Accton Technology ES3552XA manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 512 pages
- 5.85 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Switch
Accton Technology ES3005
2 pages 0.18 mb -
Switch
Accton Technology 16
10 pages 0.28 mb -
Switch
Accton Technology ES4626
523 pages 6.83 mb -
Switch
Accton Technology E0298-R03
10 pages 1.54 mb -
Switch
Accton Technology 12se
21 pages 1.05 mb -
Switch
Accton Technology ES4548D
588 pages 5.87 mb -
Switch
Accton Technology EN2218
62 pages 0.24 mb -
Switch
Accton Technology ES2027
10 pages 1.54 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Accton Technology ES3552XA. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Accton Technology ES3552XA ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Accton Technology ES3552XA décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation Accton Technology ES3552XA devrait contenir:
- informations sur les caractéristiques techniques du dispositif Accton Technology ES3552XA
- nom du fabricant et année de fabrication Accton Technology ES3552XA
- instructions d'utilisation, de réglage et d’entretien de l'équipement Accton Technology ES3552XA
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Accton Technology ES3552XA ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Accton Technology ES3552XA et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Accton Technology en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Accton Technology ES3552XA, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Accton Technology ES3552XA, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Accton Technology ES3552XA. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
P owered by Accton www .edge-core.com Manage ment G uide 24/48 10/1 00 Por ts + 2G E Intellig ent Lay er 2 Fast Et hern et Swit ch[...]
-
Page 2
[...]
-
Page 3
Manage ment Guide Fast Ethernet Switch Layer 2 Stand alone Swi tch with 24/4 8 10/100 BASE- TX (RJ- 45) Port s, and 2 Com binati on Gigab it Ports ( RJ-45/S FP)[...]
-
Page 4
ES352 6XA ES355 2XA F2.2.6.3 E12200 6-CS-R 02 1491000 05500 H[...]
-
Page 5
i Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-5 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uration O ptions 2-1 Requi red Connect ions 2-2 Remo te C onnec tio ns 2-3 Basi c Conf igur atio n 2-3 Conso le Conn ection 2-3 Setting Pa sswords 2-4 Sett [...]
-
Page 6
Contents ii Savi ng or Resto ring Con figurati on Setting s 3-22 Downloa ding Confi guratio n Settings from a Server 3-23 Cons ole Port Setti ngs 3-24 Telnet Setti ngs 3-26 Confi guring Eve nt Loggin g 3-28 System Log Configurati on 3-28 Remot e Log Co nfiguratio n 3-30 Displ aying Lo g Messa ges 3-31 Sending Simple Ma il Tran sfer Protoc ol Alerts[...]
-
Page 7
Contents iii Access Control Lists 3-82 Config uring Acc ess Control Lists 3-82 Setting the ACL Na me and Ty pe 3-83 Config uring a Stan dard IP ACL 3-84 Config uring an Exten ded IP ACL 3-85 Config uring a MAC ACL 3-87 Binding a Port to an Access Co ntrol Li st 3-88 Port Conf iguration 3-89 Displ aying Con nection St atus 3-89 Config uring Inte rfa[...]
-
Page 8
Contents iv Displ aying Curre nt Private VLANs 3-153 Config uring Private VLAN s 3-154 Associ ating VLAN s 3-154 Displ aying Privat e VLAN Inte rface Inform ation 3-155 Conf igur ing Priv ate VLAN I nter fac es 3- 156 Class o f Service C onfigura tion 3-158 Layer 2 Queue Sett ings 3-15 8 Setting th e Default Pri ority for Interfa ces 3-1 58 Mappin [...]
-
Page 9
Contents v Chapter 4: Comma nd Line Interfa ce 4-1 Usin g th e Comm and Li ne I nter fac e 4-1 Acce ssing th e CLI 4-1 Conso le Conn ection 4-1 Telnet C onnecti on 4-1 Ente ri ng Com man ds 4- 3 Keywor ds and Arguments 4-3 Minim um Abbrevi ation 4-3 Comm and Compl etion 4-3 Getting Help on Command s 4-3 Show ing C omman ds 4-4 Partial Ke yword Lo o[...]
-
Page 10
Contents vi prompt 4 -25 host name 4-26 User Acc ess Comman ds 4 -26 usernam e 4-27 enab le passwor d 4-28 IP Fil ter Comman ds 4-29 manage ment 4 -29 show ma nagement 4-30 Web Server Co mmands 4-31 ip http p ort 4-31 ip http s erver 4-31 ip http s ecure-serve r 4-32 ip http s ecure-port 4-33 Telnet Serv er Commands 4-34 ip telne t port 4-34 ip tel[...]
-
Page 11
Contents vii sntp clien t 4-54 sntp ser ver 4-55 sntp poll 4-56 show sntp 4- 56 ntp clie nt 4-57 ntp serv er 4-57 ntp poll 4-58 ntp authe nticat e 4-59 ntp authe nticat ion-key 4- 59 show n tp 4-60 clock tim ezone 4-61 calenda r set 4-62 show cal endar 4- 62 System Status Co mmands 4-63 show start up-con fig 4-63 show ru nning-co nfig 4- 65 show sy[...]
-
Page 12
Contents viii 802.1X Po rt Authentic ation 4-85 dot1 x syste m-a uth- contro l 4-8 6 dot1x defau lt 4-86 dot1 x max-r eq 4-87 dot1x p ort-control 4-87 dot1x o peratio n-mode 4- 88 dot1x re -authentic ate 4-88 dot1x re -authentic ation 4-89 dot1x ti meout quiet-peri od 4-89 dot1x ti meout re-a uthperi od 4-90 dot1x ti meout tx-period 4-90 show dot1 [...]
-
Page 13
Contents ix snmp- serve r 4-11 7 show sn mp 4-117 snmp- serve r comm unity 4-11 8 snmp- serve r conta ct 4-11 9 snmp- serve r locat ion 4 -119 snmp- serve r host 4-12 0 snmp-serv er enable traps 4-122 snmp-serv er engine-i d 4-123 show sn mp engine- id 4-124 snmp- serve r view 4 -125 show sn mp view 4-126 snmp-serv er group 4-126 show sn mp group 4[...]
-
Page 14
Contents x clear m ac-address -table d ynamic 4-1 58 show mac-addr ess-ta ble 4-158 mac-ad dress-tab le aging-t ime 4-159 show mac-addr ess-ta ble aging -time 4-159 Spanning Tree Com mands 4-160 spanni ng-tree 4-1 61 spanni ng-tree mo de 4-161 spanni ng-tree forwa rd-time 4-163 spanni ng-tree hel lo-time 4-163 spanni ng-tree ma x-age 4-164 spanni n[...]
-
Page 15
Contents xi private-vla n 4-189 priv ate vl an as soci atio n 4-19 0 switchpo rt mode pri vate-vlan 4-191 switchpo rt private-v lan host -associa tion 4-191 switchpo rt private-vla n isolate d 4-192 switchpo rt private-v lan mapp ing 4-193 show vlan pr iv ate- vlan 4 -193 GVRP an d Bridge Ext ensio n Command s 4-194 bridge-ex t gvrp 4-194 show brid[...]
-
Page 16
Contents xii ip igmp snoo ping query -max-res ponse- time 4-218 ip igmp snoopin g route r-port-expire -time 4-218 Stati c Multic ast Routin g Comm ands 4-219 ip igmp snoopin g vlan m router 4-219 show ip igmp sno oping mro uter 4-2 20 IGMP Fi lterin g and Thrott ling Co mmands 4-221 ip igmp filter (Global C onfigura tion) 4-221 ip igmp profil e 4-2[...]
-
Page 17
Contents xiii cluste r comman der 4-2 50 cluste r ip-pool 4-250 cluste r memb er 4-251 rcomma nd 4-252 show cl uster 4-252 show cl uster member s 4-253 show cl uster candid ates 4-253 Appendix A: Softw are Specification s A-1 Soft war e F eatu res A-1 Managem ent Featu res A-2 Standards A-2 Managem ent Inform ation Bas es A-3 Appendix B: Troub lesh[...]
-
Page 18
Contents xiv[...]
-
Page 19
xv Tab les Table 1-1 Key Featu res 1-1 Table 1-2 System Defaults 1-5 Table 3-1 Configura tion Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-29 Table 3-6 HTTPS Syste m Support 3-59 Table 3-7 802.1X Statis tics 3-73 Table 3-8 LACP Port Counters 3-99 Table 3-9 LACP Inte rnal Config uration Inf ormation 3-101 Table 3-10 LACP N eighbor [...]
-
Page 20
T ables xvi Table 4-2 7 Authe nticat ion Comm ands 4-76 Table 4-2 8 Authe ntication Sequen ce 4-76 Table 4-29 RADIUS Client Comm ands 4-78 Table 4-3 0 TACACS Com mands 4-81 Table 4-3 1 Port Se curity Com mands 4-84 Table 4-3 2 802 .1X Port Authen tication 4-85 Table 4-3 3 Network Ac cess 4-94 Table 4-3 5 IP ACLs 4-103 Table 4-3 4 A ccess Co ntrol L[...]
-
Page 21
T ables xvii Table 4-72 IGMP Fi ltering an d Throttl ing Comm ands 4-221 Table 4-73 Multic ast VLAN Re gistratio n Command s 4-228 Table 4-74 show mvr - displa y des cription 4-231 Table 4-76 show mv r members - displa y descripti on 4-232 Tabl e 4- 75 sho w mvr i nter fac e - dis play desc ript ion 4-23 2 Table 4-77 DNS Comman ds 4 -233 Table 4-78[...]
-
Page 22
T ables xviii[...]
-
Page 23
xix Figu res Figure 3-1 Home Page 3-2 Figure 3-2 Panel Displa y 3-3 Figu re 3 -3 Syst em In fo rmat ion 3 -1 0 Figure 3-4 Displayi ng Switc h Information 3-12 Figure 3-5 Bridge Extension C onfigurati on 3-13 Figure 3-6 Manual IP Configu ration 3-15 Figure 3-7 IP Configuration using DHCP 3-16 Figure 3-8 DHCP Relay O ption 82 Configuration 3-18 Figur[...]
-
Page 24
Figures xx Figure 3-4 3 Network Access Co nfiguratio n 3-76 Figure 3-4 4 Network Access Port Co nfiguratio n 3-77 Figure 3-4 5 Network Access MAC Address Info rmation 3-78 Figure 3-4 6 Network Access MAC Filter Configurat ion 3-7 9 Figu re 3 -47 C reat ing a W eb I P Fil ter Li st 3 -81 Figure 3-4 8 Selectin g ACL Type 3-83 Figure 3-4 9 ACL Conf ig[...]
-
Page 25
Figures xxi Figu re 3 -88 P ort P rior ity Conf igur atio n 3-15 9 Figu re 3- 89 Tr affi c Clas ses 3- 161 Figure 3-90 Queue M ode 3-162 Figure 3-91 Configu ring Que ue Sche duling 3-163 Figure 3-92 IP Preceden ce/DSCP Prio rity Status 3-164 Figure 3-93 Mapping IP Preceden ce Priority Values 3-165 Figure 3-94 Mapping IP DSCP Pr iority Valu es 3-167[...]
-
Page 26
Figures xxii[...]
-
Page 27
1-1 Chapter 1: Introduction This switc h provides a b road rang e of featur es for Lay er 2 switching . It includes a manage ment ag ent that allo ws you to con figure the fe atures listed in this man ual. The defau lt configur ation can be used for m ost of the feat ures provi ded by this switch . Howeve r , t here are man y option s that yo u sho[...]
-
Page 28
Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a wid e range of a dvanc ed perfor mance enha ncing features . Flow cont rol elimina tes the loss of packets due to bot tlenecks caused by po rt satura tion. Broadc ast storm suppress ion preven ts broadcas t traffic storms f rom eng ulfi ng th e net work . Port -bas ed an d[...]
-
Page 29
Description of So ftware Feature s 1-3 1 Port Mirroring – The swi tch can un obtrusiv ely mirror traffic from any po rt to a monitor port. Y ou can then attach a protoc ol analyzer or RMON probe to this por t to perform traffic an alysis and v erify c onnection inte grity . Port T run king – Ports can be combined i nto an agg regate conn ection[...]
-
Page 30
Introduction 1-4 1 Virtual LANs – The switch sup ports up to 255 VLA Ns. A Virtual LAN is a c ollection of network n odes t hat share th e same col lision do main rega rdless of their physi cal location or connec tion point in th e network . The switch s upports tagged VLA Ns based on the IEE E 802. 1Q standar d. Memb ers of VLAN gr oups can be d[...]
-
Page 31
System Default s 1-5 1 System Defaults The switch’s sy stem defa ults are provide d in the conf iguration f ile “Fact ory_Def ault_C onfig.cfg .” To rese t the switc h defaults, thi s file shou ld be set as the start up configur ation file (pa ge 3-24) . The f ollo wing tab le li sts some of th e basi c syst em defa ult s. T ab le 1-2 Sy stem[...]
-
Page 32
Introduction 1-6 1 Port Conf iguratio n Admin Status Enabled Auto-neg otiation En abled Flow Con trol Disabled Rate Limi ting Inp ut and ou tput lim its Disabled Port Trunking Sta tic Trunks None LACP (all ports) Disabled Broa dca st Sto rm Protection Status Disabled (all ports) Broadcas t Limit Rate 32,000 o ctets p er seco nd Span nin g T ree Pro[...]
-
Page 33
System Default s 1-7 1 System L og Status Enabled Message s Logg ed Levels 0- 7 (all) Message s Logg ed to F lash Levels 0-6 SMTP Em ail Aler ts Event Ha ndler Enabled (but no server defined) SNTP Clock Synchroni zation Disabled T able 1-2 S ystem De faults (Cont inu ed) Function Pa ramete r Default[...]
-
Page 34
Introduction 1-8 1[...]
-
Page 35
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in netwo rk mana gement agent. T he agent offers a var iety of mana geme nt option s, inc luding S NMP , RM ON and a Web -based interface . A PC may also be connec ted directl y to the swit ch for configu ration and monitor ing via a c[...]
-
Page 36
Initial Configur ation 2-2 2 • Configure up t o 4 static or LA CP trunk s • Enable port m irroring • Set broad cast s torm c ontrol o n an y po rt • Display syst em informa tion and statistics Required Connections The switch pr ovides an RS-232 serial port tha t enables a co nnect ion to a PC or termin al for monitor ing and co nfiguring t [...]
-
Page 37
Basic Co nfiguration 2-3 2 Remote Connections Prior to acces sing the switc h’s onboa rd age nt via a netw ork c onnection , you must fi rst c onf igure it wit h a va lid IP ad dre ss, s ubnet ma sk, an d de faul t ga tewa y usi ng a console connect ion, DHCP or BOOTP pr otocol. The IP address f or this switch is obtained via DHCP by default. T o[...]
-
Page 38
Initial Configur ation 2-4 2 Setting Passwords Note: If this is yo ur first time to log into the CLI pr ogram, you s hould define new passwords for both default user names us ing the “u sername” comm and, record them and put them in a safe place . Passwo rds can con sist of up to 8 al phanum eric cha racters an d are case s ensitive . T o p rev[...]
-
Page 39
Basic Co nfiguration 2-5 2 Before you ca n assign an IP addres s to the swi tch, you m ust obtain the f ollowing inform ation from y our netwo rk administ rator: • I P address for th e swit ch • Default gatew ay for the ne twork • Ne twork mask for this network T o assig n an IP add ress to the switch, com plete the follow ing steps: 1. From [...]
-
Page 40
Initial Configur ation 2-6 2 5. W ait a few minutes, an d then chec k the IP con figurat ion settings by typing th e “show ip int erface” co mman d. Press <E nter>. 6. Then save y our con figuratio n changes by typing “co py runni ng-confi g startup-co nfig.” Ente r the startup file nam e and pres s <Enter >. Enabling SNMP Manag[...]
-
Page 41
Basic Co nfiguration 2-7 2 The defa ult stri ngs are : • public - with read-on ly acc ess. A uthorize d mana geme nt stat ions are only able to ret rieve MIB obje cts. • private - w ith re ad-write access. Author ized ma nagem ent stat ions are able t o both ret rieve and modif y MIB obje cts. T o preve nt unaut horized a ccess to the swi tch f[...]
-
Page 42
Initial Configur ation 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag ement access for SN MPv3 cli ents, you need t o first create a view tha t defines the portions of MIB that the cli ent can read or writ e, assign the v iew to a group , and then assign the use r to a group. The fo llowing ex ample cre ates one view cal[...]
-
Page 43
Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memor y su ppor ts thre e ty pes of sys tem f il es tha t ca n be m anag ed by the CLI prog ram, Web int erface, or SN MP . The switch ’s file system allow s files to be upload ed and dow nloade d, copied, del eted, and se t as a start-up file. The thre e types of files ar[...]
-
Page 44
Initial Configur ation 2-10 2[...]
-
Page 45
3-1 Chapter 3: Config urin g the Switc h Using the Web Interface This swi tch prov ides an embedd ed HT TP Web agent. U sing a Web brows er you c an configure t he switch and vi ew stati stics to mon itor network a ctivity . The Web agent can be acce ssed by any compu ter on the ne twork using a standard Web br owser (Interne t Explorer 5. 0 or abo[...]
-
Page 46
Configuri ng the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-br owser interface yo u must first enter a user name and password . The ad ministra tor has Read/ Write acce ss to all configur ation param eters and statisti cs. The de fault user na me and pass word for the adm inistrato r is “admin .” Home Page When you r [...]
-
Page 47
Panel Display 3-3 3 Configurati on Options Configu rable parameters have a dialo g box or a dr op-down list. Once a confi guration change ha s been m ade on a page, b e sure to click o n the Appl y button to co nfirm the new set ting. The following table su mmariz es the web page c onfigurat ion button s. Notes: 1. To ensu re proper screen refresh,[...]
-
Page 48
Configuri ng the Switch 3-4 3 Main Menu Using th e onboard web agent, you can def ine system parameter s, manage an d contro l the switch, and all its ports, or monit or network c ondition s. The foll owing table briefly des cribes the select ions availab le from th is program. T ab le 3-2 Main Me nu Menu Descri ption Page System 3-10 System In for[...]
-
Page 49
Main Menu 3-5 3 SSH 3-61 Host-Key Setting s Generate s the h ost key pair (pub lic and private) 3-63 Sett ing s Conf igur es Sec ure Shell serv er set ti ngs 3-65 Port Secu rity Configure s per p ort securit y , in cludin g status, re spons e for security b reach, and m aximum all owed M AC ad dresses 3-66 802.1X Port authent ication 3-68 Informati[...]
-
Page 50
Configuri ng the Switch 3-6 3 Trunk Bro adcast Contro l Sets the b roadcast storm t hreshold f or each trunk 3-10 5 Mirror Port Config uratio n Sets t he sou rce and ta rget po rts for mirr oring 3-106 Rate Limi t 3-107 Gran ula rity Ena ble s or di sabl es th e rat e lim it fe atur e 3-107 Input Por t Config uration Sets t he inpu t rate l imit fo[...]
-
Page 51
Main Menu 3-7 3 Private VL AN 3-152 Informatio n Displays Priv ate VLAN fea ture informatio n 3 -153 Configura tion Th is page is used to create /remove p rimary or commu nity VLANs 3-154 Asso cia tion Eac h comm unit y VLA N must be ass oci ated with a prim ary VLAN 3-154 Port Infor mation Shows VLAN po rt type , and asso ciated primary or secon d[...]
-
Page 52
Configuri ng the Switch 3-8 3 IGMP Sn oopin g 3-170 IGMP Con figurat ion Enables m ulticas t filtering; configu res pa rameters f or mult icast query 3-171 IGMP Filte r Configu ration Enables IGMP filtering an d throt tling for the switch, create s filter profile nu mbers 3-178 IGMP Imm ediate Leave Enables t he immedi ate lea ve fun ction 3-17 3 M[...]
-
Page 53
Main Menu 3-9 3 Membe r Co nfig ura tion Add s sw itch Member s to the cl us ter 3-195 Member I nforma tion Dis plays clus ter Mem ber sw itch inform ation 3-196 Candidate Inform ation Displays n etwork Candidat e switc h informat ion 3-197 T able 3-2 Main M enu (Cont inued) Menu Descri ption Page[...]
-
Page 54
Configuri ng the Switch 3-10 3 Basic Configuration Displaying Syste m Information Y o u can easi ly identif y the system by display ing the de vice nam e, locatio n and conta ct informati on. Field Attributes • Syst em Name – Name assi gned to th e switch syst em. • Object ID – MIB II object ID for switch’s network m anagem ent subs ystem[...]
-
Page 55
Basic Co nfiguration 3-11 3 CLI – S peci fy th e ho stna me, l ocat ion and cont act inf ormat io n. Displaying Switch Hardware/ Software Versions Use the Sw itch Infor mation page to di splay ha rdware/fir mware ve rsion nu mbers for the main board and management software, as well as t he power status of the system. Field Attributes Main Boar d [...]
-
Page 56
Configuri ng the Switch 3-12 3 These addi tional param eters are dis played f or the CLI. • Unit - This is u nit 1. • Redundant Power Status – Displa ys the statu s of the redu ndant pow er supp ly. We b – Click System, Switch I nformation. Figure 3- 4 Disp laying Switch In forma tion CLI – Use the foll owing com mand to display v ersion [...]
-
Page 57
Basic Co nfiguration 3-13 3 Displaying Bridge Extensi on Capabilities The Bridg e MIB includ es extens ions for mana ged dev ices that support Mult icast Fil ter ing, T raf fic Cl asse s, a nd V irt ual LANs. Y ou ca n ac cess t hes e ext ensi ons t o dis play def ault sett ings for the key va riab les. Field Attributes • Extended Multica st Filt[...]
-
Page 58
Configuri ng the Switch 3-14 3 CLI – Enter the fo llowing co mmand. Setting the Switch’s IP Address Thi s sect ion de scri bes how to conf ig ure an IP i nter face for man ageme nt acc ess over the netw ork. Th e IP ad dress f or this switch is obtained via DH CP by defa ult. T o manuall y configur e an addres s, you nee d to change the swit ch[...]
-
Page 59
Basic Co nfiguration 3-15 3 Manual Co nfiguration We b – Click Sy stem, IP Co nfigurat ion. Select the VLAN throug h which th e manage ment station is at tached, set the IP Address Mode to “St atic,” enter the IP address , subnet ma sk and g ateway , then click Appl y . Figure 3-6 Ma nual IP Configur ation CLI – S pecify the managem ent int[...]
-
Page 60
Configuri ng the Switch 3-16 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the s witch to be dyna mic ally confi gur ed by th ese serv ic es. We b – Click Sy stem, IP C onfigur ation. S pecify t he VLAN to w hich the m anagem ent statio n is attached, set the IP Address Mode to DHCP or BOO TP . Click Apply to [...]
-
Page 61
Basic Co nfiguration 3-17 3 We b – If the address as signed by DHCP is no lon ger functioning, you will not be able to rene w the IP sett ings via the web interf ace. Y ou can onl y restart DHC P service vi a the web in terface i f the curre nt address i s still avai lable. CLI – Enter t he following command t o rest art DHCP service. DHCP Rela[...]
