Alcatel OmniStack 6300-24 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Alcatel OmniStack 6300-24. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Alcatel OmniStack 6300-24 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Alcatel OmniStack 6300-24 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Alcatel OmniStack 6300-24 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Alcatel OmniStack 6300-24
- nom du fabricant et année de fabrication Alcatel OmniStack 6300-24
- instructions d'utilisation, de réglage et d’entretien de l'équipement Alcatel OmniStack 6300-24
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Alcatel OmniStack 6300-24 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Alcatel OmniStack 6300-24 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Alcatel en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Alcatel OmniStack 6300-24, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Alcatel OmniStack 6300-24, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Alcatel OmniStack 6300-24. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Part No. 060191-10, Rev. B April 2 0 04 Omn i S t a c k ® 6300-24 Use r s Guide[...]

  • Page 2

    An Alca tel service ag reemen t brings you r company the as suranc e of 7x24 no-ex cuses technical suppo rt. You’ll also r eceive regular softwar e updates to main tain and maximize your Alcatel product’s features and functionality and on-site hardwar e replac ement throug h our globa l network of highly qualified s ervice deliv ery part ners. [...]

  • Page 3

    Wa rni ng This equipmen t has been te s te d and found to comply with the limits for Class A digital device pur suant to Part 15 of the FCC R ules. T hese limits are designe d t o p rovide reason able protection against har mful interfe rence when the equi pment is operated in a comme rcial e nvironme nt. This eq uipment generate s, uses, and c an [...]

  • Page 4

    [...]

  • Page 5

    v Content s Chapter 1: In troduction 1-1 Key Fe atures 1-1 Descripti on of So ftware Feature s 1-2 Sys tem Defa ults 1-5 Chapter 2: In itial Configuratio n 2-1 Connec ting to th e Switch 2-1 Config uration Options 2-1 Requi red Conn ections 2-2 Rem ote C onn ectio ns 2-3 Ba sic Conf igu ratio n 2-3 Conso le Conn ection 2-3 Settin g Passwords 2-4 Se[...]

  • Page 6

    Contents vi Teln et Settings 3-21 Config uring Ev ent Logg ing 3-23 Sys tem Logs 3-23 Sys tem Logs Configu ration 3-24 Rem ote Lo gs Con fi gurat io n 3-2 5 Send ing Simpl e Mail Tra nsfer Protoc ol Aler ts 3-27 Rese tting the Sy stem 3-29 Setti ng the System Clo ck 3-29 Config uring SNT P 3-30 Settin g the Tim e Zone 3 -31 Simp le Network Managem [...]

  • Page 7

    Contents vii Port Conf igurati on 3- 75 Displ aying C onnectio n Status 3-75 Config uring I nterface Con necti ons 3-77 Cre ating Trunk Grou ps 3-79 Static ally Confi guring a Trunk 3-80 Enabli ng LACP o n Selected Ports 3-81 Config uring L ACP Parame ters 3- 83 Displaying LACP Port Counters 3-85 Displ aying LAC P Settings and Stat us for the Local[...]

  • Page 8

    Contents viii Mappin g Protocols to VLANs 3-137 Class of Servic e Confi guration 3-139 Setti ng the Default P riority for I nterfac es 3-139 Map ping CoS Val ues to Egre ss Queu es 3-141 Sele cting the Qu eue Mode 3-143 Setti ng the Service We ight for Tra ffic Classes 3-1 43 Mapp ing La yer 3/4 P rior ities to Co S Val ues 3- 145 Sele cting IP Pre[...]

  • Page 9

    Contents ix Unders tandin g Comm and Mode s 4-5 Exec C ommands 4 -6 Conf igu rati on Co mmands 4-6 Comm and Li ne Proces sing 4-7 Comm and G roups 4-9 Line Comm ands 4-10 line 4-10 logi n 4-11 pas swor d 4-12 time out lo gin respon se 4-13 exec-ti meout 4- 14 pas swor d-th res h 4-14 sil ent-time 4- 15 dat abit s 4-1 6 par ity 4-16 spee d 4-17 stop[...]

  • Page 10

    Contents x ip ss h time out 4-3 5 ip s sh authen tication-r etries 4 -36 ip ss h serv er-k ey si ze 4-3 6 del ete pu bli c-k ey 4-3 7 ip s sh crypto ho st-key ge nerate 4-37 ip ss h cryp to zer oiz e 4-38 ip ss h sav e host -key 4- 38 show ip ss h 4-39 show ss h 4-39 show pub lic-key 4-40 Even t Logg ing Comma nds 4-41 logg ing on 4-41 logg ing hi [...]

  • Page 11

    Contents xi whi chboo t 4 -66 boot sy stem 4-66 Authen tication Co mmands 4- 67 Authe ntication Sequence 4- 67 authe ntication login 4-68 authe ntication enabl e 4-69 RADIUS Client 4-70 radius-s erver host 4-70 radius-s erver port 4-70 radius-s erver key 4-71 radius-s erver retran smit 4-71 radius -server time out 4- 72 show ra dius-server 4- 72 TA[...]

  • Page 12

    Contents xii mat ch acce ss-li st ip 4-96 show ma rking 4 -97 MAC A CLs 4-9 8 acce ss-li st m ac 4- 98 per mit, deny (MAC ACL ) 4-99 sho w mac ac cess -list 4- 100 acc ess-list mac mask-prec edence 4-101 mask (MAC ACL ) 4-102 show access- list m ac mask -preceden ce 4-104 mac ac cess -group 4-104 show ma c access-g roup 4-105 map access -list m ac [...]

  • Page 13

    Contents xiii show d ns 4-127 show d ns ca che 4-128 clea r dns cac he 4-128 Int erf ace Co mmand s 4 -129 inter face 4-130 des cri ption 4-13 1 spee d-duplex 4-131 neg otiat io n 4-13 2 capa bilities 4-133 flowc ontrol 4-1 34 combo- forced-mod e 4-135 shut down 4-1 35 switc hport br oadcast packe t-rate 4-136 clear c ounters 4-1 37 show int erface[...]

  • Page 14

    Contents xiv spa nning-tree forward-ti me 4-163 spa nning-tree hello-tim e 4-164 spa nning-tree max-a ge 4-164 spanni ng-tree priority 4-1 65 spa nning-tree pathc ost metho d 4-166 spa nning-tree transmis sion-l imit 4-166 spa nning-tree mst-conf igurati on 4-167 mst v lan 4-167 mst pri ority 4-168 name 4-16 9 revi sion 4-1 69 max- hops 4-1 70 spa [...]

  • Page 15

    Contents xv GVRP and Bridge Extensio n Comm ands 4-192 bridge -ext gvrp 4-193 sho w bri dge- ext 4- 193 switc hport gvrp 4-194 show g vrp confi guratio n 4-194 garp ti mer 4-195 show g arp timer 4-196 Priority Command s 4-197 Priorit y Comman ds (Layer 2) 4-197 switc hport priori ty default 4-197 queue mode 4-198 queue bandwi dth 4-199 queue cos-ma[...]

  • Page 16

    Contents xvi IGMP Query C omman ds (Layer 2) 4-222 ip ig mp snoo ping q uerier 4-222 ip ig mp snoo ping q uery-coun t 4-222 ip ig mp snoo ping q uery-interv al 4-223 ip ig mp snoo ping q uery-max- respon se-tim e 4-224 ip ig mp snoo ping route r-port-ex pire-time 4-224 Stati c Multic ast Rou ting Com mands 4-2 25 ip ig mp snoo ping v lan mrout er 4[...]

  • Page 17

    xvii Tables Table 1-1. Key F eatures 1-1 Table 1-2. System Defaults 1-5 Table 3-4. Mai n Menu 3-3 Table 3-2. Config uration Options 3-3 Table 3-1. SNM Pv3 Securi ty Mo dels and Level s 3-32 Ta ble 3 -22. Comp ati ble O per atin g Sys tem s 3- 45 Ta ble 3- 30. 802. 1X St atist ics 3-5 9 Table 3-45. LACP Port Counters Informati on 3-85 Ta ble 3- 47. [...]

  • Page 18

    xviii T ables Table 4-27. A uthentica tion Seq uence 4-67 Table 4-2 8. RADIUS Comma nds 4-7 0 Table 4-29. TA CACS+ Com mands 4-73 Table 4-30. Port Se curity C ommands 4-75 Table 4-31. 802 .1X Port Authen tication Commands 4-76 Table 4-32. ACL Informati on 4-84 Table 4-33. IP AC Ls 4-85 Table 4-3 4. Priority Qu eue Mapping 4-95 Table 4-35. MAC ACL s[...]

  • Page 19

    xix Ta ble 4- 67. Quali ty of S ervi ce Com mand s 4-2 10 Table 4-68. Mul ticast Fi ltering Commands 4- 218 Table 4-69. IGM P Snooping Commands 4-218 Table 4-70. IGM P Query Com mands ( Layer 2 ) 4-222 Ta ble 4- 71. Stati c Mul ticas t Ro utin g Comm and s 4-2 25 Table 4-72 . IP Configuratio n 4-227 Ta ble B- 1. Tro uble shoo ting Char t B-1[...]

  • Page 20

    xx T ables[...]

  • Page 21

    xxi Figu res Figure 3-1. Home Pa ge 3-2 Figure 3-3. Ports Pa nel 3-3 Fi gure 3-5 . Sys tem Info rmat io n 3-9 Figure 3-6. Switch Informa tion 3-10 Figure 3-7. Bridge Exentsion Config uration 3-12 Figure 3-8. IP Confi guratio n 3-13 Figure 3-9. Selecting DHCP Mode 3-14 Figure 3-10. Enabli ng Ju mbo Frame Support 3-15 Figure 3-11. Transferin g an Ope[...]

  • Page 22

    Figures xxii Fig ure 3 -36. ACL M ask C onfi gur atio n 3-68 Figure 3-37. ACL IP M ask Confi guration 3-70 Figure 3-38. ACL MAC Mask Configu ration 3-71 Figure 3-39. ACL Port Binding 3-73 Figure 3-12. Filte ring IP Ad dresses 3-74 Figure 3-40. Port In formation 3-75 Fig ure 3 -41. Port Conf igu rati on 3- 78 Figure 3-42. Trunk M embership 3-80 Figu[...]

  • Page 23

    Figures xxi ii Figure 3-84. Port Prio rity Configu ration 3-140 Figure 3-87. Traffic C lasses 3-142 Figure 3-88. Selec ting the Q ueue Mod e 3-143 Figure 3-89. Queue Sc heduling 3-144 Figure 3-90. IP Preceden ce/DSCP Priority Sta tus 3-145 Figure 3-92. Assigni ng CoS Val ues to IP Pre cedence 3-146 Figure 3-94. Mapping IP DSCP Pr iority 3-148 Figur[...]

  • Page 24

    Figures xxiv[...]

  • Page 25

    1-1 Chapter 1: Introduction This sw itch provid es a broad r ange of feat ures for Lay er 2 switching . It includes a man agement ag ent that al lows you to con figure th e features listed in this m anual. The def ault config uration ca n be used fo r most of the f eatures pr ovided by this switch . Howeve r , ther e are man y options t hat you sho[...]

  • Page 26

    Introducti on 1-2 1 Description of S oftware Features The s witch provides a w ide range of a dvanc ed perf ormance enha ncing features . Flow co ntrol elimi nates the l oss of packets due t o bottlenecks cause d by port satura tion. Broa dcast stor m suppress ion prev ents broadcas t traffic storm s from eng ulf ing the net wor k. Po rt- base d an[...]

  • Page 27

    Descripti on of Software Fe atures 1-3 1 Rate Limiting – Thi s feature co ntrols the m aximum rate for traffic transm itted or rece ived on an inter face. Ra te limiting is c onfigure d on interface s at the edg e of a netwo rk to limit tr af fic i nto or out o f the netwo rk. T raffic that falls with in the rate l imit is transm itted, w hile pa[...]

  • Page 28

    Introducti on 1-4 1 older IEEE 802.1D ST P standard. It is intended as a c omplete replacement for STP , but ca n still interope rate with sw itches running the older stand ard by autom atically reconf iguring po rt s to STP -compliant mode if they d etect STP pro tocol messa ges from attac hed devices . Multip l e S panni ng T ree Protoco l (MSTP [...]

  • Page 29

    System Defa ults 1-5 1 Multicast Fi ltering – S pec ific multicas t traffi c can be assign ed to its own VLAN to ensur e that it does n ot interfer e with norm al netwo rk traf fi c and to gua rantee real-tim e delive ry by se tting t he requ ired prior ity level for the designa ted VLAN. The switch uses IGMP Snooping a nd Query to manage m ultic[...]

  • Page 30

    Introducti on 1-6 1 SNMP Comm unity Strin gs “pu blic” (r ead only) “privat e” (rea d/write) T raps Authe ntication tr aps: e nabled Link-u p-down ev ents: e nabled IP Filterin g Disabl ed Port C onfigur ation Admin Status Enabl ed Auto-n egotiation En abled Flow C ontrol Disabled Port C apabili ty 1000B ASE-T – 10 Mb ps half duplex 10 Mb[...]

  • Page 31

    System Defa ults 1-7 1 Virtual LA Ns Defau lt VLAN 1 PVID 1 Accep table F rame T ype All Ingres s Filter ing Disabl ed Switch port Mode (Egre ss Mode) Hybrid : tagged/u ntagge d frames GVRP (global) Disabl ed GVRP (port i nterface) Disabl ed T raffic Pri oritizat ion Ingres s Port Prio rity 0 Weighted Round R obin Queue : 0 1 2 3 4 5 6 7 Priority :[...]

  • Page 32

    Introducti on 1-8 1[...]

  • Page 33

    2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configur ati on Options The swi tch includes a built-in ne twork m anageme nt agent. T he agent offers a var iety of m anageme nt opt ions, inc luding S NMP , R MON a nd a Web-base d interfa ce. A PC may a l s o be connec ted direct ly to the swi tch for con figuratio n and monit oring [...]

  • Page 34

    Initial Confi guration 2-2 2 • Set broadca st stor m cont rol on any port • Displa y system informatio n and stat istics Required Connections The swi tch provides an RS-232 serial por t that enab l e s a connect ion to a PC or termin al for monit oring and co nfigurin g the switch . A null-mod em conso le cable i s prov ided with the sw itch. A[...]

  • Page 35

    Basic C onfigurat io n 2-3 2 Remote Connections Prior to acces sing t he swi tch’s onboa rd age nt via a netw ork c onnection , you must fi rst conf igu re i t wi th a val id I P ad dre ss, s ubn et ma sk, a nd defa ult g at eway usin g a conso le connec tion, DHC P or BOOTP pr otocol. The IP ad dress for t his switch is unassign ed by defa ult. [...]

  • Page 36

    Initial Confi guration 2-4 2 Setting Passwords Note: If this i s your first time to log into the CLI program, you s hould define new passwords for both default user names us ing the “u sername” c ommand, record them and put them in a saf e place. Passwo rds can con sist of up t o 8 alphanu meric cha racters an d are case s ensitive . T o preven[...]

  • Page 37

    Basic C onfigurat io n 2-5 2 Before y ou can as sign an IP addr ess to the sw itch, yo u must obtain th e following infor mation from y our netwo rk admi nistrator : • I P addr ess for th e swit ch • Defau lt gateway for the netwo rk • Netwo rk mask for this network T o a ssign an IP add ress to t he switch, comple te the follow ing steps: 1.[...]

  • Page 38

    Initial Confi guration 2-6 2 5. Wait a few min utes, an d then chec k the IP conf iguration se ttings by t yping the “sho w ip interface ” comman d. Press <E nter>. 6. The n save y our config uration ch anges by ty ping “copy running- config startup-co nfig.” Ente r the startup file n ame and pres s <Ent er>. Enablin g SNMP Mana[...]

  • Page 39

    Basic C onfigurat io n 2-7 2 T o configu re a c ommu nity st ring, co mplete the fo llowing steps: 1. Fr om the Privi leged Exe c level global configur ation mode pr ompt, type “snmp -server communi ty string mode , ” w here “string ” is the com munity ac cess strin g and “mode ” is rw (read/w rite) or ro (read on ly). Pres s <Enter&[...]

  • Page 40

    Initial Confi guration 2-8 2 2. Ent er the nam e of the start-up fi le. Press <E nter>. Managing Syste m Files Th e swi tch ’s fl ash m emory supp ort s t hre e ty pes of s yste m fi les t hat can be ma naged by the CL I program , Web interface , or SNMP . The sw itch’s file system a llows files to be upload ed and d ownloade d, copie d, [...]

  • Page 41

    3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This sw itch pr ovides an emb edded H TTP Web agent. U sing a Web brows er you c an confi gure the switch and view sta tistics to monitor network activi ty . The W eb agent can be ac cessed by any comp uter on th e network u sing a standar d W e b browser (Interne t Explorer 5.0 or a[...]

  • Page 42

    Config uring the Switch 3-2 3 Navigating the W eb Browser Interf ace T o a ccess the web-brows er interfac e you mu st first ente r a user name a nd password . The ad minist rator has Read/ W rite access to all co nfigurat ion parame ters and statist ics. The de fault use r name an d password f or the ad ministra tor is “adm in.” Home Page When[...]

  • Page 43

    Navigati ng the Web Browser Int erface 3-3 3 Notes: 1. To ensu re proper screen refresh, be sure t hat I nternet Explorer 5.x is configured as follows: Under the menu “Tools / I n t ernet Options / General / Temporary I nternet Files / S ettings,” the s etti ng for item “Check for newer versions of s tored pages” should be “Every visit to[...]

  • Page 44

    Config uring the Switch 3-4 3 Jumbo Frame Enabl es jumbo f rame s upport 3-1 5 File 3-16 Firmwa re Manag es code i mage f iles 3-16 Config uration Manag es switch config uration file s 3-17 Line 3-1 8 Conso le Sets c onsole port conn ection parameter s 3-18 Telnet Sets t elnet c onnection param eters 3-21 Log 3-2 3 Logs Stores and d isplays err or [...]

  • Page 45

    Navigati ng the Web Browser Int erface 3-5 3 Port S ecurity Config ures per p ort securit y , inclu ding st atus, resp onse fo r securi ty brea ch, and m aximum all owed M AC ad dresses 3-52 802.1 x Port a uthenticat ion 3-54 Inform ation Displa ys global c onfigu ration sett ings 3-55 Config uration Config ures proto col pa rameters 3-57 Port C on[...]

  • Page 46

    Config uring the Switch 3-6 3 Port S tatistics Lis ts Ethe rnet and R MON port statist ics 3-93 Alcate l 3-98 AMAP Alcatel Mapp ing Ad jacency Pr otocol (AMAP) 3-9 8 Set tin gs Con fi gures AMAP param ete rs 3-98 Inform ation Di splays info rmation on attach ed AM AP-aware device s 3-9 9 Addre ss T abl e 3-80 Static Addres ses Displa ys entr ies fo[...]

  • Page 47

    Navigati ng the Web Browser Int erface 3-7 3 Port C onfigur ation Specif ies def ault PVID and VL AN attribu tes 3 -133 Trunk Configura tion Sp ecifies def ault tru nk VID and VLAN attribute s 3-133 Private VLAN 3-13 5 Status Enabl es or d isables the privat e VLAN 3-13 5 Link S tatus Configure s the priva te VLA N 3-13 6 Protoc ol VLAN 3 -136 Conf[...]

  • Page 48

    Config uring the Switch 3-8 3 Basic Configuration Display ing Syste m Information Y ou ca n easily ident ify the sy stem by d i s playing t he device n ame, loca tion and contact inf ormatio n. Field Attributes • Syst em Name – Name ass igned to th e switch syst em. • Object ID – MI B II object I D for switch’s network m anage ment subs y[...]

  • Page 49

    Basic C onfigurat io n 3-9 3 We b – Click Sys tem, System Info rmation. S pecify the s ystem name, locati on, and conta ct informati on for th e system adminis trator , then c lick Apply . (This page also includes a T elnet butt on that all ows access to the Co mmand Line Interface vi a T elnet.) Figure 3- 5. System Inf ormation CLI – S peci fy[...]

  • Page 50

    Config uring the Switch 3-10 3 Display ing Switch Har dware/Software Ve rsions Use the Switch Inf ormation page t o display ha rdware/ firmware ve rsion nu mbers for the main board and management software, as well as t he power status of the s ystem . Field Attributes Main Board • Seria l Number – The seri al number o f the switch . • Number [...]

  • Page 51

    Basic C onfigurat io n 3-11 3 CLI – Use the followin g command to display v ersion inf ormation. Display ing Bridge Ext ension Capabil ities The Bridg e MIB includ es extens ions for m anaged dev ices that s upport Mult icast Fil terin g, T raf fic Cl as ses, and V irtu al L ANs. Y ou ca n acce ss t hes e ex tens ions to dis play defau lt sett in[...]

  • Page 52

    Config uring the Switch 3-12 3 We b – Click System, Brid ge Extension. Fi gure 3- 7. Br idg e Ex ents io n Co nfig urat io n CLI – Enter th e following co mman d. Setting the Switc h’s IP Address Th is sec tio n descr ibe s how to co nf igur e an IP int er face fo r man agem ent ac cess over the network. The IP addr ess for this swi tch is un[...]

  • Page 53

    Basic C onfigurat io n 3-13 3 • IP A ddress Mo de – Sp ecifies wh ether IP fu nctionality is en abled vi a manual config uration (S tatic), Dyn amic Host Co nfigurati on Protocol (DHCP), or B oot Protocol (B O OTP). If DHCP/BOOTP is enabled, IP will not function until a re ply has been r eceived fr om the serv er. Reque sts will be bro adcast p[...]

  • Page 54

    Config uring the Switch 3-14 3 Using DHCP/BOOTP If your ne two r k provides DHCP/BOOTP services, you can configure the switch to be dyn ami call y conf ig ured b y thes e serv ices . We b – Cl ick System, IP C onfigur ation. S p ecify the V LAN to which the mana gement sta tion is attached, set the IP Ad dres s Mo de to DHCP or BOOTP . Click Appl[...]

