Alcatel Carrier Internetworking Solutions 6300-24 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Alcatel Carrier Internetworking Solutions 6300-24. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Alcatel Carrier Internetworking Solutions 6300-24 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Alcatel Carrier Internetworking Solutions 6300-24 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Alcatel Carrier Internetworking Solutions 6300-24 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Alcatel Carrier Internetworking Solutions 6300-24
- nom du fabricant et année de fabrication Alcatel Carrier Internetworking Solutions 6300-24
- instructions d'utilisation, de réglage et d’entretien de l'équipement Alcatel Carrier Internetworking Solutions 6300-24
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Alcatel Carrier Internetworking Solutions 6300-24 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Alcatel Carrier Internetworking Solutions 6300-24 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Alcatel Carrier Internetworking Solutions en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Alcatel Carrier Internetworking Solutions 6300-24, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Alcatel Carrier Internetworking Solutions 6300-24, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Alcatel Carrier Internetworking Solutions 6300-24. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Part No. 060191-10, Rev. B April 2 0 04 Omn i S t a c k ® 6300-24 Use r s Guide[...]

  • Page 2

    An Alca tel service agr eement brin gs your comp any the ass urance of 7x24 no-exc uses technical support. You ’ll also receive r egular software upd ates to maintain an d maximize your Alcatel product’s features and functionality and on-site hardware replacemen t through our globa l network of h ighly qualified se rvice deliver y partne rs. Ad[...]

  • Page 3

    Warn in g This equipment h as been tested a nd found to comply with th e limits for Class A digital device pursu ant to Part 15 of the FCC Rules. Th ese limits are designed to provide reasonable pr otection against harmfu l interfere nce when the equipm ent is operated in a comme rcial envi ronment. This equ ipment ge nerate s, uses, and ca n radia[...]

  • Page 4

    [...]

  • Page 5

    v Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Feature s 1-2 Sys tem D efaul ts 1-5 Chapter 2: Initial Configuratio n 2-1 Connectin g to the Swit ch 2-1 Config uration O ptions 2-1 Requi red Connect ions 2-2 Remo te Co nnec tio ns 2-3 Basi c Conf igur atio n 2-3 Conso le Conn ection 2-3 Setting Pa sswords 2-4 Set[...]

  • Page 6

    Contents vi Telnet Setti ngs 3-21 Config uring Even t Logging 3-23 System Logs 3-23 System Logs C onfigu ration 3-24 Remot e Lo gs Con figu rati on 3-25 Send ing Simpl e Mail Tra nsfer Protoc ol Alerts 3-27 Resettin g the Syst em 3-29 Setti ng the Sys tem Clo ck 3-29 Config uring SNT P 3-30 Setting th e Time Zo ne 3-31 Simple Network M anagemen t P[...]

  • Page 7

    Contents vii Port Conf igurati on 3- 75 Displ aying Con nection St atus 3-75 Config uring Inte rface Con nections 3-77 Creatin g Trunk Groups 3-79 Staticall y Confi guring a Tr unk 3-80 Enabling LACP on Se lected Port s 3-81 Config uring LAC P Parame ters 3-83 Displaying LACP Port Counters 3-85 Displayi ng LACP Se ttings an d Status for the Loc al [...]

  • Page 8

    Contents viii Mappin g Protocols to VLANs 3-1 37 Class o f Service C onfigura tion 3-139 Setting t he Defau lt Priori ty for I nterfaces 3-1 39 Mappi ng CoS Values to Egre ss Queues 3-141 Sele cting the Queue Mode 3-143 Setting t he Serv ice Weigh t for Traffic Classes 3-143 Mappin g La yer 3/ 4 Pr iorit ies to Co S Val ues 3-14 5 Sele cting IP Pre[...]

  • Page 9

    Contents ix Unders tandin g Comman d Mode s 4-5 Exec Com mands 4 -6 Conf igur atio n Comm ands 4-6 Comm and Line Processin g 4-7 Comm and G roups 4-9 Line Comm ands 4-10 line 4- 10 login 4- 11 pas swor d 4-12 timeout login respon se 4-13 exec-time out 4- 14 pas swor d-th resh 4 -14 silent-t ime 4- 15 data bit s 4-16 pari ty 4 -16 speed 4- 17 stopbi[...]

  • Page 10

    Contents x ip ssh t ime out 4-35 ip ssh authentic ation-r etries 4-36 ip ssh s erv er-k ey size 4-36 delet e pu blic -key 4-37 ip ssh crypto ho st-key ge nerate 4-37 ip ssh c ryp to zero ize 4-38 ip ssh s ave h ost- key 4-3 8 show ip ssh 4-39 show ss h 4-39 show pub lic-key 4-40 Event Lo gging Commands 4-41 logging on 4-41 logging histo ry 4-42 log[...]

  • Page 11

    Contents xi whic hboo t 4-6 6 boot syste m 4-66 Authen tication Comm ands 4-67 Authentic ation Seq uence 4-67 authentic ation login 4-68 authentic ation enable 4-69 RADIUS Client 4-70 radius-serv er host 4-70 radius-serv er port 4-70 radius-serv er key 4-71 radius-serv er retransm it 4-71 radius-s erver time out 4-72 show radiu s-server 4- 72 TACAC[...]

  • Page 12

    Contents xii match access -lis t ip 4-96 show ma rking 4 -97 MAC AC Ls 4-98 acce ss-li st m ac 4-9 8 permi t, deny ( MAC A CL) 4-99 show mac ac cess- list 4-100 acces s-list ma c ma sk-preced ence 4-101 mask (MAC ACL) 4-102 show access- list mac mask-pre ceden ce 4-104 mac ac cess-gro up 4-104 show ma c access-group 4-105 map ac cess -list mac 4-10[...]

  • Page 13

    Contents xiii show dns 4-127 show d ns cach e 4-128 clear dn s cache 4-128 Inte rfac e Comm and s 4- 129 interf ace 4-130 des cript ion 4-13 1 speed-d uplex 4-1 31 negot iat ion 4 -13 2 capabi lities 4-133 flowcont rol 4-134 combo- forced-mod e 4-135 shutdow n 4-135 switchp ort broad cast packet-rat e 4-136 clear coun ters 4-137 show int erfaces st[...]

  • Page 14

    Contents xiv spanni ng-tree forw ard-time 4-1 63 spanni ng-tree hel lo-tim e 4-164 spanni ng-tree max-age 4-164 spanni ng-tree pri ority 4-1 65 spanni ng-tree pathcost metho d 4-166 spanni ng-tree transmis sion-lim it 4-166 spanni ng-tree ms t-conf iguration 4-167 mst v lan 4-167 mst pri ority 4-168 name 4 -169 revi sion 4-16 9 max-ho ps 4-170 span[...]

  • Page 15

    Contents xv GVRP an d Bridge Ext ensio n Command s 4-1 92 bridge-ex t gvrp 4-193 show brid ge-ex t 4-193 switchpo rt gvrp 4-1 94 show g vrp confi guration 4-194 garp time r 4-195 show garp timer 4-196 Priority Com mands 4-1 97 Priority Co mmands (Layer 2) 4-197 switchpo rt priority default 4-197 queue m ode 4-198 queue ba ndwidth 4-199 queue co s-m[...]

  • Page 16

    Contents xvi IGMP Q uery Co mmands (Layer 2) 4-222 ip igmp snoopin g queri er 4-222 ip igmp snoo ping query -count 4-222 ip igmp snoo ping query -interval 4-223 ip igmp snoo ping query -max- response- time 4-224 ip igmp snoopin g route r-port-expire -time 4-224 Stati c Multic ast Rout ing Comm ands 4-225 ip igmp snoo ping vla n mrout er 4-225 show [...]

  • Page 17

    xvii Tables Table 1-1. Key Featu res 1-1 Table 1-2. System Defa ults 1-5 Table 3-4. Main M enu 3-3 Table 3-2. Config uration O ptions 3-3 Table 3-1. SNMPv3 Securi ty Model s and Levels 3-32 Tabl e 3 -22. Comp atibl e O pera ting Sys tems 3-4 5 Tabl e 3-3 0. 802.1X Stat isti cs 3 -59 Table 3-45 . LACP Port Counters Informati on 3-85 Tabl e 3- 47. LA[...]

  • Page 18

    xviii T ables Table 4-2 7. Authe ntica tion Sequen ce 4-67 Table 4-28. RA DIUS Comma nds 4-70 Table 4-2 9. TAC ACS+ Comm ands 4-73 Table 4-3 0. Port Se curity Com mands 4-75 Table 4-3 1. 802.1X Po rt Authentic ation C ommands 4-76 Table 4-3 2. ACL In formation 4-8 4 Table 4-3 3. IP ACLs 4-85 Table 4-34. P riority Qu eue Mapp ing 4-95 Table 4-3 5. M[...]

  • Page 19

    xix Tabl e 4-6 7. Qual ity of Se rvice Comma nds 4-210 Table 4-68 . Mult icast Fi ltering C ommands 4-218 Table 4-69 . IGMP Sno oping Commands 4-218 Table 4-70 . IGMP Q uery Comm ands ( Layer 2) 4-222 Tabl e 4-7 1. St ati c Multi cas t Rou ting C omman ds 4-22 5 Table 4-72. IP C onfiguratio n 4- 227 Tabl e B-1 . Trou ble shoot ing Chart B-1[...]

  • Page 20

    xx T ables[...]

  • Page 21

    xxi Figu res Figure 3-1. Home Page 3-2 Figure 3-3. Ports Panel 3-3 Fi gure 3 -5. Sys tem Info rmat io n 3-9 Figure 3-6. Switch Informatio n 3-10 Figure 3-7. Bridge Exentsion Configurati on 3-12 Figure 3-8. IP Confi guration 3-13 Figure 3-9. Se lecting DHCP Mode 3-1 4 Figure 3-10 . Enabli ng Jumb o Frame Sup port 3-15 Figure 3-11 . Transferin g an O[...]

  • Page 22

    Figures xxii Figu re 3 -36. ACL M ask Co nfi gura tion 3 -68 Figure 3-3 7. ACL IP Mas k Configura tion 3-70 Figure 3-3 8. ACL MAC M ask Conf igurati on 3-71 Figure 3-3 9. ACL Port Binding 3-73 Figure 3-1 2. Filterin g IP Address es 3-74 Figure 3-4 0. Port Inform ation 3-75 Figu re 3 -41. Port Conf igur ati on 3-78 Figure 3-4 2. Trunk Mem bership 3-[...]

  • Page 23

    Figures xxiii Figure 3-84 . Port Priority Configu ration 3-140 Figure 3-87 . Traffic Cla sses 3-142 Figure 3-88 . Selectin g the Que ue Mode 3-143 Figure 3-89 . Queue Sc heduling 3-144 Figure 3-90 . IP Precedence /DSCP Priority Status 3-145 Figure 3-92 . Assigni ng CoS Values to IP Pre cedence 3-146 Figure 3-94 . Mapping IP DSCP Pr iority 3-148 Fig[...]

  • Page 24

    Figures xxiv[...]

  • Page 25

    1-1 Chapter 1: Introduction This switc h provides a b road rang e of featur es for Layer 2 switching . It includes a manage ment ag ent that allo ws you to con figure the fe atures list ed in this man ual. The defau lt configur ation can be used for m ost of the featu res provi ded by this switch . Howeve r , there are m any option s that yo u shou[...]

  • Page 26

    Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a wid e range of a dvanced perfor mance enhanc ing fe atures. Flow cont rol elimina tes the loss of packets due to bott lenecks caused by po rt satura tion. Broadc ast storm suppress ion preven ts broadcas t traffic storms from eng ulfi ng the net work . Por t-b ase d and pr[...]

  • Page 27

    Description of So ftware Fe atures 1-3 1 Rate Limiting – This feat ure cont rols the maxi mum rate for traffic transmi tted or received on an interfa ce. Rate limiting is conf igured on i nterface s at the edge of a network to limit traffic int o or out of the netwo rk. Traf fic that f alls withi n the rate li mit is transmi tted, w hile packets [...]

  • Page 28

    Introduction 1-4 1 older IEEE 802.1D STP standar d. It is intended as a complete replacement for STP , but can sti ll interope rate with sw itches running the older standar d by automat ically reconfig uring ports to STP -compliant m ode if they det ect STP proto col messa ges from attached devices . Multiple Spanning T ree Protoco l (MSTP , I EEE [...]

  • Page 29

    System Default s 1-5 1 Multicast Filte ring – S pecific multicas t traffic can be assign ed to its own VLAN to ensure t hat it does not interfere wi th normal network traffic and to guara ntee real-time delive ry by se tting the required priority level fo r the des ignate d VLAN. T he switch uses IGMP Snooping a nd Query to manage mul ticast grou[...]

  • Page 30

    Introduction 1-6 1 SNMP Communi ty Strin gs “public ” (read only) “privat e” (read/w rite) Traps Authentic ation tr aps: enab led Link-up-d own ev ents: ena bled IP Filtering Disabled Port Conf iguratio n Admin St atus Enabled Auto-neg otiation En abled Flow Con trol Dis abled Port Capa bility 1000BAS E-T – 10 Mbps half du plex 10 Mbps fu[...]

  • Page 31

    System Default s 1-7 1 Virtual LANs Default V LAN 1 PVID 1 Acceptab le Fram e Type All Ingress F iltering Disabled Switchpo rt Mode (Egress M ode) Hybrid: ta gged/u ntagged f rames GVRP (gl obal) Disabled GVRP (po rt inter face) Disabled Traffic Prioritization Ingress P ort Prio rity 0 Weighted Ro und R obin Queue: 0 1 2 3 4 5 6 7 Priority: 2 0 1 3[...]

  • Page 32

    Introduction 1-8 1[...]

  • Page 33

    2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Opti ons The switc h includes a built-in ne twork mana gement agent. The ag ent offers a var iety of mana geme nt option s, incl uding S NMP , R MON a nd a Web-base d interfa ce. A PC may also be connec ted directl y to the swit ch for configu ration and monitor ing via a[...]

  • Page 34

    Initial Configur ation 2-2 2 • Set br oadcast stor m contr ol on any po rt • Displa y system in formatio n and statis tics Required Connections The switch pr ovides an RS-232 serial port tha t enables a co nnecti on to a PC or termin al for monitor ing and co nfiguring t he switch. A null-modem conso le cable is provided w ith the swi tch. Atta[...]

  • Page 35

    Basic Co nfiguration 2-3 2 Remote Connections Prior to acces sing the switc h’s onboard agent via a netwo rk conn ection, you m ust fi rst c onf igur e i t wit h a vali d I P add ress , s ubnet mask , a nd de faul t g atew ay us ing a console connect ion, DHCP or BOOTP prot ocol. The IP addr ess for this sw itch is unas signed b y defaul t. T o m[...]

  • Page 36

    Initial Configur ation 2-4 2 Setting Passwords Note: If this is yo ur first time to log into the CLI pr ogram, you should def ine new passwords for both default user names us ing the “u sername” comm and, record them and put them in a safe place . Passwo rds can con sist of up to 8 al phanum eric chara cters an d are case s ensitive. T o preven[...]

  • Page 37

    Basic Co nfiguration 2-5 2 Before y ou can assign an IP addres s to the swi tch, you m ust obtain the f ollowing inform ation from y our netwo rk administ rator: • I P addr ess for th e swit ch • Default ga teway for the network • Network mask for this network T o assign an IP add ress to the switc h, comple te the follow ing steps: 1. From t[...]

  • Page 38

    Initial Configur ation 2-6 2 5. Wait a few minut es, and th en check the I P config uration se ttings by typ ing the “show ip int erface” co mman d. Press <E nter>. 6. The n save your configur ation chang es by typi ng “copy running-co nfig startup-co nfig.” Ente r the startup file nam e and pres s <Enter >. Enabling SNMP Manage[...]

  • Page 39

    Basic Co nfiguration 2-7 2 T o configu re a c ommu nity st ring, co mplete the fol lowing steps: 1. From the Privileged Exec leve l global con figuratio n mode prom pt, type “snmp -server com munity string mode ,” where “string ” is the comm unity acces s string an d “mode ” is rw (read/wr ite) or ro (read on ly). Press <E nter>. [...]

  • Page 40

    Initial Configur ation 2-8 2 2. Enter the name of the start-up file. Press <Ent er>. Managing System Files The s wit ch’ s f las h memo ry s upp ort s th ree type s of sys tem fil es t hat can be mana ged by the CLI prog ram, Web inter face, or SNM P . The sw itch’s file system allows files to be upload ed and dow nloade d, copied, delete[...]

  • Page 41

    3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swi tch prov ides an embedd ed HTT P Web ag ent. Us ing a Web brows er you c an configure t he switch and view stati stics to mon itor network activity . The Web agent can be acce ssed by any compu ter on the ne twork usi ng a standard Web br owser (Interne t Explorer 5. 0 or ab[...]

  • Page 42

    Configuri ng the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-brows er interfac e you m ust first ente r a user name a nd password . The ad ministra tor has R ead/Write ac cess to all co nfigurati on parame ters and statisti cs. The de fault user na me and pass word for the adm inistrato r is “admin .” Home Page When yo[...]

  • Page 43

    Navigating the Web Browser Interfac e 3-3 3 Notes: 1. To ensu re proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under the menu “Tools / Internet Options / G eneral / Temporary Int ernet Files / S ettings,” the setting f or item “Check for newer versions of stor ed pages” should be “Every visit to the p[...]

  • Page 44

    Configuri ng the Switch 3-4 3 Jumbo Fr ame Enables j umbo f rame supp ort 3-15 File 3-16 Firmware Manages code i mage files 3-16 Configura tion Ma nages switch con figurat ion files 3-17 Line 3-18 Console Sets cons ole po rt connect ion par ameter s 3-18 Telnet Sets telne t conn ection parameter s 3-2 1 Log 3-23 Logs Stores and displ ays err or mes[...]

  • Page 45

    Navigating the Web Browser Interfac e 3-5 3 Port Secu rity Configure s per port securit y , including st atus, resp onse for security b reach, and maxim um all owed MAC addre sses 3-5 2 802.1x Port auth enticat ion 3-54 Informatio n Displays glob al configu ration s ettings 3-5 5 Configura tion Co nfigure s protocol paramete rs 3-57 Port Conf igura[...]

  • Page 46

    Configuri ng the Switch 3-6 3 Port Stati stics Lists Etherne t and RMO N port statistics 3-93 Alcatel 3-9 8 AMAP Alcatel Mapp ing Adjace ncy Pr otocol (AM AP) 3-9 8 Sett in gs Conf igu res AM AP pa rame ter s 3- 98 Informatio n Displays info rmation on attach ed AMAP -aware devices 3-99 Address T able 3-80 Static Add resses Displays e ntries for in[...]

  • Page 47

    Navigating the Web Browser Interfac e 3-7 3 Port Conf iguratio n Specif ies defaul t PVID and VLAN attribu tes 3-13 3 Trunk Con figura tion Specif ies defaul t trunk VID and V LAN a ttributes 3-133 Private VL AN 3-135 Status Enables o r disab les the private V LAN 3-135 Link Statu s Co nfigures th e priva te VLAN 3-136 Protocol V LAN 3-136 Configur[...]

  • Page 48

    Configuri ng the Switch 3-8 3 Basic Configuration Displaying Syste m Information Y ou can ea sily identi fy the syst em by displ aying the de vice nam e, loca tion and contact infor mation. Field Attributes • Syst em Name – Name assigne d to the swi tch system . • Object ID – MIB II object ID for switch’s network man agem ent subs ystem. [...]

  • Page 49

    Basic Co nfiguration 3-9 3 We b – Click System, System Informa tion. S pecif y the system n ame, locati on, and contac t informati on for the system administra tor , then click Apply . (This pa ge also includes a T elnet butt on that allows access to the Command Line Interface via T elnet.) Figure 3-5. Sys tem Infor mation CLI – S pecif y th e [...]

  • Page 50

    Configuri ng the Switch 3-10 3 Displaying Switch Hardware/ Software Ve rsions Use the Sw itch Infor mation page to di splay hard ware/fir mware ve rsion num bers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Numbe r – The serial number of the sw itch. • Number o f P[...]

  • Page 51

    Basic Co nfiguration 3-11 3 CLI – Use the foll owing com mand to display v ersion infor mation. Displaying Bridge Extensi on Capabilit ies The Bridg e MIB includ es extens ions for mana ged dev ices that supp ort Multicas t Fil ter ing, T r af fi c Clas ses , and Vi rt ual LANs . Y ou ca n acce ss t hes e ex tens ions to dis play defaul t sett in[...]

  • Page 52

    Configuri ng the Switch 3-12 3 We b – Click System, Bridge Extensio n. Figu re 3-7. Bri dge Ex ents ion Conf ig urat ion CLI – Enter the fo llowing co mmand. Setting the Switch’s IP Address Thi s sect ion de scri bes how to co nfi gure an IP int erf ace fo r mana geme nt acc ess over the network. The IP addres s for this swit ch is unas signe[...]

  • Page 53

    Basic Co nfiguration 3-13 3 • IP Addr ess Mo de – Spec ifies whet her IP functi onality is en abled via m anual configur ation (Stat ic), Dynam ic Host Conf iguration Pr otocol (DHC P), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not f unction until a repl y has been rece ived from the server . Request s will be broadc ast perio[...]