-
Page 62
Configuri ng the Switch 3-18 3 • Drop – Discard s the Op tion 82 infor mation in a pa cket an d then floo ds it to the entire VLAN. • DHCP Relay Server – IP ad dresses of DHCP servers to be used by the switch’s DHCP relay agent in order of p reference. Up to five serv ers can be specifi ed. We b – Click System, IP Confi guration. Enable[...]
-
Page 63
Basic Co nfiguration 3-19 3 Managing Firmware Y ou ca n upload/ downlo ad firmwar e to or from a TF TP server. By savin g runtime code to a file on a TFTP serve r , that file can later be down loaded to the switch to restore op eration. Y ou ca n also set the switch t o use new fi rmware without overwrit ing the prev ious versi on. Y ou must specif[...]
-
Page 64
Configuri ng the Switch 3-20 3 Downloadi ng System Softw are from a Server When dow nload ing runtim e code, you can specify the destin ation file nam e to replace th e curren t image, or first download the file usin g a different name f rom the current ru ntime co de file, and th en set the new file as the start up file. We b –C lic k Sys te m, [...]
-
Page 65
Basic Co nfiguration 3-21 3 T o delete a file select System, File , Delete. Select the file name from the given list by checkin g the tick bo x and click Ap ply . N ote that t he file currently designated as the startup code cannot be deleted. Figure 3-1 1 Del eting File s CLI – T o downlo ad new fir mware form a TFTP serv er , enter the IP addr [...]
-
Page 66
Configuri ng the Switch 3-22 3 Saving or Restoring Confi guration Settings Y ou ca n upload/ downlo ad confi guration s ettings to/from a TFTP se rver . The configur ation files can be later downlo aded to re store the sw itch’s settin gs. Command Attributes • File Transfer Method – The co nfigurati on copy oper ation inc ludes thes e option [...]
-
Page 67
Basic Co nfiguration 3-23 3 Downloadi ng Configuration Se ttings from a Se rver Y ou ca n downl oad the con figuratio n file under a new file name an d then set it as the startup file, or you can sp ecify th e curre nt startup configur ation fil e as the destinat ion file to direct ly replac e it. Note that the file “Fac tory_De fault_Con fig.cfg[...]
-
Page 68
Configuri ng the Switch 3-24 3 CLI – Enter the IP ad dress of the TFT P server, specify th e source file on th e server, set the startup file name on the switch , and then restart the sw itch. T o selec t another co nfigurati on file as the start -up conf iguration, use the boot system comma nd and then restart the switch . Console Port Settings [...]
-
Page 69
Basic Co nfiguration 3-25 3 • Speed – Sets the termi nal line’s baud rate for trans mit (to term inal) and rec eive (from term inal). Set the speed to match the ba ud rate of th e device co nnected to the serial po rt. (Range: 9600, 19 200, 3840 0, 57600, or 1 1 5200 ba ud, Auto; Default: 9600 bps) • Stop Bits – Sets the nu mber of th e s[...]
-
Page 70
Configuri ng the Switch 3-26 3 CLI – Enter Line Co nfigur ation mod e for the con sole, then specify the con nectio n parameter s as require d. T o disp lay the curren t consol e port setti ngs, use the show line command fr om the Normal Ex ec level . Telnet Set tings Y ou ca n acces s the onbo ard config uration pr ogram over the netwo rk using [...]
-
Page 71
Basic Co nfiguration 3-27 3 • Password Threshold – Sets the password intrus ion thresh old, whi ch limits the number of failed log on atte mpts. Whe n the logon attem pt thres hold is re ached, the system interface be com es silent for a specifie d amount of time (set by t he Silent Time para meter) be fore allow ing the next lo gon attem pt. ([...]
-
Page 72
Configuri ng the Switch 3-28 3 CLI – Enter Line Co nfigur ation mod e for a virtua l terminal, the n specif y the connection parameters as requir ed. T o display the current virtual te rminal setti ngs, use the sho w line command from th e Nor mal Exe c leve l. Configuring Event Logging The sw itch allow s you to contr ol the l ogging of error m [...]
-
Page 73
Basic Co nfiguration 3-29 3 • RAM Level – Lim its log messa ges s aved t o the s witch’s tempor ary RA M m emory for all l evels up to the spec ified level. For e xample, if level 7 is specified, all messages from l evel 0 to l evel 7 will be logged to RAM. (Range: 0-7, De fault: 6) Note: The Flash Level m ust be equal to o r less than the RA[...]
-
Page 74
Configuri ng the Switch 3-30 3 Remote Log Configuration The Remot e Logs page al lows you t o configur e the logging of messag es that are sent to sysl og serve rs or othe r manag ement station s. Y o u can also limit the err or messag es sent to onl y those mes sages below a spec ified level. Command Attributes • Remote Log St atus – Enables /[...]
-
Page 75
Basic Co nfiguration 3-31 3 CLI – Enter the sy slog ser ver host IP ad dress, c hoose the facility type and set the logging trap . Displaying Log Me ssages The Logs page al lows you to scroll through the logged sy stem and eve nt mess ages. The switch ca n store up to 2048 log entries in tem porary r andom ac cess memo ry (RAM; i. e., memo ry flu[...]
-
Page 76
Configuri ng the Switch 3-32 3 Sending Sim ple Mai l Transfer Protocol Alerts T o alert sy stem admin istrator s of proble ms, the swit ch can use SM TP (Sim ple Mail T ransfer Protoco l) to send emai l message s when t riggered b y logging eve nts of a specifie d level. The m essages a re sent to spe cified SM TP servers on the netwo rk and can be[...]
-
Page 77
Basic Co nfiguration 3-33 3 We b – Click Sy stem, Log , SMTP . Enable SMT P , specify a source email add ress, and select the minimum severi ty level. T o add an IP address to the SMTP Serve r List, type the new IP ad dress in the SMT P Server field a nd click Add. T o delete an IP address , click the entry in the SM TP Server List and click R em[...]
-
Page 78
Configuri ng the Switch 3-34 3 CLI – Enter the IP ad dress of at least on e SMT P server, set the syslog s everity l evel to trigger a n email m essage, and speci fy the sw itch (sou rce) and up t o five rec ipient (destina tion) emai l addresses . Enable SM TP with the lo gging sendmail co mmand to compl ete the config uration. U se th e s how l[...]
-
Page 79
Basic Co nfiguration 3-35 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allows the switch to set its i nternal clock based on per iodic upda tes from a Network Time Protoc ol (NTP) serv er . Maintaining an accu rate time on the swit ch enable s the system log to reco rd meani ngful dat es and time s for even t entries. Y ou can al[...]
-
Page 80
Configuri ng the Switch 3-36 3 CLI – This examp le configu res the sw itch to operat e as an SNT P unicast client and then displ ays the cu rrent time and sett ings. Configuring NTP The NTP c lient allow s you to co nfigure u p to 50 NTP se rvers t o poll for time u pdates. Y ou c an also enable a uthent ication to ensure t hat reliab le updat es[...]
-
Page 81
Basic Co nfiguration 3-37 3 Figure 3-2 2 NTP Client Co nfigur ation CLI – Th is ex ampl e co nfi gures the swi tch to op era te as an N TP cli ent and then displays the curr ent settings. Console(config)#ntp authentication-key 19 md5 thisiskey19 4-59 Console(config)#ntp authentication-key 30 md5 ntpkey30 Console(config)#ntp server 192.168.3.20 4-[...]
-
Page 82
Configuri ng the Switch 3-38 3 Setting the T ime Zone SNT P uses Coor dina ted Uni vers al T ime (o r UTC , for mer ly Gr eenw ich Mean T ime, or GMT) based on the tim e at the Ea rth’s prime m eridia n, zero deg rees lo ngitude. T o display a t ime corre spondin g to your loc al time, you must indi cate the number of hours and minutes y our time[...]
-
Page 83
Simple Networ k Management Prot ocol 3-39 3 the form at of th e MIB spe cificat ions and t he prot ocol u sed to a ccess t his inform ation over the net work. The switch i ncludes an onboard agent that supports SNMP versions 1, 2c, and 3. This agen t continu ously monit ors the status of the switch ha rdware, as well as the traffic passing throu gh[...]
-
Page 84
Configuri ng the Switch 3-40 3 Enabling the SNMP Agent Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes SNMP Agent St atus – Enables SN MP on the sw itch. We b – Click SN MP , Agent S tatus. Enable th e SNMP Agent by marking the Enabled chec kbox , an d cl ick Ap ply . Figure 3- 24 En abling the SN[...]
-
Page 85
Specifying Trap Managers and Trap T ypes 3-41 3 We b – Click SNMP , Co nfiguration. Add n ew community strings as required, s elect the access righ ts from th e Acc ess Mod e drop- dow n list , then clic k Add. Figure 3-25 C onfigu ring SNM P Com munity St rings CLI – The followi ng exam ple adds t he string “sp iderman” with rea d/write ac[...]
-
Page 86
Configuri ng the Switch 3-42 3 To send an i nform to a SNM Pv2c hos t, com plete these st eps: 1.E nabl e the SNMP agen t (p age 3-54 ). 2.Enable t rap inform s as desc ribed in the fol lowing pages. 3.Create a v iew with the require d notificati on messa ges (page 3-53) . 4.Create a g roup that includes the require d notify view (page 3-49). To se[...]
-
Page 87
Configuring SN MPv3 Management Acc ess 3-43 3 • Enable Aut hentication Traps 5 – Issue s a notificat ion messa ge to speci fied IP trap mana gers wh enever au thentica tion of an SNMP reques t fails. (Default: En abled) • Enable Link-up a nd Link-down Traps – Issues a no tification mes sage wh eneve r a port link is est ablished or broken. [...]
-
Page 88
Configuri ng the Switch 3-44 3 v2c or v3) and secur ity level (i. e., authen ticatio n and privacy ). 4. As sign S NMP users to gro ups, along with their s pecific au thentic ation an d priva cy passwords . Setting a Local Engine ID An SNMP v3 eng ine is an indepe ndent S NMP a gent t hat resid es on t he switch . This engine prot ects against mess[...]
-
Page 89
Configuring SN MPv3 Management Acc ess 3-45 3 configur e the remot e agent’s SN MP eng ine ID befor e you can send proxy requests or informs to it. (See “Spec ifying Trap M anage rs and Trap Type s” on pag e 3-41 and “Conf iguring Remote SNM Pv3 Us ers” on page 3-47 .) The en gine ID can be speci fied by ente ring 1 to 26 hex adec imal ch[...]
-
Page 90
Configuri ng the Switch 3-46 3 availabl e for t he S NMPv3 secur ity mo del). • Authen tication P rotocol – The met hod used f or user au thentica tion. (Opti ons: MD5, SHA; Default: MD5) • Authen tication Passwo rd – A m inimum of eight p lain text ch aracter s is requi red. • Privacy Protocol – The en cryp tion algor ithm us e for d a[...]
-
Page 91
Configuring SN MPv3 Management Acc ess 3-47 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user nam e and assign it to a group. Configuring Remote SNMPv3 Users Each SNMP v3 user is defined by a un ique nam e. Users must be conf igured with a specific security level and a ssigned to a group. The SNMP v3 grou p restricts us ers [...]
-
Page 92
Configuri ng the Switch 3-48 3 • Privacy Protocol – The en cryp tion algor ithm us e for d ata priv acy; on ly 56-bi t DES is currentl y available. • Privacy P assw ord – A minim um of eight pl ain text char acters is r equired. We b – Click SN MP , SNMPv 3, Remote Users. Clic k New to co nfigure a us er name. In the Ne w User pag e, defi[...]
-
Page 93
Configuring SN MPv3 Management Acc ess 3-49 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user nam e and assign it to a group. Configuring SNMPv3 Groups An SNMP v3 group se ts the acces s policy fo r its assigne d users, res tricting th em to specific read, write, and notify vi ews. Y ou can us e the pre-de fined de fault gro[...]
-
Page 94
Configuri ng the Switch 3-50 3 T ab le 3-5 Supp orted N otificati on Mes sages Object La bel Ob ject ID Descripti on RFC 1493 Traps newRoot 1.3.6.1.2. 1.17.0 .1 The newR oot tra p indic ates that t he sen ding agent has become the new root of t he Spannin g Tree; the trap is sent b y a bridge soon a fter its election as the new root, e. g., upon ex[...]
-
Page 95
Configuring SN MPv3 Management Acc ess 3-51 3 Private Tr aps - swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.9 5.2.1.0.1 Th is trap is sent when the pow er state change s. swFanFai lureTra p 1.3 .6.1.4.1.2 59.6.1 0.95.2. 1.0.17 This tr ap is sent when t he fan fails. swFanRe coverTr ap 1.3.6. 1.4.1.2 59.6.1 0.95.2.1.0 .18 This trap is sent when[...]
-
Page 96
Configuri ng the Switch 3-52 3 We b – Click SNMP , SNMPv3, Gr oups. Click New to configure a new group. In the New G roup page , define a na me, assi gn a se curity m odel a nd lev el, and t hen sel ect read, wr ite, and notify views. Cli ck Add to sav e the new gr oup and retur n to the Groups list. T o d elete a gr oup, chec k the box ne xt to [...]
-
Page 97
Configuring SN MPv3 Management Acc ess 3-53 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict use r access to specified portions of the M IB tree. The prede fined view “defaultv iew” include s acces s to the entir e MIB tree. Command Attributes • View Name – The nam e of the SNMP view. (Ran ge: 1-64 cha racters) • View OID Subt r[...]
-
Page 98
Configuri ng the Switch 3-54 3 CLI – Us e th e snmp-s erver vi ew comma nd to conf igure a new view . This examp le view incl udes the MIB-2 in terfaces t able, and the wildcard mask sele cts all index entries. User Authentication Y ou can restrict ma nagement access to this switch using the follo wing options: • User Accounts – Manually conf[...]
-
Page 99
User Authentication 3-55 3 • New Account – Displ ays configu ration sett ings for a ne w accoun t. - User Name – The name of the us er. (Maxim um leng th: 8 charac ters) - Access Level – S pecifies the user level. (Options: Normal and Privileged) - Password – Sp ecifies the user passwo rd. (Ran ge: 0-8 char acter s pl ain text , ca se sen[...]
-
Page 100
Configuri ng the Switch 3-56 3 Configuring Local/Remote Logon Authentication Use the Authe ntication Setting s menu to r estrict m ana gement a ccess based on specifie d user name s and passwo rds. Y ou can m anu ally con figure acces s righ ts on the swi tch, or y ou ca n us e a re mot e acce ss au then ti catio n ser ver base d on R ADIU S or T A[...]
-
Page 101
User Authentication 3-57 3 Command Attributes • Authen tication – Sele ct t he a uthe nti cat ion, or a uthe nti cati on s equ ence requ ire d: - Local – User authentication is performed only locally by the switch. - Radi us – Use r authentica tion is perfo rmed us ing a RADIUS server onl y. - TACACS – Use r authentica tion is perfo rmed [...]
-
Page 102
Configuri ng the Switch 3-58 3 We b – Click Security , Authentication Sett ings. T o configure local or remo te authent ication preferenc es, speci fy the auth entica tion seque nce (i.e. , one to thre e methods), fill in t he parameters for RADIUS or T ACACS+ authentication i f selected, and click Ap ply . Figure 3- 34 Aut hentic ation Sett ings[...]
-
Page 103
User Authentication 3-59 3 Configuring HTTPS Y ou ca n conf igure the sw itch to enab le the Secur e Hyperte xt T ransf er Protocol (HTTPS ) over the S ecure Soc ket Layer (SSL), prov iding secu re acce ss (i.e., an encrypt ed con nection) to t he sw itch’s web interface . Command Usage • Bot h the HTTP an d HTTPS ser vice can be enable d indep[...]
-
Page 104
Configuri ng the Switch 3-60 3 We b – C lick Sec urity , H TTPS Se ttings. Enabl e HTTP S and spe cify th e port num ber , then c lic k A pply. Figure 3-35 H TTPS Settings CLI – This examp le enabl es the HTTP se cure ser ver and m odifies the po rt number. Replac ing the Default Secure-sit e Certifi cate When you log onto the we b inter face u[...]
-
Page 105
User Authentication 3-61 3 Configuring the Secure She ll The Berkl ey-standard includes r emote a ccess too ls originall y designe d for Unix systems. Some of these tools hav e also bee n implem ented for M icrosoft Windo ws and other environm ents. These to ols, includ ing comm ands su ch as rl ogi n (re mote login), rsh (remote she ll), and rcp ([...]
-
Page 106
Configuri ng the Switch 3-62 3 3. Import Client ’s Publi c Key to the Switch – Use t he co py tf t p public-ke y comm and (page 4-7 0) to copy a file con taining the public key for a ll the SSH client’s granted managem ent acc ess to the sw itch. (No te that the se clients must be confi gur ed lo cal ly on the s wit ch vi a t he Us er Acc oun[...]
-
Page 107
User Authentication 3-63 3 Generatin g the Host K ey Pair A host pub lic/priva te key pair is us ed to pro vide secur e comm unicatio ns betwe en an SSH clie nt a nd th e swi tch. Af ter gene rati ng t his key p air , you m ust pr ovi de t he ho st public key to SSH clients an d import the client’s public ke y to the switch a s described in t he [...]
-
Page 108
Configuri ng the Switch 3-64 3 We b – Click Security , SSH, Host-Key Settings. Sel ect the host-key ty pe from the drop-down b ox, select th e option to s ave the host k ey from memory t o flash (if required ) prior to gener ating the key , an d then click G enerate. Figure 3 -36 S SH Host-K ey Se ttings CLI – Th is e xampl e ge nera tes a ho s[...]
-
Page 109
User Authentication 3-65 3 Configuring the SSH Server The SSH se rver inc ludes ba sic settings for auth entication . Field Attributes • SSH Server Status – Allo ws you to enab le/disable the SSH serve r on the switch . (Def aul t: D isab led) • Version – The Secu re S hell vers ion numb er. V ers ion 2 .0 i s dis play ed, but the switch su[...]
-
Page 110
Configuri ng the Switch 3-66 3 CLI – This examp le enabl es SSH, sets the au thentica tion paramete rs, and dis plays the cur rent conf iguration . It sho ws th at the ad minist rator has made a conn ection vi a SHH, and then disables this connec tion. Configuring Port Security Port securit y is a feature t hat allows you to config ure a switch p[...]
-
Page 111
User Authentication 3-67 3 • If a por t is disa bled (sh ut d own) d ue t o a se cur ity v iol ati on, it mus t be manu all y re-enab led from the Port/Port Con figuratio n page (pag e 3-91). Command Attributes •P o r t – Port num ber. • Name – Descr ipti ve te xt (pag e 4-132 ). • Action – I ndica tes the acti on to be taken w hen a [...]
-
Page 112
Configuri ng the Switch 3-68 3 Configuring 802. 1X Port Authentication Net work switch es can pr ovi de ope n and eas y acce ss to ne twor k res ources by simply attac hing a client PC. Although this autom atic conf iguration a nd acce ss is a desirabl e feature, it al so allows un authoriz ed person nel to eas ily intrude and possibly gain acces s[...]
-
Page 113
User Authentication 3-69 3 • The RADIU S server and 80 2.1X client suppor t EAP. (The sw itch only sup ports EAPOL in order to pass the EAP pa ckets from the server to the client.) • The RADIUS server and clien t also have to suppo rt the same EAP encr yption method for pass ing authentication messages – M D5, TLS, TTLS, PEAP . Native support[...]
-
Page 114
Configuri ng the Switch 3-70 3 Configurin g 802.1X Global Setti ngs The 802.1 X protoco l includes po rt authent ication. Th e 802.1X pr otocol mu st be enabled globa lly for the switch syste m bef ore por t sett ings a re activ e. Command Attributes • 802.1X Sy stem Authent ication Con trol – Sets t he global se tting for 802 .1X. (Def aul t: [...]
-
Page 115
User Authentication 3-71 3 • Re-authen – Set s the client to be re-aut henticated af ter the inte rval speci fied by the Re-au thentica tion Period. Re-auth entication can be used t o detect if a new device is pl ugged in to a switch po rt. (Defa ult: Disa bled) • Max-Req – Sets the maxi mum num ber of times the switch po rt will retran smi[...]
-
Page 116
Configuri ng the Switch 3-72 3 CLI – Th is e xampl e se ts the 802. 1X p ara meter s on por t 2. For a des cri ptio n of the addition al fields disp layed in this e xample , see “show dot1x” on page 4- 90. Console(config)#interface ethernet 1/2 4-131 Console(config-if)#dot1x port-control aut o 4-87 Console(config-if)#dot1x re-authenticatio n [...]
-
Page 117
User Authentication 3-73 3 Display ing 802.1X Statistics Thi s swi tch c an d isp lay s ta tist ics for dot1 x prot oco l exc han ges f or an y po rt. T able 3-7 802.1X S tatistic s Paramete r Descri ption Rx EAPO L Start The numb er of E APOL Start fram es tha t have bee n rece ived by this Authentic ator. Rx EAPO L Logo ff The n umber of E APOL L[...]
-
Page 118
Configuri ng the Switch 3-74 3 We b – Select S ecurity , 802.1X , S tatistics. Selec t the requ ired port and then click Query . Click Refresh to update t he statis tics. Figure 3-4 2 Dis playing 8 02.1X Port Statis tics CLI – This examp le display s the 802.1 X statistics fo r port 4. MAC Address Authent ication Some dev ices conn ected to sw [...]
-
Page 119
User Authentication 3-75 3 address is forwarde d by the swi tch only if th e source MA C addres s is succe ssfully authenti cated by a central RAD IUS serv er . While authent ication fo r a MAC addr ess is in p rogres s, all traffic is b locked until aut henticat ion is complet ed. O n suc cessful aut hent icat ion, the RAD IUS se rver may opt ion [...]
-
Page 120
Configuri ng the Switch 3-76 3 We b – Click Sec urity , Net work Acce ss, Con figuratio n. Figure 3-4 3 Net work A ccess Co nfigura tion CLI – This examp le sets and disp lays the re authenti cation tim e. Configuring MAC Authentica tion for Ports Configu res MAC authe nticati on on switch por ts, including set ting the maxi mum MA C count, app[...]
-
Page 121
User Authentication 3-77 3 Note: MAC authentication cannot be configured on tr unk ports. Ports configured as trunk members are indicated on the Network Access Port Configuration page in the “Trunk” column. We b – Click Securit y , Network Access, Port Configur ation. Figure 3-44 N etwork A ccess Port C onfiguratio n CLI – Th is ex ampl e c[...]
-
Page 122
Configuri ng the Switch 3-78 3 • Query By – Specifies parame ters to use in th e MAC ad dress que ry. • Port – Speci fie s a port inte rf ace. • MAC Address – Specifies a si ngle MA C address informa tion. • Attribute – Displays stat ic or dynam ic addr esses. • Address Ta ble Sort Key – Sorts th e informat ion displa yed based [...]
-
Page 123
User Authentication 3-79 3 CLI – This examp le display s all entr ies currentl y in the secu re MAC address table. Configuring M AC Address Fi lters MAC ad dress filte rs are use d to speci fy MAC add resses t o be exclu ded from network access aut henticat ion. MAC ad dresses in a filter are no t authen ticated by a RADIUS server when seen on a [...]