  • Page 55

    Basic C onfigurat io n 3-15 3 CLI – Enter t he following command to re start DHCP serv ice. Enablin g Jumbo Frames The swi tch provid es more efficient throughpu t for large seq uent i a l data transfer s by suppo rting jumb o frames up to 9000 byt es. Compared to standard E thernet fram es that ru n only up to 1.5 KB, u sing jumbo f rames sig ni[...]

  • Page 56

    Config uring the Switch 3-16 3 • Fi le N am e – The file nam e should not contain sla s h es ( or /), the lead ing letter o f the file name should not be a perio d (.), and the m aximu m length for file names on the TFT P server is 12 7 character s or 31 charac ters for files on the switch . (V alid c hara cte rs: A -Z, a- z, 0- 9, “. ”, ?[...]

  • Page 57

    Basic C onfigurat io n 3-17 3 CLI – Enter th e IP address of the TFTP ser ver , sele ct “config” o r “opcode” fi le type, then ente r the sour ce and destinati on file names, set th e new file to start up the system, and then resta rt the switch. Saving or Restor ing Confi guration Settings Y ou ca n upload/d ownload co nfigurat ion setti[...]

  • Page 58

    Config uring the Switch 3-18 3 If you d ownload t o a new file name, then selec t the new file from th e drop- down bo x for S tartup Con figuratio n File, and pres s Apply Cha nges. T o use the ne w settings , reboo t the s ystem v ia th e Syst em/Res et menu. Figure 3- 14. S etting the Start-up Configuration File CLI – Ent er the IP address of [...]

  • Page 59

    Basic C onfigurat io n 3-19 3 • Password Th reshold – Sets the password intrusion thr eshold, w hich limits the num ber of failed l ogon at tempts. Whe n the lo gon attem pt thres hold is re ached, the system interfa ce becom es silent for a specifie d amount of ti me (set by t he Silent Tim e pa ram eter ) be for e al low ing the nex t lo gon [...]

  • Page 60

    Config uring the Switch 3-20 3 We b – Cl ick System , Line, Console. S pec ify the con sole port c onnect ion paramet ers as r equired, then click A pply . Figure 3-1. Console Port Settings CLI – Enter Li ne Configur ation mod e for the con sole, then s pecify the con nectio n paramet ers as requ ired. T o di splay the cu rrent cons ole port se[...]

  • Page 61

    Basic C onfigurat io n 3-21 3 Telnet Set tings Y ou ca n access the on boar d configur ation prog ram over th e network u sing T elne t (i.e., a virtual t erminal). M anag ement acc ess via T elne t can be e nabled/ disabled and other va rious param eters se t, i n cluding th e TCP por t number , timeouts, and a password . These param eters can be [...]

  • Page 62

    Config uring the Switch 3-22 3 We b – Cl ick System, L ine, T eln et. S pe cify the con nection para meters for T elnet acces s, then click A pply . Figure 3-2. Telnet Settings CLI – Enter Li ne Configur ation mod e for a virtua l terminal, the n specif y the connectio n par ameters as required. T o di splay the curr ent vir tual termi nal sett[...]

  • Page 63

    Configur ing Event Logging 3-23 3 Configuring Eve nt Logging The s witch a llows you to cont rol the logging of error messag es, includ ing th e type o f events that ar e recorde d in switch mem ory , lo gging to a rem ote System Log (syslog ) serv er , and disp lays a list of r ecent ev ent messa ges. System Logs The sys tem can be co nfigur ed to[...]

  • Page 64

    Config uring the Switch 3-24 3 We b – Cl ick System, L og, Logs. Figure 3-3. Logging Information CLI – T yp e "show log ging ram" to display lo g messag es in the RAM bu f fer . System Logs Configurati on The Sys tem Logs p ag e allows you t o configur e and limit s ystem me ssages th at are logged to flash or RA M memo ry . T he de f[...]

  • Page 65

    Configur ing Event Logging 3-25 3 • RAM Level – Li mits log messa ges s aved t o the s witch’s tempor ary RAM mem ory for all l evels up to t he specified lev el. For example, if le vel 7 is specif ied, all messages fro m level 0 to level 7 will be logged to RAM. (Default : 6) We b – Click Sy stem, Log , System Lo gs. S pecify the S ystem L[...]

  • Page 66

    Config uring the Switch 3-26 3 • Ho st IP Li st – Disp lays the list of remote ser ver IP ad dresses tha t recei ve the syslog m essa ges. The m aximum number o f host IP add resse s allowe d is five. • Host IP Address – S p ecifies a new server IP ad dress to a dd to the Ho st IP List. We b – Cl ick System , Log, Remo te Logs. T o add an[...]

  • Page 67

    Configur ing Event Logging 3-27 3 Sending Simple Mail Transf er Protocol Alerts T o a l e rt system adm inistrat ors of prob lems, the sw itch can us e SMTP (Si mple Mail T ransf er Protoco l) to send emai l message s when t riggered b y logging eve nts of a specif ied level. Th e messag es are sent to s pecified SM TP servers on the netwo rk and c[...]

  • Page 68

    Config uring the Switch 3-28 3 We b – Cl ick System, Log , SMTP . Enable SM TP , specify a s ource emai l address, and sele ct the minimum severity le vel. T o add an IP address to the SMTP Server List, typ e the new IP a ddress in the SM TP Server text box and t hen click Ad d. T o delete an IP ad dress, click the e ntry in t he SMTP Server List[...]

  • Page 69

    Configur ing Event Logging 3-29 3 to com plete t he co nfiguration. Use the s how logging sendma i l command to disp lay t he cur re nt S MTP co nfi gur ati on. Resetti ng the Syste m We b – Click System, R es et. Click the Reset button to restar t the switch . Figure 3- 15. Resetting the Sy stem CLI – Us e t he re lo ad com mand t o rest ar t [...]

  • Page 70

    Config uring the Switch 3-30 3 This swi tch acts as an SNTP cl ient in unicast mode: Un icas t – T he sw it ch per io dica lly send s a requ est for a ti me up date to a co nfig ured time server . Y ou can configure u p to three time serve r IP addresse s. The switch will attem pt to poll eac h server in t he configur ed sequen ce. Configurin g S[...]

  • Page 71

    Simple Ne twork Manageme nt Protocol 3-31 3 Setting the Time Zone SNT P us es Co ordi nat ed U nive rsal T ime (or UT C, f or merly Gre enwi ch M ean T im e, or GM T) based on the ti me at th e Earth’s prime m eridia n, zero deg rees lo ngitude. T o displa y a time cor respond ing to your loc al time, you must in dicate the number o f hours and m[...]

  • Page 72

    Config uring the Switch 3-32 3 standard presentation o f the inf ormation contro lled by t he agent . SNMP d efines bo th the fo rmat of the MIB specificat ions an d the prot ocol u sed to a ccess t his inform ation over the n etwork. The swi tch includes an onboa rd agent tha t supports SNMP versions 1, 2c, and 3. This agen t continu ously m onito[...]

  • Page 73

    Simple Ne twork Manageme nt Protocol 3-33 3 Enabling SNMP Enables th e SNMP agent on the swit ch for all ve rsions (1, 2c, and 3). Command Attri butes • SNMP Agent Status – Enables SN MP on the s witch. Figure 3-7. Enabling the SNMP Agent CLI – The follow ing exa mple enal bes SNMP on the switch. Setting Communit y Access Stri ngs Y ou may co[...]

  • Page 74

    Config uring the Switch 3-34 3 We b – Click SNMP , Configuration. Add new community str ings as re quired, select t he acce ss ri ght s fr om the Ac ces s Mode drop-d ow n list , th en cli ck Add . Figure 3-18. SNM P Configuration CLI – The foll owing exa mple adds t he string “ spiderm an” with rea d/write ac cess. Specify ing Trap Manager[...]

  • Page 75

    Simple Ne twork Manageme nt Protocol 3-35 3 We b – Cl ick SNMP , Con figuratio n. Enter the IP ad dress and commu nity string fo r each m anagm ent station that w ill receiv e trap mess ages, sp ecify the UD P port an d SNMP ve rsion, an d then click A dd. Select the trap types required us ing the check boxes for Authenti cation and L ink-up/do w[...]

  • Page 76

    Config uring the Switch 3-36 3 A local en gine ID is auto maticall y generated that is unique to the switc h. This is referred to as the de fault engine ID. If the loca l engine ID i s deleted or changed, all SNMP users will b e cleared. You will n eed to reconfigure a ll existing u sers. A new en gine ID c an be sp ecified by en tering 1 t o 26 he[...]

  • Page 77

    Simple Ne twork Manageme nt Protocol 3-37 3 • Level – Th e secu ri ty le vel used for the use r: - no AuthNo Priv – T here is no a uthent ication o r en cryption u sed in SNM P com municat ions. - Aut hNoPri v – SNMP com municat ions use a uthenticat ion, but the da ta is not encr ypted (onl y availabl e for the SN MPv3 sec urity mo del). -[...]

  • Page 78

    Config uring the Switch 3-38 3 CLI – Us e t he snmp -serve r user comma nd to conf igure a new user name an d assign i t to a group. Configurin g SNMPv3 Grou ps An SNMP v3 group se ts the ac cess policy for its assigne d users , restricting th em to specif ic read and w rite view s. Y o u can use the pre-def ined defau lt groups or cr eate new gr[...]

  • Page 79

    Simple Ne twork Manageme nt Protocol 3-39 3 We b – Click SNMP , SNMPv 3, Gr oups. Clic k New to configure a new group. In the New Group page , define a na me, as sign a security model a nd lev el, and then s elect read and write v iews. Cl ick Add to save the new gro up and return to t he Grou p s list . T o d elete a grou p, check the box next t[...]

  • Page 80

    Config uring the Switch 3-40 3 Setting SNMPv3 Views SNMPv 3 view s are used to restrict use r access to speci fied portio ns of the M IB tree. The pre defined view “defa ultview” inc ludes acces s to the en tire MIB tree. Command Attri butes • View Name – The n ame of the SNM P view. (Ran ge: 1-64 c haracter s) • View OI D Subtrees – Sh[...]

  • Page 81

    User Authen tication 3-41 3 CLI – Us e t he snmp -ser ver vi ew comma nd to config ure a new vi ew . This e xample view in cludes the MIB- 2 interfaces t able, a nd the wildcard mask select s all index entri es. User Authentica tion Y o u c an restrict ma nagement access to this switch using the follo wing options: • Passw ords – Ma nually co[...]

  • Page 82

    Config uring the Switch 3-42 3 Command Attri butes • User Name* – The na me of the user. (Maximum length : 8 characters) • Access Lev el* – Specif ies the user l e vel. (Options: Normal and Pri vileged) • Password – Sp ecifies the user pa ssword. (Range: 0-8 char acters plain text, case sensitive) * CLI only . We b – Cl ick Security ,[...]

  • Page 83

    User Authen tication 3-43 3 a database of multiple us er name /password pairs wit h associa ted privile ge levels for each us er that req uires man agement access t o the switch . RADIUS uses UDP while T ACACS + us es TCP . UDP only of fers best eff ort delivery , while TCP o f fer s a connect ion-orient ed transpo rt. Also, note that RADI US encr [...]

  • Page 84

    Config uring the Switch 3-44 3 • TACACS Settings - Server IP Address – Address of the TA CACS+ ser ver. (Defa ult: 10.11.12 .13) - Serv er Port Number – Network ( TCP) por t of TACACS+ server us ed for auth entication mess ages. (Range : 1-6553 5; D efault: 4 9) - Se cret Tex t St ring – Encry ption key us ed to auth enticate lo gon acc ess[...]

  • Page 85

    User Authen tication 3-45 3 CLI – S p ecify all the re quired param eters to en able logon authent ication. Configur ing HTTPS Y ou ca n configur e the switch to e nable th e Secure Hyp ertext T rans fer Proto col (HTTPS ) over the S ecure Soc ket Layer (SSL), prov iding se cure acce ss (i.e., an encr ypted c onnect ion) to the s witch’s web in[...]

  • Page 86

    Config uring the Switch 3-46 3 • To spec ify a secure -site certifi cate, see “Re placing t he Default Se cure-site Certifi cate” on page 3-46. Command Attri butes • HTTPS Status – Al lows you to en able/dis able the HT TPS server fe ature on the switch. ( D efault: Enable d) • Change HTTPS Po rt Number – Specifies th e UDP port num b[...]

  • Page 87

    User Authen tication 3-47 3 When you have obtained these, plac e them on your TFTP server , and u se the follow ing comm and at the sw itch's co mmand -line inte rface to repla ce the defau lt (unreco gnized ) certifica te with an autho rized on e: Note: The switch must be reset for the new cer tif ic ate to be activated. T o reset the swi tch[...]

  • Page 88

    Config uring the Switch 3-48 3 Other wise, you n eed to ma nually cr eate a kno wn hosts file on the mana gem ent station and place th e host pu blic key in i t. An entr y for a publ ic key in the k nown hosts file wou ld appea r similar to t he followi ng examp le: 10.1 .0.5 4 1 024 35 1568499540 1867669 2593339 46775054617 3253136 7489083654 7254[...]

  • Page 89

    User Authen tication 3-49 3 2. The SSH server supports up to four c l ient s essions. The m aximum number of client sessions includes both current Telnet sessions and SSH sessions. Generatin g the Host Key Pair A host pub lic/priva te key pair i s used to p rovide sec ure com municat ions betw een an SSH cli ent and the swit ch. Af ter gene rati ng[...]

  • Page 90

    Config uring the Switch 3-50 3 We b – Click Securit y , SSH Host-Key Settin gs. Select the h ost-key type fr om the drop-d own box, select the option to save the hos t key from me mory to flas h (if requir ed) prior to ge nerating the key , and then c l ick Genera te. Fig ure 3-24. Secu re Sh ell Ho st-Key Settin gs CLI – T his exa mple gene ra[...]

  • Page 91

    User Authen tication 3-51 3 Configurin g the SSH Server The SS H server inc ludes ba sic settings for auth entication . Field Attributes • SSH Server Status – Al lows you to enab le/disab le the SSH ser ver on the swit ch. (Defaul t: Enabled) • Version – Th e Sec ure Shel l ve rsi on nu mber . Ve rs ion 2 .0 i s di spl aye d, b ut th e swit[...]

  • Page 92

    Config uring the Switch 3-52 3 CLI – This exam ple ena bles SSH, s ets the au thentica tion parame ters, and dis plays the current c onfigura tion. It shows that the adminis trator h as mad e a conn ection via SHH, and then disabl es this con nection. Configur ing Port Security Port sec urity is a featur e that allow s you to conf igure a swit ch[...]

  • Page 93

    User Authen tication 3-53 3 Command Attri butes •P o r t – Port nu mber. •N a m e – D e scr ipti ve te xt (p age 4-1 31). • Action – Indica tes the act ion to be take n when a port se curity viol ation is detec ted: - None : No a ction shou ld be taken. (This is the def ault.) - Trap : Sen d an SNM P tr ap messa ge. - Shutdown : Disa bl[...]

  • Page 94

    Config uring the Switch 3-54 3 Configur ing 802. 1x Port Authenticati on Ne twor k swit ches ca n prov id e open an d eas y a ccess to net work resou rces by simply at taching a clie nt PC. Althou gh this aut omatic co nfigurati on and acce ss is a desira ble featur e, it also allo ws unautho rized pers onnel to eas ily intrude and possibl y gain a[...]

  • Page 95

    User Authen tication 3-55 3 • The RA DIUS ser ver and c lient also have to s upport th e same EA P authent ication type – MD 5. (So me clients ha ve nativ e support i n Windows , otherw ise the dot 1x client m ust supp ort it.) Display ing 802.1x Global Setti ngs The dot 1x protoco l includes global paramet ers that co ntrol the clie nt authe n[...]

  • Page 96

    Config uring the Switch 3-56 3 CLI – Thi s exam ple sh ows the default proto col sett ings for 802.1 x. For a descr iption of the add itional ent ries displa yed in the CLI , See “show d ot1x” on page 4- 81. Console#show dot1x 4-81 Global 802.1X Parameter s reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: [...]

  • Page 97

    User Authen tication 3-57 3 Configurin g 802.1x G lobal Settings The dot 1x protoco l includes global paramet ers that co ntrol the clie nt authe ntication proc ess that run s between th e client and t he switch (i. e., authen ticator), as well as the clien t identity look up pro cess that ru ns betwee n the switch and aut henticatio n serv er . Th[...]

  • Page 98

    Config uring the Switch 3-58 3 CLI – This enables re-aut hentication and sets al l of the global parameters for 802.1x . Configurin g Port Authorizatio n Mode When dot1x is e nabled, you n eed to specify the dot1x authenti cation m ode config ured for eac h port. Command Attri butes • Status – Indi cates if a uthenticat ion is enabl ed or dis[...]

  • Page 99

    User Authen tication 3-59 3 We b – Click Se curity , 802.1x, Por t Configu ration. Select the authent ication mo de f rom the dr op- dow n b ox and cl ick Appl y . Figure 3- 29. 802.1X Po rt Config uration CLI – T his exam ple set s th e au the ntica ti on mo de t o en able 802. 1x on po rt 2, and allows up t o ten cli ents to c onnect to th is[...]

  • Page 100

    Config uring the Switch 3-60 3 We b – Select S ec urity , 802.1x, S tatisti cs. Select th e required port a nd then click Query . Click Refre sh to update t he statis tics. Fi gure 3-31 . 802. 1X St atis tic s CLI – This exam ple display s the 802. 1x statistics fo r port 4. Rx Las t EAPOLS rc The so urce MAC addre ss carried in the most recen [...]

  • Page 101

    Ac cess C ont rol Li sts 3-61 3 Access Control Lists Acces s Contr ol Lists (AC L) provi de packet filtering for IP fram es (bas ed on address , protoc ol, Layer 4 pr otocol port n umber o r TCP control cod e) or any fram es (bas ed on M AC add ress or Ethernet type). To filter inc oming pa ckets, first crea te an a ccess list, add the requir ed ru[...]

  • Page 102

    Config uring the Switch 3-62 3 Setting the ACL Name an d Type Use the ACL Config uration page to de signat e the name and type of an A CL. Command Attri butes • Name – Name of th e ACL. (Maxi mum len gth: 16 char acters) • Type – The re are thre e filtering m odes: - Sta ndard: IP AC L mode tha t filters pa ckets bas ed on the so urce IP ad[...]

  • Page 103

    Ac cess C ont rol Li sts 3-63 3 • SubM ask – A su bnet m ask con taining fo ur intege rs from 0 to 25 5, each separat ed by a per iod. The m ask uses 1 b its to indic ate “match” and 0 bits to indicate “i gnore.” Th e mask i s bitw ise AN Ded w ith th e spec ifi ed sou rce I P addr ess, and co mpar ed with t he addre ss for eac h IP p a[...]

  • Page 104

    Config uring the Switch 3-64 3 • Service T ype – Packet priority se ttings based on the follow ing criter ia: - Pre cedence – IP pre cedence l evel. (Ran ge: 0-7) - TOS – Type of Ser vice level. (Range: 0 -15) - DSC P – DSCP priorit y level. (Range: 0- 64) • Protocol – Spe cifies the pr otocol type t o match as TC P, UDP or Others, w [...]

  • Page 105

    Ac cess C ont rol Li sts 3-65 3 We b – S pecify the a ction (i.e., Permit or Deny ). S pec ify the sou rce and/ or destin ation addr esses. Se lect the addre ss type (A ny , Hos t, or IP). If you select “Host, ” ente r a s pecific ad dress. If you selec t “IP ,” e nter a subnet addre ss and the mas k for an addre ss range. Set any other r[...]

  • Page 106

    Config uring the Switch 3-66 3 Configurin g a MAC ACL Command Attri butes • Action – An ACL can contain al l pe rmit rules or a ll deny rules . (De fault : Perm it ru les) • Source /Destinati on MAC – Us e “Any” to include all possible addresses, “Host ” to indica te a specif ic M AC add ress, or “MAC ” to speci fy an addres s r[...]

  • Page 107

    Ac cess C ont rol Li sts 3-67 3 We b – S pecify the a ction (i.e., Permit or Deny ). S pec ify the sou rce and/ or destin ation addr esses. Se lect the ad dress type ( Any , H ost, or MA C). If you sele ct “Host, ” enter a specif ic addres s (e.g., 1 1-22-33 -44-55- 66). If yo u selec t “MA C,” enter a base ad dress and a hexidec imal bit[...]

  • Page 108

    Config uring the Switch 3-68 3 Configur ing ACL Masks Y ou mus t specify ma sks that c ontrol the or der in which ACL rules ar e chec ked. The sw itch incl udes t wo sy stem def ault mask s t hat pas s/f ilt er p ac ket s ma tchi ng t he permi t/deny rule s specifie d in an ingre ss ACL. Y ou c an also co nfigure up to se ven user -defined masks fo[...]

  • Page 109

    Ac cess C ont rol Li sts 3-69 3 Configurin g an IP ACL Mas k This ma sk defines the fields to c heck in the IP header . Command Usage • Mas ks that inclu de an entry for a Layer 4 pr otocol sou rce port or d estina tion port can only be applie d to packets with a heade r length of exactly five bytes. Command Attri butes • Src/Dst IP – Specifi[...]

  • Page 110

    Config uring the Switch 3-70 3 We b – Con figure the m ask to ma tch the requ ired rules in th e IP ingre ss or egress ACLs. S et the mask to check f or any source or desti nation addr ess, a spe cific host addre ss, or an addr ess rang e. Include o ther criter ia to searc h for in the rules, such as a pr otocol type or on e of the ser vice type [...]

  • Page 111

    Ac cess C ont rol Li sts 3-71 3 Configurin g a MAC ACL Mask This ma sk defines the fields to c heck in the pa cket head er . Command Usage Y ou mu st co nfig ure a mas k fo r an ACL rul e bef ore you can bind it to a por t. Command Attri butes • Source /Destinati on MAC – Use “An y” to match any add ress, “ Host” to spec ify the host ad[...]

