Accton Technology ES4512C manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Accton Technology ES4512C. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Accton Technology ES4512C o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Accton Technology ES4512C se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Accton Technology ES4512C, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Accton Technology ES4512C debe contener:
- información acerca de las especificaciones técnicas del dispositivo Accton Technology ES4512C
- nombre de fabricante y año de fabricación del dispositivo Accton Technology ES4512C
- condiciones de uso, configuración y mantenimiento del dispositivo Accton Technology ES4512C
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Accton Technology ES4512C no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Accton Technology ES4512C y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Accton Technology en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Accton Technology ES4512C, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Accton Technology ES4512C, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Accton Technology ES4512C. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    www .edge-core.com Management Guide P owered by Accton ES4512C ES4524C ES4548C 12/24/48-Port Gigabit Intelligent Switch[...]

  • Página 2

    [...]

  • Página 3

    Installation Guide ES4512C 12-Port Gigabi t Intelligent Switch Layer 2 Workgroup Switch with 12 1000BASE-T (RJ-45) Ports, and 4 Combin ation (RJ-45 /SFP) Ports ES4524C 24-Port Gigabi t Intelligent Switch Layer 2 Workgroup Switch with 24 1000BASE-T (RJ-45) Ports, and 4 Combin ation (RJ-45 /SFP) Ports ES4548C 48-Port Gigabi t Intelligent Switch Layer[...]

  • Página 4

    ES4512C ES4524C ES4548C E052005-R02[...]

  • Página 5

    i Contents Chapter 1: Intr oduction 1- 1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3 Basic Configuration 2-3 Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4[...]

  • Página 6

    Contents ii System Log Configuration 3-19 Remote Log Configuration 3-20 Displaying Log Message s 3-22 Sending Simple Mail Transfer Protocol Alerts 3-23 Resetting the System 3-25 Setting the System Clock 3-26 Configuring SNTP 3-26 Setting the Time Zone 3-27 Simple Network Managemen t Protocol 3-28 Setting Community Access Strings 3-28 Specifying Tra[...]

  • Página 7

    Contents iii Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settings and Status for the Remote Side 3-79 Setting Broadcast Storm Threshol ds 3-80 Configuring Port Mi rroring 3-82 Configuring Rate Limits 3-83 Showing Port Statistics 3-84 Address Table Settings 3-88 Setting Static Addresses 3-88 Displaying the Address T a[...]

  • Página 8

    Contents iv Mapping CoS Values to ACLs 3-136 Changing Priorities Based on ACL Rules 3-137 Multicast Filtering 3-139 Layer 2 IGMP (Snooping and Query) 3-139 Configuring IGMP Snoopin g and Query Parameters 3-140 Displaying Interfaces Attached to a Multicast Router 3-142 Specifying Static Interfaces for a Multicast Router 3-143 Displaying Port Members[...]

  • Página 9

    Contents v disconnect 4-18 show line 4-19 General Commands 4-20 enable 4-20 disable 4-21 configure 4-21 show history 4-22 reload 4-22 end 4-23 exit 4-23 quit 4-24 System Management Comma nds 4-24 Device Designation Commands 4-25 prompt 4-25 hostname 4-2 5 User Access Commands 4-26 username 4-26 enable password 4-27 IP Filter Commands 4-28 managemen[...]

  • Página 10

    Contents vi logging fa cility 4-45 logging tra p 4-46 clear logging 4-46 show logging 4-47 SMTP Alert Commands 4-48 loggin g sendmail host 4-49 logging sendmail l evel 4-49 logging sendmail source-email 4-50 logging sendmail destinatio n-email 4-50 logging sendmail 4- 51 show logging sendmail 4-51 Time Commands 4-52 sntp client 4-52 sntp server 4-5[...]

  • Página 11

    Contents vii tacacs-server host 4-74 tacacs-server port 4-74 tacacs-server key 4-75 show tacacs-server 4-75 Port Security Commands 4-76 port security 4-76 802.1x Port Authentication 4-78 authentication dot 1x default 4-78 dot1x default 4-79 dot1x max-req 4-79 dot1x port-cont rol 4-80 dot1x operation-mode 4-80 dot1x re-authenticate 4-81 dot1x re-aut[...]

  • Página 12

    Contents viii ACL Information 4-111 show access-list 4-111 show access-group 4-111 SNMP Commands 4-112 snmp-server community 4-112 snmp-server co ntact 4-113 snmp-server location 4-113 snmp-server host 4-114 snmp-server enable traps 4-115 show snmp 4-115 DNS Commands 4-117 ip host 4-117 clear host 4-118 ip domain-name 4-118 ip domain-list 4-119 ip [...]

  • Página 13

    Contents ix lacp admin-key (Port Channel) 4-142 lacp port-priority 4-142 show lacp 4-143 Address Table Commands 4-147 mac-address-table static 4-148 clear mac-address-table dynamic 4-149 show mac-address-table 4-149 mac-address-table aging-time 4-150 show mac-address-table aging-time 4-150 Spanning Tree Commands 4-151 spanning-tree 4-152 spanning-t[...]

  • Página 14

    Contents x switchport allowed vlan 4-177 switchport forbidden vlan 4-178 Displaying VLAN Informa tion 4-179 show vlan 4-179 Configuring Private VLANs 4-180 pvlan 4-180 show pvlan 4-181 Configuring Protocol-based VLANs 4-181 protocol-vlan protocol-group (Configuring Groups) 4-182 protocol-vlan protocol-group (Co nfiguring Interfaces) 4-182 show prot[...]

  • Página 15

    Contents xi IGMP Query Commands (Layer 2) 4-206 ip igmp snooping querier 4-206 ip igmp snooping query-count 4-206 ip igmp snooping query-interval 4-207 ip igmp snooping query-max-response-ti me 4-208 ip igmp snooping router-port-e xpire-time 4-208 Static Multicast Routing Commands 4-209 ip igmp snooping vlan mrouter 4-209 show ip igmp snooping mrou[...]

  • Página 16

    Contents xii[...]

  • Página 17

    xiii Tables Table 1-1. Key Features 1-1 Table 1-2. System Defaults 1-5 Table 3-1. Web Page Configuration Butto ns 3-3 Table 3-2. Switch Main Menu 3-4 Table 3-3. Logging Levels 3-19 Table 3-4. HTTPS System Support 3-35 Table 3-5. 802.1x Statistics 3-48 Table 3-6. LACP Port Counters 3-76 Table 3-7. LACP Internal C onfiguration Informa tion 3-77 Table[...]

  • Página 18

    xiv Ta b l e s Table 4-27. Authentication Sequence Command s 4-69 Table 4-28. RADIUS Client Commands 4-71 Table 4-29. TACACS+ Clien t Commands 4-74 Table 4-30. Port Security Commands 4-76 Table 4-31. 802.1 x Port Auth entication Commands 4-78 Table 4-32. Access Co ntrol List Commands 4-87 Table 4-33. IP ACL Commands 4-87 Table 4-34. Mapping CoS Val[...]

  • Página 19

    xv Figures Figure 3-1 . Home Page 3-2 Figure 3-2 . Front Panel Indicators 3-3 Figure 3-3 . System Inform ation 3-9 Figure 3-4. Switch Information 3-11 Figure 3-5. Displaying Bridge Extension Configuration 3-12 Figure 3-6. IP Interface Configuration - Manua l 3-14 Figure 3-7. IP Interface Configuration - DHCP 3-15 Figure 3-8. Downloading Firmware to[...]

  • Página 20

    Figures xvi Figure 3-43. LACP - Aggreg ation Port 3-74 Figure 3-44. LACP - Port Co unters Information 3-76 Figure 3-45. LACP - Port Interna l Information 3-78 Figure 3-46. LACP - Port Ne ighbors Information 3-79 Figure 3-47. Port Broadcast Control 3-81 Figure 3-48. Mirror Port Configu ration 3-82 Figure 3-49. Rate Limit Configuration 3-83 Figure 3-[...]

  • Página 21

    Figures xvii Figure 3-88. DNS General Configuration 3-147 Figure 3-89. DNS Static Host Table 3-149 Figure 3-90. DNS Cache 3-150[...]

  • Página 22

    Figures xviii[...]

  • Página 23

    1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching . It includes a management agent that allows you to configure t he features l isted in this manual. The default configurati on can be used for most of the featu res provided by this switch. However , there are many options that you should configure to m[...]

  • Página 24

    Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks cause d by port saturation. Broadcast storm supp ression prevents broa dcast traffi c storms from engulfing the network. Unt agged (port-bas ed), tagged, a[...]

  • Página 25

    Description of Softwa re Features 1-3 1 Port Mirroring – The switch can unobtrusi vely mirror t raffic from any port t o a monitor port. Y ou can then att ach a protocol analyz er or RMON probe to this port to perform traf fic analysis and verify connection integrity . Port T runking – Ports can be co mbined into an aggregate conn ection. T run[...]

  • Página 26

    Introduction 1-4 1 Multiple S panning T ree Protocol (MSTP , IEEE 802.1s) – This protocol is a direct extension of RSTP . It can provide an inde pendent spann ing tree for dif ferent VLANs. It simplifies network mana gement, provides fo r even faster convergence than RSTP by limiting the si ze of each region, and prevent s VLAN members from being[...]

  • Página 27

    System Defaults 1-5 1 System Defaults The switch’s system default s are provided in the configurati on file “Factory_Default_Con fig.cfg.” To reset th e switch defaults , this file should be set as the startup config uration file (page 3-18). The following t able list s some of the basic system defaults. Table 1-2. Sys tem Defaults Function P[...]

  • Página 28

    Introduction 1-6 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Port Capability 1000BASE-T – 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half du plex 100 Mbps full duplex 1000 Mbps full duplex Full-duplex flow cont rol disabled Symmetric flow control disabled Module Port Capability 1000BASE-SX/LX/L[...]

  • Página 29

    System Defaults 1-7 1 IP Settings IP Address 0.0.0.0 Subnet Mask 255.0.0. 0 Default Gateway 0.0.0.0 DHCP Client: Enabled BOOTP Disabled DNS Server Lookup Disabled Multicast Filtering IGMP Snooping Snooping: Enabled Querier: Enabled System Log Status Enabled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event[...]

  • Página 30

    Introduction 1-8 1[...]

  • Página 31

    2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management option s, including SNMP , RMON and a Web-ba sed interface. A PC may also be co nnected directly to the swi tch for configurat ion and monito ring via a command line [...]

  • Página 32

    Initial Configuration 2-2 2 • Enable port mirroring • Set broadcast storm cont rol on any port • Display syst em information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and co nfiguring the switch. A null-modem console cable is provided with the swi[...]

  • Página 33

    Basic Configuration 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a network connection, you must first config ure it with a valid IP address, subnet mask, and default g ateway usin g a console connection, DHCP or BOOTP protocol . The IP address for this switch is obtaine d via DHCP by defa ult. T o manually configure[...]

  • Página 34

    Initial Configuration 2-4 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric charact ers and are case sensitive. T o pre vent unauthori[...]

  • Página 35

    Basic Configuration 2-5 2 Before you can assign an IP address to the swit ch, you must obtai n the following information fr om your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this ne twork T o assig n an IP address to the switch, comp lete the following steps: 1. From the Privileged[...]

  • Página 36

    Initial Configuration 2-6 2 5. W ait a few minutes, and then check the IP configurati on settings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration change s by typing “copy running-config startup-con fig.” Enter the startu p file name and press <Enter>. Enabling SNMP Management Access Th[...]

  • Página 37

    Basic Configuration 2-7 2 T o configu r e a community string, compl ete the following st eps: 1. From the Privileged Exe c level global config uration mode prompt, type “snmp-server community string mode ,” where “string” is the communi ty access string and “mode” is rw (read/wri te) or ro (read only). Press <Enter> . (Note that t[...]

  • Página 38

    Initial Configuration 2-8 2 2. Enter the name of the sta rt-up file. Press <En ter>. Managing System Files The switch’s flash memory suppo rts thre e types of system files that can be managed by the CLI program, We b interface, or SNMP . The switch’s file system allows files to be uploaded an d downloaded, copied, delet ed, and set a s a [...]

  • Página 39

    3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP W eb agent. Using a W eb browser you can configure the switch and view statistics to monitor network activity . The Web agent can be accessed by any computer on the network usi ng a standard W eb browser (Internet Explorer 5.0 or above, or Net scape [...]

  • Página 40

    Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access the we b-browser interface you must first ente r a user name and password. The administra tor has Read/Write acce ss to all configurati on parameters and stat istics. The defau lt user name and p assword for the administrator is “admin. ” Home Page When your web browse[...]

  • Página 41

    Navigating the Web Browser Inte rface 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down li st. Once a confi guration change has been made on a p age, be sure to click o n the “Apply” butt on to confirm the new setting. The followi ng table summarize s the web page configurat ion buttons. Notes: 1. To ensure p[...]

  • Página 42

    Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define system p arameters, manage and control the s witch, and all its p orts, or monit or network conditi ons. The fol lowing table brie fly describes the selection s available from this program. Table 3-2. Switch Main Menu Menu Description Page System 3-9 System Informat[...]

  • Página 43

    Navigating the Web Browser Inte rface 3-5 3 802.1x Port authentication 3-43 Information Displays global configu ration settings 3-44 Configuration Configures protocol parameters 3-46 Port Config uration Sets the aut hentication mode f or individual ports 3-47 Statistics Displays protocol stat istics for the select ed port 3-48 ACL 3-52 Configuratio[...]

  • Página 44

    Configuring the Switch 3-6 3 Address T able 3-88 Static Addresses Displays entries for interface, address or VLAN 3-88 Dynamic Addresses Displays or edits stat ic ent ries in the Address T able 3-89 Address Aging Sets timeout for dynamically learne d entries 3-91 Spanning T ree 3-91 STA 3-91 Information Displays ST A values used for the bridge 3-92[...]

  • Página 45

    Navigating the Web Browser Inte rface 3-7 3 Protocol VLAN 3-123 Configuration Creates a protocol group, spec ifying the supported protocols 3-123 Port Config uration Maps a protocol group t o a VLAN 3-123 Priority 3-125 Default Port Priority Sets the default priority for each port 3-125 Default Tr unk Priority Sets the defa ult priori ty for each t[...]

  • Página 46

    Configuring the Switch 3-8 3 DNS 3-146 General Configuration Enables DNS; configures domain name and domain list; and specifies IP addre ss of name servers for dynamic lookup 3-146 Static Host Table Configures static ent ries for domain name to addres s mapping 3-148 Cache Displays cache entrie s discove red by designated name servers 3-150 Table 3[...]

  • Página 47

    Basic Configuration 3-9 3 Basic Configuration Displaying System Information Y ou can easily identif y the system by displaying t he device name, locatio n and contact i nformation. Field Attributes • System Name – Name assigned to the swi tch system. • Object ID – MIB II object ID for switc h’s network management subsyst em. • Location [...]

  • Página 48

    Configuring the Switch 3-10 3 CLI – S pecify the hostname, loca tion and cont act information. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/firmware versi on numbers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Num[...]

  • Página 49

    Basic Configuration 3-11 3 • Redundant Power Statu s* – Displays the status of the redundant power supp ly. * CLI only . Management Sof tware • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Versio n number of runtime code. • Role [...]

  • Página 50

    Configuring the Switch 3-12 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensions for managed devices that support Multicast Filtering, T raffic Cl asses, and V irtual LANs. Y ou can access these extens ions to display default sett ings for the key variables. Field Attributes • Extended Mu lticast Fil tering Serv ices –[...]