-
Page 124
Configuri ng the Switch 3-80 3 CLI – This examp le configu res filter ID 1 w ith three M AC address es, then applies the fi lter to port 1. Filteri ng Addresses for Management Access Y o u create a list of up to 16 IP ad dress es or IP add ress gro ups that are allow ed access to t he switch thro ugh the web interf ace, SNMP , or T elnet. Command[...]
-
Page 125
User Authentication 3-81 3 We b – Click Se curity , IP F ilter . Enter the IP ad dresses or range of add resses t hat are allowe d manage ment acc ess to an inter face, and cl ick Add IP Filter ing Entry to update the filter list. Figure 3-4 7 Cre ating a We b IP F ilter List CLI – This examp le allows SN MP acce ss for a sp ecific client . Con[...]
-
Page 126
Configuri ng the Switch 3-82 3 Access Control Lists Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 prot ocol port number or TCP c ontrol cod e) or any fram es (bas ed on MAC addre ss or Et hernet ty pe). To f ilter inc oming pa ckets, first crea te an a ccess list, add th e required rul[...]
-
Page 127
Acces s Co ntro l Li sts 3-83 3 The order in which activ e ACLs are che cked is as follows: 1. User-de fined rules i n the Ingr ess MAC ACL for ingres s ports. 2. U ser -def ined rule s in the Ing ress IP AC L for ingr ess por t s. 3. Explicit de fault rule (per mit any an y) in the ing ress IP ACL for ingress ports. 4. Explicit de fault rule (per [...]
-
Page 128
Configuri ng the Switch 3-84 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can con tain any combinat ion of permit o r deny rules . • Address Typ e – Spec ifies the source IP addr ess. Us e “An y” to in clude a ll possibl e address es, “Hos t” to spec ify a spec ific hos t address i n the Ad dress fie ld, or ?[...]
-
Page 129
Acces s Co ntro l Li sts 3-85 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can con tain any combinat ion of permit o r deny rules . • Source/D estination A ddress Ty pe – Spec ifie s th e so urce o r de sti nati on I P address . Use “A ny” to include all poss ible add resses, “Ho st” to sp ecify a spec ific [...]
-
Page 130
Configuri ng the Switch 3-86 3 We b – S pecify the action (i.e., Permit or Deny ). S pecify the source an d/or destinat ion addres ses. Sele ct the addre ss type (Any , Host, or IP) . If you selec t “Host,” enter a spec ific ad dress. I f you selec t “IP , ” ent er a s ubnet address and t he mask for an address r ange. Set any other re qu[...]
-
Page 131
Acces s Co ntro l Li sts 3-87 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any combinat ion of permit o r deny rules . • Source/ Destination A ddress Ty pe – Use “An y” to inclu de all possibl e address es, “Host” to indicate a sp ecific M AC addre ss, or “MA C” to speci fy an addres s rang e with th[...]
-
Page 132
Configuri ng the Switch 3-88 3 Binding a Port to an Access Control Lis t After configur ing Access C ontrol Lis ts (ACL), you sho uld bind them to the por ts that need to filt er traffic. Y o u can ass ign one IP access list to any por t, but you ca n only assign o ne MAC ac cess list to all the ports on the switch. Command Usage • You must con f[...]
-
Page 133
Port Conf ig urat ion 3-89 3 CLI – This examp le assigns an IP and MA C acce ss list to port 1, an d an IP ac cess list to port 3. Port Configuration Displaying Connect ion Status Y o u can use th e Port Inform ation or Trunk Inform ation pages to display th e curren t connect ion statu s, incl uding link state, s peed/du plex m ode , flow contro[...]
-
Page 134
Configuri ng the Switch 3-90 3 We b – Click Por t, Port Informa tion or Trunk Information . Figure 3-5 3 Dis playing Po rt/Tru nk Informa tion Field Attributes (CL I) Bas ic In form a tion : • Port type – Indicate s the port type. (100B ASE-TX, 1000B ASE-T, or SFP) • MAC address – The physi cal layer address for this port. (T o access t h[...]
-
Page 135
Port Conf ig urat ion 3-91 3 • Max MAC count – Sho ws the ma ximum number of MAC add ress that ca n be learned by a port. (0 - 102 4 address es) • Port secu rity act ion – Show s the respon se to take when a sec urity violat ion is detected. (shutd own, trap, trap-and- shutdow n, or none) Curr ent S t atus : • Link Status – Indi cat es [...]
-
Page 136
Configuri ng the Switch 3-92 3 • Flow Control – Al lo ws au toma tic or ma nual sel ect ion of fl ow c ont rol . • Autonegotiation (Port Capabilitie s) – Allows auto- negotiat ion to be enab led/ disabled. When auto-n egotiation is enabl ed, you need to specify the ca pabilities to be adv ert ised . When auto- negot iat ion i s disa bled , [...]
-
Page 137
Port Conf ig urat ion 3-93 3 CLI – Select the interface, and then ente r the requ ired settings. Creating Tr unk Groups Y o u can crea te multipl e links betw een de vices that work as one vi rtual, aggregate link. A por t trunk offers a dram atic inc rease in bandwidth for ne twork se gmen ts where b ottlenec ks e xist, a s well a s prov iding a[...]
-
Page 138
Configuri ng the Switch 3-94 3 • W hen con figuring st atic trun ks on swit ches of differ ent types, they mu st be compat ible with th e Cisco Ether Channe l standard. • The ports at both ends o f a trunk mu st be conf igured in an identical m anner, including co mmun ication m ode (i.e ., speed, d uplex mode and flow control), VL AN assignme [...]
-
Page 139
Port Conf ig urat ion 3-95 3 CLI – This exampl e crea tes tr unk 2 wi th port s 1 and 2. Jus t conn ect th ese po rt s to two static trun k ports on ano ther swi tch to form a t runk. Enabling LACP o n Selected Ports Command Usage • To av oid crea ting a loop in the network, be sure you enabl e LACP bef ore conn ecting the ports, and also disco[...]
-
Page 140
Configuri ng the Switch 3-96 3 Command Attributes • Member Li st (Curren t) – Shows co nfigured trunks (Uni t, Port). • New – Inc ludes entr y fields for crea ting new trunks. - Port – Port i dentifier. (R ange: 1-26/ 52) We b – Click Por t, LACP , Confi guration . Select any of the switch po rts from the scroll-dow n por t list and c l[...]
-
Page 141
Port Conf ig urat ion 3-97 3 Configuring LACP Pa rameters Dynami cally Creat ing a Port Chann el – Ports assigne d to a com mon port ch annel mu st meet the f ollowing c riteria: • Ports must have th e same LACP System Priority . • Ports must have the same LACP port Admin Key. • How ever, if t he “port cha nnel” Ad min Key is set (page [...]
-
Page 142
Configuri ng the Switch 3-98 3 We b – Click Por t, LACP , Aggreg ation Port. Set the System P riority , Admin Ke y , and Por t Pri orit y fo r the Por t Act or . Y ou can op tion all y con figur e th ese set tin gs fo r the Por t Par tne r . (Be a war e tha t th ese se tt ings onl y af fe ct th e adm inis tra tive st ate of t he partner , and wil[...]
-
Page 143
Port Conf ig urat ion 3-99 3 CLI – The followi ng exam ple confi gures LACP para meters f or ports 1-4. Ports 1-4 are used as active me mbers of t he LAG . Displaying LACP Port Cou nters Y o u can disp lay statistics f or LACP p rotocol mes sages . Console(config)#interface ethernet 1/1 4-131 Console(config-if)#lacp actor system-prio rity 3 4-149[...]
-
Page 144
Configuri ng the Switch 3-100 3 We b – Click Port, LACP , Port Coun ters Informatio n. Select a member po rt to display the corres ponding informa tion. Figure 3-5 8 LAC P - Port C ounte rs Informa tion CLI – The followi ng exam ple displays LACP c ounters fo r port channe l 1. LACP DUs U nknow n Pkts Number of f rames recei ve d that eith er ([...]
-
Page 145
Port Conf ig urat ion 3-101 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can disp lay confi guration s ettings an d the oper ational state for the loca l side of an link aggreg ation. T ab le 3-9 LACP Int ernal C onfigurat ion Inf ormati on Field Descr iption Oper Key Current o peratio nal val ue of the k ey for the agg regation [...]
-
Page 146
Configuri ng the Switch 3-102 3 We b – Click Port, LACP , Port Internal In formation. Se lect a port c hannel to di splay the corres ponding informa tion. Figure 3 -59 LA CP - P ort Interna l Infor mation CLI – The followi ng exam ple displays the LACP configura tion settin gs and operat ional state for th e local side of port chan nel 1. Conso[...]
-
Page 147
Port Conf ig urat ion 3-103 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can disp lay configur ation set tings and th e operat ional state for th e remote side of an link ag gregatio n. We b – Click Po rt, LACP , Port Ne ighbors In formation. Se lect a port cha nnel to display t he corres ponding informa tion. Figure 3-6 0 LAC[...]
-
Page 148
Configuri ng the Switch 3-104 3 CLI – The followi ng exam ple displays the LACP configura tion settin gs and operat ional state for th e remote side of port ch annel 1. Console#show lacp 1 neighbors 4-152 Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 -----------------------------------[...]
-
Page 149
Port Conf ig urat ion 3-105 3 Setting Broadcast Storm Threshol ds Broadca st storms may occu r when a de vice on yo ur netw ork is malfu nctioni ng, or if applicat ion progra ms are no t well designe d or prope rly configur ed. If there is too much br oadcast traffic on your ne twork, p erforma nce can be severely d egrad ed or everythi ng can com [...]
-
Page 150
Configuri ng the Switch 3-106 3 CLI – S pecify any i nterface , and then ent er the thre shold. The f ollowing disables broadca st storm control for po rt 1, and the n sets broadcas t suppres sion at 600 octets per sec ond for port 2 (which appl ies to all por ts). Configuring Port Mirroring Y o u can mirr or traffic from any s ource port to a ta[...]
-
Page 151
Port Conf ig urat ion 3-107 3 We b – Click Po rt, Mirror Por t Configur ation. Specify the source po rt, the traffic type to be mirror ed, and the m onitor po rt, then click Ad d. Figure 3-6 2 Mirr or Port Co nfigur ation CLI – Use the in terface co mmand to select the m onitor po rt, then us e the port monitor comma nd to spec ify the source p[...]
-
Page 152
Configuri ng the Switch 3-108 3 We b – C lick Port, Rate Limit , Granular ity . S elect the required rate limit g ranularity f or Fast Ethern et and Gigabi t Etherne t, and click ap ply . Figure 3 -63 R ate Limit G ranul arity Conf igurati on CLI - This exampl e sets and displays Fast Ether net and Gigab it Etherne t granularity . Rate Limit Co n[...]
-
Page 153
Port Conf ig urat ion 3-109 3 We b – Click Port, Rate Limit, In put/Output Port/T runk Configuration. Enable th e Rate Limi t S tatus for the requ ired interfac es, set the R ate Limit Level, and cli ck Apply . Figure 3 -64 O utput Rate Limit Port C onfigurati on CLI - This example sets the rate limi t level for input and outp ut traf fic pa ssin[...]
-
Page 154
Configuri ng the Switch 3-110 3 T ab le 3-11 Port Sta tistics Paramete r Descr iption Inte rf ace S tati st ics Received Octets The total num ber of octets received o n the interface, includin g fram ing character s. Received Unicas t Pack ets The numb er of s ubnetwork -unica st pack ets deliver ed to a higher-la yer protocol. Received Mu lticast [...]
-
Page 155
Port Conf ig urat ion 3-111 3 Excessive Co llisions A c ount o f frames fo r which transmiss ion on a parti cular interf ace fai ls due to excess ive coll isions. This coun ter does n ot incre ment whe n the interface is oper ating in full-duple x mode . Single Co llision F rames The n umber of success fully tra nsmitted frames for whi ch transmi s[...]
-
Page 156
Configuri ng the Switch 3-112 3 Fragment s The total numb er of fram es rece ived that wer e less tha n 64 oct ets in length (excluding framin g bits, bu t including FCS oct ets) and ha d either an FCS or alignment erro r . 64 Bytes Frames Th e total number of frames (including bad p ackets) received and transmitte d that were 64 o ctets in length [...]
-
Page 157
Port Conf ig urat ion 3-113 3 We b – Click Po rt, Port St atistics. Sele ct the requ ired interfac e, and click Q uery . Y ou can also use the Refres h button at the bottom of the page to upd ate the sc reen. Figure 3-6 5 Por t Statistic s[...]
-
Page 158
Configuri ng the Switch 3-114 3 CLI – Th is e xampl e sh ows s ta tist ics for port 13. Address Table Settings Switche s store the add resse s for all known devices. Thi s informat ion is used to pass traffic directly between the i nbound and outbound ports. All the ad dresses learned by monito ring traffic are stor ed in the dynam ic addres s ta[...]
-
Page 159
Address T abl e Settings 3-115 3 We b – Click Ad dress T ab le, S tatic Addres ses. S pecif y the interf ace, the MA C addr ess and V LAN, t hen cli ck Ad d S tati c Ad dres s. Figure 3-6 6 Sta tic Add resses CLI – This examp le adds an a ddress to the static addre ss table, but sets it to be deleted when t he switch is reset. Displaying the Ad[...]
-
Page 160
Configuri ng the Switch 3-116 3 We b – C lick Addr ess T abl e, Dynam ic Addres ses. Specify the sea rch type (i.e., ma rk the Inte rf ace, M AC Add res s, or VL AN ch eckbo x), s elec t t he m ethod of so rt ing the displaye d addre sses, an d then click Query . Figure 3 -67 D ynamic Address es CLI – This examp le also dis plays the add ress t[...]
-
Page 161
Spanning Tree Algorithm Configu ration 3-117 3 Changing the Aging Time Y o u can set the a ging time for entries i n the dyna mic add ress table. Command Attributes • Aging Status – Enab les/disa bles t he fu nction . • Aging Time – The time afte r which a learned entry is di scarded . (Range: 10-30000 seconds; Default: 300 seco nds) We b ?[...]
-
Page 162
Configuri ng the Switch 3-118 3 ports, and disab les all ot her ports. Netw ork packets are th erefore on ly forward ed between r oot ports an d design ated ports, elim inating an y poss ible networ k loops. Once a stable network top ology has been establ ished, all brid ges liste n for Hello BPDUs (Bri dge Protoco l Data Units) transmit ted from t[...]
-
Page 163
Spanning Tree Algorithm Configu ration 3-119 3 MSTP the n builds a Inte rnal S panning Tree (IST) for the Re gion containin g all comm only configu red MSTP br idges. An MST Re gion con sists of a group of interconn ected brid ges that hav e the sam e MST Con figuratio n Identifier s (including the Regio n Name , Revision L evel and Configu ration [...]
-
Page 164
Configuri ng the Switch 3-120 3 • Bri dg e ID – A unique ide ntifier for this bridge, con sisting of the br idge priority , the MST I ns tanc e ID 0 for th e Comm on Sp anni ng Tr ee w hen s pan ning tre e mod e is set to MSTP (page 3-123), and MA C addr ess (wh ere th e add ress is taken from t he switch syste m). • Max Age – Th e max imum[...]
-
Page 165
Spanning Tree Algorithm Configu ration 3-121 3 • Root Maximu m Age – The ma ximum time (in secon ds) this de vice can w ait without re ceiving a co nfigurat ion messa ge befor e attempt ing to reco nfigure. Al l device p orts (exc ept for design ated por ts) shoul d receive config uration m essages at regular in tervals. If th e root port age s[...]
-
Page 166
Configuri ng the Switch 3-122 3 CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root por t and current root cost display as zero when th is device is not connected to the network. Console#show spanning-tree 4-176 Spanning-tree information ----------------------------------------- ----------[...]
-
Page 167
Spanning Tree Algorithm Configu ration 3-123 3 Configuring Globa l Settings Global s ettings ap ply to the en tire switch. Command Usage • Spa nning Tr ee Protocol 9 Uses RSTP for the internal state mac hine, but send s only 802 .1D BPDUs . This create s one spannin g tree inst ance for the entire net work. If mul tiple VLANs are implemen ted on [...]
-
Page 168
Configuri ng the Switch 3-124 3 addr ess will th en bec ome t he r oot devi ce. ( Note that lo wer nu meri c va lues indi cat e higher p riority.) • Def ault: 327 68 • Ran ge: 0-61 440, in step s of 4096 • O ptions: 0, 40 96, 8192, 12 288, 16 384, 204 80, 24576 , 28672, 3276 8, 36864, 40960, 45 056, 4915 2, 53248 , 57344, 61440 Root Device Co[...]
-
Page 169
Spanning Tree Algorithm Configu ration 3-125 3 Conf ig urat ion S etti ngs for MS TP • Max In stanc e Numbe rs – The maximu m numb er of MST P instances to which t his switch can be assig ned. • Configuration Diges t – An MD5 signa ture key that c ontains the VLA N ID to MST ID mappin g table. In oth er words, this key is a mapp ing of all [...]
-
Page 170
Configuri ng the Switch 3-126 3 We b – Click Spanning T ree, ST A, Configu ration. Mo dify the requir ed attribut es, and click Apply . Figure 3-70 S TA Gl obal Confi guratio n[...]
-
Page 171
Spanning Tree Algorithm Configu ration 3-127 3 CLI – Th is ex ampl e en able s S pan ning T ree Prot ocol , set s th e mode to M ST , and then configu res the ST A an d MSTP parameters. Displaying Int erface Settings The S T A Por t Informat ion a nd ST A Trunk Informa tion pag es dis play the current status of ports and tru nks in the Spanning T[...]
-
Page 172
Configuri ng the Switch 3-128 3 • Oper Path Cost – The contribu tion of this port to the pa th cost of pa ths towards the spann ing tree ro ot which include this p ort. • Oper Link Type – Th e operatio nal point -to-point sta tus of the LAN se gme nt atta che d to t his i nte rfac e. T his p arame ter i s det erm ined by manu al co nfi gur [...]
-
Page 173
Spanning Tree Algorithm Configu ration 3-129 3 • Intern al p ath cos t – The path c ost for the MST. See the pr ecedin g item. • Priority – Def ines the pr iority us ed for thi s port in the Span ning Tree A lgori thm. If the path cost for all po rts on a swit ch is the sam e, the po rt wit h the h ighest pr iority (i.e., lowest value) will[...]
-
Page 174
Configuri ng the Switch 3-130 3 CLI – This examp le show s the ST A attributes for port 5. Configuring I nterface Settings Y ou ca n conf igure RSTP and MST P attribute s for specifi c interface s, including port priority , path cost, link typ e, and edge port. Y ou may use a different prio rity or path cost for por ts of the sam e media typ e to[...]
-
Page 175
Spanning Tree Algorithm Configu ration 3-131 3 The follow ing interfa ce attribut es can be configure d: • Spanning Tree – Enables/dis ables STA on this interface. (Default: Ena bled) • Priority – Defines th e priority used fo r this por t in the Spanning Tree Protocol. If the path cost for all ports on a switch are the sa me, the p ort wit[...]
-
Page 176
Configuri ng the Switch 3-132 3 oth er S TA-r ela ted time out prob lems. Howe ver , r emembe r t hat Edge Por t sh ould only be en abled for po rts connect ed to an end -node dev ice. (De fault: Disa bled) • Migratio n – If at any time the switch det ects STP BPDU s, includ ing Config uration or Topol ogy Chan ge Notificat ion BPDU s, it will [...]
-
Page 177
Spanning Tree Algorithm Configu ration 3-133 3 T o use mul tiple spann ing trees: 1. Se t the spanning tree type to MS TP (ST A Con figuratio n, page 3-123 ). 2. En ter the spanning tree priority for the select ed MST instanc e (MSTP VL AN Config uration). 3. Add the VLANs that will share this MSTI ( MSTP VLAN Configuration). Note: All VLANs are au[...]
-
Page 178
Configuri ng the Switch 3-134 3 We b – Click Spanning T ree, MSTP , VLA N Configu ration. Sele ct an instance identifier fro m the list, set the instance priority , an d click Apply . T o add the VL AN memb ers to an M STI in stance, ent er the in stance identi fier , the VLA N iden tifier , and click Add. Figure 3- 73 MS TP VL AN Config uration [...]
-
Page 179
Spanning Tree Algorithm Configu ration 3-135 3 CLI – Th is ex ampl e se ts the prio rit y fo r MST I 1, and adds VLAN s 1-5 to t his MSTI. ----------------------------------------------------- ---------- Eth 1/ 7 information ----------------------------------------------------- ---------- Admin status: enabled Role: master State: forwarding Exter[...]
-
Page 180
Configuri ng the Switch 3-136 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk Infor mation pages display the cu rrent status of ports and tru nks in the sel ected MS T instance. Field Attributes MST Instan ce ID – Inst ance ide ntifier to conf igure. (R ange: 0-4 094; Defaul t: 0) The other attributes are de[...]
-
Page 181
Spanning Tree Algorithm Configu ration 3-137 3 Configuring I nterface Settings for MSTP Y ou ca n config ure the ST A i nterface settings for an M ST Instance us ing the MS TP Port Confi guration and MSTP T runk Con figuratio n pages. Field Attributes The follow ing attribu tes are read- only and cannot be changed: • STA State – Disp lays curre[...]
-
Page 182
Configuri ng the Switch 3-138 3 • Admin MST Path Cost – This parameter is used by the MST P to determine the best path betwee n dev ices . Ther efor e, low er valu es sh ould be assi gned t o port s attached t o faster m edia, and hi gher value s assigne d to ports w ith slower media. (Path co st takes pre cedence ov er port priority.) Not e th[...]
-
Page 183
VLAN Configu ration 3-139 3 VLAN Configuration IEEE 802.1Q VLANs In large netw orks, rou ters are use d to isolat e broadc ast traffic for each su bnet into separate doma ins. This swi tch provide s a similar service at Layer 2 by using VLANs to organ ize any group of networ k nodes into separate broad cast dom ains. V LANs confine br oadca st traf[...]
-
Page 184
Configuri ng the Switch 3-140 3 Note: VLAN-tagged frames c an pass through VLAN-awa re or VLAN-unaw are network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support VLAN t agging. VLAN Classification – When the switch re ceives a frame, it clas sifies the f rame in one[...]
-
Page 185
VLAN Configu ration 3-141 3 these hos ts, and core swi tches in th e network , enable G VRP on the links betwe en these dev ices. Y ou sho uld also det ermine se curity bou ndarie s in the netwo rk and disable G VRP on th e boundar y ports to prev ent advertis ements from be ing propagate d, or forbid thos e ports from joining restric ted VLA Ns. N[...]
-
Page 186
Configuri ng the Switch 3-142 3 Enabling or Di sabling GVRP (Gl obal Settin g) GARP VL AN Registra tion Protoco l (GVRP) defi nes a way for sw itches to exc hange VLAN infor mat ion i n orde r to re gist er VL AN memb ers on port s acr oss th e netw ork . VLANs ar e dynamic ally con figured ba sed on join m essages issued by host device s and pro p[...]
-
Page 187
VLAN Configu ration 3-143 3 CLI – Enter the fo llowing co mmand. Displaying Current VLANs The VLAN Cu rrent T abl e shows the current por t membe rs of each VLAN and whether or not the port supp orts VLAN tagging. Ports assigned t o a large VLAN group th at crosses s everal sw itches shou ld use VLAN tagging. How ever , if you just want to crea t[...]
