMTP ser ve rs that w ill be sent aler t me ssages. Use th e no for m to remo ve an SMTP ser ver [...]
-
Seite 509
SMT P A LERT C OMMAN DS 20-49 • To sen d emai l ale rts, th e sw itch f irst op ens a con necti on, sends all the emai l alert s wait ing in the queue on e by o ne, and fina lly cl oses t he conn ect ion . • To open a con necti on, t he sw it ch fi rst se lec ts the server t hat successfully sent mail during the la st co nne ction , or th e fir[...]
-
Seite 510
S YSTEM M ANAG EMEN T C OMMA NDS 20-50 logging sendm ail source-email This comma nd set s the email addres s use d for t he “ Fro m” field in alert messag es . Synta x lo g ging sendmail source-email email -addr ess email-add r ess - The so urce e mail add ress u sed i n al ert mess ages . (Range : 1-41 characters) Default Setting None Command [...]
-
Seite 511
SMT P A LERT C OMMAN DS 20-51 Command Usage Y ou can s peci fy up to fi v e recipien ts fo r alert mess ages . Ho wev er , y ou mu st ent er a separate co mmand to s peci fy eac h recipi ent. Example logging sendm ail This com mand enable s SMT P ev ent handl ing . U se th e no for m to disab le this func tion. Synta x [ no ] log ging sendmail Defa[...]
-
Seite 512
S YSTEM M ANAG EMEN T C OMMA NDS 20-52 show logging s endmail Th is c omm and dis plays th e set ting s f or th e SMT P even t han dler. Command Mode Nor m al Exe c, Pri vileged Exec Example Console#show logging se ndmail SMTP servers ----------------------- ------------------------ 192.168.1.19 SMTP minimum severity l evel: 7 SMTP destination emai[...]
-
Seite 513
T IM E C OMMAN DS 20-53 Time Comm ands Th e system clock can be dynam ically set by polling a se t of specified time ser v ers (N TP or SN TP). Mainta ining an accurate time on th e swit c h enab les th e sys tem l og to r ecord meani ngf ul dat es and t imes for ev ent entries . If the clock is no t set, the switch will only re cord the time from [...]
-
Seite 514
S YSTEM M ANAG EMEN T C OMMA NDS 20-54 Command Usage • The time acq uir ed fro m time s er vers is use d to reco rd accurat e date s and tim es fo r lo g ev ents . Wit hou t SNTP, th e swi tch only recor ds the tim e st arti ng fro m th e f actory de fault set at the l ast boot up ( i.e ., 00:00:00, Jan. 1, 2001). • Th is c omm and ena ble s c [...]
-
Seite 515
T IM E C OMMAN DS 20-55 Command Mode Glob al Conf igura tion Command Usage Th is command specifies t ime ser vers from which the s witch will poll for time up dates w hen set to SN TP client mo de. The client will poll the time ser vers in the ord er specified until a response is re ceiv ed. It issues tim e sync hronizat ion request s bas ed on the[...]
-
Seite 516
S YSTEM M ANAG EMEN T C OMMA NDS 20-56 Related Commands sntp client (20-53) sho w snt p This comman d dis pla ys th e current tim e and co nfig uratio n set tings for th e SNTP cli ent, a nd indi cates whe ther or n ot t he l ocal time h as be en prop erly updated . Command Mode Nor m al Exe c, Pri vileged Exec Command Usage This comman d d ispl a [...]
-
Seite 517
T IM E C OMMAN DS 20-57 clock timezone This comma nd set s the time z one fo r th e switc h’ s in ternal cloc k. Synta x clock timezone na me hour hour s minute minutes { bef ore-utc | after-utc } • name - Name of timezone, usually an a cronym. (Ran ge: 1-29 chara cters) • hours - Number of hours before /after UTC. (Ra nge: 0 -13 hou rs) • [...]
-
Seite 518
S YSTEM M ANAG EMEN T C OMMA NDS 20-58 calendar set This com mand set s t he sys tem clo c k. It m ay be used if there is n o tim e ser ver on your network, or if you h a ve not config ured the switch to re ceive signa ls from a tim e ser ver . Synta x calendar set ho ur min sec { day month y ear | month da y ye ar } • hour - Hour in 24-hour form[...]
-
Seite 519
T IM E C OMMAN DS 20-59 Example Console#show calendar 15:12:34 February 1 20 02 Console#[...]
-
Seite 520
S YSTEM M ANAG EMEN T C OMMA NDS 20-60[...]
-
Seite 521
21-1 C HAPTER 21 SNMP C OMMANDS Controls acces s to this sw itch from manageme nt stations using the Simple Netw ork M anagemen t Prot ocol (S NMP) , as w el l as the error t ypes sent t o trap mana g ers . SNMP V ers ion 3 als o pro vi des secu rity fea tures that co ve r mes sage integ r ity , authentication , and encr yp tion; as well as control[...]
-
Seite 522
SNMP C OMMAN DS 21-2 snmp-s erve r Th is command enables th e SNMPv3 engine and ser vices for all manag emen t clien ts (i.e., v e rsions 1, 2c , 3). Use the no for m to d isable th e ser ver . Synta x [ no ] snmp-ser ve r Default Setting Ena bled Command Mode Glob al Conf igura tion Example snmp-serve r engine- id Sets the SNMP engine ID GC 21-10 [...]
-
Seite 523
SHOW SNMP 21-3 sho w snm p Th is c om mand can b e us ed to check the s tatu s of SNM P co mmuni cati ons. Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage Th is command provides infor mat ion on the community access strin gs , count er inf or ma tion fo r SNM P inp ut and ou tput protoc ol data units, and wh ethe r [...]
-
Seite 524
SNMP C OMMAN DS 21-4 snmp-s erver communit y This comma nd defi nes th e S NMP v1 and v2c co mmun ity acc ess s tring . Use th e no for m to remo ve the sp ecified co mmun ity s tring . Synta x snmp-ser ver community str in g [ ro | rw ] no snmp-ser ver community strin g • string - C ommun ity st ring that a cts like a pas sword and p ermits acce[...]
-
Seite 525
SNMP - SER VER CONT ACT 21-5 snmp-s erver contact This co mmand sets the syst em co ntact s tri ng . U se th e no fo r m to remov e the sy stem c onta ct in fo r matio n. Synta x snmp-ser ver contact str in g no snmp-ser ver contact string - String th at descr ibes the sy stem co ntact infor mation . (Maximu m length: 255 charac ters) Default Setti[...]
-
Seite 526
SNMP C OMMAN DS 21-6 Command Mode Glob al Conf igura tion Example Related Commands snmp-ser v er cont act (21-5) snmp-s erver h ost This co mma nd sp ecif ies t he reci pien t of a Sim ple Netw ork Ma nagement Prot ocol not ificat ion oper ation . Use the no for m to remo v e the specifie d host. Synta x snmp- ser ver host ho st-add r [ info r m [ [...]
-
Seite 527
SNMP - SER VER HOST 21-7 community c ommand prior to us ing the snmp -ser ve r h ost command. (Maximum length: 32 c haract ers) • version - Spec ifies whet her t o send n otificat ions as SNMP V ersion 1, 2c or 3 traps. (Range: 1, 2c, 3; Default: 1) - auth | noauth | priv - This gr oup uses S NMPv 3 with au then tica ti on, no a uthenti ca tion ,[...]
-
Seite 528
SNMP C OMMAN DS 21-8 • Notificat ions are issued by the switch as trap mess ages by default . The reci pient of a tra p mes sage does not send a resp onse to the switc h. Tra ps are t herefo re n ot as r eliabl e as infor m mes sages, which incl ude a req uest f or a cknowle dgement of re ceip t. Info rms can be used to ensure that c ritical info[...]
-
Seite 529
SNM P - SER VER ENAB L E TRAPS 21-9 user com mand. Oth erwise, t he aut hent icatio n pas sword an d/or privacy password will not e xist, and the switch will no t authorize SNMP a cces s for t he h ost. How ever, if yo u speci fy a V 3 hos t w ith t he “n oauth ” op tion, an SN MP us er acco unt w ill be gener ate d, an d the switch will autho [...]
-
Seite 530
SNMP C OMMAN DS 21-10 noti fica tions are en able d. If you en te r the com man d with a keywo rd, only the not ification type related to that keyword is enabled. •T h e snmp-server enable traps comma nd is us ed in conju nct ion with the snmp-server host comma nd. Use th e snm p -se rve r h ost comm and t o s peci fy wh ich hos t or ho sts recei[...]
-
Seite 531
SNMP - SER VER ENGINE - ID 21-11 Command Mode Glob al Conf igura tion Command Usage • An SNMP engine is an indepen dent SNMP agent that resid es either on this switch or on a re mote d evic e. This e ngine protec ts ag a inst mess age replay , dela y , an d re directio n. The engin e ID is also used in combi nation w ith user passwords to g en er[...]
-
Seite 532
SNMP C OMMAN DS 21-12 show snmp engine-id This co mmand sho ws th e SNMP en gin e ID . Command Mode Pri vile ged Ex ec Example This examp le s ho ws the defau lt e ngine ID . Conso le#s how s nmp e ngin e-id Local SNM P eng ineID : 80 00002 a8000 0000 00e86 66672 Local SNM P eng ineBo ots: 1 Remot e SN MP en gineI D IP addr ess 80000 0000 30004 e2b[...]
-
Seite 533
SNMP - SER VER VI EW 21-13 snmp-s erver view This co mma nd adds an SN MP view w hic h co ntr ol s use r acce ss to th e MIB . Us e th e no for m t o r emove an SN MP v iew . Synta x snmp-ser ver vi ew v iew-n ame o id-tr e e { included | excluded } no snmp-ser ver view vi ew-nam e •v i e w - n a m e - Name of an SNMP view. (Range: 1-64 character[...]
-
Seite 534
SNMP C OMMAN DS 21-14 This view inclu des the MIB -2 interfac es ta ble , a nd the mas k sel ects al l index entrie s . sho w snm p v iew This com mand sho ws information on the S N MP view s . Command Mode Pri vile ged Ex ec Example Console(config)#snmp-se rver view ifEntry.a 1.3.6.1.2.1.2.2. 1.1.* included Console(config)# Console#show snmp view [...]
-
Seite 535
SNMP - SER VER GR OUP 21-15 snmp-s erver g roup This command adds an SNMP group , mapping SNMP us ers to SNMP views . Use the no for m to re mov e an SNMP g roup . Synta x snmp- ser ver group gr oupname { v1 | v2c | v3 { aut h | noauth | pri v }} [ read r eadview ] [ write writevie w ] [ notify notifyvie w ] no snmp-ser ver gro up gr oupname •g r[...]
-
Seite 536
SNMP C OMMAN DS 21-16 • For addit iona l informat ion on the notific ation me ssages supporte d by thi s swit ch, se e Tabl e 5 -2, “Su pport ed Not ificat ion M essages ,” on page 5-19. Al so, not e that the authentica tion, link-u p and lin k-down mess ages are le ga cy trap s and must th erefor e be ena bled i n conju nct ion with th e snm[...]
-
Seite 537
SHOW SNMP GR OUP 21-17 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v2c Re[...]
-
Seite 538
SNMP C OMMAN DS 21-18 snmp-s erver u ser This command adds a user t o an SNMP group , restricting the user to a speci fic SNMP R ead, W r ite, or Notify V iew . Use th e no for m to remov e a use r from an SN MP g roup . Synta x snmp-ser ver us er user nam e groupname [ remote ip-addres s ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sha } auth- [...]
-
Seite 539
SNMP - SER VER USER 21-19 Command Usage • The SN MP eng ine ID is used t o compute t he aut hent icati on/pr ivacy dige st s fr om t he pass word. You sho uld ther efo re co nfigure t he e ngine ID with the snmp-server engine-id command before using this configuratio n command . • Bef ore you co nfig ure a remote user , use th e snmp-server eng[...]
-
Seite 540
SNMP C OMMAN DS 21-20 sho w snmp us er Th is comm and shows i nfor mat ion on SNMP us ers . Command Mode Pri vile ged Ex ec Example Console#show snmp user EngineId: 800000ca03003 0f1df9ca00000 User Name: steve Authentication Protocol : md5 Privacy Protocol: des56 Storage Type: nonvolati le Row Status: active SNMP remote user EngineId: 8000000003000[...]
-
Seite 541
22-1 C HAPTER 22 U SER A UTH EN TICA TION C OMMANDS Y ou can conf i gur e th is switc h to authen tica te u sers logg in g in to th e sys tem for manag em ent acce ss using local or re mote auth entica tion me thods . P or t-based authentic ation using IEEE 802.1X can also be configured to con trol eit her ma nagement acces s to th e upl ink po r t[...]
-
Seite 542
U SER A UT HE N T IC AT ION C OMMA NDS 22-2 User Ac coun t Com mands The basi c comm ands requir ed f or ma nagement a cces s are listed in t his sectio n. This sw itch also includes other op tions for password checking via the co nsole or a T el net con nectio n (p age 20-26), user authent icati on via a re mote au then tica tio n s er v er (pa ge[...]
-
Seite 543
U SE R A CCOUN T C OMMAN DS 22-3 • password password - The auth entica tio n passw ord fo r the us er. (Maximum leng th: 8 charac ters plain text, 32 enc rypted, cas e sensitive ) Default Setting The default access level is Normal E xec. The fac tory d efau lts fo r the use r n ames and pa sswo rds ar e: Command Mode Glob al Conf igura tion Comma[...]
-
Seite 544
U SER A UT HE N T IC AT ION C OMMA NDS 22-4 enable password After initially log ging onto the system, you should se t the Privileged Exec passw ord. R emember to record it in a safe place. This comm and controls acces s to the Pr i vileged Ex ec lev el fr om the N or mal Ex ec lev el. Use the no fo r m to r ese t the d efa ult p assw ord . Synta x [...]
-
Seite 545
A UTHENTICATION S EQUEN CE 22-5 Related Commands enable ( 19-2) au then tica ti on e nab le ( 22 -7) Aut henti catio n Seque nce Three au then tica tio n me thod s c an be sp ecified to au th entic ate users log ging into th e system for man ageme nt access . The command s in this secti on ca n be us ed t o define the authent icat ion m etho d and [...]
-
Seite 546
U SER A UT HE N T IC AT ION C OMMA NDS 22-6 Command Usage • R A D I U S u s e s U D P w h i l e T A C A C S + u s e s T C P . U D P o n l y o f f e r s b e s t effort de liv er y , wh ile TCP offers a connection-oriented transpor t. Als o, not e tha t RADIUS encryp ts o nly the p assword in the acces s-reque st p acket fr om t he clien t to the s[...]
-
Seite 547
A UTHENTICATION S EQUEN CE 22-7 authentication enable This co mmand defin es th e au then tic ation meth od an d p receden ce to use when c hanging from Ex ec comma nd mode to Pr ivileged Ex ec command mode wit h the ena ble command ( see pa ge 19-2). Use t he no for m to restor e the d efault. Synta x authentication enable {[ lo cal ] [ radius ] [[...]
-
Seite 548
U SER A UT HE N T IC AT ION C OMMA NDS 22-8 Example Related Commands enab le pa ssw ord - set s th e pass w ord for c ha nging com mand mo des (22-4) RADIUS Client R emote Authen tication Dial-in User Se r vic e (RADI US) is a log o n authe ntic ation prot ocol tha t uses so ftware r unn ing on a centr al ser ver to contro l acces s to RADIUS-a w a[...]
-
Seite 549
RADIU S C LIENT 22-9 radius-server h ost This comma nd speci fies p rimary and bac kup RA DIUS ser v ers an d auth enti cati on p arame ters that appl y to eac h ser v er . Us e the no for m to restor e the d efault values . Synta x [ no ] radius-ser ver index host { host_ ip_addr ess | host_ ali as } [ auth-por t au th _po rt ] [ timeo ut timeout [...]
-
Seite 550
U SER A UT HE N T IC AT ION C OMMA NDS 22-10 radius-se rver po rt This command s ets the RADIUS s er v er netw ork port. Use the no for m to restor e the d efault. Synta x radius-ser ver port port_num ber no radius-ser ver por t por t_ nu mber - RADIUS se r ver UDP por t used fo r authentication messages . (Ra nge : 1-65535) Default Setting 1812 Co[...]
-
Seite 551
RADIU S C LIENT 22-11 Example radius-server r etransmit This com mand sets t he n umb er of re tr ies . Use the no fo r m to resto re the defa ult. Synta x radius-ser ver retrans mit nu mber_of_retries no radius-ser ve r retransmit numb er_of_r etrie s - Number of times the switch will tr y to authent icate log on ac cess via the RADIUS ser ver . ([...]
-
Seite 552
U SER A UT HE N T IC AT ION C OMMA NDS 22-12 Command Mode Glob al Conf igura tion Example show radius -server This com mand displ ays the current set ti ngs for th e RADIUS s er v er . Default Setting None Command Mode Pri vile ged Ex ec Example Console(config)#radius- server timeout 10 Console(config)# Console#show radius-ser ver Remote RADIUS ser[...]
-
Seite 553
TACACS+ C LIENT 22-13 TACA CS+ Client T er minal Access Controller Ac cess Co ntrol System (TA CA CS+ ) is a log on authe ntic ation prot ocol tha t uses so ftware r unn ing on a centr al ser ver to con trol ac cess t o T A CA CS-a war e d evices o n the netw ork. An auth enti cati on s er v er contai ns a da taba se of m ult iple user name/ passw [...]
-
Seite 554
U SER A UT HE N T IC AT ION C OMMA NDS 22-14 tacacs-server port This com mand sp ecifies the T A CA CS+ ser v er netw ork p ort. Use the no for m to restor e the defau lt. Synta x tacacs-ser ver port port_nu mber no tacacs-ser ver por t por t_ nu mber - TA CACS+ ser ver TCP p ort u sed f or auth entica tion messages . (Ra nge : 1-65535) Default Set[...]
-
Seite 555
W EB S ER V ER C OMMAN DS 22-15 Example sho w ta cacs -se rve r This com mand disp la ys t he current s ett ings for the T A CA CS+ ser ver . Default Setting None Command Mode Pri vile ged Ex ec Example Web Ser ver Comm ands This sect ion descr ibes com mand s used to c onfi gure w eb bro wser manag em ent ac cess to the switch. Console(config)#tac[...]
-
Seite 556
U SER A UT HE N T IC AT ION C OMMA NDS 22-16 ip http por t This comma nd sp ecifies the T CP port numb er u sed b y the web bro w ser interface. Use the no for m to use the defa ult port. Synta x ip http por t por t-nu mber no ip http por t por t- num ber - T h e T C P p o r t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e . (Range: 1-65[...]
-
Seite 557
W EB S ER V ER C OMMAN DS 22-17 Example Related Commands ip http por t (22-16) ip http secure-server This com mand enabl es t he se cure h yper tex t tr ansfe r prot ocol (H TTPS) over the Se cure Socket Laye r (SSL ), pr oviding se cure acces s (i. e., an encrypted c onnec tion) to the s witc h’ s w eb i nter face . Use the no for m to disable t[...]
-
Seite 558
U SER A UT HE N T IC AT ION C OMMA NDS 22-18 • Th e clie nt an d serve r esta blish a se cure encryp ted c onnec tio n. A padl ock icon shou ld appe ar in the statu s bar f or Inte rnet Explo rer 5.x and Netscape Navigator 6.2 or later versions. • Th e fo llowi ng web br ow sers a nd operat ing sys tems curren tly su pport HTTPS: • To spec if[...]
-
Seite 559
W EB S ER V ER C OMMAN DS 22-19 Default Setting 443 Command Mode Glob al Conf igura tion Command Usage • You canno t con fig ure th e HTT P and H TTPS s ervers to us e th e sam e port . • If yo u cha nge the H TTPS po rt num ber, client s att empti ng to c onnec t to th e HTTPS serv er m ust spe cify th e por t numbe r in th e URL, in this for [...]
-
Seite 560
U SER A UT HE N T IC AT ION C OMMA NDS 22-20 Teln et Se rver Comm ands This sect ion descr ibes com mand s used to c onf igur e T elnet ma nagement acces s to the sw itc h. ip telnet server Th is command allows this device to be monitored or configured from T eln et. I t a lso s pec ifi es th e T CP po r t number us ed by the T e lne t i nterf ace.[...]
-
Seite 561
S ECUR E S HELL C OMMAN DS 22-21 Secure Shell Commands This sect ion de scr ibes t he co mmands used to co nfig ure t he SSH server . Note that you also need to install a SSH client on the manag ement station when using this p roto col to co nfig ure t he sw itc h. Note: The sw itch supports both SSH Version 1.5 and 2.0 clients. Table 22-10 Secure [...]
-
Seite 562
U SER A UT HE N T IC AT ION C OMMA NDS 22-22 Confi gurat ion Guide lines The SSH ser v er on this swi tc h su pports b oth passw ord and publ ic k ey auth enti cati on. I f pa ssw o rd aut henti cation is specifi ed b y the SSH cli ent, then the pas swo rd can b e auth entica ted eith er loca lly or via a RADIUS or T A CA CS+ remote auth entica tio[...]
-
Seite 563
S ECUR E S HELL C OMMAN DS 22-23 1024 35 134 1081685 60989392 1040944 9201554 2534763 1641921 8729589 2114317 3880 0555361 6163105 1775940 8386863 1109291 2322268 2851925 4374603 1009371 87721199696 3178 1366277 4141689 8513204 9117204 8303392 5432410 1637997 5923714 4901193 80060902539 4840 8482717 8194372 2884025 3311595 2134861 0229029 7898272 1[...]
-
Seite 564
U SER A UT HE N T IC AT ION C OMMA NDS 22-24 c. If a mat ch is found, t he s witc h uses its s ecre t ke y to genera te a random 256-bit string as a challenge, encr ypts this strin g with the user’ s publ ic key , and se nds it t o the clie nt. d. The clien t u ses it s pri v ate ke y to d ecrypt the c hallenge s tring , comp ute s the M D5 check[...]