  • Page 112

    Config uring the Switch 3-72 3 CLI – This e xampl e show s how t o creat e an I ngress MAC A CL and bind it t o a por t. You can then see that the order of th e rules ha ve been chan ged by the mask. Binding a Port to an Access Control Lis t After con figuring the Acces s Contr ol Lists (ACL) , you c an bind the ports tha t need to filter traffic[...]

  • Page 113

    Filtering IP Addresses for Manage ment Access 3-73 3 We b – Click Security , A CL, P ort Bind ing. Ma rk the E nable field for the p ort yo u want to bind to an ACL for ing ress or egres s traffic, selec t the require d ACL from the drop-do wn list, then click Appl y . Figure 3-39 . ACL Port Bind ing CLI – This exam ples as signs an IP an d MAC[...]

  • Page 114

    Config uring the Switch 3-74 3 • When e ntering ad dresses fo r the same gr oup (i.e., SNM P, web or Telnet), the switch will not accept o verlapping address ranges. When enterin g addresses for differe nt gro ups, the swi tch will accep t overl apping addres s range s. • You can not dele te an individ ual addre ss from a sp ecified rang e. You[...]

  • Page 115

    Po rt Co nfi gura tio n 3-75 3 Port Configuratio n Display ing Connect ion Status Y ou ca n use the Port Inf orma tion or T runk Inf ormati on pages to displa y the cu rrent conne ction statu s, inc luding link state, speed/ duplex mode , flow control, and auto-n egotiation . Field Attributes (Web) • Name – Int erface label. • Type – I ndic[...]

  • Page 116

    Config uring the Switch 3-76 3 Field Attributes (CLI) Basic info rmation: • Port type – Indicates th e port type. (1000BAS E-T, 1000BASE -SX, 1000BASE -LX or 100BASE- FX) • MAC address – The ph ysical lay er address f or this por t. (To acces s this item on the web , see “Settin g the Switch ’s IP Address ” on page 3-12. ) Co nfig ura[...]

  • Page 117

    Po rt Co nfi gura tio n 3-77 3 CLI – This e xample sho ws the conn ection s t atu s for Port 5. Configur ing I nterface Connections Y ou can use the Po rt Confi guration or T runk Confi guration p a ge to e nable/di sable an inter face, set auto- negotiati on and the inte rface capabili ties to advert ise, or manua lly fix the spe ed, dupl ex mod[...]

  • Page 118

    Config uring the Switch 3-78 3 ( The cu rrent sw itch chip o nly suppo rts symmet ric pau se frames . ) - FC - Supp orts flow cont rol Flow co ntrol can eli minate fra me loss by “ blocking” traffic from en d stations or segm ents con nected dir ectly to the sw itch when its buffer s fill. When en abled, back pr essure is use d for half-dup lex[...]

  • Page 119

    Po rt Co nfi gura tio n 3-79 3 CLI – Select the interfac e, and then ent er the requ ired settin gs. Creati ng Trunk Groups Y ou ca n create mu ltiple links betwee n device s that work as o ne virtual , aggregat e link. A p ort trunk offers a dr amatic inc rease in b andwidth for ne twork se gments where bottle necks e xist, a s well as pr ovidin[...]

  • Page 120

    Config uring the Switch 3-80 3 • The por ts at both en ds of a trunk m ust be co nfigured i n an identical manner , includ ing comm unication m ode (i.e ., speed, d uplex mode and flow control), VL AN assignm ents, and CoS setting s. • All the p orts in a trunk ha ve to be treated as a whole when move d from/t o, added or d eleted fr om a VLAN.[...]

  • Page 121

    Po rt Co nfi gura tio n 3-81 3 CLI – This exampl e cr eate s trun k 2 wit h port s 1 an d 2. Jus t conn ect th ese po rt s to two static trun k ports on ano ther swi tch to form a t runk. Enablin g LACP on Selecte d Ports Command Usage • To avoid c reating a l oop in the net work, be s ure you ena ble LAC P before conn ecting the ports, and als[...]

  • Page 122

    Config uring the Switch 3-82 3 We b – Cl ick Port, LACP , C onfigurati on. Select any of the switc h ports from the scro l l- down port list and c lick Add . After y ou have comp leted adding ports to the member lis t, clic k Apply . Fi gure 3-4 3. LAC P Co nfi gu rati on CLI – The fo llowing ex ample ena bles LAC P for ports 1 to 6. Just con n[...]

  • Page 123

    Po rt Co nfi gura tio n 3-83 3 Configurin g LACP Parameters Dynam ically Creat ing a Port Chann el – Ports assigne d to a co mmon port ch annel mu st meet th e following c riteria: • Ports must have the same LACP System Priority . • Ports must have the same LACP port Ad min Key. • Howe ver, if the “por t channe l” Admin Key is set (page[...]

  • Page 124

    Config uring the Switch 3-84 3 We b – Cl i c k Port, LACP , Aggr egation Po rt. Set the Sys t e m Priority , Admin Key , and Po rt Pr iori ty f or the Port Acto r . Y ou ca n opti onall y con figur e th ese se tti ngs fo r th e Po rt Pa rt ner . (Be a war e tha t t hese sett in gs o nly af fect th e adm ini stra ti ve st a te o f the partner , an[...]

  • Page 125

    Po rt Co nfi gura tio n 3-85 3 CLI – The follow ing exa mple conf igures LAC P p a rameters f or ports 1-6. Ports 1-4 are us ed as active m embers of the LAG ; ports 5 and 6 are set to b ackup mo de. Displaying LACP Port Counters Y ou ca n display statist ics for LACP protocol messag es. Cou nte r Info rma tion Console(config)#interfa ce ethernet[...]

  • Page 126

    Config uring the Switch 3-86 3 We b – Click Port, L ACP , Port Counte rs Informatio n. Select a member po rt to display the co rrespondi ng informa tion. Figure 3-46 . LACP P ort Counters Information CLI – The follow ing exa mple disp lays LACP c ounters for port cha nnel 1. Display ing LACP Settings and Status for th e Local Side Y ou ca n dis[...]

  • Page 127

    Po rt Co nfi gura tio n 3-87 3 We b – Click Port, LACP , Port Internal In formation. Se lect a port c hannel to disp lay the co rrespondi ng informa tion. Figure 3-48. LACP Settings - Local Side LACP Port Priori ty LACP port pr iority assig ned to thi s interf ace wit hin the cha nnel grou p. Admin State, Oper S tate Admin istrative or opera tion[...]

  • Page 128

    Config uring the Switch 3-88 3 CLI – The follow ing exa mple disp lays the LACP configu ration sett ings and opera tional state for th e local side o f port chan nel 1. Display ing LACP Settings and Status for th e Remote Side Y ou ca n display co nfigurat ion setting s and the op erationa l st ate f or the rem ote side of an link ag gregatio n. [...]

  • Page 129

    Po rt Co nfi gura tio n 3-89 3 We b – Cl ick Port, LACP , Por t Neighbo rs Information . Select a port c hannel to displa y the corres ponding informa tion. Figure 3-50. LACP Port Settings - Remote Side CLI – The follow ing exa mple disp lays the LACP configu ration sett ings and opera tional state for th e remote si de of port ch annel 1. Cons[...]

  • Page 130

    Config uring the Switch 3-90 3 Setting Broadcast Storm Thr esholds Broad cast storms may oc cur when a de vice on yo ur networ k is malfunc tioning, or if applic ation prog rams are no t well designe d or prope rly confi gured. If the re is too muc h broadca st traffic on your ne twork, p erforma nce can be se verely d egraded or ever ything can co[...]

  • Page 131

    Po rt Co nfi gura tio n 3-91 3 CLI – S p ecify any i nterface , and then e nter the thre shold. The f ollowing disables broad cast stor m control fo r port 1, and the n sets broadc ast supp ression at 6 00 packets per sec ond for po rt 2. Configur ing Port Mirroring Y ou ca n mirror traffic fro m any sour ce port to a target port for real-tim e a[...]

  • Page 132

    Config uring the Switch 3-92 3 We b – Clic k Por t, Mi rror . S peci fy the so urce port , th e traf fic type to be mi rro red , and the mon itor port, the n click Add. Figure 3-52 . Mirror Port Configur ation CLI – Use the interfac e command to select th e monito r port, then us e the port moni to r comm and to s peci fy th e sour ce por t. No[...]

  • Page 133

    Po rt Co nfi gura tio n 3-93 3 We b - Click Rate Limit, Input/Output Port/ T runk Configur ation. Set the Input Rate Limit S tatu s or Output Rate Limit S tatus, th en set the ra te limit for the ind ividual inter faces, and cli ck Apply . Figure 3-53. Output Rate Limit Port Configuration CLI - This exam ple sets the rate li mit for input a nd outp[...]

  • Page 134

    Config uring the Switch 3-94 3 St a tistical V alu es T able 3-54. Displayin g Port Statistics Param eter Descr iption In terf ace St atis tic s Receiv ed Octets The total numbe r of octets receiv ed on the interfac e, includin g fram ing charac ters. Receiv ed Unicas t Pack ets The n umber of s ubnetw ork-unica st pack ets deliver ed to a higher-l[...]

  • Page 135

    Po rt Co nfi gura tio n 3-95 3 Exces sive Co llisions A cou nt of frame s for w hich transm ission on a parti cular in terface fai ls due to exc essive coll isions. This co unter doe s not incre ment w hen the interfa ce is oper ating in full-du plex mode . Single Collision F rames Th e number of success fully tra nsmitt ed frames for whi ch transm[...]

  • Page 136

    Config uring the Switch 3-96 3 We b – Cl ick Port, Port S tatistics. Se lect the requ ired interfac e, and click Query . Y o u can also use the Re fresh button at the bot tom of the page to u pdate the sc reen. Fragm ents The tot al number of frames re ceived tha t were les s than 64 oct ets in len gth (exclu ding framin g bits, bu t including FC[...]

  • Page 137

    Po rt Co nfi gura tio n 3-97 3 Figure 3- 55. Displayin g Port Statistics[...]

  • Page 138

    Config uring the Switch 3-98 3 CLI – T his exam ple shows st ati sti cs f or port 13. Alcatel Mapping Adjacency Proto col (AMAP) The AM AP p rotocol en ables a switch to disc over t he topo l o gy of o ther AMA P-aware devices in the netw ork. The pr otocol allow s each swi tch to det ermine if othe r AMAP-aw are swit ches are ad jacent to it . N[...]

  • Page 139

    Alcatel Mappi ng Adjacency Prot ocol (AMAP) 3-99 3 • Common – The por t has detect ed an adjac ent switch and perio dically send s “Hello ” packets to determi ne that it is still pr esent. • Passive – A p ort enters th is state if ther e is no respon se to a Disc overy “hel lo” packe t. This is a rec eive-onl y state and no “Hello[...]

  • Page 140

    Config uring the Switch 3-100 3 We b – Click Alcatel , AMAP , Informati on. Figure 3-57. AMAP Infor mation CLI – There is n o equvilent CLI comm and to dis play detect ed devic es. Address Table Settings Switche s store the ad dresse s for all known d evices. This i nformat ion is used to pass traffic direct ly between th e inboun d and outbo u[...]

  • Page 141

    Address T able Sett ings 3-101 3 We b – Cl ick Address T able, S tatic Addr esses. S peci fy the inter face, the MA C add res s and VLAN , t hen cl ic k Add S tat ic A ddr ess. Figure 3-58. Setting a Stat i c A ddress Table CLI – This e xample add s an addres s to the static add ress table, but s ets it to be deleted wh en the switch is reset. [...]

  • Page 142

    Config uring the Switch 3-102 3 We b – Click Ad dress T a ble, Dy namic Add resses. S pec ify the s earch type (i.e., ma rk t he In terf ace, MAC Addr ess, or VLAN chec kbo x), sel ect the meth od of sor tin g t he displa yed addre sses, an d then click Query . Figure 3- 59. Setting a Dyna mic Addres s Table CLI – This exam ple also di splays t[...]

  • Page 143

    Spanning Tree Algorithm Con figuration 3-103 3 We b – Cli ck A ddr ess T able, Add res s Agi ng. S pecif y t he ne w agi ng t ime, cli ck A pply . Figure 3 -60. Address A ging CLI – T his exam ple set s th e ag ing time to 400 secon ds. Spanning Tree Algorithm Configuration The S panning Tree Algorith m (ST A ) can be used to detec t and disabl[...]

  • Page 144

    Config uring the Switch 3-104 3 Once a stab le network t opology has been esta blished, a ll bridges lis ten for Hello BPDU s (Bridge Prot ocol Data Units) transmit ted from the Root Bridge. I f a bridge does no t get a Hello B PDU after a predef ined int erval (Maxi mum Age), t he bridge assumes tha t the link t o the Root Bridge is down. This bri[...]

  • Page 145

    Spanning Tree Algorithm Con figuration 3-105 3 • Forward De l ay – Th e maximu m time ( in seconds) the root de vice w i ll wait befor e chang ing states (i.e., discar ding to learn ing to forwa rding). Thi s delay is req uired becau se every de vice mu st receiv e informa tion about topology ch anges b efore it starts t o forward frames. In a [...]

  • Page 146

    Config uring the Switch 3-106 3 • Root Hold Time – The in terval (in secon ds) dur ing which no more th an two bridge config uration pr otocol data un its sha ll be transm itted by this nod e. • Max ho ps – Th e max numb er of hop co unts for the M ST region . • Remain ing hops – The rema ining nu mber of hop c ounts for the M ST instan[...]

  • Page 147

    Spanning Tree Algorithm Con figuration 3-107 3 Configur ing Globa l Settings Globa l settings ap ply to the en tire switch. Command Usage • Spann ing Tree Protoc ol Uses RS TP for the int ernal state mac hine, but s ends only 802 .1D BPDUs . This crea tes one spa nning tree ins tance for the entire net work. If mul tiple VLANs are implem ented on[...]

  • Page 148

    Config uring the Switch 3-108 3 • Priority – Bridg e priority is us ed in sele cting the roo t device , root port, a nd designa ted port. The device with th e h ighest prior i ty becomes th e STA root device . However, if all devices have the same p r iority, the device with the lowest MAC add res s wi ll t hen b eco me the roo t de vi ce. ( No[...]

  • Page 149

    Spanning Tree Algorithm Con figuration 3-109 3 Co nfig urat ion Set ting s fo r RS TP The follow ing attribu tes apply to bot h RSTP and MSTP: • Path Co st Method – The path co st is used to determin e the best pat h between devices . The pa th cost meth od is used to de termine the range o f values th at can be a ssigned to e ach int erface. ?[...]

  • Page 150

    Config uring the Switch 3-110 3 We b – Cl ick S panning T ree, ST A, Con figuratio n. Modify the re quired attr ibutes, and click Ap ply . Figure 3-63. STA Configuration[...]

  • Page 151

    Spanning Tree Algorithm Con figuration 3-111 3 CLI – T his exa mple enab les S pan ning T ree Pr ot ocol , se t s th e mod e to MST , and then conf igures the ST A an d MSTP paramet ers. Display ing Interface Sett ings The S T A Port Inf ormation and ST A T runk Informa tion pages display the c urrent status of por t s and t runks in th e S panni[...]

  • Page 152

    Config uring the Switch 3-112 3 • Oper Link Type – Th e operat ional point -to-point sta tus of the LAN segme nt att ac hed t o thi s in terf ace . Thi s par ame ter i s det er mined by ma nual conf ig urat ion o r by auto- detection, as describ ed for Admin L ink Type in ST A Port Confi guration on page 3- 114. • Oper Edge Port – This para[...]

  • Page 153

    Spanning Tree Algorithm Con figuration 3-113 3 • Inte rnal p ath cost – The pat h cost for the MS T. See the pr oceedi ng item. • Priority – De fines th e priority used for t his port in the Span ning Tr ee Algori thm. If the path co st for all ports on a swi tch is the sam e, the po rt with the hig hest pri ority (i.e., lowest value) will [...]

  • Page 154

    Config uring the Switch 3-114 3 CLI – This exam ple sho ws the ST A attrib utes for port 5 . Configur ing I nterface Settings Y ou ca n configur e RSTP a nd MST P attri butes for sp ecific inter faces, inc luding port priorit y , path cost , link type, a nd edge por t. Y ou may use a different prio rity or path cost for ports of the sam e media t[...]

  • Page 155

    Spanning Tree Algorithm Con figuration 3-115 3 • Priority – Defines the priority used for th is port in t he Spanning Tree Pro tocol. If the path cost for all ports on a switch are the sa me, the p ort with the hig hest priority (i.e., lowest value) will be configured as an active l ink in the Spanning Tree. This makes a p ort with hi gher prio[...]

  • Page 156

    Config uring the Switch 3-116 3 We b – Click S pannin g Tr ee, ST A, Port Configuration or T runk Configuratio n. Modify the requ ired attribut es, then cl i c k Apply . Fi gur e 3- 66. STA Po rt Conf ig ura tio n CLI – This exam ple sets ST A attributes for port 7. Configur ing Mult iple Spanning Trees MSTP generate s a unique spanni ng tree f[...]

  • Page 157

    Spanning Tree Algorithm Con figuration 3-117 3 T o ensure that the MSTI ma i ntains connectiv ity across the netwo rk, you m ust configure a related set of bri dges with the sa m e MSTI settings. Command Attri butes • MST Inst ance – Ins tance ident ifier of this spannin g tree. (Defau lt: 0) • Priority – The p riority o f a s panning tree [...]

  • Page 158

    Config uring the Switch 3-118 3 CLI – This di splays ST A settings f or inst ance 1, followed by settings for each port. CLI – This exam ple sets the priori ty for MSTI 1, and a dds VLANs 1- 5 to this MSTI . Console#show spanning-tree mst 2 4-177 Spanning-tree information ----------------------------------- ---------------------------- Spanning[...]

  • Page 159

    Spanning Tree Algorithm Con figuration 3-119 3 Display ing Interface Sett ings for MSTP The MS TP Port Informa tion and MS TP T r unk Infor mation pages display the cu rrent status of por t s a nd trunks in the selected M ST instanc e. Field Attributes • MST Inst ance ID – Instance identi fier to configure. (Range: 0-57; Default: 0) The other a[...]

  • Page 160

    Config uring the Switch 3-120 3 CLI – This di splays ST A settings f or inst ance 0, followed by settings for each port. The s ettings for instance 0 are g lobal settings t hat ap ply to t he IST ( p a ge 3-1 04), the set tin gs f or o ther in st ances onl y ap ply to t he l oca l sp anni ng t re e. Console#show spanning-tree mst 0 4-177 Spanning[...]

  • Page 161

    Spanning Tree Algorithm Con figuration 3-121 3 Configur ing I nterface Settings for MSTP Y ou ca n configure t he ST A int erface set tings for an MS T Instance us ing the MSTP Port Conf iguration and MST P T r unk Con figuratio n p ages . Field Attributes The follow ing attribu tes are re ad-only and cannot be c hanged: • STA State – Disp lays[...]

  • Page 162

    Config uring the Switch 3-122 3 We b – C lick S panning T ree , MSTP , Po rt Config uration or Trunk Confi guration. Enter the prior ity and path cos t for an interfa ce, and click Ap ply . Figure 3-69 . MSTP Port Configurat i o n CLI – This exam ple sets the MST P attribu tes for port 4. VLAN Configurati on Overview In larg e network s, router[...]

  • Page 163

    VLAN Con figuration 3-123 3 VLAN s inherent ly provide a high level of network se curity si nce traffic must pas s throug h a configur ed Layer 3 lin k to reach a di f feren t VLAN. This switch supp orts the fo llowing VLAN features: • Up to 255 VLAN s based on the IEEE 80 2.1Q standard • Distr ibuted VLAN learning across multip le switches usi[...]

  • Page 164

    Config uring the Switch 3-124 3 Port Overlapping – Port over lapping can be used to al low acce ss to com monly shar ed networ k resources among di f ferent VLAN gro ups, such as fi l e s ervers or printers . Unt agged VL ANs – Untagged (or sta tic) VLANs ar e typical l y u sed to reduc e broad cast traffic and t o increase se curity . A grou p[...]

  • Page 165

    VLAN Con figuration 3-125 3 Note: If you have host devices that do not suppo rt GVRP, you should configure static or untagged VLANs for the switch port s connected to these devices (as described in “Adding St atic Members t o VLANs (VL AN Index)” on page 3-130). Bu t you can s till enable GVRP on these edge switches, as we ll as on the core swi[...]

  • Page 166

    Config uring the Switch 3-126 3 We b – Click VLAN, 802.1Q VLAN, GVRP S tatus. Enable or disable GVRP , and click Apply . Fig ure 3-72. GV RP Status CLI – This exam ple ena bles GV RP for the sw i tch . Display ing Basic VLAN I nformation The VLAN Basic Info rmation p age displays basic informati on on the VLAN type suppo rted by the sw itch. Fi[...]

  • Page 167

    VLAN Con figuration 3-127 3 CLI – Enter th e following co mman d. Display ing Curr ent VLANs The VLAN C urrent T a ble show s the curr ent port mem bers of each VLAN and wheth er or not the por t supports VLAN taggi ng. Ports assign ed to a large VL AN group that cross es severa l switches s hould use VLAN tagging . However , if you just want to [...]

  • Page 168

    Config uring the Switch 3-128 3 We b – Click VLAN, 802.1Q VLAN , Current T able. Select any ID fr om the scroll-down lis t. Fi gur e 3- 74. VLAN C urr ent Tab le Command Attri butes (C LI) • VLAN – ID of con figured VL AN (1-4094 , no leading zer oes). • Type – Sho ws how th i s VLAN was ad ded to the swi tch. - Dynamic : Automa tically l[...]

  • Page 169

    VLAN Con figuration 3-129 3 Creating VLANs Use the VLAN S tatic Li st to create or rem ove VLAN groups. T o pro pagate inform ation abo ut VLAN g roups used on thi s switch t o extern al netw ork devic es, you must sp ecify a VLAN ID for each of th ese groups. Command Attri butes • Current – Li sts a ll th e curr ent VL AN gr oups cr eat ed fo [...]