-
Page 188
Configuri ng the Switch 3-144 3 We b – Click VLAN, 802.1Q VLAN , Current T able. Select any ID from the scroll-down lis t. Figure 3- 78 VL AN Cur rent Table Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4094 , no leading zer oes). • Type – Show s how this VLAN was ad ded to the swi tch. - Dynamic : Automa tically le arned v[...]
-
Page 189
VLAN Configu ration 3-145 3 CLI – Current VLAN inform ation can be displayed with the foll owing com mand. Creating VLANs Use the VLAN S tatic List to create or remo ve VLAN gr oups. T o propagat e informat ion abo ut VLAN g roups used on thi s switch t o exte rnal netw ork devic es, you must spec ify a VLAN I D for each of thes e groups. Command[...]
-
Page 190
Configuri ng the Switch 3-146 3 We b – Click VLA N, 802.1Q VLAN, St atic List. T o c reate a new VLAN, ente r the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k A dd. Figure 3-7 9 VLA N Stat ic List - C reating VLAN s CLI – Th is e xampl e cr eate s a ne w VLA N. Consol e(co nfig )#vlan dat abase 4-17 9 C[...]
-
Page 191
VLAN Configu ration 3-147 3 Adding Static Members to VLANs (VLAN In dex) Use the V LAN S ta tic T able t o conf ig ure po rt membe rs fo r th e sel ect ed VLA N ind ex. Assign p orts as tagged if the y are conn ected to 80 2.1Q V LAN com pliant d evices, or untagged they are not con nected to an y VLAN -aware de vices. Or configur e a port as forbi[...]
-
Page 192
Configuri ng the Switch 3-148 3 We b – Click VLA N, 802.1Q VLAN, St atic T able. Select a VLAN I D from the scroll-down list. Modif y the VLAN nam e and status if requ ired. Select the memb ership typ e by markin g the appropr iate radi o button in the list of ports or trunks. Cl ick Apply . Figure 3 -80 V LAN St atic Table - Addi ng Sta tic Memb[...]
-
Page 193
VLAN Configu ration 3-149 3 We b – Ope n VLAN, 802. 1Q VLAN, St atic Memb ership by Port. Select an int erface from the scroll-down box (Po rt or T runk). Click Query to di splay membership inform ation for the inter face. S elect a VLAN ID, and then c lick Add to ad d the interface as a tagged mem ber , or click Rem ove to remo ve the inter face[...]
-
Page 194
Configuri ng the Switch 3-150 3 Configuring VLAN Be havior for Interfac es Y ou can conf igur e VLAN behavi or fo r spe cif ic in terf aces , in clud ing t he def aul t VLA N identifier ( PVID), acce pted fram e types, in gress filtering , GVR P status, and GAR P time rs . Command Usage • GVRP – GA RP VLAN Registrat ion Protoc ol defines a w ay[...]
-
Page 195
VLAN Configu ration 3-151 3 • GARP Leav e Timer 10 – The interval a po rt waits befo re leaving a VLAN group. This time sh ould be set to mor e than twice t he join time. Th is ensures that after a Leave or Leave All mess age ha s been issued , the appl icants ca n rejoi n before t he port actua lly leaves th e group. (Range: 60 -3000 cen tisec[...]
-
Page 196
Configuri ng the Switch 3-152 3 CLI – Th is examp le sets por t 3 to accept only tagge d frames , assi gns PV ID 3 as the nati ve VL AN ID , ena bl es G V RP , se ts t he GA RP t im ers , a nd t hen s ets th e swi tchp or t mode to hybr id. Private VLANs Private VLA Ns prov ide port-bas ed secu rity and isolat ion betwee n ports within the assign[...]
-
Page 197
VLAN Configu ration 3-153 3 2. Use the Priv ate VLAN Port Config uration men u (page 3-156 ) to set the po rt type to prom iscuous (i.e., the sing le channe l to the ext ernal netwo rk), or isolated (i.e., having access only to the prom iscuo us port in its own VLA N). Then assi gn the prom iscuous port and all hos t ports to an isolat ed VLAN. Dis[...]
-
Page 198
Configuri ng the Switch 3-154 3 Configuring Priva te VLANs The Privat e VLAN Con figuratio n page is used to create/rem ove prim ary , comm unity , or isolat ed VLAN s. Command Attributes • VLAN ID – ID of conf igured VLAN (1-4094) . • Type – The re are thre e types of VLANs within a private VLAN : - Pri mary V LANs – Conveys traffic betw[...]
-
Page 199
VLAN Configu ration 3-155 3 We b – Click VL AN, Private VLAN , Associatio n. Select the r equired prima ry VLAN from the scroll-down bo x, highli ght one or m ore commu nity VLA Ns in the Non- Ass ocia tion lis t bo x, and cli ck Add t o as soci ate t hese entr ies w it h the sele cted primary VLA N. (A c ommuni ty VLAN ca n only be associ ated w[...]
-
Page 200
Configuri ng the Switch 3-156 3 We b – Click VLAN, Private VLAN, Port Informa tion or Trunk Inf ormation. Figure 3 -86 P rivate VLAN Por t Inform ation CLI – This examp le shows t he switch configure d with prima ry VLAN 5 an d comm unity VLAN 6. Po rt 3 has be en co nfigured as a pro miscuous port a nd mapp ed to VLAN 5, wh ile ports 4 and 5 h[...]
-
Page 201
VLAN Configu ration 3-157 3 • Community VLAN – A commu nity VLAN conv eys traff ic between co mmun ity ports, and from comm unity ports to th eir desig nated pro miscuous ports. S et PVLAN Port T ype to “Host,” a nd then sp ecify the as sociated Commun ity VLAN. • Isolated VLAN – Convey s traffic only b etween t he VLAN ’s isolat ed p[...]
-
Page 202
Configuri ng the Switch 3-158 3 Class of Service Config uration Class of Service (C oS) allows you to specif y which data packets have great er precede nce when traffic is buffered in the s witch due to congestion . This swit ch supports Co S with four pri ority queu es for each por t. Data packets in a port’s high-priorit y queue will be tr ansm[...]
-
Page 203
Class of Ser vice Configuration 3-159 3 We b – Click Priority , Default Port Priority or Default T runk Priority . Modify the default priority for any in terface, then c lick Apply . Figure 3- 88 Po rt Prior ity Config uration CLI – Th is ex ampl e as sign s a de faul t pr ior ity of 5 to po rt 3. Console(config)#interface ethernet 1/3 4-131 Co[...]
-
Page 204
Configuri ng the Switch 3-160 3 Mapping CoS Values to Egress Que ues Thi s swi tch p roc esse s Cla ss o f Ser vic e (CoS ) pr iori ty tagg ed t raf fi c by u sing fou r priority qu eues for each port , with servic e sched ules base d on strict or Weighted Round Ro bin (WRR ). Up to eight se parate traffic priorit ies are define d in IEEE 802.1p. T[...]
-
Page 205
Class of Ser vice Configuration 3-161 3 We b – Click Priority , T raf fic Classes. Assign priorities t o the traf fic classes (i.e., output q ueues ), the n click Apply . Figure 3 -89 Tr affic C lasses CLI – Th e fo llow ing e xamp le s hows how to ch ange t he C oS as sign ment s. * Mapping specific values fo r CoS priorities is i mplemented a[...]
-
Page 206
Configuri ng the Switch 3-162 3 Selecting th e Queue M ode Y o u can set the s witch to service the queues based on a st rict rule th at requires al l traffic in a higher pr iority queue to be proce ssed bef ore lower pr iority queue s are serviced, or use Weight ed Round -Robin (WR R) queui ng that spe cifies a re lative weight o f each queu e. WR[...]
-
Page 207
Class of Ser vice Configuration 3-163 3 Setting the Se rvice We ight for Traf fic Classes This switc h uses the Weigh ted Rou nd Robin (WR R) algo rithm to deter mine the frequency at which it se rvices eac h priority qu eue. As des cribed in “Mapping CoS V alue s to Egress Q ueues” on page 3-160, the traffic classes ar e mapped to one of the f[...]
-
Page 208
Configuri ng the Switch 3-164 3 Layer 3/4 Priori ty Setting s Mapping Layer 3/4 Prior ities to CoS Va lues This swi tch suppo rts several c ommon method s of prioritiz ing layer 3 /4 traffic to meet applicat ion requirem ents. Traff ic prior ities can be sp ecified i n the IP heade r of a frame, u sing the prior ity bits in the T ype of Ser vice (T[...]
-
Page 209
Class of Ser vice Configuration 3-165 3 Mapping IP Preceden ce The T ype of Servi ce (T oS) oc tet i n the IP v4 head er in clud es thr ee pre ceden ce bit s defining eight different prior ity leve ls ranging from highes t priority for network control pac ket s to lo west pri ori ty fo r r out ine traf f ic. T he defa ult I P Pr ece dence val ues a[...]
-
Page 210
Configuri ng the Switch 3-166 3 CLI – The followi ng exam ple globally enables IP Pr ecedence service on the switch , maps IP Prec edence va lue 1 to CoS v alue 0 (on por t 1), and the n displays the IP Pre ceden ce set ting s. Note: Mapping specific values for IP Prec edence is implemented as an interface configuration command, but any changes w[...]
-
Page 211
Class of Ser vice Configuration 3-167 3 Command Attributes • DSCP Priority Table – Shows the D SC P Pr ior ity to Co S m ap . • Class of Se rvice Va lue – Maps a C oS valu e to the select ed DSCP Pr iority val ue. Note tha t “0” represen ts low prior ity and “7” re present high priority . Note: IP DSCP s ettings apply to all interfa[...]
-
Page 212
Configuri ng the Switch 3-168 3 Mapping IP Port Priority Y o u can also map netwo rk applic ations to Clas s of Servi ce values bas ed on the I P port numb er (i.e., TCP/UD P port num ber) in the fram e head er . So me of the mor e common TC P service ports include: HT TP: 80, FTP: 21 , T e lnet: 23 and PO P3: 1 10. Command Attributes • IP P ort [...]
-
Page 213
Class of Ser vice Configuration 3-169 3 CLI * – T he follow ing exa mple glo bally ena bles IP Port P riority se rvice on t he switc h, maps HTTP traffic on p ort 5 to CoS value 0 , and th en disp lays all t he IP Port Pri ority settings for that port . Note: Mapping specific values for IP Port Pr iority is implemented as an int erface configurat[...]
-
Page 214
Configuri ng the Switch 3-170 3 We b – Click Priority , ACL CoS Priorit y . Enable mapping for a ny port, sel ect an ACL from the scroll-down l ist, then clic k Add. Figure 3-9 7 AC L CoS Prio rity CLI – Th is e xampl e as sign s a C oS val ue o f ze ro to pac ket s match ing r ules wit hin the specif ied ACL on po rt 24. Multicast Filtering Mu[...]
-
Page 215
Mult icast Filt ering 3-171 3 request ing to join the se rvice an d sends data ou t to those po rts only . It the n propagate s the servic e request up to any ne ighbor ing multic ast switch /router t o ensure tha t it will c ontinue to re ceive the multic ast service. This procedure is called multicast filtering. The purp ose o f IP mult icas t f [...]
-
Page 216
Configuri ng the Switch 3-172 3 Command Attributes • IGM P S tat us — When enabl ed, the switch w ill monitor network traff ic to determine which hosts want to receive mult icast traffi c. This is also referred t o as IGMP Snoo ping . (Def aul t: En able d) • Act as IGMP Querier — Whe n enabled , the switc h can serve as the Querier , which[...]
-
Page 217
Mult icast Filt ering 3-173 3 CLI – Th is examp le mo difies the settin gs for m ulticas t filtering, and then disp lays the current status . Enabling IG MP Immedi ate Leave The IGMP snooping immedi ate-leav e feature en ables a La yer 2 LAN inter face to be remov ed from the mu lticast forwa rding table wit hout first se nding an IGMP group-s pe[...]
-
Page 218
Configuri ng the Switch 3-174 3 CLI – This exampl e enabl es IGM P immed iat e leav e for VL AN 1 and th en dis play s the curren t IGMP sn ooping status . Displaying Interfaces Attac hed to a Mu lticast Router Multicast routers t hat are attached to ports on the swi tch use inf ormati on obtained fro m IGM P , al ong w ith a mu ltic ast rou ting[...]
-
Page 219
Mult icast Filt ering 3-175 3 CLI – This examp le show s that Port 1 1 has bee n statically conf igured as a po rt attached to a m ulticast rout er . Specifying Static Inter faces for a Multicast Router Depend ing on you r networ k conn ections, IGMP sno oping m ay not al ways be a ble to locate the IGMP quer ier . Therefore, if the IGMP que rier[...]
-
Page 220
Configuri ng the Switch 3-176 3 Displaying Port Members o f Multicast Se rvices Y o u can disp lay the port m ember s associate d with a spe cified VLA N and mu lticast serv ice. Command Attributes • VLAN ID – Sele cts the VLAN fo r which to displ ay port me mbers. • Multicast IP Address – The IP address for a specific mult icast servic e. [...]
-
Page 221
Mult icast Filt ering 3-177 3 Assigning Po rts to Mul ticast Service s Multicast filtering ca n be dynam ically co nfigured using IGMP Sn ooping an d IGMP Query me ssage s as describ ed in “Conf iguring IGM P snoo ping and Que ry Parame ters” on page 3 -133. For ce rtain applica tions that r equire tight er cont rol, you may n eed to statically[...]
-
Page 222
Configuri ng the Switch 3-178 3 CLI – This example a ssigns a multica st addr ess to V LAN 1, and the n display s all the kno wn mul tic ast serv ic es su ppor ted on VL AN 1. IGMP Filte ring and Throttli ng In certain swit ch applica tions, th e adminis trator may want to contr ol the mul ticast services t hat are avai lable to en d users. For e[...]
-
Page 223
Mult icast Filt ering 3-179 3 We b – Click IGMP Snooping, IGMP Filter Confi guration. Create a profi le number by entering the numb er in text box and clickin g Add. Ena ble th e IGMP fi lter status, then click Apply . Figure 3- 104 En abling IGMP Fil tering and Throt tling CLI – This examp le enabl es IGMP filt ering and cr eates a prof ile nu[...]
-
Page 224
Configuri ng the Switch 3-180 3 Command Attributes • Profile ID – Sel ects an ex isting prof ile numbe r to config ure. After se lecting an ID number , click the Q uery but ton to disp lay the curr ent confi guration . • Access M ode – Sets the access mod e of the pr ofile; either per mit or de ny. (Default : Deny) • New Multicast Address[...]
-
Page 225
Mult icast Filt ering 3-181 3 CLI – Th is ex ampl e co nfig ures pro fil e numbe r 19 by sett ing t he a ccess mode to “pe rmit ” and th en spe cify ing a r ange of multi cast gro ups t hat a user ca n join. The current pr ofile con figuratio n is then disp layed. Configuring IG MP Filtering a nd Throttling for Interfaces Once y ou have c onf[...]
-
Page 226
Configuri ng the Switch 3-182 3 • Trunk – Indicates if a port is a trunk member . We b – Click IGMP Snooping, IGMP Filt er/Throttling Port Con figuration or IGMP Filter/Throt tling Trunk Config uration. Sel ect a profil e to assign to an i nterface , then set the throt tling num ber a nd ac tion. C lick A pply . Figure 3- 106 IG MP Fi lter an[...]
-
Page 227
Multicast VLAN Regi stration 3-183 3 Multicast VLAN Registrati on Multicast VL AN Regis tration (M VR) is a proto col that cont rols access to a single network -wide VLA N most com monl y used for tran smitti ng multica st traffic (such as tel evi sion chan nels or vide o-on- dem and) a cros s a servi ce pr ovi der’s netw ork. Any multicast traff[...]
-
Page 228
Configuri ng the Switch 3-184 3 4. For mult icast strea ms that will run for a l ong term and be associated with a stable set of hos ts, you can stati cally bind th e multicast group to the par tic ip ati ng i nte rfac es ( see “ Ass igni ng S tatic Mul tica st G roup s to I nter face s” o n page 3-188) . Configuring Globa l MVR Settings The gl[...]
-
Page 229
Multicast VLAN Regi stration 3-185 3 CLI – This examp le first enab les IGM P snoopin g, enables MVR globa lly , and then configur es a range of MVR grou p address es. Displaying MVR Interf ace Status Y ou ca n displa y informat ion about t he interface s attached to t he MVR VL AN. Field Attributes • Type – Show s th e MVR port type . • Op[...]
-
Page 230
Configuri ng the Switch 3-186 3 Displaying Port Members of Multicast Groups Y ou ca n displa y the multi cast groups ass igned to the MVR VLAN either throug h IGMP snoop ing or st atic con fig urat ion. Field Attributes • Group IP – Multicast gr oups assi gned to the M VR VLAN. • Group Port List – Shows the interfac es with su bscribers for[...]
-
Page 231
Multicast VLAN Regi stration 3-187 3 Configuring MVR Interface Status Each int erf ace t hat par tic ip ates in t he MV R VLAN mus t be confi gur ed as an MV R source po rt or receive r port. If onl y one subsc riber attache d to an inter face is receiv ing multicas t servic es, you ca n enable the immed iate leav e function . Command Usage • One[...]
-
Page 232
Configuri ng the Switch 3-188 3 We b – Click M VR, Port or T runk Co nfiguratio n. Figure 3-1 10 MV R Port Configur ation CLI – Th is e xampl e co nfig ures an M VR sour ce p ort and recei ver port , an d the n enables imme diate l eave on the r eceive r port. Assigning St atic Multicast Groups to Inter faces For multi cast streams that will ru[...]
-
Page 233
Configuring Dom ain Name Serv ice 3-189 3 We b – Click M VR, Gro up Mem ber Configu ration. Sel ect a port or tru nk from the “Interfac e” fiel d, and click Query to dis play t he ass igned m ulticast groups. Selec t a multicast address from the dis played lis ts, and click the Add or Remove button to modify the M ember list. Figure 3- 111 M [...]
-
Page 234
Configuri ng the Switch 3-190 3 • If t here is no domain list, the def ault dom ain name is used. If there i s a domain list, the defaul t domain n ame is not us ed. • W hen an inco mplete hos t name is received by t he DNS serv ice on this swi tch and a domain n ame li st has be en specified , the swi tch will w ork throu gh the dom ain lis t,[...]
-
Page 235
Configuring Dom ain Name Serv ice 3-191 3 We b – Select DNS, General Configura tion. Set the defaul t domain na me or list of domain nam es, spe cify on e or more nam e servers t o use to use for address resolution , enable domain lo okup status, a nd click Appl y . Figure 3-112 DNS G eneral Co nfigur ation CLI - Th is exam ple set s a defaul t d[...]
-
Page 236
Configuri ng the Switch 3-192 3 Configuring Sta tic DNS Host to Address Entries Y o u can man ually conf igure static en tries in the DN S table that are used to map domai n names to IP addresse s. Command Usage • St atic entrie s may be us ed for local dev ices con nected dir ectly to the att ached network , or for com monly use d reso urces loc[...]
-
Page 237
Configuring Dom ain Name Serv ice 3-193 3 CLI - Th is ex ampl e map s two ad dres s to a hos t na me, a nd th en co nfi gures an alia s host nam e for th e same add resse s. Displaying the DNS Cache Y o u can disp lay entries in the DNS cache tha t have been learned via the designa ted name se rvers. Field Attributes • No – The entry nu mber fo[...]
-
Page 238
Configuri ng the Switch 3-194 3 CLI - This examp le displa ys all the reso urce reco rds lear ned from t he desig nated name ser vers. Switch Clustering Switch Clustering is a met hod of grouping swi tches to gether to en able cent ralized manage ment thr ough a single unit. Swit ches th at supp ort clus tering c an be grouped together regardles s [...]
-
Page 239
Switch Clus tering 3-195 3 • Role – Indi cates the curr ent role of the switc h in the clus ter; either Commander , Memb er , or Candidate. • Cluster IP Pool – An “ interna l” IP add ress pool th at is used to assign IP add ress es to Member s witches in th e cluster. Internal c luster IP addre sses are in the form 10. x.x.memb er-ID . [...]
-
Page 240
Configuri ng the Switch 3-196 3 We b – Click C luster , Membe r Config uration. Figur e 3-116 C luster Member C onfigu ration CLI – This examp le creates a new clu ster Mem ber by spec ifying the Ca ndidate switch MAC addres s and se tting a Me mber ID. Cluster Member Information Displays c urrent cluste r Member switch information. Command Att[...]
-
Page 241
Switch Clus tering 3-197 3 CLI – This examp le show s informat ion about cl uster Mem ber swi tches. Cluster Candi date Info rmation Displa ys informat ion abou t discover ed switch es in the net work that ar e alread y cluster M embers or are availa ble to becom e cluster Membe rs. Command Attributes • Role – In dica tes the curr ent sta tus[...]
-
Page 242
Configuri ng the Switch 3-198 3[...]
-
Page 243
4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Com mand Line Interface (CLI). Using the Command Line Interface Accessing the CLI When acc essing t he manag emen t interface for the sw itch over a dir ect conne ction to the serve r ’s console por t, or via a T eln et connec tion, the swi tch can be managed by enterin[...]
-
Page 244
Command L ine Interface 4-2 4 T o acce ss the swi tch throug h a T elnet session , you must fi rst set the IP address for the switch , and se t the default gateway i f you are man aging th e switch from a different IP su bnet. For exa mple, If your cor porate net work is con nected to an other ne twork outside your office or to the Int ernet, y ou [...]
-
Page 245
Entering C ommands 4-3 4 Entering Commands Thi s sect ion de scri bes how to ent er CLI co mmand s. Keywords and Argument s A CLI comma nd is a ser ies of keywor ds and argu ments. Keywo rds iden tify a comm and, and argu ments spec ify configu ration parame ters. For exam ple, in the comma nd “show int erf aces s ta tus ethe rnet 1/5 ,” show i[...]
-
Page 246
Command L ine Interface 4-4 4 Showing Commands If you ente r a “?” at the co mman d prompt, the system will disp lay the first leve l of keywords for the cu rrent comm and clas s (Norm al Exec or Pri vileged Exe c) or configur ation clas s (Globa l, ACL, Inter face, Line or VL AN Database ). Y ou can al so display a l ist of valid keywords f or[...]
-
Page 247
Entering C ommands 4-5 4 Partial Keyword Lookup If you termi nate a partial keyw ord with a questio n mark, alte rnatives that match th e initial lette rs are provide d. (Rem ember no t to leave a space between t he comm and and quest ion mark. ) For examp le “ s? ” shows al l the keyw ords starting wi th “s.” Negating t he Effect of Comman[...]
-
Page 248
Command L ine Interface 4-6 4 current m ode. The c omman d classes and ass ociated m odes are di splaye d in the following table : Exec Commands When you open a new console se ssion on the switch wi th the user na me and password “g uest,” the system enter s the Norm al Exec com mand m ode (or gu est mode), di splaying the “Cons ole>” co[...]
-
Page 249
Entering C ommands 4-7 4 Configurati on Commands Configu ration com mand s are privi leged level comm ands used t o modify s witch settings . These comm ands modi fy the running co nfigurat ion only and are not saved when the sw itch is reb ooted. T o store the ru nning co nfigurati on in non-vol atile storag e, use the copy r unning-con fig startu[...]