-
Seite 565
S ECUR E S HELL C OMMAN DS 22-25 ip ssh server This com mand ena bles the Secu re Sh ell ( SSH) server on t his sw itc h. Us e the no f o rm t o d i s a b l e t h i s s e rv i c e . Synta x [ no ] ip ssh ser ve r Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage • The S SH serv er sup ports up to four clie nt sess ions. [...]
-
Seite 566
U SER A UT HE N T IC AT ION C OMMA NDS 22-26 ip ssh timeout This com mand con fig ures the timeo ut fo r the SSH se r ver . Use the no for m to restor e the d efault set ting . Synta x ip ssh timeout seconds no ip ssh tim eout seconds – T he timeout for client re sponse du ring SSH ne g otiatio n. (Range: 1-120) Default Setting 10 seconds Command[...]
-
Seite 567
S ECUR E S HELL C OMMAN DS 22-27 ip ssh authentication-ret ries This com mand con fig ures t he n umber o f ti mes the SSH s er v er att empts to reau thentic ate a user . Use the no for m to resto re the defaul t setting . Synta x ip ssh a uthentication-retries co unt no ip ssh authentication-ret ries count – T he number of a uthentica tion atte[...]
-
Seite 568
U SER A UT HE N T IC AT ION C OMMA NDS 22-28 Command Usage The se rver key is a pri vate key that is never s hared o utsid e th e swit ch. The host key is shared with the SSH client, and is fixed at 1024 bits. Example delete public-key This comma nd del etes t he sp ecifie d user’ s publi c k ey . Synta x delete public-k ey user name [ dsa | rsa [...]
-
Seite 569
S ECUR E S HELL C OMMAN DS 22-29 Default Setting Gener ates bo th the DSA and R SA key pa irs . Command Mode Pri vile ged Ex ec Command Usage • The switc h uses only RSA Version 1 fo r SSHv1.5 clients and DSA Version 2 for SSHv2 clients. • This comman d st ores the ho st ke y pa ir in me mory (i. e., RA M). U se the ip ssh sav e host-key co mma[...]
-
Seite 570
U SER A UT HE N T IC AT ION C OMMA NDS 22-30 Command Mode Pri vile ged Ex ec Command Usage • Thi s com mand cl ears t he host key from volati le memo ry (R AM). Us e the no ip ssh save host -ke y command t o clear the ho st key from fla sh memory. • The SSH server must be d isabl ed be fore yo u can exe cute t his command. Example Related Comma[...]
-
Seite 571
S ECUR E S HELL C OMMAN DS 22-31 sho w ip ssh This com mand displ ays the conn ecti on se ttin gs used wh en authe nti cating clie nt acc ess to the SS H ser v er . Command Mode Pri vile ged Ex ec Example show ssh This com mand disp la ys t he current S SH server conne cti ons . Command Mode Pri vile ged Ex ec Example Console#show ip ssh SSH Enable[...]
-
Seite 572
U SER A UT HE N T IC AT ION C OMMA NDS 22-32 show public-key This com mand sho ws the p ubli c k ey f or th e spe cifie d use r or for the ho st. Synta x show publi c-key [ user [ user name ]| host ] user name – Name of an SSH user . (Ran ge: 1-8 ch aract ers) Default Setting Shows all public key s . Username The user name of the clien t. Encrypt[...]
-
Seite 573
S ECUR E S HELL C OMMAN DS 22-33 Command Mode Pri vile ged Ex ec Command Usage • If n o paramet ers are ent ered, all keys are dis playe d. If th e user key word is en tered , but n o use r name is sp ecified , th en t he pub lic key s for a ll user s are disp layed . • When an RSA key is d isp layed , th e fir st fiel d i ndica tes the si ze o[...]
-
Seite 574
U SER A UT HE N T IC AT ION C OMMA NDS 22-34 802.1 X Port Authe nticati on The swit c h suppor ts IEEE 802.1X (dot1x) por t-based access control that prev ents unaut hori zed ac cess to t he netw ork b y requ iri ng users to f irst sub mit cr edent ials for authent icat ion. Cli ent au then tica tio n is co ntro ll ed cent rally by a RADIUS s er v [...]
-
Seite 575
802. 1X P ORT A UTHENTICATION 22-35 dot1x system-auth- control This comm and enables IEEE 802.1X por t authentication globally on the switch. Us e the no for m to res tore the default. Synta x [ no ] dot1x system-auth-control Default Setting Disabled Command Mode Glob al Conf igura tion Example dot1x default Th is co mmand s ets al l conf igurable [...]
-
Seite 576
U SER A UT HE N T IC AT ION C OMMA NDS 22-36 dot1x max-req Th is comm and sets th e maximum number of times the switch por t will retransmit an EAP request/iden tity pack et to the c lient before it time s out the au then ticatio n sess ion. Use th e no for m to rest ore the default. Synta x dot1x max- req cou nt no dot1x max-req count – T he max[...]
-
Seite 577
802. 1X P ORT A UTHENTICATION 22-37 Default forc e-au thor ized Command Mode Interf ace Conf i gur ation Example dot1x operation-mo de Th is command allows single or multiple host s (clients) t o connect to an 802.1X-authorized por t. Use the no for m with no k eyw ords to rest ore t he defau lt to sing le host. Us e the no for m with th e m ulti-h[...]
-
Seite 578
U SER A UT HE N T IC AT ION C OMMA NDS 22-38 • In “mult i-ho st” mode , only on e host conn ect ed to a port need s to pass au then tic atio n f or al l ot her h ost s to be grant ed netw or k acce ss. Simi lar ly, a port c an b ecome unauth or ized for all host s if on e att ach ed host fails re-authe ntication or sends an EAPOL logoff messa[...]
-
Seite 579
802. 1X P ORT A UTHENTICATION 22-39 dot1x re-authentication Th is command enable s periodic re-authe ntication for a spec ified por t. Use the no for m to d isabl e re-a uthe ntic ation . Synta x [ no ] dot1x re-authentication Command Mode Interf ace Conf i gur ation Command Usage • The r e-auth entica tion p roces s veri fies the conn ected clie[...]
-
Seite 580
U SER A UT HE N T IC AT ION C OMMA NDS 22-40 Default 60 seconds Command Mode Interf ace Conf i gur ation Example dot1x timeo ut re-authperiod This c ommand s ets the time pe riod after whi ch a conn ected cli ent mus t be re-aut henti cated. Us e th e no for m of this comman d to reset the defau lt. Synta x dot1x timeout r e-authperi od secon ds no[...]
-
Seite 581
802. 1X P ORT A UTHENTICATION 22-41 dot1x timeo ut tx-period Th is command se ts the time that an inter face on the switch waits during an auth entica tion sess ion bef ore re-t rans mitti ng an EAP pa cket. Use the no form to r ese t to the defa ul t v alue . Synta x dot1x timeout tx -period second s no dot1x timeout t x-period secon ds - The numb[...]
-
Seite 582
U SER A UT HE N T IC AT ION C OMMA NDS 22-42 Command Usage Th is command displays the following in for matio n: • Global 802.1X Parameters – Shows whether or not 802.1X port authentication is globally enabled on the switch. • 802.1X Port Summary – Dis plays the p ort ac cess control p ara meters for each interface that has enabled 802.1X, i[...]
-
Seite 583
802. 1X P ORT A UTHENTICATION 22-43 - Port-c ontro l – Shows the do t1x mode o n a por t as a uto , force -authori zed, or for ce-unaut horiz ed (page 22-3 6). - S upplicant – MA C address of authorized client . - Current Identifier – The integer (0-255) used by the Authe nticato r to iden tify the c urrent au then tica ti on s essi on. • A[...]
-
Seite 584
U SER A UT HE N T IC AT ION C OMMA NDS 22-44 Example Console#show dot1x Global 802.1X Parameter s system-auth-control: e nable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 disabled Single-Host ForceAuthorized n/a . . . 1/17 disabled Single-Host ForceAuthorized yes 1/18 enabled [...]
-
Seite 585
M ANAG EM ENT IP F ILT E R C OMMAN DS 22-45 Manage ment IP Filte r Comman ds This sect ion de scr ibes comm ands u sed to c onfigu re IP mana gement acces s to the sw itc h. management This com mand sp ecifies the clien t IP a ddress es t hat a re allo wed man agement acces s to the s wit ch thr ough v ar ious p rot ocols . Use the no for m to rest[...]
-
Seite 586
U SER A UT HE N T IC AT ION C OMMA NDS 22-46 Command Usage • If an yone tr ies to acc ess a managem ent interfa ce on the s witch from an invalid addr ess, the s witch will re ject the connection , enter an event message in the sy stem log, and se nd a tra p messa ge to the trap manager. • IP ad dress can b e conf igur ed for S NMP, web a nd Te[...]
-
Seite 587
M ANAG EM ENT IP F ILT E R C OMMAN DS 22-47 Command Mode Pri vile ged Ex ec Example Console#show management all-client Management Ip Filter HTTP-Client: Start IP address End IP address ----------------------- ------------------------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address -------------[...]
-
Seite 588
U SER A UT HE N T IC AT ION C OMMA NDS 22-48[...]
-
Seite 589
23-1 C HAPTER 23 C LIEN T S ECURITY C OMMANDS Th is switch suppo rt s many meth ods of seg r egatin g traffic for clients attache d to ea c h of th e da ta por ts, and for ensu ring that only autho rized clie nts gain a ccess to t he ne tw ork. P ri v a te VL ANs and po rt-bas ed authentica tion using IEEE 802.1X ar e commonly used for these p urpo[...]
-
Seite 590
C LIE NT S ECURITY C OMMA NDS 23-2 Port Security Commands These comm ands can be used t o en able port securi ty on a port. When usin g por t secu rity , th e swit ch stops lea r ning new MA C add resse s on th e specified por t whe n it has reached a configured maximum n umber . On ly incom ing traffi c with sour ce ad dresses alre ady st ored i n[...]
-
Seite 591
P OR T S ECURITY C OMMAN DS 23-3 port secur ity This com mand ena bles or co nfigure s port securi ty . Us e th e no for m with ou t a ny k eyw ords to dis able po r t s ecu rity . Use th e no fo r m with the appr opri ate k e yw ord to rest ore t he defaul t set ti ngs for a re sp onse to secur ity vio latio n or for th e maximum number of a llowe[...]
-
Seite 592
C LIE NT S ECURITY C OMMA NDS 23-4 Command Usage • If y ou ena ble port secu rity, t he sw itch st ops learn ing new MAC addre sses on the sp ecifie d po rt wh en it has r each ed a co nfig ured maxi mum n umber . Onl y inco ming tr affic wi th s ource a ddr esses already stored in the dynamic or static address tab le will be accepted. • Fir st[...]
-
Seite 593
P ACK ET F ILTERING C OMMAN DS 23-5 Packet Fi lteri ng Comm and s This sect ion de scr ibes co mmand s u sed t o conf igure p ac ke t f ilter ing fo r inbound traffic . Note: Packet Filte ring occu pies valuabl e hard ware re source s. Us ing Pri vate VLAN s provide s a mor e efficien t alter native fo r separa ting the t raffic sent to ea ch sub s[...]
-
Seite 594
C LIE NT S ECURITY C OMMA NDS 23-6 Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage • Bo th the s peci fied s ource M AC addr ess and so urce IP ad dre ss for an entry must be ma tched to satisfy the filter ing rule . Any pac ket match ing a sp ecified en try i s dro pped at the i npu t po rt. • To de lete an entry fo[...]
-
Seite 595
P ACK ET F ILTERING C OMMAN DS 23-7 filter netbios Th is comm and filte rs NetBIO S 30 p ac k ets en teri ng th e spec ifi ed in put por t. Synta x filter ne tbios { add | del } interface • add - E nables Ne tBIOS fi ltering . • del - Disable s NetBIOS filter ing . •i n t e r f a c e - unit - Sta ck u ni t. (Range: 1) - port-list - Sin gle po[...]
-
Seite 596
C LIE NT S ECURITY C OMMA NDS 23-8 • This sw itch provides a total of 7 masks for filtering functions, including IP -MAC addres s packet filt ering, NetBIOS packet filte ring, DHCP p acket fil terin g, and AC Ls. Th ree masks are all ocate d to NetBIOS pack et filtering if enabled o n any interface. The se masks will be r eleased for use b y oth [...]
-
Seite 597
P ACK ET F ILTERING C OMMAN DS 23-9 packet filter ing if enabled o n any inte rface. This mask will be release d for use by other filter ing functio ns if DHCP p acket filter ing is disabled on all interfaces. Example filter dhcp This com mand filter s DHCP r eply pa cket s . Synta x filter dhcp { add | del } interface • add - Enables DHCP reply [...]
-
Seite 598
C LIE NT S ECURITY C OMMA NDS 23-10 for use by other filter ing functio ns if DHCP p acket filter ing is disabled on all interfaces. Example sho w fi lter This com mand displ ays the pac k et fi lter s ett ings . Command Mode Pri vile ged Ex ec Example Console(config)#filter dhcp add 1/1 Console(config)# Console#sh filter PORT DHCP[request] DHCP[re[...]
-
Seite 599
IP S OURCE G UAR D C OMMAN DS 23-11 IP Sourc e Guard Comman ds IP Source Guard is a security f eature that filters IP traffic on net w ork interfaces based on manually configur ed entr ies in the I P Source Guard tab le , or stati c and dyna mic en tri es in t he D HCP Sno opin g tab le w hen enab led (s ee “DHC P Snoopi ng C ommand s” on p age[...]
-
Seite 600
C LIE NT S ECURITY C OMMA NDS 23-12 Default Setting Disabled Command Mode Int erface Co nf igur atio n (E thernet) Command Usage • Sourc e guar d is used to fil ter traffic on an un secure port which recei ves mess ag es fr om ou tsid e the ne twork or firew all , and ther efor e may be subj ect to traf fic a ttacks caus ed b y a h ost t rying to[...]
-
Seite 601
IP S OURCE G UAR D C OMMAN DS 23-13 found in the bind ing tab le an d the entr y typ e is sta tic I P sou rce g uard binding, the packet will be forwarded. - If the DHCP snoo ping is enab led, I P sour ce guar d will che ck the VLAN ID, sou rce IP addre ss, port n umbe r, and sou rce M AC addre ss ( for th e sip- mac op tio n). If a matc hin g ent [...]
-
Seite 602
C LIE NT S ECURITY C OMMA NDS 23-14 ip source-g uard binding This comma nd ad ds a st atic add ress t o the source -gu ard bind ing table . Use the no for m to remo ve a sta tic entry . Synta x ip source-guard binding mac- address vlan vl an -id i p- ad dr e ss interface ether net uni t/port no ip source-guard bindi ng mac-address vlan vlan-id • [...]
-
Seite 603
IP S OURCE G UAR D C OMMAN DS 23-15 - If there is an ent ry with s ame VL AN I D and M AC a ddres s, and the typ e of en tr y is st atic I P s ource g uard b ind ing , then the n ew entr y wil l repl ace the o ld o ne. - If there is an ent ry with s ame VL AN I D and M AC a ddres s, and the typ e of the en tr y is dy nam ic DHCP s noo pin g bind in[...]
-
Seite 604
C LIE NT S ECURITY C OMMA NDS 23-16 show ip sou rce-guard bindin g This co mmand sh ow s th e sour ce gu ard b ind ing tabl e . Command Mode Pri vile ged Ex ec Example Conso le#s how i p sou rce- guard bind ing MacAd dres s I pAdd ress Lea se(se c) Type VL AN Inter face ----- ---- ----- --- - ---- ----- ----- --- ----- -- ---- ----- ----- ---- -- -[...]
-
Seite 605
DHCP S NOOPING C OMMAN DS 23-17 DHCP Snoopi ng Commands DHCP sn oopin g allows a sw itch to prot ect a ne twork from r ogue DH CP ser v ers or oth er devices whic h s end p ort-related in for mation t o a D HCP ser v er . This infor mation ca n be usefu l in trac king an IP add ress b ack to a ph ysical port. This secti on d esc ribe s comm ands us[...]
-
Seite 606
C LIE NT S ECURITY C OMMA NDS 23-18 ip dhcp snooping Th is command enable s DHCP snoopin g globally . Use the no for m to restor e the d efault set ting . Synta x [ no ] ip dhcp snooping Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage • Netw ork traffic ma y be disr upted when mali cious DHCP mes sages are recei ved fr[...]
-
Seite 607
DHCP S NOOPING C OMMAN DS 23-19 forwarde d for a truste d port . If th e re ceiv ed pack et is a DH CP A CK messa ge, a dynami c DHCP s noop ing e ntry is als o adde d to the bi ndin g tabl e. - If DH CP snoo pi ng is enab led g lob ally, an d also ena bled on t he VLAN wher e the D HCP packe t is recei ved, but the po rt is not t rus ted , it is p[...]
-
Seite 608
C LIE NT S ECURITY C OMMA NDS 23-20 from a DHCP serv er, any p ackets recei ved from untr usted p orts ar e drop ped. Example Th is example enables DHCP sn ooping glo bally for the switch. Related Commands ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23-24) ip dhcp snooping vlan This com mand ena bles DHCP s noopi ng on t he sp ecifie d V[...]
-
Seite 609
DHCP S NOOPING C OMMAN DS 23-21 • Whe n DHC P sn ooping i s g loball y en abled , con figurat ion c han ges fo r speci fic VLA Ns have th e fol lowing effe cts: - If DHCP snoopi ng is dis abled o n a VLAN, all d ynamic bin dings learned for this VL AN are removed from th e binding table. Example This examp le enabl es DH CP snoop ing fo r VLAN 1.[...]
-
Seite 610
C LIE NT S ECURITY C OMMA NDS 23-22 Related Commands ip dhcp snooping (23-18) ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23-24) ip dhcp snooping databas e write Th is command write s all dynamically lear ned sn ooping entries to flash memor y . Command Mode Glob al Conf igura tion Command Usage This comman d c an be us ed to stor e the [...]
-
Seite 611
DHCP S NOOPING C OMMAN DS 23-23 Command Usage • This comman d applies to all VDSL ports. W hen set, it will auto mati cally c onvert an add ress assi gned t o an at tach ed CPE b y a DHCP ser ver to a sta tic en try in the M AC a ddr ess tab le. The MAC addr ess, IP addres s, le ase time, VLAN ident ifi er, and p or t ident ifier are s tore d in [...]
-
Seite 612
C LIE NT S ECURITY C OMMA NDS 23-24 acknowledg em ent p ackets sent by the DHCP ser ver in res ponse t o host requests will be block ed by the switch. Example Th is example sets the client lim it to its maximum value on port 5. ip dhcp snooping tr ust This com mand con fig ures t he sp ecifie d inte rface as trusted. Us e the no for m to restor e t[...]
-
Seite 613
DHCP S NOOPING C OMMAN DS 23-25 • Additional considerations when the switc h itself is a DHCP client – The p ort(s ) thro ugh w hich i t subm its a clie nt re ques t to th e DHC P serv er mu st be conf ig ured a s tru ste d. Example Th is example sets po r t 5 to untr usted . Related Commands ip dhcp snooping (23-18) ip dhcp snooping vlan (23-2[...]
-
Seite 614
C LIE NT S ECURITY C OMMA NDS 23-26 show ip dhcp s nooping bindin g Th is comm and shows the DHC P snoo ping bi nding table entrie s . Command Mode Pri vile ged Ex ec Example Conso le#s how ip dhc p snoop ing bin ding MacAd dres s I pAdd ress Lea se(se c) Type VL AN In terf ace ----- ---- ----- --- - ---- ----- ----- --- ----- -- ---- ----- ----- -[...]
-
Seite 615
24-1 C HAPTER 24 A CCESS C ONTROL L IST C OMMANDS Acce ss Co ntrol Lists (A CL) pro vide pac k et fi lteri ng f or IP fr ames (bas ed on add ress , pro toco l, La yer 4 protoc ol po rt nu mber o r TCP control code ), or any fra mes (b ased on MA C addr ess or Ethe r net type). To fi lter packe ts, first creat e an acc ess lis t, a dd the re quired [...]
-
Seite 616
A CCESS C ONTR OL L IST C OMMANDS 24-2 IP AC Ls Th e commands in this section configure A CLs based on IP addresse s , TCP/ UDP po r t n umber , pr otoc ol t ype , an d TCP c ontr ol c ode . T o con figur e IP A CLs , fi rst cre ate an access list contain ing th e req uired per mit or d eny r u les , set a prece dence m ask t o con trol t he fil te[...]
-
Seite 617
IP A CL S 24-3 access-list ip This command adds an IP acc ess list and ente rs config uration mod e for stand ard or ex tende d IP A CLs . Us e the no f or m to remove the spe cified AC L . Synta x [ no ] access-l ist ip { st andard | e xtended } acl_ name • standard – Specifies an ACL that filters p ackets b ased on the so urce IP add ress. ?[...]
-
Seite 618
A CCESS C ONTR OL L IST C OMMANDS 24-4 permit , deny (Standar d IP ACL) This command adds a r ule to a Standa rd IP A CL. The r ule sets a filter con ditio n for pac k ets emanat in g from the spec ifie d sou rce . Us e the no f o rm t o r e m o v e a ru l e . Synta x [ no ] { per mit | deny } { an y | source bitmask | host sourc e } • any – A [...]
-
Seite 619
IP A CL S 24-5 permit , deny (Extended IP ACL) This command adds a r ule to an Ext ended IP A CL. T he rule sets a filter condit ion for packets with specific so urce or dest ination IP addre sses , pro toco l type s , source or dest in ation pr otocol po rts , or T CP con trol codes . Use the no f o rm t o r em o v e a ru l e . Synta x [ no ] { pe[...]