  • Page 170

    Config uring the Switch 3-130 3 CLI – T his exam ple crea tes a new VLAN . Adding Stat ic Members t o VLANs (VLAN Index) Us e th e VLA N S ta tic T able to conf igur e po rt membe rs fo r t he se le cted VLAN i nde x. Assign p orts as tagged i f they are c onnected t o 802.1Q V LAN com pliant d evices, or untagge d they are not connect ed to any [...]

  • Page 171

    VLAN Con figuration 3-131 3 • Memb ersh ip Ty pe – Select VLAN mem bership for each interfac e by marking th e appro priate radi o button fo r a port or trunk : - Tagged : Interface is a member of the VLAN. All pack ets transm itted by the p ort wil l b e ta gged , t hat is, car ry a tag a nd ther efor e ca rry VLAN or CoS i nfo rmat ion . - Un[...]

  • Page 172

    Config uring the Switch 3-132 3 Adding Stat ic Members t o VLANs (Port I ndex) Use the VLAN S tatic M embership by P ort menu to ass ign VLAN gr oups to the select ed interf ace as a tagged me mbe r . Command Attri butes • In terf ace – Port or tr unk identifier. • Member – VLANs for whic h t he se lect ed i nte rfac e i s a t agge d memb e[...]

  • Page 173

    VLAN Con figuration 3-133 3 Configur ing VLAN Behavior for Int erfaces Y ou can conf igur e VLA N beha vior for sp eci fic inte rf aces , incl ud ing th e defa ul t VLA N identif ier (PVID), ac cepted fra me types, in gress filte ring, GVR P status, and GA RP tim ers . Command Usage • GVRP – GA RP VLA N Registr ation Protoc ol defines a w ay fo[...]

  • Page 174

    Config uring the Switch 3-134 3 • GARP Leave Timer * – The interval a port wa its before leaving a VLAN group. Th is time sh ould be s et to mo re than twice the join tim e. This en sures t hat after a Leave or Lea veAll mes sage has bee n issued , the appli cants can rejoin befor e the port actual ly leaves the gr oup. (Ra nge: 60- 3000 cent i[...]

  • Page 175

    VLAN Con figuration 3-135 3 CLI – Th is exam ple sets p ort 3 to accept only tagge d frames , assi gns P VID 3 as the na tive VL AN ID , ena bl es G V RP , s ets t he GA RP t im ers, a nd t hen se ts th e s wit chp ort mode to hybr id . Configur ing Pri vate VLANs Private VLA Ns prov ide port- based secu rity and isol ation betw een ports with i [...]

  • Page 176

    Config uring the Switch 3-136 3 Configurin g Uplink and Do wnlink Ports Us e th e Pri vate VL AN Li nk S t atu s p age to s et po rt s as dow nli nk o r up lin k por t s. Ports desi gnated as downlin k ports can not comm unicate w ith any other po rts on the sw itch e xcep t fo r the up li nk por ts . Upli nk po rt s ca n commu nica te wit h any o [...]

  • Page 177

    VLAN Con figuration 3-137 3 Configurin g Protocol Group s Create a pr otocol gr oup for on e or more pro tocols. Command Attri butes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Ty pe – Fram e type us ed by this prot ocol. (Opt i o ns: Ethern et, RFC_10 42, LLC_ot her) • Protocol Type – Th[...]

  • Page 178

    Config uring the Switch 3-138 3 • Wh en a fra me en ters a p ort t ha t ha s bee n as sign ed t o a proto col VLAN , i t is proc essed in the fol lowing ma nner: - If t he frame is t agged, it will be proces sed ac cording to the standa rd rules app lied to tagge d frames. - If th e frame is unt agged and t he protocol ty pe match es, the fram e [...]

  • Page 179

    Class of Ser vice Configu ration 3-139 3 Class of Servic e Configuration Class of Service ( CoS) allows you to speci fy which data pack ets have gre ater prec edence when traffic is buffered in the s witch due to conges tion. This swi tch suppo rts CoS with eig ht priority que ues for ea ch port. D ata p ack ets in a port’s high-pr iority queue w[...]

  • Page 180

    Config uring the Switch 3-140 3 We b – Cli ck Priority , Default Port Pri ority or Default T runk Priority . Modify the d efault prior ity for any interface, then click Apply . Figure 3-84. Port Priority Configuration CLI – T his exam ple assi gns a def aul t pri ority of 5 to port 3. Console(config)#interfa ce ethernet 1/3 4-130 Console(config[...]

  • Page 181

    Class of Ser vice Configu ration 3-141 3 Mapping CoS Values to Egr ess Queues This sw itch process es Clas s of Service (Co S) priori ty t agge d traffic by usin g eight priorit y queues f or each por t, with servi ce sched ules base d on strict o r Weighted Round R obin (WRR ). Up to ei ght separate tra f fic prio rities are de fined in IEEE 802.1[...]

  • Page 182

    Config uring the Switch 3-142 3 We b – Cl ick Priority , T raffic Clas ses. Mark a n interface an d click Select to displa y the curr ent mappi ng of CoS value s to outp ut queues. As sign priori ties to the traffic classes (i.e., out put queue s) for the se lected inter face, the n click Appl y . Figure 3- 87. Traffic Clas ses CLI – T he f oll[...]

  • Page 183

    Class of Ser vice Configu ration 3-143 3 Selecting the Queue Mode Y ou ca n set the sw itch to service the que ues based o n a strict rul e that requir es all traffic in a higher priority qu eue to be pr ocessed b efore lower priority que ues are serv iced, or use Weigh ted Round -Robin (W RR) qu euing that s pecifie s a relative weigh t of each qu[...]

  • Page 184

    Config uring the Switch 3-144 3 We b – Cl ick Priority , Queu e Schedul ing. Select the interfac e, highligh t a traf fic cl ass (i.e., out put queue ), enter a weigh t, then cl i c k Apply . Figure 3-89 . Queue Scheduling CLI – The follow ing exa mple show s how to ass ign WRR weights to eac h of the priorit y queues. Console(config)#interfa c[...]

  • Page 185

    Class of Ser vice Configu ration 3-145 3 Mapping Layer 3/4 Prio ri ties to CoS Values This sw itch suppo rts several c ommon me thods of prioritizin g layer 3/4 traf fi c to meet applic ation requ irements. T raffic prior ities can b e specifi ed in the IP hea der of a f rame, usi ng t he prio rit y bi t s in the T ype o f Se rvi ce (T oS) oct et o[...]

  • Page 186

    Config uring the Switch 3-146 3 Mapping IP Pr ecedence Th e T ype of Se rvi ce (T oS) octe t in th e IPv4 head er incl ude s thr ee pre ceden ce bi t s defining eight differen t priority le vels ranging from high est prior ity for netwo rk control p ack et s to lowe st p ri ori ty fo r r out ine tra ff ic . Th e def aul t I P Pr ecede nce valu es a[...]

  • Page 187

    Class of Ser vice Configu ration 3-147 3 CLI – The follow ing exa mple glob ally enables I P Preceden ce service on the swit ch, maps IP P recedenc e value 1 to CoS v alue 0 (on p ort 1), and the n displays the IP Pre ced ence se tti ngs . * Mapping specific val ues for IP Precedenc e is implemented as an interface conf iguration command, but any[...]

  • Page 188

    Config uring the Switch 3-148 3 Note: IP DSCP s ettings apply to all interfaces. We b – Cl ick Prio ri ty , IP DS CP Pr iori ty . S elec t a n en tr y fr om t he D SC P tab le , ent er a value in the Class of Se rvice V alue field, then click App ly . Figure 3-94 . Mapping IP DSCP Priority CLI – The follow ing exa mple glob ally enables DSCP Pr[...]

  • Page 189

    Class of Ser vice Configu ration 3-149 3 Mapping IP Port Pri ority Y ou ca n also map ne twork app lications t o Class of S ervice val ues based on the IP port numb er (i.e., TCP/U DP port nu mber) in the fram e header . Some of the more comm on TCP servi ce ports include: HT TP: 80, FTP : 21, T elnet: 2 3 and POP3: 1 10. Command Attri butes • IP[...]

  • Page 190

    Config uring the Switch 3-150 3 CLI – The follow ing exam ple global ly enables IP Po rt Priority se rvice on the sw itch, maps H TTP traffic o n port 5 to CoS value 0 , and th en disp lays all t he IP Port Prior ity settings for that por t. * Mapping specific val ues for IP Port Priority is i mplemented as an interfac e configuration command, bu[...]

  • Page 191

    Class of Ser vice Configu ration 3-151 3 We b – Click Pri ority , ACL CoS Priorit y . Enable mappin g for any port, select an ACL from the scroll-down lis t, then cli ck Apply . Figure 3- 96. ACL CoS Pri ority CLI – T his exam ple assi gns a CoS val ue of ze ro to p acket s matc hing rul es w it hin the speci fied ACL on port 24. Changing Prior[...]

  • Page 192

    Config uring the Switch 3-152 3 Command Attri butes • Port – Po rt identifier. •N a m e 1 – Name of AC L. • Type – Ty pe of ACL (IP or MAC ). • Preceden ce – IP Precede nce value. ( Range: 0-7) • DSCP – Differ entiated Se rvices Code P oint value. ( Range: 0-63) • 802.1p Pr iority – Class of Service value in the IEEE 80 2.1p[...]

  • Page 193

    Quality of Serv ice 3-153 3 Quality of Serv ice The com mands described in this secti on are used to c onfigure Qu ality of Se rvice (QoS) cl assificatio n criteria an d service polic ies. Dif ferentiated Se rvices (Dif fServ) prov ides policy- based ma nageme nt mech anism s used for prior itizing net work reso urces to me et the requi rements of [...]

  • Page 194

    Config uring the Switch 3-154 3 Use the Policy Ma p p ag e to specif y a policy map. Then use th e Class Ma p p a ge to con fi gure a pol icy m ap. A nd f inall y , us e the set and police comm ands to specif y the match criteria, wh ere the: - se t - class ifies the service that an IP packet w i ll receive. - police - d efin es the maximum through[...]

  • Page 195

    Quality of Serv ice 3-155 3 Web – C lick QoS , Diff S erv , th en click Ad d Class t o create a new cl ass, or Edit Rules to cha nge the rule s of an exist i n g class. Fig ure 3-98. Conf iguring Cla ss Maps CLI - This exam ple create s a class m ap call “rd-c lass,” and s ets it to m atch packets marked for DSCP service value 3. Console(conf[...]

  • Page 196

    Config uring the Switch 3-156 3 Creating QoS Policies This fun ction crea tes a polic y map that ca n be attached to mu ltiple int erfaces. Creat e a policy map , specify t he name of th e policy m ap, and then u se the class paramet ers to c onfigu re poli cies for traffic tha t matc hes c riteria defined in a c lass map. A policy ma p can co ntai[...]

  • Page 197

    Quality of Serv ice 3-157 3 Policy T able - Policy Na me — Nam e of policy ma p. - Class Name — Nam e of clas s map. - Action — Classific ation of IP t raffic by CoS, DSCP , or IP Precedence. - Meter — Defines the maximum through put, burst r ate, and th e action that results fr om a poli cy v iol ati on. - Ra te ( bps ) — R ate in kilobi[...]

  • Page 198

    Config uring the Switch 3-158 3 We b – Click QoS, Dif fServ , Policy Map t o display the li st of exi sting policy map s. T o add a ne w policy ma p click Add Po licy . T o co nfigure t he policy rul e settings cl ick Edit Classes. Figure 3-99 . Configur ing Policy Maps[...]

  • Page 199

    Quality of Serv ice 3-159 3 CLI – This e xample c reates a pol icy ma p called “rd- policy , ” sets t he aver age bandwi dth the 1 Mbps, the burst rate to 15 22 bps, and th e respons e to drop an y violati ng packets. Attachin g a Polic y Map to Ing ress and Egr ess Queues Th is f unct ion app lies a po li cy ma p de fine d i n th e Pol icy M[...]

  • Page 200

    Config uring the Switch 3-160 3 Multicast Filteri ng Mult i c asting i s used to s upport real-time applic ations s uch as videoc onfere ncing or stream ing aud io. A multic ast server does not have to establis h a separate co nnection with each client. It merely b roadcasts its service to th e netwo rk, and an y hosts that wan t to receiv e the mu[...]

  • Page 201

    Mul ticast F ilterin g 3-161 3 Configurin g IGMP Snoo ping and Qu ery Parameters Y ou ca n configur e the switch to forward m ulticast tra f fic in telligentl y . Base d on the IGMP qu ery and re por t me ssage s, t he sw it ch f orwar ds t raf fi c on ly t o t he por t s th at reque st multic ast traffic. This pr events the switch from broa dcasti[...]

  • Page 202

    Config uring the Switch 3-162 3 We b – Click IGMP Snooping, IGMP Configuration. Adju st the IGMP settings a s requir ed, and then click Apply . (The default set tings are s hown belo w .) Figure 3-10 1. IGMP Configur ation CLI – Th is exam ple mo difies the settin gs for multicas t filterin g, and then disp lays the current status. Display ing [...]

  • Page 203

    Mul ticast F ilterin g 3-163 3 We b – Click IGMP Snooping, Multi cast Router Port Information . Select the required VL AN ID fr om the sc rol l- down li st t o disp lay th e asso ciat ed mu lti cast rout ers . Fig ure 3-102. M ulticast Rout er Port Infor mation CLI – This e xample sho ws that Port 1 1 has been staticall y configur ed as a port [...]

  • Page 204

    Config uring the Switch 3-164 3 We b – Click IGMP Snooping, S tatic Multica st Ro uter Port Configu ration. S pecify the interfa ces attached to a mu lticast r outer , ind icate th e VLAN which will forward al l the corres ponding multica st tr af fic, and then cli ck Add. After you ha ve finishe d adding interf aces to the list, click Apply . Fi[...]

  • Page 205

    Mul ticast F ilterin g 3-165 3 We b – Clic k IGMP Snoo ping, IP Mu lticast Regis tration T a ble. Selec t a VLAN ID and the IP add ress for a multicast service from the scrol l-down lis ts. T he switch will displa y all the inte rfaces tha t are propagatin g this mult icast serv ice. Figure 3-104 . IP Multicast Regist ration Table CLI – This ex[...]

  • Page 206

    Config uring the Switch 3-166 3 Command Attri bute • In terf ace – Act ivates the Po rt or Trunk sc roll down l ist. • VLAN ID – Sele cts the VL AN to propagat e all multica st traffic comi ng from the attac hed multicast router/s w i tch. • Multicast IP – The I P ad dres s fo r a s pec ifi c mul tic ast serv ic e • Port or Trunk – [...]

  • Page 207

    Configuri ng Domain Name Se rvice 3-167 3 Configur ing Genera l DNS Server Par ameter s Command Usage • T o e nable DNS service on thi s switch, fi rst configur e one or m ore name ser vers, and then e nable dom ain looku p status. • T o a ppend dom ain names to incompl ete hos t names rec eived from a D NS clien t (i .e. , no t for matt ed w i[...]

  • Page 208

    Config uring the Switch 3-168 3 We b – Select DN S, General Configura tion. Set th e default do main nam e or list of dom ain names, specify on e or more na me server s to use to use for addre ss reso lution, enab le doma in lookup status , and click A pply . Fig ure 3-106 . DNS Configur ation CLI - T his ex ampl e set s a def aul t domai n na me[...]

  • Page 209

    Configuri ng Domain Name Se rvice 3-169 3 Configur ing Sta tic DNS Host to Address Entrie s Y ou ca n manuall y configur e static entries i n the DNS table that are use d to map dom ain names t o IP addres ses. Command Usage • Static entries may be used for loc al devices connec ted directl y to the attach ed net wor k, or for com monl y us ed r [...]

  • Page 210

    Config uring the Switch 3-170 3 We b – Select DN S, S tatic H ost T able. Enter a host n ame and on e or more corres ponding addres ses, t hen cl ick Appl y . Figu re 3-107. D NS Static Ho st Table CLI - T his exa mple ma p s tw o addr ess to a hos t na me, a nd t hen conf igur es a n al ia s host n ame for th e same add resse s. Console(config)#[...]

  • Page 211

    Configuri ng Domain Name Se rvice 3-171 3 Display ing the DNS Cache Y ou ca n display en tries in the DN S cache t hat have b een learn ed via the des ignated name s erver s. Field Attributes •N o – The ent ry number for each res ource rec ord. • Flag – Th e flag is alw ays “4” indic ating a cach e entry and therefor e unreliab l e . ?[...]

  • Page 212

    Config uring the Switch 3-172 3 CLI - This examp le displa ys all the reso urce reco rds learne d from the designat ed name s erver s. Console#show dns cache 4-128 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.134.222 51 www.microso ft.akadns.net 1 4 CNAME 207.46.134.190 51 www.microso ft.akadns.net 2 4 CNAME 207.46.134.155 51 www.microso ft.akadns.n[...]

  • Page 213

    4-1 Chapter 4: Command Line Interface This chap ter desc ribes how to use the Co mmand Li ne Interf ace (CLI). Using the Comm and Line Interface Acces sing the CLI When a ccessi ng the manag emen t interface for the switch over a dir ect conne ction to the ser ver ’s conso l e p ort, or via a T elnet con nectio n, the switch ca n be ma naged by e[...]

  • Page 214

    Command L ine Interface 4-2 4 T o a ccess the switch thr ough a T e lnet sessi on, you m ust first se t the IP addr ess for the swit ch, and se t the default gateway i f you are man aging th e switch fr om a different IP su bnet. For exa mple, If your c orporate n etwork is con nected t o anothe r network outside your office or to the I nternet, yo[...]

  • Page 215

    Enteri ng Commands 4-3 4 Entering Comma nds Th is sec tio n descr ibe s how to en ter CL I com mand s. Keywords a nd Arguments A CLI comm and is a s eries of keywor ds and argu ments. Keywo rds identif y a com mand, and ar guments spec ify configu ration parame ters. For ex ample, in t he comm and “sho w in ter fac es s ta tus ethe rnet 1/ 5,” [...]

  • Page 216

    Command L ine Interface 4-4 4 Showing Com mands If you ent er a “?” at the co mman d prompt, th e system will disp lay the first le vel of keywor ds for the cu rrent com mand clas s (Norm al Exec or Pri vileged Exe c) or config uration clas s (Globa l, ACL, Interfa ce, Line, VLAN Database, or MSTP ). Y ou can also display a list of valid ke ywo[...]

  • Page 217

    Enteri ng Commands 4-5 4 Partial Ke yword Looku p If you term inate a partia l keywor d with a quest ion mark, al ternatives that matc h the initial let ters are pro vided. (Re membe r not to leave a space betwe en the comm and and que stion mar k.) For exam ple “ s? ” shows al l the keyw ords starting wi th “s.” Negatin g the Effect of Co [...]

  • Page 218

    Command L ine Interface 4-6 4 Exec Comm ands When y ou open a new consol e session on the switc h with the use r name an d p ass word “ gue st, ” th e sy stem ente rs t he N ormal Exe c co mmand mode (or gues t mode ), dis play ing the “Con sole >” c omm and pr ompt . O nly a li mit ed num ber of the com mands are av ailable i n this mod[...]

  • Page 219

    Enteri ng Commands 4-7 4 T o enter th e Global Configu ration m ode, e nter the comm and co nfigure in Privileged Exec mode. The system prompt will change to “Co nsole(config)#” which gives y ou acces s privilege to all Globa l Configur ation com mands. T o e nter the other modes, at the configu ration pr ompt type o ne of the follow ing com ma[...]

  • Page 220

    Command L ine Interface 4-8 4 Ctrl-F Shifts c ursor t o the right one ch aracter . Ctrl-K Delete s all ch aracters fr om the cursor to t he end of the lin e. Ct rl-L Re peat s cu rren t co mmand lin e on a ne w li ne. Ctrl-N Enters the next com mand l ine in the h istory buffer . Ctrl-P Enters the last co mman d. Ct rl-R R epe at s cu rren t co mma[...]

  • Page 221

    Comman d Groups 4-9 4 Command Group s The sy stem c ommands can b e broken down int o the fun ctiona l groups show n belo w . T able 4 -4. Comm and G roups Comm and Grou p Descr iption Page Line Sets com munica tion param eters f or the seri al port and T e lnet, includ ing bau d rate and conso le time -ou t 4-10 Gener al Basic comma nds for en ter[...]

  • Page 222

    Command L ine Interface 4-10 4 The acc ess mode shown in th e following table s is indicate d by these ab brevia tions: NE (N orm al Exec ) IC (Inter face C onfigur ation) PE (Privileg ed Exec ) LC (Li ne Config uration) GC (Global Conf iguration) VC (VLAN Da t a base Conf iguration) ACL (Acc ess Contr ol List Confi guration ) MST (Multip le S pann[...]

  • Page 223

    Line Command s 4-11 4 Default Sett ing Th ere is no def ault line . Command Mod e Globa l Configur ation Command Usage T e lnet is consid ered a virtua l ter minal conn ection and w ill be shown as “V ty” in scre en displays such as sh ow users . Ho wever , the seri al comm unicat ion paramet ers (e.g., databi t s) do n ot af fec t T elnet conn[...]

  • Page 224

    Command L ine Interface 4-12 4 Command Usage • There a re three authe nticati on modes provided by the switch i tself at login : - lo gin selects auth enticati on by a sing le global pa ssword as specified b y the password l ine confi guration c ommand. When u sing this meth od, the management in terface st arts in Norma l Exec (NE) mode. - login[...]

  • Page 225

    Line Command s 4-13 4 Command Usage • When a con nection is s tarted o n a line with passw ord pr otection , the sy stem promp ts for the pa ssword . If you enter the correct password , the syste m shows a prompt. Yo u can use th e pa sswo rd-t hres h comm and to set th e num ber of t imes a user can enter an inc orrect p asswo rd befor e the sys[...]

  • Page 226

    Command L ine Interface 4-14 4 Example T o s et the timeo ut to two minu tes, enter this comma nd: exec-time out This com mand se t s th e interval th at the syst em waits until u ser input is de tected. Us e the no form to re store the d efault. Syntax exec-tim eout [ se conds ] no exec-t imeout seconds - Integer that specifies the numb er of seco[...]