-
Page 250
Command L ine Interface 4-8 4 Command Line Processi ng Comma nds are not case sens itive. Y ou can ab brevia te comma nds and parameters as long as they contain enoug h letters to differentiate th em from a ny other c urrently availabl e comm ands or parame ters. Y ou can use the T ab key to co mplete parti al comm ands, or en ter a par tial comm a[...]
-
Page 251
Command Group s 4-9 4 Command Groups The syst em com mands can be b roken do wn into the fun ctional g roups shown below . T ab le 4-4 Comman d Grou ps Comman d Grou p Descr iption Page Line Se ts com munication param eters for t he seri al port and T elne t, including bau d rate and conso le time-ou t 4-1 1 General Basic com mands for en tering pr[...]
-
Page 252
Command L ine Interface 4-10 4 The access mode sho wn in the fo llowing tables is indicated by t hese abbr eviation s: NE (Norm al Exec) IC (I nterface Confi guration) PE (Privileg ed Exec) LC ( Line Conf iguration) GC (Global Config uration) VC (VLAN Da tabase Conf iguration) ACL (Access Control List Confi guration ) MST (Mul tiple S panning Tree)[...]
-
Page 253
Line Command s 4-11 4 Line Commands Y ou ca n acces s the onbo ard config uration pr ogram by attaching a VT100 compatible de vice to the server ’s serial port. The se comm ands are us ed to set communicati on pa rameters for the serial port or T elnet (i.e ., a vir tual termina l). line This comm and id entifies a s pecific line for con figurati[...]
-
Page 254
Command L ine Interface 4-12 4 Command Usage T elnet is co nsidered a vi rtual term inal connec tion and will be sh own as “Vty” in screen di splays such as show use rs . How ever , the serial comm unicat ion parameter s (e.g., databits) do not affect T e lnet conne ctions . Example T o enter console line m ode, enter the follow ing comm and: R[...]
-
Page 255
Line Command s 4-13 4 Example Related Commands usernam e (4-27 ) pass word (4-13) passwo rd This comm and sp ecifies the password for a line. Use the no form to remo ve the password . Syntax pas sw o r d { 0 | 7 } passw ord no password •{ 0 | 7 } - 0 mean s plain pass word, 7 m eans en crypte d passwo rd • passw ord - Ch aract er strin g th at [...]
-
Page 256
Command L ine Interface 4-14 4 timeout log in response Thi s com ma nd s ets th e in terv al that the sys tem wai ts fo r a us er to log into the CLI . Use t he no form to re store the d efault. Syntax timeout login respons e [ seco nds ] no time out login r esponse seconds - Integer that specifies the ti meout interval. (Range: 0 - 300 seconds; 0:[...]
-
Page 257
Line Command s 4-15 4 Command Mode Line Co nfigurat ion Command Usage • If us er input is det ected wi thin the timeo ut interval , the sessi on is kept ope n; otherwise the session is terminat ed. • Thi s com mand applie s to both the lo cal co nsole a nd T elnet co nnecti ons. • The timeout for Telnet cann ot be disabl ed. • Usi ng the co[...]
-
Page 258
Command L ine Interface 4-16 4 Related Commands silent-tim e (4- 16) timeout lo gin respons e (4-13) silent-time This comm and sets the am ount of time the man agemen t console is inaccessi ble after the numbe r of unsuc cessfu l logon att empts exce eds the thr eshold se t by the passwo rd-th resh command. Use the no form to r emove the sil ent ti[...]
-
Page 259
Line Command s 4-17 4 Command Usage The d ata b its comman d can be used to m ask th e high bit on i nput from devices that g enerate 7 d ata bits with parity . If parity is being gene rated, specify 7 data bits per ch aracte r . If no pari ty is re quired, specif y 8 data b its per charact er . Example T o speci fy 7 data bits, enter this com mand[...]
-
Page 260
Command L ine Interface 4-18 4 speed This command set s the t erminal line’ s baud rate . This command se ts both th e transmi t (to termina l) and re ceive (from termina l) speed s. Use the no form to re stor e the defaul t setting. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 1 15200 bps) De[...]
-
Page 261
Line Command s 4-19 4 disco nnect Thi s com mand t ermi nate s an SSH, T elnet, or c onsol e connect ion . Syntax disconnect sessio n-id sessio n-i d – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecifyi ng session identifier “0” will dis connect the console conn [...]
-
Page 262
Command L ine Interface 4-20 4 Example T o show all lines, en ter this com mand: General Commands enab le Thi s com mand a cti vate s Pri vil eged Exec mode . In pri vile ged mode, addi tio nal comm ands are availabl e, and c ertain comm ands di splay a dditiona l informa tion. See “Unde rstanding C omma nd Modes” on page 4-5 . Syntax enable [ [...]
-
Page 263
General Command s 4-21 4 Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “s uper” is the defau lt pas sword re quired to change the com mand mode from Normal Exec to Pr ivileged Exec. (To s et this password, s ee the enable password c omman d on page 4-2 8.) • The “#” char acter is app ended to the e nd of the pr ompt[...]
-
Page 264
Command L ine Interface 4-22 4 configure This c ommand activ ates Gl obal C onfigurat ion mo de. Y ou must enter this m ode t o modify an y setting s on the sw itch. Y ou must also enter Global Con figur ation mod e prior to en abling some o f the other c onfigurat ion mode s, including Interfac e Configu ration, Line C onfigur ation, and VLAN Da t[...]
-
Page 265
General Command s 4-23 4 The ! comman d re peat s co mmand s fro m the Exe cuti on c omman d hi stor y buf fer when yo u are in Norm al Exec or Privi leged Exec M ode, and comman ds from the Configu ration comm and history buffer when y ou are in an y of the con figuration mode s. In t his ex ample , th e !2 comman d repe ats the secon d comm and i[...]
-
Page 266
Command L ine Interface 4-24 4 exit This comm and ret urns to the prev ious conf iguration mode or ex it the confi guration program. Default Sett ing None Command Mode Any Example This examp le shows ho w to return t o the Privile ged Exec m ode from the G lobal Configu ration mode , and then quit the CLI session: quit Thi s comma nd exi ts th e co[...]
-
Page 267
System Management C ommands 4-25 4 System Management Co mmands Thes e co mmand s are u sed to c ontr ol sy stem logs , p assw ords , us er nam es, brows er configur ation op tions, and display or co nfigure a va riety of othe r system inform ation. Device Designation Commands prompt This comm and cust omizes th e CLI prom pt. Use the no form to res[...]
-
Page 268
Command L ine Interface 4-26 4 Example hostname This comm and sp ecifies or m odifies the host na me for this de vice. Us e the no form to restor e the defaul t host name . Syntax hostname na me no hostname name - The name of this host. (Maxi mum length: 255 characters) Default Sett ing None Command Mode Global Co nfigurat ion Example User Access C[...]
-
Page 269
System Management C ommands 4-27 4 username This comm and adds n amed users, requ ires authe ntication at login, speci fies or chang es a user 's passwor d (or sp ecify tha t no passw ord is re quired ), or spec ifies or chang es a user's acc ess leve l. Use the no form to r emove a user name. Syntax usernam e nam e { a ccess -level level[...]
-
Page 270
Command L ine Interface 4-28 4 enable pa ssword After initially log ging on to the s ystem, you shou ld set th e Privilege d Exec password. Remem ber to recor d it in a safe pl ace. This com mand controls ac cess to the Privileged Exec level from the Norma l Exec level. U se t he no form to reset t he default pass word. Syntax enab le p asswor d [ [...]
-
Page 271
System Management C ommands 4-29 4 IP Filt er Commands managem ent This comm and speci fies the client IP addr esses tha t are allow ed manage ment access t o the switch through v arious pr otocols. Use the no form to restore the default se tting. Syntax [ no ] management { all-client | ht tp-client | snmp-clie nt | teln et -cli en t } start-addres[...]
-
Page 272
Command L ine Interface 4-30 4 Example Thi s exam ple res tri ct s mana gement acces s to th e indi cate d addr esses . show ma nagement This comm and disp lays the cl ient IP addr esses th at are allow ed manag ement access t o the switch through v arious pr otocols. Syntax show management { al l-client | http-clien t | snmp-clie nt | teln et -cli[...]
-
Page 273
System Management C ommands 4-31 4 Web Server Commands ip http port This comm and speci fies the TCP port num ber used by the web br owser inter face. Use t he no form to us e the defa ult port. Syntax ip http port port- number no ip http port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 80 Comm[...]
-
Page 274
Command L ine Interface 4-32 4 Example Related Commands ip htt p port (4-31 ) ip http sec ure-server This comm and enabl es the se cure hype rtext transfe r protocol (HTTPS) ove r the Secure Socket Layer (SSL ), pro viding s ecure a ccess ( i.e., an encrypted conn ection) to the swit ch’s web interfac e. Use the no f orm t o disable th is functio[...]
-
Page 275
System Management C ommands 4-33 4 Example Related Commands ip http secu re-port (4-33) copy tftp https-certif icate (4-70) ip http sec ure-port This comm and speci fies the UD P port numbe r used for HTTP S/SSL co nnection to the switch’ s web interf ace. Use the no fo rm to resto re the defaul t port. Syntax ip http secure- port po rt_numb er n[...]
-
Page 276
Command L ine Interface 4-34 4 Telnet Ser ver Commands ip telnet po rt This co mmand specifies the TCP port n umb er used by the T elnet int erface . Use the no form to us e the defaul t port. Syntax ip telnet port port-numb er no ip telnet port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 23 Co[...]
-
Page 277
System Management C ommands 4-35 4 Related Commands ip tel net port (4-3 4) Secure Shell Command s The Berkl ey-standard includes r emote a ccess too ls originall y designe d for Unix systems. Some of these tools hav e also bee n implem ented for M icrosoft Windo ws and other environm ents. These to ols, includ ing comm ands su ch as rl ogi n (re m[...]
-
Page 278
Command L ine Interface 4-36 4 The SSH se rver on th is switch su ppor ts both password and public key authenti cation. If password auth enticatio n is specifie d by the S SH client, then the password can be auth enticate d either lo cally or via a R ADIUS or T ACA CS+ rem ote authenti cation ser ver , as specifi ed by the au thenticat ion login co[...]
-
Page 279
System Management C ommands 4-37 4 corres ponding to the public ke ys store d on the switc h can gain a ccess. Th e followi ng exchang es take place du ring this p rocess: a. T he c lien t se nds i ts publ ic key to the swi tch. b. The switc h compares th e client's pub lic key to tho se stored in memor y . c. If a ma tch is fo und, the swi tc[...]
-
Page 280
Command L ine Interface 4-38 4 ip ssh tim eout This comm and conf igure s the timeout for the SSH server. Use the no form to res tore the defaul t setting. Syntax ip s sh timeout secon ds no ip ssh time out seconds – The timeout for client re sponse during SSH ne gotiation. (Range: 1- 120) Default Sett ing 10 seco nds Command Mode Global Co nfigu[...]
-
Page 281
System Management C ommands 4-39 4 Example Related Commands show ip ss h (4-41) ip ssh se rver-key s ize This com mand sets t he SSH serv er key size . Use the no form to rest ore the defa ult setting. Syntax ip ssh serv er-key si ze key- size no ip ssh ser ver-key siz e key-size – The size of server key . (Range: 512-896 bits) Default Sett ing 7[...]
-
Page 282
Command L ine Interface 4-40 4 Example ip ssh cr ypto host-k ey generate This comm and gener ates th e host key pair (i.e. , public and pr ivate). Syntax ip ssh cryp to host-key ge nerate [ dsa | rsa ] • dsa – DSA (Ver sion 2) ke y type. • rsa – RSA ( Version 1) key type. Default Sett ing Generat es both the DSA an d RSA key pairs. Command [...]
-
Page 283
System Management C ommands 4-41 4 Command Mode Privileged Exec Command Usage • This comma nd clear s the host key fr om volatil e memory (RA M). Use t he no ip ssh save h ost-key command to c lear the h ost key fro m flash memor y. • The SSH serv er must be disa bled bef ore you ca n execu te this comm and. Example Related Commands ip ssh cryp[...]
-
Page 284
Command L ine Interface 4-42 4 Example show ss h This comm and disp lays the cur rent SSH se rver con nections. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentica tion retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Use rname Encryptio[...]
-
Page 285
System Management C ommands 4-43 4 show pub lic-key Thi s com mand s hows the publ ic ke y fo r th e sp ecifi ed u ser or fo r th e ho st. Syntax show p ublic-key [ user [ usernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys . Command Mode Privileged Exec Command Usage • If no pa ra[...]
-
Page 286
Command L ine Interface 4-44 4 Event Logging Commands logging on This comm and cont rols loggin g of error m essages, sending debug or er ror message s to switch memory . The no form di sabl es th e logg ing pr oce ss. Syntax [ no ] logging on Default Sett ing None Command Mode Global Co nfigurat ion Command Usage The logging process co ntrol s err[...]
-
Page 287
System Management C ommands 4-45 4 logging his tory This com mand limi ts syslog me ssage s saved to switch m emory ba sed on s everit y . The no form re turns the logging of sys log messages to t he default level. Syntax logging history { flas h | ra m } leve l no logging history { fla sh | ra m } • flas h - Event hi story sto red in flash m emo[...]
-
Page 288
Command L ine Interface 4-46 4 logging hos t This comm and ad ds a syslog ser ver host IP addres s that will re ceive logg ing messag es. Use th e no form to remove a syslog server h ost. Syntax [ no ] logging host host_ip_ addre ss host_ip_address - The IP address of a syslog server . Default Sett ing None Command Mode Global Co nfigurat ion Comma[...]
-
Page 289
System Management C ommands 4-47 4 logging trap This comm and en ables the logg ing of sys tem mess ages to a re mote serv er , or limits the sysl og mess ages sa ved to a remo te serve r based on severity . Use this comm and witho ut a specifie d level to en able remote logging . Use the no form to disable re mote logg ing. Syntax logging trap [ l[...]
-
Page 290
Command L ine Interface 4-48 4 Related Commands show logg ing (4-48) show log ging This comm and disp lays the con figura tion settings for loggin g messag es to local switch memory , to an SMTP event handler, or to a rem ote syslog serve r . Syntax sh ow logg ing { flash | ram | sendmail | tr ap } • flas h - Displays setti ngs for storing ev ent[...]
-
Page 291
System Management C ommands 4-49 4 The follow ing exam ple displays settings for the trap fu nction. Related Commands show logg ing sendm ail (4-53) show log This c omman d disp lays the sys tem and eve nt me ssage s stor ed in memo ry . Syntax show log { flash | ra m } [ login ] [ tai l ] • flas h - Event histo ry stored in flash memory (i. e., [...]
-
Page 292
Command L ine Interface 4-50 4 Example The fo llowing exampl e show s sam ple me ssage s stored in R AM. SMTP Alert Commands These com mands configure SMTP event handling, an d forward ing of alert messag es to the spec ified SM TP server s and email recipients. loggin g sendmail h ost This co mmand specifies SMTP servers t hat wi ll be sent a lert[...]
-
Page 293
System Management C ommands 4-51 4 Command Mode Global Co nfigurat ion Command Usage • You ca n speci fy up to three SMTP serv ers for ev ent hand ing . Howev er, you must en ter a separa te comm and to sp ecify each s erver. • To send email a lerts, the switc h first ope ns a connect ion, send s all th e emai l alerts wai ting in the que ue on[...]
-
Page 294
Command L ine Interface 4-52 4 logging se ndmail sourc e-email This comm and sets the em ail addre ss used for the “From ” field in alert m essages . Use t he no form to de lete the sou rce ema il address . Syntax [no] logging sen dmail source-ema il email-add ress email- address - The source email address used i n alert messages. (Range: 0-41 [...]
-
Page 295
System Management C ommands 4-53 4 loggin g sendmail This comm and enabl es SMTP ev ent hand ling. Use the no form to disable this func tio n. Syntax [ no ] log ging sendmail Default Sett ing Enabl ed Command Mode Global Co nfigurat ion Example show log ging sen dmail This c ommand displ ays the settings for the SMTP even t hand ler . Command Mode [...]
-
Page 296
Command L ine Interface 4-54 4 Time Commands The syste m clock can be dynami cally set by p olling a set of specified N TP time ser vers . Maint ai nin g an accu rate time on the swi tch en able s the sy stem l og to record me anin gful date s and time s for ev ent entries . If the cloc k is not set, the s witch will only rec ord the time from the [...]
-
Page 297
System Management C ommands 4-55 4 Example Related Commands sntp ser ver (4-5 5) sntp poll (4-56) show sn tp (4-56 ) sntp serv er This comm and sets the IP address of the server s to which SN TP time reques ts are issued. U se this comm and wi th no argum ents to clear all t ime servers f rom the current l ist. Syntax sntp serv er [ ip1 [ ip 2 [ ip[...]
-
Page 298
Command L ine Interface 4-56 4 sntp poll This comm and sets the in terval betw een send ing time requests when th e switch is set to SNTP client mode. U se the no form to resto re to the def ault. Syntax sntp poll secon ds no sntp poll seconds - Interval between time requests. (Range: 16- 16384 seconds) Default Sett ing 16 seco nds Command Mode Glo[...]
-
Page 299
System Management C ommands 4-57 4 ntp cli ent This comm and ena bles N TP client requests for t ime syn chronizat ion from N TP time server s specif ied with th e ntp s ervers c omman d. Use the no form t o disable NTP client reque sts. Syntax [ no ] nt p c lie nt Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • The [...]
-
Page 300
Command L ine Interface 4-58 4 Default Sett ing V er sion numb er: 3 Command Mode Global Co nfigurat ion Command Usage • This command specifies time servers that th e switch will poll for time updates when set to NTP c lient mode. I t issues ti me synchronization requests based on the interval s et with the ntp p oll comman d. The client w ill po[...]
-
Page 301
System Management C ommands 4-59 4 Example Related Commands ntp client (4 -57) ntp au thenticate This comm and enabl es authe ntication for NTP clien t-server communi cations. Use the no form to disa ble auth enti cati on. Syntax [no] ntp authenticate Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage Y ou ca n enable N TP [...]
-
Page 302
Command L ine Interface 4-60 4 • key - An MD5 authent ication key st ring. The key string c an be up to 32 cas e-s ensi tive pri nta ble ASCII cha ract ers ( no s pac es). Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • The key number specifies a key value in the NTP authentication key list. Up to 255 k eys can be con [...]
-
Page 303
System Management C ommands 4-61 4 Example cloc k time zon e This comm and se ts the time zone for the swit ch’s internal c lock. Syntax clock timezone name hou r hours minute minutes { before-utc | af ter-utc } • name - Nam e of tim ezone, us ually an acr onym. (Range: 1- 29 chara cters) • hours - Num ber of hour s before /after UTC . (Rang [...]
-
Page 304
Command L ine Interface 4-62 4 Related Commands show sn tp (4-56 ) cale nda r set This command s ets the s ystem clock. It may be used i f there is no time se rver on your net work, or if you have not configur ed the s witch to receive signals from a t ime serv er . Syntax calenda r set hour m in sec { day month ye ar | mo nth da y year } • hour [...]
-
Page 305
System Management C ommands 4-63 4 System Status Commands show sta rtup-config This comm and disp lays the con figura tion file stored in non-vo latile mem ory that is used to start up the system . Default Sett ing None Command Mode Privileged Exec Command Usage • U se this co mmand in conj unction w ith the show r unning-config command to compar[...]
-
Page 306
Command L ine Interface 4-64 4 Example Related Commands show runni ng-con fig (4- 65) Console#show startup-config building startup-config, please wait..... ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community publ[...]
-
Page 307
System Management C ommands 4-65 4 show runn ing-config This comm and disp lays the con figurat ion inform ation curr ently in use. Default Sett ing None Command Mode Privileged Exec Command Usage • Use t his co mmand in co njun ctio n wit h the show startup- config command to compar e the inform ation in runn ing mem ory to the information store[...]
-
Page 308
Command L ine Interface 4-66 4 Example Related Commands show startu p-config (4-63) Console#show running-config building running-config, please wait..... ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 ! clock timezone hours 0 minute 0 after-UT C ! ! SNMP-server community private rw SNMP-server community public ro ! ! username admin access-level 15 username [...]
-
Page 309
System Management C ommands 4-67 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descri ption of the ite ms show n by this comm and, re fer to “D isplayin g System In formatio n” on page 3-10 . • The POS T res ults shou ld al l di spla y “PA SS.[...]
-
Page 310
Command L ine Interface 4-68 4 Command Usage The sess ion use d to execut e this co mman d is in dicated by a “* ” symb ol next to the Line (i .e., session ) index nu mber . Example show ve rsion Thi s comma nd dis play s hard ware an d sof tw are ver sio n infor mat ion f or the syste m. Default Sett ing None Command Mode Normal Exec, Privileg[...]
-
Page 311
System Management C ommands 4-69 4 Example Frame Size Commands jumbo frame This comm and enabl es suppo rt for jumbo frames. Use the no form to di sabl e it. Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • Thi s switch pr ovides m ore effici ent throug hput for la rge seque ntial data transf[...]
-
Page 312
Command Line Interface 4-70 4 • Ena bling jumb o frame s will limit the maxi mum t hresh old for broad cast s torm contro l. (See the switc hport broadca st comm and on page 4 -137.) • The curre nt sett ing f or jumbo fram es can be display ed with the show system comm and (pa ge 4 -67). Ex am ple Flash/File Commands These comman ds a re use d [...]
-
Page 313
Flash/File Commands 4-71 4 • public-ke y - K eywor d th at a llow s you to co py a SSH k ey f rom a TFTP server. (“Se cure Shell Comman ds” on p age 4-35) Default Sett ing None Command Mode Privileged Exec Command Usage • The system prompts for data r equired to complete the copy command. • The destin ation fil e name s hould no t contain[...]
-
Page 314
Command L ine Interface 4-72 4 The follow ing exam ple shows how to copy t he running c onfigu ration to a startup file. The follow ing exam ple shows how to dow nload a conf iguration f ile: This examp le show s how to cop y a secure- site certifica te from an TFTP server. It then r eboots the swi tch to activa te the certifi cate: This examp le s[...]
-
Page 315
Flash/File Commands 4-73 4 delete This comm and dele tes a file or im age. Syntax delete filenam e filename - Name of the configuration f ile or image name. Default Sett ing None Command Mode Privileged Exec Command Usage • If the file type is used fo r system star tup, then thi s file cannot be deleted. • “Fac tor y_De fault _Co nfi g.c fg?[...]
-
Page 316
Command L ine Interface 4-74 4 • Fil e inf orm ation is shown bel ow: Example The follow ing exam ple shows how to disp lay all file inform ation: whichboo t This c ommand displ ays w hich file s were booted when the s ystem powe red up. Syntax whichboot Default Sett ing None Command Mode Privileged Exec Example This examp le show s the inform at[...]
-
Page 317
Flash/File Commands 4-75 4 boot syste m This comm and sp ecifies the image us ed to start up the sy stem. Syntax boot syst em { boot-rom | co nfig | opcode }: filename The type of file or i mage to set as a default includes: • boot-rom * - B o ot RO M. • config * - Configuration f ile. • opcode * - Ru n-time o peration c ode. • filename - N[...]