-
Seite 620
A CCESS C ONTR OL L IST C OMMANDS 24-6 • control- flags – Decimal number ( repre sen ting a bit st ring) that sp ecifie s flag bits in byte 14 of the TCP header. (Range: 0-63) • flag-bitmask – Decimal number rep resen ting the c ode b its t o match . Default Setting None Command Mode Exte nded IP A CL Command Usage • All new rules a re ap[...]
-
Seite 621
IP A CL S 24-7 Example This examp le acc epts any i ncomi ng pac k ets if th e sour ce addre ss i s wit hin subnet 10.7.1.x. F or example , if the r ule is matched; i.e ., the r u le (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the p acket pas se s throu gh. This allows TCP pack ets from cl ass C addresse[...]
-
Seite 622
A CCESS C ONTR OL L IST C OMMANDS 24-8 Example Related Commands per mit, deny 2 4-4 ip acce ss-g roup (24-14) access- list ip ma sk-preceden ce This com mand cha nges to the IP Mas k mod e used to co nfig ure acc ess contro l mask s . Us e th e no for m to de lete the ma sk t ab le . Synta x [ no ] access-l ist ip mask-precedence { in | out } • i[...]
-
Seite 623
IP A CL S 24-9 Example Related Commands mask (IP A CL ) (24-9) ip acce ss-g roup (24-14) mask (IP ACL) This command defines a mas k for IP A CLs . This mask defines the fields to c hec k in th e IP he ader . Use the no for m to remov e a mask. Synta x [ no ] mas k [ proto col ] { an y | host | source- bitmask } { an y | host | dest inat io n-b it m[...]
-
Seite 624
A CCESS C ONTR OL L IST C OMMANDS 24-10 Default Setting None Command Mode IP M ask Command Usage • Packet s cross ing a port are che cked ag ainst all t he rules in the A CL unti l a ma tch is fo und. The o rde r in which th ese p acke ts are ch eck ed is dete rmined by the mask , and no t the o rder in w hich the ACL rule s were entered. • Fir[...]
-
Seite 625
IP A CL S 24-11 This sho w s t hat the entr ies in the mask o verride the pre cedenc e in whic h the r ules are en tered into the A CL. In the fol lo wing exampl e, pac kets wit h the source addre ss 10.1.1.1 are dr op ped be cause t he “den y 10.1.1.1 255.255.255.255” r ule has the higher precedence acc ording the “mask host any” en tr y .[...]
-
Seite 626
A CCESS C ONTR OL L IST C OMMANDS 24-12 This sho ws ho w to cr eate an exten ded A CL with an egress mas k to drop pack ets leavin g netw ork 171.69.198.0 when the Layer 4 source port is 23. Console(config)#access- list ip extended A3 Console(config-ext-acl) #deny host 171.69.198.5 any Console(config-ext-acl) #deny 171.69.198.0 255.255.255.0 any so[...]
-
Seite 627
IP A CL S 24-13 This is a more co mpre hens iv e example . It deni es a ny TCP pac k ets in which th e SYN bit is ON , and p er mi ts all ot her pa c kets . It the n sets th e ing res s mask to check the de ny r u le firs t, and f inally bi nds po r t 1 to th is A CL. N ote th at o nce the A CL is b ou nd to an int er face (i. e ., the A CL is acti[...]
-
Seite 628
A CCESS C ONTR OL L IST C OMMANDS 24-14 show access-list ip mask-precedence Th is comm and shows the ing r ess or e g ress r ule masks for IP A CL s . Synta x show access- list ip mask-precedence [ in | out ] • in – Ingr ess mas k pr eceden ce for i ngr ess A CLs. • out – Egres s mask prece dence for eg ress ACLs . Command Mode Pri vile ged[...]
-
Seite 629
IP A CL S 24-15 Command Usage • A p ort c an only be boun d to one A CL. • If a port is a lread y bound t o an ACL and you bi nd it to a diff erent ACL, the sw itch will replace the old binding wit h the new o ne. • You mu st co nfig ure a m ask fo r an A CL ru le be fore yo u can bi nd i t to a po rt. Example Related Commands show ip access-[...]
-
Seite 630
A CCESS C ONTR OL L IST C OMMANDS 24-16 MAC ACLs Th e commands in this section configure A CLs based on hardware addr esse s , packet for ma t, and Ethe r net ty pe. T o c onfi gure MA C A CLs , fir st creat e an acces s list conta ining the requir ed pe r mit or deny rules , set a prec edence mask t o co ntro l the fi lter seq uence , an d th en b[...]
-
Seite 631
MAC ACL S 24-17 access- list mac This command adds a MA C acce ss list an d en ters M A C A CL conf iguration mode. Use t he no for m to remo v e the sp ecifie d A CL. Synta x [ no ] access-l ist mac acl _n ame acl _nam e – Name o f the A C L. (Maximum length: 16 charac ters) Default Setting None Command Mode Glob al Conf igura tion Command Usage[...]
-
Seite 632
A CCESS C ONTR OL L IST C OMMANDS 24-18 permit , deny (MAC ACL) This c ommand adds a r ule to a MA C A CL. The r ul e filters pack ets matching a specified MA C source or de stination ad dress (i.e., physical lay er addr ess), or Et her net prot ocol ty pe. Use th e no for m to remo ve a r ule . Synta x [ no ] { per mit | deny } { an y | host sour [...]
-
Seite 633
MAC ACL S 24-19 • sourc e – Sour ce MAC address. • destination – Destinat ion MAC addr es s rang e with bi tmas k. • address- bitmask 33 – B itmas k for MA C addr ess (in hexide cim al format). • vid – VLAN ID. (R ange: 1-4093) • vid-bi tmask 33 – VLAN bitmask . (Range: 1-4093) • prot ocol – A specific Ethe rnet protocol num[...]
-
Seite 634
A CCESS C ONTR OL L IST C OMMANDS 24-20 show mac a ccess-lis t Th is command displays the r ules for configured MAC A CLs . Synta x show mac access-l ist [ acl_name ] acl _nam e – Name o f the A C L. (Maximum length: 16 charac ters) Command Mode Pri vile ged Ex ec Example Related Commands per mit, deny 24-18 mac access-g roup (24-25) access- list[...]
-
Seite 635
MAC ACL S 24-21 Command Usage • You mu st co nfig ure a m ask fo r an A CL ru le be fore yo u can bi nd i t to a po rt or set the qu eue or fram e prio riti es a ssoc iated w ith t he rule . • A mask c an only be use d by all ing ress AC Ls or all e gress ACL s. • Th e preced ence of the ACL rules appl ied to a p acket is n ot determ ined by [...]
-
Seite 636
A CCESS C ONTR OL L IST C OMMANDS 24-22 • ether type – Check th e Eth ernet t ype fi eld. • ether ty pe-bit mask – Ethe rnet type of r ul e mus t ma tc h this b itmas k. Default Setting None Command Mode MA C Mask Command Usage • Up to seve n mas ks can be ass ig ned t o an i ngr ess or e gress ACL. • Packet s cross ing a port are che c[...]
-
Seite 637
MAC ACL S 24-23 Example This examp le s ho ws ho w to creat e an I ngress MA C A CL and bin d it t o a port. You can then see t hat the o rder o f the rules have b een ch anged by the mas k. Console(config)#access- list mac M4 Console(config-mac-acl) #permit any any Console(config-mac-acl) #deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any v[...]
-
Seite 638
A CCESS C ONTR OL L IST C OMMANDS 24-24 This examp le cre ates an Egress MA C A CL. show access -list mac mask-precedence Th is comm and shows the ing r ess or e g ress r ule masks for MA C A CL s . Synta x show access- list mac mask-precedence [ in | out ] • in – Ingr ess mas k pr eceden ce for i ngr ess A CLs. • out – Egres s mask prece d[...]
-
Seite 639
MAC ACL S 24-25 mac acc ess-group Th is comm and binds a por t to a MA C A C L. Use the no for m to remo ve the p or t. Synta x mac access-gro up acl_ nam e in • acl_na me – Name of th e ACL. (Maximum le ngth: 1 6 characte rs) • in – Indic ates that th is list applies to ingress packe ts. Default Setting None Command Mode Inte rface C onfig[...]
-
Seite 640
A CCESS C ONTR OL L IST C OMMANDS 24-26 show mac a ccess-gro up This co mmand sh ow s th e ports as sign ed to M A C A C Ls . Command Mode Pri vile ged Ex ec Example Related Commands mac access-g roup (24-25) ACL Informatio n Th is section d escribes c ommands used to dis play A CL infor mation. show access -list Th is command shows all IP A CLs an[...]
-
Seite 641
ACL I NFOR MATION 24-27 Example show access-group Th is comm and shows the por t as signment s of IP A CLs . Command Mode Pri vile ged Ex ecuti ve Example Console#show access-lis t IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255 .255.15.0 IP extended access-list bob: permit 10.7.1.1 255.2 55.255.0 any permit 192.168.1.0 2[...]
-
Seite 642
A CCESS C ONTR OL L IST C OMMANDS 24-28[...]
-
Seite 643
25-1 C HAPTER 25 I NTERFACE C OMMANDS These comm ands are us ed to d ispla y o r set comm unication par ameters for an Eth ernet port, ag g regated link, o r VLAN . Table 25-1 Interface Commands Command Function Mode Page interface Conf igures an interface type and enters interface config uration mode GC 25-2 descriptio n A dds a descriptio n to an[...]
-
Seite 644
I NTE RF A CE C OMMANDS 25-2 interface This com mand con fig ures an inter face type and ente r inter face config urati on m ode. Use the no for m to remo v e a tr unk. Synta x interf ace interfac e no interface port-channel cha nnel -id • interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 [...]
-
Seite 645
DESC RI PTI ON 25-3 description This comma nd adds a des criptio n to an i nter face . Us e the no for m t o remove the de scri ption. Synta x description str in g no description string - Commen t or a desc ription t o help you rememb er wha t is attached to this int erface. (Range : 1-64 characters) Default Setting None Command Mode Inte rface C o[...]
-
Seite 646
I NTE RF A CE C OMMANDS 25-4 Default Setting • A uto -negotiat ion is permane ntly disa bled on Ports 1-16, and enabled by default on Por ts 17-19. • When auto-n egot iati on i s disa bled , the defau lt sp eed -dup lex se ttin g is: - Fast Ethe rne t ports – 100full (100 Mbps full-duplex) - Gigabit E thernet ports – 1000full (1 Gbps full-d[...]
-
Seite 647
NE GOTIATION 25-5 negotiation Th is command enable s autoneg otiation for a giv en interface. Use the no form to d isab le a utonegotia tio n. Synta x [ no ] negotiation Default Setting P or ts 1-16: Perm anently disabled P or ts 17-19: Enabled Command Mode Inter face Con figuration (Ether ne t - P or ts 17- 19, P ort Channel) Command Usage • 100[...]
-
Seite 648
I NTE RF A CE C OMMANDS 25-6 capabilities Th is command advertise s the po rt ca pabilities of a given interface during au tone gotia tio n. Use the no for m w ith par ameters to remove an advert ised capabilit y , or the no for m without p aramete rs to restor e the d efault values . Synta x [ no ] capa biliti es { 1000full | 100f ull | 100hal f |[...]
-
Seite 649
FLOWCONTR OL 25-7 manually sp ecify t he lin k att ributes with the speed-duplex and flow co nt ro l commands. Example Th e follo wing example configures Ether net por t 5 capabilities to include 100half and 100full. Related Commands neg otiation (25-5) speed-duplex (25-3) flowco ntrol (25-7) flowcontrol This comma nd ena bles flow con trol. Use t [...]
-
Seite 650
I NTE RF A CE C OMMANDS 25-8 • To force flow cont rol on or of f (w ith t he flowcontrol or no flow co nt ro l com mand ), use the no negotiation command to disable auto-neg otiat ion on the sele cted in terfac e. • When u sin g th e negotiation command to ena ble aut o-neg otiat ion, the op timal sett ings will be d etermined by th e capabi li[...]
-
Seite 651
SWITCHPOR T MDIX 25-9 • copper-forced - Always uses the built -in RJ-45 port. • sfp-forced - Al ways uses the SFP port (even if mod ule not installed). • sfp-preferred- auto - Uses SFP po rt if both comb ination types are functioning and the SFP port has a valid link. Default Setting sfp-pr eferred-auto Command Mode Inter face Con figuration [...]
-
Seite 652
I NTE RF A CE C OMMANDS 25-10 Command Mode Int erface Co nf igur atio n (E thernet - P or t 1 7-18 ) Command Usage Auto-ne gotiatio n must be e nabled to use the “aut o” option for this comm and . It must be di sa bled to fo rce th e pin ou t set ting to on e o f the fixed modes of “no rmal” (MDI) or “crossover ” (MDI-X). One s ide o f [...]
-
Seite 653
SW ITC HPO RT PACK ET - RATE 25-11 Example The follo win g example di sabl es port 5. switchport packet-rate This com mand con fig ures b roadcas t and m ulticast and un kno wn unicast storm control . Use the no for m to re store the defau lt setting. Synta x switchport { broadcast | mult ica s t | unknown-unicast } packet-rate ra te no s witchpor [...]
-
Seite 654
I NTE RF A CE C OMMANDS 25-12 Example The following shows ho w to configure broadcast storm control at 600 packet s per se con d: clear counters This com mand cl ears st atis tics on an interfa ce . Synta x clear counters in terface interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) •[...]
-
Seite 655
SHO W IN TE R FA C ES STATUS 25-13 show i nterfa ces st atus Th is command displays the status for an interface. Synta x sho w interfaces status [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Range: 1-12) • vlan vlan-i d (Range: 1-4093)[...]
-
Seite 656
I NTE RF A CE C OMMANDS 25-14 Example show interfaces counters Th is command displays interface statistic s . Synta x show interfaces counter s [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Range: 1-12) Default Setting Shows the counters[...]
-
Seite 657
SHOW IN TE R FA C ES COUN TERS 25-15 Command Mode Nor m al Exe c, Pri vileged Exec Command Usage If no inte rface is specified , infor mation on all in terfaces is dis played. F or a descri ptio n of t he items dis play ed b y thi s co mmand, s ee “Showing Port S tatistic s” on pag e 9-29. Example Console#show interfaces counters ethernet 1/17 [...]
-
Seite 658
I NTE RF A CE C OMMANDS 25-16 sho w interfa ces swit chpo rt Th is command displays the adminis trati ve and ope rational status of the specified interfaces . Synta x show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-[...]
-
Seite 659
SHOW INTERFAC ES SWITCHPORT 25-17 Table 25-2 show interfaces switchport - display description Field Description Broadcas t threshol d Shows if broadc ast storm suppression is enabled or disabl ed; if enabl ed it also shows the thre shold level (page 25-11). LACP status Shows if Link Aggregation Control Protocol ha s been en able d or di sab le d (p[...]
-
Seite 660
I NTE RF A CE C OMMANDS 25-18[...]
-
Seite 661
26-1 C HAPTER 26 L INK A GGREG ATION C OMMANDS P or ts c an be statically g ro uped into an ag g reg ate link (i.e., tr unk) to incre ase t he band widt h of a ne twork conne ction or to en sure fa ult recover y . Or you c an use the Link Ag g reg a tion Con trol Pr otocol ( LA CP) to auto matically neg otiate a tr unk lin k between this sw itch an[...]
-
Seite 662
L IN K A GG R E G A T I O N C OMMANDS 26-2 Guidelines for Creating Trunks General Guidelines – • Finish co nfig uri ng port tr unks be fore you con nect the co rresp on ding netw ork ca ble s bet ween swit ches to a voi d creat in g a l oop. • A trunk can have u p to 8 ports. • The port s at bo th en ds of a conn ectio n mus t be co nfigu r[...]
-
Seite 663
CHANNEL - GR OUP 26-3 • If the port chann el admi n key (lacp adm in key - Port Chann el) is not set w hen a channe l group is formed (i.e., it has t he null value o f 0), this key is s et to t he same value a s th e port ad min key (la cp adm in key - Ether net Int erf ace) used by the in terfac es th at joi ned the g roup. • However, if the p[...]
-
Seite 664
L IN K A GG R E G A T I O N C OMMANDS 26-4 Example The follo wing exampl e crea tes t r unk 1 a nd then add s port 11: lacp This comm and enables 802.3ad Link Ag g reg ation Control Protocol (LA CP) for th e cur re nt inter face. Use the no for m to disable it. Synta x [ no ] lacp Default Setting Disabled Command Mode Int erface Co nf igur atio n ([...]
-
Seite 665
LACP 26-5 Example Th e fo llowing shows LA CP ena bled on po rts 10- 12. Bec aus e LA CP has also been e nabl ed on the p orts at th e oth er end of the li nks , the show interfaces status por t-channel 1 comman d shows tha t T r un k1 has been establish ed. Console(config)#interfa ce ethernet 1/10 Console(config-if)#lacp Console(config-if)#exit Co[...]
-
Seite 666
L IN K A GG R E G A T I O N C OMMANDS 26-6 lacp system-priority This comman d confi gure s a port's LA CP syste m prio rity . Use the no for m to re stor e the defa ult se tting . Synta x lac p { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The lo cal si de an a ggregate li nk. • partne[...]
-
Seite 667
LACP ADMI N - KE Y (E THER NE T I NTERFACE ) 26-7 lacp admin-key (Ethernet In te rfa ce) Th is comm and configur es a po rt 's LA CP admi nistr ation key . Us e the no for m to restor e the d efault set ting . Synta x lac p { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The lo cal si de an a ggregat[...]
-
Seite 668
L IN K A GG R E G A T I O N C OMMANDS 26-8 lacp admin-key ( Port Channel) This comma nd con figures a port c hannel 's L A CP adminis trati on k ey st ring . Use the no for m t o restore the de fault s etting . Synta x lacp admin-k e y ke y [ no ] lacp admin-k ey key - Th e por t channe l admi n key is used to i denti fy a sp ecific link ag gr[...]
-
Seite 669
LACP POR T - PRIO RITY 26-9 lacp port-prio rity This comman d con figu res LA CP p ort priori ty . Use th e no for m t o r es to re the d efault s ettin g . Synta x lac p { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The lo cal si de an a ggregate li nk. • partner - The remo te side of an agg[...]
-
Seite 670
L IN K A GG R E G A T I O N C OMMANDS 26-10 sho w lac p Th is command displays LA CP infor mati on. Synta x sho w lacp [ po r t -chann el ] { co unters | inter nal | neighbors | sys-id } • port-chan nel - Local identifier for a link aggregation group. (Range: 1-12) • counters - Statistic s for LACP protoc ol messa ges. • inter nal - Co nfig u[...]
-
Seite 671
SHOW LACP 26-11 Table 26-2 show lacp counte rs - display description Field Description LACPDUs Sent Number of valid LA CPDUs transm itted from this ch annel group. LACPDUs Received Number of valid LACP DUs received on this ch annel group. Marker S ent Numbe r of vali d Ma rker PDU s tran smitted fr om t his channel gr oup. Marker Receive d Number o[...]
-
Seite 672
L IN K A GG R E G A T I O N C OMMANDS 26-12 LACPDUs Inte rnal Number of seconds bef ore invalidating rec eived LACPDU informat ion. LACP System Priority LACP system priority assigned to this port chann el. LACP Port Priority LACP port prio rity assigned to this interface within the channel group. Adm in S tat e, Oper Sta te Administrat ive or opera[...]
-
Seite 673
SHOW LACP 26-13 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------- ---------------------------------- Eth 1/1 --------------------------------- ---------------------------------- Partner Admin System ID: 3276 8, 00-00-00-00-00-00 Partner Oper System ID: 3276 8, 00-01-F4-78-AE-C0 Partner Admin Port Number: 2 Par[...]
-
Seite 674
L IN K A GG R E G A T I O N C OMMANDS 26-14 Console#show lacp sysid Port Channel System Priority System MAC Address ----------------------- ------------------------------------ -------- 1 32768 00-30-F1-8F-2C-A7 2 32768 00-30-F1-8F-2C-A7 3 32768 00-30-F1-8F-2C-A7 4 32768 00-30-F1-8F-2C-A7 5 32768 00-30-F1-8F-2C-A7 6 32768 00-30-F1-8F-2C-A7 7 32768 [...]
-
Seite 675
27-1 C HAPTER 27 M IRRO R P ORT C OMMANDS Th is sec tion des crib es how to mir ror tr affic from a sourc e por t to a targ et por t. port monit or This comma nd confi gures a mirror sessi on. Use th e no for m to clear a mir ror session . Synta x por t moni tor interface [ rx | tx | both ] no por t mo nitor interface • interface - et hernet un i[...]
-
Seite 676
M IR R OR P ORT C OMMANDS 27-2 Command Usage • You ca n mirror traffic fro m any sourc e port to a destina tion port for real-time analys is. You can then at tach a log ic analyz er or RM ON pr obe to the dest ination port and stu dy the tr affic cros sing th e sou rce port in a comple tely unobtrusive manner. • The dest inatio n port is set by[...]
-
Seite 677
SHOW POR T MONITOR 27-3 Command Usage This comman d d ispl ays the cu rrently co nfig ured so urce p ort, destina tion por t, and m ir ror m ode (i.e., RX, TX , RX/TX). Example The fol lo wing sho w s mirrorin g co nfig ured fr om po rt 6 to port 11: Console(config)#interfa ce ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(confi[...]
-
Seite 678
M IR R OR P ORT C OMMANDS 27-4[...]
-
Seite 679
28-1 C HAPTER 28 R ATE L IMIT C OMMANDS Th is func tion allows the network manag er to cont rol the ma ximum rate for traffic transmitted or receiv ed on an interface . Rate limitin g is config ured on inter faces at the edg e of a network to limit traff ic int o or out of the network. T raffic that falls within the rate lim it is transmitted, w hi[...]