  • Página 51

    Basic Configuration 3-13 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to confi gure an IP interface for management access over the network. The IP address for this switch is o btained vi a DHCP by default. T o manually configure an address, you need to change the swi tch’s def ault settings ([...]

  • Página 52

    Configuring the Switch 3-14 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN thro ugh which the management st ation is attac hed, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply . Figure 3-6. IP I nterface Configuration - Manual CLI – S pecify the manageme[...]

  • Página 53

    Basic Configuration 3-15 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can configure the switch to be dynamically con figured by these services. Web – Click Syste m, IP Configu ration. S pecify the VLAN to which th e management statio n is attached, set the IP Address Mode to DHCP or BOOTP . Click Apply to save your change[...]

  • Página 54

    Configuring the Switch 3-16 3 CLI – Enter the following command to rest art DHCP service. Managing Firmware Y ou can upload/download fi rmware to or from a TFTP server . By saving runtime code to a file on a TFTP server , that file can later be downloaded to the switch to restore operation. Y ou can als o set the switch to use new firmware withou[...]

  • Página 55

    Basic Configuration 3-17 3 If you download to a new destination f ile, then select the file from t he drop-down box for the operat ion code used a t startup, and click Appl y Changes. T o start the new firmware, reboot the system via th e System/Reset menu. Figure 3-9. Setting the Startup Code CLI – Enter the IP address of the TFTP server , selec[...]

  • Página 56

    Configuring the Switch 3-18 3 Downloading Configuration Set tings from a Server Y ou can download the confi guration file under a new fi le name and then set it as the startup fi le, or you can specify the current st artup configurati on file as the destination file to directly replace it. Note that the fil e “Factory_Default_Conf ig.cfg” can b[...]

  • Página 57

    Basic Configuration 3-19 3 If you downloa d the start up configuration fil e under a new file name, you can set thi s file as the st artup file at a late r time, and then rest art the switch. Configuring Event Logging The switch allows yo u to control the logging of error mess ages, including the type of events th at are recorded in switch memory ,[...]

  • Página 58

    Configuring the Switch 3-20 3 • RAM Level – Limits log messages sav ed to the switch’s temp orary RAM memory for all levels up to the specified level. Fo r example, if level 7 is specified, all messages from level 0 to level 7 will be logged t o RAM. (Range: 0-7, Default: 7) Note: The Flash Level must be equal to or less than the RAM Level. W[...]

  • Página 59

    Basic Configuration 3-21 3 • Logging Trap – Limits log messages that are sent to the re mote syslog server for all levels up to the spe cified level. For example, if level 3 is specified, all mess ages from level 0 to level 3 will be sent to the remote server. (Range : 0-7, Default: 7) • Host IP L ist – Displays th e list of remote server I[...]

  • Página 60

    Configuring the Switch 3-22 3 CLI – Enter the syslog server host IP address, choos e the facility type and set the logging tr ap. Displaying Log Messages Use the Logs page to scro ll through the logged system and event messages . The switch can store up t o 2048 log entri es in temporary random access memory (RAM; i.e., memory fl ushed on power r[...]

  • Página 61

    Basic Configuration 3-23 3 CLI – This example shows that syste m logging is enabled, th e message level for flash memory is “errors” (i .e., default level 3 - 0), the message lev el for RAM is “debugging” (i.e. , default level 7 - 0), and li sts one sample error . Sending Simple Mail Trans fer Protocol Alerts T o alert system administ rat[...]

  • Página 62

    Configuring the Switch 3-24 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email add ress, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in th e SMTP Server field and click Add. T o delete an IP address, click the entry in t he SMTP Server List and click Remove. S [...]

  • Página 63

    Basic Configuration 3-25 3 CLI – Enter the IP address of at least one SMTP server , set the syslog severity level to trigger an emai l message, and spe cify the switch (s ource) and up to fiv e recipient (destination) e mail addresses. Enable SMTP with the logging sendmail command to complete t he configuration. Use the show logging sendmail comm[...]

  • Página 64

    Configuring the Switch 3-26 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the switch to set its internal clo ck based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries . Y ou can also manually set[...]

  • Página 65

    Basic Configuration 3-27 3 CLI – This example configures the switch to operate as an SNTP client and then displays the current time and set tings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime merid ian, zero degrees longitude. T o display a ti[...]

  • Página 66

    Configuring the Switch 3-28 3 CLI - This example shows how to set the time zone for the system clock. Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication proto col designed specifi cally for managing devices on a network. Equipment commonly managed with SNMP includes switc hes, routers and host comput er[...]

  • Página 67

    Simple Network Manag ement Protocol 3-29 3 Web – Click SNMP , Configuratio n. Add new communi ty strings as required, select the access right s from the Access Mode drop-down list , then click Add. Figure 3-1 9. Configur ing SNMP Community St rings CLI – The following example adds the st ring “spiderman” with read/write access. Specifying T[...]

  • Página 68

    Configuring the Switch 3-30 3 Web – Click SNMP , Configuration. Fill in the IP address and commun ity string for each trap manager that will receive these messages, specify t he SNMP version, mark the trap t ypes required, an d then click Add. Figure 3-20. Configu ring SNMP Trap Man agers CLI – This exampl e adds a tr ap manager and enab les bo[...]

  • Página 69

    User Authentication 3-31 3 Command Attributes • User Name* – The name of the user. (Maximum length: 8 chara cters) • Access Level* – Specifi es the user level. (Options: Normal and Privileged) • Password – Specifies the user password. (Range: 0-8 characters plain text, case sensitive) * CLI only . Web – Click Security , Passwords. T o[...]

  • Página 70

    Configuring the Switch 3-32 3 RADIUS uses UDP while T ACACS+ uses TCP . UDP only offers best ef fort delivery , while TCP offers a connect ion-oriented transport. Also, not e that RADIUS encrypts only the pass word in the access-req uest packet from the cl ient to the server , while T ACACS+ encrypts the entire body of the packet. Command Usage •[...]

  • Página 71

    User Authentication 3-33 3 Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. (See “username” on page 4-26. ) Web – Click Security , Authent ication Setti ngs. T o configure local or re mote authenticati on preferences, specify the authent ication sequence (i. e., one to three me[...]

  • Página 72

    Configuring the Switch 3-34 3 CLI – S pecify all the required p arameters to enable logon authenticati on. Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to th e switch’s we b interface. Command[...]

  • Página 73

    User Authentication 3-35 3 • The following web browsers and oper ating systems current ly support HTTPS: • To specify a secure-site certifi cate, see “Replacing the Defa ult Secure-site Certificate” on page 3-35. Command Attributes • HTTPS Status – Allows you to enabl e/disable the HTTPS s erver feature on the switch. (Default : Enabled[...]

  • Página 74

    Configuring the Switch 3-36 3 Caution: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest o pportunity. This is because the default certificate for the switch is not unique to the hardwar e you have purchased. When you have obtain ed these, place them on your TFTP serve r , and use the following [...]

  • Página 75

    User Authentication 3-37 3 T o use the SSH server , complete these steps : 1. Generate a Host Key Pair – On the SSH Host Key Settings page, cre ate a host public/private key pai r . 2. Provide Host Public Ke y to Clients – Many SSH client programs a utomatically import the host publi c key during the initial connec tion setup with the swit ch. [...]

  • Página 76

    Configuring the Switch 3-38 3 e. The switch comp ares the decrypted b ytes to the orig inal bytes it sent . If the two sets match, this means that th e client's priva te key correspond s to an authorized p ublic key , and the c lient is authen ticated. Notes: 1. To use SSH with only password authenticat ion, the host public key must still be g[...]

  • Página 77

    User Authentication 3-39 3 Web – Click Security , SSH Host-Key Settings. Select the host- key type from the drop-down box, select the optio n to save the host key from memory to flash (if required) prior t o generating the key , and then click Generat e. Figure 3-23. SSH Host-Key Settings CLI – This example generates a host -key pair using both[...]

  • Página 78

    Configuring the Switch 3-40 3 Configuring the SSH Server The SSH server incl udes basic se ttings for authenticati on. Field Attributes • SSH Server St atus – Allows you to enable/disable the SSH serve r on the switch. (Default: Disa bled) • Version – The Secure Shell vers ion number. Version 2.0 is displa yed, but the switch supports manag[...]

  • Página 79

    User Authentication 3-41 3 CLI – This exampl e enables SSH, se ts the authentication p arameters, and displays the current configuration. It shows that the administrator has made a conne ction via SHH, and then disables th is connection. Configuring Port Security Port security is a feature th at allows you to configure a switch port wit h one or [...]

  • Página 80

    Configuring the Switch 3-42 3 • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Confi guration page (page 3-67). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-126). • Action – Indicates the action to be t aken when a port securit y violation [...]

  • Página 81

    User Authentication 3-43 3 CLI – This example select s the target port , sets the port securit y action to send a trap and disable the port , specifies a maximum address coun t, and then enables port security for the port. Configuring 802.1x Port Authentication Network switches can provide open and easy access t o network resources by simply att [...]

  • Página 82

    Configuring the Switch 3-44 3 The operation of 802.1x on th e switch requires the following: • The switch must have an IP addre ss assigned. • RADIUS authentic ation must be enabled on th e switch and the IP address of the RADIUS server specified. • Each switch port tha t will be used must be set to dot1x “Aut o” mode. • Each client tha[...]

  • Página 83

    User Authentication 3-45 3 Web – Click Security , 802.1x, Information. Figure 3-26. 802 .1x In formation CLI – This example sh ows the default pr otocol settings for 802 .1x. For a description of the additiona l entries displayed in t he CLI, See “show dot1x” on p age 4-83. Console#show dot1x 4-83 Global 802.1X Parameters reauth-enabled: ye[...]

  • Página 84

    Configuring the Switch 3-46 3 Configuring 802.1x Glob al Settings The dot1x protocol includes glo bal paramet ers that control the client authe ntication process that run s between the cl ient and the switch (i.e., authenticator), as well a s the client identit y lookup process that runs between the switch and authentic ation server . The configura[...]

  • Página 85

    User Authentication 3-47 3 Web – Select Security , 802.1x, Configuratio n. Enable dot 1x globally f or the switch, modify any of the p arameters required, and then click Apply . Figure 3-27. 802.1X Configuration CLI – This enables re-authentication and sets all of the global parame ters for 802.1x . Configuring Port Authorizatio n Mode When dot[...]

  • Página 86

    Configuring the Switch 3-48 3 • Authorized – - Yes – Connected client is authorized. - No – Connected c lient is not authorized. - Blank – Displays nothing when dot1x is disable d on a port. • Supplicant – Indicates the MAC address of a connected clien t. • Trunk – Indicates if the port is configured a s a trunk port . Web – Cli[...]

  • Página 87

    User Authentication 3-49 3 Web – Select Security , 802.1x, S tatisti cs. Select the requ ired port and then click Query . Click Refresh to update the st atistics. Figure 3-29. 802.1x Port Statis tics Rx EAP Resp/Oth The number of valid EAP Res ponse frames (other than Re sp/Id frames) that have be en received by this Authenticator . Rx EAP LenErr[...]

  • Página 88

    Configuring the Switch 3-50 3 CLI – This example displays the 802.1x st atistics for port 4. Filtering IP Addresses for Management Access Y ou can create a list of up to 16 IP addre sses or IP address grou ps that are al lowed management access to the switch t hrough the web i nterface, SNMP , or T elnet. Command Usage • The management in terfa[...]

  • Página 89

    User Authentication 3-51 3 Web – Click Security , IP Filter . Enter the addresses that are allowed management access to an interface, and click Add IP Filt ering Entry . Figure 3-30. IP Filter CLI – This example allows SNMP access for a specific cli ent. Console(config)#management snmp-client 10. 1.2.3 4-28 Console(config)#end Console#show mana[...]

  • Página 90

    Configuring the Switch 3-52 3 Access Control Lists Access Control List s (ACL) provide packet fi ltering for IP frames (based on address, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filter inco ming packets, first create an access list, add the required rules, specify a mask[...]

  • Página 91

    Access Control Li sts 3-53 3 Setting the ACL Name and Type Use the ACL Configuration p age to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 charac ters) • Type – There are three filtering modes: - Standard: IP ACL mode that fil ters packets based on the source IP a ddress. - Extended[...]

  • Página 92

    Configuring the Switch 3-54 3 The mask is bitwise ANDed with the spec i fied source IP address, and compared with the address for each IP packet enteri ng the port(s) to which this ACL has been assigned. Web – S pecify the action (i .e., Permit or Deny). Select t he address type (Any , Host, or IP). If you select “Host ,” enter a specific add[...]

  • Página 93

    Access Control Li sts 3-55 3 Configuring an Extended I P ACL Command Attributes • Action – An ACL can contain either all permit rules or all deny rule s. (Default: Permit rules) • Src/Dst IP – Specifies the source or destinat ion IP address. Use “Any” to include all possible addresses, “Host” t o specify a sp ecific host address in [...]

  • Página 94

    Configuring the Switch 3-56 3 Web – S pecify the action (i .e., Permit or Deny). S pecify the source and/or destination addre sses. Select the address type (Any , Host, or IP). If you select “Host,” enter a specific addre ss. If you select “IP ,” enter a subnet address and the mask for an address range. Set any other required crit eria, s[...]

  • Página 95

    Access Control Li sts 3-57 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) • Source/Destination MAC – Us e “Any” to include all possible add resses, “Host” to indicate a specific MAC addre ss, or “MAC” to specify an address range with the Addres[...]

  • Página 96

    Configuring the Switch 3-58 3 Web – S pecify the action (i .e., Permit or Deny). S pecify the source and/or destination addre sses. Select the address type (Any , Host, or MAC). If you select “Host,” enter a specif ic address (e.g., 1 1-22-33-44-55-66). If you sel ect “MAC,” enter a base address and a hexidecimal bitmask for an address ra[...]

  • Página 97

    Access Control Li sts 3-59 3 Configuring ACL Masks Y ou can specify opti onal masks that co ntrol the order i n which ACL rules are checked. The switch includes two system defaul t masks that pass/filter pa ckets matching the permit/den y rules specified in an ingress ACL. Y ou can also configure up to seven user-defined masks for an ingress or egr[...]

  • Página 98

    Configuring the Switch 3-60 3 Configuring an I P ACL Mask This mask define s the fields to check in the IP header . Command Usage • Masks that include an ent ry for a Layer 4 protocol source port or destina tion port can only be a pplied to packets with a header length of exactly fi ve bytes. Command Attributes • Src/Dst IP – Specifies the so[...]

  • Página 99

    Access Control Li sts 3-61 3 Web – Configure the mask to match the requir ed rules in th e IP ingress or egress ACLs. Set the mask to check for any source or desti nation address, a specific hos t address, or an address range. Include ot her cr iteria to sea rch for in the rules, such as a protocol type or on e of the service types. Or use a bitm[...]

  • Página 100

    Configuring the Switch 3-62 3 Configuring a MAC ACL Mask This mask define s the fields to check in the packet header . Command Usage Y ou must configure a mask for an ACL rule bef ore you can bind it to a port. Command Attributes • Source/Destination MAC – Use “Any” to match any address, “Host” to specify the host address for a single n[...]

  • Página 101

    Access Control Li sts 3-63 3 CLI – This example shows how to create an Ingress MAC ACL a nd bind it to a port. You can then see that the order of th e rules have been changed b y the mask. Binding a Port to an Access Control List After configuring the Access Control List s (ACL), you can bind the ports that need to filter traf fic to the appropri[...]