  • Page 54

    Configuri ng the Switch 3-14 3 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switc h to be dyna mic all y conf igur ed by t hese se rvi ces. We b – Click Sy stem, IP Co nfigurat ion. S pecify the VLAN to which the manage ment statio n is attached, set the IP Address Mode to DHCP or BOO TP . Click Apply to s[...]

  • Page 55

    Basic Co nfiguration 3-15 3 CLI – Enter t he following c ommand to rest art DHCP service . Enabling Jumbo Frames The switc h provides more efficient t hroughpu t for large seq uential d ata transfers by support ing jumbo fr ames up to 9000 bytes . Compared to standard Eth ernet frame s that run only up to 1.5 KB, using jumbo fra mes signi ficantl[...]

  • Page 56

    Configuri ng the Switch 3-16 3 • File N ame – The file name shoul d not contain slashes ( or /), the leadi ng letter of the file n ame sh ould no t be a p eriod (.), and the m aximum length f or file na mes on the TFTP ser ver is 127 ch aracters or 31 charac ters for files on t he switch. (Val id ch ara cter s: A-Z , a- z, 0- 9, “.”, “-?[...]

  • Page 57

    Basic Co nfiguration 3-17 3 CLI – Enter the IP address of th e TFTP serve r , select “config” or “opcode” file type, then enter the source a nd destinati on file n ames, set the new file to s tart up the system, and then restart th e switch. Saving or Restoring Confi guration Settings Y ou can up load/dow nload co nfiguration s ettings to[...]

  • Page 58

    Configuri ng the Switch 3-18 3 If you dow nload to a new file na me, th en select the new fil e from the d rop-dow n box for S tartup Configu ration File , and press App ly Cha nges. T o use the ne w settings , reboot t he sys tem v ia the System /Reset m enu. Figure 3-14. Setting the Star t-up Configuration File CLI – Enter the IP ad dress of th[...]

  • Page 59

    Basic Co nfiguration 3-19 3 • Password Threshold – Sets the password intr usion thresh old, whi ch limits the number of failed log on atte mpts. Whe n the logon attempt threshol d is reach ed, the system interface be comes s ilent for a spe cified am ount of tim e (set by the Silent Time pa ramet er ) be fore all owi ng t he n ext lo gon a tte [...]

  • Page 60

    Configuri ng the Switch 3-20 3 We b – Cli ck System, Line, C onsole. Specify the con sole port connect ion paramete rs as req uired, t hen cli ck A pply . Figure 3-1. Console Port Settings CLI – Enter Line Co nfigurat ion mode f or the consol e, then spe cify the con nection parameter s as require d. T o di splay the cu rrent cons ole port set [...]

  • Page 61

    Basic Co nfiguration 3-21 3 Telnet Set tings Y ou can ac cess the on board con figurat ion progra m over the ne twork using T elne t (i.e., a vir tual termi nal). Man agem ent acc ess via T elne t can be e nabled/di sabled and other va rious paramet ers set, incl uding the TC P port num ber , timeouts, and a password. These parame ters can be confi[...]

  • Page 62

    Configuri ng the Switch 3-22 3 We b – Click Sy stem, Li ne, T eln et. S pecify the con nectio n parameters fo r T elnet access, then click A pply . Figure 3-2. Telnet Settings CLI – Enter Line Co nfigurat ion mod e for a virtua l terminal, the n specify th e connection paramete rs as requir ed. T o display the current virtual terminal s ettings[...]

  • Page 63

    Configuring Even t Logging 3-23 3 Configuring Event Logging The sw itch allow s you to contr ol the logg ing of error m essages , includ ing the t ype of events that are re corded in sw itch memor y , lo gging to a remot e System Log (syslog) server, and disp lays a list of recent even t messa ges. System Logs The syste m can be co nfigured to send[...]

  • Page 64

    Configuri ng the Switch 3-24 3 We b – Click Sy stem, Log , Logs. Figure 3-3. Logg ing Info rmation CLI – T ype "show log ging ram" to display log m essages i n the RAM bu ffer . System Logs Confi guration The Sys tem Logs page al lows you to co nfigure an d limit sys tem messa ges that are logged to flash or RAM memo ry . T he defa ul[...]

  • Page 65

    Configuring Even t Logging 3-25 3 • RAM Level – Lim its log messa ges sav ed to t he sw itch’s temporar y RAM memor y for all l evels up to the s pecified level. For e xample, if level 7 is specified, all messages from l evel 0 to l evel 7 will be logged to RAM. (Default: 6 ) We b – Click Syst em, Log, Sy stem Logs. S pecify the S ystem Log[...]

  • Page 66

    Configuri ng the Switch 3-26 3 • Host IP Li st – Displays the list of re mote serve r IP addr esses tha t receive the syslog me ssage s. The max imum num ber of host IP add resses al lowed is five. • Host IP Address – S pecifies a new server IP ad dress to add to the Ho st IP List. We b – Click Sy stem, L og, Remo te Logs. T o add an IP a[...]

  • Page 67

    Configuring Even t Logging 3-27 3 Sending Simple Mail Transf er Prot ocol Alerts T o alert system administrat ors of prob lems, th e switch can us e SMTP (Si mple Mail T ransfer Protocol) to send email message s when trigg ered by lo gging events of a specifie d level. The m essages a re sent to spe cified SMTP s ervers on the netwo rk and can be r[...]

  • Page 68

    Configuri ng the Switch 3-28 3 We b – Click Sy stem, Log , SMTP . Enable SM TP , spec ify a source em ail addre ss, and select the minimum severi ty level. T o add an IP address to the SMTP Server List, type the ne w IP addr ess in the SMTP Server te xt box and the n click Add. T o delete an IP addr ess, cli ck the e ntry in the SMTP Ser ver List[...]

  • Page 69

    Configuring Even t Logging 3-29 3 to compl ete the config uration. U se th e show logging sendmail command to disp lay the cur rent SMTP co nfi gur ation . Resetting the Syste m We b – Click System, Reset . Click the Rese t button to re start t he switch. Figure 3-15 . Resetting the Sy stem CLI – Us e th e re load comma nd t o re st art the swi[...]

  • Page 70

    Configuri ng the Switch 3-30 3 This switc h acts as an SNTP client in unicast m ode: Uni cast – Th e swi tch per iodi cal ly s end s a r eques t f or a ti me upd ate t o a conf ig ured time serv er . Y ou can config ure up to three ti me server I P addresses. The s witch will attempt to poll each ser ver in the co nfigured sequen ce. Configuring [...]

  • Page 71

    Simple Networ k Management Prot ocol 3-31 3 Setting the T ime Zone SNT P uses Coor di nate d Uni ver sal T i me (o r UTC , f ormer ly Green wic h Mea n T i me, or GMT) based on the tim e at the Ea rth’s prime me ridian, ze ro deg rees long itude. T o display a t ime corre spondin g to your loc al time, you must indica te the num ber of hours and [...]

  • Page 72

    Configuri ng the Switch 3-32 3 standard pre sentation o f the infor mation controlled by the agent. SNMP def ines bo th the form at of th e MIB spe cificatio ns and t he protoc ol used to acce ss this i nformati on over th e net work. The switch i ncludes an onboard agent that supp orts SNMP ve rsions 1, 2c , and 3. This agen t continu ously monit [...]

  • Page 73

    Simple Networ k Management Prot ocol 3-33 3 Enabling SNMP Enables the SNMP agent o n the switch f or all vers ions (1, 2c, a nd 3). Command Attributes • SNMP Agent St atus – Enables SN MP on the sw itch. Figure 3-7. Enabling the SNMP Agent CLI – The followi ng exam ple enalbe s SNMP on the switch. Setting Community Acc ess Strings Y ou may co[...]

  • Page 74

    Configuri ng the Switch 3-34 3 We b – Click SNMP , Config uration. Add new co mmunity strings a s required, s elect the acce ss righ ts from t he Ac cess M ode dr op-d own l ist, then clic k Add . Figure 3-18. SNMP Configur ation CLI – The followi ng exam ple adds the string “sp iderman” with read/ write acce ss. Specifying Trap Managers an[...]

  • Page 75

    Simple Networ k Management Prot ocol 3-35 3 We b – Click SN MP , Con figuratio n. Enter the IP address and commu nity string for each man agment station that wi ll receive tra p messag es, speci fy the UDP port and SNMP ve rsion, an d then click Add. Select the trap types required us ing the check boxes for Aut henticat ion and L ink-up/do wn tra[...]

  • Page 76

    Configuri ng the Switch 3-36 3 A local engine ID is auto matically gen erated that is unique to the switch. This is referred to as the defa ult engine ID. If the local engine ID is de leted or cha nged, all SNMP users will be cleared. You will ne ed to reconfigure all existing users. A new en gine ID can b e spec ified by en tering 1 to 2 6 hexadec[...]

  • Page 77

    Simple Networ k Management Prot ocol 3-37 3 • Level – The secur ity le vel used f or the user : - no AuthNoPr iv – T here is no a uthentic ation o r encr yption u sed in SNMP comm unicatio ns. - AuthN oPriv – SNM P comm unicati ons use authen ticatio n, but the data is not encrypt ed (only ava ilable f or the SNM Pv3 secu rity model ). - Au[...]

  • Page 78

    Configuri ng the Switch 3-38 3 CLI – Us e th e snmp-s erve r user comma nd to configur e a new use r name an d assign it to a group. Configuring SNM Pv3 Grou ps An SNMP v3 group se ts the acces s policy fo r its assigne d users, res tricting them to specific read and wr ite views. Y o u can use the pre-def ined defau lt groups or cr eate new grou[...]

  • Page 79

    Simple Networ k Management Prot ocol 3-39 3 We b – Click SNMP , SNMPv3, Group s. Click New to configure a new gro up. In the New G roup page , define a nam e, assign a se curity m odel a nd lev el, and the n selec t read and write vie ws. Click A dd to save the new group and re turn to the G roups list. T o delete a grou p, check the box next to [...]

  • Page 80

    Configuri ng the Switch 3-40 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict use r access to specified portions of the MIB tree. The prede fined view “defaultv iew” include s acces s to the entir e MIB tree. Command Attributes • View Name – The nam e of the SNMP view. (Ran ge: 1-64 cha racters) • View OID Subt rees – Shows th[...]

  • Page 81

    User Authenticati on 3-41 3 CLI – Us e th e snmp-s erve r view command t o configur e a new view. This example view incl udes the MIB-2 in terfaces t able, and the wildcard mask selects all index entries. User Authentication Y o u can restr ict management a ccess to this s witch using th e following op tions: • Passwo rds – Man ually conf igu[...]

  • Page 82

    Configuri ng the Switch 3-42 3 Command Attributes • User Name* – The nam e of the user. (Maximum length: 8 characters) • Access Level * – Specifies t he user level . (Options: Normal and Privil eged) • Password – Sp ecifies the user passwo rd. (Range: 0-8 characters pl ain text, case sensi tive) * CLI only . We b – Click Sec urity , P[...]

  • Page 83

    User Authenticati on 3-43 3 a database of mu ltiple user name/passw ord pairs with ass ociate d privilege leve ls for each user that requi res manage ment ac cess to the sw itch. RADIUS uses UDP while T ACACS+ uses TCP . UDP only offers bes t effort de livery , while TCP o ffers a connecti on-oriented transpo rt. Also, note t hat RADIU S encryp ts [...]

  • Page 84

    Configuri ng the Switch 3-44 3 • TACACS Settings - Server IP Address – Address of the TAC ACS+ serve r. (Defaul t: 10.11.12 .13) - Server Port Number – Network ( TCP) port of TA CACS+ server used f or authenti cation m essage s. (Ra nge: 1 -6553 5; Def ault: 4 9) - Secr et Text Stri ng – Encryption key us ed to authent icate lo gon access f[...]

  • Page 85

    User Authenticati on 3-45 3 CLI – S pecify all the re quired param eters to en able logon authent ication. Configuring HTTPS Y ou can co nfigure the sw itch to e nable the Sec ure Hyper text Transfer Protocol (HTTPS ) over the Se cure Soc ket Layer (SS L), prov iding secu re access (i.e., an encrypt ed con nection) to t he sw itch’s web interfa[...]

  • Page 86

    Configuri ng the Switch 3-46 3 • To specify a secure-s ite certificate, see “Repl acing the De fault Secur e-site Certificat e” on page 3-46. Command Attributes • HTTPS Status – Allow s you to en able/disable t he HTTPS server feat ure on the switch. (Default: E nabled) • Change HTTPS Po rt Number – Specifies the U DP port numb er use[...]

  • Page 87

    User Authenticati on 3-47 3 When you have obtained these, place th em on your TFTP server , and use the followi ng comman d at the swi tch's com mand-line interfac e to replace the defau lt (unreco gnized ) certificat e with an autho rized one: Note: The switch mus t be reset for the new certificate to be activated. To r eset the swit ch, ty p[...]

  • Page 88

    Configuri ng the Switch 3-48 3 Otherwi se, you n eed to manu ally creat e a know n hosts file on t he mana gement station and place the ho st publ ic key in it. An entry for a public key in the k nown hosts file wou ld appea r similar to the f ollowing example : 10.1.0 .54 1024 35 156 8499540 18676692593 3394677 5054617 3253136748 9083654 7254 1502[...]

  • Page 89

    User Authenticati on 3-49 3 2. The SSH serv er supports up to four client sessions . The maximum number of client sessions includes both current Telnet sessions and SSH sessions. Generatin g the Host K ey Pair A host pub lic/priva te key pair is us ed to pro vide secur e comm unicatio ns betwe en an SSH clie nt a nd th e s witc h. A ft er gener ati[...]

  • Page 90

    Configuri ng the Switch 3-50 3 We b – Click Security , SSH Ho st-Key Settin gs. Select the h ost-key type fr om the drop-down b ox, select th e option to s ave the host k ey from memory t o flash (i f required ) prior to gener ating the key , an d then click Generate . Figu re 3- 24. S ecure Shel l Host -Key Setting s CLI – Th is e xam ple gene[...]

  • Page 91

    User Authenticati on 3-51 3 Configuring the SSH Server The SSH se rver inc ludes basi c settings for authent ication. Field Attributes • SSH Server Status – Allo ws you to enab le/disab le the SSH serve r on the switch . (Default: En abled) • Version – The Secu re S hell ve rsio n nu mber . Ve rsi on 2. 0 i s dis play ed, but th e switch su[...]

  • Page 92

    Configuri ng the Switch 3-52 3 CLI – This examp le enabl es SSH, sets the au thentica tion paramete rs, and displ ays the cur rent conf iguration . It sho ws th at the ad minist rator has made a conn ection via SHH, and then disables this connec tion. Configuring Port Security Port securit y is a feature t hat allows you to config ure a switch po[...]

  • Page 93

    User Authenticati on 3-53 3 Command Attributes •P o r t – Port num ber. •N a m e – Descri ptiv e text (pag e 4-1 31). • Action – I ndica tes the action t o be taken whe n a port secu rity violati on is detecte d: - None : No act ion should be taken. (Th is is the defau lt.) - Trap : Sen d an SNMP trap message . - Shutdown : Disabl e th [...]

  • Page 94

    Configuri ng the Switch 3-54 3 Configuring 802. 1x Port Auth enticati on Netw ork switch es ca n prov ide op en an d easy ac cess to netw ork resou rces by simply attac hing a client PC. Although this autom atic conf iguration a nd acce ss is a desirabl e feature, it al so allows un authoriz ed person nel to eas ily intrude and possibly gain acces [...]

  • Page 95

    User Authenticati on 3-55 3 • The RADI US serve r and clie nt also hav e to supp ort the sa me EA P authentica tion type – MD 5. (Som e clients ha ve native su pport in Wi ndows , otherwi se the dot1x client mus t support it.) Displaying 802.1x G lobal Settings The dot1x protocol inc ludes globa l parameter s that cont rol the clie nt authent i[...]

  • Page 96

    Configuri ng the Switch 3-56 3 CLI – This exampl e shows the de fault p rotocol settings for 8 02.1x. F or a descript ion of the addi tional entr ies displaye d in the CLI, Se e “show dot 1x” on page 4-81. Console#show dot1x 4-81 Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 [...]

  • Page 97

    User Authenticati on 3-57 3 Configuring 80 2.1x Glob al Settings The dot1x protocol inc ludes globa l parameter s that cont rol the clie nt authent ication process that runs bet ween the client and the switch (i.e. , authentic ator), as we ll as the clien t identity look up proces s that runs betwee n the switch and authen tication server. The co n[...]

  • Page 98

    Configuri ng the Switch 3-58 3 CLI – This enables re-authentication and sets all of t he global parameters for 802.1x . Configuring Port Au thorization M ode When d ot1x i s enab led, you nee d to s pecify the dot 1x aut henticati on mo de configur ed for eac h port. Command Attributes • Status – Indic ates if aut henticatio n is enabled or d[...]

  • Page 99

    User Authenticati on 3-59 3 We b – Click Secur ity , 80 2.1x, Port C onfiguration . Select th e authentica tion mode fro m the dr op-d own bo x and cl ick Appl y . Figure 3-29 . 802.1X Port Configura tion CLI – Th is ex ampl e se ts th e aut hent ica ti on mode t o enab le 8 02.1 x on por t 2, and allows up t o ten client s to conn ect to this [...]

  • Page 100

    Configuri ng the Switch 3-60 3 We b – Select Security , 802.1x, S t atistics. Se lect the requir ed port and th en click Query . Click Refres h to update the s tatisti cs. Figu re 3- 31. 802.1 X Stat is tic s CLI – This examp le display s the 802.1x statistics for po rt 4. Rx Last E APOLS rc The source M AC ad dress carr ied in t he most re cen[...]

  • Page 101

    Acces s Co ntro l Li sts 3-61 3 Access Control Lists Access C ontrol Lists (ACL) provide packet filte ring for I P frames (based on ad dress, protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC addre ss or Ether net type ). To f ilter incom ing pa ckets, fir st creat e an acce ss list, add th e required r u[...]

  • Page 102

    Configuri ng the Switch 3-62 3 Setting the ACL Name an d Type Use the AC L Configur ation page to de signate th e name and type of an AC L. Command Attributes • Name – Name of the AC L. (Maxim um lengt h: 16 charac ters) • Type – There are three fil tering mode s: - Standa rd: IP ACL mode tha t filters packe ts based on the sour ce IP addre[...]

  • Page 103

    Acces s Co ntro l Li sts 3-63 3 • SubMask – A su bnet mas k conta ining fo ur intege rs from 0 t o 255, each sep arated by a period. The mask uses 1 bits t o indicat e “match” and 0 bits to in dicate “igno re.” The m ask is bi twi se AND ed wi th the speci fie d sou rce IP addre ss, an d comp ared with the address for eac h IP pac ket e[...]

  • Page 104

    Configuri ng the Switch 3-64 3 • Service T ype – Packet pr iority setting s based on the followi ng criteria : - Preced ence – IP prece dence lev el. (Ran ge: 0-7) - TOS – Type of Service level. (Ra nge: 0-15 ) - DSC P – DSCP priority l evel. (Range: 0-64) • Protocol – Speci fies the prot ocol type to m atch as TCP , UDP or O thers, w[...]

  • Page 105

    Acces s Co ntro l Li sts 3-65 3 We b – S pecify the act ion (i.e., Per mit or Deny ). S pecify the sou rce and/ or destinat ion addres ses. Select the addre ss type (Any , Host, or IP). If you select “Host,” enter a spec ific ad dress. I f you select “IP ,” e nter a subnet addre ss and the mask for an address r ange. Set any other re quir[...]

  • Page 106

    Configuri ng the Switch 3-66 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain all permi t rules or all de ny rules. (Def ault : Perm it rul es) • Source/D estination M AC – Use “Any” to include all possible addresses, “Host” to indicate a specific MA C addre ss, or “MAC” to specify an ad dres s range wit[...]

  • Page 107

    Acces s Co ntro l Li sts 3-67 3 We b – S pecify the act ion (i.e., Per mit or Deny ). S pecify the sou rce and/ or destinat ion addres ses. Sele ct the addre ss type (A ny , Hos t, or MAC ). If you sele ct “Host,” enter a specifi c addres s (e.g., 1 1- 22-33-4 4-55-66 ). If you s elect “MAC,” e nter a base addr ess and a hexidecima l bitm[...]

  • Page 108

    Configuri ng the Switch 3-68 3 Configuring ACL Masks Y ou mus t specify ma sks that con trol the or der in which ACL rules ar e checked . The swi tch incl udes two syst em d efa ult mask s th at p ass/ fil ter p ack ets matc hing the permit /deny rule s specified i n an ingress AC L. Y ou can also conf igure up to se ven user-de fined m asks f or a[...]

  • Page 109

    Acces s Co ntro l Li sts 3-69 3 Configuring an IP ACL Mask This mask d efines the fields to chec k in the IP header . Command Usage • Masks t hat include an entry fo r a Layer 4 prot ocol sou rce port or d estination port can only be applied to packets with a heade r length of exa ctly five bytes. Command Attributes • Src/Dst IP – Sp ecifies [...]

  • Page 110

    Configuri ng the Switch 3-70 3 We b – Configu re the mask to match t he required rules in th e IP ingress or egress ACLs. S et the mask to check for a ny source or destinat ion addres s, a specif ic host address , or an addres s range. Include oth er criteri a to search fo r in the rules, su ch as a protoc ol type or one of t he servi ce types. O[...]

