LevelOne GSW-2692 manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 390 pages
- 4.82 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Switch
LevelOne FSW-0800FXT
14 pages 1.75 mb -
Switch
LevelOne POH-0850TX
21 pages 0.75 mb -
Switch
LevelOne KVM-0405
7 pages 0.17 mb -
Switch
LevelOne GSW-2474T
41 pages 0.56 mb -
Switch
LevelOne Gigabit Chassis switch
16 pages 0.29 mb -
Switch
LevelOne KVM-0213
5 pages 0.08 mb -
Switch
LevelOne GSW-2692
390 pages 4.82 mb -
Switch
LevelOne GSW-2496
247 pages 6.4 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation LevelOne GSW-2692. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel LevelOne GSW-2692 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation LevelOne GSW-2692 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation LevelOne GSW-2692 devrait contenir:
- informations sur les caractéristiques techniques du dispositif LevelOne GSW-2692
- nom du fabricant et année de fabrication LevelOne GSW-2692
- instructions d'utilisation, de réglage et d’entretien de l'équipement LevelOne GSW-2692
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage LevelOne GSW-2692 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles LevelOne GSW-2692 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service LevelOne en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées LevelOne GSW-2692, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif LevelOne GSW-2692, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation LevelOne GSW-2692. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
LevelOne GSW-2692 24-Port 10/100M + 2G Combo L2 Stackable Switch User Manual V ersion 1.0-0608[...]
-
Page 2
[...]
-
Page 3
i Contents Chapter 1: Intr oduction 1- 1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3 Stack Operations 2-3 Selecting th e Stack Master 2-3 Recovering from Stack Failure or Topolo g[...]
-
Page 4
Contents ii Managing F irmware 3-15 Downloading System Software from a Server 3-16 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Setti ngs from a Server 3-19 Console Port Setti ngs 3-20 Telnet Settings 3-22 Configuring Event Logging 3-24 System Log Configuration 3-24 Remote Log Configuration 3-26 Displaying Log Message s[...]
-
Page 5
Contents iii Enabling LACP on Selected Ports 3-70 Configuring LACP Parameters 3-73 Displaying LACP Port Counters 3-75 Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settings and Status for the Remote Side 3-79 Setting Broadcast Storm Threshol ds 3-81 Configuring Port Mi rroring 3-82 Configuring Rate Limits 3-83 Rate Lim[...]
-
Page 6
Contents iv Mapping DSCP Priority 3-131 Mapping IP Port Priority 3-132 Mapping CoS Values to ACLs 3-133 Multicast Filtering 3-135 Layer 2 IGMP (Snooping and Query) 3-135 Configuring IGMP Snoopin g and Query Parameters 3-136 Displaying Interfaces Attached to a Multicast Router 3-137 Specifying Static Interfaces for a Multicast Router 3-138 Displayin[...]
-
Page 7
Contents v General Commands 4-19 enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 end 4-22 exit 4-23 quit 4-23 System Management Comma nds 4-24 Device Designation Commands 4-24 prompt 4-24 hostname 4-2 5 User Access Commands 4-25 username 4-26 enable password 4-27 IP Filter Commands 4-28 management 4-28 show management 4-29 Web[...]
-
Page 8
Contents vi clear logging 4-46 show logging 4-47 show log 4-48 SMTP Alert Commands 4-49 loggin g sen d m a i l ho st 4-49 logging sendmail l evel 4-50 logging sendmail source-email 4-51 logging sendmail destinatio n-email 4-51 logging sendmail 4- 52 show logging sendmail 4-52 Time Commands 4-53 sntp client 4-53 sntp server 4-54 sntp poll 4-55 show [...]
-
Page 9
Contents vii TACACS+ Client 4-76 tacacs-server host 4-77 tacacs-server port 4-77 tacacs-server key 4-78 show tacacs-server 4-78 Port Security Commands 4-79 port security 4-79 802.1X Port Authentication 4-81 dot1x system-auth-control 4-81 dot1x default 4-82 dot1x max-req 4-82 dot1x port-cont rol 4-82 dot1x operation-mode 4-83 dot1x re-authenticate 4[...]
-
Page 10
Contents viii snmp-server enable traps 4-106 show snmp 4-107 Interface Comma nds 4-108 interfac e 4-108 description 4-109 speed-duplex 4-109 negotiation 4-110 capabilities 4-111 flowcontrol 4-112 shutdown 4-113 switchport broadcast packet-rate 4-114 clear counters 4-114 show interfaces status 4-115 show interfaces counters 4-116 show interfaces swi[...]
-
Page 11
Contents ix spanning-tree cost 4-142 spanning-tree port-pri ority 4-143 spanning-tree edge-p ort 4-144 spanning-tree portfast 4-145 spanning-tree link-typ e 4-145 spanning-tree protoc ol-migration 4-146 show spanning-tree 4-147 VLAN Commands 4-149 Editing VLAN Groups 4-149 vlan database 4-149 vlan 4-150 Configuring VLAN Interfaces 4-151 interface v[...]
-
Page 12
Contents x Priority Commands (Layer 3 and 4) 4-174 map ip port (Global Configuration) 4-174 map ip port (Interface Configuration) 4-175 map ip precedence (Global Configuration ) 4-175 map ip precedence (Interfa ce Configuration) 4-176 map ip dscp (Global Configuration) 4-1 77 map ip dscp (Interface Configurati on) 4-177 show map ip port 4-178 show [...]