  • Página 102

    Configuring the Switch 3-64 3 Web – Click Security , ACL, Port Bi nding. Mark the Enable field for t he port you want to bind to an ACL for ingre ss or egress traffi c, select the require d ACL from the drop-down list, then cli ck Apply . Figure 3-38. ACL Port Binding CLI – This examples ass igns an IP an d MAC ingress ACL to port 1, an d an IP[...]

  • Página 103

    Port Configuration 3-65 3 • Forced Mode 1 – Shows the forced/preferre d port type to use for combination ports 21-24 or 45-48. (Copper-Forced, Copper-Preferred-Auto, SFP- Forced, SFP-Preferred-Auto ) • Trunk Member 1 – Shows if port is a trunk member. • Creation 2 – Shows if a trunk is manually configured or dynamically set via L ACP. 1[...]

  • Página 104

    Configuring the Switch 3-66 3 • Broadcast storm – Shows if broadcast storm cont rol is enabled or disabled. • Broadcast storm limit – Shows t he broadcast storm threshold. (500 - 262143 packets per second) • Flow control – Shows if flow control is enabled or disabl ed. • LACP – Shows if LACP is enabled or disabled. • Port Security[...]

  • Página 105

    Port Configuration 3-67 3 Configuring Interface Connections Y ou can use the Port Conf iguration or T runk Configuration p age to enable/disable an interface, set aut o-negotiation and the interface cap abilities to advertise, or manuall y fix the speed, duplex mode, and flow control. Command Attributes • Name – Allows you to label an int erfac[...]

  • Página 106

    Configuring the Switch 3-68 3 • Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups” on page 3-69. Note: Auto-negotiation must be disabled before y ou can configure o r force the interface to use the Speed/Duplex Mode or Flow Control options. Web – Click Port, Port Confi[...]

  • Página 107

    Port Configuration 3-69 3 Creating Trunk Groups Y ou can create multiple li nks between devices that work as one virt ual, aggregate link. A port trun k offe rs a dramatic incre ase in bandwidth for network segment s where bottlenecks exist , as well as providing a fault- tolerant link between two devices. Y ou can create up to six trunks at a time[...]

  • Página 108

    Configuring the Switch 3-70 3 Statically Configuring a Trunk Command Usage • When configurin g static trunks, you may not be able to link switches of different types, depending on t he manufactu rer’s implementatio n. However, note that the static trunks on thi s switch are Ci sco EtherChannel compatible. • To avoid creatin g a loop in the ne[...]

  • Página 109

    Port Configuration 3-71 3 CLI – This example creates trunk 2 with ports 1 and 2. Just connect t hese ports to two stati c trunk port s on another switch to form a tru nk. Enabling LACP on Selected Port s Command Usage • To avoid creat ing a loop i n the network, be sure you enable LACP b efore connecting the ports, and also disconnec t the port[...]

  • Página 110

    Configuring the Switch 3-72 3 Web – Click Port, L ACP , Configuration. Select any of the swi tch ports from the scroll-down port list and cl ick Add. After you have compl eted adding port s to the member list, click Apply . Figure 3-42. LAC P Trunk Configu ration CLI – The followi ng example enables LACP for ports 1 to 6. Just c onnect these po[...]

  • Página 111

    Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must meet the foll owing criteria: • Ports must have the same LACP Sy stem Priority. • Ports must have the same L ACP port Admin Key . • However, if t he “port channel” Admin Key is se t (page 4-142), then[...]

  • Página 112

    Configuring the Switch 3-74 3 Web – Click Port, L ACP , Aggregation Port. Set t he System Priority , Admin Key , and Port Priority for the Port Actor . Y ou can optionally configu re these settings for the Port Partner . (Be aware that these settings onl y affect the administrative st ate of the partne r , and will not take ef fect until the next[...]

  • Página 113

    Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for ports 1-6. Ports 1-4 are used as act ive members of t he LAG; ports 5 and 6 are set to backup mo de. Console(config)#interface ethernet 1/1 4-125 Console(config-if)#lacp actor system-pr iority 3 4-142 Console(config-if)#lacp actor admin-key 120 4-143 Console(con[...]

  • Página 114

    Configuring the Switch 3-76 3 Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages. Web – Click Port, LACP , Port Counters Information . Select a member port to display the corresponding info rmation. Figure 3-44. LAC P - Port Counters In formation CLI – The following example displ ays LACP counters for port ch[...]

  • Página 115

    Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display configurat ion settings and the operati onal stat e for the local side of an link aggrega tion. Table 3-7. LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Curre[...]

  • Página 116

    Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informa tion. Select a port channel to display the corresponding info rmation. Figure 3-45. LACP - P ort Internal Information CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the local side of port channel 1. Console#show lacp 1[...]

  • Página 117

    Port Configuration 3-79 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal state for th e remote side of an link aggregat ion. Web – Click Port, L ACP , Port Neighbors In formation. Select a port chan nel to display the correspondi ng information. Figure 3-46 . LACP - Port Nei[...]

  • Página 118

    Configuring the Switch 3-80 3 CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the remote side of port channel 1. Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is ma lfunctioning, o r if application programs are no t well designed or prope rly configure[...]

  • Página 119

    Port Configuration 3-81 3 Web – Click Port, Port/T runk Broadcast Control. Check the Enabled box for any interface, set th e threshold and click Apply . Figure 3-47. Port Broadcast Control CLI – S pecify any interface, and then enter th e threshold. The foll owing disables broadcast storm contro l for port 1, and the n sets broadcas t suppressi[...]

  • Página 120

    Configuring the Switch 3-82 3 Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port for real-time analy sis. Y ou can the n attach a logic analy zer or RMON probe t o the target port and study the traff ic crossing the source port in a completely unobt rusive manner . Command Usage • Monitor port speed should m[...]

  • Página 121

    Port Configuration 3-83 3 Configuring Rate Limits This function allows th e network manager to cont rol the maximum rate for traf fic transmitted or received on an i nterface. Rate limiting is configured on int erfaces at the edge of a network to limi t traffic comi ng out of the switch. T raffic that falls within the rate limit is tran smitted, wh[...]

  • Página 122

    Configuring the Switch 3-84 3 Showing Port Statistics Y ou can display st andard stat istics on network traf fic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed b r eakdown of traf fic based on the RMON MIB. Interfaces and Et hernet-like st atistics display errors on the traffic p assing through each port . This informat ion[...]

  • Página 123

    Port Configuration 3-85 3 Tr ansmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitt ed. One possible reason for discarding such a packet could be to free up buffer space . Tr ansmit Errors Th e number of outbound packets that could not be tra[...]

  • Página 124

    Configuring the Switch 3-86 3 Received Frames The total number of fra mes (bad, broa dcast and multicas t) received. Broadcast Frames The total number of good fr ames received that were direct ed to the broadcast addres s. Note that t his does not inc lude multicast packe ts. Multicast Frames The total number of good frames received that were direc[...]

  • Página 125

    Port Configuration 3-87 3 Web – Click Port, Port S tatistics. Select t he required interfa ce, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen. Figure 3-50. Port Statistics[...]

  • Página 126

    Configuring the Switch 3-88 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for all known devices. This information is used t o pass traff ic directly between the inboun d and outbound port s. All the addresses learned by monitoring traf fic are stored in the dynamic address t able. Y ou ca[...]

  • Página 127

    Address T able Settings 3-89 3 Web – Click Address T able, S tatic Addresses. S pecify the interface, the MAC address and VLAN, then click Add S tatic Address. Then set this as a permanent address or to be deleted on res et. Figure 3-51. Stati c Addresses CLI – This exampl e adds an address to the st atic address table, but set s it to be delet[...]

  • Página 128

    Configuring the Switch 3-90 3 Web – Click Address T able, Dynamic Add resses. S pecify the search type (i. e., mark the Interfac e, MAC Address, or VLAN checkbox), select t he method of sorting the displayed addresses, and then click Query . Figure 3-52. Dynamic Addresses CLI – This example also displa ys the address table ent ries for port 1. [...]

  • Página 129

    Spanning Tree Algorithm Configuration 3-91 3 Changing the Aging Time Y ou can set the aging ti me for entries in the dynamic add ress table. Command Attributes • Aging Status – Enables or disables the aging time. • Aging Time – The time after which a learned entry is di scarded. (Range: 10-1000000 seconds; Default: 300 seco nds) Web – Cli[...]

  • Página 130

    Configuring the Switch 3-92 3 Once a st able network top ology has been e stablishe d, all bridges listen for He llo BPDUs (Bridge Protocol Data Unit s) transm itted from the Root Bridg e. If a bridge does not get a Hello BPDU af ter a predefined interval (Maximum Age), t he bridge assumes that the link to the Root Bridge is down. This bridge will [...]

  • Página 131

    Spanning Tree Algorithm Configuration 3-93 3 • Hello Time – Interval (in seconds) at which the root device transmits a configuration messa ge. • Forward Delay – The maximum time (in s econds) the root device will wa it before changing states (i. e., discarding to learning t o forwarding). This delay is required because every device must re [...]

  • Página 132

    Configuring the Switch 3-94 3 information that would mak e it return to a discarding st ate; otherwi se, temporary data loops mi ght result. • Root Hold Time – The interval (in seconds) duri ng which no more than two brid ge configurati on protocol data units shall be transmitted by this node . • Max hops – The max number of hop counts for [...]

  • Página 133

    Spanning Tree Algorithm Configuration 3-95 3 CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Configuring Global Settings Global setti ngs apply to t he entire swi tch. Command Usage • Spannin[...]

  • Página 134

    Configuring the Switch 3-96 3 • Multiple Spanni ng Tree Protocol - To allow multiple spa nning trees to op erate over the ne twork, you must configu r e a related set of bridges with the same MSTP configuration, al lowing them to participate in a speci fic set of spanning tree inst ances. - A spanning tree instance can exist only on bridges that [...]

  • Página 135

    Spanning Tree Algorithm Configuration 3-97 3 • Forward Delay – The maximum time (in seconds) t his device will wait before changing states (i. e., discarding to learning t o forwarding). This delay is required because every device must re ceive information about topology changes before i t starts to forward frames. In addition, each port needs [...]

  • Página 136

    Configuring the Switch 3-98 3 Web – Click S panning T ree, ST A, Configuration. Modify the required attr ibutes, and click Apply . Figure 3 -55. STA Configurat ion[...]

  • Página 137

    Spanning Tree Algorithm Configuration 3-99 3 CLI – This example enables S panning T ree Protocol, sets the mode to MST , and then configures the ST A and MSTP parameters . Displaying Interface Settings The ST A Port Information and ST A Trunk Info rmation pag es display the current status of ports an d trunks in the S panning T ree. Field Attribu[...]

  • Página 138

    Configuring the Switch 3-100 3 • Oper Link Type – The operational point-to-point statu s of the LAN segment attached to this i nterface. This parameter is det ermined by manual confi guration or by auto-detecti on, as described for Admin Link Type in STA Port Configurat ion on page 3-102. • Oper Edge Port – This parameter is initi alized to[...]

  • Página 139

    Spanning Tree Algorithm Configuration 3-101 3 • Priority – Defines the priority used for this port in t he Spanning Tree Algorithm. If the path cost fo r all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an activ e link in the Spanning Tree. Thi s makes a port with higher priori ty [...]

  • Página 140

    Configuring the Switch 3-102 3 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP and MSTP attribute s for specific interface s, including port priority , path cost, link typ e, and edge port. Y ou may use a dif ferent priority or p ath cost for port s of the same media type to indicate[...]

  • Página 141

    Spanning Tree Algorithm Configuration 3-103 3 Protocol is detecting network l oops. Where more than one port is assig ned the highest priority, the port with lowest numeri c identifier wil l be enabled. • Default: 128 • Range: 0-240, in steps of 16 • Path Cost – This parameter is used by the STP to determine the best path between devices. T[...]

  • Página 142

    Configuring the Switch 3-104 3 Web – Click S panning T ree, ST A, Port Configuration or T runk Configuration. Modify the required attributes, then click Apply . Figure 3-57. STA Port Configuration CLI – This example sets ST A attributes for port 7. Configuring Multiple Spanning Trees MSTP generates a unique sp anning tree for each inst ance. Th[...]

  • Página 143

    Spanning Tree Algorithm Configuration 3-105 3 T o ensure th at the MSTI maintain s connectivity across the network, you mu st configure a related set of bridges with the same MSTI settings. Command Attributes • MST Instance – Instance ident ifier of this span ning tree. (Default : 0) • Priority – The priority of a spanning tree ins t ance. [...]

  • Página 144

    Configuring the Switch 3-106 3 CLI – This displays ST A settings for insta nce 1, followed by settings fo r each port. CLI – This example set s the priority for MSTI 1, and adds VLANs 1-5 to t his MSTI. Console#show spanning-tree mst 1 4-170 Spanning-tree information ------------------------------------------ --------------------- Spanning tree[...]

  • Página 145

    Spanning Tree Algorithm Configuration 3-107 3 Displaying Interface Settings for MSTP The MSTP Port Informati on and MSTP T runk Informa tion pages dis play the current status of ports and trunks in the selected MST instance . Field Attributes • MST Instance ID – Instance identif ier to configure. (Range : 0-4094; Default: 0) The other attribute[...]

  • Página 146

    Configuring the Switch 3-108 3 Configuring Interface Settings for MSTP Y ou can configure the ST A interface settings for an MST Inst ance using the MSTP Port Configuration and MSTP T runk Configuration page s. Field Attributes The following a ttributes are read-only and cann ot be changed: • STA State – Displays current state of this po rt wit[...]

  • Página 147

    Spanning Tree Algorithm Configuration 3-109 3 • MST Path Cost – This pa rameter is used by t he MSTP to det ermine the best pa th between devices. Theref ore, lower valu es should be assigned t o ports attached t o faster media, and higher valu es assigned to ports with slower media. (Path cost takes preceden ce over port priori ty.) Note that [...]

  • Página 148

    Configuring the Switch 3-110 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to iso late broadcast traf fic for each subnet into separate d omains. This switch provides a similar servic e at Layer 2 by usi ng VLANs to organize any group of network nod es into separate broadcast domains. VL ANs confine broadcast traf fic t[...]

  • Página 149

    VLAN Configuration 3-111 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN- unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging. VLAN Classification – When the switch receives a fr ame, it classifies the frame in one of two way[...]

  • Página 150

    Configuring the Switch 3-112 3 these host s, and core switches in the network, enable GVRP on the links between these devices. Y ou should also determine securit y boundaries in the network an d disable GVRP on the boundary port s to prevent advertisements from being propagated , or forbid those ports from jo ining restricted VLANs. Note: If you ha[...]

  • Página 151

    VLAN Configuration 3-113 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defin es a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the net work. VLANs are dynamically config ured based on join messages issued by host devices and propagat ed throughout the networ[...]

  • Página 152

    Configuring the Switch 3-114 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T able shows t he current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assign ed to a large VLAN group that crosses several switches should use VLAN tagging . However , if you just want to create a smal[...]

  • Página 153

    VLAN Configuration 3-115 3 Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no lea ding zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatic ally learned via GVRP. - Static : Added as a static en try. • Name – Name of the VLAN (1 to 32 charac ters). • Status – Shows if this VLAN is ena[...]