  • Page 111

    Acces s Co ntro l Li sts 3-71 3 Configuring a MAC ACL Mask This mask d efines the fields to c heck in the packe t header. Command Usage Y ou must con figu re a mask for an A CL ru le befo re y ou ca n bi nd i t to a p ort. Command Attributes • Source/D estination M AC – U se “An y” to match an y add ress, “H ost” to specify the host add[...]

  • Page 112

    Configuri ng the Switch 3-72 3 CLI – This e xample s hows how to c reate an Ingr ess M AC ACL and b ind it to a port . You can the n see that th e order of th e rules have be en chan ged by the mask. Binding a Port to an Access Control Lis t After config uring the Access Control Li sts (ACL), you can bind the ports that need to filter traffic to [...]

  • Page 113

    Filtering IP Addre sses for Manage ment Access 3-73 3 We b – Click Security , ACL, P ort Bindin g. Mark the E nable field for the p ort you want to bind to an ACL for ingre ss or egres s traffic, select the r equired AC L from the drop-do wn list, then click Apply . Figure 3-39. ACL Port Binding CLI – This examp les assign s an IP an d MAC ingr[...]

  • Page 114

    Configuri ng the Switch 3-74 3 • When ent ering addr esses fo r the same grou p (i.e., SNMP , web or Telnet), the switch will not accept over lapping address ra nges. When entering addresses for different groups , the switch will ac cept o verlapp ing ad dress ranges. • You can not delete an individual address from a speci fied rang e. You mu s[...]

  • Page 115

    Port Conf ig ura tion 3-75 3 Port Configuration Displaying Connect ion Status Y ou can us e the Port Info rmation or T runk Infor mation page s to displa y the curren t connect ion statu s, incl uding link state, s peed/du plex m ode, flow control, a nd auto-n egotiation . Field Attributes (Web) • Name – Inte rface label. • Type – Indi cate[...]

  • Page 116

    Configuri ng the Switch 3-76 3 Field Attributes (CLI) Basic informa tion: • Port type – Indi cates the po rt type. (1000BAS E-T, 1000BASE -SX, 1000BASE -LX or 100BASE-FX) • MAC address – The physi cal layer address for this port. (T o access t his item on the web, s ee “Setting t he Switch’s IP Address” on page 3-12.) Conf ig urat ion[...]

  • Page 117

    Port Conf ig ura tion 3-77 3 CLI – This exam ple show s the conn ection status f or Port 5. Configuring I nter face Connections Y ou ca n use t he Port Configur ation or Trunk Configur ation page to ena ble/disa ble an interface, set auto-ne gotiation an d the interfac e capabilitie s to advertise, or manua lly fix the spe ed, duplex m ode, and f[...]

  • Page 118

    Configuri ng the Switch 3-78 3 ( The cu rrent switc h chip onl y supports s ymmetr ic pause f rames. ) - FC - Suppor ts flow contro l Flow cont rol can elim inate fram e loss by “bl ocking” traf fic from en d stations or segmen ts connec ted direct ly to the swit ch when its buffers fill . When en abled, back pres sure is used fo r half-dup lex[...]

  • Page 119

    Port Conf ig ura tion 3-79 3 CLI – Select the interface, and then ente r the required settings. Creating Tr unk Groups Y ou can cr eate multi ple links bet ween de vices that work as o ne virtual, aggregate link. A por t trunk offers a dram atic incre ase in band width for net work segm ents where b ottlenec ks e xist, a s well a s prov iding a f[...]

  • Page 120

    Configuri ng the Switch 3-80 3 • The port s at both ends o f a trunk mu st be conf igured in an identical m anner, including co mmun ication mo de (i.e., sp eed, dupl ex mode and flow con trol), VLAN assignme nts, and CoS setting s. • All the por ts in a trunk have to be treated as a whole w hen move d from/to, added or delet ed from a VLA N. ?[...]

  • Page 121

    Port Conf ig ura tion 3-81 3 CLI – This exampl e crea tes t run k 2 with po rt s 1 and 2. Just connec t th ese po rt s to two static trun k ports on ano ther switc h to form a tru nk. Enabling LACP o n Selected Ports Command Usage • To avoid c reating a loop in the netw ork, be sure you enabl e LACP bef ore conn ecting the ports, and also disco[...]

  • Page 122

    Configuri ng the Switch 3-82 3 We b – Click Por t, LACP , Configurati on. Select any of the switc h ports from the scroll-dow n por t list and cl ick Add . After you have comp leted ad ding p orts to the member list, click Apply . Figu re 3 -4 3. LACP Co nfig ur ati on CLI – The follo wing exam ple ena bles LACP f or ports 1 to 6. Ju st conne c[...]

  • Page 123

    Port Conf ig ura tion 3-83 3 Configuring LACP Pa rameters Dynami cally Creati ng a Port Chann el – Ports assigne d to a com mon port ch annel must meet the f ollowing c riteria: • Ports must have the same LACP System Priority. • Ports must have th e same LACP port Admin Key. • Howeve r, if the “port channel” Ad min Key is set (page 4-1 [...]

  • Page 124

    Configuri ng the Switch 3-84 3 We b – Click Por t, LACP , Aggr egation Po rt. Set the Sys tem Priority , Admin Key , and Por t Pri orit y fo r the Port Ac tor . Y ou can opti onal ly co nf igur e thes e set tin gs fo r the Por t Pa rtne r . (Be a war e tha t t hese sett in gs o nly af fect th e adm ini stra ti ve st a te o f the partner , and wil[...]

  • Page 125

    Port Conf ig ura tion 3-85 3 CLI – The followi ng exam ple configur es LACP para meters for ports 1-6. Ports 1-4 are used as active me mbers of t he LAG; po rts 5 and 6 are set to b ackup mo de. Displaying LACP Port Cou nters Y ou can disp lay statisti cs for LACP protocol m essages . Coun te r Info rma tion Console(config)#interface ethernet 1/1[...]

  • Page 126

    Configuri ng the Switch 3-86 3 We b – Click Port, LACP , Port Counters In formation. Select a member port t o display the corres ponding informa tion. Figure 3-46. LACP Port Coun ters Information CLI – The followi ng exam ple displ ays LACP c ounters fo r port channe l 1. Displaying LACP Settings and Status for th e Local Side Y ou can disp lay[...]

  • Page 127

    Port Conf ig ura tion 3-87 3 We b – Click Port, LACP , Port Intern al Informati on. Select a port channel t o display the corres ponding informa tion. Figure 3-48. LACP Settings - Local Side LACP Po rt Priori ty LACP por t priorit y assigned to thi s interface within the chann el grou p. Admin Sta te, Oper Stat e Administra tive or operation al v[...]

  • Page 128

    Configuri ng the Switch 3-88 3 CLI – The followi ng exam ple displays the LACP configura tion settin gs and operat ional state for th e local side of port chan nel 1. Displaying LACP Settings and Status for th e Remote Side Y ou can disp lay conf iguration s ettings an d the oper ational state for the remot e side of an link ag gregatio n. Neighb[...]

  • Page 129

    Port Conf ig ura tion 3-89 3 We b – Click Po rt, LACP , Por t Neighbo rs Information . Select a port channel to display t he corres ponding information . Figure 3-50. LACP Port Settings - Remote Side CLI – The followi ng exam ple displays the LACP configura tion settin gs and operat ional state for th e remote side of port ch annel 1. Console#s[...]

  • Page 130

    Configuri ng the Switch 3-90 3 Setting Broadcast Storm Threshol ds Broadca st storms may occu r when a de vice on yo ur network i s malfunc tioning, or if applicat ion progra ms are not we ll designe d or prope rly configur ed. If there is too much br oadcast traffic on your ne twork, per formance can be se verely degr aded or everythi ng can com e[...]

  • Page 131

    Port Conf ig ura tion 3-91 3 CLI – S pecify any i nterface , and then ent er the thre shold. The f ollowing disables broadca st storm control for po rt 1, and the n sets broadcas t suppres sion at 600 packets per sec ond for port 2. Configuring Port Mirroring Y ou can m irror traffic from any source port to a target port for re al-time an alysis.[...]

  • Page 132

    Configuri ng the Switch 3-92 3 We b – Click Port , Mi rror . S pecify the so urce port , th e traf fic type to be m irr ored , an d the monitor port, then cl ick Add. Figure 3-52. Mirror Po rt Configurat ion CLI – Use the in terface co mmand to select the m onitor po rt, then us e the port moni tor comman d to spe ci fy the so urc e port . Not [...]

  • Page 133

    Port Conf ig ura tion 3-93 3 We b - Click Rate Limit, In put/Output Port/ Tru nk Configuratio n. Set the Input Rate Limit S tatus or Outp ut Rate Limit S tatus, then set the rate limit for the ind ividual interfaces , and click Apply . Figure 3-53. Output Rate Limit Port Configuration CLI - This exampl e sets the rate lim it for input and o utput t[...]

  • Page 134

    Configuri ng the Switch 3-94 3 St atistical Values T able 3-54. Displayin g Port Statistics Paramete r Descr iption Inte rf ace S tat ist ics Received Octets The total num ber of octets rec eived o n the interface, includin g framing character s. Received Unicas t Packets The numb er of s ubnetwork -unica st packets deliver ed to a hig her-la yer p[...]

  • Page 135

    Port Conf ig ura tion 3-95 3 Excessive Collisi ons A count o f frame s for which transm ission on a parti cular interf ace fai ls due to excess ive coll isions. Thi s coun ter does n ot incre ment whe n the interface is oper ating in ful l-duple x mode. Single Co llision F rames The n umber of s uccess fully trans mitted frames for which t ransmi s[...]

  • Page 136

    Configuri ng the Switch 3-96 3 We b – Click Por t, Port St atistics. Sele ct the required interfac e, and click Quer y . Y o u can also use the Refres h button at the bottom of the page to upd ate the sc reen. Fragment s Th e total numb er of fram es rece ived that wer e less tha n 64 octets in length (excluding framin g bits, but inc luding FCS [...]

  • Page 137

    Port Conf ig ura tion 3-97 3 Figure 3-55 . Displaying Por t Statistics[...]

  • Page 138

    Configuri ng the Switch 3-98 3 CLI – Th is e xampl e sh ows st atis tic s fo r po rt 13. Alcatel Mapping Adjacen cy Protocol (AMAP ) The AMA P pro tocol en ables a sw itch t o discove r the topology of oth er AMA P-aware devices in the networ k. The prot ocol allow s each swit ch to deter mine if othe r AMAP-aw are switche s are adja cent to it. [...]

  • Page 139

    Alcatel Mapping Ad jacency Protoco l (AMAP) 3-99 3 • Common – The port ha s detected a n adjacen t switch and periodi cally send s “Hello” pa ckets to det ermine t hat it is still pres ent. • Passive – A por t enters this state if there i s no respon se to a Discov ery “hello ” packet. Thi s is a recei ve-only st ate and no “Hello[...]

  • Page 140

    Configuri ng the Switch 3-100 3 We b – Click Alcatel, AMAP , I nformation. Figure 3-57. AMAP Information CLI – There is n o equvilent C LI comma nd to displ ay detected devices . Address Table Settings Switche s store the add resses fo r all known devic es. This inf ormatio n is used to pass traffic directly between the i nbound and outbound po[...]

  • Page 141

    Address T able Setting s 3-101 3 We b – Click Ad dress T able, Static Addr esses. S pecify the inter face, the MAC addr ess and VLAN, the n cl ick A dd S t ati c Ad dres s. Figure 3-58. Setting a Static Addr ess Table CLI – This exam ple adds an a ddres s to the static addre ss table, but sets it to be deleted when t he switch is reset. Display[...]

  • Page 142

    Configuri ng the Switch 3-102 3 We b – C lick Addr ess T a ble, Dy namic Add resses. S pecify the s earch t ype (i.e., mark the Int erf ace, MAC Addre ss, or V LAN chec kbo x), s elec t the metho d of sort in g th e displaye d address es, an d then click Q uery . Figure 3-59 . Setting a Dynam ic Addres s Table CLI – This exam ple also dis plays[...]

  • Page 143

    Spanning Tree Algorithm Configu ration 3-103 3 We b – Cli ck A ddres s T abl e, A ddre ss Ag in g. S pecif y the ne w agin g ti me, cli ck Ap ply . Figure 3-60 . Address Agi ng CLI – Th is ex ampl e se ts th e agi ng t ime t o 40 0 se con ds. Spanning Tree Algorithm Configuration The S panning Tree Algorithm (ST A ) can be used to detect an d d[...]

  • Page 144

    Configuri ng the Switch 3-104 3 Once a stable network top ology has been establ ished, all br idges liste n for Hello BPDUs (Bri dge Protoco l Data Units) transmitt ed from the Root Bridge. If a bridge does not g et a Hello BPD U after a predefi ned interv al (Maxim um Age), the br idge assumes that t he link to the Ro ot Bridge is down . This brid[...]

  • Page 145

    Spanning Tree Algorithm Configu ration 3-105 3 • Forward Delay – Th e maximu m time (in sec onds) the root de vice will w ait before changin g states (i. e., discarding to learnin g to forward ing). This del ay is requir ed because every de vice must receive in formatio n about to pology ch anges bef ore it starts t o forward fra mes. In addit [...]

  • Page 146

    Configuri ng the Switch 3-106 3 • Root Hold Time – Th e interv al (in seconds) during which no m ore than two bridge configur ation protoc ol data un its shall be tra nsmitted b y this nod e. • Max ho ps – The m ax numb er of hop count s for the MS T region. • Remaining hops – The rema ining num ber of hop coun ts for the MST instanc e.[...]

  • Page 147

    Spanning Tree Algorithm Configu ration 3-107 3 Configuring Globa l Settings Global s ettings ap ply to the en tire switch. Command Usage • Spannin g Tree Protoc ol Uses RSTP for the inter nal state mac hine, but send s only 802 .1D BPDUs . This create s one spannin g tree inst ance for the entire netw ork. If multipl e VLANs are implemen ted on a[...]

  • Page 148

    Configuri ng the Switch 3-108 3 • Priority – Bridge pr iority is us ed in select ing the roo t device, root port, and designa ted port. The devi ce with the highe st priority becomes the STA ro ot device. However, if all devices have the same priority, the device with the lowest MAC addr ess wil l th en b ecom e the roo t de vice . (N ote that [...]

  • Page 149

    Spanning Tree Algorithm Configu ration 3-109 3 Conf ig urat ion S ett ing s fo r RST P The follow ing attribute s apply to both R STP and MSTP: • Path Cost Me thod – The path co st is used to determine t he best path be tween devices . The path cos t meth od is used to de termine the range of v alues that can be assi gned t o e ach inte rface. [...]

  • Page 150

    Configuri ng the Switch 3-110 3 We b – Click Spanning T ree, ST A, Configuratio n. Modify the re quired attr ibutes, an d click Apply . Figure 3-63. STA Configuration[...]

  • Page 151

    Spanning Tree Algorithm Configu ration 3-111 3 CLI – Th is ex ampl e enabl es S pan ning T r ee Pr ot ocol , se ts the mode to MST , a nd then configu res the ST A and MSTP paramete rs. Displaying Int erface Settings The S T A Port Inform ation a nd ST A Trunk Informa tion pages display the c urrent status of ports and tru nks in the Spanning T r[...]

  • Page 152

    Configuri ng the Switch 3-112 3 • Oper Link Type – Th e operatio nal point-to- point sta tus of the LAN se gment atta che d to t hi s int erf ace . This par amet er is det erm ined by ma nual conf igur at ion o r by auto-de tection, as d escribed f or Admin Lin k Type in STA Por t Configur ation on page 3-11 4. • Oper Edge Port – This param[...]

  • Page 153

    Spanning Tree Algorithm Configu ration 3-113 3 • Intern al p ath cos t – The path c ost for the MST . See the proc eeding ite m. • Priority – Def ines the pr iority us ed for this p ort in t he Spanni ng Tree A lgorith m. If the path cost for all po rts on a swit ch is the same, the po rt with the highe st prior ity (i.e., lowest value) wil[...]

  • Page 154

    Configuri ng the Switch 3-114 3 CLI – This examp le shows t he ST A attributes for port 5. Configuring I nter face Settings Y ou can co nfigure RS TP and MSTP attribu tes for spec ific interfa ces, includi ng port priority , path cost, link typ e, and edge port. Y ou may use a different pr iority or path cost for por ts of the same m edia type to[...]

  • Page 155

    Spanning Tree Algorithm Configu ration 3-115 3 • Priority – Defines th e priority us ed for this port in the Sp anning Tree Protocol. If the path cost for all ports on a switch are the sa me, the por t with the highes t priority (i.e., lowest value) will be configured as an active link i n the Spanning Tree. This makes a p ort with highe r prio[...]

  • Page 156

    Configuri ng the Switch 3-116 3 We b – Click Sp anning T ree, ST A, Port Configuration or T runk Configuration. Modi fy the required attributes , then click Ap ply . Figu re 3-66 . STA Por t C onf igur at ion CLI – This examp le sets ST A attributes for port 7. Configuring Mult ipl e Spanning Trees MSTP gene rates a un ique spanning tree for ea[...]

  • Page 157

    Spanning Tree Algorithm Configu ration 3-117 3 T o ensure that the MSTI ma inta ins connectivity across the networ k, you mus t configure a relat ed set of bri dges with the same MSTI settings. Command Attributes • MST Instan ce – Insta nce identi fier of this spa nning tree . (Defau lt: 0) • Priority – The p riority o f a s panning t ree i[...]

  • Page 158

    Configuri ng the Switch 3-118 3 CLI – This displays ST A se ttings f or instanc e 1, followed by sett ings for each port. CLI – This examp le sets the priority for M STI 1, and adds VLANs 1- 5 to this MSTI. Console#show spanning-tree mst 2 4-177 Spanning-tree information ----------------------------------------------------- ---------- Spanning [...]

  • Page 159

    Spanning Tree Algorithm Configu ration 3-119 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk Infor mation pages di splay the cu rrent status of por ts and trunks in the sel ected M ST instance. Field Attributes • MST Instan ce ID – Instance identi fier to config ure. (Range: 0-57; Default: 0) The other att[...]

  • Page 160

    Configuri ng the Switch 3-120 3 CLI – This displays ST A se ttings f or instanc e 0, followed by sett ings for each port. The set tings fo r instance 0 are g lobal se ttings tha t appl y to the IST (page 3-104) , the set tin gs f or o ther inst an ces onl y ap ply to th e lo cal sp anni ng t ree. Console#show spanning-tree mst 0 4-177 Spanning-tr[...]

  • Page 161

    Spanning Tree Algorithm Configu ration 3-121 3 Configuring I nter face Settings for MSTP Y ou can co nfigure the ST A interface settings for an M ST Instance us ing the MSTP Port Confi guration and MSTP Trunk Con figuration pages . Field Attributes The follow ing attribu tes are read- only and can not be chan ged: • STA State – Disp lays curren[...]

  • Page 162

    Configuri ng the Switch 3-122 3 We b – C lick S panning Tree, MSTP , Po rt Config uration or Trunk Confi guration. Enter the priority an d path cost for an interface, an d click Ap ply . Figure 3-69. MSTP Port Configuration CLI – This examp le sets the MST P attribu tes for port 4. VLAN Configuration Overview In large netw orks, rou ters are us[...]

  • Page 163

    VLAN Configu ration 3-123 3 VLANs inhe rentl y provide a hi gh level of net work se curity sinc e traffic must pass through a co nfigured La yer 3 link t o reach a differen t VLAN. This switch support s the follo wing VLAN features: • Up to 255 VLAN s based on the IEEE 80 2.1Q standard • Distribut ed VLAN learning across multiple swit ches usin[...]

  • Page 164

    Configuri ng the Switch 3-124 3 Port Overlapping – Po rt overla pping can be used to allow access t o comm only shared ne twork re sources among different VLA N groups, such as file ser vers or printers. Untagged VLANs – Untagged (or static) VLA Ns are ty pically use d to reduc e broadca st traffic and to in crease se curity . A group of netwo [...]

  • Page 165

    VLAN Configu ration 3-125 3 Note: If you have host devices that do not suppo rt G VRP, you should co nfigure static or untagged VLANs f or the switch ports connected to these dev ices (as described in “Adding Static Members to VL ANs (VL AN Index)” on page 3-130). Bu t you can still enable GVRP on these edge switches, as we ll as on the core sw[...]

  • Page 166

    Configuri ng the Switch 3-126 3 We b – Click VLAN, 802.1Q VLAN, GVRP S tatus. Enable or dis able GVRP , and click Apply . Figure 3-72. GV RP Status CLI – This examp le enabl es GVRP for the switch . Displaying Basic VLAN Inf ormation The VLAN Basic Informa tion p age displays basic in formation on the VLAN type support ed by the sw itch. Field [...]

  • Page 167

    VLAN Configu ration 3-127 3 CLI – Enter the fo llowing co mmand. Displaying Curr ent VLANs The VLAN Cu rrent T a ble show s the curr ent port mem bers of each VLAN and whether or not the port supp orts VLAN tagging. Ports assigned t o a large VLAN group th at crosses s everal sw itches shou ld use VLAN tagging. How ever , if you just want to crea[...]

  • Page 168

    Configuri ng the Switch 3-128 3 We b – Click VLAN, 802.1Q VLAN , Current T able. Select any ID from the scrol l-down lis t. Figu re 3 -74 . VLA N Cu rren t Ta bl e Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4094, n o leading zeroe s). • Type – Show s how this VLAN was added to the switc h. - Dynamic : Automa tically le a[...]