  • Page 227

    Line Command s 4-15 4 Command Mod e Line C onfigur ation Command Usage • When the logon at tempt thr eshold is r eached, the system interface becom es silent fo r a specified amount o f ti me before all owing th e next logon attempt. (Use the s i lent-time com ma nd to set th is in terv al .) W hen t his thr esh old is reac hed for Telnet , the T[...]

  • Page 228

    Command L ine Interface 4-16 4 databi ts This com mand se t s th e number o f data bits per charact er that are in terpreted and gener ated by the co nsole po rt. Use the no form to res tore th e defau lt va lue. Syntax d ata b its { 7 | 8 } no dat abits • 7 - Seve n data bits per ch aracter. • 8 - Eight data bits per charac ter. Defaul t S ett[...]

  • Page 229

    Line Command s 4-17 4 Command Usage Comm unica tion protoco ls provid ed by devi ces such as termina ls and mode ms often requ ire a specific parit y bit setting . Example T o specify no parity , enter this command: spe ed This com mand se t s th e termina l line’s baud rate. Thi s comman d sets both the transm it (to termi nal) and re ceive (fr [...]

  • Page 230

    Command L ine Interface 4-18 4 Defaul t S ett ing 1 stop bit Command Mod e Line C onfigur ation Example T o s pecify 2 stop bi ts, enter this com mand : disco nnect Use this comman d to termina te an SSH , T elnet, or co nsole co nnection. Syntax disconne ct sessio n-i d sessi on-i d – The session identifier for an SSH , T elnet or con sol e conn[...]

  • Page 231

    General C ommands 4-19 4 Command Mod e Normal Exec, Privileged Exec Example T o s how all lines, enter this co mmand : General Comma nds ena ble Th is co mmand act iva tes Priv il eged E xec mode . In pri vil eged mode , ad dit ion al com mands a re availa ble, and c ertain com mands display a dditiona l informa tion. See “Unde rstanding Com mand[...]

  • Page 232

    Command L ine Interface 4-20 4 Defaul t S ett ing Level 15 Command Mod e Normal Exec Command Usage • “sup er” is the d efault p asswor d requir ed to ch ange th e comm and m ode from Normal Exec to Privileged Exec. (To set this p assword, see the enable password command on page 4-26 .) • The “#” ch aracter is append ed to the end of the[...]

  • Page 233

    General C ommands 4-21 4 prior to en abling som e of the oth er configu ration mo des, includi ng Interf ace Configu ration, Lin e Configur ation, VLAN Dat a base Co nfiguration, and Multipl e S panning T ree C onfigur ation. See “Und erstanding Comm and Mode s” on page 4-5. Default Sett ing None Command Mod e Privileged Exec Example Related Co[...]

  • Page 234

    Command L ine Interface 4-22 4 mode s. I n thi s examp le, the !2 c ommand repeats the se cond com mand in the Ex ecut ion hi sto ry buf fer ( config ). reload This com mand re starts t h e system. Note: When the syst em is restarted, it will always run the Power-On Self-Test. It will also retain all con figurati o n information stored in non- vola[...]

  • Page 235

    System Manage ment Commands 4-23 4 Default Sett ing None Command Mod e Any Example This exam ple sho ws how to retur n to the Privi l e ged Exec m ode from the G lobal Configu ration m ode, and then quit the C LI session : quit This c omman d exits t he con figuration program . Default Sett ing None Command Mod e Normal Exec, Privileged Exec Comman[...]

  • Page 236

    Command L ine Interface 4-24 4 Device Designation Co mmands prompt This com mand cu stomize s the CLI pr ompt. Use the no form t o restore t he default prompt . Syntax prompt string no prompt string - Any al phanumeric string to use for the CLI prompt. (Ma ximum length: 255 characters) Defaul t S ett ing Console Command Mod e Globa l Configur ation[...]

  • Page 237

    System Manage ment Commands 4-25 4 hostna me This com mand sp ecifies or modifies t he host na me for this de vice. Us e the no form to rest ore the defa ult host name . Syntax hostnam e name no hostn ame name - The name of this host. (Maximum length: 255 characters) Default Sett ing None Command Mod e Globa l Configur ation Example User Access Com[...]

  • Page 238

    Command L ine Interface 4-26 4 •{ 0 | 7 } - 0 mean s plain p assword, 7 means en crypte d passwo rd. • password pa sswor d - The authent ication pas sword for the user. (Maxi mum leng th: 8 charac ters plain t ext, 32 encr ypted, cas e sensit ive) Defaul t S ett ing • The def ault acces s level is No rmal Exec. • The fa ctory defa ults for [...]

  • Page 239

    System Manage ment Commands 4-27 4 Command Mod e Globa l Configur ation Command Usage • You c annot s et a n ull pass word. Yo u wi ll have to enter a pass word to chan ge the com mand m ode from Nor mal Exec to Priv ileged Exec with the enabl e comm and ( page 4- 19) . • The enc rypted p assword i s required for compat ibility wit h legacy pa [...]

  • Page 240

    Command L ine Interface 4-28 4 Command Mod e Globa l Configur ation Command Usage • If anyo ne tries t o access a man agemen t interfac e on the sw itch from an inv alid addr ess, the sw itch will reject the c onnec tion, enter an event messa ge in the system log, and sen d a trap m essage to the trap ma nager. • IP add ress can be c onfigured [...]

  • Page 241

    System Manage ment Commands 4-29 4 Example Web Server Com mands ip http port This com mand sp ecifies the TCP port num ber used by the Web brow ser interfac e. Us e the no form to us e the defa ult port. Syntax ip http port po rt-numb er no ip http port port-number - The TCP port to be u sed by the browse r inte rface. (Range: 1-65535) Default Sett[...]

  • Page 242

    Command L ine Interface 4-30 4 Example Related Commands ip http ser ver (4-30) ip http server This c omman d allow s this devic e to b e mon itored o r conf igured f rom a brows er . U se th e no form to disable this functio n. Syntax [ no ] ip http s erver Defaul t S ett ing Enabled Command Mod e Globa l Configur ation Example Related Commands ip [...]

  • Page 243

    System Manage ment Commands 4-31 4 • When you start HTTP S, the connection is established in this way: - The client aut henticates the serve r using the server’s digi tal certifica te. - The client and server ne gotiate a se t of securi ty protoco ls to use for th e conne ction. - The client and se rver gener ate sess ion keys for en crypting a[...]

  • Page 244

    Command L ine Interface 4-32 4 Command Usage • You can not conf i g ure the HTT P and HTTPS servers t o use the sa me port. • If you ch ange the HTT PS port num ber, clien ts attem pting to connec t to the HTTPS server must specify the port number in the URL, in this f ormat: https:// device : po rt_n umbe r Example Related Commands ip h ttp s [...]

  • Page 245

    System Manage ment Commands 4-33 4 The SS H server o n this switch su ppor t s bot h p a ssword and public key auth entication . If password au thentica tion is spe cified by the S SH client , then the password can be au thentica ted either lo cally or via a RA DIUS o r T ACA CS+ rem ote authent ication s erver , as s pecified by the auth enticatio[...]

  • Page 246

    Command L ine Interface 4-34 4 00609 0253948 4084827178 1943722 884025331 1595213 4861022 9029789827 2135326 71 31629 4325328 1891504530 6393916 643 steve@1 92.168.1 .19 4. Set the Op tional Parame ters – Set ot her optional par ameters, inclu ding the authent ication ti meout, the number of retries, an d the server k ey size. 5. Ena ble SSH Serv[...]

  • Page 247

    System Manage ment Commands 4-35 4 Example Related Commands ip ssh cry pto ho st-key g enera te (4-37 ) show ssh (4-39 ) ip ss h timeout Use th is command to co nfigure the ti meout for the SSH server . Use the no form to restor e the defaul t setting. Syntax ip ssh time out seco nds no ip ssh t i me out seconds – The timeout for cl ient response[...]

  • Page 248

    Command L ine Interface 4-36 4 ip ss h authent ication-retrie s Use this comman d to config ure the num ber of times the SSH se rver attemp t s to rea uthe nt icat e a user . Use t he no f o rm to restor e the defaul t setting. Syntax ip ssh au thenticat ion-retrie s count no ip ssh a uthenti cation-re tries count – The num ber of authentication [...]

  • Page 249

    System Manage ment Commands 4-37 4 delete public-key Us e this co mma nd to del ete t he spec if ied us er ’ s pu blic ke y . Syntax delete public-key userna me [ ds a | rs a ] • user name – Nam e of an SSH user . (Range : 1-8 charac ters) • dsa – DSA pu blic key type. • rsa – RSA public ke y type. Default Sett ing Deletes both the DS[...]

  • Page 250

    Command L ine Interface 4-38 4 Related Commands ip ssh cry pto ze roiz e (4-3 8) ip ssh s ave hos t-key (4 -38) ip ss h crypto zeroize Use this comman d to clea r the host key fr om memo ry (i.e. RAM ). Syntax ip ssh cr ypto zero ize [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Defaul t S ett ing Clears bo th the DSA an d RSA [...]

  • Page 251

    System Manage ment Commands 4-39 4 Example Related Commands ip ssh cry pto ho st-key g enera te (4-37 ) show ip ssh Use this comman d to disp lay the conne ction set tings used w hen aut henticat ing client ac cess to the SSH server . Command Mod e Privileged Exec Example show ss h Use this comman d to displa y the curren t SSH serve r connect ions[...]

  • Page 252

    Command L ine Interface 4-40 4 show pub lic-key Use this comman d to show th e public key for the spec ified user or for the host . Syntax show public-key [ user [ us ernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Defaul t S ett ing Shows al l public ke ys. Command Mod e Privileged Exec Command Usage • I f no pa rame[...]

  • Page 253

    System Manage ment Commands 4-41 4 Example Event L ogging Comma nds loggin g on This com mand co ntrols loggi ng of error messag es, sending debug or er ror mes sages t o sw itch me mory . T he no form di sabl es th e logg ing pr oce ss. Syntax [ no ] logging on Default Sett ing None Command Mod e Globa l Configur ation Console#show public-key host[...]

  • Page 254

    Command L ine Interface 4-42 4 Command Usage The loggi ng proce ss contro ls error mes sages save d to switc h memo ry . Y ou can use the logging hist ory c ommand to c ontrol the type o f error me ssages that ar e stored. Example Related Commands loggin g history ( 4-42) clear logg ing (4-4 4) loggin g history This com mand l imits syslog me ssage[...]

  • Page 255

    System Manage ment Commands 4-43 4 Command Mod e Globa l Configur ation Command Usage Th e mes sage lev el s pec ifi ed f or f las h memo ry m ust be a hi gher p ri ori ty ( i.e ., numeri cally lowe r) than that speci fied for RAM. Example loggin g host This com mand ad ds a syslo g server ho st IP addres s that will re ceive logg ing mes sages. Us[...]

  • Page 256

    Command L ine Interface 4-44 4 Command Mod e Globa l Configur ation Command Usage The com mand sp ecifies the fac ility type tag sent in syslog m essages . (See RFC 31 64.) This ty pe has no effect on th e kind of mes sages rep orted by the switch . Howeve r , it may be used by the syslo g server to sor t message s or to store m essages in the corr[...]

  • Page 257

    System Manage ment Commands 4-45 4 Command Mod e Privileged Exec Example Related Commands show lo gging (4-4 5) show log ging This com mand disp lays the logging con figurat ion, along w ith any syst em and ev ent messa ges st ored i n memory . Syntax sh ow lo ggin g { flash | ram | sendma i l | tr ap } • flas h - Event history s tored in flash m[...]

  • Page 258

    Command L ine Interface 4-46 4 The follow ing ex ample displ ays settin gs for the tra p function . Related Commands show lo gging sen dmail (4-4 9) SMTP Alert Commands Co nfig ures SMTP e vent handl ing , and for wardi ng of ale rt me ssa ges to the s peci fie d SMTP s ervers and em ail recipien t s . T able 4-18 . System Logging Param eters Field[...]

  • Page 259

    System Manage ment Commands 4-47 4 loggin g sendmail h ost This co mmand specifi es SMTP server s that w ill be sent alert me ssage s. Use the no form to remove an SMTP s erver . Syntax [ no ] logging sendmail host ip_addr ess ip_address - IP ad dress of an SMTP server that will be sent alert messages for event handling. Default Sett ing None Comma[...]

  • Page 260

    Command L ine Interface 4-48 4 Command Mod e Globa l Configur ation Command Usage The specified level indicates an event threshold. All event s a t this level or higher will be sent to the confi gured email rec ipients. (For example, u sing Level 7 wil l report al l events fr om level 7 t o level 0.) Example This exam ple will sen d ema il alerts f[...]

  • Page 261

    System Manage ment Commands 4-49 4 Command Mod e Globa l Configur ation Command Usage Y ou ca n specify up to five recipien ts for alert mes sages. Ho wever , you mus t ente r a separate com mand to spe cify eac h recipien t. Example loggin g sendmail This com mand en ables SMTP ev ent hand ling. Use the no form to disable this fu ncti on. Syntax [[...]

  • Page 262

    Command L ine Interface 4-50 4 Time Comm ands The sys tem clock can be dynam ically set by polling a set of speci fied time ser vers (NT P or SNT P). sntp c lient This com mand en ables SNTP c lient reques t s for time synchron ization from N TP or SNTP tim e server s specified w ith the sntp se rvers co mman d. Us e the no form to disabl e SNTP cl[...]

  • Page 263

    System Manage ment Commands 4-51 4 Example Related Commands sntp se rver (4 -51) sntp poll ( 4-52) show sn tp (4-52 ) snt p serv er This com mand se t s th e IP address of the server s to which SN TP time reques t s are issued. Use the th is comma nd with no a rguments to cle ar all time ser vers from th e current list. Syntax sntp server [ ip1 [ i[...]

  • Page 264

    Command L ine Interface 4-52 4 sntp p oll This com mand se t s th e interval bet ween se nding time requests when the switch i s set to SNTP client mode. Use the no form to re store to th e default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Defaul t S ett ing 16 s econd s Command Mod e[...]

  • Page 265

    System Manage ment Commands 4-53 4 clo ck ti mezon e This com mand se t s th e time zone for the swit ch’s internal c l o ck. Syntax clock timez one nam e hour hour s mi nute minutes { befo re-utc | af ter- utc } • nam e - Name of tim ezone , usually an acr onym. (R ange: 1-29 chara cters) • hour s - Number of h ours befo re/after UT C. (Rang[...]

  • Page 266

    Command L ine Interface 4-54 4 Defaul t S ett ing None Command Mod e Privileged Exec Example This exam ple sho ws how to s et the syst em clock to 15:12:34, Februar y 1st, 2002. show ca lendar This com mand di splays the system clock. Defaul t S ett ing None Command Mod e Normal Exec, Privileged Exec Example System Status Com mands show sta rtup-co[...]

  • Page 267

    System Manage ment Commands 4-55 4 Command Usage • Use th is comm and in co njunctio n with the s how running- config command to com pare the infor mation in r unning mem ory to the informati on stored in non-vola tile memory . • This command displa ys setti ngs for ke y comm and mo des. Eac h mode group i s sepa rat ed by “! ” sy mbols , a[...]

  • Page 268

    Command L ine Interface 4-56 4 Example Related Commands show ru nning- config (4-57) Console#show startup-co nfig building startup-config , please wait..... ! sntp server 0.0.0.0 0.0 .0.0 0.0.0.0 ! snmp-server community p ublic ro snmp-server community p rivate rw ! snmp-server group Defau ltROGroup v1 read defaultview write none snmp-server group [...]

  • Page 269

    System Manage ment Commands 4-57 4 show runn ing-config This com mand disp lays the configura tion inform ation cu rrently in us e. Default Sett ing None Command Mod e Privileged Exec Command Usage • U se t his co mmand in co njun ct ion wi th t he show startup- config com mand t o com pare the infor mation in r unning mem ory to the informati on[...]

  • Page 270

    Command L ine Interface 4-58 4 Example Related Commands show star tup-conf ig (4-54) Console#show running-co nfig building running-config , please wait..... ! sntp server 0.0.0.0 0.0 .0.0 0.0.0.0 ! ! snmp-server community p ublic ro snmp-server community p rivate rw ! snmp-server group Defau ltROGroup v1 read defaultview write none snmp-server grou[...]

  • Page 271

    System Manage ment Commands 4-59 4 show sy stem This command displays system in f o r ma t ion. Default Sett ing None Command Mod e Normal Exec, Privileged Exec Command Usage • For a de scription of the items sh own by th is comma nd, refer to “D isplay i n g System Informa tion” on page 3- 8. • T he POS T res ults shou ld a ll di spl ay ?[...]

  • Page 272

    Command L ine Interface 4-60 4 show us ers Shows all a ctive c onsole and T elnet session s, inc luding u ser na me, idle time, and I P addre ss of T el net client. Defaul t S ett ing None Command Mod e Normal Exec, Privileged Exec Command Usage The s ession used to execut e this co mman d is indi cated by a “* ” symb ol next t o the Line ( i.e[...]

  • Page 273

    System Manage ment Commands 4-61 4 Example Frame Size Com man ds jumbo frame This com mand en ables sup port for jumbo frames . Use the no form to di sabl e it. Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mod e Globa l Configur ation Command Usage • This sw itch provid es more ef ficient thr oughpu t for large seq uential d ata tr[...]

  • Page 274

    Command L ine Interface 4-62 4 Example Flash/File Comm ands These comm ands a re use d to m anage the system code or co nfigurati on files. copy This com mand m oves (up load/dow nload) a cod e image o r configurat ion file betwe en the swi tch’s f las h memo ry and a TFTP se rver . W hen you sa ve the sys tem code or configur ation setting s to [...]

  • Page 275

    Flash/F ile Command s 4-63 4 Default Sett ing None Command Mod e Privileged Exec Command Usage • The s ystem prompts for data r equired to complete th e copy command. • The de stinati on file nam e shoul d not con tain slas hes ( or / ), the lead ing letter of the file na me sh ould not be a pe riod (.), and the maxim um lengt h for file nam e[...]

  • Page 276

    Command L ine Interface 4-64 4 The follow ing exam ple shows how to do wnload a co nfiguratio n file: This exam ple sho ws how to cop y a secure- site certi ficate from an TFTP server . It then reboots t he sw itch to activa te the certifi cate: This exam ple show s how to cop y a public-key used by SSH fr om an TFTP se rver . Note that public key [...]

  • Page 277

    Flash/F ile Command s 4-65 4 Command Usage • If th e file ty pe is used fo r system star tup, then thi s file cannot be deleted. • “ Fac tor y_De faul t_Co nfi g.c fg” cann ot be de let ed. Example This exa mple s hows h ow to del ete the t est2.cfg co nfigur ation file f rom flash memor y . Related Commands dir (4-65) delete public- key ( [...]

  • Page 278

    Command L ine Interface 4-66 4 Example The follow ing ex ample shows how to disp lay all file in formatio n: whichboo t This c omman d disp lays w hich f iles wer e boot ed wh en the syste m powe red up. Defaul t S ett ing None Command Mod e Privileged Exec Example This exam ple sho ws the infor mation d isplayed by the whichboot com mand. See the [...]

  • Page 279

    Authentication C ommands 4-67 4 Default Sett ing None Command Mod e Globa l Configur ation Command Usage • A colo n (:) is required after the spec ified file ty pe. • If the file c ontains an er ror, it cann ot be set as th e default file . Example Related Commands dir (4-65) wh ichb oot (4 -66) Authentication Co mmands Y ou ca n configur e thi[...]

  • Page 280

    Command L ine Interface 4-68 4 authen tica tion login This co mmand defines the lo gin authe ntication metho d and precede nce. Us e the no form to re store the d efault. Syntax authenti cation lo gin {[ local ] [ radius ] [ tacacs ]} no authent ication login • lo cal - Use local password . • radius - Use RADIUS server pa ssword. • t aca cs -[...]

  • Page 281

    Authentication C ommands 4-69 4 authen tica tion ena ble This com mand de fines the au thentica tion metho d and pre cedence to use when chang ing from Exec comma nd mode to Priv ileged Exec com mand m ode with th e enable co mmand (see page 4-19 ). Use the no form to res tore the defa ult. Syntax auth enticati on enable {[ lo cal ] [ radius ] [ t [...]

  • Page 282

    Command L ine Interface 4-70 4 RADIUS Client Remo te Authent ication Dial- in User Servi ce (RADIUS ) is a logon authe ntication protoc ol that uses software runn ing on a cent ral serve r to contro l access to RADIU S-aware devices o n the network . An authent ication ser ver contains a database of multip l e u ser nam e/password pairs with asso c[...]

  • Page 283

    Authentication C ommands 4-71 4 Command Mod e Globa l Configur ation Example rad ius-serve r key This com mand se t s th e RADIUS encrypti on key . Use the no form to rest ore the defaul t. Syntax rad ius -ser ver key ke y_string no radius-server key key_string - Encryption key used to authenticate logon access f or client. Do not use blank spaces [...]

  • Page 284

    Command L ine Interface 4-72 4 radius- serve r timeout This com mand se t s th e interval bet ween tra nsmittin g authenti cation req uests to the RADIUS server . Use the no f orm to re sto re the d efa ult. Syntax radius-serv er timeout num ber_of_ second s no radius-server tim eout number_of_seconds - Number of se conds the sw it ch w ait s for a[...]

  • Page 285

    Authentication C ommands 4-73 4 TACACS+ Client T ermina l Access Contro l ler Acc ess Control System (T ACA CS+) is a logon authent ication p rotocol tha t uses software running o n a central s erver to con trol acces s to T A CACS-a ware de vices on the network. An authenti cation ser ver contains a databas e of m ultiple us er nam e/password p a [...]

  • Page 286

    Command L ine Interface 4-74 4 Command Mod e Globa l Configur ation Example tacac s-server k ey This com mand se t s th e T ACA CS+ enc ryption k ey . Use t he no form t o restore th e defaul t. Syntax t aca cs-se rver key key_st ring no tacacs-serv er key key_string - Encryption key used to authenticate logon access f or the client. Do not use bla[...]