  • Página 154

    Configuring the Switch 3-116 3 Web – Click VLAN, 80 2.1Q VLAN, S tatic List. T o create a new VLAN, enter t he VLAN ID and VLAN name, mark the Enable checkbox to activa te the VLAN, and then click Add. Figure 3-64. VLAN Stat ic List - Creating VLANs CLI – This example creates a new VLAN. Adding Static Members to VLANs (VLAN Index) Use the VLAN [...]

  • Página 155

    VLAN Configuration 3-117 3 Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 charac ters). • Status – Enables or disables the specif ied VLAN. - Enable : VLAN is operationa l. - Disable : VLAN is suspended; i. e., does not pass packets . • Port – Port identifier. • Tr[...]

  • Página 156

    Configuring the Switch 3-118 3 CLI – The following example add s tagged and unt agged port s to VLAN 2. Adding Static Members to VLANs (Port Index) Use the VLAN S tatic Membership by Port menu to assign VLAN groups to the selected interfa ce as a tagged member . Command Attributes • Interface – Port or trunk identif ier. • Member – VLANs [...]

  • Página 157

    VLAN Configuration 3-119 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavi or for specific in terfaces, incl uding the defaul t VLAN identifier (PVID), acce pted frame types, in gress filtering, GVRP statu s, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a wa y for switches to exchange V[...]

  • Página 158

    Configuring the Switch 3-120 3 or LeaveAll message has been issued , the applicants can rejo in before the port actually lea ves the group. (Range: 60-3000 centiseconds; Defa ult: 60) • GARP LeaveAll Timer * – The interval between sending o ut a LeaveAll query message for VLAN group partic ipants and the port leav ing the group. This int erval [...]

  • Página 159

    VLAN Configuration 3-121 3 CLI – This exampl e sets port 3 to accept only tagged fra mes, assigns PVID 3 as the native VLAN ID, enabl es GVRP , sets the GARP timers, and then sets t he switchport mode to hybrid. Configuring Private VLANs Private VLANs provide port-based security and isolation b etween ports within the assigned VLAN. Dat a traffic[...]

  • Página 160

    Configuring the Switch 3-122 3 Configuring Uplink an d Downlink Ports Use the Private VLAN Link S tatus p age to set ports as down link or uplink port s. Ports designat ed as downlink port s can not communicate with any other ports on t he switch except for the up link ports. Upli nk ports can communi cate with any other port s on the switch and wi[...]

  • Página 161

    VLAN Configuration 3-123 3 Configuring Protocol Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protocol. (Opti ons: Ethernet, RFC_1042, LLC_other) • Protocol Type – The only option for[...]

  • Página 162

    Configuring the Switch 3-124 3 - If the frame is untagged and t he protocol type matches, the frame is forwarded to the appropriate VLAN. - If the frame is untagged but the protoco l type does not match, the fr ame is forwarded to the de fault VLAN for thi s interface. Command Attributes • Interface – Port or trunk identif ier. • Protocol Gro[...]

  • Página 163

    Class of Service Conf iguration 3-125 3 Class of Service Configuration Class of Service (CoS) al lows you to spe cify which dat a packet s have greater precedence when traf fic is buffered in th e switch due to congesti on. This switch supports Co S with eight priorit y queues for each port. Dat a packets in a port’ s high-priority queu e will be[...]

  • Página 164

    Configuring the Switch 3-126 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then c lick Apply . Figure 3-72. Default Port Priority CLI – This example assigns a defau lt priority of 5 to port 3. Console(config)#interface ethernet 1/3 4-125 Console(config-if)#switchport[...]

  • Página 165

    Class of Service Conf iguration 3-127 3 Mapping CoS Values to Egress Que ues This switch processe s Class of Service (CoS) priority t agged traffic by usin g eight priority queues for each port, wit h service schedules based on strict or W eighted Round Robin (WRR). Up to ei ght separate traf fic priorities are defined in IEEE 802.1p. The default p[...]

  • Página 166

    Configuring the Switch 3-128 3 Web – Click Priori ty , T raffic Classes. Mark an interface and click Select t o display the current mapping of Co S values to output queues . Assign prioriti es to the traf fic classes (i. e., output q ueues) for the se lected interfa ce, then click Apply . Figure 3-73. Traffic Classes CLI – The following example[...]

  • Página 167

    Class of Service Conf iguration 3-129 3 Selecting the Queue Mode Y ou can set the switch to service t he queues based on a strict rule that requi res all traff ic in a high er priority queue to be processed before lower priority queues are serviced, or use W eighted Round-Robin (WRR) queuing that specifies a relat ive weight of each queue. WRR uses[...]

  • Página 168

    Configuring the Switch 3-130 3 Web – Click Priority , Queue Scheduling. Select the in terface, highlight a tr affic class (i.e., outp ut queue), enter a weight, then click Apply . Figure 3-75. Queue Scheduling CLI – The following example sho ws how to assign WRR weight s to each of the priority queues. Console(config)#interface ethernet 1/1 Con[...]

  • Página 169

    Class of Service Conf iguration 3-131 3 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizi ng layer 3/4 traf fic to meet application requi rements. T raffic prioriti es can be specified in the IP header of a frame, using the priority bi ts in the T ype of Service (T oS) o[...]

  • Página 170

    Configuring the Switch 3-132 3 Mapping IP Precedence The T ype of Service (T oS) octet in the IPv4 header includes thre e precedence bits defining eight di fferent priority levels rangi ng fro m highest priori ty for network control packet s to lowest priority for routine traffi c. The default IP Precedence values are mapped one-to-one to Class of [...]

  • Página 171

    Class of Service Conf iguration 3-133 3 CLI – The f ollowing example globally enables IP Preced ence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and t hen displays the IP Precedence settings. * Mapping speci fic values for IP Precedence is implemented as an interface configurat ion command, but any changes will a[...]

  • Página 172

    Configuring the Switch 3-134 3 Web – Click Priority , IP DSCP Priority . Select an entry from the DSCP table, enter a value in the Class of Service V alue field, then cl ick Apply . Figure 3-78 . IP DSCP Pr iority CLI – The following example global ly enables DSCP Priority servic e on the switch, maps DSCP value 0 t o CoS value 1 (on port 1), a[...]

  • Página 173

    Class of Service Conf iguration 3-135 3 Mapping IP Port Priority Y ou can also map network applicat ions to Class of Service values based on the IP port number (i.e., TCP/UDP port numbe r) in the frame header . Some of the more common TCP service port s include: HTTP: 80, FTP: 21, T elnet: 23 and POP3: 1 10. Command Attributes • IP Port Priori ty[...]

  • Página 174

    Configuring the Switch 3-136 3 CLI – The following example global ly enables IP Port Priority service on the switch, maps HTTP traf fic on port 5 to CoS value 0, and then displays the IP Port Priority settings for t hat port. * Mapping specific values for IP Precedence is implemented as an interface configur ation command, but any changes will ap[...]

  • Página 175

    Class of Service Conf iguration 3-137 3 Web – Click Priority , ACL CoS Priority . Enable mapping for any port, select an ACL from the scroll -down list, then click Ap ply . Figure 3-8 1. ACL CoS Priori ty CLI – This example assigns a CoS value of zero to p ackets mat ching rules within the specified ACL on port 24. Changing Prio rities Based on[...]

  • Página 176

    Configuring the Switch 3-138 3 Command Attributes • Port – Port identifier. •N a m e * – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Precedence value. (Range: 0-7 ) • DSCP – Differentiated Services Code Point value. (Range: 0-63 ) • 802.1p Priority – Class of Service value in the IEEE 802. 1p priority ta[...]

  • Página 177

    Multicast Filtering 3-139 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio. A multicast server doe s not have to est ablish a sep arate connection with each client. It merel y broadcasts it s service to the network, and any host s that want to receive the multicast register [...]

  • Página 178

    Configuring the Switch 3-140 3 Configuring IGMP Sn ooping and Query P arameters Y ou can configure the switch to forward mul ticast traff ic intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the ports that request multicast tr affic. Thi s prevents the switch from broa dcasting the traffic to all por[...]

  • Página 179

    Multicast Filtering 3-141 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP settings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-83 . IGMP Conf iguration CLI – This exampl e modifies the se ttings for multica st filtering, and then displays the current st atus. Console(config)#ip igmp s[...]

  • Página 180

    Configuring the Switch 3-142 3 Displaying Interfaces Attached to a Multic ast Router Multicast routers th at are attached to port s on the switch use information obt ained from IGMP , along with a multicast routing prot ocol such as DVMRP or PIM, to support IP multicasti ng across the Internet. These rout ers may be dynamically discovered by the sw[...]

  • Página 181

    Multicast Filtering 3-143 3 Specifying Static Interfaces for a Multicast Router Depending on your ne twork connections, IGMP snooping may not always be able to locate the IGMP qu erier . Therefore, if t he IGMP querier is a known multicast ro uter/ switch connected over the ne twork to an in terfac e (port or trunk) on your swit ch, you can manuall[...]

  • Página 182

    Configuring the Switch 3-144 3 Displaying Port Members of Multicast Se rvices Y ou can display the port members associat ed with a specified VLAN and multica st service. Command Attribute • VLAN ID – Selects the VLAN for which to display port members. • Multicast IP Address – The IP address for a speci fic multicast service. • Multicast G[...]

  • Página 183

    Multicast Filtering 3-145 3 Assigning Ports to Multicast Services Multicast f iltering can be dynamically configured using IGMP Sn ooping and IGMP Query messages as described in “Conf iguring IGMP Sn ooping and Query Parameters” on page 3 -140. For certain applicati ons that require ti ghter control, you may need to st atically configure a mult[...]

  • Página 184

    Configuring the Switch 3-146 3 Configuring Domain Name Service The Domain Naming System (DNS) service on thi s switch allows host names to be mapped to IP addresses using st atic table entries or by redirectio n to other name servers on the network. When a client device designat es this switch as a DNS server , the client will attempt to resolv e h[...]

  • Página 185

    Configuring Domain Nam e Service 3-147 3 Web – Select DNS, General Configuration. Set the def ault domain name or list of domain names, s pecify one or more name servers to us e to use for address resolution, enable domai n lookup stat us, and click Apply . Figure 3-88. DNS Gener al Configurat ion CLI - This example set s a default domain name an[...]

  • Página 186

    Configuring the Switch 3-148 3 Configuring Static DNS Host to Address Entries Y ou can manually configure st atic entries in the DNS table that are use d to map domain names to IP addresses. Command Usage • Static entri es may be used for local devices connected dire ctly to the attached network, or for commonly used resources located el sewhere [...]

  • Página 187

    Configuring Domain Nam e Service 3-149 3 Web – Select DNS, S tatic Host T able. Enter a host n ame and one or more corresponding addresse s, then click Apply . Figure 3-89. DNS Static Host Table CLI - This example maps two addre ss to a host name, and then confi gures an alias host name for the same addresses. Console(config)#ip host rd5 192.168.[...]

  • Página 188

    Configuring the Switch 3-150 3 Displaying the DNS Cache Y ou can display entries in th e DNS cache that have been learned via th e designated name servers. Field Attributes •N o – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefo re unreliable. • Type – This field incl ud[...]

  • Página 189

    Configuring Domain Nam e Service 3-151 3 CLI - This example displays all the resour ce records learned from the desig nated name servers. Console#show dns cache 4-123 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.134.222 51 www.microsoft.akadns.net 1 4 CNAME 207.46.134.190 51 www.microsoft.akadns.net 2 4 CNAME 207.46.134.155 51 www.microsoft.akadns.n[...]

  • Página 190

    Configuring the Switch 3-152 3[...]

  • Página 191

    4-1 Chapter 4: Command Line Interface This chapter descri bes how to use t he Command Line Int erface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface for the switch over a dire ct connection to the server’s console port, or via a T elnet connection, the switch can be managed by entering command k[...]

  • Página 192

    Command Line Interfa ce 4-2 4 T o access the swit ch through a T elnet session, you must first set the IP address for the switch, and set the defa ult gateway if you are managin g the switch from a different IP subnet. For e xample, If your corp orate network is connected to another network outside your of fice or to the Intern et, you need to appl[...]

  • Página 193

    Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords and argument s. Keywords iden tify a command, and argument s specify configurati on parameters. For examp le, in the command “show interfaces st atus ethernet 1/5,” show interfaces and st at u[...]

  • Página 194

    Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration class (Global, ACL, I nterface, Line, VLAN Database, or MSTP). Y ou can also display a list of valid keywords for a specifi[...]

  • Página 195

    Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a parti al keyword with a question mark, al ternatives that match the initial letters are provi ded. (Remember not to leave a space between th e command and question mark.) For exampl e “ s? ” shows all the keywords sta rting with “s.” Negating the Effect of Commands For many [...]

  • Página 196

    Command Line Interfa ce 4-6 4 Understanding Command Modes The command set is divided int o Exec and Configurati on classes. Exec commands generally display in formation on system st atus or clear statistic al counters. Configuration comman ds, on the other hand, modi fy interface p arameters or enable certai n switching functions. These classes are[...]

  • Página 197

    Entering Commands 4-7 4 Configuration Commands Configuration c ommands are privileg ed level commands used to modif y switch settings. These commands modify th e running configu ration only an d are not saved when the switch is rebooted. T o store the running configurati on in non-volatile storage, use the copy running-conf ig startup-config comman[...]

  • Página 198

    Command Line Interfa ce 4-8 4 T o ente r the other modes, at the confi guration prompt type one of t he following commands. Use the exit or end command to return to the Privi leged Exec mode. For example, you can use the following commands to enter interface confi guration mode, and then return to Priv ileged Exec mode Table 4-2. Configur ation Com[...]

  • Página 199

    Entering Commands 4-9 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and p arameters as long as t hey conta in enough lett ers to dif ferentiate them from any other currently available comman ds or p arameters. Y ou can us e the T ab key to complete p artial commands, or enter a p artial command followed by[...]

  • Página 200

    Command Line Interfa ce 4-10 4 Command Groups The system commands can be broken down into the functional group s shown below . Table 4-4. Command Group Index Command Group Description Page Line Sets communication parameters fo r the serial port and T elnet, including baud rate and console time-out 4-1 1 General Basic commands for entering priv ileg[...]

  • Página 201

    Line Comma nds 4-11 4 The access mode shown in the followi ng tables is in dicated by these abbreviat ions: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) GC (Global Configuratio n) VC (VLAN Database Co nfiguration) ACL (Access Control List Configu ration) MST (Multiple S panning T ree) Line Commands Y ou[...]

  • Página 202

    Command Line Interfa ce 4-12 4 line This command identif ies a specific li ne for configuration, and t o process subsequent line configu ration commands. Syntax line { console | vty } • console - Console termina l line. • vty - Virtual terminal for remot e console access (i.e., Te lnet). Default Setting There is no default line . Command Mode G[...]

  • Página 203

    Line Comma nds 4-13 4 Command Usage • There are three authent ication modes provided by the swit ch itself at login : - login selects authentication by a single global password as speci fied by the password line configuratio n command. When using this method, the management interface start s in Normal Exec (NE) mode. - login local selects authent[...]

  • Página 204

    Command Line Interfa ce 4-14 4 number of times a user can e nter an incorrec t password b efore the sys tem terminates the line connecti on and returns t he terminal to the idle st ate. • The encrypted password is required for compat ibility with legacy pass word settings (i. e., plain text or encrypt ed) when reading th e configuration file duri[...]

  • Página 205

    Line Comma nds 4-15 4 password-thresh This command sets th e password intrusion threshold which limit s the number of failed logo n attempts. Use the no form to remove the threshold val ue. Syntax p assword-thresh [ threshol d ] no password-thresh threshold - The number of allowed password attempts. (Range: 1- 120; 0: no threshold) Default Setting [...]