  • Page 169

    VLAN Configu ration 3-129 3 Creating VLANs Use the VLAN S tatic List to create or remo ve VLAN gr oups. T o propagate informat ion abo ut VLAN g roups used on this s witch to external networ k devices, you must spec ify a VLAN ID for each of thes e groups. Command Attributes • Current – Lists al l the cu rr ent VL AN gro ups cr eate d for this [...]

  • Page 170

    Configuri ng the Switch 3-130 3 CLI – Th is e xampl e cr eat es a new V LAN. Adding Stat ic Members to VLANs (VLAN Index) Use the V LAN S t ati c T able t o conf ig ure port memb ers for the sele cted VLAN ind ex. Assign p orts as tagged if the y are conn ected to 80 2.1Q V LAN com pliant devi ces, or untagged they are not con nected t o any VLAN[...]

  • Page 171

    VLAN Configu ration 3-131 3 • Memb ershi p Ty pe – Select VLAN membe rship for each interface by marking the appropr iate radio bu tton for a po rt or trunk: - Tagged : Interface is a mem ber of the VLAN. All pack ets transmit ted by the por t wil l b e ta gged, tha t i s, c arr y a t ag an d t her efor e ca rry V LAN o r C oS in for mati on . [...]

  • Page 172

    Configuri ng the Switch 3-132 3 Adding Stat ic Members to VLANs (Port Index) Use the VLAN S tatic Membership by Port menu to ass ign VLAN gr oups to the selected interface as a tagged me mber . Command Attributes • Inte rfac e – Port or trunk id entifier. • Member – V LANs for w hic h th e se lect ed in ter fac e is a ta gge d memb er. • [...]

  • Page 173

    VLAN Configu ration 3-133 3 Configuring VLAN Behavior f or Int erfaces Y ou can conf ig ure VL AN beh avi or fo r spe cif ic in ter fac es, i ncl udin g the de fau lt VL AN identifier ( PVID), acce pted fram e types, in gress filtering , GVRP status, and GAR P time rs . Command Usage • GVRP – GA RP VLAN Registratio n Protocol defines a way f or[...]

  • Page 174

    Configuri ng the Switch 3-134 3 • GARP Leave Timer * – The i nterval a po rt waits before leaving a VLAN gr oup. Th is time sh ould be s et to mo re than t wice the join time. This en sures that after a Leave or LeaveA ll messag e has bee n issued , the applican ts can rejo in before t he port actually leaves the gr oup. (Ra nge: 60-300 0 centi[...]

  • Page 175

    VLAN Configu ration 3-135 3 CLI – Th is examp le sets por t 3 to ac cept o nly tagge d frames , assign s PVI D 3 as t he nati ve VL AN ID, ena ble s G VR P , s ets t he GA RP t im ers, a nd t hen se ts th e s wit chp ort mode to hybr id. Configuring Pri vat e VLANs Private VLA Ns provid e port-bas ed securit y and isolati on betwee n ports within[...]

  • Page 176

    Configuri ng the Switch 3-136 3 Configuring Upli nk and Do wnlink Ports Use the P ri vate VLAN Li nk S tatu s p age to s et po rt s as dow nli nk o r up lin k po rt s. Ports design ated as d ownlin k ports can no t commun icate w ith any other ports on t he swi tch e xcept for t he upl ink port s. Upli nk po rts can co mmuni cat e wit h any o ther [...]

  • Page 177

    VLAN Configu ration 3-137 3 Configuring Protoc ol Groups Create a pr otocol group for one or more proto cols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protoco l. (Options : Ethernet , RFC_10 42, LLC_oth er) • Protocol Type – The o nly o[...]

  • Page 178

    Configuri ng the Switch 3-138 3 • Wh en a f ra me ent ers a por t t hat has bee n assi gned to a pr otoc ol VLAN, it i s process ed in the foll owing ma nner: - If the f rame is tag ged, it will be proces sed accor ding to th e standa rd rules app lied to tagged f rames. - If the fram e is untagg ed and the pr otocol type m atches , the frame is [...]

  • Page 179

    Class of Ser vice Configurati on 3-139 3 Class of Service Config uration Class of Service (CoS) allows you to specif y which data packets ha ve great er precede nce when traffic is buffered in the s witch due to congestion . This swit ch supports Co S with eight priority que ues for ea ch port. Data pack ets in a port’s high-priorit y queue will [...]

  • Page 180

    Configuri ng the Switch 3-140 3 We b – Click Priority , Default Port Prior ity or Default T runk Pri ority . Modify the default priority for any in terface, th en click Apply . Figure 3-84. Po rt Priority Configuration CLI – Th is e xampl e as si gns a defa ult pri ori ty o f 5 t o po rt 3. Console(config)#interface ethernet 1/3 4-130 Console(c[...]

  • Page 181

    Class of Ser vice Configurati on 3-141 3 Mapping CoS Value s to Egress Queues This switc h process es Class of Ser vice (Co S) priority tagge d traffic by using eigh t priority qu eues for each port , with servic e schedul es base d on strict or Weigh ted Round Ro bin (WRR ). Up to eight se parate traffic priorit ies are define d in IEEE 802.1p. Th[...]

  • Page 182

    Configuri ng the Switch 3-142 3 We b – Click Pr iority , Traf fic Clas ses. Mark an interface an d click Select to display the curren t mapping of CoS value s to output queu es. Assi gn priorities to the traffic classes (i.e., output queues) for the sele cted interf ace, then cl ick Apply . Figure 3-87 . Traffic Clas ses CLI – Th e fo llo wing [...]

  • Page 183

    Class of Ser vice Configurati on 3-143 3 Selecting the Queue Mode Y ou can se t the switc h to service the queues based on a st rict rule th at requires al l traffic in a higher pr iority queue to be proce ssed bef ore lower pr iority queue s are serviced, or use Weight ed Round -Robin (WR R) queui ng that spe cifies a re lative weight o f each que[...]

  • Page 184

    Configuri ng the Switch 3-144 3 We b – Click Pr iority , Queue Sc heduling. Sel ect the inte rface, highl ight a traffic class (i.e., output queue), ent er a weigh t, then click App ly . Figure 3-89. Queue Sc heduling CLI – The followi ng exam ple shows how to assi gn WRR wei ghts to each of the priority qu eues. Console(config)#interface ether[...]

  • Page 185

    Class of Ser vice Configurati on 3-145 3 Mapping Layer 3/4 Priori ti es to CoS Values This swi tch suppo rts several com mon me thods of prio ritizing l ayer 3/4 tr affic to meet applicat ion requirem ents. Traff ic priori ties can be sp ecified in t he IP heade r of a fra me, usin g th e pr io rit y bit s in t he T y pe of Ser vic e (T oS) o ctet [...]

  • Page 186

    Configuri ng the Switch 3-146 3 Mapping IP Pr ecedence The T ype of Se rvi ce (T oS) octet in th e IPv4 hea der incl ude s three prec eden ce bit s defining eight different priority leve ls ranging from high est priority for netwo rk control pac ket s to lo west pri ori ty f or rout in e tra ff ic . Th e de faul t I P Pr ece dence val ues ar e mapp[...]

  • Page 187

    Class of Ser vice Configurati on 3-147 3 CLI – The followi ng exam ple globally enables IP Pr ecedence service on the switch , maps IP Prec edence va lue 1 to CoS v alue 0 (on por t 1), and then di splays the IP Pre ceden ce se tti ngs . * Mapping specific values f or IP Precedenc e is implemented as an interface configurati on command, but any c[...]

  • Page 188

    Configuri ng the Switch 3-148 3 Note: IP DSCP s ettings apply to all interf aces. We b – Clic k Prior ity, IP DS CP Prio rit y . Selec t a n e ntr y fr om t he DSC P tab le , en ter a value in th e Class of Serv ice V alu e field, then click Appl y . Figure 3-94. Mapp ing IP DSCP Priority CLI – The followi ng exam ple globall y enables D SCP Pr[...]

  • Page 189

    Class of Ser vice Configurati on 3-149 3 Mapping IP Por t Priori ty Y ou can also map ne twork app lications to C lass of Ser vice value s based on the IP port numb er (i.e., TCP/UDP port num ber) in the frame he ader. Some of th e more common TC P service ports include: HT TP: 80, FTP: 21 , T elnet: 23 and POP3: 1 10. Command Attributes • IP P o[...]

  • Page 190

    Configuri ng the Switch 3-150 3 CLI – The followin g exampl e globally ena bles IP Po rt Priority serv ice on the swi tch, maps HTTP traffic on p ort 5 to CoS value 0, and th en disp lays all the IP Por t Priority settings for that port . * Mapping specific values f or IP Port Priority is implement ed as an interfac e configuration command, but a[...]

  • Page 191

    Class of Ser vice Configurati on 3-151 3 We b – Click Priority , ACL CoS Priority . Enable mappin g for any port, select an ACL from the scro ll-down list, then click Apply . Figure 3-96. A CL CoS Priori ty CLI – Th is ex ampl e as si gns a CoS v alue of z ero to p ac ket s ma tch ing r ul es wi thi n the specif ied ACL on po rt 24. Changing Pr[...]

  • Page 192

    Configuri ng the Switch 3-152 3 Command Attributes • Port – Port i dentifier. •N a m e 1 – Name of AC L. • Type – Type of ACL (IP or MAC) . • Preceden ce – IP Pr ecedence value. (Ran ge: 0-7) • DSCP – D ifferenti ated Se rvices C ode P oint val ue. (R ange: 0-63) • 802.1p Pr iority – Class of Service value in the IEEE 802.1p[...]

  • Page 193

    Quality of Service 3-153 3 Quality of Service The comm ands des cribed in thi s section ar e used to conf igure Qu ality of Serv ice (QoS) classi fication cri teria and serv ice policies. Diffe rentiated Serv ices (Dif fServ) provides po licy-ba sed ma nageme nt mechani sms use d for priori tizing netw ork resourc es to meet the requir ements of sp[...]

  • Page 194

    Configuri ng the Switch 3-154 3 Use the Pol icy Map page to specify a po licy map. The n use the C lass Map page t o conf igu re a p oli cy ma p. An d fi nall y , use t he se t and police co mman ds to specify t he match crit eria, wher e the: - set - classifies the service that an IP packet will receive. - police - defines the maximum throughput, [...]

  • Page 195

    Quality of Service 3-155 3 Web – Click QoS, D iffServ , th en click Ad d Class to c reate a new clas s, or Edit R ules to change the rules of an existing cl ass. Figur e 3-98. Config uring Class M aps CLI - This exampl e create s a class map c all “rd-cla ss,” and sets it to m atch packets marked for DSCP service value 3. Console(config)#clas[...]

  • Page 196

    Configuri ng the Switch 3-156 3 Creating QoS Policies This funct ion create s a policy m ap that can be attached to mu ltiple inter faces. Create a po licy map , specify the name of the po licy map, and then u se the class parameter s to c onfigure policies for traffic that matc hes criter ia def ined in a cl ass map. A policy ma p can contain m ul[...]

  • Page 197

    Quality of Service 3-157 3 Policy T able - Policy Nam e — Name of policy ma p. - Class N ame — Nam e of class m ap. - Action — Cla ssifica tion of IP traf fic by Co S, DSCP , or IP Precedence. - Meter — Defines the maximu m throughput, burst rate, and the actio n that results fro m a po li cy v iolat io n. - Rate (b ps) — Rat e in kilobit[...]

  • Page 198

    Configuri ng the Switch 3-158 3 We b – Click QoS, Dif fServ , Policy Map t o display the li st of existi ng policy map s. T o add a new policy map cl ick Add Po licy . T o conf igure the po licy rule se ttings click Ed it Classes. Figure 3-99. Configuring Polic y Maps[...]

  • Page 199

    Quality of Service 3-159 3 CLI – This exam ple c reates a poli cy ma p called “rd-pol icy ,” sets the averag e bandwidth the 1 Mbps, the bur st rate to 15 22 bps, and the re sponse to drop any violating packets. Attachin g a Policy M ap to Ingress and Egres s Queues Thi s fu ncti on a ppl ies a po licy map def ine d in the Poli cy Map, Pol ic[...]

  • Page 200

    Configuri ng the Switch 3-160 3 Multicast Filtering Multicast ing is used t o supp ort r eal-time applicat ions suc h as videoc onferenci ng or streaming audio. A multicas t server do es not ha ve to establish a se parate conn ection with each client. It merely bro adcasts it s serv ice to the network , and any ho sts that wan t to receive th e mul[...]

  • Page 201

    Mult icast Filt ering 3-161 3 Configuring IG MP Snooping and Query Pa rameters Y ou can co nfigure t he switch to for ward mul ticast traffic int elligently . Based on the IGMP quer y an d re por t mess age s, th e swi tch for war ds tr af fi c on ly to the por ts that request multicast tr affic. This preve nts the switch from broa dcasting t he tr[...]

  • Page 202

    Configuri ng the Switch 3-162 3 We b – Click IGMP Snooping, IGMP Co nfiguration. Adjust th e IGMP settings as required , and then click Apply . (The default set tings are sho wn belo w .) Figure 3-101. IGMP Configurat ion CLI – Th is examp le mo difies the settin gs for m ulticast filtering, and th en disp lays the current status . Displaying I[...]

  • Page 203

    Mult icast Filt ering 3-163 3 We b – Click IGMP Snooping, Multi cast Router Port Information. Select the required VLAN ID from the sc roll -do wn lis t to di spl ay th e asso ciat ed mul tic ast route rs. Figure 3- 102. Mu lticast R outer Port Inform ation CLI – This examp le show s that Port 1 1 has been staticall y configur ed as a port attac[...]

  • Page 204

    Configuri ng the Switch 3-164 3 We b – Click IGMP Snooping, S ta tic Multicast Router Port Configuration. Sp ecify the interfaces attached t o a mu lticast router, indicate th e VLAN w hich will forward all the corres ponding multicast traffic, and then click Add. After you ha ve finishe d adding interface s to the list, click Apply . Figure 3-10[...]

  • Page 205

    Mult icast Filt ering 3-165 3 We b – Click IGM P Snoo ping, IP Mul ticast Regis tration T a ble. Selec t a VLAN ID and the IP add ress for a m ulticast ser vice from t he scroll-do wn lists. The sw itch will display al l the interfac es that are p ropagating t his multic ast service. Figure 3-104. IP Multicast Registration Ta ble CLI – This exa[...]

  • Page 206

    Configuri ng the Switch 3-166 3 Command Attribute • Inte rfac e – Acti vates the Po rt or Trunk sc roll down list. • VLAN ID – Sele cts the VLAN to propagate al l multicast tr affic coming from the attached multicast ro uter/switc h. • Multicast IP – T he IP addr ess for a sp eci fic mul tic ast serv ice • Port or Trunk – Spec ifies[...]

  • Page 207

    Configuring Dom ain Name Serv ice 3-167 3 Configuring Genera l DNS Server Parameters Command Usage • T o enable DNS service on this switch, first configur e one or m ore name servers, and then e nable doma in looku p status. • T o append dom ain names to incompl ete hos t names rec eived from a D NS clien t (i. e., not forma tt ed wi th do tted[...]

  • Page 208

    Configuri ng the Switch 3-168 3 We b – Select DN S, General C onfigurat ion. Set the def ault dom ain name or list of domain nam es, spe cify one or more nam e servers t o use to use for address resolution , enable domain lo okup status, a nd click Appl y . Figure 3-106 . DNS Configurat ion CLI - Th is exa mple set s a defa ult domai n name an d [...]

  • Page 209

    Configuring Dom ain Name Serv ice 3-169 3 Configuring Sta tic DNS Host to Address Entries Y ou can m anually co nfigure stati c entries in t he DNS table th at are used to map domain names to IP addresse s. Command Usage • Static ent ries may be used for loc al devices connect ed directly t o the attach ed net work, or for commo nl y used res our[...]

  • Page 210

    Configuri ng the Switch 3-170 3 We b – Select DN S, S tatic Host T abl e. Enter a hos t name and on e or more corres ponding addres ses, the n click Apply . Figure 3-107. DNS St atic Host Table CLI - Th is ex ampl e ma ps t wo addr ess to a host nam e, a nd th en co nf igur es a n al ias host nam e for the sam e add resses. Console(config)#ip hos[...]

  • Page 211

    Configuring Dom ain Name Serv ice 3-171 3 Displaying the DNS Cache Y ou can disp lay entr ies in the DNS cache tha t have been learned via the desi gnated name se rvers. Field Attributes •N o – The entr y number fo r each resour ce recor d. • Flag – Th e flag is alway s “4” indicat ing a cach e entry and th erefore unr eliable. • Type[...]

  • Page 212

    Configuri ng the Switch 3-172 3 CLI - This examp le displays all the reso urce reco rds learne d from the designated name se rvers. Console#show dns cache 4-128 NO FLAG TYPE IP T TL DOMAIN 0 4 CNAME 207.46.134.222 5 1 www.microsoft.akadns.net 1 4 CNAME 207.46.134.190 5 1 www.microsoft.akadns.net 2 4 CNAME 207.46.134.155 5 1 www.microsoft.akadns.net[...]

  • Page 213

    4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Com mand Line Interface (CLI). Using the Command Line Interface Acces sing the C LI When acc essing t he manag ement interface fo r the switch over a direc t connect ion to the serve r ’s console por t, or via a T elnet con nection, the switch ca n be manag ed by enter [...]

  • Page 214

    Command Line Interface 4-2 4 T o access the switch thr ough a T elnet ses sion, you m ust firs t set the IP addr ess for the switch , and set the default gat eway if yo u are man aging the swi tch from a different IP su bnet. For exa mple, If your cor porate net work is con nected to an other ne twork outside your office or to the Int ernet, y ou n[...]

  • Page 215

    Entering C ommands 4-3 4 Entering Commands Thi s sect ion de scri bes how to en ter CL I comman ds. Keywords a nd Arguments A CLI comma nd is a ser ies of keywords and argum ents. Keywo rds identify a comm and, and argu ments spec ify configu ration parame ters. For exam ple, in the comma nd “sho w in terf aces st at us et her net 1/5 ,” show i[...]

  • Page 216

    Command Line Interface 4-4 4 Showing Com mands If you ente r a “?” at the co mmand prompt, th e system will displa y the first leve l of keywords for the curr ent comm and clas s (Normal Exec or Privil eged Exec) or configur ation class ( Global, ACL, Interface, Li ne, VLAN Datab ase, or MSTP ). Y ou can also display a list of valid keyw ords f[...]

  • Page 217

    Entering C ommands 4-5 4 Partial Keyw ord Lookup If you termi nate a partial keyw ord with a questio n mark, alte rnatives that match th e initial lette rs are provi ded. (Re member no t to leave a space between t he comm and and quest ion mark. ) For examp le “ s? ” shows all the keywor ds starting wit h “s.” Negating the Effect of Comma n[...]

  • Page 218

    Command Line Interface 4-6 4 Exec Comm ands When you open a new console se ssion on the switch wi th the user na me and pas swo rd “ guest ,” the syst em ente rs th e Nor mal Exec comm and m ode ( or g ues t mode ), d ispl ay ing the “ Con sole >” c omman d pr ompt. Onl y a limi ted numb er o f t he comm ands are av ailable in t his mode[...]

  • Page 219

    Entering C ommands 4-7 4 T o enter th e Global Configu ration m ode, e nter the comm and co nfigure in Privileged Exec mode. The sys tem prompt will change to “Console (config)#” whi ch gives you access pr ivilege to all Global Con figurat ion comm ands. T o enter the other modes, at the configu ration pr ompt type one of the follow ing comm an[...]

  • Page 220

    Command Line Interface 4-8 4 Ctrl-F Shifts c ursor t o the right one ch aracter. Ctrl-K Deletes al l chara cters fr om the cur sor to t he end of the lin e. Ctrl -L Repe ats cu rr ent co mman d li n e on a new l ine. Ctrl-N Enters the ne xt comman d line in the h istory buffer. Ctrl-P Enters the last co mmand. Ctrl -R Repe ats curr ent comm and li [...]

  • Page 221

    Command Group s 4-9 4 Command Groups The syst em com mands can be b roken do wn into the fun ctional g roups shown below . T able 4- 4. Comm and Gr oups Comman d Grou p De scripti on Pag e Line Se ts commun ication paramete rs for t he serial p ort and T elne t, including bau d r ate and conso le time -ou t 4-10 General Basic com mands for enteri n[...]

  • Page 222

    Command Line Interface 4-10 4 The access mode sho wn in the fo llowing table s is indicate d by these ab breviation s: NE (Nor mal Exec ) IC (Inter face Co nfigurati on) PE (Privileg ed Exec) LC (Li ne Configur ation) GC (Global Configur ation) VC (VLAN Databa se Config uration) ACL (Access Control List Configu ration) MST (Multip le S panning Tree[...]

  • Page 223

    Line Command s 4-11 4 Default Sett ing Ther e is no defa ult line . Command Mode Global Co nfigurat ion Command Usage T e lnet is consid ered a virtua l terminal conn ection and w ill be shown as “Vty” in screen disp lays suc h as show use rs . How ever , the serial co mmuni catio n parameter s (e.g., databits) do not affect T elnet connect ion[...]