-
Seite 680
R ATE L IM IT C OMMANDS 28-2 rate-limit Th is command define s the rate limit for a spec ific interface. Use this comm and wi thout spec ifying a rat e to restore th e default ra te . Us e the no for m to res tore the d efault st atus of d isabled . Synta x rate-l imit { input | output | vlan vlan -id } [ rate ] no rate-l imit { input | output | vl[...]
-
Seite 681
RATE - LIMIT TRAP - INPUT 28-3 rate-limit t rap-input This com mand sets an SNMP trap i f traffi c ex c eeds t he co nfigur ed r ate limit. Use the no for m t o restore th e default settin g . Synta x rate-limit snmp-tr ap-input [ up uppe r-discard-b oundary down l ower-discard-bou ndary ] no snmp-rate-li mit trap-input • upper-dis card-bounda ry[...]
-
Seite 682
R ATE L IM IT C OMMANDS 28-4 • For furthe r inf ormatio n on the type of notific ation messa ges that c an be sent by the system, refer to the info rmation about tr ap and inform message s d escri bed u nder the snmp-serv er host comm and on page 21-6. Example This examp le sets an upper discard boundar y of 500 packets / 10 seconds , and a low e[...]
-
Seite 683
29-1 C HAPTER 29 VDSL C OMMANDS VDSL co mm unic atio n para meters can be set for indi vid ual p orts , or multiple parameters c an be defined in a profile and applied globall y to the swit c h or to a group o f po r ts . Al ar m thr esho lds c an b e de fine d in a prof ile and the n applied globally t o the sw itch or to selecte d por ts . T he s[...]
-
Seite 684
VDSL C OMMAN DS 29-2 Long-Reach Ethernet Comm ands Th is section d escribes how to config ure communication paramet ers for VDSL p orts suc h as spec ifying dat a ba nd usa ge plan s , setti ng not ch es with in th e fre quency bands to a void i nter fere nce wi th ham r adio signa ls , settin g a ma sk for po w er spe ctral dens ity t o meet r egi[...]
-
Seite 685
L ONG -R EACH E THER NET C OMMAN DS 29-3 lre max- power Sets the maximum aggreg ate downstream or upstream power GC/IC 2 9-22 lre min-protection Configures the minimu m level of impulse noise protect ion for all bearer chan nels IC 29 -23 lre channel Sets the channel mod e to fast or interleaved IC 29 -24 lre in ter lea v e-ma x -de lay Sets the ma[...]
-
Seite 686
VDSL C OMMAN DS 29-4 lre band-plan This comman d set s the frequ enc y bands used fo r VDS L sign als b ased o n a set of pr edef ined plan s . Use th e no for m to res tore the default s tatus . Synta x lre band-plan valu e no lre band-plan va lu e – In dex for a predef ine d ban d plan. (See T able 29-3, “VDSL2 Band Plans , ” o n page 29-5.[...]
-
Seite 687
L ONG -R EACH E THER NET C OMMAN DS 29-5 Example This example sets the band plan to 998-640-30000. Related Commands show lre (29-79) Ta bl e 29- 3 V D SL 2 B and Pl an s Index D esignator Number of Bands Reference Docu men t 3 99 8-138-8500 Long Reach 3 4 99 8-138-12000 High Data Rate 4 5 99 8-640-30000 100/100 6 (US1-3, DS1- 3) G.993.2, Annex C 6 [...]
-
Seite 688
VDSL C OMMAN DS 29-6 lre option-band This com mand sets t he frequ enc ies to be used f or th e opt ional Upst ream Band 0 (US0 ). Use the no for m to re store the defaul t status . Synta x lr e option-band va l u e no lre opti on- ba nd va lu e – Index of p rede fin ed fr equen cy bo und s for US0. No te th at eac h opti on incl udes a ra nge fo[...]
-
Seite 689
L ONG -R EACH E THER NET C OMMAN DS 29-7 lre ham-band Th is command sets the Handhe ld Amateur Rad io (HAM ) band th at will be blocked to V DSL s ignals based on de fined freq uencie s . Use the no for m to restor e the default status . Synta x lre ham-band va l u e no lre ham-band va lu e – HAM ba nd mas k. (See T able 29-4, “HAM Band Notc he[...]
-
Seite 690
VDSL C OMMAN DS 29-8 4 RFI-BAND04 3.500 - 3.575 MHz AN NEX F 5 RFI-BAND05 3.500 - 3.800 MHz ETSI 6 RFI-BAND06 3.500 - 4.000 MHz T1E1 7 RFI-BAND07 3.747 - 3.754 MHz ANNEX F 8 RFI-BAND08 3.791 - 3.805 MHz ANNEX F 9 RFI-BAND09 7.000 - 7.100 MHz ANNEX F , ETSI 10 RFI-BAND10 7.000 - 7.300 M Hz T1E1 11 RFI-BAND11 10.100 - 10.1 50 MHz ANNEX F, ETSI, T1E1 [...]
-
Seite 691
L ONG -R EACH E THER NET C OMMAN DS 29-9 Example This ex amp le set s a HA M ban d no tc h in the trans mitt ed po wer s pectrum in the 10.000 - 10.150 MHz transmissio n band (also called the 30 meter ban d). Related Commands show lre ham- band (29 -6 4) lre region-ham-band (29-9) lre region-ham- band Th is command sets the ham radio band that will[...]
-
Seite 692
VDSL C OMMAN DS 29-10 • Usi ng a HAM ba nd mask p revent s int erferen ce wi th o ther sys tem s (e.g., amateu r radi o) that use n arrow ba nd tra nsmiss ion in th e VDSL frequency band. The sele cted frequency range will not be used to transmit d ata on t he VDSL line. Y ou may need t o specif y a mask if required by lo cal regulation s or i f [...]
-
Seite 693
L ONG -R EACH E THER NET C OMMAN DS 29-11 18 RFI- BAND18 10.005 - 10.1 00 MHz Aerona utical Communica tions 19 RFI- BAND19 10.100 - 10.150 MHz A mateur Radio 20 RFI- BAND20 11.175 - 11.4 00 MHz Aerona utical Communica tions 21 RFI- BAND21 11.600 - 12.1 00 MHz DRM Radio 22 RFI- BAND22 12.570 - 12.585 MHz GMDSS 23 RFI- BAND23 13.200 - 13.3 60 MHz Aer[...]
-
Seite 694
VDSL C OMMAN DS 29-12 Example This ex amp le set s a HA M ban d no tc h in the trans mitt ed po wer s pectrum to a void i nte rfer ence w ith CB radi os . Related Commands show lre regio n-ham-band (29-65) lre ham-band (29-7) lre psd-breakpoints This comma nd set s the num ber of frequen cy bre akpoi nts in the PSD mask. Use the no for m to res tor[...]
-
Seite 695
L ONG -R EACH E THER NET C OMMAN DS 29-13 PSD Mask re quired for compl iance wit h local regulatio ns, or set mask limi ts f or ups tream p ower b ackoff. T he meth od s use d to calculat e these various PSD mask s, and local regulation s governing the power spectrum used on VDSL lines are all d escribed in ITU-T G.993.2. • Breakpo ints can be ap[...]
-
Seite 696
VDSL C OMMAN DS 29-14 Command Mode Glob al Conf igura tion Inte rface Co nf igur atio n (V DSL P ort) Command Usage • Ent er thi s comm and i n gl oba l conf igurat ion m ode t o conf igure freque ncy breakp oin ts for al l VD SL por ts, or in in terfac e mode t o configure them fo r a specific VDSL port. • The n umbe r of bre akpoint s us ed i[...]
-
Seite 697
L ONG -R EACH E THER NET C OMMAN DS 29-15 lre psd-value This com mand define s a po w er lev el for eac h of t he PSD brea kpoi nts . Use the no for m to restor e the defa ult settin g . Synta x lre psd-v a lue breakpoint psd-v al ue no lre psd-v alue breakpoint • br e akpoin t – Fr equency b rea kpoi nt withi n t he power s pect ral dens ity ([...]
-
Seite 698
VDSL C OMMAN DS 29-16 Example The fol lo wing sets a PSD v alue f or th e fr equency ba nd bo und ed b y breakpoints 1 and 2 to -20 d Bm/Hz on VDSL port 1. Related Commands lre psd-breakpoints (29-12) lre psd-frequen cies (29-13) show lre psd (29-67) lre p sd -mask -l evel (2 9-1 6) lre psd-mask- level This comma nd sets a pred efined PSD mask. Use[...]
-
Seite 699
L ONG -R EACH E THER NET C OMMAN DS 29-17 • Th e foll owing tabl e li sts th e pr edefine d ba nd p lans. Example The follo win g specifies a predefin ed mask based on An nex F of ITU-T G . 993.1 for use on VDSL por t 1. Related Commands show lre psd-mask-lev el (29-68) lre psd-breakpoints (29-12) lre psd-frequen cies (29-13) lre psd-v alue (29-1[...]
-
Seite 700
VDSL C OMMAN DS 29-18 lre pbo-config Th is comm and se ts a mask to re duce th e power sp ectral d ensity ( PSD ) of tran smit ted sig nals at speci fie d fr equency b reakp oin ts fo r ups tream po wer backoff. U se the no for m to r estore th e default s tatus . Synta x lre pbo-config K1[0] Rx _PSD 1 K1[1 ] Rx_P SD 2 K1[2 ] Rx_PSD 3 K1[3] Rx _PSD[...]
-
Seite 701
L ONG -R EACH E THER NET C OMMAN DS 29-19 • The transceive r will adjust its transmitte d signal to conform to the powe r limitatio ns set by the lre pbo-c onfig command . • If up stre am powe r ba ckoff i s ena bled with the l re upbo command (page 29-19), th e transceiver will auto matic ally reduce the PSD at each freq uenc y break point se [...]
-
Seite 702
VDSL C OMMAN DS 29-20 Command Usage • Enter this co mmand in g lobal co nfigur ation mode to enab le upstr eam power back off for all VDSL ports, or in interface mo de to enable it fo r a V DSL p or t. • Ups tr eam powe r ba ckoff (U PBO) sho uld be con fig ured wh en th ere are VDS L co nnect ion s of dif fere nt len gths at tach ed to this sw[...]
-
Seite 703
L ONG -R EACH E THER NET C OMMAN DS 29-21 lre tone Th is comm and disab les VDSL sig nals at f reque ncies less than or equa l to 640 KHz, 1.1 MHz or 2.2 MH z. Use the no for m to restore the d efault sett ing . Synta x lr e to ne { tx | rx } va l u e no lre tone { tx | rx } • tx – Down stre am ban d pl an. • rx – U pstr eam band pla n. •[...]
-
Seite 704
VDSL C OMMAN DS 29-22 Example Th e fo llowing dis able s all tone bene ath 640 kHz o n the u pstre am ba nd plan. Related Commands show lre tone (29-71) lre max-power This comma nd sets the maxim um ag g regate dow nstream or ups tream po w er . Use th e no for m to r estore the de fault set ting . Synta x lr e m ax -p ower { down | up } val u e no[...]
-
Seite 705
L ONG -R EACH E THER NET C OMMAN DS 29-23 Example Th e follo wing sets the maximum downstream power on por t 1 to 14.5 dBm . lre min-pro tection This comma nd con fig ures the minim um level of impulse noise pro tection for all bear er c hann els . Use the no fo r m to re store t he def ault se tti ng . Synta x lre min-pr otection { down | up } val[...]
-
Seite 706
VDSL C OMMAN DS 29-24 • Note that th is parameter onl y applies to int erleaved channe ls. Refer to ITU-T G.993.2 for a full description of the methods used to calculate th e mini mum leve l of imp ulse no ise pr otect ion. Example lre channel This com mand set s t he c hann el mod e to f ast o r inte rlea v ed. Use th e no for m to restor e the [...]
-
Seite 707
L ONG -R EACH E THER NET C OMMAN DS 29-25 Related Commands lre interlea ve -max-delay (29-25) lre interleave-m ax-delay This com mand set s t he maxim um interl eav e dela y . Us e th e no for m to restor e the d efault s tatus . Synta x lre inter leav e-max-delay { do wn | up } val u e no lre inter leav e-max- delay { down | up } • down – Down[...]
-
Seite 708
VDSL C OMMAN DS 29-26 Related Commands lre ch annel (29-24) show lre interlea v e-max-delay (29-72) lre datarate Th is command specifies the minimum and maximum data rate for dow nstream an d upstr eam fast or slo w (in terlea v ed) c hannels . Use the no for m to restor e the d efault set ting . Synta x lre datarate { down | up } { slo w | fas t }[...]
-
Seite 709
L ONG -R EACH E THER NET C OMMAN DS 29-27 Example Th e following se ts the mi nimum and maximum da ta rates fo r the downst ream fast chan nel on por t 1. Related Commands show lre rate-ad aption (29-75 ) show lre datar ate ( 29-73) lre rate-set (29-27) lre rate-set Th is comm and sets th e maximum inp ut and ou tput data rates for the VDSL po r ts[...]
-
Seite 710
VDSL C OMMAN DS 29-28 Related Commands lre datara te (29-26) lre noise-mgn targ et This com mand con fig ures t he ta rgeted si gnal -to-no ise m argi n that VDSL por ts must ac hieve to succes sfully com plete initializatio n. Use the no for m to re stor e the defa ult se tting . Synta x lre noise -mgn target { down | up } valu e no lre noise-mgn [...]
-
Seite 711
L ONG -R EACH E THER NET C OMMAN DS 29-29 lre noise-mgn min This com mand con figures the mini m um acceptab le si gnal-t o-nois e mar gin. Use the no for m to resto re the default settin g . Synta x lre noise -mgn min { down | up } va lue no lre noise-mgn min { down | up } • down – Down strea m bands. • up – Upst ream bands . • va lu e ?[...]
-
Seite 712
VDSL C OMMAN DS 29-30 lre shutdo wn Th is com mand shut s down a VDS L por t. U se t he no f o r m t o re - e n a b l ed a por t. Synta x [ no ] lre shutdown Default Setting All VDS L por ts are op eratio nal Command Mode Inte rface Co nf igur atio n (V DSL P ort) Command Usage Use this command to d isabl e the VD SL chipse t transm itter of a VD S[...]
-
Seite 713
L ONG -R EACH E THER NET C OMMAN DS 29-31 Command Mode Inte rface Co nf igur atio n (V DSL P ort) Command Usage Use th is com mand to trou bleshoo t VDS L conn ecti on or perfor manc e proble ms . Example lre auto-retraining Th is command initiates auto matic retrain ing to fin d the optimal transmiss ion rate when the sw itch re-establishes th e l[...]
-
Seite 714
VDSL C OMMAN DS 29-32 Related Commands lre datara te (29-26) lre retraining Th is command manually initiates t he rate adaptation meth od to find the optimal transm ission rat e based on exist ing line cond itions . Use the no for m to disa ble thi s feature. Default Disabled Command Mode Inte rface Co nf igur atio n (V DSL P ort) Command Usage •[...]
-
Seite 715
L ONG -R EACH E THER NET C OMMAN DS 29-33 lre rate-adaption This co mmand ena bles auto matic lin e ra te ad aptat ion , wh ic h can set th e optimal transm ission rat e based on exist ing line cond itions . Use the no for m to disa ble thi s feature. Synta x [ no ] lre rate-adaption Default Setting Ena bled Command Mode Glob al Conf igura tion Int[...]
-
Seite 716
VDSL C OMMAN DS 29-34 Related Commands lre datara te (29-26) show lre rate-ad aption (29-75 ) lre apply Th is command applies all glo bal VDSL settin gs to each VDSL por t on t he switch or to a specified por t, overwriting any previous sett ings config ured for specific interfaces . Use the no for m to res tore th e defau lt set ting . Command Mod[...]
-
Seite 717
L INE P RO FI L E C OMMAN DS 29-35 Line Profil e Commands Th is section d escribes how to configure a list o f communication para meters such as da ta ra tes and acce pt able noi se ma rgins which can b e appli ed t o a ll VD SL po r ts or to a s ele cted group of p orts . Table 29-7 Line Profile Commands Command Function Mode Page line-profi le E [...]
-
Seite 718
VDSL C OMMAN DS 29-36 line-profile Th is command ente rs VDSL Line Prof ile configuration mode. Synta x lin e- pro fil e pr ofile-name pr ofil e-name – Name of the profile. (Rang e: 1-31 alphanumeric cha ra c te rs ) Command Mode Glob al Conf igura tion Command Usage All command s entered in this mode are stored und er the named p rofile , and ta[...]
-
Seite 719
L INE P RO FI L E C OMMAN DS 29-37 Example Th e fo llowing cre ates a VDSL line pr ofile name d so uthp ort . Related Commands show lre line-profile (29- 77) lre line-profile Th is command applies a line profile to selected VDSL por ts . Us e the no for m to r esto re th e defaul t s ettin gs fo r the sel ected ports . Synta x [ no ] lre line- prof[...]
-
Seite 720
VDSL C OMMAN DS 29-38 Example Th e following applies the line profile named so uthpor t to all VDSL por ts . band-plan This comman d set s the frequ enc y bands used fo r VDS L sign als b ased o n a set of pr edef ined plan s . Use th e no for m to res tore the default s tatus . Synta x band-plan va l u e no band-plan va lu e – In dex for a prede[...]
-
Seite 721
L INE P RO FI L E C OMMAN DS 29-39 option-band This com mand sets t he frequ enc ies to be used f or optio nal Upstr eam Band 0 (US0 ). Use the no for m to re store the defaul t status . Synta x option-band va l u e no option-band va lu e – Index of p rede fin ed fr equen cy bo und s for US0. (Options: 0 - No optiona l band 1 - ITU-T G993.2, Anne[...]
-
Seite 722
VDSL C OMMAN DS 29-40 ha m- ba nd Th is command sets the Handhe ld Amateur Rad io (HAM ) band th at will be blocked to V DSL s ignals based on de fined freq uencie s . Use the no for m to restor e the default status . Synta x ham-band valu e no ham-band va lu e – HAM ba nd mas k. (See T able 29-4, “HAM Band Notc hes , ” on page 29-7.) Default[...]
-
Seite 723
L INE P RO FI L E C OMMAN DS 29-41 region-ham-b and Th is command sets the ham radio band that will be bl ocke d to VDSL sign als based on def ine d usage ty pes . Use t he no for m to rest ore t he default s tatus . Synta x region-ham-band val u e no r e gio n-h am -b and va lu e – HAM ba nd m ask f or d esig nat ed us age ty pe . (See T able 29[...]
-
Seite 724
VDSL C OMMAN DS 29-42 tone Th is comm and disab les VDSL sig nals at f reque ncies less than or equa l to 640 KHz, 1.1 MHz or 2.2 MH z. Use the no for m to restore the d efault sett ing . Synta x lr e to ne { tx | rx } va l u e no lre tone { tx | rx } • tx – Down stre am ban d pl an. • rx – U pstr eam band pla n. • valu e – Index of low[...]
-
Seite 725
L INE P RO FI L E C OMMAN DS 29-43 Example Th e fo llowing dis able s all tone bene ath 640 kHz o n the u pstre am ba nd plan. Related Commands lre tone (29-21) max-power This comma nd sets the maxim um ag g regate dow nstream or ups tream po w er . Use th e no for m to r estore the de fault set ting . Synta x max-power { do wn | up } va lu e no ma[...]
-
Seite 726
VDSL C OMMAN DS 29-44 min-prot ection This comma nd con fig ures the minim um level of impulse noise pro tection for all bear er c ha nnels . Us e th e no fo r m to r est or e the def au lt sett ing . Synta x min-protecti on { down | up } va l u e no max-pow er { dow n | up } • down – Down strea m bands. • up – Upst ream bands . • va lu e[...]
-
Seite 727
L INE P RO FI L E C OMMAN DS 29-45 Related Commands lre min -pr ot ecti on ( 29- 23) channel This com mand set s t he c hann el mod e to f ast o r inte rlea v ed. Use th e no for m to restor e the d efault sta tus . Synta x channel mode no channel mode – Ch anne l m ode (O pti on s: f ast , i nte rlea v e) Default Setting interleav ed Command Mod[...]
-
Seite 728
VDSL C OMMAN DS 29-46 down/up-max-int er-delay These com man ds se t the ma xim um inter lea v e dela y on a do wn stre am/ upstream c hann el. Use t he no for m to resto re the defaul t settings to the profil e. Synta x { down | up } - max-inter -delay va lu e no { down | up } -m ax -in ter-d el ay • down – Down strea m bands. • up – Upst [...]
-
Seite 729
L INE P RO FI L E C OMMAN DS 29-47 Related Commands lre interlea ve -max-delay (29-25) down/up-fast /slow-max/min-datar ate Th ese commands s et the maximum/minimum data rate on a fast/s lo w dow nstream/ups tream c hannel. Use the no for m to restor e the defa ult settings to the profile. Synta x { down | up }-{ fa s t | sl ow }-{ max | min } -dat[...]
-
Seite 730
VDSL C OMMAN DS 29-48 Example Th e following se ts the mi nimum and maximum da ta rates fo r the downst ream fast chan nel on por t 1. Related Commands lre datara te (29-26) down/up-target -noise-mgn These com mands set t he target ed sign al-to -no ise mar gin that V DSL po r ts must achiev e to successfully co mplete ini tialization on a downstre[...]
-
Seite 731
L INE P RO FI L E C OMMAN DS 29-49 Example Th e follo wing sets an SNR o f 12 dB for the downstream c hannels and 18 dB for the upstream chann els . Related Commands lre noise-mgn targ et (29-28) down/up-min- noise-mgn These com man ds se t the mi ni mu m accepta ble sign al-to -no ise marg in on a dow nstream/ups tream c hannel. Use the no for m t[...]
-
Seite 732
VDSL C OMMAN DS 29-50 • When ra te adap tation is enabled (see Comman d Usage, pag e 29-32), the sig nal-to-n oise ratio ( SNR) is an in dicator of link quality. The switch its elf has no internal fun ctions to ens ure link quality. T o ensure a stable link, you should add a margin to the the oretical minimum signal -to-no ise rat io (SNR) . Exam[...]