  • Página 206

    Command Line Interfa ce 4-16 4 Example T o set t he silent time to 60 seconds , enter this command: Related Commands password-thresh (4-15) databits This command sets th e number of data bit s per character that are interpreted and generated by the console port. Use the no form to restore the def ault value. Syntax da ta b i ts { 7 | 8 } no dat abi[...]

  • Página 207

    Line Comma nds 4-17 4 parity This command defi nes the genera tion of a p arity bit. Use the no form to restore the default setti ng. Syntax pa ri t y { none | even | odd } no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocol s provi[...]

  • Página 208

    Command Line Interfa ce 4-18 4 Command Usage Set the speed to match the baud rate of the device conn ected to the serial port. Some baud rates available on devi ces connected to the port might not b e supported. The system indica tes i f the speed you select ed is no t supported. If you select the “auto ” option, the switch wil l automatically [...]

  • Página 209

    Line Comma nds 4-19 4 Command Usage S pecifying session identifie r “0” will disconnect the console connection. S pecifying any other i dentifiers fo r an active session will d isconnect an SSH o r T elnet conn ection. Example Related Commands show ssh (4-41) show users (4-61) show line This command displays the te rminal line’ s parameters. [...]

  • Página 210

    Command Line Interfa ce 4-20 4 General Commands enable This command activates Pri vileged Exec mode. In privileged mode , additional commands are avail able, and cert ain commands display addi tional informati on. See “Understandin g Command Modes” on page 4-6. Syntax enable [ level ] level - Privilege level to log into the device. The device h[...]

  • Página 211

    General Comma nds 4-21 4 Example Related Commands disable (4-21) enable password (4-27) disable This command returns to Normal Exec mode f rom privileged mod e. In normal access mode, you can only d isplay basic informatio n on the switch's configura tion or Ethernet st atistics. T o gain access to all commands, yo u must use the privileged mo[...]

  • Página 212

    Command Line Interfa ce 4-22 4 Related Commands end (4-23) show hist ory This command shows the content s of the co mmand history buf fer . Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The history buf fer size is fixed at 10 Execu tion commands and 10 Configuration commands. Example In this example, th e show histor[...]

  • Página 213

    General Comma nds 4-23 4 Command Mode Privileged Exec Command Usage This command resets the en tire system. Example This example shows how to reset the switc h: end This command returns to Privileged Ex ec mode. Default Setting None Command Mode Global Configurat ion, Interface Configurat ion, Line Configuration , VLAN Database Co nfiguration, and [...]

  • Página 214

    Command Line Interfa ce 4-24 4 quit This command exit s the configuration program. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The quit and exit commands can both exit the configuratio n program. Example This example shows how to quit a CLI session: System Management Commands These commands are used to control syst[...]

  • Página 215

    System Management Commands 4-25 4 Device Designation Commands prompt This command customi zes the CLI promp t. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configurat ion Example h[...]

  • Página 216

    Command Line Interfa ce 4-26 4 Example User Access Commands The basic commands required fo r management access are li sted in this section. This switch also includes other options for pa ssword checking via the console or a T elne t connection (page 4-1 1), user authenti cation via a remote authenti cation server (pa ge 4-68), and host access authe[...]

  • Página 217

    System Management Commands 4-27 4 Command Mode Global Configurat ion Command Usage The encrypted p assword is required for compat ibility wit h legacy pas sword settings (i.e., pl ain text or encrypted) wh en reading the configu ration file during system bootup or when d ownloading the conf iguration file from a TFTP server . There is no need for y[...]

  • Página 218

    Command Line Interfa ce 4-28 4 Example Related Commands enable (4-20) IP Filter Commands management This command specif ies the cli ent IP addresses that are all owed management access to the switch through vario us protocols. Use th e no form to restore the default setti ng. Syntax [ no ] management { al l-client | http-client | snmp-client | teln[...]

  • Página 219

    System Management Commands 4-29 4 • When entering addresses for the same group (i. e., SNMP, Web or Telnet), the switch will not accept ove rlapping address ra nges. When entering addresses for different groups, the switch will accept overlapping address range s. • You cannot delete an i ndividual address from a specif ied range. You must delet[...]

  • Página 220

    Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by t he Web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 80 Command Mode Globa[...]

  • Página 221

    System Management Commands 4-31 4 Example Related Commands ip http port (4 -30) ip http secure-server This command enables the secure hype rtext transfer protoco l (HTTPS) over the Secure Socket Layer (SSL), providing se cure access (i.e., an encrypt ed connection) to the switch’ s Web interface. Use the no form to disable this funct ion. Syntax [...]

  • Página 222

    Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4 -32) copy tf tp https-certificate (4-63) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’ s Web interface. Use the no form to restore the def ault port. Syntax ip http secure- port port_number no ip http secure[...]

  • Página 223

    System Management Commands 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number used by the T elnet interface. Use the no form to use the default port . Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 23 Command M[...]

  • Página 224

    Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote acces s tools originally desi gned for Unix systems. Some of these tool s have also been implemented for Micros oft Windows and other envi ronments. These tools, incl uding commands such as rlogin (remote login), rsh (r[...]

  • Página 225

    System Management Commands 4-35 4 The SSH server on this switch suppo rts both p assword and publi c key authenticati on. If p assword authenticat ion is specif ied by the SSH client, then the password can be authe nticated either locall y or via a RADIUS or T ACACS+ remote authenticati on server , as specified by the authentication login command o[...]

  • Página 226

    Command Line Interfa ce 4-36 4 corresponding t o the publ ic keys stored o n the switch ca n gain access. The following exch anges take place during thi s process: a. The client sends it s public key to the switc h. b. The switch compar es the client's public key to th ose stored in memory . c. If a match is found, the swit ch uses the public [...]

  • Página 227

    System Management Commands 4-37 4 ip ssh timeout Use this command to configur e the timeout for the SSH server . Use the no form to restore the default sett ing. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation. (Range: 1- 120) Default Setting 10 seconds Command Mode Global Configura[...]

  • Página 228

    Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size Use this command to set the SSH serv er key size. Use the no form to restor e the default setti ng. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey . (Range: 512-896 bits) Default Setting 768 bits C[...]

  • Página 229

    System Management Commands 4-39 4 Example ip ssh crypto host-key generate Use this command to generate the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type. Default Setting Generates both the DSA and RSA key p airs. Command Mode[...]

  • Página 230

    Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from f lash memory. • The SSH server must be disabl ed before you can execute thi s command. Example Related Commands ip ssh crypto host-key gener[...]

  • Página 231

    System Management Commands 4-41 4 Example show ssh Use this command to display the current SSH server connections. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Username Encrypti[...]

  • Página 232

    Command Line Interfa ce 4-42 4 show public-key Use this command to show the public key f or the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no para meters are ente[...]

  • Página 233

    System Management Commands 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory . The no form disables the l ogging process. Syntax [ no ] logging on Default Setting None Command Mode Global Configurat ion Command Usage The logging process control s error message[...]

  • Página 234

    Command Line Interfa ce 4-44 4 logging history This command limi ts syslog messages saved t o switch memory based on severity . The no form return s the logging of syslog messag es to the default level . Syntax logging histo ry { flash | ram } level no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.e., p ermane[...]

  • Página 235

    System Management Commands 4-45 4 logging ho st This command adds a syslog server host IP address that will receive l ogging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server . Default Setting None Command Mode Global Configurat ion Command Usage [...]

  • Página 236

    Command Line Interfa ce 4-46 4 logging tra p This command enables th e logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on seve rity . Use this command without a specif ied level to enable re mote logging. Use the no form to disable remote loggi ng. Syntax logging trap [ le vel ] no loggin[...]

  • Página 237

    System Management Commands 4-47 4 Related Commands show logging (4-47) show logging This command displays the log ging configuration , along with any system and event messages stored i n memory . Syntax show logging { flash | ram | sendmail | trap } • flash - Event hist ory stored in flash memory (i.e., p ermanent memory). • ram - Event history[...]

  • Página 238

    Command Line Interfa ce 4-48 4 The following example dis plays settings for the tr ap function. Related Commands show logging s endmail (4-51) SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP se rvers and email recipient s. Console#show logging trap Syslog logging: Enable REM[...]

  • Página 239

    System Management Commands 4-49 4 logging sendmail ho st This command specif ies SMTP servers that wi ll be sent al ert messages. Use the no form to remove an SMTP server . Syntax [ no ] logging sen dmail hos t ip_address ip_address - IP address of an SMTP serve r that will be sent alert messages for event handling. Default Setting None Command Mod[...]

  • Página 240

    Command Line Interfa ce 4-50 4 Command Usage The specified level i ndicates an event threshold . All events at thi s level or higher will be sent to the con figured email recipient s. (For example, using Level 7 will report all event s from level 7 to level 0.) Example This example will send email alerts for system errors from level 3 through 0. lo[...]

  • Página 241

    System Management Commands 4-51 4 Command Usage Y ou can specify up to five rec ipients f or alert messages. Howev er , you must enter a sep arate command to specify each recipient. Example logging s endmail This command enables SMTP event hand ling. Use the no form to disable this function. Syntax [ no ] logging se ndmail Default Setting Disabled [...]

  • Página 242

    Command Line Interfa ce 4-52 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP), or by using information broadcast by local time servers. sntp client This command enables SNTP client requests for time syn chronization from NTP or SNTP time servers specified wit h the sntp serve rs comma[...]

  • Página 243

    System Management Commands 4-53 4 Example Related Commands sntp server (4-53) sntp poll (4 -54) show sntp (4-54) sntp server This command sets th e IP address of the se rvers to which SNTP time request s are issued. Use the this comman d with no argument s to clear all time servers from the current list. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip [...]

  • Página 244

    Command Line Interfa ce 4-54 4 sntp poll This command sets th e interval between sending time request s when the switch is set to SN TP client mod e. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Global Conf[...]

  • Página 245

    System Management Commands 4-55 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | after-utc } • name - Name of timezone, usua lly an acronym. (Range: 1-29 charac ters) • hours - Number of hours before/after UTC. (Range: 0-12 hours) • minut[...]

  • Página 246

    Command Line Interfa ce 4-56 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, Febru ary 1st, 2004. show calend ar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileg ed Exec Example Console#calendar set 15 12 34 1 Februar y 2004 Conso[...]

  • Página 247

    System Management Commands 4-57 4 System Status Commands show startu p-config This command displays the config uration file stored in non-vol atile memory that is used to st art up the system. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conju nction with the show ru nning-conf ig command to compare the in[...]

  • Página 248

    Command Line Interfa ce 4-58 4 Example Related Commands show running-confi g (4-58) show running-con fig This command displays the conf iguration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjuncti on with the show startup-config command to compare the inf ormation in runni[...]

  • Página 249

    System Management Commands 4-59 4 - VLAN configuration settings for each interf ace - Multiple spanning tree instance s (name and interface s) - IP address configured for VLANs - Spanning tree setting s - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait... .. ! phymap 0[...]

  • Página 250

    Command Line Interfa ce 4-60 4 Related Commands show startup-con fig (4-57) show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” on page 3-9. • The POST results sho[...]

  • Página 251

    System Management Commands 4-61 4 show users Shows all active console and T elnet session s, including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The session used to execute this command is indicat ed by a “*” symbol n ext to the Line (i.e., sessi on) ind[...]

  • Página 252

    Command Line Interfa ce 4-62 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configurat ion Command Usage • This switch p rovides more effi cient throughput for large sequen tial data transfers by support[...]

  • Página 253

    Flash/File Co mmands 4-63 4 Example Flash/File Commands These commands are used to manage th e system code or configuration files. copy This command moves (upload/downl oad) a code image or configuration file between the swi tch’s f lash memory and a TFTP server . When you sav e the system code or configuration set tings to a file on a TFTP serve[...]

  • Página 254

    Command Line Interfa ce 4-64 4 Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destinatio n file name should not contain slashes ( or / ), the leading lett er of the file name shoul d not be a period (.), and the maximum len gth for file names on the TFTP server is 127 chara[...]

  • Página 255

    Flash/File Co mmands 4-65 4 The following example shows how to do wnload a configura tion file: This example shows how to copy a secure-site certificate from an TFTP server . It then reboot s the switch to activate the certif icate: This example shows how to copy a public-ke y used by SSH from an TFTP server . Note that public key authen tication v[...]

  • Página 256

    Command Line Interfa ce 4-66 4 Command Usage • If the file type is used for system startup, then thi s file cannot be delet ed. • “Factory_Default_Con fig.cfg” cannot be delete d. Example This example shows how t o delete the test2.cf g configuration fi le from flash memory . Related Commands dir (4-6 6) delete public-key (4-38) dir This co[...]

  • Página 257

    Flash/File Co mmands 4-67 4 Example The following example shows how to di splay all file informat ion: whichboo t This command displ ays which files were booted when t he system powere d up. Default Setting None Command Mode Privileged Exec Example This example shows the informat ion displayed by the whichboot command. See the tabl e under the dir [...]

  • Página 258

    Command Line Interfa ce 4-68 4 Default Setting None Command Mode Global Configurat ion Command Usage • A colon (:) is required after th e specified file type. • If the file c ontains an error, it cannot be set as the defa ult file. Example Related Commands dir (4-6 6) whichboot (4-67) Authentication Commands Y ou can configure this switch to au[...]

  • Página 259

    Authentication Commands 4-69 4 Authentication Sequence authentication login This command define s the login authent ication method and precedence. Use t he no form to restore the default. Syntax authentication log in {[ local ] [ radi us ] [ t acacs ]} no authentication login • local - Use local password. • radius - Use RADIUS server password. [...]

  • Página 260

    Command Line Interfa ce 4-70 4 authenticatio n enable This command defines the authent ication method and prece dence to use when changing from Exec command mode to Priv ileged Exec command mode with the enable command (see page 4- 20). Use the no form to restore t he defaul t. Syntax authentication enable {[ local ] [ radius ] [ taca cs ]} no auth[...]

  • Página 261

    Authentication Commands 4-71 4 RADIUS Client Remote Authent ication Dial-in User Service (RADIUS) is a l ogon authentic ation protocol that uses sof tware running on a central server to control access to RADIUS-aware devices on the network. An aut hentication server c ontains a database of multiple user name/p assword pairs with associated privil e[...]

  • Página 262

    Command Line Interfa ce 4-72 4 Default Setting 1812 Command Mode Global Configurat ion Example radius-server key This command sets th e RADIUS encryption key . Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate log on access for client. Do not use blank s[...]

  • Página 263

    Authentication Commands 4-73 4 Example radius-server timeout This command sets th e interval between tran smitting authent ication requests to the RADIUS server . Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the s witch waits for a reply before [...]

  • Página 264

    Command Line Interfa ce 4-74 4 TACACS+ Client T erminal Access Cont roller Access Control System (T ACACS+) is a logon authenticati on protocol that uses sof tware running on a central server to con trol access to T ACACS-aware devices on the network. An authenti cation server contain s a databa se of multiple us er name/password pairs wit h associ[...]

  • Página 265

    Authentication Commands 4-75 4 Command Mode Global Configurat ion Example tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to restore th e default. Syntax t acacs-server key key_string no t acacs-server key key_string - Encryption key used to authenticate log on access for the client. Do not use blank spaces in the[...]

  • Página 266

    Command Line Interfa ce 4-76 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stops learning new MAC addresses on the specified port when it has reached a co nfigured maximum nu mber . Only incoming t raffic with source addresses already s t ored in the dynamic or s tatic [...]