  • Page 287

    Authentication C ommands 4-75 4 Po rt S ec u ri t y Com ma nds These comman ds can be use d to disa ble the learni ng functi on or manual ly spec ify secur e addres ses for a port . Y ou may wan t to leave po rt security o f f for an ini tial trainin g period (i.e ., enable the lea rning func tion) to regist er all the cur rent VLAN memb ers on the[...]

  • Page 288

    Command L ine Interface 4-76 4 • To use po rt secur ity, first allow the switch to dynam ically learn t he <sou rce MAC ad dress, VLAN> pa i r f or frames received o n a port for an initial trai ning period , and then e nable port s ecurity to st op addre ss learnin g. Be sure y ou enable t he learnin g function lo ng enough t o ensure tha [...]

  • Page 289

    Authentication C ommands 4-77 4 authen tica tion dot1x default This com mand se t s th e default au thentica tion serve r type. Use t he no form to restor e the defaul t. Syntax authent ication dot1x defa ult r adius no authe ntication dot1x Default Sett ing RADIUS Command Mod e Globa l Configur ation Example dot1x defa ult This c omman d se t s a [...]

  • Page 290

    Command L ine Interface 4-78 4 dot1x max -r eq This co mmand sets the maximum numb er of tim es the s witch p ort will re transmi t an EAP reques t /ide nti ty pack et t o the client before it ti me s out the authentication session . Us e the no for m to r estore t he def ault. Syntax dot1x m ax-re q coun t no dot1x ma x-req count – The maximum n[...]

  • Page 291

    Authentication C ommands 4-79 4 dot1x opera tion-m ode This command allows single or multiple hosts (clie nts) to connect to an 802 .1X -aut hori zed po rt . Use th e no form with no ke yword s to restor e the defa ult to single host. U se t he no form w i th the multi-host max -count keywords to restore t he defa ult maxim um count. Syntax dot1x o[...]

  • Page 292

    Command L ine Interface 4-80 4 dot1x re-au thenti cati on This com mand en ables peri odic re-au thentica tion globally for all ports. Use the no form to di sable re- authenti cation. Syntax [ no ] d ot1x re -aut hen tica tion Command Mod e Globa l Configur ation Example dot1x time out quiet- period This com mand se t s th e time tha t a switch por[...]

  • Page 293

    Authentication C ommands 4-81 4 Command Mod e Globa l Configur ation Example dot1x time out tx-perio d This com mand se ts the time t hat the switch waits dur ing an authe ntication session befor e re-transmitt ing an EAP p ac ket. Use the no form to reset to the def ault value. Syntax dot1x t imeout tx-period se conds no d ot1x tim eou t tx-p er i[...]

  • Page 294

    Command L ine Interface 4-82 4 Command Usage This command displays the following information: • Globa l 802.1X P arameter s – Disp lays the gl obal port ac cess co ntrol para meters that c an be conf igured for th is switch as d escribed i n the prec eding page s, includi ng reauth-e nabled ( page 4-80 ), reauth-pe riod (pag e 4-80), quiet -per[...]

  • Page 295

    Access Contr ol List Command s 4-83 4 Example Access Control List Commands Acces s Contr ol Lists (AC L) provi de packet filtering for IP fram es (bas ed on address , protoc ol, Layer 4 pr otocol port n umber o r TCP control cod e) or any fram es (bas ed on MAC address or Ethernet type ). To filter pac kets, firs t create an ac cess list, ad d the [...]

  • Page 296

    Command L ine Interface 4-84 4 • MAC ACL mode (MA C-ACL) filt ers packe ts based on th e source or des tination MAC ad dress and the Ethernet frame type ( RFC 1060 ). The follow ing restric tions appl y to ACLs: • This sw itch supp orts ACLs for both i ngress a nd egress filtering. Howeve r, you ca n only bin d one IP ACL an d one MA C ACL to a[...]

  • Page 297

    Access Contr ol List Command s 4-85 4 IP ACLs acce ss-list i p This co mmand adds an IP a ccess l ist and e nters c onfigura tion mo de for standard or extende d IP ACLs . Use the no form to remove th e specifie d ACL. Syntax [ no ] acce ss-li st ip { st andar d | ex ten ded } acl_ name • stand ard – Specifie s an ACL that fi lters packet s bas[...]

  • Page 298

    Command L ine Interface 4-86 4 Command Usage • An egre ss ACL m ust contai n all deny ru les. • When you cr eate a new ACL or e nter conf iguration mode for an existing ACL, use the permit or deny command to a dd new rules t o the bottom o f the l ist. To creat e an ACL, you m ust add at leas t one rule to th e list. • To remove a ru le, use [...]

  • Page 299

    Access Contr ol List Command s 4-87 4 Example This exam ple con figures on e permit rule for the spe cific addre ss 10.1. 1.21 and anot her rule for the ad dress ran ge 168.9 2.16.x – 1 68.92.31. x using a b itmask. Related Commands ac cess- lis t ip (4 -85) permit , den y (Exten ded ACL) This com mand ad ds a rule to an Exten ded IP ACL. Th e ru[...]

  • Page 300

    Command L ine Interface 4-88 4 Defaul t S ett ing None Command Mod e Ex tend ed AC L Command Usage • All new ru les are ap pended to th e end of the list . • Addre ss bitma sks are s imilar to a s ubnet m ask, con taining fou r integer s from 0 to 25 5, e ach sepa rated by a per iod. The binary mask uses 1 b its to i ndicate “matc h” and 0 [...]

  • Page 301

    Access Contr ol List Command s 4-89 4 This per mits all TCP packets from c lass C addr esses 192 .168.1.0 wi th the TCP control code set to “SYN.” Related Commands ac cess- lis t ip (4 -85) show ip access -list This com mand disp lays the rules for conf igured IP ACL s. Syntax show ip ac cess-lis t { standard | exte nde d } [ acl_ name ] • st[...]

  • Page 302

    Command L ine Interface 4-90 4 Command Mod e Globa l Configur ation Command Usage • A mas k can only be use d by all ingres s ACLs or a l l eg ress ACL s. • The pre cedence of the ACL ru les applied t o a packet is no t determin ed by orde r of the rules, but instead by the order o f the masks ; i.e., the firs t mask that m atches a rul e will [...]

  • Page 303

    Access Contr ol List Command s 4-91 4 Default Sett ing None Command Mod e IP Ma sk Command Usage • Packe ts crossin g a port are che cked agai nst all the rule s in the ACL u ntil a match is found. The order in which t hese pack ets are checked i s determ ined by the ma sk, and no t the order in whi ch the ACL rul es were ent ered. • First crea[...]

  • Page 304

    Command L ine Interface 4-92 4 This s hows how t o crea te a standard AC L w ith an in gress m ask to de ny acc ess to the IP hos t 171.69 .198.102, and perm it access to any othe rs. This show s how to cr eate an ex tended ACL with an egres s mask to drop packets leavin g network 171.69.19 8.0 whe n the Layer 4 so urce port i s 23. Console(config)[...]

  • Page 305

    Access Contr ol List Command s 4-93 4 This is a mo re compreh ensive ex ample. It d enies any T CP packets in which the SYN bit is O N, and perm its all other packets. It then sets the ingre ss mask to ch eck the deny r ule first, and finally bind s port 1 to this A CL. Note that once the ACL is bound to an interfac e (i.e., the A CL is active ), t[...]

  • Page 306

    Command L ine Interface 4-94 4 Related Commands mas k (IP ACL ) (4-9 0) ip ac cess-grou p This com mand bind s a port to an I P ACL. Use the no form to r emove the po rt. Syntax [ no ] ip ac cess-gr oup acl _name { in | ou t } • acl_nam e – Name o f the ACL. (M aximum le ngth: 16 char acters) • in – In dicates that th is list applie s to in[...]

  • Page 307

    Access Contr ol List Command s 4-95 4 Related Commands ip a ccess -grou p (4-94) map a ccess-list ip This com mand se t s th e output queu e for packets match ing an A CL rule. The specif ied CoS val ue is only us ed to map the matching packet to an outp ut queue ; it is not writ ten to the pack et itself. Use the no form to remove th e C oS mappin[...]

  • Page 308

    Command L ine Interface 4-96 4 show ma p acce ss-list ip This com mand s hows the Co S value m apped to an IP ACL fo r the current i n terface. (The Co S value deter mines the output queu e for packets match ing an A CL rule.) Syntax show ma p acces s-list ip [ interf ace ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port -[...]

  • Page 309

    Access Contr ol List Command s 4-97 4 Command Usage • Y ou m ust c onfi gur e an ACL m ask befo re y ou c an c hange fr ame prior iti es based on an AC L rule. • Traffic priorities may be include d in the IEEE 802.1p priority tag. T his t a g is also inc orporated a s part o f the over all IEEE 802.1Q VLA N tag. To specify this priorit y, use t[...]

  • Page 310

    Command L ine Interface 4-98 4 MAC ACLs acce ss-list mac This com mand ad ds a MAC a ccess list and enters MA C ACL con figuratio n mode. Us e the no form to re move the sp ecified ACL . Syntax [ no ] acce ss-li st mac acl_nam e acl_name – Name of the ACL. (Maximum le ngth: 16 characters) Defaul t S ett ing None Command Mod e Globa l Configur ati[...]

  • Page 311

    Access Contr ol List Command s 4-99 4 • To remove a ru le, use the no permit or no den y command followe d by the exact te xt of a previ ously conf igured rul e. • A n AC L can cont ai n up t o 32 rul es. Example Related Commands permi t, deny 4-99 mac acce ss-g roup (4-1 04) show mac acce ss-list (4-10 0) permit , den y (MAC ACL) This com mand[...]

  • Page 312

    Command L ine Interface 4-100 4 • any – An y MAC sour ce or des tin ati on ad dres s. • host – A spec ific MAC ad dress. • sour ce – Sour ce MAC a ddress. • dest i n ation – De stination M AC addr ess range with bitmas k. • addr ess- bitmas k* – Bitmask for MAC ad dress (in he xidecim al format). • vid – VLAN ID . (Range: 1-[...]

  • Page 313

    Access Contr ol List Command s 4-101 4 Command Mod e Privileged Exec Example Related Commands permi t, deny 4-99 mac acce ss-g roup (4-1 04) acce ss-list mac mask-pre cedenc e This com mand ch anges to M AC Ma sk mode us ed to config ure acces s control mask s. Use the no form to dele te the mask t abl e. Syntax [ no ] acce ss-li st ip mask-p reced[...]

  • Page 314

    Command L ine Interface 4-102 4 mask (MAC ACL) This com mand defines a mask f or MAC ACL s. This m ask def ines the fi elds to ch eck in the packe t header . Use the no form to remove a mask. Syntax [ no ] ma sk [ pktformat ] { any | host | source -bit mask } { an y | host | dest inat io n-bi tmas k } [ vid [ vi d-bi tma sk ]] [ ethert ype [ ethert[...]

  • Page 315

    Access Contr ol List Command s 4-103 4 Example This exam ple sho ws how to cre ate an Ingre ss MAC A CL and bind it to a p ort. You can th en see that the or der of the ru les have b een change d by the m ask. This exam ple creat es an Egre ss MAC AC L. Console(config)#access- list mac M4 Console(config-mac-acl) #permit any any Console(config-mac-a[...]

  • Page 316

    Command L ine Interface 4-104 4 show ac cess-li st mac mas k-precede nce This c omman d show s the ingress or eg ress r ule mas ks for MAC ACLs. Syntax show access -list m ac m ask-pre cedenc e [ in | out ] • in – In gress m ask p receden ce for ingr ess AC Ls. • out – Egres s mask prece dence fo r egress ACL s. Command Mod e Privileged Exe[...]

  • Page 317

    Access Contr ol List Command s 4-105 4 Related Commands show mac acce ss-list (4-10 0) show mac acce ss-group This com mand sh ows the por ts assigne d to MA C ACLs . Command Mod e Privileged Exec Example Related Commands mac acce ss-g roup (4-1 04) map a ccess-list mac This com mand se t s th e output queu e for packets match ing an A CL rule. The[...]

  • Page 318

    Command L ine Interface 4-106 4 Example Related Commands queue cos-m ap (4-20 0) show m ap acce ss-list ma c (4-106) show ma p acce ss-list mac This c omman d show s the CoS value m apped to a M AC A CL f or the c urrent interfa ce. (The Co S value deter mines th e output queu e for packets match ing an ACL rule.) Syntax show ma p acces s-list mac [...]

  • Page 319

    Access Contr ol List Command s 4-107 4 Default Sett ing None Command Mod e Inter face Config uration (E thernet) Command Usage Y ou mus t configur e an ACL m ask before yo u can cha nge frame priorities based o n an ACL rule . Example Related Commands sh ow ma rkin g (4 -97 ) ACL Information show ac cess-li st This co mmand show s all AC Ls and ass[...]

  • Page 320

    Command L ine Interface 4-108 4 Example show ac cess-gro up This c omman d show s the port a ssignm ents of AC Ls. Command Mod e Privileged Exec utive Example SNMP Command s Controls access to this switch from management statio ns using th e Simple Network Man agement Pr otocol (SNM P), as well as the error ty pes sent to trap mana gers. SNMPv 3 pr[...]

  • Page 321

    SNMP Command s 4-109 4 snmp- server community This com mand de fines the co mmun ity access string for th e Simple Netw ork Man agement Pr otocol. Us e the no form to remo ve the sp ecifie d communit y strin g. Syntax snmp -server com munity st ring [ ro | rw ] no snm p-serve r commu nity strin g • strin g - Comm unity st ring that act s like a p[...]

  • Page 322

    Command L ine Interface 4-110 4 Example snmp- server contact This com mand se t s th e system contact string . Use the no form to remov e the system c ontact in formation. Syntax snmp -server contact st ring no snm p-serve r cont a ct string - S tring that describe s the system con t act information. (Maximum length: 255 char acters) Defaul t S ett[...]

  • Page 323

    SNMP Command s 4-111 4 Example Related Commands snm p-serve r contact (4-1 10) snmp- server hos t This com mand sp ecifies the recipient of a S imple Net work Man agemen t Protocol notific ation oper ation. Use the no form to re move th e specifi ed host. Syntax snmp -server host host-addr commun it y-str ing [ ve rsion { 1 | 2c }] [ u d p-port por[...]

  • Page 324

    Command L ine Interface 4-112 4 Example Related Commands snm p-server enable traps (4- 1 12 ) snmp- server ena ble traps This com mand en ables this dev ice to send Sim ple Netwo rk Managem ent Proto col traps (SNM P notifications ). Use the no form to disabl e SNMP notificat ions. Syntax [ no ] snmp -ser ver enab le tr ap s [ aut hentication | lin[...]

  • Page 325

    SNMP Command s 4-113 4 show sn mp This com mand ch ecks the s t atu s of SNMP co mmunic ations. Default Sett ing None Command Mod e Normal Exec, Privileged Exec Command Usage This com mand pr ovides i n formation on the com munity access st rings, co unter i nforma ti on for SNMP in put an d out put pr ot ocol dat a unit s, and w het her or not SNM[...]

  • Page 326

    Command L ine Interface 4-114 4 snmp-server Use this c omman d to enable the SN MP v3 en gine. Use th e no form to disabl e the engine. Defaul t S ett ing Enabled Command Mod e Globa l Configur ation Example snmp-server engine-id Use th is comma nd to confi gure an iden tification s tring for th e SNMP v3 en gine. Us e th e no form to restor e the [...]

  • Page 327

    SNMP Command s 4-115 4 show snmp engine-id Us e this comma nd to sh ow th e SNMP en gine ID. Command Mod e Privileged Exec Example Th is ex ampl e sh ows the defa ult engi ne I D. snmp-server view Use this command to add an SNMP view that cont r ols user access to the MIB . Use the no fo rm to remo ve an SNMP view . Syntax snmp -server vi ew view-n[...]

  • Page 328

    Command L ine Interface 4-116 4 Examples This view includes M IB-2. This vi ew includ es the MIB-2 interfa ces table, i fDescr . The wildcard is used to selec t all the index values in this table. This vi ew includes the MIB- 2 interfaces t abl e, and the m ask selec t s all index ent ries. show snmp view Us e this co mma nd to sh ow inf ormat io n[...]

  • Page 329

    SNMP Command s 4-117 4 snmp-server group Us e th is co mmand to a dd a n SN MP gr oup, mapp ing SNMP user s to SNMP view s. Us e the no form to r emove an SNMP group. Syntax snmp -server gro up grou pname { v1 | v2c | v3 { aut h | noauth | priv }} [ read readview ] [ wri te writeview ] no snm p-server group grou pname • grou pname - Name of an SN[...]

  • Page 330

    Command L ine Interface 4-118 4 Example Console#show snmp group groupname: r&d security model: v3 readview: v2defaultview writeview: daily notifyview: none storage-type: permanent row status: active groupname: DefaultROGro up security model: v1 readview: v2defaultview writeview: none notifyview: none storage-type: permanent row status: active g[...]

  • Page 331

    SNMP Command s 4-119 4 snmp-server user Use th is comma nd to add a u ser to an SN MP group , restricting t he user to a sp ecific SNMP R ead and a Writ e V iew . Use the no fo rm to re move a us er f rom an SNM P group . Syntax snmp -server use r usernam e gro upname { v1 | v2c | v3 [ e ncrypted ] [ auth { md5 | sha } auth-pas sword [ priv d es56 [...]

  • Page 332

    Command L ine Interface 4-120 4 Example DHCP Commands Th ese com mand s are us ed to co nfig ure Dy nami c Hos t Conf igura ti on Pro toc ol (DHC P) client. Y ou c an configur e any VLAN interface t o be automat ically assign ed an IP address via DHCP . DHCP Client ip dhc p client- identifier This com mand sp ecifies the D CHP client ide ntifier fo[...]

  • Page 333

    DHCP C ommands 4-121 4 Command Mod e Interfa ce Configur ation (VLAN ) Command Usage This c omman d is u sed to include a clien t identif ier in all comm unicati ons w ith the DHCP serv er . The ide ntifier ty pe depends on the requireme nts of your DHCP server . Example Related Commands ip dhcp re start client (4- 121) ip dhc p restart client This[...]

  • Page 334

    Command L ine Interface 4-122 4 DNS Commands Th ese com mand s are us ed to co nfig ure Do mai n Nami ng Syst em (DN S) ser vice s. Y ou can m anual ly confi gur e ent rie s in t he DNS doma in na me to I P addr ess m appi ng table, conf igure defa ult domai n names , or specify one or more n ame serv ers to use for d omain name to a ddress tran sl[...]

  • Page 335

    DNS Command s 4-123 4 Command Usage Serve rs or other ne twork dev ices may su pport one o r more conn ection s via mult iple IP address es. If mor e than one IP ad dress is a ssociated with a host nam e using this com mand, a DNS client can try each ad dress i n s uccessi on, until i t establish es a c onnec tion w ith the target de vice. Example [...]

  • Page 336

    Command L ine Interface 4-124 4 Defaul t S ett ing None Command Mod e Globa l Configur ation Example Related Commands i p dom ain- lis t ( 4-124 ) ip name -server (4 -125) i p dom ain- look up ( 4-12 6) ip dom ain-list This com mand de fines a list o f domain na mes tha t can be appe nded to inco mplete host na mes (i.e. , host name s passed from a[...]

  • Page 337

    DNS Command s 4-125 4 Example This exam ple add s two dom ain name s to the curren t list and then displays t he list. Related Commands i p dom ain- name (4-1 23) ip nam e-server Th is co mmand s pec ifi es t he ad dres s of o ne o r mor e doma in name s erv ers to use for nam e-to-addr ess reso lution. Use t he no form t o re mov e a na me serv er[...]

  • Page 338

    Command L ine Interface 4-126 4 Example Th is exa mple a dds two domai n-n ame se rver s to th e list and th en dis play s th e list . Related Commands i p dom ain- name (4-1 23) i p dom ain- look up ( 4-12 6) ip dom ain-lookup This com mand en ables DN S host name -to-ad dress trans lation. Use t he no f orm to disabl e DNS. Syntax [ no ] ip doma [...]

  • Page 339

    DNS Command s 4-127 4 Example This e xampl e enabl es DN S and t hen di splays the configurat ion. Related Commands i p dom ain- name (4-1 23) ip name -server (4 -125) show hos ts This com mand disp lays the static host nam e-to-add ress ma pping table. Command Mod e Privileged Exec Example Note tha t a host name will be displayed a s an alias if i[...]

  • Page 340

    Command L ine Interface 4-128 4 Example show dns cache This com mand di splays en tries in th e DNS cache . Command Mod e Privileged Exec Example clear dns cac he This com mand clea rs all entri es in the DNS cache. Command Mod e Privileged Exec Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sam[...]

  • Page 341

    Interface C ommands 4-129 4 Example Interface Comm ands Th ese com mand s are us ed to di spla y or set commun ica tio n par amet ers fo r an Etherne t port, aggregat ed link, or VLAN . Console#clear dns cache Console#show dns cache NO FLAG TYPE IP TTL DOMAIN Console# T able 4-42 . Inter face C ommands Comm and Funct ion Mo de Page in terf ace Con [...]

  • Page 342

    Command L ine Interface 4-130 4 interfac e This com mand co nfigures an interface ty pe and ente r interface c onfigura tion mode . Us e the no form to remove a t runk. Syntax in terf ace in te rfac e no interface por t-channel c hanne l - id int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel [...]

  • Page 343

    4-131 4 desc ription This com mand ad ds a desc ription to an interfac e. Use the no f orm to r emove the descr iption. Syntax description st ring no description string - Comment or a description to help you remember what is att ached to this interface. (Range: 1-64 characters) Default Sett ing None Command Mod e Inter face Config uration (E therne[...]

  • Page 344

    Command L ine Interface 4-132 4 Command Usage • To force operation to the sp eed and dup lex mod e spec ified in a s peed-duple x com mand, use t he no nego tiation co mmand to d isable aut o-negoti ation on the se l e cted inte rface. • When using the negotiation co mman d to enable auto -nego tiation, the optimal sett ings will be determi ned[...]