-
Seite 733
A LA R M P RO FI L E C OMMAN DS 29-51 Alarm Pr ofile Commands Th is sect ion describe s how to c onfigur e a lis t of thre shold v alues for er ror stat es w hich can be applie d a ll VDS L por t s or to a sele cted g rou p of po rts. Table 29-8 Alarm Profile Commands Comma nd Func tion Mode Page alarm-profi le Ent ers VDSL Line Alar m configuratio[...]
-
Seite 734
VDSL C OMMAN DS 29-52 alarm-profile Th is command ente rs VDSL Alar m Profile configuration mo de. Use the no for m to delete an alar m profile . Synta x [ no ] alar m-profile pr ofile -name pr ofil e-name – Name of the profile. (Rang e: 1-31 alphanumeric cha ra c te rs ) Command Mode Glob al Conf igura tion Command Usage All command s entered in[...]
-
Seite 735
A LA R M P RO FI L E C OMMAN DS 29-53 Command Usage First cre ate a pr ofile of VDSL alar m thr esholds using th e oth er commands describ ed in this section , then enter Global Configuratio n mode to app ly the profil e to all VDSL por ts on th e sw itch using the lre alar m-profile comma nd. Or us e the interf ace c o m m a n d t o s e l e c t a [...]
-
Seite 736
VDSL C OMMAN DS 29-54 the s tatus o f remo te t ransce ivers is ob tained via t he embed ded operation c hannel (EOC), this in formation may be unavailable for units that are unr eachab le via the EOC d uring a line error c ondition. There fore , no t al l condi tion s m ay alw ays be inc luded in its cur rent status . • This comman d sets the th[...]
-
Seite 737
A LA R M P RO FI L E C OMMAN DS 29-55 Command Usage • An E rror ed Seco nd is a one-s econd inter val co nta ining on e or m ore CR C anoma lies, or one or more Los s of Si gnal (LOS) or Lo ss of Framing (LOF ) defects. • This command sets the th res hold for the n umber of err ored s eco nds within any 15 minute co llection interval for perfor[...]
-
Seite 738
VDSL C OMMAN DS 29-56 Command Usage This comman d set s the t hresh old for th e n umber of seco nds d urin g which the re is loss of framing within an y 15 minute collecti on inter val for pe rfor mance data. If loss of fram ing in a pa rt icula r 15-mi nute coll ectio n in ter v al reac h es or e x ceeds this v alue, a v dslPe rfLofsT hreshNo tif[...]
-
Seite 739
A LA R M P RO FI L E C OMMAN DS 29-57 notification will be g enerated. (Refer to RFC 3728 for infor mation on this n otification me ssag e.) No more than on e notifica tion wi ll be sent per int er val. Example Th e following se ts the LOLs t hreshold to 15. thresh-15mi n-loss This comma nd set s the thres hold fo r L oss of Sig nal seconds (LOSs) [...]
-
Seite 740
VDSL C OMMAN DS 29-58 Example Th e following se ts the LOS s thresh old to 15. thresh-15mi n-lprs This com mand set s t he th resho ld for L oss of P ow er Seconds (LPRs) tha t can o ccur w ithi n any gi v en 15 min utes . Use the no for m to rest ore the defau lt setting . Synta x thresh-15min-lprs va lu e val ue – T hreshold for Los s of P o we[...]
-
Seite 741
A LA R M P RO FI L E C OMMAN DS 29-59 thresh-15min-sess This command set s the thresho ld for S ev erely E r rored Seconds (SESs) tha t can occur w ithi n any gi v en 15 m in ute s . Use th e no for m to res tore the defau lt setting . Synta x thresh-15min-sess va l u e val ue – Thre shold for Sev erely Er rored Se conds . (Range: 0-900 seconds; [...]
-
Seite 742
VDSL C OMMAN DS 29-60 thresh-15mi n-uass This comm and se ts th e thre sh old for Un a v aila ble Sec ond s (U ASs ) tha t c an occur withi n an y gi v en 15 m in utes . Use th e no for m to res tore the default sett ing . Synta x thresh-15min- ua ss value val ue – T hreshold for Una v ai lable S eco nds . (Range: 0-900 seconds; 0 disables the th[...]
-
Seite 743
D ISPLA YI N G VDSL I NFOR MATION 29-61 Displaying VDSL Inform ation Th is sectio n describe s the comm ands used to disp lay infor matio n on VDSL configurati on settings , signal status , and communication st atistics . Table 29-9 Commands for Displaying VDSL Information Co mman d Fun ctio n Mo de Pag e Displaying Configura tion Settings show lre[...]
-
Seite 744
VDSL C OMMAN DS 29-62 show lre band-p lan This comma nd disp la ys t he freq uency b ands us ed for V DSL si gnals . Synta x show lre band-pl an [ unit / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec show lre noise- mgn Displays the targete d signal -to-noise margin that VD[...]
-
Seite 745
D ISPLA YI N G VDSL I NFOR MATION 29-63 Command Usage • Us e this comma nd with out th e int erf ace param eter to disp lay t he band plans us ed for all VDS L por ts on the s witch , or wi th an inte rface to disp lay t he b and pl an used for a spe cific p ort. • The ba nd p lan optio ns prov ided by th is switch are de scribe d by ITU- T Sta[...]
-
Seite 746
VDSL C OMMAN DS 29-64 Command Usage • Use this comma nd witho ut th e inter face par ameter to display the option al US 0 ban d used for a ll VDSL p orts on the switc h, or w ith an int erface t o disp lay t he opt ional band used fo r a sp ecific po rt. • Re fer to th e lre opti on -ban d comma nd on pag e 29 -6 for a list of the freq uenc y b[...]
-
Seite 747
D ISPLA YI N G VDSL I NFOR MATION 29-65 Example Th is example sho ws that the HAM band in the 1.810 - 1.825 MHz ra nge is bl oc k ed to VDS L si gna ls f or P or t 1 . Related Commands lre ham-band (29-7) show lre region-ham-b and Th is command dis plays the HAM radio band that is blo cke d to VDSL sign als ba sed on def ine d usage t ypes . Synta [...]
-
Seite 748
VDSL C OMMAN DS 29-66 Command Usage • Use this comma nd witho ut th e inter face par ameter to display the HAM ban d usage filter us ed for all VD SL port s on the s witch, or with an interface to display the filter use d for a specific port. •R e f e r t o Table 29-5, “HAM Band Notches for Usage Types,” on page 29-10 for a list of th e st [...]
-
Seite 749
D ISPLA YI N G VDSL I NFOR MATION 29-67 Related Commands lre region-ham-band (29-9) sho w lre ps d Th is command displays the pow er level set for each of the PSD brea kpoi nts . Synta x show lre psd [ uni t / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Command Usage • [...]
-
Seite 750
VDSL C OMMAN DS 29-68 Related Commands lre psd-breakpoints (29-12) lre psd-frequen cies (29-13) lre psd-v alue (29-15) show lre psd-mas k-level This comma nd di spla ys t he pr edef ined PSD mask co nfig ured fo r an interface. Synta x show lre psd-mask-l ev el [ uni t / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an g[...]
-
Seite 751
D ISPLA YI N G VDSL I NFOR MATION 29-69 Command Usage • Use this comma nd witho ut th e inter face par ameter to display the pred efin ed PSD mask used fo r a ll VDSL po rts on t he sw itch, or w ith an interface to display it used for a specific port. •R e f e r t o Table 29-6, “PSD Mask Opti ons,” on page 29-17 for a list of the P SD mask[...]
-
Seite 752
VDSL C OMMAN DS 29-70 Example This example sho ws that the UPBO mask used for all upstr eam traffic . Related Commands lre pbo-config (29-18) show lre upbo This co mma nd sh ow s if upstream p o wer bac koff is e nabled or disa bled . Synta x show lre upbo [ un it / po rt ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : [...]
-
Seite 753
D ISPLA YI N G VDSL I NFOR MATION 29-71 transceiver will automatically con trol upstream power backoff based on defa ul t va lu es se t by th e DSP eng ine. Example This example sho ws that UPBO h as bee n enabled on P or t 1. Related Commands lre upbo (29-19) show lr e tone This com mand sho w s if VDS L si gna ls are en ab led o r d isab led at f[...]
-
Seite 754
VDSL C OMMAN DS 29-72 Related Commands lre tone (29-21) show lre interleave-ma x-delay This c ommand di spla ys the max im um int erlea ve-del ay t hat can b e use d for dow nstream and u pstream c han nels . Synta x show lre interleave-max- delay [ unit / po rt ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Co[...]
-
Seite 755
D ISPLA YI N G VDSL I NFOR MATION 29-73 show lre datarate Th is command displays the minimum and maximum data rate for dow nstream an d upstr eam fast or slo w (in terleav ed) c hannels . Synta x show lre interleave-del ay [ unit / por t ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged E[...]
-
Seite 756
VDSL C OMMAN DS 29-74 show lre noise-mgn Th is command displays the targ eted signal-to-no ise margin that VDSL por ts must achiev e to successf ully complete initializati on. Synta x show lre noise-mgn [ unit / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Command Usage ?[...]
-
Seite 757
D ISPLA YI N G VDSL I NFOR MATION 29-75 show lre rate-adapt ion Th is comm and shows if lin e rate adap tatio n which sets the optim al transmiss ion rate based on existin g line condition s is enabled or disabled. Synta x show lre rate-ad aption [ unit / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Comm[...]
-
Seite 758
VDSL C OMMAN DS 29-76 show lre config This co mmand sho ws th e VDSL co nf igurati on sett ing s for an i nterfa ce . Synta x show lre config [ unit / po rt ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Command Usage Use this c ommand w ithout th e interf ace para meter to sh ow[...]
-
Seite 759
D ISPLA YI N G VDSL I NFOR MATION 29-77 Related Commands lre apply (29-34) show lre line-profile Th is command displays a specified line profile wh ic h may be applied sele cted VD SL po rt s . Synta x sho w lre line-profi le [ profile-name ] pr ofil e-name – Name of the profile. (Rang e: 1-31 alphanumeric cha ra c te rs ) Command Mode Pri vile g[...]
-
Seite 760
VDSL C OMMAN DS 29-78 Related Commands line-profile (29-36) lre line-profile ( 29-37) show lre alarm-profile Th is command displays a specified alar m profile which may be applied sele cted VD SL po rt s . Synta x sho w lre alar m-pro file [ profi le -nam e ] pr ofil e-name – Name of the profile. (Rang e: 1-31 alphanumeric cha ra c te rs ) Comman[...]
-
Seite 761
D ISPLA YI N G VDSL I NFOR MATION 29-79 sho w lr e Th is command displays the com munication status of the V DSL line . Synta x sho w lre uni t / port • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Example Console#show lre 1/1 port 1 status : port enable (provisioned) port 1 status[...]
-
Seite 762
VDSL C OMMAN DS 29-80 show lre phys -info Th is command displays physical lay er infor m ation about the VDSL line. Synta x show lre ph ys-info unit / po rt • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Line Protect ion (Slow Path) The minimum level of impulse noise prote ction fo[...]
-
Seite 763
D ISPLA YI N G VDSL I NFOR MATION 29-81 Example show lr e rate -inf o Th is command displays rate infor matio n for the VDSL line. Synta x show lre ra te-info [ un it / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Console#show lre phys-i nfo 1/1 port 1/1 Phys info: Phys cu[...]
-
Seite 764
VDSL C OMMAN DS 29-82 Example show lr e perf Th is comm and displays pe rfor man c e infor m ation includ ing common error cond itio ns o ver pr edef ined inter v als for the V DSL lin e . Synta x sho w lre perf [ unit / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er . (R an ge : 1 -16 ) Command Mode Pri vile ged Ex ec Console[...]
-
Seite 765
D ISPLA YI N G VDSL I NFOR MATION 29-83 Command Usage Use this c omma nd witho ut the in terface parame ter to s ho w perf or ma nce in for mation f or all VDSL po r ts o n the sw itch, or wi th an interface to display this infor mation for a specific port. F or a description of t he displayed items , refer to the “ Alar m Profile Commands” on [...]
-
Seite 766
VDSL C OMMAN DS 29-84 Loss of power Number of second s during which there was loss of power Errored seconds N umber of seconds du ring which there was one or m ore CRC a nomalies, or on e or m ore Loss of Sig nal (LOS) or Loss of Framing (LOF) defects Severely errored seconds Number of second s containin g 18 or more CRC-8 anomalies , one or more L[...]
-
Seite 767
D ISPLA YI N G VDSL I NFOR MATION 29-85 Ethernet Tr ansmit Performanc e Counter s Frames Number of fram es (unicast, broadcast and multicast) transmitted. Bytes Number of bytes of da ta transmit ted onto the net work. This statis tic can be use d as a re asonabl e indic ation of E thern et utilization . Pause Fram es N umber of MAC Control fram es [...]
-
Seite 768
VDSL C OMMAN DS 29-86 CPE Con figur at ion This sec t i on de scr ibes operat io n and mai nt ena nce (O AM) fun cti ons f or rem ote customer premises equip ment (CPE), including upg rad ing fir mware. oam local clear counter Th is co mman d cl ears sta tisti cal da ta (in VDSL chip) for a specified VDSL por t. Command Mode Interf ace Conf i gur a[...]
-
Seite 769
CPE C ONFIGURATION 29-87 Example efm re mo te e ep ro m-w ri te This comma nd ena bles firmware u pg rade o n the CPE. Synta x efm remo te eeprom-write { ena ble | disabl e } Default Setting Disabled Command Mode Interf ace Conf i gur ation Example copy tftp firm ware This comma nd copi es BME fi r mware us ed for upgrading CPEs from a TFTP s er ve[...]
-
Seite 770
VDSL C OMMAN DS 29-88 Example This examp le s ho ws ho w to co py B ME fir mwa re fo r CPEs to a r ese r ved buffer o n the swit ch, copy this fir mware to a remot e CPE, and then activate the new fir m w are. Console#show cpe-info 1 /16 Protocol ID: Ikanos EOC Protocol Protocol Version - Majo r: 01 Protocol Version - Mino r: 01 Vendor ID (Value): [...]
-
Seite 771
CPE C ONFIGURATION 29-89 Console#configure Console(config)#interfa ce ethernet 1/16 Console(config-if)#oam remote upgrade firmware Console(config)#end Console#show cpe-info 1 /16 Protocol ID: Ikanos EOC Protocol Protocol Version - Majo r: 01 Protocol Version - Mino r: 01 Vendor ID (Value): ffffffff (HEX), -1 (DECIMAL ) Host Application Versio n: 7.[...]
-
Seite 772
VDSL C OMMAN DS 29-90 Related Commands oam remote upgr ade fir mware (page 29-90) oam remote firmware active (page 29-90) oam remote upgr ade firmware This com mand cop ies BME fir mw are t o th e CPE. Command Mode Interf ace Conf i gur ation Command Usage • BME i ndi cates the Burs t Mo de Eng in e used for di gital sig nal proce ssing. • Two [...]
-
Seite 773
CPE C ONFIGURATION 29-91 Command Usage • BME i ndi cates the Burs t Mo de Eng in e used for di gital sig nal proce ssing. • This command activate s the firmware version c urrently in inactive stat e. It ca n ther efore be us ed to acti vate the fi rmwa re version copied to the CPE by the oam remote upgrade firmware command (page 29-90). • Aft[...]
-
Seite 774
VDSL C OMMAN DS 29-92 Example Console#s how cpe-in fo 1/1 Protocol ID: Ika nos EOC P rotocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffff ffff (HEX) , -1 (DECI MAL) Host Appl ication Ve rsion: 7.2.5r7I K104012 BME Firmw are Versio n: Firmwa re-VTU-R:7 .2.5r7 Tim e May 19 2006, RTOS Nucl eus AFE Hardw are Versio [...]
-
Seite 775
30-1 C HAPTER 30 A DDRESS T ABLE C OMMANDS These comm ands are use d to conf igure the ad dre ss tabl e for fil tering spe cifi ed add resse s , dis pla yi ng current entri es , clear ing the tabl e, or set ting the agin g time. Table 30-1 Address Table Commands Command Function Mode Page mac-add ress-tab le static Ma ps a static addres s to a port[...]
-
Seite 776
A DDR ES S T AB LE C OMMA NDS 30-2 mac-ad dress- ta ble st atic Th is command map s a static ad dress to a destinatio n po rt in a VLAN . Use the no for m to remo v e an addres s . Synta x mac-address-ta ble static mac -address i nterface interface vlan vlan -id [ actio n ] no mac-address-ta ble static mac-address vlan vlan-id • mac-address - MAC[...]
-
Seite 777
CLEAR MAC - ADDR ES S - TAB LE DYNAM IC 30-3 • A st atic addr ess c annot be le arne d on anot her po rt u ntil th e add res s is removed w ith the no form o f this command. Example clear mac-address-table dynamic Th is command removes any lear ned entries from th e forwar ding dat abase and clea rs th e tra nsmi t an d re ceive coun ts fo r any [...]
-
Seite 778
A DDR ES S T AB LE C OMMA NDS 30-4 show mac-addres s-table Th is command shows classes of ent ries in the bridg e-forwarding database. Synta x sho w mac-address-ta ble [ addr ess mac-address [ mask ]] [ interf ace interfac e ] [ vlan vlan -i d ] [ sort { addr ess | vl an | interfa ce }] • mac-address - MAC a ddress. • mask - Bit s to matc h in [...]
-
Seite 779
MAC - ADDRESS - TAB LE AGING - TI ME 30-5 • T he maximum number of addr ess entries is 8191. Example ma c- add res s- ta ble agi ng -ti m e Th is comman d sets the aging time for entries in the addres s table. Use the no for m t o restor e the d efault a ging tim e . Synta x mac-address-ta ble aging-time se cond s no mac-address-ta ble aging-time[...]
-
Seite 780
A DDR ES S T AB LE C OMMA NDS 30-6 show mac-addres s-table aging-time Th is command shows the aging time for entries in the address table. Default Setting None Command Mode Pri vile ged Ex ec Example Console#show mac-addres s-table aging-time Aging time: 300 sec. Console#[...]
-
Seite 781
31-1 C HAPTER 31 S PANNING T REE C OMMANDS This sect ion i ncl udes co mmand s th at con fig ure th e Spann ing T r ee Alg ori thm (STA) globally for the sw itch, and c ommand s that co nfigure ST A fo r the select ed int erface . Table 31-1 Spanning Tree Command s Command Function Mode Page spanning-t ree En ables the spa nning tree prot ocol GC 3[...]
-
Seite 782
S PANNING T RE E C OMMANDS 31-2 revision C onfigures the revision nu mber for the multiple spann ing tree MST 31-14 max-hops Confi gures the m aximum nu mber of hops allowed in the region before a BPDU is discarded MST 31-14 spanning-t ree spanning -disabled Disable s spanning tre e for an interface IC 31-15 spanning -tree c ost Confi gures the spa[...]
-
Seite 783
S PANNI NG - TR EE 31-3 spanning- tree This com mand enabl es the Span ning T ree Algorithm glo bally for t he swit ch. Use t he no for m to disable it. Synta x [ no ] spanning-tree Default Setting Spannin g tree is enab led. Command Mode Glob al Conf igura tion Command Usage The Spa nning T ree Algorith m ( ST A) can be us ed to d etect and d isab[...]
-
Seite 784
S PANNING T RE E C OMMANDS 31-4 spanning- tree mode This com mand sele cts th e span nin g tr ee mode f o r th is swi tc h. Use t he no for m to restor e the defau lt. Synta x spanning-tree mode { stp | rs tp | ms tp } no spanning-tree mode • stp - Spanning Tree Protocol ( IEEE 802.1D) • rst p - Rapi d Span ning T ree Pro toco l (IE EE 802. 1w)[...]
-
Seite 785
S PANNING - TREE FO RW AR D - TI ME 31-5 restarts the migrat ion delay t imer and begins using RSTP BPDUs on th at por t. • Mu ltiple S pan ning Tr ee Prot ocol - To allow multiple s panning tre es to opera te over t he netwo rk, you must config ure a related set of bridges wit h the same MSTP configuration , allowing them to participate in a spe[...]
-
Seite 786
S PANNING T RE E C OMMANDS 31-6 Command Usa ge Th is command sets the maximum time (in seconds) th e root device will w ait before c hang ing s tates (i.e ., dis card ing to learnin g to forw ar din g). This dela y is required b ecause e v er y device m ust re cei v e infor mati on abou t topo log y chan ges before it s tarts to forwa rd fr ames . [...]
-
Seite 787
S PA N NING - TR EE MAX - AGE 31-7 Related Commands span ning-t ree f orward-time (31 -5) spanning-tree max-age (31-7) spanning- tree max-age This comman d c onfigu res t he sp anni ng tree brid ge maxim um age g lob ally for this switch. Use the no for m to res tore the d efault. Synta x spanning-tree max-age seconds no spanning-tree max-a ge seco[...]
-
Seite 788
S PANNING T RE E C OMMANDS 31-8 Related Commands span ning-t ree f orward-time (31 -5) span ning-t ree he llo-time (3 1-6 ) spanning- tree priority Th is command configure s the spanning tree prio rity globally for this swit ch. Use t he no for m to res tore the d efault. Synta x spanning-tree pri ority priority no spanning-tree priority priority -[...]
-
Seite 789
S PANNI NG - TR EE PATHCOST METHOD 31-9 spanning- tree pathcost method This comma nd con figures the path co st m ethod u sed fo r Rapid Sp anning T ree and Multip le Spanning T ree. Use the no for m to restore the default. Synta x spanning-tree pathcost method { long | short } no spanning-tree pathcost metho d • lon g - Specifies 32-bit based va[...]