-
Page 318
Command L ine Interface 4-76 4 Authentication Commands Y o u can conf igure this sw itch to au thentica te users logging in to the sys tem for manage ment ac cess usin g local or RA DIUS a uthentic ation met hods. Y ou ca n also enable po rt-based authent ication for net work clien t access u sing IEEE 802.1X. Authenticat ion Sequence authentica ti[...]
-
Page 319
Authentication Command s 4-77 4 • RADIUS and TACA CS+ logon authentication as signs a specific privile ge level for eac h user name an d pass word pair . Th e us er n ame, passw ord , and privilege lev el must be c onfigured on the aut henticat ion server . • You can specify t hree au thentic ation me thods in a singl e com mand t o indicat e t[...]
-
Page 320
Command L ine Interface 4-78 4 authenti cation is at tempted on the TAC ACS+ se rver. If th e TACACS+ s erver is not avai lable, the loca l user name and pass word is ch ecked. Example Related Commands enable pass word - sets the passwor d for chan ging comm and mod es (4-28) RADIUS Client Remote Authentic ation Dial- in User Service (RADIUS ) is a[...]
-
Page 321
Authentication Command s 4-79 4 • retr ansm it - Number of times the switch will try to authent icate logon access via the RA DIUS ser ver. (Ra nge: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces i n the string. (Maximum length: 20 characters) Default Sett ing • auth -p ort - 18 12 • timeo[...]
-
Page 322
Command L ine Interface 4-80 4 Default Sett ing None Command Mode Global Co nfigurat ion Example radius- server r etransmi t This c ommand sets th e numb er of retrie s. Use the no form to res tore the def ault. Syntax radi us-s erver re tran smit num ber _of_r etr ies no radius-server retransmit number_of_retries - Numbe r of times the switch will[...]
-
Page 323
Authentication Command s 4-81 4 Example show radi us-server This comm and disp lays the cur rent sett ings for the RA DIUS server . Default Sett ing None Command Mode Privileged Exec Example TACACS+ Client T erminal Acce ss Controller Acces s Control System (T ACA CS+) is a logon authenti cation pro tocol tha t uses software running on a ce ntral s[...]
-
Page 324
Command L ine Interface 4-82 4 tacacs-se rver host This command specifies the T ACACS+ server . Use the no form to restore the default. Syntax t aca cs-serv er host host_ ip_addres s no tacacs-serv er host host_ip_address - IP addr ess of a T ACACS+ server . Default Sett ing 10. 1 1.12.13 Command Mode Global Co nfigurat ion Example tacacs-se rver p[...]
-
Page 325
Authentication Command s 4-83 4 Syntax t aca cs-serv er key ke y_st ring no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 2 0 characters) Default Sett ing None Command Mode Global Co nfigurat ion Example show taca cs-s erve r This comm and dis[...]
-
Page 326
Command L ine Interface 4-84 4 Port Security Commands These com mands can be use d to enable po rt securi ty on a port. Wh en using po rt securi ty , the sw itch st ops learn ing new M AC ad dresses on the s pecified port w hen it has r eache d a con figur ed max imum nu mber . Only inco min g traf fic wit h source address es alrea dy store d in th[...]
-
Page 327
Authentication Command s 4-85 4 Command Usage • If you e nable p ort se curity, t he swit ch sto ps learning new MAC a ddre sses on the spec ified port whe n it has reac hed a con figured m aximum number . Only incom ing traffic w ith sour ce addre sses a lready stored in the dyna mic or st atic address table will be ac cepted . • Fi rst use th[...]
-
Page 328
Command L ine Interface 4-86 4 dot1x system -auth-contro l This comm and enabl es 802.1 X port authe ntication g lobally on the switch. U se the no form to restore the default. Syntax [ no ] system-auth -control Default Sett ing Disabled Command Mode Global Co nfigurat ion Example dot1x default This comm and sets all co nfigurab le dot1x globa l an[...]
-
Page 329
Authentication Command s 4-87 4 dot1x max- req This co mmand sets the m aximum numb er of tim es the s witch p ort will re transm it an EAP request/identity packet to the client before it times out the authentication session . Use the no form to r estore t he def ault. Syntax dot1x ma x-req count no dot1x max- req count – The m aximum number o f [...]
-
Page 330
Command L ine Interface 4-88 4 dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho ri zed port . Use t he no f orm wi th no keywo rds to re store the de fault to single h ost. U se the no form with the multi-host max-count keywords to restore the default maximum c ount. Syntax dot1x o perati[...]
-
Page 331
Authentication Command s 4-89 4 Command Mode Privileged Exec Example dot1x re-aut hentication This comm and enabl es periodi c re-auth entication globally for all ports. Use the no form to disa ble re-aut henticat ion. Syntax [ no ] dot1x re-a uth enti ca tion Command Mode Interfa ce Configur ation Example dot1x timeout quiet- period This comm and [...]
-
Page 332
Command L ine Interface 4-90 4 dot1x timeout re-auth period This comm and se ts the time pe riod after wh ich a conne cted clie nt must be re-authe nticated . Syntax dot1x ti meout re-a uthperiod seconds no dot1x timeou t re-authperiod secon ds - The number of sec onds. (Range: 1-65535) Default 3600 se conds Command Mode Interfa ce Configur ation E[...]
-
Page 333
Authentication Command s 4-91 4 Syntax show d ot1x [ statistics ] [ in terfac e inte rfac e ] • statistics - Displa ys dot 1x statu s for each por t. • interfa ce • etherne t unit / port - unit - This is u nit 1. - port - Port num ber. (Rang e: 1-26/ 52) Command Mode Privileged Exec Command Usage This command displays the following informatio[...]
-
Page 334
Command L ine Interface 4-92 4 - Port- contr ol – Show s the do t1x mode on a po rt as au to, force-au thorized , or force- unautho rized (pag e 4-87). - Supplican t – MAC ad dress of authorize d client. - Current Ident ifier – The i nteger (0 -255) used by the Au thentic ator to identify t he curren t authentic ation se ssion. • Authentica[...]
-
Page 335
Authentication Command s 4-93 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is disabled o[...]
-
Page 336
Command L ine Interface 4-94 4 Network Access The Netw ork Acces s feature co ntrols hos t access to the networ k by authe nticating its MAC a ddress o n the co nnected switch port. T raffic rece ived from a spec ific MA C address is forwarde d by the swi tch only if th e source MA C addres s is succe ssfully authenti cated by a central RAD IUS ser[...]
-
Page 337
Authentication Command s 4-95 4 Command Usage • W hen enabl ed on a port interface, the authent ication pro cess sends a Passwo rd Authent ication Prot ocol (PA P) reques t to a configured R ADIU S server . The usernam e and pa ssword ar e both equ al to the MAC address being auth entica ted. • On the RADIUS server, PAP u sername and p asswords[...]
-
Page 338
Command L ine Interface 4-96 4 Command Mode Interfa ce Configur ation Command Usage The max imum nu mber of MAC add resse s per port is 1024, a nd the m aximum number of secure MAC add resses su pported for the swit ch system i s 1024. When t he lim it is re ached , all new MAC addr esses a re treat ed a s authentication faile d. Example network-ac[...]
-
Page 339
Authentication Command s 4-97 4 Example The follow ing exam ple creat es MAC filter 1 and adds M AC addr ess 00-00-E 8-12-1 1-01 to the fil ter . network-ac cess por t-mac-filter Use this command t o apply a MAC add ress filte r to a port int erface. Us e the no form of this comm and to re move a MA C address filter from an interface. Syntax networ[...]
-
Page 340
Command L ine Interface 4-98 4 Command Usage • When enabled, the VLAN identifi ers returned b y the RADIUS server will be applied t o the port, prov iding the V LANs hav e been alread y create d on the switch. GVRP is not used to create the VLANs. • The VLAN set tings spec ified by the first authenti cated MA C address are implemen ted for a po[...]
-
Page 341
Authentication Command s 4-99 4 clear networ k-access Use this comman d to clear en tries from the secur e MAC ad dresses table. Syntax clear net work-ac cess mac -address -table [ static | dynamic ] [ addres s mac-addres s ] [ interface in terface ] • static - Spe cifies stat ic address entries. • dynamic - Sp ecifies d ynamic add ress ent rie[...]
-
Page 342
Command L ine Interface 4-100 4 Example show ne twork-ac cess mac-fi lter Use this comma nd to display MAC authen tication filt ers. Syntax show n etwork- access m ac-fil ter [ filter-i d ] filte r-id - S pecifies a filter number . (Range: 1-64) Default Sett ing Displays all filters. Command Mode Privileged Exec Example show ne twork-ac cess mac-a [...]
-
Page 343
Authentication Command s 4-101 4 • etherne t unit / port - unit - This is unit 1. - port - Port num ber. (Rang e: 1-26/ 52) • sort - Sorts di splayed entries by e ither MAC ad dress or interface. Default Sett ing Displays all filters. Command Mode Privileged Exec Command Usage When usi ng a bit mas k to filter disp layed M AC addre sses, a 1 m [...]
-
Page 344
Command L ine Interface 4-102 4 Access Control List Com mands Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 prot ocol port number or TCP c ontrol cod e) or any fram es (bas ed on MAC address or Et hernet type ). To filter pac kets, firs t create an ac cess list, ad d the requ ired rule[...]
-
Page 345
Access Control List Commands 4-103 4 IP ACLs access-l ist ip This co mmand adds an IP acce ss lis t and e nters con figuratio n mo de for stan dard or extende d IP ACLs . Use the no form to remove the sp ecified ACL. Syntax [ no ] access-list ip { stan dar d | exte nded } acl_na me • standar d – Specifie s an ACL that fil ters packet s based on[...]
-
Page 346
Command L ine Interface 4-104 4 Command Usage • W hen you crea te a n ew ACL or enter configu ration m ode f or an e xisting AC L, use the permit or deny command to add new rules to th e bottom of the list. To create an AC L, you mus t add at leas t one rule to th e list. • To remove a rule, use the no permit or no deny co mmand followed by the[...]
-
Page 347
Access Control List Commands 4-105 4 Example This examp le config ures one pe rmit rule for the specif ic address 10 .1.1. 21 and another rule for the ad dress ran ge 168.9 2.16.x – 168. 92.31.x us ing a bitm ask. Related Commands access- list ip (4-103) permit , deny (Extended ACL) This comm and adds a r ule to an Exten ded IP ACL. The rule sets[...]
-
Page 348
Command L ine Interface 4-106 4 Default Sett ing None Command Mode Ext ended ACL Command Usage • Al l new rules ar e appende d to the end of the list. • Add ress bi tmasks ar e similar to a subn et mask , contai ning four int egers fr om 0 to 25 5, each separa ted by a peri od. The binary mask uses 1 b its to in dicate “match” an d 0 bits t[...]
-
Page 349
Access Control List Commands 4-107 4 This perm its all TCP packets from class C addres ses 192.1 68.1.0 with t he TCP control code set to “SYN.” Related Commands access- list ip (4-103) show ip access-list This comm and disp lays the ru les for confi gured IP ACL s. Syntax show i p acce ss-list { standard | exten ded } [ acl _nam e ] • standa[...]
-
Page 350
Command L ine Interface 4-108 4 Command Usage • A por t can only be bound to one ACL. • If a po rt is already bound to an ACL and you bind it to a differe nt ACL, the switch will replace the old binding with the new one. • You must con figure a m ask for an A CL rule befor e you can bind it to a port. Example Related Commands show ip acc ess [...]
-
Page 351
Access Control List Commands 4-109 4 Command Usage A packet matchi ng a rule within the specified ACL i s mapped to one of the output que ues as shown in t he follow ing table. For informat ion on m apping th e CoS v alues to out put que ues, s ee queue cos -ma p on page 4-201. Example Related Commands queue co s-map (4 -201) show m ap access -list[...]
-
Page 352
Command L ine Interface 4-110 4 MAC ACLs access-l ist mac Thi s com mand a dds a MAC acces s li st a nd en ters MAC ACL co nfi gur ation mod e. Use t he no form to rem ove the sp ecified ACL . Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL. (Maximum length: 16 characters) Default Sett ing None Command Mode Global Co nfigurat i[...]
-
Page 353
Access Control List Commands 4-111 4 Related Commands permit, de ny (MAC ACL) (4-1 1 1 ) mac acce ss-g roup (4-1 12) show mac a ccess -list ( 4-1 12 ) permit , deny (MAC ACL) This comm and adds a rule to a MAC AC L. The rule filters packets matc hing a specifie d MAC so urce or de stination a ddres s (i.e., phys ical laye r address ), or Ethernet p[...]
-
Page 354
Command L ine Interface 4-112 4 Example This rule pe rmits packets from an y source M AC addr ess to th e destinat ion addr ess 00- e0- 29-94- 34-d e wh ere t he E the rnet type is 0800. Related Commands access -list mac (4 -1 10) show ma c access-l ist This comm and disp lays the ru les for confi gured MA C ACLs. Syntax show m ac ac cess- list [ a[...]
-
Page 355
Access Control List Commands 4-113 4 Command Usage • A por t can only be bound to one ACL. • If a po rt is already bound to an ACL and you bind it to a differe nt ACL, the switch will replace the old binding with the new one. Example Related Commands show mac a ccess -list ( 4-1 12 ) show ma c access-g roup This comm and show s the ports assign[...]
-
Page 356
Command L ine Interface 4-114 4 Command Usage • You must c onfigure an ACL ma sk befo re you can map CoS valu es to the rule. • A pac ket matc hing a rule w ithin the sp ecified ACL is mapped t o one of the output q ueues as sh own b elow. Example Related Commands queue c os-map (4-20 1) show m ap acce ss-list mac (4 -1 14) show ma p access-l i[...]
-
Page 357
Access Control List Commands 4-115 4 ACL I nfo rmat ion show ac cess-list This co mmand shows a ll ACLs and associate d rules, as we ll as all the us er-defin ed masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n interface (i.e ., the ACL is active), the order in which th e rules are di splayed is determ ined by the ass [...]
-
Page 358
Command L ine Interface 4-116 4 SNMP Commands Controls a ccess to th is switch fr om management s tations using the Simp le Network Manage ment Prot ocol (SNM P), as well as the error ty pes sent to trap mana gers. SNMP V ersion 3 al so provid es secu rity features that cove r messa ge integrit y , authent ication , and encrypt ion; as we ll as con[...]
-
Page 359
SNMP Commands 4-117 4 snmp-server This comm and ena bles the SNMPv 3 engine and services fo r all managem ent clients (i.e., versions 1, 2c, 3). Use the no form to disable the server . Syntax [ no ] sn mp-s erver Default Sett ing Enabled Command Mode Global Co nfigurat ion Example show snmp This comm and ca n be used to check the sta tus of SNM P c[...]
-
Page 360
Command L ine Interface 4-118 4 Example snmp-server communit y This comm and define s the SNMP v1 and v2c commu nity acces s string. Use the no form to rem ove the sp ecified co mmun ity string. Syntax snmp-s erver comm unity st ring [ ro | rw ] no snmp-s erver com muni ty string • strin g - Commu nity strin g that acts l ike a pass word an d per[...]
-
Page 361
SNMP Commands 4-119 4 • pr ivate - Re ad/wr ite acce ss. A uthorize d manag ement stations are abl e to bo th ret rieve and modif y MIB obje cts. Command Mode Global Co nfigurat ion Example snmp-server cont act This comm and se ts the system contact string . Use the no form to remove the system cont act informa tion. Syntax snmp-s erver contact s[...]
-
Page 362
Command L ine Interface 4-120 4 Command Mode Global Co nfigurat ion Example Related Commands snmp- server co ntact (4-1 19) snmp-server host Thi s com mand s pec ifie s th e re cipi ent o f a Sim ple Ne two rk Ma nagem ent Prot ocol notificat ion operat ion. Use the no f orm t o remove th e specif ied host. Syntax snmp-s erver host hos t-addr [ inf[...]
-
Page 363
SNMP Commands 4-121 4 • SNMP Ve rsion: 1 • UDP Port: 162 Command Mode Global Co nfigurat ion Command Usage • If yo u do not ente r an snmp- server hos t comm and, no not ifications ar e sent. In ord er to co nfigur e the switch to sen d SNM P noti fications , you m ust e nter a t least one snm p-serve r host c omma nd. In or der to en able m [...]
-
Page 364
Command L ine Interface 4-122 4 suppo rts. If the snm p-serve r host comm and does no t spec ify the SNM P version, the defaul t is to send SNM P version 1 no tification s. • If you speci fy an SN MP Vers ion 3 ho st, then th e commun it y strin g is interpret ed as an SNMP use r name. If you use the V3 “auth” or “priv” options, the user [...]
-
Page 365
SNMP Commands 4-123 4 conjunc tion with the correspond ing entrie s in the Notify View assigned by the snmp-s erver gro up com mand (p age 4-126). Example Related Commands snmp- server ho st (4-12 0) snmp-server engi ne-id This comm and conf igures an id entificat ion string for the SNMP v3 engine. Use the no form to restore the default. Syntax snm[...]
-
Page 366
Command L ine Interface 4-124 4 • A l ocal eng ine ID is au tomaticall y generate d that is un ique to the switch . This is referred to as the defau lt engine ID. If the loca l engine ID is dele ted or changed, all SNMP users will be clear ed. You will need t o reconfigure al l existing use rs (page 4 -128). Example Related Commands snmp-se rver [...]
-
Page 367
SNMP Commands 4-125 4 snmp-server vi ew This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove a n SNM P view. Syntax snmp-s erver view view-na me oid-tree { includ ed | exclude d } no snmp-s erver vi ew view -name • view-name - Name of a n SNM P v iew. (Ran ge: 1- 64 cha racters) • oid-tre e - O bje c[...]
-
Page 368
Command L ine Interface 4-126 4 show snmp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp-server gr oup This comm and adds a n SNMP gr oup, mapp ing SNMP us ers to SNM P views. Use the no form to remove an SNMP gro up. Syntax snmp-s erver gro up grou pname { v1 | v2c | v3 { auth | noa uth | priv }}[...]
-
Page 369
SNMP Commands 4-127 4 Default Sett ing • Def ault grou ps: public 23 (read on ly), priv ate 24 (read/w rite) • readvi ew - Every obj ect belonging to the Inte rnet OID space (1.3.6.1). • writ eview - Not hing is defi ned. • notifyvie w - Nothi ng is de fine d. Command Mode Global Co nfigurat ion Command Usage • A gr oup sets t he access p[...]
-
Page 370
Command L ine Interface 4-128 4 snmp-server use r Thi s com mand a dds a use r to an SN MP gr oup, res tri ctin g th e user to a spe cifi c SNMP Re ad, Write, or No tify View . Use the no form to remove a user from an SNM P group. Syntax snmp-s erver use r username gro upname [ remo te ip-a ddress ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sh [...]
-
Page 371
SNMP Commands 4-129 4 • rem ote - Sp ecifies an S NMP engi ne on a rem ote device. • ip-a ddre ss - The Interne t addres s of the remo te device. • v1 | v2c | v3 - Use SNMP ve rsion 1, 2c o r 3. • encr ypte d - Accepts the pa sswor d as encryp ted input . • auth - Uses SNM Pv3 w ith auth entica tion. • md5 | sha - Use s MD5 or SHA authe[...]
-
Page 372
Command L ine Interface 4-130 4 show snmp user This comma nd shows informatio n on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP remote user EngineId: 80000000030004e2[...]
-
Page 373
Interface C ommands 4-131 4 Interface Commands Thes e comma nds ar e used t o disp lay or set comm unic atio n pa rame ters for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an interfac e type and en ter interfa ce configu ration mo de. Use t he no form to r emove a trunk. Syntax inte rfac e in terf ac e no inter[...]
-
Page 374
Command L ine Interface 4-132 4 Command Mode Global Co nfigurat ion Example T o specify port 24, enter the following command: descri ption This comm and adds a desc ription to an interface. Use the no for m to remove t he descri ption. Syntax description string no description string - Comment or a description to help you remember what is attached t[...]
-
Page 375
Interface C ommands 4-133 4 Default Sett ing • Aut o-nego tiation is en abled by def ault. • W hen aut o-negot iation is disabled , the default sp eed-d uplex s etting is 100hal f for 100BASE- TX ports and 10 00full for Gigabit Ethernet ports. Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • To f orce ope rat[...]
-
Page 376
Command L ine Interface 4-134 4 • If autonegotiati on is disabled, aut o-MDI/MDI-X pin si gnal configuration will also be disa bled for the RJ-45 ports. Example The fo llowing example conf igures p ort 1 1 to use au tonegot iation. Related Commands capabili ties (4 -134) speed-d uplex (4 -132) capabiliti es Thi s comma nd adve rti ses th e port c[...]
-
Page 377
Interface C ommands 4-135 4 Example The follo wing exa mple conf igures Et hernet po rt 5 capabil ities to 10 0half, 10 0full and fl ow cont rol. Related Commands negotiat ion (4-133 ) speed-d uplex (4 -132) flo wcon tro l (4-1 35 ) flowcontrol This comm and enabl es flow control. Use th e no form to di sabl e flo w contr ol. Syntax [ no ] flowcont[...]
-
Page 378
Command L ine Interface 4-136 4 Example The follow ing exam ple enable s flow con trol on port 5. Related Commands negotiat ion (4-133 ) capa bilities ( flowcontrol, symmetric) (4 -134) shutdown This comm and disa bles an int erface. T o restart a disabled interfac e, use the no form . Syntax [ no ] shut down Default Sett ing All interface s are en[...]
-
Page 379
Interface C ommands 4-137 4 switchpo rt broadcast pa cket-rate This comm and conf igures bro adcas t storm cont rol. Use the no form to disable broadca st st orm c ontrol. Syntax switchport broadc ast octet-rate rate no switchport broadc ast rate - Threshold level as a rate; i.e., octets per second. (Range: 64-95232000 ) Default Sett ing Enab led f[...]
-
Page 380
Command L ine Interface 4-138 4 Command Mode Privileged Exec Command Usage S t atistics ar e only initial ized for a p ower reset. This c ommand sets th e base value fo r displaye d statistics t o zero for the current managem ent se ssion . How ever , if you log out and ba ck in to t he ma nage ment int erfa ce, the s tat isti cs displayed will sho[...]
-
Page 381
Interface C ommands 4-139 4 Example show inte rfaces counter s This comm and disp lays in terface statistic s. Syntax show i nterface s cou nters [ interface ] inte rface • etherne t unit / port - unit - This is unit 1. - port - Por t number. (R ange: 1-2 6/52) • port-chann el cha nnel-id (Rang e: 1-4 ) Default Sett ing Shows the co unters for [...]
-
Page 382
Command L ine Interface 4-140 4 Example show inte rfaces swi tchport This comm and disp lays the adminis trative an d operatio nal status of the spe cified int er fac es. Syntax show i nterface s swi tchport [ interfac e ] inte rface • etherne t unit / port - unit - This is unit 1. - port - Por t nu mber . (Ra nge: 1-26 /52) • port-chann el cha[...]
-
Page 383
Interface C ommands 4-141 4 Example This examp le show s the configu ration set ting for port 24. Console#show interfaces switchport ethern et 1/24 Broadcast threshold: Enabled, 6 00 octets/second LACP status: Enabled Ingress rate limit: disable, Level: 30 Egress rate limit: disable, Level: 30 VLAN membership mode: Hybrid Ingress rule: Disabled Acc[...]