  • Page 224

    Command Line Interface 4-12 4 Command Usage • There are three authe ntication modes pr ovided by the switch its elf at login: - log in sele cts auth entication by a single global pass word as specified by th e password li ne configur ation com mand. Wh en using t his meth od, the management inte rface starts in Normal Ex ec (NE) mode. - login loc[...]

  • Page 225

    Line Command s 4-13 4 Command Usage • When a con nection i s sta rted on a line with pa sswor d prot ection, the sy stem promp ts for the passw ord. If you enter the correct pas sword , the syste m shows a prompt. You ca n use the password -t hresh comman d to set the number of ti mes a user can ent er an incor rect pas sword before the system te[...]

  • Page 226

    Command Line Interface 4-14 4 Example T o set the timeo ut to two minu tes, enter this comma nd: exec-timeout This comm and se ts the interval that the system waits until user input is de tected. Use t he no form to re store the d efault. Syntax exec-tim eout [ seconds ] no exec-time out seconds - Integer that specifies the number of seconds. (Rang[...]

  • Page 227

    Line Command s 4-15 4 Command Mode Line Co nfigurat ion Command Usage • When th e logon att empt thres hold is rea ched, th e system i nterface become s silent for a specified am ount of time before allow ing the nex t logon attem pt. (Use the silent-time com man d to set this in terv al.) Wh en th is thre sho ld is reached for Telnet, the Te lne[...]

  • Page 228

    Command Line Interface 4-16 4 databits This comm and sets the num ber of d ata bits per character that are inte rpreted and generat ed by the co nsole port . Use the no f orm to resto re th e defau lt value. Syntax da tab i ts { 7 | 8 } no databit s • 7 - Seven data b its per char acter. • 8 - Eig ht data bits p er character. Default Sett ing 8[...]

  • Page 229

    Line Command s 4-17 4 Command Usage Commu nication protocols provided by devices such as te rminals and mode ms often require a sp ecific parity bi t setting. Example T o specify no parity , enter this command: speed This comm and sets the te rminal line’s ba ud rate. This co mman d sets both the transmi t (to termina l) and recei ve (from termin[...]

  • Page 230

    Command Line Interface 4-18 4 Default Sett ing 1 stop bit Command Mode Line Co nfigurat ion Example T o specify 2 stop bi ts, enter this com mand : disco nnect Use this command t o terminat e an SSH, T elnet, or co nsole co nnection. Syntax disconnect sessio n-id sessio n-i d – The s ession identifier for an SSH, T elnet or con sole connection. ([...]

  • Page 231

    General Command s 4-19 4 Command Mode Normal Exec, Privileged Exec Example T o show all lines, enter this co mmand : General Commands enab le Thi s com mand act ivat es P rivi leg ed E xec m ode. In priv ile ged mode , ad diti onal comm ands are availabl e, and c ertain comm ands di splay a dditiona l informa tion. See “Unders tanding Comm and Mo[...]

  • Page 232

    Command Line Interface 4-20 4 Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “super ” is the d efault p assword required to chan ge the c omma nd mode from Normal Exec to Pr ivileged Exec. (To s et this password, s ee the enable password command on pa ge 4-26 .) • The “#” ch aracter is appended to the end of th e pro[...]

  • Page 233

    General Command s 4-21 4 prior to en abling some o f the other c onfigura tion mode s, including Interfac e Configu ration, Line C onfigurat ion, VLAN Database Conf iguration, and Multiple S panning Tree Configurat ion. See “Und erstanding Command Modes” on page 4-5. Default Sett ing None Command Mode Privileged Exec Example Related Commands en[...]

  • Page 234

    Command Line Interface 4-22 4 mode s. In t his ex ampl e, t he !2 com mand re peats the secon d com mand in the Exec uti on his tor y buf fe r ( config ). reload This comm and restarts the sy stem. Note: When the system is res tarted, it will always run the Power-On Self-Test. It will also retain all configuration info rmation stored in non- volati[...]

  • Page 235

    System Management C ommands 4-23 4 Default Sett ing None Command Mode Any Example This examp le shows ho w to return t o the Privilege d Exec mod e from the Gl obal Configu ration mode , and then quit the CLI session: quit This c ommand exits the configu ration program. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage T[...]

  • Page 236

    Command Line Interface 4-24 4 Device Des ignation Comma nds prompt This comm and cust omizes th e CLI prom pt. Use the no f orm to re store the de fault prompt. Syntax prompt string no prompt string - Any alphanum eric string to use for th e CLI prompt. (Maximum length: 255 characters) Default Sett ing Console Command Mode Global Co nfigurat ion Ex[...]

  • Page 237

    System Management C ommands 4-25 4 hostname This comm and sp ecifies or m odifies the host nam e for this de vice. Use th e no form to restor e the defaul t host name . Syntax hostnam e name no hostname name - The name of this host. (Maxi mum length: 255 characters) Default Sett ing None Command Mode Global Co nfigurat ion Example User A ccess C om[...]

  • Page 238

    Command Line Interface 4-26 4 •{ 0 | 7 } - 0 mean s plain pass word, 7 m eans encr ypted pas sword . • password pass word - Th e authenti cation pas sword for th e user. (Maxim um lengt h: 8 charact ers plain text , 32 encryp ted, cas e sensitiv e) Default Sett ing • The defau lt access leve l is Norma l Exec. • The fact ory defaul ts for t[...]

  • Page 239

    System Management C ommands 4-27 4 Command Mode Global Co nfigurat ion Command Usage • You c annot s et a n ull pass word. Yo u will have to enter a pass word to change the comm and mode from Norm al Exec to Priv ileged Exec with the enable comma nd (p age 4- 19). • The enc rypted pass word is re quired for compati bility with le gacy pass word[...]

  • Page 240

    Command Line Interface 4-28 4 Command Mode Global Co nfigurat ion Command Usage • If anyo ne tries to a ccess a manage ment int erface on the sw itch from a n inval id address , the swit ch will re ject the co nnectio n, enter an event m essage i n the system l og, and sen d a trap mess age to the trap manag er. • IP addres s can be confi gured[...]

  • Page 241

    System Management C ommands 4-29 4 Example Web Server Com mands ip http port This comm and speci fies the TCP port numbe r used by the Web brow ser interfac e. Use t he no form to us e the defaul t port. Syntax ip http port port- number no ip http port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett in[...]

  • Page 242

    Command Line Interface 4-30 4 Example Related Commands ip http server (4-30) ip http serv er This c ommand allows this d evice to be mon itored o r confi gured fr om a brows er . Use the no form to disable this function . Syntax [ no ] ip http ser ver Default Sett ing Enabled Command Mode Global Co nfigurat ion Example Related Commands ip htt p por[...]

  • Page 243

    System Management C ommands 4-31 4 • When you start HTTPS, the c onnection is established in this way: - The client authe nticates the server us ing the ser ver’s digit al certifica te. - The client and server negot iate a set o f security protocol s to use for the connect ion. - The client and se rver generat e session key s for encr ypting an[...]

  • Page 244

    Command Line Interface 4-32 4 Command Usage • You can not configur e the HTT P and HTTPS servers to us e the sam e port. • If you chang e the HTT PS port numb er, clien ts attempt ing to connec t to the HTTPS server must specif y the port number in the URL, in this format : https:// device : port_n umbe r Example Related Commands ip ht tp secu [...]

  • Page 245

    System Management C ommands 4-33 4 The SSH se rver on th is switch su pports both pass word and public key authenti cation. If password auth enticatio n is specifie d by the S SH client, the n the password can be auth enticate d either loca lly or via a RAD IUS or T ACACS+ r emote authenti cation ser ver , as specified by the auth entication lo gin[...]

  • Page 246

    Command Line Interface 4-34 4 00609025 3948408 4827178 19437228840 25331 1595213486 1022902 9789827 213532671 31629432 5328189 1504530 6393916643 s teve@192. 168.1 .19 4. Set the Optio nal Paramete rs – Set other optional p arameters , includi ng the authenti cation tim eout, the number of re tries, and th e server key size. 5. Ena ble SSH Servic[...]

  • Page 247

    System Management C ommands 4-35 4 Example Related Commands ip ssh crypt o host -key g enerate (4-37) show ss h (4-39 ) ip ssh tim eout Use this co mmand to confi gure the ti meout for the SSH server . Use the no form to restore t he default setting. Syntax ip s sh timeout seconds no ip ssh time out seconds – The timeout for client re sponse duri[...]

  • Page 248

    Command Line Interface 4-36 4 ip ssh au thenticati on-retries Use this command t o configur e the num ber of times the SSH se rver attemp ts to rea uthe nti cat e a user . Use th e no form to restore t he default setting. Syntax ip s sh auth entication- retries count no ip ssh au thenticat ion-retr ies count – The num ber of authentication attemp[...]

  • Page 249

    System Management C ommands 4-37 4 delete pub lic-key Use t his co mmand to del ete th e spec ifi ed user’ s publ ic ke y . Syntax delete public-key us ernam e [ ds a | rsa ] • usernam e – Name of an SSH user . (Range: 1 -8 characte rs) • dsa – DSA pu blic key type. • rsa – RSA p ublic key ty pe. Default Sett ing Deletes both the DSA [...]

  • Page 250

    Command Line Interface 4-38 4 Related Commands ip ssh crypt o ze roiz e (4-3 8) ip ssh sav e host-ke y (4-3 8) ip ssh cry pto zeroize Use this command t o clear the ho st key from memo ry (i.e. RAM) . Syntax ip ssh cryp to zero ize [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Default Sett ing Clears bo th the DSA and RSA ke y [...]

  • Page 251

    System Management C ommands 4-39 4 Example Related Commands ip ssh crypt o host -key g enerate (4-37) show ip ssh Use this command to display th e conne ction setting s used wh en authen ticatin g client acces s to the SSH s erver . Command Mode Privileged Exec Example show ss h Use this command t o display th e current SS H serve r connecti ons. C[...]

  • Page 252

    Command Line Interface 4-40 4 show pub lic-key Use this command t o show the pu blic key for the specifi ed user or for the host. Syntax show p ublic-key [ user [ usernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys . Command Mode Privileged Exec Command Usage • I f no para met ers [...]

  • Page 253

    System Management C ommands 4-41 4 Example Event Loggi ng Commands logging on This comm and cont rols loggin g of error m essages, sending debug or er ror messag es to switch mem ory . The no form di sabl es the logg ing pr oce ss. Syntax [ no ] logging on Default Sett ing None Command Mode Global Co nfigurat ion Console#show public-key host Host: [...]

  • Page 254

    Command Line Interface 4-42 4 Command Usage The logging process co ntrols er ror messag es save d to switch m emory . Y o u can use the logging history command to con trol the type of error mes sages that are st ored. Example Related Commands logging hi story (4- 42) clear logg ing (4-44) logging his tory This com mand limi ts syslog me ssage s sav[...]

  • Page 255

    System Management C ommands 4-43 4 Command Mode Global Co nfigurat ion Command Usage The messa ge leve l sp eci fied f or fl ash memo ry mu st b e a high er p rior it y ( i.e. , numerica lly lower) than that speci fied for RAM. Example logging hos t This comm and ad ds a syslog ser ver host IP addres s that will recei ve logg ing messag es. Use th [...]

  • Page 256

    Command Line Interface 4-44 4 Command Mode Global Co nfigurat ion Command Usage The comm and spec ifies the fac ility type tag sent in syslog mes sages. (S ee RFC 3164. ) This type has no effect on th e kind of mes sages rep orted by the switch . Howeve r , it may be use d by the sysl og serve r to sort me ssages or to store mes sages in the corres[...]

  • Page 257

    System Management C ommands 4-45 4 Command Mode Privileged Exec Example Related Commands show logg ing (4-45) show log ging This comm and disp lays the lo gging con figuratio n, along w ith any system and ev ent messa ges stor ed in me mory . Syntax sh ow lo ggin g { flash | ram | sendmail | tr ap } • flas h - Event hist ory sto red in flash mem [...]

  • Page 258

    Command Line Interface 4-46 4 The follow ing exam ple displays settings for the trap fu nction. Related Commands show logg ing sendm ail (4-49) SMTP Alert Commands Conf ig ures SMTP ev ent ha ndl ing, and forw ardi ng of aler t mess age s to t he spe cif ied SMTP ser vers and ema il recipien ts. T able 4-18 . System Lo gging Paramete rs Field Desc [...]

  • Page 259

    System Management C ommands 4-47 4 logging sendmail h ost This co mmand sp ecifies SMTP se rvers t hat will b e sent a lert me ssages. U se the no form to r emove an SMTP se rver . Syntax [ no ] logging sendmail host ip_addres s ip_address - IP address of an SMTP server that will be sent alert messages for event handling. Default Sett ing None Comm[...]

  • Page 260

    Command Line Interface 4-48 4 Command Mode Global Co nfigurat ion Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to t he configured email recip ients. (For example, usi ng Level 7 wil l report all e vents fr om level 7 to le vel 0.) Example This examp le will sen d email aler ts for s[...]

  • Page 261

    System Management C ommands 4-49 4 Command Mode Global Co nfigurat ion Command Usage Y ou can spe cify up to five recipien ts for alert messa ges. Ho wever , you mus t enter a se parate comm and to spe cify each re cipient. Example logging se ndmail This comm and enable s SMTP even t handling . Use the no form to disable this func tio n. Syntax [ n[...]

  • Page 262

    Command Line Interface 4-50 4 Time Commands The syste m clock can be dynami cally set by p olling a set of specif ied time ser vers (NT P or S NTP ). sntp clien t This comm and enable s SNTP clien t requests for time synchronizat ion from N TP or SNTP time se rvers sp ecified with the sntp se rvers co mmand. Us e the no form to disable SNTP c lient[...]

  • Page 263

    System Management C ommands 4-51 4 Example Related Commands sntp ser ver (4-5 1) sntp p oll (4- 52) show sn tp (4-52 ) sntp serv er This comm and sets the IP address of th e servers to which SNTP tim e reques ts are issued. U se the this com mand w ith no arg uments to clear all time serve rs from the current l ist. Syntax sntp server [ ip1 [ ip2 [[...]

  • Page 264

    Command Line Interface 4-52 4 sntp poll This comm and sets the in terval betw een send ing time requests when the switch is set to SNTP client mode. Use the no form to res tore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16- 16384 seconds) Default Sett ing 16 seco nds Command Mode Global C[...]

  • Page 265

    System Management C ommands 4-53 4 cloc k time zon e This comm and se ts the time zone for the switch ’s internal clock. Syntax clock timezone name hou r hours minute minutes { before -utc | af ter-ut c } • name - Nam e of timezo ne, usua lly an acron ym. (Ra nge: 1-29 charact ers) • hours - Num ber of hour s before /after UTC . (Range: 1-12 [...]

  • Page 266

    Command Line Interface 4-54 4 Default Sett ing None Command Mode Privileged Exec Example This examp le show s how to set the system clock to 15: 12:34, Feb ruary 1st, 2002. show ca lendar This comm and disp lays the system cl ock. Default Sett ing None Command Mode Normal Exec, Privileged Exec Example System Stat us Comma nds show sta rtup-config T[...]

  • Page 267

    System Management C ommands 4-55 4 Command Usage • Use this comm and in co njunction w ith the s how running-conf ig command to compar e the inform ation in runn ing memo ry to the information stored in non-volatile memory. • This co mmand displays settings for ke y comman d mo des. Each mode group is s epa rate d by “!” sym bols , an d in [...]

  • Page 268

    Command Line Interface 4-56 4 Example Related Commands show runni ng-con fig (4-57) Console#show startup-config building startup-config, please wait..... ! sntp server 0.0.0.0 0.0.0.0 0.0.0.0 ! snmp-server community public ro snmp-server community private rw ! snmp-server group DefaultROGroup v1 read defaultview write none snmp-server group Default[...]

  • Page 269

    System Management C ommands 4-57 4 show runn ing-config This comm and disp lays the con figurat ion inform ation curr ently in use. Default Sett ing None Command Mode Privileged Exec Command Usage • Us e thi s com mand in co njun cti on wit h t he show startup-co nfig comman d to compar e the inform ation in runn ing memo ry to the information st[...]

  • Page 270

    Command Line Interface 4-58 4 Example Related Commands show startu p-config (4-54) Console#show running-config building running-config, please wait..... ! sntp server 0.0.0.0 0.0.0.0 0.0.0.0 ! ! snmp-server community public ro snmp-server community private rw ! snmp-server group DefaultROGroup v1 read defaultview write none snmp-server group Defaul[...]

  • Page 271

    System Management C ommands 4-59 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descr iption of th e items sh own by this command, refer to “D isplaying System In formatio n” on page 3-8. • Th e POST resul ts shoul d al l di spla y “P ASS.” I[...]

  • Page 272

    Command Line Interface 4-60 4 show us ers Shows all acti ve cons ole an d T elnet s ession s, includi ng use r nam e, idle time, a nd IP address of T el net client. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The sess ion use d to ex ecute t his co mman d is indica ted by a “*” symbol next to the Line (i.e ., s[...]

  • Page 273

    System Management C ommands 4-61 4 Example Frame Size Comman ds jumbo frame This comm and enabl es suppo rt for jumbo frames. Us e the no form to di sabl e it. Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • This swi tch provid es more effi cient throug hput for large seque ntial dat a trans[...]

  • Page 274

    Command Line Interface 4-62 4 Example Flash/File Commands These c omman ds a re use d to ma nage the s ystem code o r conf iguration files. copy This comm and mov es (uplo ad/downloa d) a cod e image or co nfigurati on file between t he switch’s flash m emory and a TFTP se rver . When you sa ve the sys tem code or con figuratio n setting s to a f[...]

  • Page 275

    Flash/File C ommands 4-63 4 Default Sett ing None Command Mode Privileged Exec Command Usage • The sy stem prompts fo r data r equired to co mplete the copy command. • The de stination fi le name s hould no t conta in slashe s ( or /) , the lead ing letter of the file na me should no t be a period (.), and the maximum length fo r file names on[...]

  • Page 276

    Command Line Interface 4-64 4 The follow ing exampl e shows how to downl oad a conf iguration f ile: This examp le shows ho w to cop y a secure-si te certifica te from an TFTP server. It then r eboots the switc h to activate the c ertificate : This examp le shows ho w to copy a pub lic-key used by SSH from an TFTP serv er . Note that pu blic key au[...]

  • Page 277

    Flash/File C ommands 4-65 4 Command Usage • If the file type i s used for system startu p, then this f ile cannot b e deleted. • “ Fac tory_ Def ault _Co nfi g.c fg” c ann ot be de leted . Example This exa mple sho ws how to delete the tes t2.cfg co nfigurati on file fro m flash memory . Related Commands dir (4-65) delete p ublic-ke y (4 -6[...]

  • Page 278

    Command Line Interface 4-66 4 Example The follow ing exam ple shows how to disp lay all file inform ation: whichboo t This c ommand displ ays w hich file s were booted when the s ystem powe red up. Default Sett ing None Command Mode Privileged Exec Example This examp le show s the inform ation displ ayed by th e whichboot comm and. See the table un[...]

  • Page 279

    Authentication C ommands 4-67 4 Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • A colon (:) is required af ter the spec ified file type. • If the file cont ains an err or, it cannot be set as the def ault file. Example Related Commands dir (4-65) whi chboo t (4 -66) Authentication Commands Y ou can co nfigure t his swi[...]

  • Page 280

    Command Line Interface 4-68 4 authentica tion login This co mmand d efines the logi n authe ntication method a nd pr ecedenc e. Use t he no form to rest ore the d efault. Syntax authenti cation logi n {[ local ] [ r adius ] [ tacacs ]} no authenticat ion login • loc al - Use local password. • radius - Use RADIUS server passwor d. • t acacs - [...]

  • Page 281

    Authentication C ommands 4-69 4 authentica tion ena ble This comm and define s the aut henticat ion metho d and prece dence to use when changin g from Exec com mand m ode to Privileg ed Exec comm and mod e with the enable co mmand (see page 4-19). Use the no form to resto re the defau lt. Syntax authenti cation ena ble {[ loc al ] [ radius ] [ t ac[...]

  • Page 282

    Command Line Interface 4-70 4 RADIUS Client Remote Authentic ation Dial-in User Service (RADIUS ) is a logon authe ntication protoc ol that uses softw are runn ing on a centr al server t o control ac cess to RADIUS- aware dev ices on th e network. An authenti cation server contains a database of m ultiple user name/ password pairs w ith associ ated[...]

  • Page 283

    Authentication C ommands 4-71 4 Command Mode Global Co nfigurat ion Example radius- server key This comm and sets the R ADIUS en cryption key . U se the no form to restor e the default. Syntax radi us-s erve r key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use bl ank spaces in th[...]

  • Page 284

    Command Line Interface 4-72 4 radius- server tim eout This comm and sets the in terval betw een transm itting au thentica tion reque sts to the RADIUS server . Use the no for m to res tore th e def au lt. Syntax radius-server t imeout numb er_of_ seconds no radius-server timeou t number_of_seconds - Number of se conds the switch waits for a r eply [...]

  • Page 285

    Authentication C ommands 4-73 4 TACACS+ Client T ermina l Access Contro ller Access Control System (T ACAC S+) is a logon authenti cation pro tocol tha t uses software running on a ce ntral ser ver to control access t o T ACA CS-a ware devi ces on the network. An au thentica tion serve r contains a d atabase o f multipl e user name/ password pairs [...]