-
Seite 790
S PANNING T RE E C OMMANDS 31-10 spanning-tree tr ansmission-limit This comman d confi gur es th e minim um inter v al bet w een th e tran smis sio n of co nsecu ti v e RSTP/ MSTP BPD Us . Use t he no for m to restor e the defa ult. Synta x spanning-tree transmi ssion- limit coun t no spanning-tree transmission-limit count - The transmissio n limit[...]
-
Seite 791
MST VLA N 31-11 Related Commands mst vlan (31-11) mst priority ( 31-12) name (31-13) revision (31-14) max-hops (31-14) mst vlan This comman d adds VLA Ns to a spann ing t ree i nsta nce . Us e the no fo r m to remove the specified VLANs . Using the no for m without a ny VLA N parame ters to re mo ve all VLANs . Synta x [ no ] mst instance_id vlan v[...]
-
Seite 792
S PANNING T RE E C OMMANDS 31-12 inst ance (on each b ridg e) with th e same set of VLA Ns. Also , note that RSTP treat s ea ch MSTI regi on as a singl e n ode, conn ecti ng a ll reg io ns to th e Common S pannin g Tree. Example mst priorit y This com mand co nfigure s th e pri ority of a spanni ng tree insta nce . Use t he no for m t o res tore th[...]
-
Seite 793
NAME 31-13 Example name Th is command configure s the name for the multiple spanning tree region in which this swit c h is loca ted. Use the no for m to cl ear t he nam e . Synta x name name name - Name of the spanning tr ee. Default Setting Switc h’ s MA C addr ess Command Mode MST Configuration Command Usage The MST regi on na me and re visio n[...]
-
Seite 794
S PANNING T RE E C OMMANDS 31-14 revisi on Th is command configure s the revision number for this multiple spann ing tree configuration of this switch. Use the no for m to res tore th e defau lt. Synta x revision numb er numb er - Revision number of the s panning tree. (Range: 0-65535) Default Setting 0 Command Mode MST Configuration Command Usage [...]
-
Seite 795
SP A N N IN G - TR EE S PANNI NG - DISAB LED 31-15 Default Setting 20 Command Mode MST Configuration Command Usage A n M S T I r e g i o n i s t r e a t e d a s a s i n g l e n o d e b y t h e S T P a n d R S T P prot ocol s . T here fore, th e messag e ag e for BPDUs i nside a n MSTI region is nev er changed. Ho we v er , each span ning tree insta[...]
-
Seite 796
S PANNING T RE E C OMMANDS 31-16 Example Th is exa mple d isabl es the spanni ng tre e alg orith m for po rt 5. spanning- tree cost This com mand con fig ures the span nin g tre e path cost fo r th e spec ified interface. Use the no form to r est ore the defau lt auto -co nfi gura tion mo de . Synta x spanning-tree cost cost no spanning-tree cost c[...]
-
Seite 797
S PANNING - TR EE COST 31-17 Default Setting By defaul t, the s yst em aut oma tica lly de te cts the s peed and d upl ex mode used on e ac h p ort, and co nfig ures the path cost acco rdin g to the v alues s h o w n b e l o w . P a t h c o s t “ 0 ” i s u s e d t o i n d i c a t e a u t o - c o n f i g u r a t i o n mode. W hen the s ho rt p a[...]
-
Seite 798
S PANNING T RE E C OMMANDS 31-18 spanning- tree port-pr iority This comma nd con figures the pr iorit y for t he spec ified i nterfac e . Use t he no for m t o res tore th e defau lt. Synta x spanning-tree por t-priority priority no spanning-tree por t-priority prio rit y - T he pr iority for a p or t. (Range: 0-240, in steps o f 16) Default Settin[...]
-
Seite 799
SP A N N IN G - TR EE POR TFAST 31-19 Default Setting Disabled Command Mode Inte rface C onfigu ration (E ther ne t, P or t Chan nel) Command Usage • You can enable this op tion if an i nterface i s att ached t o a LAN segmen t th at is at the en d of a brid ged LA N or t o an end no de. Si nce end no des c ann ot c ause forwar ding loop s, t hey[...]
-
Seite 800
S PANNING T RE E C OMMANDS 31-20 Command Mode Inte rface Co nf igur atio n (E thernet, P or t Ch annel ) Command Usage • T hi s comman d is used to enabl e/dis able the fast spann ing-t ree mode for the se lected port. In this mo de, ports skip th e Discardin g and Learni ng st ates, a nd procee d st raight to Forw ardin g. • Since end- node s [...]
-
Seite 801
S PA N NING - TR EE LINK - TYPE 31-21 spanning- tree link-type This comma nd conf igures the l ink type fo r Rapid Sp annin g T ree a nd Multiple Spann ing T ree. Use the no for m to res tore the d efault. Synta x spanning-tree link-type { auto | point-to-point | shared } no spanning-tree link-type • auto - Automatic ally der ived from th e duple[...]
-
Seite 802
S PANNING T RE E C OMMANDS 31-22 spanning- tree mst cost This com mand con fig ures t he pat h co st on a spann ing inst ance i n the Multiple Spann ing T ree. Use the no for m to res tore the d efault auto-con figur ation mod e . Synta x spanning-tree mst instance_id cost cost no spanning-tree mst instance_id cost • instance_id - Ins tance ident[...]
-
Seite 803
S PANNI NG - TR EE MS T POR T - PRIO RITY 31-23 should be assig ned to int erfaces atta ched t o fast er m edia, an d hi gher values as signe d to interfa ces wit h sl ower media. •U s e t h e no spa nning-tree mst cost comman d to specify auto -con figura tion m ode. • Path cost takes p recede nce ove r int erface prio rity. Example Related Co[...]
-
Seite 804
S PANNING T RE E C OMMANDS 31-24 Wher e mor e than one interfa ce is assi gned t he hi gh est p riori ty, th e interface with lowes t numeric identifier w ill be enabled. Example Related Commands spanning-tree mst cost (31-22) spanning-tree pr otocol-migration This co mma nd re-c hec ks the ap propr iate BPDU for mat to se nd on the sele cted in te[...]
-
Seite 805
SHOW S PANNI NG - TR EE 31-25 Example show s pann ing-tre e This co mmand sh ow s th e conf igur atio n for th e c ommon span nin g tr ee (CST) or for an instanc e within the m ultiple sp anning tree (MST) . Synta x show spanni ng-tree [ interface | mst instance_id ] • interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P[...]
-
Seite 806
S PANNING T RE E C OMMANDS 31-26 descripti on of the item s displayed for specific interfaces, see “Di splay in g In terfac e Sett ing s” on page 12 -13. Example Console#show spanning-t ree Spanning-tree informati on ----------------------- ------------------------------------ ---- Spanning tree mode: MSTP Spanning tree enable/d isable: enable [...]
-
Seite 807
SHOW S PANNING - TR E E MST CONFIGURATION 31-27 show spann ing-tree mst config uration Th is command shows the con figuration of the multiple spannin g tree. Command Mode Pri vile ged Ex ec Example Console#show spanning-t ree mst configuration Mstp Configuration Information ----------------------- ------------------------------------ --- Configurat[...]
-
Seite 808
S PANNING T RE E C OMMANDS 31-28[...]
-
Seite 809
32-1 C HAPTER 32 VLAN C OMMANDS A VLAN is a g r oup of po r ts that can be locate d anywh ere in the network, but comm unicat e a s thoug h th ey bel ong t o th e sam e ph ysical seg ment. This sect ion de scr ibes co mma nds u sed t o creat e VLAN groups , ad d p ort memb ers , specify h ow VLA N tag ging i s use d, an d enabl e auto matic VLAN re[...]
-
Seite 810
VLAN C OMMANDS 32-2 GVRP and Br idge Extension Commands GARP V LAN Registra tion Pr otoc ol defi nes a way for swit ches to ex c hang e VLAN info r mation in order to automatically registe r VLAN memb ers on inte rface s a cross the netw ork. This secti on de scr ibes h ow to enable GVRP for individual interfaces and globally for the switch, as wel[...]
-
Seite 811
GVRP AND B RIDGE E XTENSION C OMMAN DS 32-3 Command Usage GVRP define s a wa y for switches to exc hange VLAN info r mat ion in order to reg ister VL AN membe rs on p or ts ac ross the net w ork. T his functio n should be enab led to pe r mit a utomatic VLA N registra tion, and to supp or t VLAN s which e xtend b eyond the loca l swit c h. Example [...]
-
Seite 812
VLAN C OMMANDS 32-4 swit ch port gvr p This comma nd ena bles GVRP for a p ort. Use the no for m to disable it. Synta x [ no ] s w i t c h p o rt g v rp Default Setting Disabled Command Mode Inte rface Co nf igur atio n (E thernet, P or t Ch annel ) Example show gvrp configuration Th is command shows if GVRP is enabled. Synta x show gvr p configura[...]
-
Seite 813
GVRP AND B RIDGE E XTENSION C OMMAN DS 32-5 garp timer Th is command sets th e v alues for the joi n, leav e and leav ea ll timers . Us e the no for m to r estor e the time rs’ default values . Synta x gar p timer { jo in | le ave | leave all } timer_value no gar p timer { join | leav e | lea v ea ll } •{ join | leave | leavea ll } - Timer to s[...]
-
Seite 814
VLAN C OMMANDS 32-6 Example Related Commands show g arp timer (32-6) show garp timer This com mand sho ws the G ARP tim ers f or the s elec ted int er face . Synta x sho w gar p timer [ in te r fa ce ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Ran[...]
-
Seite 815
E DI TIN G VLA N G RO UP S 32-7 Editing VL AN Groups vlan database Th is command ente rs VLAN database mode . All commands in this mode will take effect immediately . Default Setting None Command Mode Glob al Conf igura tion Command Usage • Use the V LAN dat abas e com mand mo de to add, change, and d elet e VLANs . After finishing co nfiguration[...]
-
Seite 816
VLAN C OMMANDS 32-8 vlan This command con figures a VLAN . Use the no for m to restore the default settings or delete a VLAN . Synta x vlan vlan-id [ name vlan -name ] media ether net [ state { ac t iv e | sus pen d }] no vlan vla n-i d [ name | state ] • vlan - id - ID of configured VLAN. (Range: 1-4093, no leading zer oes) • name - Keyw ord t[...]
-
Seite 817
C ONFIGURING VLAN I NTERFACES 32-9 Related Commands show vlan (32-16) Configur ing VLAN Interf aces interface vlan This com mand ent er s inte rface co nfig uration mode for VLANs, whic h is used to co nfigur e VLA N par amete rs for a ph ysical inte rface . Synta x interface vlan vlan- id vlan-i d - ID of the configured VLAN . ( Ran g e: 1- 4093, [...]
-
Seite 818
VLAN C OMMANDS 32-10 Default Setting None Command Mode Glob al Conf igura tion Example Th e followi ng examp le shows how to se t the inte rfac e configu ratio n mode to VLAN 1, and then a ssign an IP add ress to the VLAN: Related Commands shutdown (25-10) switch port mode This com mand con fig ures t he VL AN mem bers hip mode for a p ort. Use the[...]
-
Seite 819
C ONFIGURING VLAN I NTERFACES 32-11 Example Th e fo llowing shows how to se t the c onfigu rat ion mod e to por t 1, an d then set the s witchpo rt mo de to h ybrid: Related Commands switchpor t acceptable-frame-types (32-11) switch port acceptab le-frame- types This com mand con fig ures t he accept able fra me ty pe s for a port. Use t he no for [...]
-
Seite 820
VLAN C OMMANDS 32-12 Related Commands switchpor t mode (32-1 0) switchport ingress-filter ing Th is command enables ing ress filt ering for an int erface . Us e th e no for m to resto re the default . Synta x [ no ] s witchpor t ing ress-filtering Default Setting Disabled Command Mode Inte rface Co nf igur atio n (E thernet, P or t Ch annel ) Comma[...]
-
Seite 821
C ONFIGURING VLAN I NTERFACES 32-13 switchport native vlan Th is comm and configur es the P VID (i. e ., defaul t VLAN ID ) for a por t. Use the no for m to restore the default. Synta x s witchpor t nati ve vlan vlan- id no s witchpor t nativ e vlan vlan-i d - Default VLAN ID fo r a port. (Rang e: 1-4 093, no lead ing zero es) Default Setting VLAN [...]
-
Seite 822
VLAN C OMMANDS 32-14 switchport allowed vlan This com mand con fig ures VLA N g roup s on the s electe d in terface . Use the no for m to re store th e default. Synta x s witchpor t allo w ed vlan { add vlan - list [ tagged | untagged ] | rem ov e vlan- list } no s witchpor t allo wed vl an • add vlan- list - List o f VLAN ident ifiers to add. ?[...]
-
Seite 823
C ONFIGURING VLAN I NTERFACES 32-15 • I f a VLAN o n the forbidden list fo r an interface is manually added to that in terface , the VLA N is autom atically rem oved from the forbidden list for th at interface. Example The following example sho ws ho w to add VLANs 1, 2, 5 and 6 to the allowe d list as tag ge d VLANs for por t 1: switchport forbi[...]
-
Seite 824
VLAN C OMMANDS 32-16 Example Th e fo llowing exa mpl e shows how to prevent p or t 1 fr om be ing ad ded to VLAN 3: Displaying VLAN I nformation Th is section d escribes c ommands used to dis play VLAN infor mation. sho w vla n Th is comm and shows VL AN infor matio n. Synta x sho w vlan [ id vlan -id | name vl an-name ] • id - Key word t o be fo[...]
-
Seite 825
C ONFIGURING P RI VATE VLAN S 32-17 Example Th e fo llowing exa mpl e shows ho w to display infor mati on fo r VLA N 1: Configur ing Private VLA Ns Pri vate VLA Ns pr o vide port-based securit y and iso lati on be tw een p orts with in t he as sign ed VLA N . This sect ion de scr ibes comm ands u s ed t o config ure private Vl ANs . pvlan This comm[...]
-
Seite 826
VLAN C OMMANDS 32-18 Default Setting No pri v ate VLANs are defined. No default g r oup exists . Command Mode Glob al Conf igura tion Command Usage • A private VLA N pr ovide s por t-bas ed sec urity an d isol atio n bet we en ports wit hin the VLAN . Data traf fic o n th e d ownli nk port s ca n on ly be forw ard ed to , and f rom, the uplin k p[...]
-
Seite 827
C ONFIGURING P RI VATE VLAN S 32-19 sho w pvl an This com mand disp la ys t he co nfigure d p ri va t e VL AN . Command Mode Pri vile ged Ex ec Example This examp le s hows the infor matio n di spla ye d when n o group is d efined. This examp le s ho ws the infor matio n di spla ye d a group is defined. Console(config)#pvlan Console(config)#pvlan u[...]
-
Seite 828
VLAN C OMMANDS 32-20 Configuring P rotocol-based VLANs The ne tw ork dev ice s re quir ed to supp ort mu lti pl e pr otoc ols canno t be easily g rouped into a common VL AN . This may require non-stan dard devices to pass traffic betw een diff erent VL ANs in order to en com pass all the devices particip ating in a spec ific protoc ol. This kind of[...]
-
Seite 829
C ONFIGURING P RO T O CO L - BA SE D VLAN S 32-21 3. Then map t he pro toco l for eac h interfac e to th e appr opri ate VLA N using t he protocol-vlan protocol-gr oup com mand (Int erface Configuration m ode). protocol-vlan prot ocol-group (Configuring Groups) This co mma nd crea tes a prot ocol group , or t o add sp ecific prot ocol s to a gr o u[...]
-
Seite 830
VLAN C OMMANDS 32-22 protocol-vlan prot ocol-group (Configuring Interfaces) Th is comm and maps a pr otoc ol g r oup to a VLAN for the c ur ren t interface. Use the no for m to remove the prot ocol map ping for th is interface. Synta x protoco l-vlan prot ocol-gr oup gr oup-id vlan vl an-id no protoc ol-vlan protocol-g roup gr oup-id vlan • group[...]
-
Seite 831
C ONFIGURING P RO T O CO L - BA SE D VLAN S 32-23 Example Th e following ex ample maps th e traffi c enter ing P or t 1 which matches th e prot ocol type s pecif ied in protoc ol g ro up 1 to V LAN 2 . show protocol-vlan protocol- group Th is comm an d shows the fra me a nd pro toco l typ e as sociat ed wit h prot ocol g r oups. Synta x sho w p rot[...]
-
Seite 832
VLAN C OMMANDS 32-24 show interfaces protoc ol-vlan prot ocol-group Th is comm and shows the mapping from pr otoc ol g rou ps to VL ANs f or the se lect ed i nterfa ces . Synta x sho w i nt erface s prot oc ol-v lan p roto col -group [ inte rface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an [...]
-
Seite 833
C ONFIGURING IEE E 80 2.1Q T UNNELING 32-25 Configur ing IEEE 802.1Q Tunneling QinQ tunneling uses a single Ser vice Provider VLAN (SPVLAN) for cust ome rs who ha v e mult iple V LANs . Cus tomer VL AN I Ds are p reserved and tra ffic from diffe rent custom ers is segreg ated w ithi n th e ser vice pro vid er’ s net w ork e v en w hen the y use t[...]
-
Seite 834
VLAN C OMMANDS 32-26 5. Config ure t he Qin Q tu nnel p ort to joi n t he SPVLAN as a n unt ag ged member ( switchport allowed vlan , page 32-14). 6. Conf igure the SPVLAN ID as the native VID o n the Qi nQ tunne l por t ( switchport native vlan , page 32-1 3). 7. Conf igure th e QinQ upl ink po rt to join th e SPV LAN as a tag g ed member ( switch[...]
-
Seite 835
C ONFIGURING IEE E 80 2.1Q T UNNELING 32-27 • T he packet must have a standard ethertype value of 0x8100 for this comma nd to ta ke effect. Otherwi se, the p riority bits in the ou ter tag are set to z ero. • U sing a fixed priority le vel for all customer traffic allow s the service provide r to more easily calculate the resources required to [...]
-
Seite 836
VLAN C OMMANDS 32-28 to t he s ervice pr ovide r’ s out er ta g. The T ag Pro t ocol I den tifie r ( TPID) of the tunne l por t is us ed for th e oute r tag . T he default is for the standard ethe r type v alue 0x8100, but may b e chan ge d to a non-s ta ndard v a lue usi ng the s witchpo r t dot1q-ether type command (pag e 32-29). The tunnel por[...]
-
Seite 837
C ONFIGURING IEE E 80 2.1Q T UNNELING 32-29 switchport dot1q-ethertype This comma nd set s the T ag Prot ocol I denti fier (TPID) v alu e of a tu nnel port. U se the no for m to res tore the d efault s ettin g . Synta x s witchpor t dot1q-ether type tpi d no s witchpor t dot1q-ether type tp i d – Set s the e the rtype v alue for 80 2.1Q en caps u[...]
-
Seite 838
VLAN C OMMANDS 32-30 Example Related Commands show interfa ces sw itchpor t (page 25-16) Configur ing VLAN Swapping QinQ t unne lin g uses do uble taggi ng t o pre serve t he cus tomer’ s VL AN tags on tr affic c ro ssing the se rvice p rov ider’s netw ork. Howeve r, i f any swit ch in t he p ath cr ossi ng the s ervic e provi der’ s net work[...]
-
Seite 839
C ONFIGURING VLAN S WAP P IN G 32-31 uplink po r t (using t he co mmand para meter s – input VLA N ID , output VLAN ID , and uplink inte rface). 3. Enter Inter face Co nfigura tion mod e for the upli nk port, and m ap the ser vice pro vide r’ s VLA N ID to t he custo mer’ s V LAN I D for traffic forwarded to the down link por t (u sing the co[...]
-
Seite 840
VLAN C OMMANDS 32-32 • VLAN swap pin g on ly su ppor ts o ne-t o- one ma ppi ng of VLA N IDs between a VDSL p ort and a n uplink port . • VLA N IDs must be ma pped for bot h th e upst ream and do wnst rea m direc tion. • T he maximum numbe r of VLAN swap ent ries is 64 per port groups 1-8, 9-16, 17, and 18. However, note that configuring a la[...]
-
Seite 841
C ONFIGURING VLAN S WAP P IN G 32-33 Example Console#show vlan swap vlan-swap enable ethernet 1/1 invlan outvlan outport 1 100 1/18 ethernet 1/18 invlan outvlan outport 100 1 1/1 Console#[...]
-
Seite 842
VLAN C OMMANDS 32-34[...]
-
Seite 843
33-1 C HAPTER 33 C LASS OF S ERVICE C OMMAND S Th e commands desc ribed in this sect ion allow y ou to specify wh ich data pac ke ts h av e g reater pre cede nce wh en traffi c is b uffered i n t he swi tc h due to c ong estio n. T his swit c h suppor ts Co S wi th eig ht p riority q ueues for each port. Data packets in a por t’ s high-priority q[...]
-
Seite 844
C LASS OF S ER VICE C OMMA NDS 33-2 priority bit s This command sets the prio rity bits in the VLA N tag of p ack ets s ent b y the CP U . Use the no for m to res tore th e d efault v alue . Synta x [ no ] priority bits Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage Whe n prio ri ty bit s ar e us ed in p ack et s sen t [...]
-
Seite 845
P RIORI TY C OMMANDS (L AYER 2) 33-3 Levels,” on page 33-8 for information on how CoS values are mapped to th e ou tput queu es. Example queue mode Th is comman d sets the queue mod e to stric t priority , W eighted R o und-R obin (WR R), or a c ombi nati on of bo th fo r the clas s of s er vice (CoS) priority queue s . Us e the no fo r m to res [...]
-
Seite 846
C LASS OF S ER VICE C OMMA NDS 33-4 • Weighted Roun d-Robin (WRR) specifi es a relati ve weig ht of each queue t hat dete rmi nes the percen tag e of se rvice t ime th e swit ch servi ces eac h queue bef ore movi ng on to t he next queue. This prevent s t he head -of-line b lockin g th at can occur with s trict prior ity queuing. • H y brid mod[...]