  • Page 345

    4-133 4 Example The fo llowin g exam ple co nfigures p ort 1 1 to u se aut onegotiati on. Related Commands capab ilities (4 -133) speed -duple x (4-131) capa bilities This c omman d adver tises t he por t capabil i ti es of a given interfa ce dur ing autoneg otiatio n. Use the no for m with p ara met ers to remove an adve rti sed cap abil ity , or [...]

  • Page 346

    Command L ine Interface 4-134 4 Example The fol lowing exa mple c onfigure s Ethernet port 5 capabil ities to 10 0half, 10 0full and fl ow cont ro l. Related Commands negoti ation (4-132 ) speed -duple x (4-131) flo wcon tro l (4-1 34 ) flowcontrol This com mand en ables flow control. Us e the no form t o di sabl e flow cont rol. Syntax [ no ] flow[...]

  • Page 347

    4-135 4 Example The follow ing exam ple enab les flow con trol on port 5. Related Commands negoti ation (4-132 ) cap abilities ( flowcontro l, symmetri c) (4-133) combo -forced-mode This c omman d for ces th e port t ype se lected for com binati on por t s 2 1 - 24 . Us e the no form to rest ore the default mode. Syntax comb o-forced-m ode mode no [...]

  • Page 348

    Command L ine Interface 4-136 4 Defaul t S ett ing All interface s are enabl ed. Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Command Usage This com mand all ows you to disa ble a port due t o abnorm al behavio r (e.g., exces sive collisi ons), and the n reenable i t af ter the problem has been reso lved. Y ou may also wan t [...]

  • Page 349

    4-137 4 Example Th e fol lo wing s how s how to conf igur e br oadc ast stor m c ontr ol at 600 p acket s per secon d: clear coun ters This com mand clea rs statistics on a n interfac e. Syntax clea r counter s inte rfa ce int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange:[...]

  • Page 350

    Command L ine Interface 4-138 4 show inte rfaces s tatus This com mand disp lays the status for an inter face. Syntax show interface s status [ in terf ac e ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) • vlan vl an-i d (Ra nge: 1- 4094) Defaul t S ett ing Sh[...]

  • Page 351

    4-139 4 show inte rfaces counte rs This com mand disp lays i nterfac e statist ics. Syntax show interf aces counters [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) Default Sett ing Shows t he counte rs for all interfa ces. Command Mod e Normal Exec, [...]

  • Page 352

    Command L ine Interface 4-140 4 show inte rfaces s witchpo rt This com mand disp lays t he admini strative an d operat ional status of th e specifie d in ter fac es . Syntax show interf aces sw itchport [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) [...]

  • Page 353

    Mirror Po rt Command s 4-141 4 Mirror Port Comm ands This sect ion des cribes how to mirror tra f fic from a source port to a target por t. port mon itor This c omman d co nfigures a mir ror se ssion. U se the no fo rm to clear a m irror session . Syntax port monitor in terface [ rx | tx | both ] no port monitor inte rfac e • interf ace - ethe rn[...]

  • Page 354

    Command L ine Interface 4-142 4 Command Usage • You can mirror tra ffic from an y source p ort to a dest ination port for real-tim e analysi s. You can then attac h a logic analyz er or RMON probe to th e dest i n ation por t and study the tra ffic crossin g the sou rce po rt in a comp letely unobt rusive m anner. • The des tination por t is se[...]

  • Page 355

    AMAP Configuration 4-143 4 Example The follow ing sh ows mirrori ng configu red from po rt 6 to port 1 1: AMAP Configurati on The AM AP protocol discove rs adjacent sw itches by sending a nd receiving AM AP “Hello ” packets on act ive S panni ng T ree po rts. Each por t can be d efined as being in one of three logical states of processi ng the [...]

  • Page 356

    Command L ine Interface 4-144 4 amap enable This com mand en ables AMAP on th e switch. U se the amap disa ble command to disabl e the featu re. Syntax amap { enable | disable } • enable – En ables AMAP • disable – Di sabl es A MAP Defaul t S ett ing Enabled Command Mod e Global Configuration Example ama p run This com mand per forms the sa[...]

  • Page 357

    AMAP Configuration 4-145 4 Command Mod e Global Configuration Example amap common tim er This co mman d sets t he time (in sec onds) t hat swi tch po rt s in the Common state w ait befo re send ing a “Hello” packet to an adjace nt switc h. If th ere i s no re ply pack et from an adjacen t switch after tw o timeout in tervals, th e switch e ntry[...]

  • Page 358

    Command L ine Interface 4-146 4 Rate Limit Comm ands This fun ction allows the netwo rk manag er to contr ol the maxim um rate for traf fi c transm itted or rec eived on a n interface. Rate limit ing is config ured on inte rfaces a t the edge of a network to li mit traffic into or out of the network. T raffic tha t falls within the rat e limit is t[...]

  • Page 359

    Link Aggr egation Commands 4-147 4 Link Aggregation Commands Ports can be s t a tically groupe d into an a ggregate l ink (i.e., trunk ) to increa se the bandwi dth of a networ k connect ion or to ens ure fault rec overy . Or you c an use the Link Aggr egation C ontrol Prot ocol (LAC P) to automat ically nego tiate a trunk li nk betwe en this s wit[...]

  • Page 360

    Command L ine Interface 4-148 4 Dynam ically Cr eating a Por t Channel – Ports as signed to a common po rt chann el must m eet the follo wing criter ia: • Ports must have th e same LACP syste m priority . • Ports must have the s ame port admin key (Ethernet Interfa ce). • If the p ort ch annel a dmin key (lacp admin k ey - Po rt Chann el) i[...]

  • Page 361

    Link Aggr egation Commands 4-149 4 lacp Th is co mma nd ena bl es 80 2.3 ad Li nk A ggr egat io n Con tro l Pr otoc ol (LAC P) f or the cur ren t in ter fac e. Us e t he no form to dis able it. Syntax [ no ] lacp Default Sett ing Disabled Command Mod e Inter face Config uration (E thernet) Command Usage • The por ts on both end s of an LA CP trun[...]

  • Page 362

    Command L ine Interface 4-150 4 Example The follow ing sh ows LACP en abled on po rts 1 1-1 3. Becaus e LACP has also been enabled on the ports at the ot her end of the links, the s how interf aces status port-ch annel 1 com mand s hows th at T r unk1 has bee n establishe d. lacp sys tem- pr iority This c omman d conf igures a port's LACP s ys[...]

  • Page 363

    Link Aggr egation Commands 4-151 4 Command Usage • Port mu st be conf igured w ith the same sy stem pri ority to join t he same LA G. • Syst em priority i s combined with the sw itch’s MAC ad dress to for m the LAG i dent ifi er. T his id entif ie r i s used to ind icat e a spec ifi c LAG dur ing LACP negot iations w ith other syst ems. • O[...]

  • Page 364

    Command L ine Interface 4-152 4 • Once th e remote si de of a link has been estab lished , LACP opera tional settings are already in use on th at side. Con figuring LAC P settin gs for the partne r only app lies to its ad ministrati ve state, n ot its operat ional sta te, and will on ly tak e effect t he next time an aggre gate link is es tablish[...]

  • Page 365

    Link Aggr egation Commands 4-153 4 lacp port-prio rity This com mand co nfigures L ACP port pr iority . Use the no form to res tore the defa ult setting. Syntax la cp { ac tor | pa r tn e r } port-priority prior i ty no lacp { acto r | par t n e r } po rt-p rior ity • actor - Th e local side an aggrega te link. • partner - The rem ote s ide of [...]

  • Page 366

    Command L ine Interface 4-154 4 Defaul t S ett ing Port Ch annel: all Command Mod e Privileged Exec Example Console#show lacp 1 cou nters Channel group : 1 ----------------------- ------------------------------------ -------------- Eth 1/ 1 ----------------------- ------------------------------------ -------------- LACPDUs Sent : 21 LACPDUs Receive[...]

  • Page 367

    Link Aggr egation Commands 4-155 4 T able 4- 49. LA CPD Us Field De scripti on Oper K ey Curren t oper ational val ue of th e key for the agg regation port. Admin Key Current admi nistrativ e value o f the ke y for the a ggreg ation port. LACPD Us Int ernal Nu mber o f seconds before invalidatin g received LACP DU inform ation. LACP System P riorit[...]

  • Page 368

    Command L ine Interface 4-156 4 T able 4-50 . LAC P Neighbo urs In formation Field D escrip tion Partne r Admin S ystem ID LAG pa rtner ’s sys tem ID ass igned by the use r . Partne r Oper Sy stem ID L AG pa rtner ’s system ID ass igned by t he LAC P protoco l. Partne r Admin Port N umber C urrent administra tive va lue of the port nu mber for [...]

  • Page 369

    Address T able C ommands 4-157 4 Address Table Commands Th ese com mand s are us ed to co nfig ure t he addr ess tabl e for fi lter ing s peci fi ed add res ses , displ ayi ng cu rren t entr ies , cle arin g the t abl e, or set ting t he agi ng ti me. mac-a ddres s-ta ble stati c This com mand maps a stati c address to a destination port in a VLAN.[...]

  • Page 370

    Command L ine Interface 4-158 4 Command Usage The static add ress for a h ost device ca n be assig ned to a spec ific port w i thi n a specif ic VLAN. Use th is comman d to add static addr esses to the MAC Addre ss T able. St atic addr esses hav e the follo wing char acteristics : • Static addresses will not be remov ed from the add ress table wh[...]

  • Page 371

    Address T able C ommands 4-159 4 Default Sett ing None Command Mod e Privileged Exec Command Usage • The M AC Addre ss Table co ntains the M AC addre sses asso ciated wit h each interfa ce. Note tha t the Type fiel d may include the follow ing types: - Lea rne d - Dy nami c add res s en tri es - Per manen t - Static en try - D elete-on -reset - S[...]

  • Page 372

    Command L ine Interface 4-160 4 Example show ma c-addres s-table a ging-time Th is comm and sho ws th e agin g time for ent rie s in th e addr ess t ab le. Defaul t S ett ing None Command Mod e Privileged Exec Example Spanning Tree Commands This sect ion include s comm ands that configur e the S panni ng T ree Algo rithm (ST A) global ly for the sw[...]

  • Page 373

    Spanning T ree C ommands 4-161 4 spa nnin g-t ree This com mand enables the S p a nning Tr e e Algorithm globa lly for the sw itch. Us e the no form to di sable it. Syntax [ no ] spanning-tree Default Sett ing S panning tree i s enabled. Command Mod e Globa l Configur ation Command Usage The S panning Tree Algorith m (ST A) can be used t o detect a[...]

  • Page 374

    Command L ine Interface 4-162 4 Example This exam ple sho ws how to ena ble the S panning Tree Algorithm for the switc h: spann ing-tree mode This com mand se lects the spanning tree mod e for this sw itch. Use the no form to restor e the defaul t. Syntax sp anning -tree mode { stp | rstp | mstp } no spanning-tree m ode • stp - Spann ing Tree Pro[...]

  • Page 375

    Spanning T ree C ommands 4-163 4 • Multip le Span ning T ree Prot ocol - To a llow mu ltiple spann ing trees t o operate ov er the net work, you must config ure a relat ed set of bridge s with the sa me MSTP co nfigurat ion, allowi ng the m to p articipa te in a spe cific set of s panning tree instanc es. - A sp anning t ree instan ce can ex ist [...]

  • Page 376

    Command L ine Interface 4-164 4 spann ing-tree hello-ti me This com mand co nfigures the spanning tr ee bridge he llo time glob ally for thi s switch. Us e the no form to re store the d efault. Syntax sp anning -tree hello-time time no spanning-tree he llo-time time - T ime in seconds. (Range: 1-10 seconds). The maximu m value is the low er of 10 o[...]

  • Page 377

    Spanning T ree C ommands 4-165 4 Command Usage This com mand sets the ma ximum time ( in second s) a d evice ca n wait wit hout rece iving a co nfigurat ion mess age be fore attem pting t o reconf igure. All de vice ports (exc ept for design ated p ort s ) should rece ive confi guration message s at regu l a r intervals. Any port that ages o ut ST [...]

  • Page 378

    Command L ine Interface 4-166 4 spann ing-tree pathco st method This com mand co nfigures the path cost m ethod use d for Rapid S panning T r ee an d Multip le S panning T ree. U se the no form to restore th e default. Syntax sp anning -tree pa thc ost method { lon g | short } no spanning-tree pathcost method • lo ng - Spec ifies 32- bit based va[...]

  • Page 379

    Spanning T ree C ommands 4-167 4 Example spann ing-tree mst-configu ration Us e th is co mmand to chan ge t o Mul ti ple S pan ning T ree ( MST) conf igu rat ion mode . Default Sett ing • No VLAN s are mappe d to any MS T instance. • The reg ion name is set the sw itch’s MAC address . Command Mod e Globa l Configur ation Example Related Comma[...]

  • Page 380

    Command L ine Interface 4-168 4 Command Usage • Use t his com mand to gr oup VLAN s in to spanni ng tree inst ances. M STP gener ates a uniqu e spann i n g tree for ea ch instanc e. This prov ides mu ltiple pat hwa ys ac ross the netw ork , t hereb y ba lanc ing the tra ffi c lo ad, prev enti ng wide-sc ale dis ruption whe n a bridge n ode in a s[...]

  • Page 381

    Spanning T ree C ommands 4-169 4 • You can se t this switch to ac t as the MSTI root dev ice by specifyi ng a priority of 0, or as the MSTI a lternate device by specifyi ng a p riority o f 1638 4. Example name This c omman d co nfigures t he nam e for the multiple spanning tree r egion in which this switc h is located . Use the no form to c lear [...]

  • Page 382

    Command L ine Interface 4-170 4 Command Mod e MST Con figuration Command Usage The MS T region nam e (page 4-169 ) and revision number ar e used to designa te a uniq ue MST reg ion. A bridge (i.e., spanning- tree comp liant dev ice suc h as this s wit ch ) can on ly belo ng to one MS T reg ion . And a ll b ri dges i n th e sam e region mus t be con[...]

  • Page 383

    Spanning T ree C ommands 4-171 4 spann ing-tree spann ing-disab led This com mand disa bles the sp a nning tree a lgorithm for the specif ied interfa ce. Use th e no form to ree nable the spa nning tree algorithm fo r the spec ified interf ace. Syntax [ no ] spanning-tree sp an ning-disabled Default Sett ing Enabled Command Mod e Inter face Config [...]

  • Page 384

    Command L ine Interface 4-172 4 • Path c ost takes pr ecede nce over po rt priority. • When the s pan ning -tr ee pa thco st m eth od ( page 4-16 6) i s se t to sh ort, the max imum v alue for path cost is 65,53 5. Example spann ing-tree port-priority This c omman d co nfigures t he prio rity fo r the specified interf ace. Us e the no form to r[...]

  • Page 385

    Spanning T ree C ommands 4-173 4 Default Sett ing Disabled Command Mod e Inter face Config uration (E thernet, Por t Channel ) Command Usage • You can enable th is option if an in terface is at tached to a LA N segm ent that is at the end of a bridged LA N or to an end node. Since en d nodes c annot cause forward ing loops, the y can pa ss direc [...]

  • Page 386

    Command L ine Interface 4-174 4 • Sinc e end-node s cannot ca use forwa rding loop s, they ca n be passed t hrough the sp anning tre e state chan ges more q uickly th an allowed by standar d conve rgence t ime. Fast fo rwarding ca n achieve quicker converge nce for end- node works tations an d servers, a nd also over come ot her STA related timeo[...]

  • Page 387

    Spanning T ree C ommands 4-175 4 Example spa nnin g-t ree ms t cos t This com mand co nfigures the path cost on a s panning instanc e in the Multip le S panning Tree. U se the no form t o restore t he default . Syntax sp anning -tree mst ins tance_id cost cost no spanning-tr ee mst in stance_id cos t • instan ce_id - Inst ance id entifier of th e[...]

  • Page 388

    Command L ine Interface 4-176 4 spann ing-tree mst port-priority This com mand co nfigures the interfac e priority on a spanning instan ce in the Multip le S panning T ree. U se the no form to restore th e default. Syntax sp anning -tree mst ins tance_id p ort -prio rity priority no spanning-tr ee mst in stance_id port-pr iority • instan ce_id - [...]

  • Page 389

    Spanning T ree C ommands 4-177 4 Command Mod e Privileged Exec Command Usage If at any time th e switch det ects STP BPDUs, inc luding Conf iguration or T opology Change Noti fication BPDUs, it will automatic ally set the selected interfa ce to forced ST P-compatibl e mode. Ho wever , you can also us e the sp anning -tree protocol-m igration comman[...]

  • Page 390

    Command L ine Interface 4-178 4 • For a de scription of the item s displaye d under “Sp anning- tree inform ation, ” see “Co nfiguring G lobal Se ttings” on pa ge 3-107. For a descri ption of the item s displaye d for speci fic interface s, see “Disp laying Interface Se ttings” o n page 3- 111. Example show sp anning-tree mst configur[...]

  • Page 391

    VLAN Command s 4-179 4 Command Mod e Privileged Exec Example VLAN Commands A VLAN is a g roup of ports that ca n be locat ed anyw here in the ne twork, but com municat e as though the y belong to the same physical segment. This secti on descr ibes comm ands use d to create VL AN grou p s, add port mem bers, sp ecify how VLAN tagging is used, and en[...]

  • Page 392

    Command L ine Interface 4-180 4 vlan data bas e This com mand en ters VLAN da tabase mode. All comman ds in this mod e will t a ke effect im mediat ely . Defaul t S ett ing None Command Mod e Globa l Configur ation Command Usage • Use t he VLAN data base co mmand mode to ad d, chan ge, an d delete VLANs . After fini shing con figuratio n changes,[...]

  • Page 393

    VLAN Command s 4-181 4 Command Mod e VLAN Database Confi guration Command Usage • no vlan vlan-id dele tes the VLAN. • no vlan vlan-id name remove s the VLAN nam e. • no vlan vlan-id stat e returns the VL AN to the defau lt state (i.e ., active). • You can configure u p to 255 VLANs on the switch . Example The fol l o wing exa mple adds a V[...]

  • Page 394

    Command L ine Interface 4-182 4 Defaul t S ett ing None Command Mod e Globa l Configur ation Example The follow ing ex ample shows how to se t the interface configu ration mode to VLAN 1 , and then ass ign an IP addr ess to the VLAN : Related Commands shutdow n (4-135) swi tchport mod e This com mand co nfigures the VLAN me mbersh i p mo de for a p[...]

  • Page 395

    VLAN Command s 4-183 4 Related Commands switch port a cceptable -frame-t ypes (4 -183) swit chport acc eptable-frame -types This co mmand config ures the a cceptable f rame ty pes for a port. Us e the no form to restor e the defaul t. Syntax swit chport acc ept ab le-frame- types { all | tag g e d } no swit chport acc ept ab le-frame- types • all[...]

  • Page 396

    Command L ine Interface 4-184 4 Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Command Usage • Ingres s filtering onl y affect s tagged fra mes. • If ingre ss filter i n g is disa bled an d a port receives frames tagged f or VLANs for which it is n ot a membe r, these fram es will be flooded to a ll other ports ( except for[...]

  • Page 397

    VLAN Command s 4-185 4 Example The follow ing exam ple shows h ow to set the PV ID for port 1 to VLAN 3: swit chport allo wed vlan This c omman d conf igures V LAN groups o n the selected interfac e. Us e the no form to rest ore the defa ult. Syntax swit chport allo wed vlan { ad d vlan-list [ t a gged | untagged ] | rem ove vla n-li st } no switch[...]

  • Page 398

    Command L ine Interface 4-186 4 Example The follow ing exam ple shows how to ad d VLANs 1, 2, 5 a nd 6 to the allow ed list as t a gged VLAN s for port 1: swit chport forbid den vlan This c omman d conf igures f orbidden VLANs . Use the no form to remove th e list of forbidde n VLAN s. Syntax switchport forbidde n vlan { add vlan-l ist | remove vla[...]

  • Page 399

    VLAN Command s 4-187 4 Display ing VLAN Infor mation show vlan This c omman d show s VLAN infor mation. Syntax show vlan [ id vla n-id | nam e vlan-n ame ] • id - Key word to be fol lowed by the VLAN ID. - vlan -id - ID of th e configu red VLAN. (Range : 1-409 4, no lead ing zeroe s) • name - Key word to be fol lowed by the VLAN nam e. - vlan-n[...]

  • Page 400

    Command L ine Interface 4-188 4 When a fram e is received at a port, it s VLAN m ember ship can then be de termined based on the protoc ol type in us e by the inbou nd packets. T o configu re pro tocol-based VLANs , follow thes e steps: 1. Fi rst configu re VLAN grou p s for th e protoco ls you want to use (page 4-180) . Althou gh not manda tory , [...]

  • Page 401

    VLAN Command s 4-189 4 Example The follow ing creat es protoco l group 1, an d specifie s Ethernet fr ames with I P and ARP protoc ol types: protocol -vlan protocol-g roup (Confi guring Inte rfaces) This com mand maps a pr otocol gro up to a VLAN for the current inte rface. Use t he no for m to remov e the proto col mappi ng for this inter face. Sy[...]

  • Page 402

    Command L ine Interface 4-190 4 Example The follow ing ex ample maps the t raf fi c entering P ort 1 which m atches the p rotocol type spec ified in proto col group 1 to VLAN 2. show proto col-vlan protoc ol-group This com mand sh ows the fr ame and prot ocol type associat ed with protoc ol groups. Syntax show p rotocol-vlan protocol-group [ gr oup[...]

  • Page 403

    VLAN Command s 4-191 4 Command Mod e Privileged Exec Example This show s that traffic en tering Port 1 tha t matches the specif ications fo r protocol group 1 will be mappe d to VLAN 2: Configur ing Pri vate VLANs Private VLA Ns prov ide port- based secu rity and isol ation betw een ports with i n the assigne d VLA N. Thi s sect ion des cribes c om[...]