  • Page 286

    Command Line Interface 4-74 4 Command Mode Global Co nfigurat ion Example tacacs-se rver key This comm and sets the T ACACS+ enc ryption k ey . U se the no form to restor e the default. Syntax t aca cs-serv er key ke y_stri ng no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces[...]

  • Page 287

    Authentication C ommands 4-75 4 Po rt S e cu ri t y Co m m a nds These com mands can be use d to disabl e the learning function or manuall y specify secure ad dresses for a port. Y ou may wan t to leave po rt security off for an initial training per iod (i.e., ena ble the lea rning func tion) to register all the curre nt VLAN memb ers on the sel ec[...]

  • Page 288

    Command Line Interface 4-76 4 • To use po rt security , first allow t he switch to dynamical ly learn the <sourc e MAC ad dress, VLAN > pair for frames re ceived o n a port for an initial trainin g period, an d then enab le port sec urity to stop address l earning. Be sure you enable the learning f unction long e nough to en sure tha t all [...]

  • Page 289

    Authentication C ommands 4-77 4 authentica tion dot1x default This comm and sets the def ault auth enticatio n server typ e. Use the no form to restore t he default . Syntax authenticat ion dot1x default radius no authent ication dot1x Default Sett ing RADIUS Command Mode Global Co nfigurat ion Example dot1x default This c ommand sets al l confi gu[...]

  • Page 290

    Command Line Interface 4-78 4 dot1x max- req This co mmand sets the m aximum number of times the sw itch por t will ret ransmit an EAP request/identity packet to the client before it times out the authentication session . Use the no form to res tore th e defau lt. Syntax dot1x ma x-req count no dot1x max- req count – The m aximum number o f reque[...]

  • Page 291

    Authentication C ommands 4-79 4 dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X- aut hori zed po rt. Use th e no form with no ke yword s to restore th e default to single h ost. U se the no form with the multi-host max-count key words to restore the default max imum count. Syntax dot1x o perati[...]

  • Page 292

    Command Line Interface 4-80 4 dot1x re-aut henti cati on This comm and enabl es periodi c re-auth entication globally for al l ports. Use the no form to disa ble re-aut henticat ion. Syntax [ no ] dot1x re-a uth enti cati on Command Mode Global Co nfigurat ion Example dot1x timeout quiet- period This comm and se ts the time that a sw itch port wait[...]

  • Page 293

    Authentication C ommands 4-81 4 Command Mode Global Co nfigurat ion Example dot1x timeout tx-perio d This comm and sets the time tha t the switch waits during an authe ntication session before re-t ransmittin g an EAP packet. Use the no form to reset to the default value. Syntax dot1x ti meout tx-p eriod seconds no do t1x tim eou t tx-p erio d seco[...]

  • Page 294

    Command Line Interface 4-82 4 Command Usage This command displays the following information: • Global 8 02.1X Par ameters – Displa ys the globa l port acce ss contro l param eters that can be config ured for this switch as des cribed in t he preceding pages, i ncluding r eauth-ena bled (pag e 4-80), re auth-pe riod (page 4- 80), quiet-p eriod ([...]

  • Page 295

    Access Control List Commands 4-83 4 Example Access Control List Com mands Access C ontrol Lists (ACL) provide packet filte ring for I P frames (based on ad dress, protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC address or Et hernet type ). To filter pac kets, first crea te an acces s list, add the re qu[...]

  • Page 296

    Command Line Interface 4-84 4 • MAC ACL mode (MAC- ACL) filter s packets bas ed on the sou rce or des tination MAC ad dress and the Ethernet f rame type (R FC 1060 ). The follow ing restric tions apply to ACLs: • This swi tch supp orts ACLs fo r both ing ress and e gress fil tering. How ever, you can only bind on e IP ACL an d one MAC ACL to an[...]

  • Page 297

    Access Control List Commands 4-85 4 IP ACLs access-l ist ip This co mmand adds an IP acce ss lis t and e nters con figuratio n mode for stan dard or extende d IP ACLs . Use the no form to remove the specified ACL. Syntax [ no ] access-list ip { stan dar d | ext ende d } acl_ name • standar d – Specifie s an ACL that fil ters packets ba sed on t[...]

  • Page 298

    Command Line Interface 4-86 4 Command Usage • An egress ACL mus t contain all deny rule s. • When y ou crea te a n ew ACL or ent er confi guration m ode f or an e xisting AC L, use the permit or deny command to add n ew rules to the bottom of the lis t. To create an AC L, you mus t add at leas t one rule to the lis t. • To re move a rule , us[...]

  • Page 299

    Access Control List Commands 4-87 4 Example This examp le config ures one pe rmit rule for the specif ic address 10 .1.1.21 an d another rule for the ad dress ran ge 168.9 2.16.x – 168. 92.31.x us ing a bitm ask. Related Commands acce ss- list i p (4-8 5) permit , deny (Exten ded ACL) This comm and adds a r ule to an Extende d IP ACL. The ru le s[...]

  • Page 300

    Command Line Interface 4-88 4 Default Sett ing None Command Mode Ext ended ACL Command Usage • All new rule s are appen ded to th e end of the list. • Address bitmask s are simi lar to a s ubnet mask , conta ining fou r integers f rom 0 to 25 5, each separa ted by a peri od. The binary m ask use s 1 b its to in dicate “match” and 0 bits to [...]

  • Page 301

    Access Control List Commands 4-89 4 This perm its all TCP packets from cla ss C addres ses 192.1 68.1.0 wit h the TCP control code set to “SYN.” Related Commands acce ss- list i p (4-8 5) show ip access-list This comm and disp lays the ru les for confi gured IP ACL s. Syntax show ip acce ss-list { standard | exten ded } [ ac l_na me ] • stand[...]

  • Page 302

    Command Line Interface 4-90 4 Command Mode Global Co nfigurat ion Command Usage • A mask can only be use d by all ingres s ACLs or all eg ress ACLs. • The prece dence of the ACL rule s applied to a pac ket is no t determin ed by order of th e rules, but in stead by the order of the masks; i.e., the first m ask that mat ches a rule w ill determi[...]

  • Page 303

    Access Control List Commands 4-91 4 Default Sett ing None Command Mode IP M as k Command Usage • Packe ts crossing a po rt are check ed agains t all the rules i n the ACL unti l a match is found. The order i n which the se pack ets are ch ecked is determi ned by the mask , and not the or der in whic h the ACL rules were enter ed. • First crea t[...]

  • Page 304

    Command Line Interface 4-92 4 This s hows how to create a stand ard ACL with an in gress m ask to deny access to the IP hos t 171.69.1 98.102, and permit ac cess to an y others . This show s how to crea te an extend ed ACL w ith an egres s mask to dro p packets leaving ne twork 171 .69.19 8.0 when th e Layer 4 so urce port is 23. Console(config)#ac[...]

  • Page 305

    Access Control List Commands 4-93 4 This is a mo re compreh ensive exam ple. It deni es any TC P packets in which the SYN bit is ON , and permi ts all other packets. It then sets the ingress m ask to ch eck the deny rul e first, and finally binds po rt 1 to this AC L. Note that onc e the ACL is bound to a n interface (i. e., the AC L is active), th[...]

  • Page 306

    Command Line Interface 4-94 4 Related Commands mas k (IP A CL ) (4-9 0) ip acces s-group This comm and bind s a port to an IP ACL. Use the no f orm to remove the port. Syntax [ no ] ip access-group acl_na me { in | out } • acl_name – Name o f the ACL. (Max imum lengt h: 16 charac ters) • in – Indi cates that th is list applies to ingr ess p[...]

  • Page 307

    Access Control List Commands 4-95 4 Related Commands ip ac cess-g roup (4-94) map acce ss-list ip This comm and sets the out put queu e for packets match ing an ACL ru le. The specifie d CoS value is only used t o map the matching packet to an output queue; it is not writt en to the packet itself. Use the no form to remove the CoS mapping. Syntax [[...]

  • Page 308

    Command Line Interface 4-96 4 show ma p access-l ist ip This comm and show s the Co S value map ped to an I P ACL for the current inte rface. (The Co S value deter mines the out put queu e for packets match ing an ACL r ule.) Syntax show ma p access- list ip [ interface ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port[...]

  • Page 309

    Access Control List Commands 4-97 4 Command Usage • Yo u mus t co nfi gure an ACL ma sk befo re y ou can ch ange fra me pr ior iti es based o n an ACL rule. • Traffic priorities may be include d in the IEEE 802.1p priority tag. This tag is also incor porated as part of the overall IEEE 802.1Q VLA N tag. To specify this priority, use the set pr [...]

  • Page 310

    Command Line Interface 4-98 4 MAC ACLs access-l ist mac This comm and adds a MAC acce ss list and enters MAC AC L configu ration m ode. Use t he no form to rem ove the sp ecified ACL . Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL. (Maximum le ngth: 16 characters) Default Sett ing None Command Mode Global Co nfigurat ion Comm[...]

  • Page 311

    Access Control List Commands 4-99 4 • To re move a rule , use th e no permit or no deny co mmand followed by the exact text of a previou sly confi gured rule. • An ACL c an cont ain up to 32 rule s. Example Related Commands permit , deny 4-99 mac acce ss-g roup (4-1 04) show mac a ccess -list ( 4-100) permit , deny (MAC ACL) This comm and adds [...]

  • Page 312

    Command Line Interface 4-100 4 • any – Any MAC so urce or des tinat io n ad dress . • host – A spec ific MAC addr ess. • source – Source M AC addr ess. • destinat ion – Dest ination MA C addres s range w ith bitmas k. • address - bitmas k* – Bitmask for MAC addre ss (in hexi decimal for mat). • vid – VLAN ID. (R ange: 1-409 [...]

  • Page 313

    Access Control List Commands 4-101 4 Command Mode Privileged Exec Example Related Commands permit , deny 4-99 mac acce ss-g roup (4-1 04) access-l ist mac mask-pre cedence This comm and ch anges to MAC Mask m ode used t o configur e access co ntrol mask s. U se t he no form to delete the mask table. Syntax [ no ] access-list ip m ask-pre cedenc e {[...]

  • Page 314

    Command Line Interface 4-102 4 mask (MAC ACL) This comm and def ines a mask for MAC ACL s. This mas k defin es the fiel ds to check in the packet he ader . Use the no form to remove a mask. Syntax [ no ] m ask [ pktformat ] { any | host | source- bit mask } { any | host | dest inat io n-bit mas k } [ vid [ vi d-bi tmas k ]] [ ethertype [ etherty pe[...]

  • Page 315

    Access Control List Commands 4-103 4 Example This examp le shows ho w to creat e an Ingress MAC AC L and bind it to a port. You can then s ee that the or der of the rul es have been change d by the m ask. This examp le creates an Egress M AC ACL. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny [...]

  • Page 316

    Command Line Interface 4-104 4 show ac cess-list m ac mask-pr ecedence This c ommand shows the in gress or eg ress rul e mas ks for MAC ACLs. Syntax show a ccess -list ma c mask -pre cedenc e [ in | out ] • in – Ingr ess ma sk pre ceden ce for i ngress ACLs . • out – Egress m ask prece dence fo r egress ACL s. Command Mode Privileged Exec E[...]

  • Page 317

    Access Control List Commands 4-105 4 Related Commands show mac a ccess -list ( 4-100) show ma c access-g roup This comm and show s the ports ass igned to MAC ACLs . Command Mode Privileged Exec Example Related Commands mac acce ss-g roup (4-1 04) map acce ss-list mac This comm and sets the out put queu e for packets match ing an ACL ru le. The spec[...]

  • Page 318

    Command Line Interface 4-106 4 Example Related Commands queue c os-map (4-20 0) show map ac cess -list mac (4 -106) show ma p access-l ist mac This c ommand shows the C oS va lue map ped to a M AC A CL for the c urrent interface. (The CoS val ue determ ines the out put queu e for packets match ing an ACL rule.) Syntax show ma p access- list mac [ i[...]

  • Page 319

    Access Control List Commands 4-107 4 Default Sett ing None Command Mode Interface C onfigur ation (Eth ernet) Command Usage Y ou mus t configure an ACL mas k before yo u can chang e frame priorities based on an AC L rule. Example Related Commands sho w m ark ing (4 -97) ACL Information show ac cess-list This co mmand s hows a ll ACLs and ass ociate[...]

  • Page 320

    Command Line Interface 4-108 4 Example show ac cess-gro up This c ommand shows the p ort a ssignmen ts of AC Ls. Command Mode Privileged Execut ive Example SNMP Command s Controls a ccess to th is switch fr om management s tation s using the Simp le Network Manage ment Prot ocol (SNMP ), as well as t he error types sent to trap manager s. SNMPv 3 p[...]

  • Page 321

    SNMP Commands 4-109 4 snmp- server com munity This comm and define s the com munity a ccess str ing for the Sim ple Networ k Manage ment Prot ocol. Use the no form to remove the spe cified community string. Syntax snmp-s erver comm unity str ing [ ro | rw ] no snmp-s erver com muni ty strin g • strin g - Commu nity strin g that acts lik e a passw[...]

  • Page 322

    Command Line Interface 4-110 4 Example snmp- server con tact This comm and se ts the system con tact string. Use the no form to remove the system cont act info rmation. Syntax snmp-s erver contact str ing no snmp-s erver con tact string - S tring that describes the sys tem contact information. (Maximum l ength: 255 characters) Default Sett ing None[...]

  • Page 323

    SNMP Commands 4-111 4 Example Related Commands snmp- server co ntact (4-1 10) snmp- server hos t This comm and speci fies the recipient of a S imple Netw ork Manag ement Pr otocol notificat ion operat ion. Use the no form to re move the sp ecified ho st. Syntax snmp-s erver host hos t-addr community- str ing [ vers ion { 1 | 2c }] [ u d p-port port[...]

  • Page 324

    Command Line Interface 4-112 4 Example Related Commands snmp- server enable t raps (4-1 12) snmp- server ena ble traps This comm and enable s this devic e to send Simpl e Network Manageme nt Protoco l traps (SNMP no tifications ). Use the no form to disable SNMP notificatio ns. Syntax [ no ] snmp -ser ver e nabl e tr ap s [ authe ntication | link-u[...]

  • Page 325

    SNMP Commands 4-113 4 show snmp This comm and check s the status of SN MP com municat ions. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage This comm and prov ides info rmation on the comm unity acc ess strin gs, count er inf orma ti on for SNMP in put an d out put pr otoc ol dat a unit s, a nd wh ethe r or not SNMP lo[...]

  • Page 326

    Command Line Interface 4-114 4 snmp-server Use this com mand to ena ble the SN MP v3 engi ne. Use the no form to disable th e engine. Default Sett ing Enabled Command Mode Global Co nfigurat ion Example snmp-server engi ne-id Use this com mand t o configur e an identif ication str ing for the SNM P v3 en gine. Use the no form to restore the defaul [...]

  • Page 327

    SNMP Commands 4-115 4 show snmp engine-id Use t his co mmand to sh ow the SN MP en gine ID. Command Mode Privileged Exec Example Thi s ex ample sh ows t he de fau lt engi ne I D. snmp-server vi ew Use this command to add an SN MP view that controls user access to the MIB. Use the no for m to r emove an SNMP view . Syntax snmp-s erver view view-na m[...]

  • Page 328

    Command Line Interface 4-116 4 Examples This view in cludes MIB- 2. This view includ es the MIB-2 i nterface s table, ifDe scr . The w ildcard is used to selec t all the index values in this table. This view i ncludes th e MIB-2 int erfaces table, and the ma sk selec ts all index entr ies. show snmp view Use t his co mmand to show infor mat ion on [...]

  • Page 329

    SNMP Commands 4-117 4 snmp-server gr oup Use thi s com mand to a dd an SNMP grou p, ma ppi ng S NMP us ers to S NMP vi ews . Use t he no form to r emove an SNMP group. Syntax snmp-s erver gro up grou pname { v1 | v2c | v3 { auth | noa uth | priv }} [ read readview ] [ write writeview ] no snmp-s erver group groupna me • groupna me - Name o f an S[...]

  • Page 330

    Command Line Interface 4-118 4 Example Console#show snmp group groupname: r&d security model: v3 readview: v2defaultview writeview: daily notifyview: none storage-type: permanent row status: active groupname: DefaultROGroup security model: v1 readview: v2defaultview writeview: none notifyview: none storage-type: permanent row status: active gro[...]

  • Page 331

    SNMP Commands 4-119 4 snmp-server use r Use this com mand t o add a user to an SNM P group, res tricting the user to a sp ecific SNMP Re ad and a Write View . Use the no for m to rem ove a user fro m an SNMP group. Syntax snmp-s erver use r username groupn ame { v1 | v2c | v3 [ encrypted ] [ auth { md5 | sha } auth -password [ pr iv des56 pr iv-pas[...]

  • Page 332

    Command Line Interface 4-120 4 Example DHCP Commands Thes e comm ands ar e used to conf ig ure Dyn ami c Host Confi gura ti on Prot ocol (DHCP) client. Y ou can co nfigure an y VLAN in terface to be a utomatica lly assign ed an IP address via DHCP . DHCP Client ip dhcp cl ient-iden tifier This comm and speci fies the DCH P client ide ntifier for th[...]

  • Page 333

    DHCP Command s 4-121 4 Command Mode Interface C onfigur ation (VLAN) Command Usage This c ommand is use d to inc lude a clien t identifi er in all comm unications with the DHCP serve r . The identifie r type depe nds on the r equirement s of your DHCP server . Example Related Commands ip dhcp restar t client (4-121 ) ip dhcp res tart client This co[...]

  • Page 334

    Command Line Interface 4-122 4 DNS Commands Thes e comm ands ar e used to conf ig ure Dom ain Naming Syste m (DNS) ser vice s. Y ou can ma nual ly co nfi gure entr ies i n the DNS do main name t o IP ad dres s mapp in g table, config ure defau lt domain na mes, or spe cify one or more nam e server s to use for domain name to ad dress transl ation. [...]

  • Page 335

    DNS Commands 4-123 4 Command Usage Servers or other netw ork devices may suppo rt one or mor e conn ections via multiple IP address es. If more t han one IP ad dress is asso ciated with a host name usin g this com mand, a D NS client can try each ad dress in succ ession , until it establishes a c onnection with the targe t devi ce. Example Thi s ex[...]

  • Page 336

    Command Line Interface 4-124 4 Default Sett ing None Command Mode Global Co nfigurat ion Example Related Commands ip d omai n- list (4 -124 ) ip name-s erver (4-1 25) ip d omai n- look up ( 4-12 6) ip domain- list This comm and de fines a list of do main nam es that ca n be append ed to inco mplete host nam es (i.e., ho st names passe d from a cli [...]

  • Page 337

    DNS Commands 4-125 4 Example This examp le adds t wo domai n names to th e curren t list and then displays the list. Related Commands ip d omai n- name (4-1 23) ip name-s erver Thi s co mmand s pec ifi es th e ad dres s of o ne or more doma in na me se rver s to u se f or name-to -addres s resolu tion. Use the no fo rm t o rem ov e a na me s erv er[...]

  • Page 338

    Command Line Interface 4-126 4 Example Thi s exa mple ad ds two domain -na me serv ers t o the l ist an d then dis play s the l ist. Related Commands ip d omai n- name (4-1 23) ip d omai n- look up ( 4-12 6) ip domain- lookup This comm and enabl es DNS ho st name -to-addre ss transl ation. Use the no f orm to disable D NS. Syntax [ no ] ip dom ain-[...]

  • Page 339

    DNS Commands 4-127 4 Example This e xample enables DNS and the n disp lays th e con figuratio n. Related Commands ip d omai n- name (4-1 23) ip name-s erver (4-1 25) show hos ts This comm and disp lays the static host name- to-add ress mappi ng table. Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is [...]

  • Page 340

    Command Line Interface 4-128 4 Example show dns cache This comm and disp lays entrie s in the DN S cache . Command Mode Privileged Exec Example clear dns cac he This comm and clea rs all entries in the DNS cac he. Command Mode Privileged Exec Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample[...]

  • Page 341

    Interface C ommands 4-129 4 Example Interface Commands Thes e comma nds ar e used to di spla y or set co mmuni cat ion p ara mete rs fo r an Ethernet p ort, aggregate d link, or VLAN. Console#clear dns cache Console#show dns cache NO FLAG TYPE IP T TL DOMAIN Console# T able 4-42 . Interfac e Com mands Comman d Fu nction Mo de Page int erf ace Confi[...]

  • Page 342

    Command Line Interface 4-130 4 interface This comm and conf igures an in terface type and enter int erface conf iguration mode. Use t he no form to r emove a tru nk. Syntax inte rfac e in terf ac e no interface port-ch annel cha nnel-id inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel[...]

  • Page 343

    4-131 4 descri ption This comm and adds a desc ription to an interface. Use the no f orm to remov e the descri ption. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface. (Range: 1-64 characters) Default Sett ing None Command Mode Interface C onfigur ation (Eth ernet, Po[...]

  • Page 344

    Command Line Interface 4-132 4 Command Usage • To force operation to the speed and dup lex mod e specified in a spe ed-duplex comm and, use the no nego tiation com mand to dis able auto- negotiat ion on the select ed interf ace. • When u sing t he neg otiation com mand to ena ble auto -negotiati on, the optimal sett ings will be determined by t[...]