-
Seite 847
P RIORI TY C OMMANDS (L AYER 2) 33-5 Related Commands priority bits (33-2) priority ipv6 (33 -17) show q ueue mode This com mand sho ws the cu rrent queu e mod e. Default Setting None Command Mode Pri vile ged Ex ec Example switchport priority default This com mand sets a p rior ity for i ncomi ng un tag ged frames . Use the no for m to restore the[...]
-
Seite 848
C LASS OF S ER VICE C OMMA NDS 33-6 Command Usage • T he p receden ce for pr iorit y map ping is IP Port, IP Prece dence o r IP DSC P, an d defa ult s witch port priorit y. • The default p riority applie s for an untagg ed frame r eceiv ed on a port set to a ccep t all frame type s (i.e, r eceives bo th unta gged and tagged frames). This priori[...]
-
Seite 849
P RIORI TY C OMMANDS (L AYER 2) 33-7 queue bandwidth Th is comm and assign s weight ed rou nd-rob in (WRR) weight s to the eight cla ss of ser vice ( CoS) prio rit y queues , or s peci fies a h igh -pri ority q ueue when t he queu e mod e is set to h ybrid. Us e the no for m to restore the defa ult weigh ts . Synta x queue bandwidth weig ht 1. ..we[...]
-
Seite 850
C LASS OF S ER VICE C OMMA NDS 33-8 Example This ex ample assig n WRR weig hts t o p riori ty qu eues 0-5, and str ict p rior ity to queues 6 and 7: Related Commands queue mode (33-3) sho w q ueue ban dwid th ( 33-9) queue cos-map Th is comm and assign s class of ser vice (Co S) values to the priori ty queues (i.e., hardware out put queues 0 - 7). [...]
-
Seite 851
P RIORI TY C OMMANDS (L AYER 2) 33-9 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Chan nel) Command Usage CoS values assig ned at th e ingre ss po rt are als o used at the eg ress por t. This c ommand set s the Co S priority for all interf aces. Example Th e fo llowing exa mpl e shows how to chang e th e Co S assign ment s to a one-[...]
-
Seite 852
C LASS OF S ER VICE C OMMA NDS 33-10 Example show queue cos-map This co mma nd sh ow s th e cla ss of ser vice pri or ity map . Synta x show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Range: 1-12) Default Setting None Co[...]
-
Seite 853
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-11 Priorit y Commands (Layer 3 and 4) This sect ion de scri bes co mmand s used to c onfigu re La yer 3 and La yer 4 traf fic prio rity on t he sw itch. Table 33-4 Priori ty Comma nds (Layer 3 and 4) Command Function Mode Page map ip port Enables TCP/UD P class of service mappi ng GC 33 -12 map ip port Map[...]
-
Seite 854
C LASS OF S ER VICE C OMMA NDS 33-12 map ip port (G lobal Configuration) Th is command enables IP por t mapping (i.e., class of se r v ice mapp ing for TCP/UDP soc k ets). Us e th e no f o rm t o di s a b l e I P po rt m ap pi n g . Synta x [ no ] map ip por t Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage Th e p rece d[...]
-
Seite 855
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-13 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Chan nel) Command Usage • T he p receden ce for pr iorit y map ping is IP Port, IP Prece dence o r IP DSC P, an d defa ult s witch port priorit y. • Up to 8 entr ies can be sp ecifie d for I P Port prio rity mappi ng. • This command sets[...]
-
Seite 856
C LASS OF S ER VICE C OMMA NDS 33-14 Example The follo wing ex ample sho ws h o w t o ena ble I P prec eden ce ma ppi ng globally: map ip precedence (Interface Configuration) This command sets IP pre cedenc e priori ty (i.e ., IP T ype o f Ser vice pri or ity ). U se t he no for m to res tore the default table . Synta x map ip precedence ip-pr eced[...]
-
Seite 857
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-15 Example Th e fo llowing exa mple shows how to map IP prec edenc e value 1 to C oS va l u e 0 : map ip dscp (Global Configuration) Th is command enables IP DSCP mapp ing (i.e., Differentiated Ser vices Code P oint mapping). Us e the no for m to disable IP DSCP map ping . Synta x [ no ] map ip dscp Defaul[...]
-
Seite 858
C LASS OF S ER VICE C OMMA NDS 33-16 map ip dscp (Interface Configuration) Th is command sets IP D SCP priority (i.e ., Differentiated Ser vices Code P oin t priority). Use the no form to re stor e the defa ul t tab le . Synta x map ip dscp dscp- val ue cos cos- value no map ip dscp • dscp-va lue - DSCP value. (Range: 0-63) • cos- val ue - Clas[...]
-
Seite 859
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-17 Example The follo wing exam ple sho ws h o w to map IP DSCP v alue 1 to Co S v alue 0: priority ipv6 This comma nd assi gns IPv6 tra ffic cla sses t o one of the Cl ass-of -Service v alues . Us e the no for m to rest ore t he defau lt sett ing . Synta x pr iori ty ip v6 in terface traffic-cl ass co s- v[...]
-
Seite 860
C LASS OF S ER VICE C OMMA NDS 33-18 Example The follo wing example maps the T raffic Cla ss v alue of 1 to CoS v alue 0: show ma p ip port Th is comm and shows the IP por t pr iority ma p . Synta x show map ip por t [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • p[...]
-
Seite 861
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-19 show map ip precedence This com mand sho ws the I P pr eceden ce pr iori ty ma p . Synta x show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Range: 1-12) Default Setting No[...]
-
Seite 862
C LASS OF S ER VICE C OMMA NDS 33-20 show map ip ds cp Th is command shows the IP DSCP prio rity map . Synta x show map ip dscp [ inte rface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Range: 1-12) Default Setting None Command Mode Pri vile ged Ex[...]
-
Seite 863
34-1 C HAPTER 34 Q UALITY OF S ERVICE C OMMANDS Th e commands describe d in this section are use d to configure Differ entiat ed Ser vices ( DiffSer v) class ificat ion crit eria and s er vice polici es . Y ou ca n class ify t raffi c base d on a ccess lists , IP Pre cede nce or DSCP v alues , o r VLANs . Using access lists allows you select traffi[...]
-
Seite 864
Q UALITY OF S ER VI CE C OMMANDS 34-2 T o cre ate a ser vice poli cy for a spec ific cat ego r y of ingress tra ffic , follo w thes e st ep s: 1. Use the class-map com m and t o d esi gnat e a clas s n am e fo r a sp eci fi c cate g ory of traffi c , a nd enter the C lass Map conf igurat ion m ode . 2. Use the match command t o se lect a s pecif y [...]
-
Seite 865
CLASS - MAP 34-3 Notes: 1. You ca n con figure up to 16 rules per C lass Map. Y ou can also include multiple cl asses in a Policy Map. 2. You sh ould cre ate a Class Ma p (page 34-3) before crea ting a Policy Map (p age 34-6). Othe rwise, you will no t be able to spe cify a Clas s Map wit h th e class c ommand (page 34-7) after entering Polic y-Map[...]
-
Seite 866
Q UALITY OF S ER VI CE C OMMANDS 34-4 • T he cl ass map i s used with a po licy ma p (pag e 34-6) to create a service poli cy (page 34-1 0) fo r a sp ecific interf ace th at defines packet class ific ation , servic e tag ging, a nd bandw idt h policing . Example This exam ple cre at es a clas s m ap ca ll “ rd_cl ass , ” and se ts it to ma tc[...]
-
Seite 867
MATC H 34-5 comman d to sp ecify the fi elds withi n ingr ess packets t ha t must ma tch to qualif y for t his class map. • On ly one match command can be enter ed per clas s map . • T he c lass map uses the A ccess Cont rol List f ilter ing engin e, s o you must also se t an ACL mask t o enable filtering for the c riteria specified in the matc[...]
-
Seite 868
Q UALITY OF S ER VI CE C OMMANDS 34-6 policy-map This com mand create s a pol icy map that ca n be attac hed to m ultiple inte rface s , and enters P olicy Map co nfigur atio n mod e . Use th e no for m to delete a polic y map an d return to Global co nfigur ation mode . Synta x [ no ] policy-map polic y-map-n ame policy-map -name - Name of the pol[...]
-
Seite 869
CLASS 34-7 class This command defines a traffic classifi cati on upo n whic h a policy can act , and e nters P olicy Map Cl ass confi gurati on mod e . Use th e no for m to delete a class map an d retu r n to P o licy Map co nf iguration mode . Synta x [ no ] class class-map-n ame class-ma p-na me - Name of the class map . (Ran ge : 1-16 c harac te[...]
-
Seite 870
Q UALITY OF S ER VI CE C OMMANDS 34-8 Example This exam ple cre at es a p olicy called “r d_pol ic y , ” use s the class co mmand to sp ecify the p revio usly de fined “rd_ clas s , ” uses t he set c ommand to classify th e ser vice that incoming p ac kets will receiv e, and then uses the police command to limit the av erage bandwidth to 10[...]
-
Seite 871
POLICE 34-9 police command to limit the av erage bandwidth to 100,000 Kbps , the burst rate to 152 2 bytes , an d conf igure the re spo nse to dr op any viola ting packet s . police Th is co mmand defi nes an polic er fo r cl assif ied traf fic . U se th e no for m to remove a police r . Synta x [ no ] polic e rate-kbps burst-byt e [ exceed-actio n[...]
-
Seite 872
Q UALITY OF S ER VI CE C OMMANDS 34-10 Example This exam ple cre at es a p olicy called “r d_pol ic y , ” use s the class co mmand to sp ecify the p revio usly de fined “rd_ clas s , ” uses t he set c ommand to classify th e ser vice that incoming p ac kets will receiv e, and then uses the police command to limit the av erage bandwidth to 1[...]
-
Seite 873
SHOW CLASS - MAP 34-11 Example Th is example applie s a ser vic e policy to an ing ress in terface. show class- map Th is command displays the QoS class maps wh ich define matching criteria used for clas sifying traffic . Synta x sho w class-map [ class- map-name ] class-ma p-na me - Name of the class map . (Ran ge : 1-16 c harac ters) Default Sett[...]
-
Seite 874
Q UALITY OF S ER VI CE C OMMANDS 34-12 sho w poli cy-ma p Th is command dis plays the QoS policy maps wh ic h define class ification criteria for inco ming traffic , and may include policer s for bandwidth limitation s . Synta x show po licy-map [ polic y -map-name [ class clas s-map- name ]] • policy-map-name - Na me of th e pol icy m ap. ( Ran [...]
-
Seite 875
SHOW POLIC Y - MAP IN TE R FA C E 34-13 Command Mode Pri vile ged Ex ec Example Console#show policy-map interface ethernet 1/5 Service-policy rd_polic y input Console#[...]
-
Seite 876
Q UALITY OF S ER VI CE C OMMANDS 34-14[...]
-
Seite 877
35-1 C HAPTER 35 M ULTICAST F ILTERING C OMMANDS Th is switch uses IGMP ( Inte rn et Gro up Man ag ement P rotoc ol) to q uer y for an y attac hed hosts that w ant to rece i v e a s pecif ic m ulti cast ser vice . I t ident ifi es the po r ts cont ainin g ho sts requ esting a se r vice a nd sen ds da ta out to t hose po rts only . It th en pro pa g[...]
-
Seite 878
M ULTICAST F ILTERING C OMMAN DS 35-2 IGMP Snooping Comm ands This sect ion descr ibes com mand s used to c onfi gure I GMP s noo pin g on the s witch . ip igmp snooping Th is command enables IG MP snoopin g on this switch. Use the no for m to d isable it. Synta x [ no ] ip igmp snooping Default Setting Ena bled Command Mode Glob al Conf igura tion[...]
-
Seite 879
IGM P S NOOPING C OMMAN DS 35-3 Example The follo wing ex ample ena bles I GMP s noop ing . ip igmp snooping vlan static Th is command adds a por t to a m ulticast g roup . Use the no for m to remo v e the po rt. Synta x [ no ] ip igmp snooping vlan vlan -id static ip-ad dr ess interface • vlan - id - VLAN ID (Range: 1-4093 ) • ip-address - IP [...]
-
Seite 880
M ULTICAST F ILTERING C OMMAN DS 35-4 ip igmp snooping version This com mand config ures t he IG MP sno oping v ers ion. U se th e no for m to resto re the default . Synta x ip ig mp sn oo ping v ersion { 1 | 2 | 3 } no ip igmp snooping versio n • 1 - IGMP Version 1 • 2 - IGMP Version 2 • 3 - IGMP Version 3 Default Setting IGMP V ers ion 2 Co[...]
-
Seite 881
IGM P S NOOPING C OMMAN DS 35-5 ip igmp snooping im mediate-leave Th is command immediately dele tes a member por t of a multicast ser v ice if a leav e packet is receiv ed at that port and immediate-leav e is enabled for the p arent VLAN . Use the no for m to restore the default. Synta x ip ig mp sno oping immed iate -lea v e no ip igmp snooping i[...]
-
Seite 882
M ULTICAST F ILTERING C OMMAN DS 35-6 show ip igmp snooping Th is comm and shows the IG MP sn oopin g config ura tion. Default Setting None Command Mode Pri vile ged Ex ec Command Usage See “Con figu ring IGMP Sn oo ping a nd Que ry P aramet ers ” on pag e 16 -4 fo r a d escr iption o f th e disp layed ite ms . Example Th e fo llowing shows the[...]
-
Seite 883
IGM P Q UER Y C OMMAN DS 35-7 Command Mode Pri vile ged Ex ec Command Usage Mem ber t ype s d isp la yed i nc lude I GMP o r USE R, d epend ing on sel ected opt ion s . Example Th e following shows the multic ast entries lear ned through IGMP snoo ping for VLAN 1: IGMP Query Co mmands This sect ion de scr ibes co mmand s u sed t o conf igure L a ye[...]
-
Seite 884
M ULTICAST F ILTERING C OMMAN DS 35-8 ip igmp snooping q uerier This com mand enab les the sw itc h as an IGMP qu erier . Use th e no for m to dis able i t. Synta x [ no ] ip igmp snooping querier Default Setting Ena bled Command Mode Glob al Conf igura tion Command Usa ge If enabled, the sw itch will ser ve as querier if elected. T he querier is r[...]
-
Seite 885
IGM P Q UER Y C OMMAN DS 35-9 Command Usage Th e qu er y count d efine s how lon g the quer ier waits fo r a re spon se from a multica st clie nt bef ore takin g ac tion. I f a que rier has sent a n umbe r of q ueri es d efi ne d b y thi s com man d, bu t a c li ent h as not respo nded, a c ountdown tim er is sta rt ed usin g the time define d by i[...]
-
Seite 886
M ULTICAST F ILTERING C OMMAN DS 35-10 ip igmp snooping q uery-max-response-time This com mand con fig ures the query repor t del a y . Use th e no for m to restor e the d efault. Synta x ip igmp snooping quer y-max-response-time seconds no ip igmp snooping quer y -max-response-time seconds - T he report del ay a dv ertised in IGM P quer ies . (Ran[...]
-
Seite 887
IGM P Q UER Y C OMMAN DS 35-11 ip i gmp sno op in g rou ter- po rt- exp ire -ti me This com mand confi gures the query tim eout . Use the no for m to resto re the d efaul t. Synta x ip ig mp snoo ping route r -p or t-e xpi re-t ime seconds no ip igmp snooping r outer-por t-expire-time seconds - T he time the switch waits afte r the pre vious querie[...]
-
Seite 888
M ULTICAST F ILTERING C OMMAN DS 35-12 Static Multicast Routing Commands Th is section d escribes commands used to configure static multicast routing on the switch. ip igmp snooping vlan m router Th is command statically config ures a m ulticast router po rt . Use the no for m to remove the con figurat ion. Synta x [ no ] ip igmp snooping vlan vlan[...]
-
Seite 889
S TATI C M ULTICAST R OUTING C OMMAN DS 35-13 Example Th e fo l lowing sh ows how t o co nf igu re p or t 1 1 as a multi cas t r out er por t wit hin VLAN 1: show ip igmp snooping mr outer Th is command displays infor mation on static ally configured and dynamically le arned multicast router por ts . Synta x show ip igmp snoo ping mr outer [ vlan v[...]
-
Seite 890
M ULTICAST F ILTERING C OMMAN DS 35-14 IGMP Filterin g and Throttling Commands In certain switc h applicat ions , the administ rator ma y w ant t o co ntrol th e mult icast ser vices that are a v ailable to end use rs . F o r example , an I P/TV ser vice based on a specific subscription plan . The IGMP filte ring feature fulf ills t his requir emen[...]
-
Seite 891
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-15 ip igmp filter (Global Configuration) Th is command globally enable s IGMP filteri ng and thrott ling on the swit ch. Use t he no for m to dis able the fe ature. Synta x [ no ] ip ig mp fi lte r Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage • I GMP filtering enable[...]
-
Seite 892
M ULTICAST F ILTERING C OMMAN DS 35-16 ip igmp prof ile This comma nd crea te s an I GMP filt er pro file n umber and e nters I GMP profile conf iguration mode. Use the no for m to delete a profile number . Synta x [ no ] ip ig mp prof ile pr ofile-nu mber pr of ile-num ber - An I GMP filter profile n umber . (Range: 1-4294967295) Default Setting D[...]
-
Seite 893
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-17 Command Usage • Each prof ile ha s only on e acces s mode ; e ith er per mit or de ny . • Wh en the ac cess mode is se t to per mit, IGMP join re ports a re proce ssed wh en a multicast group fa lls within the controlled rang e. When th e acces s mode is s et to d eny, IGM P join repo rts ar [...]
-
Seite 894
M ULTICAST F ILTERING C OMMAN DS 35-18 ip igmp filter (Interf ace Configuration) Th is command assign s an IGMP filtering profile to an interface on the swit ch. Use t he no for m to remov e a profile from an inter face . Synta x [ no ] ip ig mp fi lte r pr ofil e-number pr of ile-num ber - An I GMP filter profile n umber . (Range: 1-4294967295) De[...]
-
Seite 895
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-19 Default Setting 64 Command Mode Interf ace Conf i gur ation Command Usage • I GMP throttling sets a maximum numb er of multicast groups that a p o r t c a n j o i n a t t h e s a m e t i m e . W h en the ma ximum number o f grou ps is re ache d on a po rt, th e s witch can ta ke one of two a ct[...]
-
Seite 896
M ULTICAST F ILTERING C OMMAN DS 35-20 Command Usage Whe n the maximum n umber of g roup s is reached on a por t, the sw itch can t ak e on e of tw o action s; ei the r “d eny” o r “r eplace . ” If th e acti on i s set t o deny , any ne w IGMP join rep or ts will b e droppe d. If the action is set to re place, th e swit c h ran domly r emov[...]
-
Seite 897
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-21 Example show ip igmp profile This com mand displ a ys I GMP f ilter ing pr ofil es cr eated on t he sw itc h . Synta x show ip igmp pr ofile [ pr of ile-numb er ] pr of ile-num ber - An e xisting IGMP filter prof ile n umber . (Range: 1-4294967295) Default Setting None Command Mode Pri vile ged E[...]
-
Seite 898
M ULTICAST F ILTERING C OMMAN DS 35-22 show ip igmp throt tle interface Th is comman d displays the in terface settings for IGMP thrott ling . Synta x show ip igmp throttle interface [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er . (R an ge : 1 -19 ) • port-channel ch annel-i d (Range: 1[...]
-
Seite 899
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-23 Mul tica st VL AN Reg ist ratio n Com mands Th is section d escribes c ommands used to config ure Multicast VLAN R egist rati on (MVR) . A sing le network-w ide VL AN can be used t o trans mit multicast traffic (such as televis ion ch annels) across a ser vice provider’ s network. Any multica st tra[...]
-
Seite 900
M ULTICAST F ILTERING C OMMAN DS 35-24 mvr (G lobal Configuration) Th is command enable s Multicast VLAN Registration (M VR) globally on the switch, enables a sp ecific MVR do main using the domain keywo rd , statically configures MVR m ulticast g roup I P address(es) using the gro up ke yw o rd, o r spe cifies the MVR VLAN id entifi er us ing t he[...]
-
Seite 901
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-25 •U s e t h e mvr group command to stati cally configure all multicast group addr esses that w ill join an MVR VLAN. A ny multicast da ta associated wit h an MVR group is sent from all source ports, and to all recei ver po rts t hat ha ve regis tered to rece ive d ata fro m t hat multicas t grou p. T[...]
-
Seite 902
M ULTICAST F ILTERING C OMMAN DS 35-26 mvr (I nterface Configuration) This command confi gures an inter face as a stat ic memb er of an MVR domain using t he gro u p k e yw ord , or con figures an interf ace a s an MVR recei v er or so urce port usin g th e type k ey w ord. Us e th e no for m to re store the d efault s ettings . Synta x [ no ] mvr [...]
-
Seite 903
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-27 groups within an MVR VLAN . Multicast groups c an also be s tatically assig ned t o a rece iver p ort u sing th e group key word. However, if a receiver port is statically configure d a s a member of an MVR VLAN, its stat us will be inactive. Also , note that VLAN me mbership for MVR receiv er po rts [...]
-
Seite 904
M ULTICAST F ILTERING C OMMAN DS 35-28 mvr imme diate This comma nd causes the sw itch to immed iatel y removes an interf ace from a multicas t stre am as soon as it receives a leave mes sage for that group . Us e the no f or m to restore the defau lt sett ings . Synta x [ no ] mvr immediate Default Setting Disabled. Command Mode Inte rface Co nf i[...]
-
Seite 905
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-29 sho w mvr This command sho ws info r mation about the glo bal MVR config uration set ting s when en tered wi th out any k eywor ds, the inte rfac es atta c hed to the MVR VL AN using the inte rface k eyw ord, or the mu ltica st groups ass ign ed to the MVR V LAN u sin g th e member s keyw ord. Synta x[...]