  • Page 404

    Command L ine Interface 4-192 4 • Enteri ng the pvl an comman d without an y parame ters ena bles the priva te VLAN. Enterin g no pvlan di sabl es the pri vat e VLA N. Example This exam ple ena bles the priv ate VLAN , and then sets port 24 as the uplink and ports 1-8 as th e downl i n ks. show pv lan This com mand disp lays the con figured pr iv[...]

  • Page 405

    GVRP and Bridge Ex tension Command s 4-193 4 bridge-e xt gvrp This com mand en ables GVR P globall y for the switc h. Use the no for m to disable i t. Syntax [ no ] bri dge -ex t gvr p Default Sett ing Disabled Command Mod e Globa l Configur ation Command Usage GVRP defines a wa y for switch es to excha nge VLAN inf ormation in order to register VL[...]

  • Page 406

    Command L ine Interface 4-194 4 switchpo rt gvrp This com mand en ables GVR P for a port. Use the no form to disable it. Syntax [ no ] switchpor t gvrp Defaul t S ett ing Disabled Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Example show gv rp configura tion This c omman d sh ows if G VRP is ena bled. Syntax show g vrp conf i[...]

  • Page 407

    GVRP and Bridge Ex tension Command s 4-195 4 garp tim er This com mand se ts th e values for the join, lea ve and leavea ll timers. U se the no form to restore the timers’ default values . Syntax garp timer { join | leave | l eaveall } tim er_va lue no garp timer { join | leave | leavea ll } •{ join | le ave | lea veall } - W hic h timer to set[...]

  • Page 408

    Command L ine Interface 4-196 4 show ga rp timer This c omman d sh ows the GAR P time rs for the se lected interfac e. Syntax sh ow ga rp ti mer [ interfac e ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) Defaul t S ett ing Shows all G ARP t imers. Command Mod e[...]

  • Page 409

    Priority Command s 4-197 4 Priority Comma nds The com mands described in this sect ion allow y ou to specif y which data pack ets have gr eater prec edence w hen traffic is buffered in the switch du e to conges tion. This switch s upports CoS w i th eight prio rity queues for e ach port. Data packet s in a port’s high- priority qu eue will be tra[...]

  • Page 410

    Command L ine Interface 4-198 4 Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Command Usage • The pre cedence for priority m apping is I P Port, IP Pre cedence or IP DSCP, and def ault switch port prior ity. • The def ault priorit y applies for an untagge d frame re ceived on a port set to accep t all frame t ypes (i.e , r[...]

  • Page 411

    Priority Command s 4-199 4 Command Usage Y ou ca n set the swit ch to servi ce the queu es based on a st rict rule that requ ires all traffic in a higher p riority que ue to be proces sed befor e lower priorit y queues ar e serviced , or use Weighte d Round-R obin (WR R) queui ng that sp ecifies a relative w eight of e ach queue . WRR u ses a pred [...]

  • Page 412

    Command L ine Interface 4-200 4 queue cos-ma p This c omman d as signs class of service (Co S) val ues to the p riority queues (i.e., hardw are outp ut queues 0 - 7) . Use the no form set t he CoS map to th e default valu es. Syntax queue co s-map qu eue_id [ cos1 ... cosn ] no queue c os-map • queue _id - T he ID of the pri orit y qu eue . Range[...]

  • Page 413

    Priority Command s 4-201 4 Related Commands show queue cos-m ap (4- 202) show que ue mode This c omman d sh ows the curre nt que ue mo de. Default Sett ing None Command Mod e Privileged Exec Example show que ue band width This command d isplays the weight ed round-robin ( WRR) bandwidth allocation for the eigh t priority queu es. Default Sett ing N[...]

  • Page 414

    Command L ine Interface 4-202 4 show que ue cos -map Th is command shows th e clas s of serv ice pr iorit y map. Syntax show queue cos-ma p [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) Defaul t S ett ing None Command Mod e Privileged Exec Example P[...]

  • Page 415

    Priority Command s 4-203 4 map i p port (Global C onfigura tion) Use th is command to en able IP port mapping (i.e., class of service mappin g for TCP/UDP soc kets). Use the no form t o d isa ble I P po rt m appi ng. Syntax [ no ] ma p ip port Default Sett ing Disabled Command Mod e Globa l Configur ation Command Usage The p receden ce for p riorit[...]

  • Page 416

    Command L ine Interface 4-204 4 Example The follow ing exam ple shows h ow to map HT TP traffic to CoS va l u e 0: map ip pr ecedence (Glob al Conf igurati on) This com mand en ables IP pre ceden ce mapping (i.e., IP T yp e of Service ). Use the no form to di sable IP pr ecedenc e mappin g. Syntax [ no ] ma p ip precedence Defaul t S ett ing Disabl[...]

  • Page 417

    Priority Command s 4-205 4 Default Sett ing The list bel ow show s the defaul t priority map ping. Command Mod e Inter face Config uration (E thernet, Por t Channel ) Command Usage • The pre cedence for priority m apping is I P Port, IP Pre cedence or IP DSCP, and def ault switch port prior ity. • IP Pre cedence va lues are ma pped to de fault [...]

  • Page 418

    Command L ine Interface 4-206 4 Example The follow ing exam ple shows how to en able IP DSCP mapping globally : map i p dscp (Int erfa ce Co nfigu rati on) This command s ets IP DSCP prior ity (i.e., Differ entiated Services Code Point priority) . Use the no form to res tore th e defau lt table. Syntax map ip dscp dscp -val ue cos cos- valu e no ma[...]

  • Page 419

    Priority Command s 4-207 4 Example The follow ing exam ple shows how to map IP DSCP val ue 1 to CoS valu e 0: map a ccess-list ip This com mand se t s th e output queu e for packets match ing an A CL rule. The specif ied CoS val ue is only us ed to map the matching packet to an outp ut queue ; it is not writ ten to the pack et itself. Use the no fo[...]

  • Page 420

    Command L ine Interface 4-208 4 show ma p ip port Use th is command to sh ow the IP port priority map. Syntax sh ow map ip por t [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) Defaul t S ett ing None Command Mod e Privileged Exec Example The follow i[...]

  • Page 421

    Priority Command s 4-209 4 Command Mod e Privileged Exec Example Related Commands map ip pr ecedenc e (Global C onfigura tion) (4-204 ) map ip pr ecedenc e (Interface Configur ation) (4-2 04) show ma p ip dsc p This com mand sh ows the IP DS CP prio rity map. Syntax show map ip dscp [ interface ] int erfac e • etherne t unit / port - unit - Th is[...]

  • Page 422

    Command L ine Interface 4-210 4 Example Related Commands map ip ds cp (Globa l Configur ation) (4-20 5) map ip dscp (I nter face Conf igu rati on ) (4 -206 ) Quality of Serv ice Commands The com mands described in this secti on are used to c onfigure Q oS classi fication cri ter ia and s ervi ce p oli cies . Y ou ca n cl assi fy traf fic b ase d on[...]

  • Page 423

    Quality of Se rvice Commands 4-211 4 T o create a s ervice policy fo r a spec ific categ ory or ing ress traff ic , follow these st eps: 1. U se the clas s-map comm and to de signate a c lass nam e for a spe cific categ ory of traffic, and ent er the Clas s Map conf iguration mode. 2. Us e the ma tch com mand t o sele ct a s pecify t ype of traffic[...]

  • Page 424

    Command L ine Interface 4-212 4 • The cl ass map is us ed with a po licy map (pag e 4-213 ) to create a ser vice policy (page 4-2 16) for a spec ific interfa ce that de fines pack et class ification, serv ice tagg ing, a nd band width policin g. • After en tering the C lass Map co nfigurat ion mode, use the match command (pag e 4-212) to sp eci[...]

  • Page 425

    Quality of Se rvice Commands 4-213 4 Example This exam ple creat es a clas s map calle d “rd-class, ” and sets it to m atch packets marked for DSCP service value 3: policy -map This c omman d creat es a p olicy m ap th at can be attache d to m ultiple interfa ces, and ent er s Pol icy Map conf igur at ion m ode. Use the no f orm to del ete a po[...]

  • Page 426

    Command L ine Interface 4-214 4 class This com mand d efines a t raffic classif ication u pon which a policy ca n act, an d enters Policy Ma p Class con figurat ion mode. Us e the no for m to delete a c lass ma p and ret ur n to Poli cy Ma p conf igur ati on mod e. Syntax [ no ] clas s cl ass- map- name class-map-name - Name of t he c lass map . ( [...]

  • Page 427

    Quality of Se rvice Commands 4-215 4 Default Sett ing None Command Mod e Policy Map Class C onfigurat ion Example This exam ple sets the DS CP va lue to 3 for all traffic as signed to t his policy cl ass. police This com mand de fines an p olicer for cla ssified tra f fic. Us e the no f orm to re mo ve a police r . Syntax [ no ] polic e rate-bp s b[...]

  • Page 428

    Command L ine Interface 4-216 4 Example This exam ple creat es a police r that sets the ma ximum bu rst rate to 20 Kb ytes, the aver age rate to 15 22 bps, and th e respo nse to drop an y violating pack ets. servic e-policy This com mand ap plies a pol icy map def i n ed by the policy-map comm and to a particular in terface. U se the no f orm to re[...]

  • Page 429

    Quality of Se rvice Commands 4-217 4 Command Mod e Privileged Exec Example show pol icy-map This command d isplays the QoS pol icy map s which define cla ssification c riteria for incom ing traffic, and m ay include policers for bandwidth li mitations. Syntax show policy-m ap [ policy-m ap-name [ cla ss clas s- map-n ame ]] • poli cy- map- name -[...]

  • Page 430

    Command L ine Interface 4-218 4 Command Mod e Privileged Exec Example Multicast Filteri ng Commands This sw itch uses IG MP (Interne t Group Mana gem ent Protoco l) to query for an y attached hosts th at want to rece ive a s pecific multicas t serv ice. It i dentifies the po rts containing hosts req uesting a serv i c e and sen ds data ou t to thos[...]

  • Page 431

    Multic ast Filteri ng Commands 4-219 4 Default Sett ing Enabled Command Mod e Globa l Configur ation Example The follow ing exam ple enab les IGMP snoopin g. ip igm p snooping v lan stati c This com mand ad ds a port t o a multicast group. Us e the no form to remove th e port. Syntax [ no ] ip igmp sno oping vlan vlan-id static ip-add ress i nterfa[...]

  • Page 432

    Command L ine Interface 4-220 4 ip igm p snooping v ersion This c omman d conf igures t he IGM P snoo ping v ersion. Use th e no form to restore the defa ult. Syntax ip igmp snoopin g version { 1 | 2 } no ip igmp snooping ve rsion • 1 - IGMP Vers ion 1 • 2 - IGMP Vers ion 2 Defaul t S ett ing IGMP V ersion 2 Command Mod e Globa l Configur ation[...]

  • Page 433

    Multic ast Filteri ng Commands 4-221 4 Example The fo llowing shows the c urrent I GMP s nooping configu ration: show ma c-addres s-table m ulticast This com mand sh ows know n multic ast address es. Syntax show mac-add ress-table m ulticast [ vlan vlan-id ] [ user | igmp - s nooping ] • vlan -id - VLAN ID (1 to 4094) • user - Display o nly the[...]

  • Page 434

    Command L ine Interface 4-222 4 IGMP Query Commands (Layer 2) ip igm p snooping qu erier This co mmand enab les the s witch a s an IG MP qu erier . Use the no form to disabl e it. Syntax [ no ] ip igmp sno oping querier Defaul t S ett ing Enabled Command Mod e Globa l Configur ation Command Usage If enabled , the switc h will serve as qu erier if e[...]

  • Page 435

    Multic ast Filteri ng Commands 4-223 4 Default Sett ing 2 times Command Mod e Globa l Configur ation Command Usage The q uery c ount de fines how lo ng the querier waits for a res ponse from a mult icast cli ent befor e taking a ction. I f a q uerier ha s se nt a nu mber of queri es define d by t his co mman d, but a client has no t res ponded, a c[...]

  • Page 436

    Command L ine Interface 4-224 4 ip igm p snoopi ng query-max- response -time This c omman d co nfigures t he que ry rep ort de lay . Use t he no for m to restor e the defaul t. Syntax ip igmp snoopin g query-m ax-respons e-time seco nds no ip igmp snoo ping query-max-res ponse-time seconds - The report delay a dvertised in IGMP quer ies. (Range: 5-[...]

  • Page 437

    Multic ast Filteri ng Commands 4-225 4 Default Sett ing 300 sec onds Command Mod e Globa l Configur ation Command Usage The swi tch must us e IGMPv2 for this comm and to take effect. Example The follow ing sh ows how to con figure th e default time out to 300 s econds: Related Commands i p igmp sn oopi ng v ers ion ( 4-22 0) Static Mul ticast Routi[...]

  • Page 438

    Command L ine Interface 4-226 4 Command Usage Depend ing on your network c onnection s, IGMP snooping ma y not alway s be able to loca te the IGMP querier . Theref ore, if the IGMP querier is a k nown mult i c ast router /switch co nnected o ver the ne twork to an inte rface (por t or tr unk) on your rout er , y ou can m anual ly co nfi gur e that [...]

  • Page 439

    IP Interface C ommands 4-227 4 IP Interface Com mands There a re no IP add resses as signed to t his switch b y default. Y o u must ma nually conf i g ure a new a ddress to m anage the switch ov er your ne twork or to co nnect the switch to existin g IP subnets. Y ou m ay also ne ed to a establish a default gat eway betwe en this dev ice and m anag[...]

  • Page 440

    Command L ine Interface 4-228 4 Command Usage • You mu st assign an IP addres s to this dev ice to gain m anagem ent acce ss over the network or to connec t the switch to existing IP su bnet s. You can man ually config ure a spec ific IP addres s, or direc t the devic e to obtain a n addr ess from a BOO TP or DHC P s erver. Valid IP addresse s co[...]

  • Page 441

    IP Interface C ommands 4-229 4 Example The follow ing ex ample def i n es a default g ateway f or this devic e: Related Commands sho w ip red irec ts (4-2 30) ip dhc p restart Use this command to submit a BOOT P or DCHP client request. Default Sett ing None Command Mod e Privileged Exec Command Usage • This command issues a BOOTP or DHCP clie nt [...]

  • Page 442

    Command L ine Interface 4-230 4 Command Mod e Privileged Exec Example Related Commands sho w ip red irec ts (4-2 30) show ip redirects This com mand sh ows the def ault gate way confi gured for t his device . Defaul t S ett ing None Command Mod e Privileged Exec Example Related Commands ip defau lt-gatew ay (4-228 ) ping This com mand se nds ICMP e[...]

  • Page 443

    IP Interface C ommands 4-231 4 Command Usage • Use th e ping comm and to s ee if an othe r si te on t he net work can be r eac hed. • Followi ng are som e result s of the ping com mand: - Normal r esponse - The norm al respons e occurs i n one to ten sec onds, depen ding o n netwo rk traf fic. - Destin ation do es not respon d - If the host doe[...]

  • Page 444

    Command L ine Interface 4-232 4[...]

  • Page 445

    A-1 Appendix A: Software Specifications Software Featur es Authen tication Local, R ADIUS, T ACACS, Port (802.1x), HTTPS, SSH, Por t Security Access Control List s IP , M AC ( up t o 32 lists ) AMAP Alcate l Mapping A djacency Pr otocol SNMPv3 Man agement ac cess via MI B database T rap m anagem ent to spec ified h osts DHCP Client DNS Server Port [...]

  • Page 446

    Software Speci fications A-2 A VLAN Su pport Up to 25 5 groups; port -based, pro tocol-ba sed, or tagged (802.1Q) , GVRP for aut omatic V LAN l earning, p rivate VLANs Class of Se rvice Suppo rts eight levels of pr iority and Weig hted Roun d Robin Qu eueing (which c an be con figured by VLAN tag or port), Layer 3/4 priority map ping: IP Pre ceden [...]

  • Page 447

    Management Inf ormation Base s A-3 A IEEE 80 2.1D S panning T ree Pr otocol and tr aff ic pr iorities IEEE 802. 1p Priority tags IEEE 80 2.1s Multiple S panning T r ee Protocol IEEE 80 2.1w Rapid S panning Tree Protoc ol IEEE 802. 1x Port Authent ication ARP (RFC 826) DHCP (RFC 1541) HTTPS I CMP ( RFC 79 2) IG MP (R FC 1 1 1 2) IGMPv2 (RFC 2236) RA[...]

  • Page 448

    Software Speci fications A-4 A SNMP T arget M IB, SNMP Notifi cation MIB (RFC 2573) SNMP User- Based SM MI B (RFC 2574) SNMP V iew Base d ACM MIB (RFC 2 575) SNMP Community MIB (RFC 257 6)[...]

  • Page 449

    B-1 App endix B: Tr ouble shooting T able B-1. T ro ublesh ooting Chart Symp tom A cti on Cann ot connect using T e lnet, We b brow ser , or SNMP softw are • Be sure you have c onfigured the age nt with a valid IP address, subne t mask and defau lt gatew ay. • If y ou are tryi ng to c onnect to the ag ent via the IP ad dress for a tagge d VLAN [...]

  • Page 450

    T roublesh ooting B-2 B[...]

  • Page 451

    Gl ossary -1 Glossa ry Acces s Cont rol List (ACL) ACLs can l imit netwo rk tr af fic an d rest ric t acce ss to ce rt ai n user s or dev ices by check ing each packet for certain IP or MAC (i. e., Layer 2) in formation . Boot Protoc ol (BOOTP) BOOTP is use d to provi de bootu p inform ation for net work devi ces, incl uding IP addre ss informa tio[...]

  • Page 452

    Glossary Glossa ry-2 GARP VLAN Registration Protocol (GVRP) Defines a way for swi tches to exc hange V LAN inform ation in orde r to register neces sary VLAN m ember s on ports alo ng the S pann ing T ree so that VLANs define d in each sw itch can w ork autom atically over a S panning T ree ne twor k. Generic Att ribute Regis tration Protocol (GARP[...]

  • Page 453

    Gl ossary -3 Glossa ry IEEE 802 .3x De fine s Et hern et f rame st art /st op r equ est s and ti mers used for fl ow c ont rol o n full-d uplex links. IGMP Snoo ping Listen ing to IGMP Que ry and IGMP R eport packets transfe rred betwee n IP Multicas t Route rs and IP M ulticast ho st groups to ident ify IP Mu lticast gro up mem bers. IGMP Q uery O[...]

  • Page 454

    Glossary Glossa ry-4 Mana gement Inf o rmat ion Base (MI B ) An acro nym for Mana gement Informat ion Base. It is a set of database objec t s that contains inform ation a bout a spec ific devi ce. MD5 An alg orit hm th at i s used to crea te d igit al si gnat ures . I t i s in tend ed f or u se wi th 32 bi t mac hines and is s afer than the M D4 al[...]

  • Page 455

    Gl ossary -5 Glossa ry Remote Monitoring (RMON) RMON provides compreh ensive ne twork mo nitoring c ap a bilities. It eli minates the polling r equired in stand ard SNMP , and can set alar ms on a varie ty of traffic conditi ons, includin g specific e rror types. Rapid Sp anning Tree Proto col (RSTP) RSTP reduces t he con vergenc e time for n etwor[...]

  • Page 456

    Glossary Glossa ry-6 Trivial File Transfer Pro tocol (TFT P) A TCP/IP pr otocol com monly use d for softwar e download s. User Data gram Protocol (UDP) UDP provide s a da t agr am m ode for pack et-swi tched com munic ations. I t uses IP as the under lying trans port m echanism to provide ac cess to IP -like service s. UDP packets are del ivered ju[...]

  • Page 457

    Index-1 Numerics 802.1x, port authe ntication 3-54, 4-76 A accep table fram e type 3-133 , 4-183 Ac cess Co ntro l Li st Se e ACL ACL Extende d IP 3- 62, 4-83 , 4-85 , 4-87 MAC 3-6 2, 4- 84, 4-98 , 4- 98 –4-1 00 Standar d IP 3-62, 4-83 , 4-85, 4-86 add res s tabl e 3 -100 , 4-157 aging tim e 3-1 02, 4-160 B BOOTP 3-14, 3-15 , 4-22 7 BPDU 3-104 br[...]

  • Page 458

    Index-2 Index H har dwar e ve rsi on, disp layi ng 3-10 , 4-60 HTTPS 3- 45, 4-30 HTT PS, secur e se rver 3-45, 4- 30 I IEEE 80 2.1D 3-103, 4- 162 IEEE 802. 1s 4-162 IEEE 80 2.1w 3-103, 4- 162 IEEE 80 2.1x 3-54, 4-76 IG MP group s, displayi ng 3-164 , 4-221 Lay er 2 3- 160, 4-21 8 que ry 3-1 60, 4- 222 query , Layer 2 3 -161, 4-222 snoop ing 3-160, [...]

  • Page 459

    Index-3 Index proble ms, tr oublesh ooting B-1 protoc ol mig ration 3-115 , 4-17 6 Q queue weight s 3-143, 4-199 R RADIU S, logon aut henticat ion 3-42 , 4-70 rate limits, sett ing 3-92, 4 -146 rem ote logg in g 4 -4 4 restar ting the sy stem 3-29 , 4-22 RSTP 3- 103, 4-162 gl obal conf igur ati on 3-104 , 4-16 2 S secur e shell 3-47 , 4-32 Se cure [...]

  • Page 460

    Index-4 Index V VLAN s 3 -122–3- 136, 4-179– 4-192 adding st atic mem bers 3-1 30, 3-13 2, 4-185 crea ting 3-129, 4 -180 des cri pti on 3-12 2 displa ying b asic inf orma tion 3-126, 4-19 3 displa ying p ort mem bers 3 -127, 4-18 7 egres s mode 3-13 4, 4-182 inter face conf iguration 3-13 3, 4-1 83–4-186 pri vat e 3-135 , 4- 191 prot oc ol 3-[...]

  • Page 461

    [...]

  • Page 462

    F1.0.0.6 E042004-R02 060191-10[...]