  • Página 267

    Authentication Commands 4-77 4 Command Usage • If you enable po rt security, th e switch stop s learning new MAC add resses on the specified port when it has reached a configured maximum number. Only incoming traffi c with source addresses al ready stored in th e dynamic or static address table wi ll be accepted . • First use th e port security[...]

  • Página 268

    Command Line Interfa ce 4-78 4 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based acces s control that prevent s unauthorized access to the network by requiring users to first submi t credentials for authenticati on. Client authenti cation is controlled cent rally by a RADIUS server using EAP (Extensible Aut hentication P[...]

  • Página 269

    Authentication Commands 4-79 4 dot1x default This command sets al l configurable dot1x global and port settings to their def ault values. Syntax dot1x default Command Mode Global Configurat ion Example dot1x max-req This command sets th e maximum number of times the switch port will ret ransmit an EAP request/identity p acket to the client before i[...]

  • Página 270

    Command Line Interfa ce 4-80 4 dot1x port-control This command sets th e dot1x mode on a port interface. Use the no form to r estore the default. Syntax dot1x port-control { auto | force-authorized | force-unauthorized } no dot1x port-control • auto – Requires a dot1x-aware conne cted client to be autho rized by the RADIUS server. Clien ts that[...]

  • Página 271

    Authentication Commands 4-81 4 Command Usage • The “max-count” paramete r specified by this command is onl y effective if the dot1x mode is set to “auto” by th e dot1x port-contro l command (page 4-105). • In “multi-host” mode, onl y one host connected to a port needs to pa ss authenticati on for all other hosts to be granted networ[...]

  • Página 272

    Command Line Interfa ce 4-82 4 dot1x timeout quiet-period This command sets th e time that a switch port wait s after the Max Request Count has been exc eeded before att empting to ac quire a new client. Use the no form to reset the default. Syntax dot1x timeout quiet-perio d seconds no dot1x time out quiet-per iod seconds - The number of seconds. [...]

  • Página 273

    Authentication Commands 4-83 4 dot1x timeout tx-period This command sets the time tha t the switch wait s during an authenticat ion session before re-transmi tting an EAP packet . Use the no f orm to reset to the defau lt value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-p eriod seconds - The number of seconds. (Range: 1-65535) Defa[...]

  • Página 274

    Command Line Interfa ce 4-84 4 (page 4-79). It also dis plays the follow in g global parameters which are set to a fixed value, inc luding the followin g items: - supp-timeout – Supplicant timeout. - server-timeout – Server timeout. - reauth-max – Maximum number of reauthenti cation attempts. • 802.1X Port Summa ry – Displays the port acc[...]

  • Página 275

    Authentication Commands 4-85 4 Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 3600 quiet-period: 60 tx-period: 30 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single- Host ForceAuthorized n/a 1/2 disabled Single- [...]

  • Página 276

    Command Line Interfa ce 4-86 4 Access Control List Commands Access Control List s (ACL) provide packet fi ltering for IP frames (based on address, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filt er packets, firs t create an access list, add the required rules, specify a mas[...]

  • Página 277

    Access Contro l List Comm ands 4-87 4 3. User-defined rules in the Ingress MAC ACL fo r ingress ports. 4. User-defined rules in the In gress IP ACL for ingress port s. 5. Explicit defa ult rule (permi t any any) in the ingress IP ACL for ingress ports. 6. Explicit default rule (permit any any) in the ingress MAC ACL for in gress ports. 7. If no exp[...]

  • Página 278

    Command Line Interfa ce 4-88 4 access-list ip This command adds an IP access list and enters configuratio n mode for st andard or extended IP ACLs. Us e the no form to remove the specifie d ACL. Syntax [ no ] access-li st ip { standard | extended } acl_name • standard – Specif ies an ACL that filters packets based on the so urce IP address. •[...]

  • Página 279

    Access Contro l List Comm ands 4-89 4 permit , deny (Standard ACL) This command adds a rule to a S tandard IP ACL. The rule sets a filter conditio n for packet s emanating from the specified source. Us e the no form to remove a rule. Syntax [ no ] { permit | deny } { any | source bitmask | host source } • any – Any source IP address. • source[...]

  • Página 280

    Command Line Interfa ce 4-90 4 permit , deny (Extende d ACL) This command adds a rule to an Extende d IP ACL. The rule sets a filt er condition for packet s with specific source or destinatio n IP addresses, protocol types, source or destination prot ocol ports, or TCP control codes. Use the no form to remove a r ule. Syntax [ no ] { permit | deny [...]

  • Página 281

    Access Contro l List Comm ands 4-91 4 Command Usage • All new rules are appended to the end of the list. • Address bitmasks are simi lar to a subnet mask, containing four inte gers from 0 to 255, each s eparated by a period. The binary mask uses 1 bits to indi cate “match” and 0 bits to indica te “ignore.” The bitmask is bi twise ANDed [...]

  • Página 282

    Command Line Interfa ce 4-92 4 Related Commands access-list ip (4-88) show ip access-list This command displays the ru les for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ acl_name ] • standard – Specifies a stand ard IP ACL. • extended – Specifies an extend ed IP ACL. • acl_name – Name of the ACL. (Maximum [...]

  • Página 283

    Access Contro l List Comm ands 4-93 4 Command Usage • A mask can onl y be used by al l ingress ACLs or all egress ACLs. • The precedence of the ACL rules applied t o a packet is not determined by order of the rul es, but instead by the order of the masks; i.e., the first mask that matches a rule will determine the rule that is appli ed to a pac[...]

  • Página 284

    Command Line Interfa ce 4-94 4 Command Mode IP Mask Command Usage • Packets crossing a port are checked against all the rules in the ACL until a match is found. The o rder in which these pa ckets are checked is det ermined by the mask, and not the order in whic h the ACL rules were entered. • First create the requir ed ACLs and ingress or egre [...]

  • Página 285

    Access Contro l List Comm ands 4-95 4 This shows how to create a standard ACL wit h an ingress mask to deny access to the IP host 171.69.198 .102, and permit access to any others. This shows how to create an extended ACL wit h an egress mask to drop packet s leaving network 171.69.198.0 when t he Layer 4 source port is 23. Console(config)#access-li[...]

  • Página 286

    Command Line Interfa ce 4-96 4 This is a more comprehensive example. It denies any TCP packet s in which the SYN bit is ON, and permit s all other packet s. It then sets th e ingress mask to check the deny rule first, and fin ally binds port 1 to this ACL. No te that once the ACL is bound to an interface (i.e. , the ACL is active), the order i n wh[...]

  • Página 287

    Access Contro l List Comm ands 4-97 4 Related Commands mask (IP ACL) (4-93) ip access-group This command binds a port to an IP ACL. Use the no form to r emove the p ort. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this l ist applies to ingress pac ke[...]

  • Página 288

    Command Line Interfa ce 4-98 4 Related Commands ip access-group (4-97) map access-list ip This command sets th e output queue for packet s matching an ACL rule. The specified CoS value i s only used to map the matching p acket to an output queue; it is not writt en to the p acket itself. Use the no form to remove the CoS mappi ng. Syntax [ no ] map[...]

  • Página 289

    Access Contro l List Comm ands 4-99 4 show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determin es the output queue for p ackets matching an ACL rule.) Syntax show map access-list ip [ interf ace ] interface • ethernet unit / port - unit - This is device 1 . - port - Port numbe[...]

  • Página 290

    Command Line Interfa ce 4-100 4 Command Usage • You must configure an ACL mask before you ca n change frame priorities based on an ACL rule. • Traffic priori ties may be included in the IEEE 802.1p priority tag. This tag is also incorporat ed as part of the overall IEEE 802.1Q VLAN tag. To specify this priority, use the set priority keywor ds. [...]

  • Página 291

    Access Contro l List Comm ands 4-101 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL confi guration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-li st mac acl_name acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configurat ion Command[...]

  • Página 292

    Command Line Interfa ce 4-102 4 Example Related Commands permit, deny 4-102 mac access-g roup (4-107) show mac access-l ist (4-103) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rul e filters p ackets matching a specified MAC source or destinatio n address (i.e., physical layer address), or Ethernet protocol ty pe. Use the no f[...]

  • Página 293

    Access Contro l List Comm ands 4-103 4 • destination – De stination MAC address range wi th bitmask. • address- bitmask* – Bitmask for MAC address (in hexidecimal format). • vid – VLAN ID. (Range: 1-4095) • vid-bitmask* – VLAN bitmask. (Range: 1-4095) • protocol – A specific Ethernet protocol number. (Range: 600 -fff hex.) • p[...]

  • Página 294

    Command Line Interfa ce 4-104 4 Example Related Commands permit, deny 4-102 mac access-g roup (4-107) access-list mac mask-pr ecedence This command changes to MAC Mask mode used to con figure access control masks. Use the no form to delet e the mask t able. Syntax [ no ] access-li st ip mask-precedence { in | out } • in – Ingress mask for ingre[...]

  • Página 295

    Access Contro l List Comm ands 4-105 4 mask (MAC ACL) This command defines a mask f or MAC ACLs. This mask defines the field s to check in the p acket header . Use the no form to remove a mask. Syntax [ no ] mask [ pktformat ] { any | host | source-bitmask } { any | host | destination-bitmask } [ vid [ vid-bitmask ]] [ ethertype [ ethertype-bitmask[...]

  • Página 296

    Command Line Interfa ce 4-106 4 Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. This example creates an Egre ss MAC ACL. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth 2 00[...]

  • Página 297

    Access Contro l List Comm ands 4-107 4 show access-list mac m ask-precedence This command shows the ingress or egress rule masks for MAC ACLs. Syntax show access-list mac mask-precedence [ in | out ] • in – Ingress mask precedence for ingress ACLs. • out – Egress mask precede nce for egress ACLs. Command Mode Privileged Exec Example Related[...]

  • Página 298

    Command Line Interfa ce 4-108 4 Related Commands show mac access-l ist (4-103) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Related Commands mac access-g roup (4-107) map access-list mac This command sets th e output queue for packet s matching an ACL rule. The specified CoS value i s[...]

  • Página 299

    Access Contro l List Comm ands 4-109 4 Example Related Commands queue cos-map (4-194) show map access-list mac (4-109) show map access-list mac This command shows the CoS value mapp ed to a MAC ACL for the current interface. (The Co S value determines the out put queue for packet s matching an ACL rule.) Syntax show map access-list mac [ interface [...]

  • Página 300

    Command Line Interfa ce 4-110 4 match access-list mac This command changes the IEEE 802.1p pri ority of a Layer 2 frame matching the defined ACL rul e. (This feature is commonly referred to as ACL p acket marking.) Use the no form to remove the ACL marker . Syntax match access-lis t mac acl_name set priority priority no match access-list mac acl_na[...]

  • Página 301

    Access Contro l List Comm ands 4-111 4 ACL Information show access-list This command shows all ACLs and associated rules, as well a s all the us er-defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interf ace (i.e., the ACL is active), t he order in which the rules are disp layed is determined by th e associated [...]

  • Página 302

    Command Line Interfa ce 4-112 4 SNMP Commands Controls access to thi s switch from management st ations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the commun ity access string for the Simple Network Management Proto col. Use the no form to re move[...]

  • Página 303

    SNMP Commands 4-113 4 Example snmp-server contact This command set s the system contact string. Use the no form to remove th e system cont act informati on. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode Glo[...]

  • Página 304

    Command Line Interfa ce 4-114 4 Related Commands snmp-server contact (4-1 13) snmp-server host This command specifies the recipient of a Simple Ne twork Management Protocol notificati on operation. Use t he no form to remove the sp ecified host. Syntax snmp-server host host-addr community-string [ version { 1 | 2c }] no snmp-server host host-addr ?[...]

  • Página 305

    SNMP Commands 4-115 4 Related Commands snmp-server enable trap s (4-1 15) snmp-server enable traps This command enables this device to send Simple Ne twork Management Protocol traps (SNMP no tifications). Use the no form to di sable SNMP notificati ons. Syntax [ no ] snmp-serve r enable t raps [ authentication | link-up-down ] • authentication - [...]

  • Página 306

    Command Line Interfa ce 4-116 4 Command Usage This command provides information on the community access st rings, counter information for SNMP input and output protocol dat a units, and whether or not SNMP logging has been enable d with the snmp-server enable trap s command. Example Console#show snmp System Contact: Paul System Location: WC-19 SNMP[...]

  • Página 307

    DNS Commands 4-117 4 DNS Commands These commands are used to configure Domain Na ming System (DNS) services. Y ou can manually c onfigure entries in the DNS domai n name to IP address mapping table, configure default domai n names, or specify one or more name servers t o use for domain name to address transl ation. Note that domain name s ervices w[...]

  • Página 308

    Command Line Interfa ce 4-118 4 Command Usage Servers or other network devices may support one or more connections via multiple IP addre sses. If more than one IP address i s associated with a host name using this command, a DNS client can try each addre ss in succession, until it est ablishes a connection with the targ et device. Example This exam[...]

  • Página 309

    DNS Commands 4-119 4 Default Setting None Command Mode Global Configurat ion Example Related Commands ip domain-list (4-1 19) ip name-server (4-120) ip domain-lookup (4-1 21) ip domain-list This command defines a list of domain names that can be appended to i ncomplete host names (i.e., hos t names passed from a cli ent that are not format ted with[...]

  • Página 310

    Command Line Interfa ce 4-120 4 Example This example adds two domain names to the current list and then dis plays the list. Related Commands ip domain-name (4-1 18) ip name-server This command specifies the address of one or more domain name s ervers to use for name-to-address reso lution. Use the no fo rm to remove a name server from thi s list. S[...]

  • Página 311

    DNS Commands 4-121 4 Example This example adds two domain-name serve rs to the list and then displ ays the list. Related Commands ip domain-name (4-1 18) ip domain-lookup (4-1 21) ip domain-looku p This command enables DNS ho st name-to-address transl ation. Use the no form to disable DNS. Syntax [ no ] ip domain-look up Default Setting Disabled Co[...]

  • Página 312

    Command Line Interfa ce 4-122 4 Example This example enables DNS and then di splays the configuration . Related Commands ip domain-name (4-1 18) ip name-server (4-120) show hosts This command displays the st atic host name-to-address mappi ng table. Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is ma[...]

  • Página 313

    DNS Commands 4-123 4 show dns This command displays the config uration of the DNS server . Command Mode Privileged Exec Example show dns cache This command displays entrie s in the DNS cache. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sample[...]

  • Página 314

    Command Line Interfa ce 4-124 4 clear dns cache This command clears all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYPE IP TTL DOMAIN Console#[...]

  • Página 315

    Interface Commands 4-125 4 Interface Commands These commands are used to display or set co mmunication para meters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interface configuration mode . Use the no form to remove a trunk. Syntax interface interface no interface port-cha nnel cha[...]

  • Página 316

    Command Line Interfa ce 4-126 4 Command Mode Global Configuration Example T o speci fy port 24, enter t he following command: description This command adds a description t o an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a d escription to help you remember what is attached to th[...]

  • Página 317

    Interface Commands 4-127 4 Default Setting • Auto-negotiat ion is enabled by default. • When auto-negoti ation is disabl ed, the default speed-duplex setti ng is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports. Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage • To force operation to the speed[...]

  • Página 318

    Command Line Interfa ce 4-128 4 • If autonegoti ation is disabled, au to-MDI/MDI-X pin signal confi guration will also be disab led for the RJ-45 ports. Example The following example conf igures port 1 1 to use autonegotiation. Related Commands capabili ties (4-128) speed-duplex (4 -126) capabilities This command advertises the port capabilit ies[...]