-
Seite 906
M ULTICAST F ILTERING C OMMAN DS 35-30 Example Th e followi ng shows the globa l MVR se ttings : Console#show mvr ======================= ========= MVR domain : 1 MVR Status:enable MVR running status:TRUE MVR multicast vlan:1 MVR Max Multicast Group s:255 MVR Current multicast g roups:1 ======================= ========= MVR domain : 2 MVR Status:di[...]
-
Seite 907
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-31 Th e follo wing dis plays information ab out t he i nte rfaces a ttach ed to t he MVR V LAN: Console#show mvr interf ace ======================= ================================ MVR domain : 1 Port Type Status Immediate Leave ------- -------- ------------- --------------- eth1/1 SOURCE ACTIVE/UP Disab[...]
-
Seite 908
M ULTICAST F ILTERING C OMMAN DS 35-32 The followin g sho ws info rmation abo ut the interfaces associated with multicast g roups as signed to the MVR VL AN: Console#show mvr member s ======================= ============ MVR domain : 1 MVR Group IP Statu s Members ---------------- ----- --- ------- 225.0.0.1 ACTIV E eth1/1(d), eth1/2(s) 225.0.0.2 I[...]
-
Seite 909
36-1 C HAPTER 36 D OMAIN N AME S ERVICE C OMMANDS These comman ds are used to confi gure Dom ain Namin g System (DN S) ser vices . Y ou can man ually configure entrie s in the DNS domain n ame to IP addre ss m apping table, config ure defau lt d omain nam es , or s pec ify on e or mor e name ser v ers to us e for domain name t o address translatio [...]
-
Seite 910
D OMAIN N AME S ER VICE C OMMAN DS 36-2 ip host This com mand crea tes a stat ic en tr y in th e DNS t able that map s a ho st name to an IP ad dress . Use t he no for m to remo v e an entry . Synta x [ no ] ip h ost name addr ess1 [ addr ess2 … address8 ] •n a m e - Name of the h ost. (Range: 1-127 characters) • address1 - Corres pond ing I [...]
-
Seite 911
CLEA R HOST 36-3 Example This example maps tw o address t o a host n ame . clear host Th is command deletes entries from the DNS table. Synta x clear host { name | * } •n a m e - Name of the h ost. (Range: 1-127 characters) • * - Re move s all entr ie s. Default Setting None Command Mode Pri vile ged Ex ec Example This examp le clea rs al l sta[...]
-
Seite 912
D OMAIN N AME S ER VICE C OMMAN DS 36-4 ip domain-name This comma nd defi nes th e defau lt d omain name appended to in comp lete host n ames (i.e., ho st name s passe d from a c lient th at are no t for mat ted with d otted no tation) . Use the no for m to remo v e the c ur rent do main name. Synta x ip do main-n ame name no ip d omain-n ame name [...]
-
Seite 913
IP DOMA IN - LIST 36-5 ip domain-list Th is comm and define s a list of doma in name s that can be append ed t o inco mplete ho st name s (i.e., host names pas sed fr om a clie nt that a re not for ma tted wit h dott ed not ation ). Use th e no for m to remove a na m e from this list . Synta x [ no ] ip do main -li st name name - Name of the host. [...]
-
Seite 914
D OMAIN N AME S ER VICE C OMMAN DS 36-6 Example Th is exam ple a dds two domain nam es to th e cu r rent list an d then disp lays the lis t. Related Commands ip domain-name (36-4) ip name-server This comma nd sp ecifies the add ress of one or m ore dom ain nam e ser v ers to use f or n ame- to- ad dre ss re so lut ion. Us e the no for m t o r em ov[...]
-
Seite 915
IP DOMA IN - LOOKUP 36-7 Example This exam ple add s tw o dom ain -name ser v ers t o th e lis t and then dis pla ys the lis t. Related Commands ip domain-name (36-4) ip domain-lookup (36-7) ip domain-lookup This command enab les DNS ho st name-to-ad dress translat ion. Use the no for m to disable DNS . Synta x [ no ] ip do main -lo oku p Default S[...]
-
Seite 916
D OMAIN N AME S ER VICE C OMMAN DS 36-8 Example This examp le en able s DNS an d th en displ ay s th e config ura tion. Related Commands ip domain-name (36-4) ip name-ser ver (36-6) sho w ho sts Th is command dis plays the static host n ame-to-address mapping table. Command Mode Pri vile ged Ex ec Example Note that a host n ame will be disp la yed [...]
-
Seite 917
SHOW DNS 36-9 sho w dn s Th is command displays the configuration of the DNS ser v ice. Command Mode Pri vile ged Ex ec Example sho w dn s cac he This com mand displ ays ent ries in the DN S cac he . Command Mode Pri vile ged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.co[...]
-
Seite 918
D OMAIN N AME S ER VICE C OMMAN DS 36-10 clear dns cac he Th is command clears all entries in t he DNS cache . Command Mode Pri vile ged Ex ec Example Table 36-2 show dns cache - display description Field Description NO Th e entry number for each resource record . FLAG The flag is always “4” ind icating a ca che entry and the refore unreliabl e[...]
-
Seite 919
37-1 C HAPTER 37 DHCP C OMMANDS These comman ds are used to confi gure Dynam ic Host Confi gura tion Prot ocol (DHCP) clie nt and rela y functi ons . Y ou c an con figu re an y VLAN interface t o be automatically as signed a n IP address via DHCP . This switch can a lso be co nfigured to r elay DHCP c lient co nf igurat ion requ ests to a DHCP se r[...]
-
Seite 920
DHCP C OMMAN DS 37-2 Command Usage • Thi s co mma nd is su es a BO O TP or DHCP cl ient requ est f or a ny I P interfa ce that ha s been se t to BOOTP or DHCP mode via the ip address command. • DHCP r equire s th e server to r eassi gn th e clien t’s last addres s i f available. • If th e BOO TP or DHC P se rver has be en m oved to a dif fe[...]
-
Seite 921
DHCP R ELAY 37-3 ip dhcp relay server This comma nd ena bles DHCP rela y ser vice, a nd specifi es the addr ess of the s er ver to use. Use the no f or m to clear a ser ve r addre ss . Synta x ip dhcp relay ser ver address no ip dhcp relay ser v er address - IP address o f a DHCP ser ver . Default Setting None Command Mode Glob al Conf igura tion U[...]
-
Seite 922
DHCP C OMMAN DS 37-4 Example ip dhcp inform ation option Th is command e nables DHCP Option 82 infor m ation relay , and specifies the fra me for ma t to use w hen Option 82 info r mation is g enerated b y the swit ch. Use t he no for m of this comman d to dis able this feature . Synta x ip dhcp infor mation opt ion { circuit-id | remote-id } no ip[...]
-
Seite 923
DHCP R ELAY 37-5 • If Option 82 is enabl ed on the sw itch, client information will be incl uded in any re layed request packet recei ved t hrough the management int erface according to this criteria. • DHCP r eque st pack ets ar e fl ooded onto a ll attac hed VL ANs oth er than the inbound VLAN under the following situations: - Neithe r DHCP s[...]
-
Seite 924
DHCP C OMMAN DS 37-6 the rep ly p acket w as rec eived. I f the DHCP packet’s broad cast flag is off, the s witch uses the Option 82 information to identify the in terfac e conn ected to the req uestin g clien t and unic asts th e repl y pack et to the cli ent. • DHCP reply packe ts are fl oode d onto all at tache d VLA Ns other than the inboun[...]
-
Seite 925
DHCP R ELAY 37-7 address (whe n DHCP snooping or relay is enabled), and unicast the packet t o th e DHCP s erver. Default Setting replace Command Mode Glob al Conf igura tion Usage Guidelines • Refer to the Usag e Guide lines under the ip dhcp infor mation option command (page 37-4) for information on when Option 82 informat ion is proces sed by [...]
-
Seite 926
DHCP C OMMAN DS 37-8 Example Related Commands ip dh cp rela y ser v er (37-3) Console#show ip dhcp re lay server Ip Dhcp Relay Status: Enable Ip Dhcp Relay Server: 192.168.10.19 DHCP Information Opti on Circuitid Status: disable DHCP Information Opti on Remoteid Status: disable DHCP Information Poli cy: replace Console#[...]
-
Seite 927
38-1 C HAPTER 38 IP I NTERFACE C OMMANDS An IP ad dress may be used for managemen t acce ss t o t he s witc h o ver y our network. A n IP add ress is obta ined via DH CP by d efault for V LAN 1. Y ou can m an ually con figure a sp ecif ic IP addres s , or dire ct th e swit ch to ob ta i n a n a d dr e s s f r om a B O O T P o r DH C P s e r ve r w [...]
-
Seite 928
IP I NTERFACE C OMMAN DS 38-2 ip address This com mand set s t he IP a ddress for t he currently sele cted V LAN interface. Use the no for m to rest ore the defau lt IP ad dress . Synta x ip address { ip-address netmask | bootp | dhcp } no ip address • ip-address - IP ad dress • netm as k - Network mask fo r the ass ociat ed IP sub net. This ma[...]
-
Seite 929
B ASI C IP C ONFIGURATION 38-3 Notes: 1. Only o ne VLA N inter face can be assig ned an IP add res s (t he def aul t i s VL AN 1 ). Thi s def in es t he mana gem en t VL AN, the only VL AN thr ough w hich you c an ga in manag ement ac ces s to the sw itch. If you as sign an IP addr ess to an y other VLAN , the new IP addr ess overri des the o rig i[...]
-
Seite 930
IP I NTERFACE C OMMAN DS 38-4 Example The follo win g exam ple defines a default gatewa y for t his d evice: Related Commands show ip redirects (38-4) show ip interface Th is command displays the settings of an IP interface . Command Mode Pri vile ged Ex ec Example Related Commands show ip redirects (38-4) show ip redirects This com mand sh ow s th[...]
-
Seite 931
B ASI C IP C ONFIGURATION 38-5 ping Th is comm and send s ICM P echo re ques t packets to ano ther no de on the network. Synta x ping ho st [ co unt coun t ][ siz e size ] • host - IP ad dress o r IP alias of the h ost. • coun t - Number of packets to send. (Range: 1-16, default: 5) • size - Number of bytes in a packet. (Range: 32-512, defaul[...]
-
Seite 932
IP I NTERFACE C OMMAN DS 38-6 Example Related Commands interface (25-2) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeou t is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10. 1.0.9: 5 packets transmitted, 5 pa[...]
-
Seite 933
S ECTION IV A PPENDI CES Th is section p rovides addition al infor m ation on the following topic s . Software Spe cification s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troub lesho oting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Glossar y Inde x[...]
-
Seite 934
A PPENDIC ES[...]
-
Seite 935
A-1 A PPENDI X A S OFTWARE S PECIFI CA TIO NS Software Features Authentication Local, RADIUS , TA CA CS+, P or t (802.1X), HTTPS , SSH, P or t Security Acc ess Cont ro l Lis ts IP , MA C F ast Et her n et por ts - 173 r ules, 7 mask s share d by 8-po r t g ro ups Gig abit Ether net port s - 52 r ules , 7 masks DHCP Client, Relay BOOTP Client DNS Pr[...]
-
Seite 936
S OFTWA R E S PECIFIC ATIONS A-2 Rate Limi ts Input/ output limit Ran ge (con fi gu red per po rt) P or t T r unking Static tr un ks (Cis co Et herC hanne l compli ant) Dyna mic t r unks (Link Ag g re gation Con trol Prot oc ol) Spanning T ree Algorithm Spanning T ree Pr otocol (STP , IEEE 802.1D ) Rapid Span ning T ree P rotocol (RSTP , IEEE 802.1[...]
-
Seite 937
M ANAG EMEN T F EAT UR E S A-3 3 O AM channels (IB , eo c , V OC) betwee n VTU-C and VTU-R HDLC or 802.3ah EFM framing Upstre am po we r ba ck o ff CPE fir mwa re-upgrade via eo c c hanne l R emote CPE m anag ement , res et, aut o-con figura tion and perfo r ma nce monito ring Additional F eatures BOOTP client SNTP (S imple N etw ork T ime Protoc o[...]
-
Seite 938
S OFTWA R E S PECIFIC ATIONS A-4 IEEE 802.1Q VLAN IEEE 802.1v Protocol-based VLANs IEEE 802.1s Multiple Spanning T r ee Proto col IEEE 802.1w Rapid Sp anning T r ee Protoc ol IEEE 802.1X P o rt Authentication IEEE 802.3- 2002 Ethe rne t, Fast Et her ne t, Gig abi t Ethe rn et Link Ag g re gation Con trol Prot ocol (LA CP) Full-dup lex f lo w contro[...]
-
Seite 939
M ANA GEME NT I NFORMATI ON B ASES A-5 Entity MIB (RFC 2737) Ether -like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Ag ents MIB (RFC 2742) F orward ing T able MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Gr oup MIB (RFC 2233) Interfaces Ev olution MIB (RFC 2863) IP MIB (RFC 2011) IP Multicasting related MIBs MA U MIB (RFC 3636) M[...]
-
Seite 940
S OFTWA R E S PECIFIC ATIONS A-6[...]
-
Seite 941
B-1 A PPEND IX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom A ction Cannot con nect using Telnet, web browse r, or SNMP software • Be sur e the sw itc h is pow ered up. • Chec k network cab ling between t he manage ment stat ion and th e sw it ch . • Chec k that you have a valid networ[...]
-
Seite 942
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • If you cannot conne ct using SSH, you may have exce eded the maxim um number of concurre nt Telnet/SSH sessio ns perm itted. Try connec ting agai n at a later ti me. • Be sure the control pa rameters for the SSH server are properly configured on the swit ch, and t hat the SSH client sof[...]
-
Seite 943
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installatio n Guide to e nsure th at the prob lem you enco unt ere d is ac tual ly ca us ed by the sw itch . If th e pro blem app ears to be ca used by the sw itch, follow thes e ste ps : 1. Enable log ging . 2. Set th e error mess ages reported to inclu de all categori[...]
-
Seite 944
T R OUBLESHOOTING B-4[...]
-
Seite 945
Glossary-1 G LO SSARY Acc ess Cont rol L ist (ACL) A CLs ca n limi t ne tw ork tr affic a nd res trict access to c ertain users or devices b y ch ec king eac h pac k et for certain I P or M A C (i.e ., Laye r 2) infor mation. Boot Proto col (BOOTP) BOOTP is used to pro vide boot up information f or net w ork devices , including I P address infor m [...]
-
Seite 946
G LOSSAR Y Glossary-2 marke d for d ifferent kinds of forw arding . The DSCP bits are mapped to the Cl ass o f Service cate g ories , and then into the o utput queues . Domain Name Se rvice (DNS) A sys tem us ed for tr ans lating host nam es for network no des into IP addre sses . Dynamic H ost C ontrol Pr otocol (DHC P) Pro vide s a framew ork for[...]
-
Seite 947
G LOSSAR Y Glossary-3 Gene ric Mult ic ast Reg ist rati on Prot oc ol (GMRP) GMR P allo ws netw ork device s to regi ster end st atio ns w ith m ulticast g roup s . GM RP re quire s that a ny par ticipatin g net w ork dev ices or end stations comply with the IEEE 802.1p standard. Grou p Attribute Registra tion Proto col (GAR P) See Gene ric A ttri [...]
-
Seite 948
G LOSSAR Y Glossary-4 IEEE 802.3ac Defines frame extensions for V LAN tag ging . IEEE 802.3x Defi nes Ethe rnet fr ame start/ sto p r equest s a nd ti mer s use d fo r flo w control on full-duplex links . IGMP Snooping Liste ni ng to IG MP Qu er y and IG MP Rep or t packe ts tra nsfer red b etwee n IP Multic ast R outers and I P Multicast ho st gr [...]
-
Seite 949
G LOSSAR Y Glossary-5 IP Precedence The T ype of Se r vice (T oS ) oct et i n th e IPv4 he ader i ncludes thr ee prec edence bit s de finin g eig ht d iffere nt p riori ty l ev els ra nging from hig hest pri ori ty for ne tw ork co ntro l pac kets t o l ow est prio rity for ro uti ne tr affi c . The eigh t v al ues are m apped one- to-on e to th e [...]
-
Seite 950
G LOSSAR Y Glossary-6 Multic ast Swi tching A pr ocess wher eb y the swi tc h filter s in comin g m ul ticast frame s for ser vices for wh ich no attached host has regist ered, or forw ards them t o all por ts cont ained w ithin th e de signate d multic ast VLAN g rou p . Network Time Proto col (NT P) NTP prov ides the mechanism s to synchr oniz e [...]
-
Seite 951
G LOSSAR Y Glossary-7 Private Branch Exchange (PB X) A tele phon e exchang e loca l to a par ticul ar org a nizatio n who use, rath er than provide, tele ph one s er vic es . Private VLANs Pri vate VLA Ns pr o vide port-based securit y and iso lati on be tw een p orts with in th e assi gned V LAN . Data tr affi c on d ow nlink ports can on ly be fo[...]
-
Seite 952
G LOSSAR Y Glossary-8 Secure Shell ( SSH) A secur e replace ment for r emote ac cess func tions , incl uding T e lnet. SSH can a uth entic ate users wit h a cryptographic key , and e ncr ypt data conn ection s bet ween manag em ent c lients and the switch. Simple M ail Transfer Protocol (SMTP) A stan da rd host -to- host mail tran spo r t pr otoc o[...]
-
Seite 953
G LOSSAR Y Glossary-9 Terminal Access Controller Access Control System Plus (TACAC S+) T A CA CS+ i s a logon authe nticat ion p rot ocol that uses sof tw are running on a cent ral ser v er to cont rol access to TA CA CS-compl iant de vices on the network. Transmission Control Protocol/Internet Protocol (TCP/ IP) Proto col su ite t hat inc lude s T[...]
-
Seite 954
G LOSSAR Y Glossary-10 Very high data ra te Digital S ubscriber Line 2 (VDS L2) VDSL2 as defined in ITU-T R ecommendation G .993. 2 is an en hancement to the first VDSL standard (G .993.1). It suppor ts transmiss ion at a bi-dire ction al net d ata ra te (the sum of u pstrea m and d ownstre am rate s) of up to 200 Mbps on twisted pair ca bles using[...]
-
Seite 955
Index-1 Numeri cs 802.1Q tunnel 13-24 , 32 -2 5 descriptio n 13-24 interface con figuration 13- 30 , 32-27 – 32-2 9 mode selectio n 13-30 , 32-10 , 32-27 TPID 13-30 , 32- 29 802.1X, port authen tication 6-19 , 22- 34 A accept able frame t ype 1 3-15 , 32-11 Access Contro l List Se e ACL ACL Extended I P 8-2 , 8-3 , 8-5 , 24-2 , 24-5 MAC 8 -2 , 8-[...]
-
Seite 956
I ND EX Index-2 verifying MAC ad dresses 7-10 , 23-21 VLAN confi guration 7-10 , 23 -20 Differentiated Code Point Service See DSCP Differentiated Serv ices See Dif fS erv DiffServ 15-2 , 34- 1 binding p olicy to interface 15-10 , 34-10 class map 15 -3 , 34-3 , 34- 7 policy map 15- 6 , 34-6 service polic y 15-10 , 34-10 DNS default doma in name 17-1[...]
-
Seite 957
I NDEX Index-3 Layer 2 16 -2 , 35-2 query 16-2 , 35 -8 query, Layer 2 16 -4 , 35-7 snooping 16-2 , 35-2 snooping , configuring 16-4 , 35-2 snooping , settin g immedia te leave 16-13 , 35- 5 ingress filtering 13-15 , 32-12 internal temperature status 4-4 , 20- 8 IP addre ss BOOTP/DHCP 4-1 4 , 37-1 , 37-4 , 38-2 setting 2-6 , 38-2 IP port priority en[...]
-
Seite 958
I ND EX Index-4 MVR assigning static multicast groups 16- 30 , 35-26 setting interface type 1 6-26 , 35-26 , 35-28 setting multicast groups 16- 21 , 35-24 specifyin g a VLAN 16- 21 , 35-24 using i mmediate le ave 16-26 , 35-26 , 35-28 P packet filtering 7-15 , 23-5 DHCP rep lies 7-16 , 23-9 DHCP requests 7-16 , 23- 8 IP /MAC ad dre ss pairs 7-18 , [...]
-
Seite 959
I NDEX Index-5 groups 5-18 , 21 -1 5 user configur ation 5-12 , 5- 15 , 21 -18 views 5-24 , 21 -13 software display ing ve rsion 4 -7 , 20-10 download ing 4-18 , 20-1 7 Spanning Tree P rotocol See STA specifica tions, sof tware A-1 SSH 6-10 , 22-21 STA 12-1 , 31-1 edge port 12- 16 , 12-20 , 31-18 glob al setti ngs, conf igur ing 12 -8 , 31-3 – 31[...]
-
Seite 960
I ND EX Index-6 ham ban d notch 1 0-8 , 29-7 ham band reg ion/usag e notch 10-9 , 29-9 impulse noi se protecti on 10- 10 , 29-23 interface se ttings 1 0-7 , 29-2 line profiles 10-16 , 29-35 maximum da ta rate 10-10 , 29-27 maximum p ower 10-10 , 29-2 2 OAM functions 10- 41 option b and 10-9 , 29-6 PSD breakpoints 10- 1 , 29-12 PSD frequencies a t b[...]
-
Seite 961
[...]
-
Seite 962
20 Mason Irvi ne, CA 92 618 Phone : (949) 679-8 000 Model Number s: SMC78 00A/VCP Pub . Numb er: 149 100012 100H E01200 7/ST -R 01 FOR TECHNICAL SUPPOR T , CALL: From U. S.A. and Ca nada (24 hou rs a day , 7 days a w eek) (800) SMC- 4-Y OU ; (949) 679-800 0; Fax: (949) 679- 1481 Fro m Eu ro pe : Co nt act de ta il s ca n be f oun d on www .sm c-eur[...]