  • Page 345

    4-133 4 Example The fo llowing example confi gures p ort 1 1 to use autone gotiati on. Related Commands capabili ties (4 -133) speed-d uplex (4 -131) capabiliti es This c ommand adver tises the port capabilities of a given interface durin g autoneg otiation. Use t he no form with p ara meter s to remove an adver tis ed cap abi li ty , or the no for[...]

  • Page 346

    Command Line Interface 4-134 4 Example The follo wing exa mple conf igures Ethe rnet po rt 5 capabilities to 100ha lf, 100f ull and fl ow cont rol . Related Commands negotiat ion (4-132 ) speed-d uplex (4 -131) flo wcon trol (4 -1 34) flowcontrol This comm and enabl es flow cont rol. Use th e no form t o di sabl e fl ow c ontr ol. Syntax [ no ] flo[...]

  • Page 347

    4-135 4 Example The follow ing exampl e enable s flow contr ol on port 5. Related Commands negotiat ion (4-132 ) capa bilities ( flowcontrol, symmetric) (4-133) combo-force d-mode This c ommand forces the port typ e se lected f or comb ination ports 2 1 - 24 . Use the no form to restore the default mode. Syntax combo- forced-mode mode no combo- for[...]

  • Page 348

    Command Line Interface 4-136 4 Default Sett ing All interface s are enabled . Command Mode Interface C onfigur ation (Eth ernet, Por t Channel) Command Usage This comm and allow s you to disa ble a port due to ab normal beh avior (e.g., excessive collisions ), and then re enable it after the problem ha s been resolved. Y ou may also want to di sabl[...]

  • Page 349

    4-137 4 Example The fol lowi ng s hows how t o co nfi gur e br oadca st stor m con trol at 600 pac ket s p er secon d: clear coun ters This comm and clea rs statistics on a n interface. Syntax clear cou nters inte rfac e inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6[...]

  • Page 350

    Command Line Interface 4-138 4 show inte rfaces s tatus This comm and disp lays the status for an interfa ce. Syntax show in terface s status [ interf ace ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6) • vlan vlan-i d (Range : 1-40 94) Default Sett ing Shows the[...]

  • Page 351

    4-139 4 show inte rfaces counte rs This comm and disp lays in terface statistic s. Syntax show i nterface s cou nters [ interfac e ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6) Default Sett ing Shows the co unters for all interface s. Command Mode Normal Exec, Pr[...]

  • Page 352

    Command Line Interface 4-140 4 show inte rfaces s witchport This comm and disp lays the adminis trative an d operatio nal status of the spe cified int er face s. Syntax show i nterface s swi tchport [ interfa ce ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6) Defau[...]

  • Page 353

    Mirror Port Command s 4-141 4 Mirror Port Commands This secti on descr ibes how to mirror traffic from a so urce po rt to a target port. port monitor This c omman d conf igures a mirro r sess ion. U se the no form to clear a mirr or session . Syntax port mo nitor interfa ce [ rx | tx | both ] no port monitor in te rfac e • interface - ethe rnet u[...]

  • Page 354

    Command Line Interface 4-142 4 Command Usage • You can mirror traffi c from any so urce por t to a destin ation port fo r real-time analysis . You can th en attach a logi c analyz er or RMON p robe to the destinat ion port a nd study the traffic c rossin g the sou rce port i n a comp letely unobtr usive mann er. • The destina tion port is set b[...]

  • Page 355

    AMAP Configuration 4-143 4 Example The follow ing shows m irroring c onfigu red from port 6 to port 1 1 : AMAP Configuration The AMAP pr otocol disco vers adjacent swit ches by sen ding and r eceiving AM AP “Hello” pack ets on active Spanning Tree ports. Each por t can be d efined as being in one of three logical states of processing the AMAP &[...]

  • Page 356

    Command Line Interface 4-144 4 amap ena ble This comm and enable s AMAP on th e switch. Use the amap disa ble command to disable t he feature. Syntax amap { enable | disable } • enable – En ables AMAP • disable – Disa bl es AMA P Default Sett ing Enabled Command Mode Global Configuration Example amap r un This comm and perfor ms the same fu[...]

  • Page 357

    AMAP Configuration 4-145 4 Command Mode Global Configuration Example amap com mon timer This co mman d sets the time ( in sec onds) tha t swit ch ports i n the Common state w ait before sending a “ Hello” pack et to a n ad jacent switch. If th ere is n o repl y packet from an adj acent sw itch after two tim eout int ervals, the sw itch ent ry f[...]

  • Page 358

    Command Line Interface 4-146 4 Rate Limit Commands This funct ion allows the netwo rk manager to control th e maximum rate for traffic transmi tted or recei ved on an in terface. R ate limiting i s configur ed on interf aces at the edge of a network to limit tr affic in to or out of the network. T raf fic that falls within the rate lim it is transm[...]

  • Page 359

    Link Aggregati on Commands 4-147 4 Link Aggregation Comma nds Ports can be statica lly groupe d into an aggr egate lin k (i.e., trunk ) to increase t he bandwidth of a network co nnecti on or to ensur e fault rec overy . Or you can use the Link Aggreg ation Con trol Protoc ol (LACP) to automatical ly nego tiate a trunk link between this s witch and[...]

  • Page 360

    Command Line Interface 4-148 4 Dynami cally Crea ting a Port Ch annel – Ports assi gned to a co mmon po rt channel must meet the followi ng criteria : • Ports mu st have the same LACP system prio rity. • Ports must have the same port admi n key (Ethernet Interface). • If the p ort chann el adm in key (lacp ad min k ey - Po rt Chann el) is n[...]

  • Page 361

    Link Aggregati on Commands 4-149 4 lacp Thi s co mmand ena bles 80 2.3a d Li nk A ggr egat ion Cont rol Pr otoc ol (L ACP) f or t he cur ren t in terf ace. Us e the no form to dis able it. Syntax [ no ] la cp Default Sett ing Disabled Command Mode Interface C onfigur ation (Eth ernet) Command Usage • The port s on both end s of an LACP trunk mus [...]

  • Page 362

    Command Line Interface 4-150 4 Example The follow ing shows L ACP en abled on po rts 1 1-13. Becaus e LACP has also been enabled on the ports at the oth er end of the l inks, the s how interfac es status port-chann el 1 comm and s hows that Trunk1 has bee n establishe d. lacp system- priority This c ommand config ures a port's LACP s ystem p r[...]

  • Page 363

    Link Aggregati on Commands 4-151 4 Command Usage • Port must be configur ed with the s ame sy stem prior ity to join the sa me LA G. • System priority is com bined wit h the switc h’s MAC ad dress to for m the LAG ide nti fier . T his iden tif ie r is used to indi cat e a sp eci fic LAG d uri ng L ACP negotiat ions with othe r system s. • O[...]

  • Page 364

    Command Line Interface 4-152 4 • Once the re mote sid e of a link has been estab lished, LA CP opera tional settings are already in use on that side. Configu ring LACP settings f or the partne r only applies to its adm inistrative state, not its operatio nal state , and will only tak e effect the ne xt time an aggregat e link is esta blished wi t[...]

  • Page 365

    Link Aggregati on Commands 4-153 4 lacp port-priority This comm and conf igures LA CP port prio rity . Use the no form to restor e the default setting. Syntax lacp { actor | pa r t n e r } port-priority prior ity no lacp { actor | pa r t n e r } port -pri orit y • actor - Th e local side an ag gregat e link. • partner - The remot e si de of a n[...]

  • Page 366

    Command Line Interface 4-154 4 Default Sett ing Port Ch annel: a ll Command Mode Privileged Exec Example Console#show lacp 1 counters Channel group : 1 ----------------------------------------- -------------------------------- Eth 1/ 1 ----------------------------------------- -------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21[...]

  • Page 367

    Link Aggregati on Commands 4-155 4 T a ble 4-49. LACPD Us Field Descr iption Oper Key Curren t operatio nal val ue of the k ey for the aggreg ation port. Admin Ke y Cu rrent a dministrativ e valu e of the ke y for th e aggreg ation p ort. LACPDUs Intern al Nu mber o f seconds before inv alidatin g received LACP DU inform ation. LACP Sys tem P riori[...]

  • Page 368

    Command Line Interface 4-156 4 T able 4-50 . LACP N eighbo urs Inform ation Field Desc ription Partner A dmin S ystem ID LAG pa rtner ’s system ID ass igned by t he use r . Partner O per Sy stem ID LAG partne r ’s system ID assign ed by the LACP protocol. Partner A dmin Port Num ber C urrent adm inistra tive value of the port numb er for th e p[...]

  • Page 369

    Address T able Command s 4-157 4 Address Table Command s Thes e comm ands ar e used to conf ig ure th e addr ess tabl e fo r filt eri ng spe cif ied addr esse s, di spla yi ng curr ent entri es , clea rin g the t able , or sett ing th e agin g time . mac-addr es s-ta ble stati c This comm and maps a static ad dress to a destination port in a VLAN. [...]

  • Page 370

    Command Line Interface 4-158 4 Command Usage The static add ress for a host device ca n be assig ned to a spec ific port within a specifi c VLAN. Use th is comman d to add static addres ses to the MAC Address T able. St atic addr esses hav e the follo wing charac teristics : • Static a ddresses will not be removed fr om the address table when a g[...]

  • Page 371

    Address T able Command s 4-159 4 Default Sett ing None Command Mode Privileged Exec Command Usage • The MAC Address Ta ble contai ns the MA C address es asso ciated with ea ch interface. Note tha t the Type field m ay include the followin g types: - Lear ned - Dy namic add res s ent ries - Perm anen t - Static en try - Delet e-on-res et - Static [...]

  • Page 372

    Command Line Interface 4-160 4 Example show ma c-address-tab le aging -time Thi s comma nd sho ws the ag ing t ime fo r entr ie s in the ad dres s t abl e. Default Sett ing None Command Mode Privileged Exec Example Spanning Tree Command s This secti on include s comm ands that con figure the Spanning T ree Algo rithm (ST A) globally fo r the switch[...]

  • Page 373

    Spanning Tree Commands 4-161 4 span nin g-t ree This comm and ena bles th e S panning Tree Algorithm g lobally for the swi tch. Use t he no form to disab le it. Syntax [ no ] sp anning-tree Default Sett ing S panning tree is ena bled. Command Mode Global Co nfigurat ion Command Usage The S panning Tree Algorithm (ST A) can be used to det ect and di[...]

  • Page 374

    Command Line Interface 4-162 4 Example This examp le shows ho w to ena ble the S panning Tree Algorithm f or the switch: spanning-tre e mode This comm and se lects the spanning tree mode f or this switch . Use the no form to restore t he default . Syntax spanning-tree mode { stp | rs tp | mstp } no spanning-tree mode • stp - Spann ing Tree Protoc[...]

  • Page 375

    Spanning Tree Commands 4-163 4 • Multiple S panning Tre e Protoco l - To a llow multi ple spann ing trees to op erate ov er the netw ork, you m ust configur e a related se t of bridge s with the sa me MSTP co nfigurati on, allowing them to p articipat e in a speci fic set of span ning t ree ins tances. - A sp anning tree instan ce can exist only [...]

  • Page 376

    Command Line Interface 4-164 4 spanning-tre e hello-time This comm and conf igures the spanning tree bridge he llo time glob ally for this swi tch. Use t he no form to re store the d efault. Syntax spanning-tree hello-time ti me no spanning-tree hello-tim e time - T ime in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(ma[...]

  • Page 377

    Spanning Tree Commands 4-165 4 Command Usage This comm and sets the ma ximum t ime (in s econd s) a devi ce can w ait witho ut receivin g a conf iguration m essage befo re attempt ing to r econfigur e. All de vice ports (except for design ated ports) sh ould rece ive configur ation me ssage s at regular int ervals. Any por t that ages o ut ST A inf[...]

  • Page 378

    Command Line Interface 4-166 4 spanning-tre e pathcost m ethod This comm and conf igures the path cost met hod used fo r Rapid Sp anning T ree and Multiple S panning Tree. U se the no form to restore the de fault. Syntax spanning-tree pathcost method { lon g | short } no spanning-tree pathcost m ethod • lon g - Spec ifies 32-bi t based va lues th[...]

  • Page 379

    Spanning Tree Commands 4-167 4 Example spanning-tre e mst-configu ration Use thi s co mmand to c han ge t o Mult ip le S pan ning T re e (M ST) c onf igu rati on mode . Default Sett ing • No VLANs ar e mappe d to any MST in stance. • The regi on name is set the switch ’s MAC add ress. Command Mode Global Co nfigurat ion Example Related Comman[...]

  • Page 380

    Command Line Interface 4-168 4 Command Usage • Use thi s comm and to group VLANs into s pannin g tree instanc es. MS TP generat es a unique sp anning t ree for each instance. This prov ides multipl e pat hways ac ross the netwo rk, th ereb y bal anc ing the traf fi c lo ad, prev enti ng wide-sc ale disrup tion whe n a bridge node in a single ins [...]

  • Page 381

    Spanning Tree Commands 4-169 4 • You can se t this switch to act as the M STI root device by specifying a priority of 0, o r as t he M STI al ternate device by spe cifying a prior ity of 16384. Example name This c ommand config ures the nam e for the m ultiple s panning tree reg ion in which this switch is located. Use the no f orm to cl ear the [...]

  • Page 382

    Command Line Interface 4-170 4 Command Mode MST Conf iguration Command Usage The MST re gion name (pag e 4-169) an d revision number are us ed to designa te a unique M ST regio n. A bridge (i.e., spanning-tr ee comp liant devic e suc h as t his s witc h) ca n on ly be long to on e MST reg ion. And a ll b ridg es in the same re gion must be configur[...]

  • Page 383

    Spanning Tree Commands 4-171 4 spanning-tr ee spann ing-disab led This comm and disa bles the spanni ng tree alg orithm for th e specifi ed interface . Use the no for m to reenab le the spann ing tree algor ithm fo r the specifi ed interface . Syntax [ no ] s panning-tree spanning-disab led Default Sett ing Enabled Command Mode Interface C onfigur [...]

  • Page 384

    Command Line Interface 4-172 4 • Path cost takes prece dence over port priority. • Wh en t he sp anni ng-t re e pat hcos t me thod (pa ge 4- 166) is s et t o sh ort , the maximu m val ue for path c ost i s 65,53 5. Example spanning-tre e port-priority This c ommand config ures the prio rity for the s pecified interfac e. Use the no form to rest[...]

  • Page 385

    Spanning Tree Commands 4-173 4 Default Sett ing Disabled Command Mode Interface C onfigur ation (Eth ernet, Por t Channel) Command Usage • You can enable this opt ion if an int erface is attach ed to a LA N segmen t that is at the end of a bridged LA N or to an end node. Since en d nodes can not cause fo rwardin g loops, the y can pass d irectly [...]

  • Page 386

    Command Line Interface 4-174 4 • Since end -nodes ca nnot caus e forward ing loops, they can be pa ssed thr ough the spann ing tree st ate chan ges more qui ckly than a llowed by standard converg ence time . Fast forwa rding ca n achieve quicker con vergenc e for end-nod e worksta tions and se rvers, and also overcom e other STA related timeout p[...]

  • Page 387

    Spanning Tree Commands 4-175 4 Example span nin g -tr ee mst cos t This comm and conf igures the path cost on a spanni ng instance in the Multiple S panning Tree. Use the no f orm to re store the de fault. Syntax spanning-tree mst instanc e_id cost cost no spanning-tree m st instance_ id cost • instance _id - Insta nce ident ifier of the spa nnin[...]

  • Page 388

    Command Line Interface 4-176 4 spanning-tre e mst port-priority This comm and conf igures the interface pr iority on a spanni ng instance i n the Multiple S panning Tree. U se the no form to restore the de fault. Syntax spanning-tree mst instanc e_id po rt-p rior ity pr iority no spanning-tree m st instance_ id port-prio rity • instance _id - Ins[...]

  • Page 389

    Spanning Tree Commands 4-177 4 Command Mode Privileged Exec Command Usage If at any time the sw itch detects ST P BPDUs, inclu ding Configur ation or T opology Change Notificat ion BPDUs, it will automatically s et the selecte d interface t o forced STP- compatible m ode. How ever , you can also us e the spanning-tree protocol-mig ration command at[...]

  • Page 390

    Command Line Interface 4-178 4 • For a descr iption of th e items disp layed und er “Spann ing-t ree informa tion,” see “Conf iguring Gl obal Settin gs” on page 3 -107. For a descript ion of the items disp layed fo r specific int erface s, see “Disp laying In terface Se ttings” on page 3-11 1. Example show sp anning-tree ms t configur[...]

  • Page 391

    VLAN Commands 4-179 4 Command Mode Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be located anywher e in the netwo rk, but comm unicate as t hough the y belong to the same ph ysical seg ment. Thi s section describes comma nds use d to create VL AN groups, add port mem bers, speci fy how VLAN taggi ng is u sed, a nd en [...]

  • Page 392

    Command Line Interface 4-180 4 vlan databas e This comm and ente rs VLAN databa se mode. All c ommands i n this mode w ill take effect imm ediately . Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • Use the VLAN databa se co mmand m ode t o add, change , and delete VL ANs. After finishi ng config uration ch anges, yo u ca[...]

  • Page 393

    VLAN Commands 4-181 4 Command Mode VLAN D atabase C onfigur ation Command Usage • no vlan v lan-id deletes the VL AN. • no vlan v lan-id name rem oves th e VLAN name . • no vlan v lan-id state re turns the VL AN to the defau lt state (i.e ., active). • You can con figure up to 255 VLANs on the switch . Example The follow ing exam ple adds a[...]

  • Page 394

    Command Line Interface 4-182 4 Default Sett ing None Command Mode Global Co nfigurat ion Example The follow ing exam ple shows how to set the i nterface configura tion mode to VLAN 1, and t hen assi gn an IP addres s to the VLAN : Related Commands shutdown (4 -135) switchpo rt mode This comm and conf igures the VLAN mem bership mo de for a port . U[...]

  • Page 395

    VLAN Commands 4-183 4 Related Commands switch port acce ptable-fr ame-type s (4-1 83) switchpo rt accepta ble-frame-type s This co mmand configur es the a cceptable fra me ty pes for a p ort. Us e the no form to restore t he default . Syntax switchpo rt acceptable-f rame-ty pes { all | tag g ed } no switchp ort acceptable -frame-ty pes • all - Th[...]

  • Page 396

    Command Line Interface 4-184 4 Command Mode Interface C onfigur ation (Eth ernet, Por t Channel) Command Usage • Ingres s filtering only affects ta gged fram es. • If ingress filtering i s disa bled and a port r eceives f rames tagged fo r VLANs for which it is not a membe r, these frame s will be floo ded to all ot her ports ( except for those[...]

  • Page 397

    VLAN Commands 4-185 4 Example The follow ing example sh ows how t o set the PVID f or port 1 to VLAN 3: switchpo rt allowe d vlan This c ommand config ures V LAN gr oups on the se lected i nterfac e. Use the no form to restor e the default. Syntax switchpo rt allow ed vlan { add vlan-list [ t agged | untagged ] | remo ve vlan -li st } no switchp or[...]

  • Page 398

    Command Line Interface 4-186 4 Example The follow ing exampl e shows how to add VLA Ns 1, 2, 5 and 6 to the allow ed list as tagged VLANs for port 1: switchpo rt forbidden vlan This c ommand config ures for bidden V LANs. Use the no form to remove the lis t of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-l ist | remove vlan-list } [...]

  • Page 399

    VLAN Commands 4-187 4 Displaying VLAN Infor mat ion show vl an This c ommand shows VLAN inform ation. Syntax show v lan [ id vlan-id | name vlan-n ame ] • id - Key word to be follow ed by the VLAN ID. - vlan-i d - ID of the c onfigure d VLAN. ( Range : 1-4094, no leadin g zeroe s) • name - Keyw ord to be follow ed by the VLAN name. - vlan-n ame[...]

  • Page 400

    Command Line Interface 4-188 4 When a frame is r eceived a t a p ort, its VL AN mem bership can then be det ermined based on t he protoc ol type in use by the inbou nd packets. T o configu re pro tocol-based VLANs , follow thes e steps: 1. Firs t configure VL AN groups for the pr otocols you want to use (page 4-180). Although no t manda tory , we s[...]

  • Page 401

    VLAN Commands 4-189 4 Example The follow ing create s protoco l group 1, and spe cifies Et hernet fram es with IP and ARP protoc ol types: protocol-vla n protocol-group (Configuri ng Interfac es) This comm and maps a prot ocol group to a VLAN for the current inte rface. Use the no for m to remove t he protocol mapping f or this interf ace. Syntax p[...]

  • Page 402

    Command Line Interface 4-190 4 Example The follow ing exam ple maps the tra ffic entering Port 1 which mat ches the p rotocol type speci fied in protoco l group 1 to VLAN 2. show proto col-vlan protocol-gro up This comm and show s the fram e and protoc ol type associated with protoc ol groups. Syntax show p rotocol-vlan pr otocol-group [ group-id ][...]

  • Page 403

    VLAN Commands 4-191 4 Command Mode Privileged Exec Example This show s that traffic enter ing Port 1 tha t matches the specific ations for pr otocol group 1 will be m apped to VLAN 2: Configuring Pri vat e VLANs Private VLA Ns provid e port-bas ed securit y and isolati on betwee n ports within th e assigne d VLAN . This sectio n descr ibes com mand[...]