  • Página 319

    Interface Commands 4-129 4 Example The following example configures Etherne t port 5 cap abilities to 10 0half, 100full and flow cont rol. Related Commands negotiation (4-127 ) speed-duplex (4 -126) flowcontrol (4-129 ) flowcontrol This command enable s flow control. Use the no form to disable flow control. Syntax [ no ] flowcontrol Default Setting[...]

  • Página 320

    Command Line Interfa ce 4-130 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-127 ) capabili ties (flowcontrol, symmet ric) (4-128) combo-forced-mode This command forces the port type selecte d for combination port s 21-24/45-48. Use the no form to restore the def ault mode. Syntax combo-forced-mode [...]

  • Página 321

    Interface Commands 4-131 4 Default Setting All interfaces are enabled. Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage This command all ows you to disa ble a port du e to abnormal b ehavior (e.g., excessive collisions), and then reenabl e it after the probl em has been resolved. Y ou may also want to disable a port fo[...]

  • Página 322

    Command Line Interfa ce 4-132 4 Example The following s hows how to configure broad cast storm cont rol at 600 p ackets per second: clear counters This command clears statist ics on an interf ace. Syntax clear counters interface interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-id (Range [...]

  • Página 323

    Interface Commands 4-133 4 show interfaces status This command displays the st atus for an interface. Syntax show interfaces sta tus [ interface ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-id (Range : 1-6) • vlan vlan-id (Range: 1-4094) Default Setting Shows the statu s for all [...]

  • Página 324

    Command Line Interfa ce 4-134 4 show interfaces counters This command displays inte rface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-id (Range : 1-6) Default Setting Shows the counters for all interf aces. Command Mode Norma[...]

  • Página 325

    Interface Commands 4-135 4 show interfaces switchport This command displays the admi nistrative and opera tional status of the specified interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-id (Range : 1-6) Default Setting Shows al[...]

  • Página 326

    Command Line Interfa ce 4-136 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion. Use the no form to clear a mirror session. Syntax port monitor in terface [ rx | tx | both ] no port monit or interface • interface - ethernet unit / port ([...]

  • Página 327

    Mirror Port Commands 4-137 4 Command Usage • You can mirror traffic from any source port to a destinati on port for real-time analysis. Yo u can then attach a logic anal yzer or RMON probe to the destination po rt and study the traf fic crossing the sou r ce port in a complet ely unobtrusive manner. • The destination port is set by specifying a[...]

  • Página 328

    Command Line Interfa ce 4-138 4 Example The following s hows mirroring configur ed from port 6 to port 1 1: Rate Limit Commands This function allows th e network manager to cont rol the maximum rate for traf fic transmitted or received on an i nterface. Rate limiting is configured on int erfaces at the edge of a network to limi t traff ic into or o[...]

  • Página 329

    Link Aggregation Commands 4-139 4 Example Link Aggregation Commands Ports can b e statical ly grouped into an aggregate l ink (i.e., tr unk) to increase the bandwidth of a network connection or to ensure fault rec overy . Or you can use the Link Aggregation Contro l Prot ocol (LACP) to automatic ally negotiate a trunk l ink between this swit ch and[...]

  • Página 330

    Command Line Interfa ce 4-140 4 • All the ports in a trunk have to be treated as a whole when mov ed from/to, added or deleted from a VLAN via t he specified port-channel . • STP, VLAN, and IGMP set tings can only be ma de for the entire tru nk via the specified port-chann el. Dynamically Creati ng a Port Channel – Ports assigned t o a common[...]

  • Página 331

    Link Aggregation Commands 4-141 4 lacp This command enables 802.3ad Link Aggrega tion Control Prot ocol (LACP) for the current inte rface. Use the no form to disable it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Conf iguration (Ethern et) Command Usage • The ports on both ends of an LACP trunk must be conf igured for full[...]

  • Página 332

    Command Line Interfa ce 4-142 4 lacp system-priority This command configures a port's LACP system priority . Use the no form to resto re the default sett ing. Syntax lacp { actor | pa r t n e r } system-priority priority no lacp { actor | pa r t n e r } system-priority • actor - The local side an aggregat e link. • partner - The remote sid[...]

  • Página 333

    Link Aggregation Commands 4-143 4 lacp admin-key (Ethernet Interface) This command confi gures a port's LACP ad ministration key . Use the no form to restore the default sett ing. Syntax lacp { actor | pa r t n e r } admin-key key [ no ] lacp { actor | pa r t n e r } admin-key • actor - The local side an aggregat e link. • partner - The re[...]

  • Página 334

    Command Line Interfa ce 4-144 4 lacp admin-key (Port Channel) This command configures a port channel's LACP administration key string . Use the no form to restore the default setti ng. Syntax lacp admin-key key [ no ] lacp admin-key key - The port channel admin key is u sed to identify a specific link aggregation group (LAG) during local LACP [...]

  • Página 335

    Link Aggregation Commands 4-145 4 Command Mode Interface Conf iguration (Ethern et) Command Usage • Setting a lower value indi cates a higher effective priori ty. • If an acti ve port link g oes down, the b ackup port with the highest pri ority is selected to replace the downed link. However, if two or more ports have the same LACP port priorit[...]

  • Página 336

    Command Line Interfa ce 4-146 4 Example Console#show lacp 1 counters Channel group : 1 --------------------------------------- ---------------------------------- Eth 1/ 1 --------------------------------------- ---------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LAC[...]

  • Página 337

    Link Aggregation Commands 4-147 4 Console#show lacp 1 internal Channel group : 1 --------------------------------------- ---------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------------------------------------- ---------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Ad[...]

  • Página 338

    Command Line Interfa ce 4-148 4 Console#show lacp 1 neighbors Channel group 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- ---------------------------------- Partner Admin System ID : 32768, 00-0 0-00-00-00-00 Partner Oper System ID : 32768, 00-00 -00-00-00-01 P[...]

  • Página 339

    Address T able Commands 4-149 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearin g the table, or sett ing the aging time. Console#show lacp sysid Channel group System Priority Sys tem MAC Address --------------------------------------- ------------[...]

  • Página 340

    Command Line Interfa ce 4-150 4 mac-address-table static This command maps a static address to a desti nation port in a VLAN. Us e the no form to remove an address. Syntax mac-address-t able static mac-address interface interface vlan vlan-id [ ac tion ] no mac-address-t able static mac-addre ss vlan vlan-id • mac-address - MAC address. • inter[...]

  • Página 341

    Address T able Commands 4-151 4 clear mac-address-table dynamic This command removes any learned entrie s from the forwarding dat abase and clears the transmit and receive count s for any static or system configured entries . Default Setting None Command Mode Privileged Exec Example show mac-address-table This command shows classes of entries in th[...]

  • Página 342

    Command Line Interfa ce 4-152 4 00-00-00-00-00-00 mean s an exact matc h, and a mask of FF-FF-FF-FF-FF -FF means “any.” • The maximum number of address entries is 8191. Example mac-address-table aging-time This command sets th e aging time for entrie s in the address tabl e. Use the no form to restore the default agi ng time. Syntax mac-addre[...]

  • Página 343

    Spanning Tree Commands 4-153 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. Table 4-51. Spanning Tree Commands Command Functio n Mode Page spanning-tree Enables the spanning tree protocol GC 4-154 spann[...]

  • Página 344

    Command Line Interfa ce 4-154 4 spanning-tree This command enables the S panning T ree Algorithm globally for the switch. Use t he no form to disable it. Syntax [ no ] sp anning-tree Default Setting S panning tree is enabl ed. Command Mode Global Configurat ion Command Usage The S panning T ree Algorithm (ST A) can be used to detect and disable net[...]

  • Página 345

    Spanning Tree Commands 4-155 4 Command Usage • Spanning Tree Protoco l Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This creates one spanning tree instance f or the entire network. If multi ple VLANs are implemented on a netwo rk, the path between spec ific VLAN members may be inadvertently disabled to prevent network [...]

  • Página 346

    Command Line Interfa ce 4-156 4 Default Setting 15 seconds Command Mode Global Configurat ion Command Usage This command sets the maxi mum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwardi ng). This delay is required because every device must receive information about to pology changes befo[...]

  • Página 347

    Spanning Tree Commands 4-157 4 spanning-tree max-age This command configures the sp anning tree bridge maximum age glob ally for this switch. Use the no form to restore the defaul t. Syntax sp anning-tree max-age second s no spanning-tree max-age seconds - T ime in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-t[...]

  • Página 348

    Command Line Interfa ce 4-158 4 Command Mode Global Configurat ion Command Usage Bridge priority is used in sel ecting the root de vice, root port, and designa ted port. The device with the highest priority be comes the ST A root device. However , if all devices have th e same priority , the device with the lowes t MAC address will then become the [...]

  • Página 349

    Spanning Tree Commands 4-159 4 spanning-tree transmission-limit This command configures the min imum interval between the tra nsmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the def ault. Syntax sp anning-tree tr ansmission-li mit count no spanning-tree transmission -limit count - The transmission limit in seconds. (Range: 1-10[...]

  • Página 350

    Command Line Interfa ce 4-160 4 mst vlan This command adds VLANs t o a spanning tree insta nce. Use the no form to remove the specified VLANs. Usin g the no form with out any VLAN p a rameters to remove all VLANs. Syntax [ no ] mst instance_ id vlan vlan-range • instance_id - Instance ident ifier of the s panning tree. (Rang e: 0-4094) • vlan-r[...]

  • Página 351

    Spanning Tree Commands 4-161 4 mst priority This command configures the prio rity of a spanning tree instance. Use the no fo rm to restore the de fault. Syntax mst inst ance_id priority priority no mst instance_id prior ity • instance_id - Instance ident ifier of the s panning tree. (Rang e: 0-4094) • priority - Priority of the a spanning tree [...]

  • Página 352

    Command Line Interfa ce 4-162 4 Command Usage The MST region name and revis ion number (page 4-162) are used to designate a un ique MST region. A bri dge (i.e., sp anning-tree compliant device such as this switch) can onl y belong to one MST regio n. And all bridges in the same region must be conf igured with the same MST inst ances. Example Relate[...]

  • Página 353

    Spanning Tree Commands 4-163 4 max-hops This command configures the maxi mum number of hops i n the region before a BPDU is discarded. Use the no form to rest ore the d efault. Syntax max-hop s hop-number hop-number - Maximum hop nu mber for multiple spanning tree. (Range: 1-40) Default Setting 20 Command Mode MST Configuration Command Usage A MSTI[...]

  • Página 354

    Command Line Interfa ce 4-164 4 spanning-tree cost This command configures the sp anning tree pa th cost for the specified interf ace. Use the no form to restore the default. Syntax sp anning-tree cost cost no sp anning-tree cost cost - The path cost for the port. (Range: 1-200,000,000)) The recommended range is: • Ethernet: 200,0 00-20,000,000 ?[...]

  • Página 355

    Spanning Tree Commands 4-165 4 Default Setting 128 Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage • This command defines th e priority for the use of a port in the Spanni ng Tree Algorithm. If the path cost for all ports on a switch are th e same, the port with the highest prio rity (that is, lowest value) wil l be[...]

  • Página 356

    Command Line Interfa ce 4-166 4 Example Related Commands spanning-t ree portfast (4-16 6) spanning-tree portfast This command sets an in terface to fast forwarding. Use th e no form to disable fast forwarding. Syntax [ no ] sp anning-tree portfast Default Setting Disabled Command Mode Interface Co nfiguration (Et hernet, Po rt Channel) Command Usag[...]

  • Página 357

    Spanning Tree Commands 4-167 4 spanning-tree link-type This command configures the li nk type for Rapid S panning T ree and Multiple S panning T ree. Use the no form to restore the default. Syntax sp anning-tree link-type { auto | point -to-point | shared } no spanning-tree link-type • auto - Automatically derived from the duplex mode setting. ?[...]

  • Página 358

    Command Line Interfa ce 4-168 4 Default Setting • Ethernet – ha lf duplex: 2 ,000,000; full duplex: 1, 000,000; trunk: 500,000 • Fast Ethernet – half duplex: 2 00,000; full duplex: 1 00,000; trunk: 50,000 • Gigabit Ethern et – full duplex: 10,000; trunk: 5,000 Command Mode Interface Co nfiguration (Et hernet, Po rt Channel) Command Usag[...]

  • Página 359

    Spanning Tree Commands 4-169 4 interface with the highest priority (t hat is, lowest value) wi ll be configured as an active link in the spanning tre e. • Where more than one interface is assigned the highest prio rity, the interface with lowest numeric i dentifier will be enabled. Example Related Commands spanning-t ree mst cost (4-167) spanning[...]

  • Página 360

    Command Line Interfa ce 4-170 4 show spanning-tree This command shows the configuration for th e common spanning tree (CST) or for an instanc e within the multiple sp anning tree (MST). Syntax show sp anning-tree [ interface | mst instance_ id ] • interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nn[...]

  • Página 361

    Spanning Tree Commands 4-171 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode :MSTP Spanning tree enable/disable :enab le Instance :0 Vlans configuration :1-40 94 Priority :3276 8 Bridge Hello Time (sec.) :2 Bridge Max Age (sec.) :20 Bridge Forward Del[...]

  • Página 362

    Command Line Interfa ce 4-172 4 show spanning-tree mst c onfiguration This command shows the configurat ion of the multiple sp anning tree. Syntax show sp anning-tree mst configurat ion Command Mode Privileged Exec Example VLAN Commands A VLAN is a group of port s that can b e located anywhere in the network, but communicate as though t hey belong [...]

  • Página 363

    VLAN Commands 4-173 4 Editing VLAN Groups vlan database This command enters VLAN dat abase mode. All commands in this mode will take effec t immediately . Default Setting None Command Mode Global Configurat ion Command Usage • Use the VLAN database command mode to add, change, and del ete VLANs. After finishing config uration changes, you can dis[...]

  • Página 364

    Command Line Interfa ce 4-174 4 vlan This command config ures a VLAN. Use the no form to restore the default sett ings or delete a VLAN. Syntax vlan vlan-id [ name vlan-name ] media ethernet [ state { active | suspend }] no vlan vlan-id [ name | state ] • vlan-id - ID of configured VLAN. (Range: 1-4094, no leading zeroes) • name - Keyword to be[...]

  • Página 365

    VLAN Commands 4-175 4 Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, which is used to configur e VLAN parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (R ange: 1-4094, no lead ing zeroes) Default Setting None Command Mode Global Configura[...]

  • Página 366

    Command Line Interfa ce 4-176 4 switchport mode This command confi gures the VLAN membershi p mode for a port. Use the no form to restore the de fault. Syntax switchport mode { trunk | hybrid } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trun k. A trunk is a direct link between two swi tches, so the port transmi ts ta[...]

  • Página 367

    VLAN Commands 4-177 4 Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage When set to receive all frame types, any received fra mes that are unta gged are assigned to the def ault VLAN. Example The following example shows how to rest rict the traff ic received on port 1 to tag ged frames: Related Commands switchport mode [...]

  • Página 368

    Command Line Interfa ce 4-178 4 Example The following example shows how to set the interface to port 1 and then ena ble ingress filtering : switchport native vlan This command configures the PVID (i.e., def ault VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Def[...]