-
Page 384
Command L ine Interface 4-142 4 Mirror Port Commands This secti on descr ibes how to mirror traffic from a so urce por t to a target port. port monitor This c omman d conf igures a mirro r sess ion. U se the no fo rm to clear a m irror session . Syntax port mo nitor interfa ce [ rx | tx ] no port monitor in te rfac e • int er fac e - ethern et un[...]
-
Page 385
Mirror Port Command s 4-143 4 Example The follow ing exam ple configur es the swi tch to mirr or receive d packets from port 6 to 1 1: show port monitor This c ommand displ ays mir ror inf ormation. Syntax sh ow port mon itor [ in terf ace ] inte rface - ethernet unit / port (source port) • unit - This is unit 1. • port - Por t nu mber . (Ra ng[...]
-
Page 386
Command L ine Interface 4-144 4 Rate Limit Commands This funct ion allows the network manager to control th e maximum rate for traffic transmi tted or recei ved on an in terface. R ate limiti ng is configur ed on interf aces at the edge of a network to limit tr affic into or out of the network. T raff ic that falls within the rate limi t is transmi[...]
-
Page 387
Rate Limit Commands 4-145 4 Example rate-limit gra nularity Use this com mand to define t he rate lim it granular ity for the Fas t Ethernet ports, and the Gigab it Ethernet por ts. Use the no form of this comm and to re store the de fault setting. Syntax rate- lim it { fastethernet | gigabitethernet } granularity [ granularity ] no r ate-lim it { [...]
-
Page 388
Command L ine Interface 4-146 4 Command Usage • For Fast Ethe rnet int erfaces, th e rate limit gr anulari ty is 512 Kb ps, 1 Mbp s, or 3.3 Mbp s. • For Gigabit Et hernet inter faces, th e rate limit gran ularity is 33.3 Mbps. Example Link Aggregation Comma nds Ports can be statica lly groupe d into an aggr egate link (i. e., trunk) t o increas[...]
-
Page 389
Link Aggr egation Command s 4-147 4 Guidelines for Creati ng Trunks General Guidelines – • Fi nish co nfiguring p ort trun ks befor e you connect the co rrespon ding net work cabl es be twe en sw itc hes to av oid c rea ting a lo op. • A tr unk can hav e up to eig ht ports. • The ports at both ends o f a connect ion must be configur ed as t[...]
-
Page 390
Command L ine Interface 4-148 4 Command Usage • W hen con figuring st atic trun ks, the sw itches mu st comp ly with the Cisc o EtherCh annel stand ard. •U s e no channel-gr oup to remove a po rt group from a trunk. • U se n o interf aces port -channel to remove a tru nk from t he switch. Example The follow ing exam ple creat es trunk 1 and t[...]
-
Page 391
Link Aggr egation Command s 4-149 4 Example The follow ing shows L ACP en abled on po rts 1 1 -13. Beca use LACP has also be en enabled on the ports at the oth er end of t he links, the s how interf aces status port-chann el 1 c omma nd show s th at Trunk 1 has bee n establis hed. lacp system- priority This c ommand conf igures a port's LACP s[...]
-
Page 392
Command L ine Interface 4-150 4 Command Mode Interfa ce Configur ation (Eth ernet) Command Usage • Por t must be co nfigured with the s ame system priority to join the sam e LAG. • Sys tem pr iority is comb ined with the s witch’ s MAC addr ess to form the LAG ide nti fier . Th is i dent ifi er i s us ed to indi cat e a sp ecif ic LAG d urin [...]
-
Page 393
Link Aggr egation Command s 4-151 4 • O nce the rem ote side of a link has been establis hed, LACP op eratio nal settings are already in use on that side. Configu ring LACP settings f or the partne r only applies to its adm inistrative state, not its operat ional sta te, and will only tak e effect the ne xt time an aggregat e link is esta blished[...]
-
Page 394
Command L ine Interface 4-152 4 lacp port-priorit y This comm and conf igures LA CP port pr iority . Use t he no form to restore th e default setting. Syntax lacp { actor | pa r t n e r } port-priority pri ority no lacp { actor | pa r t n e r } po rt-p rior ity • actor - Th e local side an ag gregat e link. • partner - The remote si de of an ag[...]
-
Page 395
Link Aggr egation Command s 4-153 4 Default Sett ing Port Ch annel: a ll Command Mode Privileged Exec Example Console#show lacp 1 counters Channel group : 1 ----------------------------------------- -------------------------------- Eth 1/ 1 ----------------------------------------- -------------------------------- LACPDUs Sent : 21 LACPDUs Received[...]
-
Page 396
Command L ine Interface 4-154 4 Console#show lacp 1 internal Port Channel : 1 ----------------------------------------- -------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ----------------------------------------- -------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin[...]
-
Page 397
Link Aggr egation Command s 4-155 4 Console#show lacp 1 neighbors Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ----------------------------------------- -------------------------------- Partner Admin System ID : 32768, 00-00- 00-00-00-00 Partner Oper System ID : 32768, 00-00-0 0-00-00-0[...]
-
Page 398
Command L ine Interface 4-156 4 Address Table Command s Thes e comma nds ar e used t o conf igur e the ad dres s ta ble fo r fil teri ng spe cif ied addr esse s, di spla yin g curr ent en tri es, cle arin g the t abl e, or sett ing th e agin g time . Console#show lacp sysid Port Channel System Priority Syste m MAC Address --------------------------[...]
-
Page 399
Address T abl e Commands 4-157 4 mac-addr ess-table stati c This comm and maps a static ad dress to a destination port in a VLAN. Use the no form to rem ove an addr ess. Syntax mac-ad dress-table s t atic mac -addres s interf ace in terf ace vlan vlan-i d [ ac tion ] no ma c-ad dress -t able st atic ma c-addr ess vlan vlan-id • mac-a ddress - MAC[...]
-
Page 400
Command L ine Interface 4-158 4 clear mac -address- table dynamic This comm and rem oves a ny learne d entries fro m the forwa rding da tabase and clears the transm it and rece ive counts for any static or syst em confi gured ent ries. Default Sett ing None Command Mode Privileged Exec Example show ma c-address-tab le This comm and show s classes o[...]
-
Page 401
Address T abl e Commands 4-159 4 means t o match a bi t and “1” mea ns to ignore a bit. For exam ple, a mas k of 00-00-0 0-00-0 0-00 means an exact m atch, and a m ask of FF-FF-FF -FF-FF-FF m eans “any .” • The maxim um num ber of addre ss entries is 8191. Example mac-addr ess-table agin g-time This comm and sets the agi ng time for entri[...]
-
Page 402
Command L ine Interface 4-160 4 Spanning Tree Command s This section include s comm ands that con figure th e S panning Tree Algorithm (S T A) globally fo r the switch , and com mands tha t configur e ST A for th e selected i nterface . T able 4-55 Span ning Tree Comman ds Comman d Function Mo de Page span nin g-tr ee Enabl es th e spann in g tree [...]
-
Page 403
Spanning Tree Commands 4-161 4 spanning-tr ee Thi s com mand en able s the S panni ng T ree Al gori thm gl obal ly f or t he sw itch. Use the no form to disab le it. Syntax [ no ] sp anning-tree Default Sett ing S panning tree is ena bled. Command Mode Global Co nfigurat ion Command Usage The S panning Tree Algorithm (ST A) can be used to dete ct a[...]
-
Page 404
Command L ine Interface 4-162 4 - This cre ates one sp anning tre e instance for the en tire netwo rk. If multipl e VLANs ar e impleme nted on a net work, the pa th betwe en spec ific VLAN memb ers may be inadverte ntly disabl ed to preven t network loops, thu s isolating group memb ers. Wh en op erating multip le VLANs , we r ecomm end selecti ng [...]
-
Page 405
Spanning Tree Commands 4-163 4 Global Co nfigurat ion Command Usage This command set s the maximum time (in seconds) the r oot device wil l wait before changing sta tes (i.e., di scarding to learni ng to forwa rding) . This delay is required becaus e every dev ice must re ceive in formatio n about to pology changes before it starts to forwar d fram[...]
-
Page 406
Command L ine Interface 4-164 4 spanning-tr ee max-age Thi s comma nd conf igu res th e span nin g tre e brid ge maxi mum age gl oba lly for th is switch. Use the no fo rm to res tore the defau lt. Syntax spanning-tree m ax-age seconds no spanning-tree max-age seconds - T ime in seconds. (Range: 6-40 seconds) The minimum value i s the higher of 6 o[...]
-
Page 407
Spanning Tree Commands 4-165 4 Command Mode Global Co nfigurat ion Command Usage Bridge prior ity is used in selecting the r oot device, root port, an d designa ted port. The de vice with th e highest pr iority (i.e. , lower num eric value ) becom es the ST A root device. How ever , if all devices hav e the same prior ity , the dev ice with the low[...]
-
Page 408
Command L ine Interface 4-166 4 spanning-tr ee transmi ssion-limit This c ommand conf igures t he min imum i nterval betwee n the transm ission of consecutive RSTP/MST P BPDUs. Use the no form to restore the default. Syntax spanning-tree tran smissi on-limit count no spanning-tree t ransmiss ion-limit count - The transmission limit in seconds. (Ran[...]
-
Page 409
Spanning Tree Commands 4-167 4 mst vlan Thi s com mand adds VLAN s to a sp anni ng tr ee i nst anc e. Us e the no form t o remove the spec ified VLA Ns. Usin g the no f orm without any V LAN parame ters to rem ove all VLANs. Syntax [ no ] mst instance_i d vlan vlan-r ange • instance _id - Insta nce ident ifier of the spa nning tree . (Ran ge: 0-4[...]
-
Page 410
Command L ine Interface 4-168 4 mst priori ty This c ommand conf igures t he prio rity of a spannin g tree instance. Use the no form to restor e the defaul t. Syntax mst instance_id prior ity priority no mst instance_ id prio rit y • instance _id - Insta nce ident ifier of the spa nning tree . (Ran ge: 0-4094) • priority - Priority of t he a s [...]
-
Page 411
Spanning Tree Commands 4-169 4 The MST re gion name an d revision numbe r (page 4-169) are us ed to designa te a unique M ST regio n. A bridge (i.e., spanning- tree comp liant dev ice suc h as th is s witc h) can only belo ng to one MST reg ion. And a ll br idg es in the same re gion must be configure d with the sam e MST in stances. Example Relate[...]
-
Page 412
Command L ine Interface 4-170 4 Default Sett ing 20 Command Mode MST Conf iguration Command Usage An MSTI regi on is treated as a single node by the STP and RSTP pr otocols. Ther ef ore, th e mess age ag e for B PDUs in side an MSTI regio n is nev er changed. Howeve r , each spannin g tree instance w ithin a regi on, and the internal s panning tree[...]
-
Page 413
Spanning Tree Commands 4-171 4 The recommended r ange is: •Etherne t: 200,000 -20,000 ,000 •Fast Ethe rnet: 20,000 -2,000 ,000 •Gigab it Ethernet: 2, 000-200 ,000 Default Sett ing By default , the system automat ically de tects the spee d and dup lex mod e used on eac h port , and co nfi gur es the p ath co st acc ord ing to t he val ues sh o[...]
-
Page 414
Command L ine Interface 4-172 4 Command Usage • Thi s comman d define s the priority for the use of a port in the Spann ing Tree Alg orit hm. I f th e path co st f or al l port s on a swit ch ar e the same, t he po rt wit h the highest priority (that is, lowest val ue) will be configu red as an active link in the spann ing tree. • W here mo re [...]
-
Page 415
Spanning Tree Commands 4-173 4 spanning-tr ee portfast This comm and sets an int erface to fas t forwardi ng. Use th e no form to d isable fast forwar ding. Syntax [ no ] sp anning-tree portfast Default Sett ing Disabled Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • Thi s com mand is u sed to enable/ disable t[...]
-
Page 416
Command L ine Interface 4-174 4 Default Sett ing auto Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • Spe cify a po int-to-point link if the inter face can only be conn ected to exa ctly one oth er bridge , or a sh ared lin k if it can be conne cted to two or m ore br idges. • W hen au tomatic de tecti on is s[...]
-
Page 417
Spanning Tree Commands 4-175 4 Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • Eac h spann ing-tree in stance is as sociated w ith a uniq ue set of VLAN I Ds. • Thi s comman d is used by the multiple spanning -tree alg orithm to det ermine the best pat h between devices . Therefor e, lower val ues should be as[...]
-
Page 418
Command L ine Interface 4-176 4 Example Related Commands spanning-tr ee ms t cost (4-174) spanning-tr ee protoc ol-migratio n This comm and re-c hecks the app ropria te BPDU for mat to send on the selected int er fac e. Syntax spanning-tree protocol-migra tion interface inte rface • etherne t unit / port - unit - Stack un it. (Range : Always 1) -[...]
-
Page 419
Spanning Tree Commands 4-177 4 • port-chann el cha nnel-id (Rang e: 1-32) • instance _id - Insta nce ident ifier of the m ultiple spa nning tree . (Range: 0-409 4, no leadin g zero es) Default Sett ing None Command Mode Privileged Exec Command Usage •U s e t h e show s panning-tree comman d with no pa rameter s to disp lay the spannin g tree [...]
-
Page 420
Command L ine Interface 4-178 4 show spanning-tree mst configura tion This c ommand shows the c onfigu ration of the multiple spanning tree. Command Mode Privileged Exec Example ----------------------------------------- ---------------------- Eth 1/ 1 information ----------------------------------------- ---------------------- Admin status: enable [...]
-
Page 421
VLAN Commands 4-179 4 VLAN Commands A VLAN is a gro up of ports that ca n be located anywher e in the netwo rk, but comm unicate as t hough they belong to the same ph ysical segment . This sect ion describes comma nds use d to create VL AN groups, add port mem bers, sp ecify how VLAN taggi ng is used, a nd en able a utomatic VLAN registr ation for [...]
-
Page 422
Command L ine Interface 4-180 4 Example Related Commands show vlan (4-187) vlan This co mmand configur es a VLA N. Use the no form to restore th e default settin gs or de lete a V LA N. Syntax vlan vlan-i d [ name vlan -name ] media et hernet [ state { acti ve | suspend }] no vlan vlan-id [ nam e | state ] • vlan-i d - ID of con figured VL AN. (R[...]
-
Page 423
VLAN Commands 4-181 4 Configuring VLAN Inte rfaces interfac e vlan This comm and ente rs interface co nfigurat ion mode fo r VLANs, whic h is used to configur e VLAN parame ters for a ph ysical inter face. Syntax interf ace vlan vlan-i d vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) Default Sett ing None Command Mode Globa[...]
-
Page 424
Command L ine Interface 4-182 4 switchpo rt mode This comm and conf igures the VLAN me mbersh ip mode for a por t. Use the no form to restor e the defaul t. Syntax switchport mode { trunk | hyb rid | pri vate- vl an } no switchport mode • trunk - Spe cifies a por t as an end-poi nt for a V LAN trun k. A trunk is a dire ct link betw een two switch[...]
-
Page 425
VLAN Commands 4-183 4 Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage When set to receive all frame types , any receiv ed frames t hat are un tagged are assigne d to the defau lt VLAN. Example The follow ing exam ple shows how to restric t the traffic rece ived on port 1 to tagged fram es : Related Commands switch p[...]
-
Page 426
Command L ine Interface 4-184 4 Example The follow ing exam ple shows how to set the i nterface to port 1 and then enable ingress fil tering: switchpo rt native v lan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to rest ore the d efault. Syntax switchpo rt nativ e vlan vlan-i d no switchp ort nati ve vlan vla[...]
-
Page 427
VLAN Commands 4-185 4 switchpo rt allowe d vlan This c ommand conf igures V LAN gr oups on the se lected interfac e. Us e the no form to restor e the defaul t. Syntax switchpo rt allow ed vlan { add vlan-list [ t agged | untagged ] | remo ve vlan -li st } no switchp ort allow ed vlan • add vlan-l ist - Lis t of VLA N ide nti fier s t o add . • [...]
-
Page 428
Command L ine Interface 4-186 4 switchpo rt forbidden vlan This c ommand configur es forbi dden V LANs. Use th e no form to re move the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan -list | remove vlan-list } no switchp ort forbi dden vlan • add vlan-l ist - Lis t of VLA N ide nti fier s t o add . • remo ve vlan-l ist - [...]
-
Page 429
VLAN Commands 4-187 4 show vl an This c ommand shows VLAN inform ation. Syntax show v lan [ id vlan-id | name vlan -na me | priv ate- vlan priv ate-vlan -type ] • id - Key word to be foll owed by the VLAN ID. - vlan-i d - ID of the c onfigure d VLAN. (Range : 1-409 4, no lead ing zer oes) • name - Keyw ord to be follow ed by the VLAN name. - vl[...]
-
Page 430
Command L ine Interface 4-188 4 Configuring Pri vate VLANs Private VLA Ns prov ide port-bas ed secu rity and isolat ion betwee n ports within the assign ed VLAN. Thi s switch sup ports two types of private VLAN s: primary/ secondar y asso ciated gro ups, and stand-alo ne isolate d VLANs. A prim ary VLAN cont ai ns pr omisc uous port s tha t can com[...]
-
Page 431
VLAN Commands 4-189 4 3. U se th e switc hport m ode private-vl an c omman d to config ure ports as promiscuous (i .e., havi ng access to all ports in the primary VLAN) or host (i. e., comm unity port). 4. U se th e switc hport private-vlan host-associati on command to as sign a por t to a secondar y VLAN. 5. U se th e swit chpor t priv ate- vlan m[...]
-
Page 432
Command L ine Interface 4-190 4 an asso ciated “prim ary” V LAN tha t cont ains p romiscu ous por ts. Wh en us ing an isolat ed VLAN, it mus t be con figured to contai n a sin gle prom iscuous port. • Por t membe rship for pri vate VLANs is static. Onc e a port has bee n assigne d to a private VLAN , it cannot be dynamically moved t o another[...]
-
Page 433
VLAN Commands 4-191 4 switchpo rt mode priv ate-vlan Use this com mand to set the pri vate VLAN mode fo r an interfac e. Use the no form to restore t he default setting. Syntax switchpo rt mo de private- vlan { host | promiscuous } no switchport mode private-vlan • host – This por t type can sub seque ntly be assign ed to a com munity or isolat[...]
-
Page 434
Command L ine Interface 4-192 4 Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage All ports assign ed to a seco ndary (i.e., co mmunit y) VLAN ca n pass traffic between group m embers, but must co mmuni cate with resource s outside of th e group via pr omiscuou s ports in the ass ociated pr imary VLAN . Example swit c[...]
-
Page 435
VLAN Commands 4-193 4 switchpo rt private-v lan mapping Use this com mand to m ap an interfac e to a primary VLAN. Use th e no form to remov e this mapp ing. Syntax swit chpor t pr ivat e-vl an ma pping pr imar y-vl an-i d no switchp ort privat e-vlan map ping primary-vlan-id – ID of primary VLAN. (Range: 1-4094, no leading zeroes). Default Sett [...]
-
Page 436
Command L ine Interface 4-194 4 Example GVRP and Bridge Extens ion Commands GARP VL AN Regist ration Pro tocol define s a way for sw itches to ex change VLA N inform ation in order to automa tically regis ter VLAN mem bers on int erface s across the netwo rk. This se ction de scribes how to enabl e GVRP for individ ual interfa ces and globa lly for[...]
-
Page 437
GVRP and Bridge Exten sion Commands 4-195 4 Example show bridg e-ext This comm and show s the con figuratio n for bridge ext ension comma nds. Default Sett ing None Command Mode Privileged Exec Command Usage See “Enabl ing or Disab ling GVRP ( Global Setting) ” on page 3-14 2 and “Dis playing Brid ge Extensio n Capabilities” on page 3 -13 f[...]
-
Page 438
Command L ine Interface 4-196 4 show gv rp configuration This c ommand shows if G VRP is enabl ed. Syntax show g vrp configur ation [ in terface ] inte rface • etherne t unit / port - unit - This is unit 1. - port - Por t nu mber . (Ra nge: 1-26 /52) • port-chann el cha nnel-id (Rang e: 1-4) Default Sett ing Shows bo th global an d interface- s[...]
-
Page 439
GVRP and Bridge Exten sion Commands 4-197 4 Command Usage • Gro up Ad dress Registrati on Protoc ol is u sed by GVR P and GMRP to r egister or deregi ster cl ient att rib utes for cli ent servi ces wit hin a bri dged L AN. The default v alues for the G ARP tim ers are inde pendent of the media ac cess metho d or data rate. These va lues should no[...]
-
Page 440
Command L ine Interface 4-198 4 Related Commands garp time r (4-19 6) Priority Commands The comm ands des cribed in this sect ion allow yo u to specif y which data pack ets have grea ter preced ence whe n traffic is buffered in the switch du e to conges tion. This switch su pports CoS with four priority queues for each po rt. Data packets in a port[...]
-
Page 441
Priority Commands 4-199 4 queue mod e This comm and sets the que ue mo de to strict pri ority or Weighted Round- Robin (WR R) for the clas s of servi ce ( CoS) pri orit y que ues. Use t he no form to r es tore th e default va lue. Syntax queue mod e { strict | wrr } no queue mod e • strict - Se rvices the egress que ues in seq uential orde r, tra[...]
-
Page 442
Command L ine Interface 4-200 4 Default Sett ing The priorit y is not set, and the de fault val ue for untagged frames re ceived on the inter face is zero . Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • The preceden ce for pr iority map ping is IP Port, I P Preceden ce or IP D SCP, and defau lt switch port pri[...]
-
Page 443
Priority Commands 4-201 4 Command Mode Global Co nfigurat ion Command Usage WRR co ntro ls ban dwid th s hari ng at th e egre ss por t by de fini ng sch edul ing weights. Example Thi s exa mple show s how to assi gn WRR w eig ht s to prio rit y que ues 1 - 3: Related Commands show que ue bandw idth (4-202) queue cos -map This comm and assi gns clas[...]
-
Page 444
Command L ine Interface 4-202 4 Command Usage • CoS value s assigne d at the ingres s port are al so used at the e gress por t. • Thi s comman d sets th e CoS priority for all interface s. Example The follo wing exa mple show s how to map C oS values 0, 1 and 2 t o egress queue 0, value 3 to egress q ueue 1 , values 4 a nd 5 to e gress queue 2,[...]
-
Page 445
Priority Commands 4-203 4 Example show que ue cos-map This co mmand sho ws the cla ss of se rvice pr iori ty map. Syntax show q ueue cos-ma p [ interface ] inte rface • etherne t unit / port - unit - This is unit 1. - port - Port num ber. (Rang e: 1-26/ 52) • port-chann el cha nnel-id (Rang e: 1-4) Default Sett ing None Command Mode Privileged [...]
-
Page 446
Command L ine Interface 4-204 4 Priority Comma nds (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) This co mmand en ables I P port mapping (i.e., class of ser vice map ping f or TCP/UDP socke ts). Use th e no form to disa ble IP por t mappin g. Syntax [ no ] m ap ip port Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Us[...]
-
Page 447
Priority Commands 4-205 4 map ip port (Inte rface Confi guratio n) This command set IP p ort priority ( i.e., TCP/UDP port priority). Use the no form to remove a sp ecific setti ng. Syntax map ip port port numb er cos co s-va lue no map ip port por t-numb er • port -num be r - 1 6-bit T CP/UDP port number .(Range 1-6553 5) • cos-val ue - Clas s[...]