  • Page 404

    Command Line Interface 4-192 4 • Entering the pvla n command w ithout an y paramete rs enables the privat e VLAN. Entering no pv lan dis able s t he pr iv ate VLA N. Example This examp le enables the privat e VLAN, and t hen sets port 24 as the uplink and ports 1-8 as th e downlinks . show pv lan This comm and disp lays the con figured privat e V[...]

  • Page 405

    GVRP and Bridge Exten sion Commands 4-193 4 bridge-ext g vrp This comm and enabl es GVRP globally f or the switch. Use the no form to d isable i t. Syntax [ no ] bridg e-ex t gv rp Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage GVRP defines a wa y for switches to exchang e VLAN infor mation in order to register VLAN m e[...]

  • Page 406

    Command Line Interface 4-194 4 switchpo rt gvrp This comm and enabl es GVRP f or a port. Use the no form to disable it. Syntax [ no ] s witchport gvrp Default Sett ing Disabled Command Mode Interface C onfigur ation (Eth ernet, Por t Channel) Example show gv rp configurat ion This c ommand shows if G VRP is enabl ed. Syntax show g vrp configur atio[...]

  • Page 407

    GVRP and Bridge Exten sion Commands 4-195 4 garp timer This comm and sets the val ues for the join, leave an d leavea ll timers. Use the no form to r estore the time rs’ defaul t values. Syntax garp t imer { join | leave | leaveal l } tim er_va lue no garp timer { join | le ave | leavea ll } •{ join | leave | leaveall } - Which timer to set. ?[...]

  • Page 408

    Command Line Interface 4-196 4 show ga rp timer This c omman d shows the G ARP timers for the se lected i nterfac e. Syntax sh ow garp tim er [ interface ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6) Default Sett ing Shows all GARP timers. Command Mode Normal Exe[...]

  • Page 409

    Priority Commands 4-197 4 Priority Commands The comm ands des cribed in this secti on allow you t o specify w hich data packets have grea ter preced ence whe n traffic is buffered in the switch du e to conges tion. This switch suppor ts CoS with e ight priorit y queues for each por t. Data p ackets i n a port’s high-pr iority queu e will be trans[...]

  • Page 410

    Command Line Interface 4-198 4 Command Mode Interface C onfigur ation (Eth ernet, Por t Channel) Command Usage • The prece dence for priority map ping is IP Por t, IP Preced ence or IP DSCP, and defau lt switch port priority . • The defau lt priority ap plies for an un tagged f rame recei ved on a por t set to accept a ll frame typ es (i.e, rec[...]

  • Page 411

    Priority Commands 4-199 4 Command Usage Y ou can set the switch to service the qu eues ba sed on a str ict rule that requires all traffic in a higher prio rity queue t o be proces sed before l ower priority qu eues are se rviced , or use Weighted R ound-Ro bin (WRR) queuing that speci fies a re lative wei ght of each queue . WRR u ses a pred efined[...]

  • Page 412

    Command Line Interface 4-200 4 queue cos -map This c omman d assign s clas s of s ervice (CoS ) values to t he prior ity que ues (i.e., hardwar e output queues 0 - 7). Us e the no form set the Co S map to the default values. Syntax queue cos- map queue _id [ co s1 . .. cosn ] no queue cos- map • queue_i d - T he ID of t he prio rit y qu eue. Rang[...]

  • Page 413

    Priority Commands 4-201 4 Related Commands show queue c os-map (4-20 2) show que ue mode This c ommand shows the c urrent queue mode. Default Sett ing None Command Mode Privileged Exec Example show que ue bandwi dth This command dis plays the weighted r ound-robin (WRR) ba ndwidth allo cation for the eight p riority queu es. Default Sett ing None C[...]

  • Page 414

    Command Line Interface 4-202 4 show que ue cos-map This co mmand sho ws the cl ass of servi ce pri orit y map. Syntax show q ueue cos-ma p [ interface ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6) Default Sett ing None Command Mode Privileged Exec Example Priorit[...]

  • Page 415

    Priority Commands 4-203 4 map ip port (Gl obal Co nfigurat ion) Use this command to enable IP port mapp ing (i.e., class of s ervice mapping for TCP/UDP sockets). Use t he no form t o di sabl e I P por t ma ppin g. Syntax [ no ] m ap ip port Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage The pre cedence for p riority m [...]

  • Page 416

    Command Line Interface 4-204 4 Example The follow ing exampl e shows how to map HT TP traffic to CoS value 0: map ip prec edence (Global Configu ration) This comm and enabl es IP pre cedence m apping (i.e ., IP T ype of Service ). Use the no form to dis able IP prec edenc e mapping. Syntax [ no ] m ap ip precede nce Default Sett ing Disabled Comman[...]

  • Page 417

    Priority Commands 4-205 4 Default Sett ing The list below shows th e default pri ority mapping . Command Mode Interface C onfigur ation (Eth ernet, Por t Channel) Command Usage • The prece dence for priority map ping is IP Por t, IP Preced ence or IP DSCP, and defau lt switch port priority . • IP Preced ence val ues are ma pped to de fault Clas[...]

  • Page 418

    Command Line Interface 4-206 4 Example The follow ing exampl e shows how to enable I P DSCP mapping gl obally: map ip ds cp (Int er face Conf igu r atio n) This command set s IP DSCP priority (i.e., Dif ferenti ated Services Code Point priority). Use the no form to res tore th e defau lt table. Syntax map ip dscp dscp- val ue cos cos- valu e no map[...]

  • Page 419

    Priority Commands 4-207 4 Example The follow ing exampl e shows how to map IP DS CP value 1 to CoS valu e 0: map acce ss-list ip This comm and sets the out put queu e for packets match ing an ACL ru le. The specifie d CoS value is only used t o map the matching packet to an output queue; it is not writt en to the packet itself. Use the no form to r[...]

  • Page 420

    Command Line Interface 4-208 4 show ma p ip port Use this co mmand to show t he IP port prio rity map. Syntax sh ow map i p por t [ interface ] inte rface • etherne t unit / port - unit - This is device 1. - port - Port number . • port-chann el cha nnel-id (Rang e: 1-6) Default Sett ing None Command Mode Privileged Exec Example The follow ing s[...]

  • Page 421

    Priority Commands 4-209 4 Command Mode Privileged Exec Example Related Commands map ip prec edence (G lobal Conf iguration ) (4-204) map ip prec edence (I nterface Configurat ion) (4-204 ) show ma p ip dscp This comm and show s the IP DSC P priorit y map. Syntax show m ap ip dscp [ inte rface ] inte rface • etherne t unit / port - unit - This is [...]

  • Page 422

    Command Line Interface 4-210 4 Example Related Commands map ip dscp ( Global Co nfigurat ion) (4-20 5) map ip d scp (Int erf ace Confi gur ati on) (4- 206) Quality of Service Comm ands The comm ands des cribed in this section ar e used to c onfigure Qo S classifica tion cri ter ia a nd ser vi ce p olic ies . Y ou can clas si fy tr af fic bas ed on [...]

  • Page 423

    Quality of Service C ommands 4-211 4 T o create a s ervice policy fo r a spec ific categ ory or ing ress traffic, follow these st eps: 1. Use the clas s-map comman d to desi gnate a c lass name for a spe cific categ ory of traffic, and enter the Clas s Map confi guration mode. 2. Use the ma tch comm and to select a spec ify typ e of t raffic based [...]

  • Page 424

    Command Line Interface 4-212 4 • The class map is used w ith a policy map (pag e 4-213) to cr eate a servi ce policy (pa ge 4-216) for a specifi c interface that def ines pack et classifica tion, service taggin g, and band width po licing. • After ent ering the Cl ass Map co nfigurati on mode, us e the match command (page 4- 212) to sp ecify th[...]

  • Page 425

    Quality of Service C ommands 4-213 4 Example This examp le creates a class m ap called “rd- class,” and sets it to mat ch packets marked for DSCP service value 3: policy- map This c ommand create s a p olicy map that can be attache d to mu ltiple i nterfaces , and ent ers Poli cy Map conf igur ati on mo de. Use t he no for m to delete a po licy[...]

  • Page 426

    Command Line Interface 4-214 4 class This comm and d efines a tra ffic classificat ion upon which a po licy ca n act, and en ters Policy Ma p Class con figuratio n mode. Us e the no form to delete a c lass map and ret urn t o Poli cy Map co nfi gur atio n mode. Syntax [ no ] class cl ass- map- nam e class-map-name - Name o f t he cl ass map . (R an[...]

  • Page 427

    Quality of Service C ommands 4-215 4 Default Sett ing None Command Mode Policy M ap C lass C onfigurati on Example This examp le sets the DS CP valu e to 3 for all traffic assi gned to thi s policy clas s. police This comm and de fines an poli cer for classi fied traffic. Us e the no f orm to rem o ve a policer . Syntax [ no ] police rate-bp s burs[...]

  • Page 428

    Command Line Interface 4-216 4 Example This examp le creates a policer t hat sets the maxim um burs t rate to 20 Kbyt es, the average rate to 1522 b ps, and th e respons e to drop an y violating pack ets. service-po licy This comm and appl ies a policy m ap defined by the policy-map comma nd to a particular int erface. Use the no f orm to remove t [...]

  • Page 429

    Quality of Service C ommands 4-217 4 Command Mode Privileged Exec Example show pol icy-map This command dis plays the QoS policy ma ps which define classifi cation crit eria for incomin g traffic, and may include pol icers for ban dwidth lim itations. Syntax show po licy-ma p [ po licy-map-na me [ class clas s-ma p-nam e ]] • poli cy- map-na me -[...]

  • Page 430

    Command Line Interface 4-218 4 Command Mode Privileged Exec Example Multicast Filtering Comma nds This switc h uses IGM P (Internet Gr oup Mana gement Pr otocol) to que ry for any attached ho sts that want t o rece ive a s pecific m ulticas t servic e. It ide ntifies the po rts containing hosts reques ting a service a nd sen ds data ou t to thos e [...]

  • Page 431

    Multicas t Filtering C ommands 4-219 4 Default Sett ing Enabled Command Mode Global Co nfigurat ion Example The follow ing exampl e enable s IGMP sno oping. ip igmp sn ooping v lan static This comm and adds a port to a m ulticast gr oup. Use the no form to remove the port. Syntax [ no ] ip igm p snooping vlan vlan- id static ip-a ddress i nterfa ce[...]

  • Page 432

    Command Line Interface 4-220 4 ip igmp sn ooping v ersion This c ommand config ures the IGMP snoo ping ver sion. Us e the no form to res tore the defaul t. Syntax ip igmp s nooping version { 1 | 2 } no ip igmp snooping ve rsion • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Sett ing IGMP V ers ion 2 Command Mode Global Co nfigurat ion Comman[...]

  • Page 433

    Multicas t Filtering C ommands 4-221 4 Example The fo llowing shows the c urrent IG MP s nooping configu ration: show ma c-addres s-table multic ast This comm and show s know n multicast address es. Syntax show m ac-add ress-table mul ticast [ vl an vlan-id ] [ user | igmp-snooping ] • vlan-i d - VLAN ID (1 to 4094 ) • user - Display onl y the [...]

  • Page 434

    Command Line Interface 4-222 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enables the sw itch as an IG MP quer ier . Use the no form to disabl e it. Syntax [ no ] ip igm p snooping quer ier Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage If enabled , the switch w ill serve as qu erier if electe[...]

  • Page 435

    Multicas t Filtering C ommands 4-223 4 Default Sett ing 2 times Command Mode Global Co nfigurat ion Command Usage The que ry coun t de fines ho w long the q uerier w aits for a respo nse f rom a multicas t client before taking a ction. If a quer ier ha s sent a num ber of queries defined by thi s com mand, b ut a c lient h as no t respon ded, a cou[...]

  • Page 436

    Command Line Interface 4-224 4 ip igmp sn ooping qu ery-max- response-time This c ommand config ures the que ry rep ort dela y . U se the no form to restore th e default. Syntax ip igmp s nooping query-max -response- time se conds no ip igmp snooping que ry-max-respon se-time seconds - The report delay a dvertised in IGMP queries. (Rang e: 5-30) De[...]

  • Page 437

    Multicas t Filtering C ommands 4-225 4 Default Sett ing 300 secon ds Command Mode Global Co nfigurat ion Command Usage The switc h must use IG MPv2 for this comma nd to take effect. Example The follow ing shows h ow to con figure the def ault time out to 300 sec onds: Related Commands ip i gmp snoo ping ve rsi on ( 4-22 0) Static Mul ticast Routing[...]

  • Page 438

    Command Line Interface 4-226 4 Command Usage Depend ing on your net work conn ection s, IGMP snoo ping ma y not alway s be able to loca te the IGMP querier . Therefor e, if the IGMP querier is a known multicast router/ switch conne cted ove r the netwo rk to an inte rface (port or tru nk) on your r out er , you can man uall y con fig ure t hat inte[...]

  • Page 439

    IP Interface Command s 4-227 4 IP Interface Commands There are no IP addre sses assi gned to this sw itch by de fault. Y ou m ust ma nually configur e a new add ress to man age the switch over your netw ork or to conn ect the switch to existing IP subnets. Y ou may also need to a establish a default gate way between t his dev ice and ma nageme nt s[...]

  • Page 440

    Command Line Interface 4-228 4 Command Usage • You must assign an IP addres s to this dev ice to gain man agemen t access over the network or to connect the switch to exi sting IP su bnets. You can manuall y configur e a specifi c IP addres s, or direct the device to obtain an address from a BOOT P or DHCP ser ver. Valid IP addresses co nsist of [...]

  • Page 441

    IP Interface Command s 4-229 4 Example The follow ing exam ple defines a d efault gat eway for this devic e: Related Commands show ip red irec ts (4-2 30) ip dhcp res tart Use this comma nd to submit a BOOTP or DCHP clien t request. Default Sett ing None Command Mode Privileged Exec Command Usage • This comma nd issues a BOOTP or DHCP client requ[...]

  • Page 442

    Command Line Interface 4-230 4 Command Mode Privileged Exec Example Related Commands show ip red irec ts (4-2 30) show ip redirects This comm and sh ows the defau lt gatew ay configu red for this de vice. Default Sett ing None Command Mode Privileged Exec Example Related Commands ip default- gateway ( 4-228) ping This comm and sends ICMP echo reque[...]

  • Page 443

    IP Interface Command s 4-231 4 Command Usage • Us e the pi ng co mman d to see if an othe r sit e on th e netwo rk c an be rea che d. • Followin g are some results of the ping comm and: - Normal resp onse - The normal respons e occurs in on e to ten sec onds, dependi ng on netwo rk traffic . - Destin ation does no t respon d - If the host do es[...]

  • Page 444

    Command Line Interface 4-232 4[...]

  • Page 445

    A-1 Appendix A: Software Specifications Software Features Authen tication Local, RADIUS, T A CACS, Port (802.1x), HTTPS, SSH, Port Se curity Access Cont rol Lists IP , M AC ( up t o 32 lists) AMAP Alcatel Map ping Adjace ncy Prot ocol SNMPv3 Manage ment acces s via MIB da tabase T rap ma nageme nt to speci fied hos ts DHCP Client DNS Server Port Co[...]

  • Page 446

    Software Specifi cations A-2 A VLAN Suppo rt Up to 255 gr oups; port-ba sed, proto col-base d, or tagged (80 2.1Q), GVRP f or autom atic V LAN lear ning, p rivate VLAN s Class o f Se rvice Supports eigh t levels of prio rity and Weighted Round R obin Queu eing (which c an be configu red by VLAN tag o r port), Layer 3/4 pr iority map ping: IP Pre ce[...]

  • Page 447

    Management Inf ormation Bases A-3 A IEEE 802. 1D S panning Tree Protocol and traffic pri orities IEEE 802.1p Pr iority tags IEEE 802.1s Multiple Sp anning Tree Protocol IEEE 802.1w Rapid S panning Tree Protocol IEEE 802.1x Port Authenticat ion ARP (RFC 826) DHCP (RFC 1541) HTTPS ICMP (R FC 79 2) IGM P (R FC 1 1 12) IGMPv2 (RFC 2236) RADIUS+ (RFC 2 [...]

  • Page 448

    Software Specifi cations A-4 A SNMP T arget MIB , SNMP Notificati on MIB (RFC 257 3) SNMP User- Based SM MIB (RFC 2574) SNMP V iew Based ACM MIB (RFC 2575) SNMP Community MIB (RFC 2576)[...]

  • Page 449

    B-1 Appe ndix B: Trou bles hooting T able B-1. T roublesh ooting Ch art Sympt om A ctio n Cannot co nnect using T elne t, Web b row ser , or SNMP software • Be sure you have c onfigured the age nt with a valid IP address, subne t mask and defau lt gateway . • If you are tryi ng to c onnect to the ag ent via the IP ad dress for a tagge d VLAN gr[...]

  • Page 450

    T roubleshooti ng B-2 B[...]

  • Page 451

    Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can li mit networ k tra ff ic an d rest ric t acce ss to ce rt ain us ers or devi ces by checkin g each packet for certain IP or MAC (i.e. , Layer 2) info rmation . Boot Protocol (BOOTP) BOOTP is use d to provid e bootup i nformatio n for netw ork device s, includi ng IP address information , t[...]

  • Page 452

    Glossary Glossar y-2 GARP VLAN Registration Protoco l (GVRP) Defines a way for swit ches to exc hange VLAN informat ion in orde r to register necessa ry VLAN me mbers o n ports along t he S panning Tree so that VLANs define d in each swi tch can wo rk automa tically over a S panning Tree network. Generic Att ribute Registration Protocol (GARP) GARP[...]

  • Page 453

    Glos sary -3 Glossar y IEEE 802.3x Def ine s Et hern et fr ame s t art /st op r eques ts and ti mers used for fl ow co ntro l o n full-duple x links. IGMP Snoo ping Listenin g to IGMP Query and IGMP Repo rt packets transferred betwee n IP Multicast Routers and IP Mult icast host groups to identi fy IP Multi cast group m ember s. IGMP Query On eac h[...]

  • Page 454

    Glossary Glossar y-4 Mana gement Inf ormation Base (MI B ) An acrony m for Mana gement In formatio n Base. It is a set of database objec ts that contains i nformat ion a bout a specific device . MD5 An al gor ith m th at i s us ed t o cr eate dig it al sign atur es. It is inte nde d for use wi th 3 2 bit machines and is saf er than the MD 4 algorit[...]

  • Page 455

    Glos sary -5 Glossar y Remote Monitorin g (RMON) RMON pr ovides comprehens ive net work mon itoring capabi lities. It elim inates the polling requ ired in standar d SNMP , and can set alar ms on a varie ty of traffic conditi ons, including specific erro r types. Rapid Spanni ng Tree Protocol (RSTP) RSTP reduces the conve rgence t ime for net work t[...]

  • Page 456

    Glossary Glossar y-6 Trivial File Transfer Prot ocol (TFTP) A TCP/IP pr otocol comm only use d for software dow nloads. User Datagram Protocol (UDP) UDP provide s a datagram mode for pack et-switched com municat ions. It uses IP as the under lying trans port mech anism to pr ovide acce ss to IP-like service s. UDP packets are delive red just like I[...]

  • Page 457

    Index-1 Numerics 802.1x, po rt authe ntication 3 -54, 4-76 A accepta ble fram e type 3-133 , 4-183 Acce ss Co ntro l Lis t See ACL ACL Extende d IP 3-62 , 4-83 , 4-85, 4-87 MAC 3-62, 4-84 , 4-98 , 4-98 –4-1 00 Standard I P 3-62, 4-83 , 4-85, 4-86 addr ess t able 3-100 , 4-15 7 aging time 3-102, 4-160 B BOOTP 3- 14, 3-15 , 4-22 7 BPDU 3-104 broadc[...]

  • Page 458

    Index-2 Index H har dware ve rsion , di sp layi ng 3-10, 4-60 HTTPS 3-45 , 4-30 HTT PS, se cur e se rver 3-45, 4-30 I IEEE 802.1D 3 -103, 4-162 IEEE 802.1s 4-162 IEEE 802.1w 3 -103, 4-162 IEEE 802.1x 3-54, 4-76 IGM P groups, displaying 3-164, 4-221 Laye r 2 3-160 , 4-21 8 quer y 3-160, 4- 222 query, Layer 2 3-1 61, 4-222 snoopin g 3-160, 4- 218 sno[...]

  • Page 459

    Index-3 Index problem s, troub leshoot ing B-1 protocol migrati on 3-115 , 4-176 Q queue w eights 3-143, 4-19 9 R RADIUS , logon auth enticati on 3-42, 4-70 rate limit s, settin g 3-92, 4-146 rem ote l ogg ing 4 -4 4 restartin g the syst em 3-29, 4-22 RSTP 3-103 , 4-162 glo bal co nfi gur ati on 3 -104, 4-162 S secure sh ell 3-47 , 4-32 Secu re S h[...]

  • Page 460

    Index-4 Index V VLANs 3-1 22–3-136 , 4-179– 4-192 adding sta tic memb ers 3-130 , 3-132, 4-185 creating 3-129, 4-180 desc rip ti on 3-12 2 displayi ng bas ic info rmation 3-126, 4-193 displayi ng por t memb ers 3-1 27, 4-187 egress m ode 3-134, 4-182 interfac e config uration 3-133, 4-183–4- 186 priv at e 3 -135 , 4-19 1 prot ocol 3- 136, 4 -[...]

  • Page 461

    [...]

  • Page 462

    F1.0.0.6 E042004-R02 060191-10[...]