  • Página 369

    VLAN Commands 4-179 4 switchport allowed vlan This command confi gures VLAN groups o n the selected interface. Use t he no form to restore the de fault. Syntax switchport allowed vlan { add vlan-list [ ta g g ed | untagged ] | remove vlan-list } no switch port allo wed vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list -[...]

  • Página 370

    Command Line Interfa ce 4-180 4 switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the lis t of forbidden VLANs. Syntax switchport forbidden vlan { ad d vlan-list | remove vlan-list } no switchport forbidden vl an • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN iden[...]

  • Página 371

    VLAN Commands 4-181 4 Displaying VLAN Information show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name ] • id - Keyword to be followed by the VLAN ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no leading zeroes ) • name - Keyword to be followed by the VLAN nam e. - vlan-name - ASCII string [...]

  • Página 372

    Command Line Interfa ce 4-182 4 Configuring Private VLANs Private VLANs provide port-based securi ty and isolation between port s within the assigned VLAN. Thi s section descri bes commands used to configure private VlANs. pvlan This command enables or configures a pri vate VLAN. Use the no form to disable the private VLAN. Syntax pvlan [ up-link i[...]

  • Página 373

    VLAN Commands 4-183 4 show pvlan This command displays the config ured private VLAN. Command Mode Privileged Exec Example Configuring Protocol-based VLANs The network devices required to support mu lti ple protocols canno t be easily gr ouped into a common VLAN. This may require non -standard dev ices to pass traffic between dif ferent VLANs in ord[...]

  • Página 374

    Command Line Interfa ce 4-184 4 protocol-vlan protocol-group (Configuring Groups) This command creates a protocol group, o r to add specifi c protocols to a group. Use the no form to remove a proto col group. Syntax protocol -vlan prot ocol-gro up group-i d [{ add | remove } frame_type frame protocol -type protocol ] no protocol-vlan protocol-group[...]

  • Página 375

    VLAN Commands 4-185 4 Command Usage • When creating a protocol-based VLAN, only as sign interfaces via this command. If you assign in terfaces using any of the other VLAN commands (such as vlan on page 4-174), these interfaces wil l admit traffic of any protocol type into the associ ated VLAN. • When a frame enters a port tha t has been assigne[...]

  • Página 376

    Command Line Interfa ce 4-186 4 show interfaces protoc ol-vlan protocol-grou p This command shows the mapping fr om protocol gro ups to VLANs for the selected interface s. Syntax show interfaces protoc ol-vlan protocol-group [ interface ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-[...]

  • Página 377

    GVRP and Bridge Extension Commands 4-187 4 GVRP and Bridge Extension Commands GARP VLAN Registration Protoco l defines a way for switches to exchange VLAN information in order to automa tically register VLAN members on interfaces acros s the network. This section describ es how to enable GVRP for individual in terfaces and globally for the switch, [...]

  • Página 378

    Command Line Interfa ce 4-188 4 show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Informat ion” on page 3-1 13 and “Displaying Bridge Extension Cap abilities” on page 3-12 for a description of the d isplayed items. E[...]

  • Página 379

    GVRP and Bridge Extension Commands 4-189 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-id (Range : 1-6) Default Setting Shows both global and interfac e-specific configura t[...]

  • Página 380

    Command Line Interfa ce 4-190 4 Command Usage • Group Address Registration Protocol is used b y GVRP and GMRP t o register or deregister client attri butes for client services wit hin a bridged LAN. The default values fo r the GARP timers are independen t of the media access method or da ta rate. These value s should not b e changed unless you ar[...]

  • Página 381

    Priority Commands 4-191 4 Related Commands garp timer (4-189) Priority Commands The commands described in this secti on allow you to specify which dat a packets have greater precedence when traf fic is bu ffered in the switch due to congestion. This switch support s CoS with eig ht priority queues for eac h port. Dat a packet s in a port’s hi gh-[...]

  • Página 382

    Command Line Interfa ce 4-192 4 queue mode This command sets th e queue mode to strict priori ty or Weight ed Round-Robin (WRR) for the class of service (CoS) priorit y queues. Use the no form to re store the default value. Syntax queue mode { stric t | wrr } no queue mode • strict - Services the egre ss queues in sequential order, transmitti ng [...]

  • Página 383

    Priority Commands 4-193 4 switchport priori ty default This command sets a priori ty for incoming unt agged frames. Use the no form to restore the default value . Syntax switchport priority default default-priority-id no switchport pri ority default default-priority-id - The priority number for untagged ingress traffic. The priority is a number fro[...]

  • Página 384

    Command Line Interfa ce 4-194 4 queue bandwidth This command assign s weighted round-robi n (WRR) weights to the eight c lass of service (CoS) priority queu es. Use the no form to rest ore the defaul t weights . Syntax queue bandwid th weight1...weight 4 no queue bandwi d th weight1...weight4 - The ratio of weights for queues 0 - 3 determines the w[...]

  • Página 385

    Priority Commands 4-195 4 Default Setting This switch support s Class of Service by using eight prio rity queues, with Weight ed Round Robin queuing for each po rt. Eight sep arate traffi c classes are defined in IEEE 802.1p. The default priority levels are assigne d according to recommendations in the IEEE 802.1p standard as shown below . Command [...]

  • Página 386

    Command Line Interfa ce 4-196 4 Example show queue bandwidth This command displays the we ighted round-robin (WRR) bandwi dth allocati on for the eight priority qu eues. Default Setting None Command Mode Privileged Exec Example show queue cos-map This command shows the class of se rvice priority map. Syntax show queue cos-map [ interfac e ] interfa[...]

  • Página 387

    Priority Commands 4-197 4 Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i .e., class of service mapping f or TCP/UDP sockets). Use th e no form to disable IP port mapping. Syntax [ no ] map ip po rt Default Setting Disabled Command Mode Global Configurat ion Command Usage The prec[...]

  • Página 388

    Command Line Interfa ce 4-198 4 Example The following example shows how to en able TCP/UDP port mapping globally: map ip port (Interface Configuration) This command enables IP port mapping (i.e., TCP/UDP port priority). Use the no form to remo ve a specific se tting. Syntax map ip port port number cos cos-value no map ip port port-number • port-n[...]

  • Página 389

    Priority Commands 4-199 4 Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchp ort priority. • IP Precedence and IP DSCP cannot both be en abled. Enabling one o f these priority types will aut omatically disable th e other type. Example The following example shows how to en able IP prece[...]

  • Página 390

    Command Line Interfa ce 4-200 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configurat ion Command Usage • The precedence for priority mappin g is IP Po[...]

  • Página 391

    Priority Commands 4-201 4 Default Setting The DSCP default values are defi ned in the following t able. Note that all the DSCP values that are not specif ied are mapped to CoS value 0. Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and def[...]

  • Página 392

    Command Line Interfa ce 4-202 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP tra ff ic has been mapped to CoS value 0: Related Commands map ip port (Global Configu ration) (4-197) map ip port (Interface Config uration) (4-198) show map ip precedence This command shows the IP precedence priorit y map. Synta[...]

  • Página 393

    Priority Commands 4-203 4 Example Related Commands map ip port (Global Configu ration) (4-197) map ip precedence (Interface Conf iguration) (4-199 ) show map ip dscp This command shows the IP DSCP priori ty map. Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nn[...]

  • Página 394

    Command Line Interfa ce 4-204 4 Example Related Commands map ip dscp (Global Conf iguration) (4-200) map ip dscp (Interface Config uration) (4-200) Multicast Filtering Commands This switch uses IGMP (I nternet Grou p Manage ment Protocol) to query for any attache d hosts that want to receive a specifi c multicast service. I t identifies the ports c[...]

  • Página 395

    Multicast Filter ing Commands 4-205 4 ip igmp snoopi ng This command enables IGMP sno oping on this swit ch. Use the no form to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping. ip igmp snoopi ng vlan static This command adds a port to a multic[...]

  • Página 396

    Command Line Interfa ce 4-206 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping version. Use the no form to restore the default. Syntax ip igmp snoopi ng version { 1 | 2 } no ip igmp snoo ping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP V ersion 2 Command Mode Global Configurat ion Command Usage [...]

  • Página 397

    Multicast Filter ing Commands 4-207 4 Example The following s hows the current IGMP snooping conf iguration: show mac-address -table multicast This command shows kn own multicast addresse s. Syntax show mac-addre ss-t able multicast [ vlan vlan-id ] [ user | igmp-snooping ] • vlan-id - VLAN ID ( 1 to 4094) • user - Displa y only the use r-confi[...]

  • Página 398

    Command Line Interfa ce 4-208 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the switch as an I GMP querier . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected. The que[...]

  • Página 399

    Multicast Filter ing Commands 4-209 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count define s how long the querier waits for a response from a multicast cli ent before taki ng action. If a queri er has sent a number of queries defined by t his command, b ut a clie nt has not res ponded, a count down timer i[...]

  • Página 400

    Command Line Interfa ce 4-210 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s. (Range: 5- 25) Default Se[...]

  • Página 401

    Multicast Filter ing Commands 4-211 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this command to take ef fect. Example The following shows how to confi gure the default timeout t o 300 seconds: Related Commands ip igmp snooping version (4-206) Static Multicast Routing Commands ip igmp[...]

  • Página 402

    Command Line Interfa ce 4-212 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier . Ther efore, if the IGMP querier i s a known multicast router/swit ch connected over the network to an in terface (port or trunk) on your router , you can manually configure that interf ace to join a[...]

  • Página 403

    IP Interface Commands 4-213 4 IP Interface Commands An IP addresses may be used for manage ment access to the switch over your network. The IP address for th is switch is obt ained via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the dev ice to obtain an address from a BOOTP or DHCP server when it is powered on. Y [...]

  • Página 404

    Command Line Interfa ce 4-214 4 • If you select the bootp or dh cp option, IP i s enabled but wi ll not func tion until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort to learn its IP address. (BOOTP and DHCP values can include t he IP address, defaul t gateway, and su bnet mask). ?[...]

  • Página 405

    IP Interface Commands 4-215 4 Related Commands ip address (4-213) ip default-gateway This command establ ishes a stat ic route between this switch an d management statio ns that exist on another network se gment. Use the no form to re move the stat ic route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default[...]

  • Página 406

    Command Line Interfa ce 4-216 4 Related Commands show ip redirect s (4-216) show ip redirects This command shows the default gateway configure d for this device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-2 15) ping This command sends ICMP echo reques t packet s to another node on th e network.[...]

  • Página 407

    IP Interface Commands 4-217 4 - Network or host un reachable - The gate way found no corresp onding entry in the route table. • Press <Esc> to stop pinging. Example Related Commands interface (4-125) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms respon[...]

  • Página 408

    Command Line Interfa ce 4-218 4[...]

  • Página 409

    A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1x), HTTPS, SSH, Port Security Access Control List s IP , MAC (up to 32 lists) DHCP Client DNS Server Port Configuration 1000BASE-T : 10/100 Mbps at half/full d uplex, 1000 Mbp s at full duplex 1000BASE-SX/LX/LH: 1000 Mbp s, full duplex Flow [...]

  • Página 410

    Software Specifications A-2 A Additional Featu r es BOOTP client SNTP (Simple Network T ime Protocol) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1, 2, 3, 9) SMTP Email Alerts Management Features In-Band Management T elnet, Web-based HTTP or HTTPS, SNMP manager , or Secure Shell Out-of-Band Manageme nt RS-232 DB-9 co[...]

  • Página 411

    Management Inform ation Bases A-3 A RMON (RFC 1757 groups 1,2,3,9) SNMP (RFC 1 157) SNMPv2 (RFC 1907) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674 ) Extensible SNMP Age nts MIB (RFC 2 742) Forwarding T able MIB (RFC[...]

  • Página 412

    Software Specifications A-4 A[...]

  • Página 413

    B-1 Appendix B: Troubleshooting Problems Accessing the Management Int erface T able B-1 T roubleshooting Chart Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the manag ement station and t he switch. • Check that you have a valid network connectio[...]

  • Página 414

    Troubleshooting B-2 B Using System Logs If a fault does occur , refer to the Installati on Guide to ensure that the probl em you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to incl ude all categories. 3. Designate the SNM[...]

  • Página 415

    Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk traffic and restri ct access to certai n users or devices by checking each p acket for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide boot up information fo r network devices, inclu ding IP address informati on, the address of the TF[...]

  • Página 416

    Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automati cally over a S panning T ree network. Generic Attribute Regi stration Protocol (GARP) GARP is a pr[...]

  • Página 417

    Glossary-3 Glossary IEEE 802.3x Defines Ethernet frame st art/stop requests and timers used for flow control on full-duplex links. IGMP Snooping Listening to IGMP Query and IGMP Re port packe ts transferred betwee n IP Multicast Routers and IP Multicast host group s to identify IP Multicast group members. IGMP Query On each subnetwork, on e IGMP-ca[...]

  • Página 418

    Glossary Glossary-4 Management Information Base (MIB) An acronym for Management Information Base. It is a set of databa se objects that contain s information a bout a specific device. Multicast Switching A process whereby the switch filters incoming multicast fra mes for services for which no attache d host has registered, or forwards them t o all [...]

  • Página 419

    Glossary-5 Glossary Rapid Spanning Tr ee Protocol (RSTP) RSTP reduces the convergence time for network to pology changes to a bout 10% of that require d by the older IEEE 802.1D STP st andard. Secure Shell (SSH) A secure replacement for remote access functions, includi ng T elnet. SSH can authenticate use rs with a cryptographic key , and encrypt d[...]

  • Página 420

    Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a dat agram mode for packet-swi tched communications. It uses IP as the underlying transpo rt mechanism to provide acce ss to IP-like services. UDP packet s are delivered just like IP packet s – connection-less dat agrams that may be discarded before reachi ng their target s. UDP is us[...]

  • Página 421

    Index-1 Symbols 3-31 Numerics 802.1x, port authentication 3-43, 4-78 A acceptable frame type 3-119, 4-174 Access Control List See ACL ACL Extended IP 3-53, 4-86, 4-87, 4-90 MAC 3-53, 4-86, 4-10 1, 4-101–4-103 Standard IP 3-53, 4-86, 4-87, 4-89 address table 3-88, 4-147 aging time 3-91, 4-150 B BOOTP 3-15, 4-211 BPDU 3-92 broadcast storm, t hresho[...]

  • Página 422

    Index-2 Index H hardware version, displaying 3-10, 4-61 HTTPS 3-34, 4-31 HTTPS, secure server 3-34, 4-31 I IEEE 802.1D 3-91, 4-152 IEEE 802.1s 4-152 IEEE 802.1w 3-91, 4-152 IEEE 802.1x 3-43, 4-78 IGMP groups, display ing 3-144, 4-205 Layer 2 3-139, 4-202 query 3-139, 4-206 query, Layer 2 3-140, 4-206 snooping 3-139, 4-203 snooping, config uring 3-1[...]

  • Página 423

    Index-3 Index Q queue weights 3-129, 4-192 R RADIUS, logon a uthentication 3-31, 4-71 rate limits, setting 3-8 3, 4-136 restarting the system 3-25, 4-22 RSTP 3-91, 4-152 global configuratio n 3-92, 4-152 S Secure Shell 3-36, 4-34 configurati on 3-36, 4-37 Secure Shell configuration 4-37 serial port configur ing 4-11 Simple Network Ma nagement Proto[...]

  • Página 424

    Index-4 Index W Web interface access requirements 3-1 configuration but tons 3-3 home page 3-2 menu list 3-3, 3-4 panel display 3-3[...]

  • Página 425

    [...]

  • Página 426

    ES4512C ES4524C ES4548C E052005-R02[...]