-
Page 448
Command L ine Interface 4-206 4 Example The follow ing exam ple shows how to enabl e IP precede nce m apping glob ally: map ip pr ecedence (Interface Configu ration) This co mmand sets IP prec edence p riority (i. e., IP T ype of Service p riority). U se the no form to restore the default t able. Syntax map ip preceden ce ip-prece dence -value cos [...]
-
Page 449
Priority Commands 4-207 4 map ip ds cp (Globa l Config uration) This comm and enabl es IP DSC P mappi ng (i.e., Differenti ated Services Code Poi nt mapping) . U se the no form to disa ble I P DSC P map ping . Syntax [ no ] m ap ip dscp Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • The preceden ce for pr iority map[...]
-
Page 450
Command L ine Interface 4-208 4 Default Sett ing The DS CP def ault valu es are de fin ed in the fol lowi ng t abl e. Not e that al l the DSCP values t hat a re not specified are m apped to CoS val ue 0. Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • The preceden ce for pr iority map ping is IP Port, I P Preced[...]
-
Page 451
Priority Commands 4-209 4 Default Sett ing None Command Mode Privileged Exec Example The follow ing shows t hat HTTP traffic ha s been map ped to CoS val ue 0: Related Commands map ip port ( Global Configuratio n) (4-204) map ip port (Interface Configurat ion) (4-2 05) show ma p ip precede nce This comm and show s the IP prec edenc e priority map .[...]
-
Page 452
Command L ine Interface 4-210 4 Example Related Commands map ip port ( Global Configuratio n) (4-204) map ip prec edence (I nterface Configurat ion) (4-2 06) show ma p ip dscp This command shows th e IP DSCP priority map . Syntax show m ap ip dscp [ interf ace ] inte rface • etherne t unit / port - unit - This is unit 1. - port - Por t nu mber . [...]
-
Page 453
Multicas t Filtering C ommands 4-211 4 Example Related Commands map ip dscp ( Global Co nfigurat ion) (4-20 7) map ip d scp ( Int erfac e Co nfi gura tion ) (4 -207 ) Multicast Filtering Comma nds This switc h uses IGM P (Internet Gr oup Mana gement Protocol ) to query for an y attached ho sts that want t o rece ive a s pecific multicas t se rvice.[...]
-
Page 454
Command L ine Interface 4-212 4 ip igmp sn ooping This comm and enables I GMP sn ooping o n this swi tch. Use t he no form to disa ble i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfigurat ion Example The follow ing exam ple enable s IGMP sno oping. ip igmp sn ooping v lan static This comm and adds a port t o[...]
-
Page 455
Multicas t Filtering C ommands 4-213 4 Command Mode Global Co nfigurat ion Example The follow ing shows h ow to staticall y configur e a multicas t group on a port: ip igmp sn ooping v ersion This c ommand config ures the IGM P snoo ping v ersion. Use the no form to restor e the defaul t. Syntax ip igmp s nooping version { 1 | 2 } no ip igmp snoopi[...]
-
Page 456
Command L ine Interface 4-214 4 Default Sett ing Disabled Command Mode Interface C onfigur ation (VLAN) Command Usage The IGM P snoop ing immed iate-le ave featur e enabl es a Layer 2 LAN int erface to be r emoved fr om th e mul tic ast forw ardi ng t abl e wi thout fi rst send ing an IGMP g roup -specific query to the interfac e. U pon rec eiving [...]
-
Page 457
Multicas t Filtering C ommands 4-215 4 Syntax show m ac-add ress-table mul ticast [ vl an vlan-id ] [ user | igmp - snooping ] • vlan-i d - VLAN ID (1 to 4094 ) • user - Display onl y the user-c onfigure d multic ast entries. • igmp-snooping - Display onl y entries lear ned throug h IGM P snoopin g. Default Sett ing None Command Mode Privileg[...]
-
Page 458
Command L ine Interface 4-216 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enables the sw itch as an IG MP quer ier . Use the no form to disable it. Syntax [ no ] ip igm p snooping quer ier Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage If enabled , the switch w ill serve as qu erier if electe[...]
-
Page 459
Multicas t Filtering C ommands 4-217 4 Default Sett ing 2 times Command Mode Global Co nfigurat ion Command Usage The que ry coun t de fines ho w long the q uerier waits for a res ponse f rom a multicas t client befor e taking a ction. I f a q uerier ha s se nt a nu mber of quer ies defined by thi s com mand, b ut a client h as no t respon ded, a c[...]
-
Page 460
Command L ine Interface 4-218 4 ip igmp sn ooping qu ery-max-re sponse-time This c ommand conf igures t he que ry rep ort de lay . U se the no form to restor e the default. Syntax ip igmp s nooping query-max -respons e-time seconds no ip igmp snooping que ry-max-respon se-time seconds - The report delay a dvertised in IGMP queries. (Rang e: 5-25) D[...]
-
Page 461
Multicas t Filtering C ommands 4-219 4 Default Sett ing 300 secon ds Command Mode Global Co nfigurat ion Command Usage The swit ch must use I GMPv2 for thi s command to t ake ef fect. Example The follow ing shows h ow to con figure the def ault time out to 300 sec onds: Related Commands ip i gmp s noo ping ver sion (4- 213) Static Mul ticast Routin[...]
-
Page 462
Command L ine Interface 4-220 4 Command Usage Depend ing on your net work conn ection s, IGMP snooping ma y not alway s be able to loca te the IGMP querier . Therefor e, if the IGMP querier is a known multicast router/ switch conne cted ove r the netwo rk to an inte rface (port or tru nk) on your ro uter , you can man uall y configur e th at int er[...]
-
Page 463
Multicas t Filtering C ommands 4-221 4 IGMP Filterin g and Throttling Commands In certain swit ch applica tions, th e administr ator may want to contr ol the mul ticast services t hat are avai lable to en d users. For exampl e, an IP/TV ser vice based on a specific subscripti on plan. The I GMP filter ing featur e fulfills this re quiremen t by res[...]
-
Page 464
Command L ine Interface 4-222 4 • IG MP filtering and throttlin g only appli es to dyna mically lear ned multic ast groups, it does not appl y to statica lly configu red group s. • The IG MP fil teri ng fe atur e oper ates in the sa me manne r whe n MVR is used to f orw ard the mu lti cast tra ffi c. Example ip igmp profi le This comm and crea [...]
-
Page 465
Multicas t Filtering C ommands 4-223 4 Command Usage • Eac h profile has only one ac cess mod e; either permit or deny . • W hen th e acces s m ode is s et to perm it, IGMP join reports are proces sed when a mul ticast grou p falls within t he contr olled rang e. When the access mode is set to deny, IGM P join repo rts are only pr ocessed w hen[...]
-
Page 466
Command L ine Interface 4-224 4 Default Sett ing None Command Mode Interfa ce Configur ation Command Usage • The IGMP filtering pro file must first be c reated wi th the ip igmp profil e comm and befor e being ab le to assign it to an interfa ce. • O nly one prof ile can be as signed to an i nterface . • A pr ofile can b e assigned to a trunk[...]
-
Page 467
Multicas t Filtering C ommands 4-225 4 Example ip igmp ma x-groups acti on This comm and se ts the IGMP throt tling action for an inter face on the sw itch. Syntax ip igmp max-g roup s acti on < re place | deny > • replace - The new mul ticast gro up replaces an existin g group. • deny - The ne w multica st group join report is dropp ed. [...]
-
Page 468
Command L ine Interface 4-226 4 Command Mode Privileged Exec Example show ip igmp profile This comm and disp lays IGMP f iltering prof iles crea ted on the sw itch. Syntax show ip igmp profile [ profile-numbe r ] profile-number - An existing IGMP filter profile number . (Range: 1-4294967295) Default Sett ing None Command Mode Privileged Exec Exampl[...]
-
Page 469
Multicas t Filtering C ommands 4-227 4 • port-chann el cha nnel-id (Rang e: 1-4) Default Sett ing None Command Mode Privileged Exec Command Usage Usi ng t his comma nd wit hout spe cif yin g an i nter fac e di spla ys al l in ter fac es. Example Multicast VLAN Registrat ion Commands Thi s sec tio n desc ri bes co mmand s us ed to con figur e Mul [...]
-
Page 470
Command L ine Interface 4-228 4 mvr (Global Configu ration) This comm and enabl es Multic ast VLAN Registrat ion (MVR ) globally on the switch, statically co nfigures MVR mul ticast group IP addres s(es) usin g the group keyw ord, or specifie s the MVR VLA N identi fier using the vlan key word. Use t he no form of this comm and witho ut any keyw or[...]
-
Page 471
Multicas t Filtering C ommands 4-229 4 mvr (Interfa ce Configu ration) This comm and conf igures an in terface as an MVR rece iver or sour ce port us ing the type keyw ord, en ables imme diate leav e capabilit y using the immediate keywo rd, or configur es an interfac e as a static m ember of the M VR VLAN usi ng the group keywor d. Use th e no for[...]
-
Page 472
Command L ine Interface 4-230 4 respons e to det ermine if there are a ny rem aining sub scribers for that mu lticast group bef ore remov ing the port from the gro up list. • Usi ng imme diate leav e can spe ed up leave la tency, but should on ly be enabled on a port atta ched to on e multicast subscrib er to avoid di sruptin g services to other [...]
-
Page 473
Multicas t Filtering C ommands 4-231 4 Command Usage Ent er t his c omman d wi thout any keyw ords to disp lay the glob al s etti ngs f or MVR. U se t he interface keyword to display inf ormati on about int erfaces attached to the M VR VLAN. Or use the members keyword to dis play inform ation about m ulticast gr oups assigne d to the MVR VLAN. Exam[...]
-
Page 474
Command L ine Interface 4-232 4 The follow ing shows i nformat ion abou t the interface s asso ciated wit h multicas t groups assign ed to the MVR VLAN: Domain Name Service Commands Thes e comma nds ar e used t o conf igur e Domai n Nami ng Syst em (DN S) ser vice s. Y ou can m anual ly confi gure entr ies i n the DNS doma in na me to IP addr ess m[...]
-
Page 475
Domain Name Se rvice Command s 4-233 4 ip host This comm and crea tes a static en try in the DNS table that maps a host name to an IP ad dres s. Use t he no f orm to remove a n entry . Syntax [ no ] ip host name ad dress1 [ ad dres s2 … ad dress8 ] •n a m e - Name of t he host . (Ran ge: 1- 64 ch arac ters ) • address 1 - Corres ponding IP ad[...]
-
Page 476
Command L ine Interface 4-234 4 • * - Removes a ll entries. Default Sett ing None Command Mode Privileged Exec Example This examp le clea rs all static entries fro m the DNS table. ip domai n-name This comm and define s the def ault doma in name a ppended t o incompl ete host names ( i.e., host na mes passed from a client th at are not form atted[...]
-
Page 477
Domain Name Se rvice Command s 4-235 4 ip do main-lis t This comm and de fines a list of do main nam es that ca n be append ed to inco mplete host nam es (i.e., ho st name s passed from a cl ient that ar e not form atted with dotted notation). Use the no form to remove a name from this list. Syntax [ no ] ip dom ain-list name name - Name of the hos[...]
-
Page 478
Command L ine Interface 4-236 4 ip name- server This comm and specifies t he addre ss of one or mor e domain n ame ser vers t o use for name-to -addres s resolu tion. Use the no form t o re mov e a na me serv er f rom th is lis t. Syntax [ no ] i p name- server serv er-address 1 [ server-add ress2 … server -address6 ] • serv er-address 1 - IP a[...]
-
Page 479
Domain Name Se rvice Command s 4-237 4 Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • At least one nam e serve r must be spe cified befor e you can en able DNS . • If all name serve rs are deleted, DNS will automatically be disabled. Example This e xample enables DNS and the n disp lays t he con figurat ion. Relat[...]
-
Page 480
Command L ine Interface 4-238 4 show dns This comm and disp lays the con figura tion of the DN S servic e. Command Mode Privileged Exec Example show dns cache This comm and disp lays ent ries in th e DNS cache . Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: [...]
-
Page 481
Domain Name Se rvice Command s 4-239 4 clear dns cache This comm and clea rs all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYPE IP T TL DOMAIN Console#[...]
-
Page 482
Command L ine Interface 4-240 4 DHCP Commands Thes e comma nds ar e used t o conf igur e Dynam ic Hos t Conf igur ati on Pro toc ol (DHCP) relay and Option 82 fu nctions. The switch can be confi gured to relay DHCP client co nfigurati on requests to a DHC P serve r on anoth er network an d includ e informati on about the switch and its DHCP clie nt[...]
-
Page 483
DHCP Command s 4-241 4 ip dhcp r elay in formation pol icy This command sets the DHCP snooping informa tion option polic y for DHCP client packets that i nclude Optio n 82 i nformat ion. Syntax ip dh cp re lay i nfor mati on po li cy < drop | keep | replace > • drop - Discards th e client’s DHCP info rmation and t hen floods the packet to[...]
-
Page 484
Command L ine Interface 4-242 4 Usage Guidelines Y ou must specify the I P address for at least one DHCP ser ver . Otherwi se, the switch’ s DHCP relay agent will not o perate and all DHCP request and reply packets will b e flo oded to the entire V LAN. Example show ip dhcp-relay This command shows th e current DHCP relay a gent configuration . D[...]
-
Page 485
IP Interface Command s 4-243 4 IP Interface Commands An IP addre sses ma y be used for manage ment acces s to the swi tch over you r network . The IP add ress for this switch is obtain ed via DHC P by default . Y ou can manuall y configur e a specifi c IP addres s, or direct the device to obtain a n addre ss from a BOOTP or DHCP server when it is p[...]
-
Page 486
Command L ine Interface 4-244 4 Command Usage • You must ass ign an IP ad dress to this dev ice to gain man agemen t acce ss over the net work. Yo u can manu ally conf igure a spec ific IP ad dress, or dir ect the device to o btain an address from a BOOTP or DHCP server. Valid IP address es cons ist of four n umbers , 0 to 255, s eparate d by p e[...]
-
Page 487
IP Interface Command s 4-245 4 Example The follow ing exam ple defines a d efault gat eway for this device: Related Commands show ip red irec ts (4-2 46) ip dhcp r estart This command submit s a BOOTP or DHCP client request. Default Sett ing None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP clie nt request for [...]
-
Page 488
Command L ine Interface 4-246 4 Example Related Commands show ip red irec ts (4-2 46) show ip redirects Thi s com mand s hows the defa ult g atew ay co nfi gured for thi s dev ic e. Default Sett ing None Command Mode Privileged Exec Example Related Commands ip default- gateway (4-244 ) ping This comm and sends ICMP echo reque st packets to anothe r[...]
-
Page 489
IP Interface Command s 4-247 4 - Normal resp onse - The norm al respons e occurs i n one to ten sec onds, dependi ng on netwo rk traf fic. - Destin ation does no t respon d - If the host do es not res pond, a “tim eout” appears in ten sec onds. - Destin ation unrea chable - The gateway for this destination indicates that the desti nation is un [...]
-
Page 490
Command L ine Interface 4-248 4 Switch Cluster Command s Switch Clustering is a met hod of grouping swi tches to gether to en able cent ralized manage ment thro ugh a sing le unit. A switch cluster has a “Comm ander” un it that is used to manag e all oth er “Mem ber” s witches in t he clu ster . The ma nageme nt station uses T el net to com[...]
-
Page 491
Switch Clust er Command s 4-249 4 Example cluster commander This comm and enabl es the swi tch as a clus ter Com mander. Use the no form to disable t he switch as cluster Command er . Syntax [ no ] cl uster co mmander Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • O nce a swit ch has been configu red to be a clu ste[...]
-
Page 492
Command L ine Interface 4-250 4 Command Usage • An “ internal” IP address pool is used to as sign IP ad dresses to Member switch es in the clus ter. Inter nal cluste r IP address es are in the form 10. x.x.memb er-ID . Only the base IP ad dress of the pool need s to be se t since Memb er IDs can on ly be between 1 and 36. • Set a Clus ter I[...]
-
Page 493
Switch Clust er Command s 4-251 4 Command Mode Privileged Exec Command Usage • Thi s comman d only ope rates thro ugh a Teln et connec tion to the C ommande r switch . Managin g cluste r Member s using the l ocal cons ole CLI on the Comma nder is no t supporte d. • There is no ne ed to ente r the userna me and pas sword for access to the Member[...]
-
Page 494
Command L ine Interface 4-252 4 show cluster candidat es This c omman d show s the disco vered Candidat e sw itches in the n etwor k. Command Mode Privileged Exec Example Console#show cluster candidates Cluster Candidates: Role Mac Description --------------- ----------------- -------------------------------------- --- ACTIVE MEMBER 00-12-cf-23-49-[...]
-
Page 495
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802.1X), HTTPS, SSH , Port Security Acce ss Cont rol List s IP , MA C ( up to 88 li sts) DHCP Client Port Co nfiguration 100BASE-TX: 10/100 Mbps, half/full duplex 1000BASE- T : 10/100 Mbps at half/full duplex, 1000 Mbps at fu ll duplex Flow Contro[...]
-
Page 496
Software Specifi cations A-2 A Addi tio nal Feat ures BOOTP client SNTP (Simpl e Network Time Protocol) SNMP (Si mple Netwo rk Manag ement P rotocol) RMON (R emote M onitoring , groups 1,2,3 ,9) SMTP Ema il Alerts Management Features In-Band Mana gement T elnet, Web-ba sed HTTP or HTTPS, SNM P manage r , or Secure Shell Out-of -Band M anagem ent RS[...]
-
Page 497
Management Inf ormation Bases A-3 A Management Information Bases Bridge MIB (R FC 1493) Entity MI B (RFC 2737) Ether-l ike MIB (RFC 2 665) Extende d Bridge MIB (RF C 2674) Extensible SNMP Age nts MIB (RFC 2742) Forwardin g T able M IB (RFC 2096 ) IGMP MIB (RFC 2933) Interface G roup MIB (RFC 2233 ) Int erf ace s Evol ution M IB (RF C 2863 ) IP Mult[...]
-
Page 498
Software Specifi cations A-4 A[...]
-
Page 499
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Inter face T able B -1 T roubles hoot ing C hart Sympt om A ctio n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be sure the s witch i s powered up. • Ch eck netwo rk cabl ing bet ween the manag ement sta tion an d the s witch. • Ch eck that you ha ve a va[...]
-
Page 500
T roubleshooti ng B-2 B Using System Logs If a fau lt does occu r , re fer to the I nstallati on Guide to ensure that the problem you encount ered is act ually cause d by the sw itch. If the pr oblem app ears to be c aused by th e swit ch, fol lo w these st ep s: 1. Enable logg ing. 2. Set the erro r messa ges report ed to includ e all categor ies.[...]
-
Page 501
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can li mit net work traf f ic and restri ct ac cess t o cert ain users or devi ces by checkin g each packet for certain IP or MAC (i.e. , Layer 2) in formation . Boot Protocol (BOOTP) BOOTP is use d to provid e bootup i nformat ion for netw ork device s, incl uding IP address information , the [...]
-
Page 502
Glossar y Glossar y-2 GARP VLAN Registration Protoco l (GVRP) Defines a way for swit ches to exc hange V LAN inform ation in orde r to register necessa ry VLAN m embers o n ports along t he S panning Tree so that VLAN s define d in each swi tch can wo rk automa tically over a S panning Tree network. Generic Att ribute Registration Protocol (GARP) G[...]
-
Page 503
Glos sary -3 Glossar y IGMP Snoo ping Listenin g to IGMP Query and IGMP Repo rt packets transferred betwee n IP Multicas t Routers and IP Mul ticast ho st groups to ident ify IP Mu lticast gro up mem bers. IGMP Query On eac h subne twork, one IGM P-capable d evice will act as the querier — tha t is, the device tha t asks all hosts to report on th[...]
-
Page 504
Glossar y Glossar y-4 MD5 Mes sage-Dige st Algorithm An algo rithm that is used to creat e digital signature s. It is intended for use with 32 bit machines and is saf er than the MD 4 algorithm , whic h has been br oken. MD 5 is a one-w ay ha sh func tion, m eaning that i t takes a messag e and conver ts it into a fixed str ing of digit s, also cal[...]
-
Page 505
Glos sary -5 Glossar y Remote Monitorin g (RMON) RMON pr ovides comprehens ive net work mon itoring capabi lities. It elim inates the polling requ ired in standar d SNMP , and can set alarm s on a variety of traffic conditi ons, including spe cific error types. Rapid Spanni ng Tree Protocol (RSTP) RSTP reduces the conve rgence t ime for n etwork to[...]
-
Page 506
Glossar y Glossar y-6 User Datagram Protocol (UDP) UDP provide s a datagram mode for pack et-switched com municat ions. It uses IP as the under lying trans port mech anism to provide ac cess to IP-li ke service s. UDP packets are deli vered just like IP packets – co nnection- less datagra ms that m ay be discarded before r eaching their targets. [...]
-
Page 507
Index-1 Numerics 802.1X, por t authe ntication 3-68 A accepta ble fram e type 3-150, 4-18 2 Acce ss Cont rol List See ACL ACL Ext ended IP 3-83, 4 -10 2, 4-10 3, 4-105 MAC 3-83, 4- 102, 4 -11 0, 4-110–4 -112 Standard I P 3- 83, 4-102, 4-103, 4-104 addr ess t able 3-114 , 4-156 aging time 3 -117, 4-159 B BOOTP 3-16, 4-244 BPDU 3-118 broadca st st [...]
-
Page 508
Index-2 Index G GARP VLAN Registration Protocol See GVRP gateway , default 3-14, 4- 245 GVRP global s etting 4-194 interface co nfigurat ion 3-150, 4-19 5 GVRP, global setti ng 3-142 H har dware ver sion , di spla ying 3-11, 4-68 HTTPS 3-59, 4-32 HTT PS, se cur e serv er 3-59, 4- 32 I IEEE 802.1D 3-1 17, 4-162 IEEE 802.1s 4 -162 IEEE 802.1w 3-1 17,[...]
-
Page 509
Index-3 Index path c ost 3 -120, 3-128 metho d 3-12 4, 4-1 65 STA 3-120, 3-12 8, 4-165 por t auth enti cati on 3-68 port pri ori ty configur ing 3 -158, 4-198 default ing ress 3-158, 4-199 STA 3-129, 4-17 1 port secur ity, config uring 3-66, 4 -84 port, statist ics 3-109, 4-1 39 ports autoneg otiation 3-92, 4 -133 broadca st st orm thr eshold 3-105[...]
-
Page 510
Index-4 Index T TACACS +, logon auth entica tion 3- 56, 4-81 time, setti ng 3-35, 4-54 traffic clas s weigh ts 3- 163, 4-2 00 trap ma nager 2-7, 3-41, 4-120 troubles hooting B- 1 trun k configur ation 3-93, 4 -146 LACP 3-95, 4- 148 static 3-94, 4-1 47 U upgr adi ng sof tware 3-20, 4-70 user pas swor d 3-54, 4-27 , 4- 28 V VLANs 3-139– 3-158, 4 -1[...]
-
Page 511
[...]
-
Page 512
ES352 6XA ES355 2XA E1220 06-CS -R02 D 149100 00550 0H[...]