-
Page 13
Contents xi Appendix A: Software Specifications A-1 Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3 Appendix B: Trouble shooting B- 1 Problems Accessing the Ma nag ement Interface B-1 Using System Logs B-2 Glossary Index[...]
-
Page 14
Contents xii[...]
-
Page 15
xiii Tables Table 1-1 Key Featur es 1-1 Table 1-2 System Defau lts 1-5 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-25 Table 3-4 HTTPS System Support 3-40 Table 3-5 802.1X Statistics 3-54 Table 3-6 LACP Port Counters 3-75 Table 3-7 LACP Intern al Configuration Information 3-77 Table 3-8 LACP Neighbor Co nfi[...]
-
Page 16
T ables xiv Table 4-27 Authentication Commands 4-71 Table 4-28 Authentication Sequence 4-71 Table 4-29 RADIUS Client Comma nds 4-73 Table 4-30 TACACS Commands 4-76 Table 4-31 Port Security Commands 4-79 Table 4-32 802.1X Port Authenti cation 4-81 Table 4-34 IP ACLs 4-90 Table 4-33 Access Control Lists 4-90 Table 4-35 Egress Queu e Priority Mapping [...]
-
Page 17
xv Figures Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-8 Figure 3-4 Switch Information 3-10 Figure 3-5 Bridge Extension Configuration 3-11 Figure 3-6 Manual IP C onfiguration 3-13 Figure 3-7 DHCP IP Configuration 3-1 4 Figure 3-8 Copy Firmwa re 3-16 Figure 3-9 Setting the Startup Code 3-1 6 Figure 3-10 Dele[...]
-
Page 18
Figures xvi Figure 3-43 LACP Configuration 3-71 Figure 3-44 LACP Port Configuratio n 3-74 Figure 3-45 LACP - Port Counters Information 3-76 Figure 3-46 LACP - Port Internal Info rmation 3-78 Figure 3-47 LACP - Port Neighbors Information 3-79 Figure 3-48 Port Broadcast Co ntrol 3-81 Figure 3-49 Mirror Port Configuration 3-83 Figure 3-50 Rate Limit G[...]
-
Page 19
1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed i n this manual. The default configurati on can be used for most of the featur es provided by this switch. However , there are many options that you should configure to max[...]
-
Page 20
Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks caused by port saturation. Broadcast storm supp ression prevents broadcast traffic sto rms from engulfing the network. Port-ba sed and private VLANs, plus [...]
-
Page 21
Description of Softwa re Features 1-3 1 Port Mirroring – The switch can unobtrusi vely mirror tr affic fro m any port to a monitor port. Y ou can then att ach a protocol analyz er or RMON probe to this port to perform traf fic analysis and verify connect ion integrity . Port T runking – Ports can be combin ed into an aggregate connection . T ru[...]
-
Page 22
Introduction 1-4 1 Vir tual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same col lision domain regardless of the ir physical location or connecti on point in the netwo rk. The switch suppo rts ta gged VLANs based on the IEEE 802.1Q sta ndard. Members of VLAN group s can be dynamically [...]
-
Page 23
System Defaults 1-5 1 System Defaults The switch’s system de faults are provided in the configuration file “Factory_Default_Con fig.cfg.” To reset the swi tch defaults, this f ile should be set as the startup config urati on file (page 3-20). The following t able lists some of the basic system defaul ts. T able 1-2 System Defaults Function Pa[...]
-
Page 24
Introduction 1-6 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Rate Limiting Input and output limits Disabled Port T runking Static T runks None LACP (all ports) Disabled Broadcast Storm Protection Status Disabled (all ports) Broadcast Limi t Rate 32,000 oc tets per sec ond Spanning T ree Algorithm Statu[...]
-
Page 25
System Defaults 1-7 1 System Log Status Enabled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler En abled (but no serv er defined ) SNTP Clock Synchronization Disabled T abl e 1-2 System Defaults (Continued ) Function Parameter Default[...]
-
Page 26
Introduction 1-8 1[...]
-
Page 27
2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management option s, including SNMP , RMON and a web-based interface. A PC may also be co nnected directly to the switch f or configuration a nd monitoring via a command line in[...]
-
Page 28
Initial Configuration 2-2 2 • Configure Class of Servi ce (CoS) priority queuing • Configure up to 4 static or LACP trunks • Enable port mirroring • Set broadcast storm cont ro l on any port • Display syst em information and statistics • Configure any stack unit throug h the same IP address Required Connections The switch provides an RS[...]
-
Page 29
Stack Operations 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a net wo rk connection, you must first config ure it with a val id IP address, s ubnet mask, and default gatewa y using a console connection, DHCP or BOOTP protocol . The IP address for this switch is obtained v ia DHCP by default. T o manual ly configure[...]
-
Page 30
Initial Configuration 2-4 2 Recovering from Stack Failure or Topology Change When a link or unit in the st ack fails, a trap message is sen t and a failure event is logged. The stack wil l be rebooted after an y system failure or topolog y change. It takes two to three min utes for the stack to reboo t. Also note that powering down a unit or i nser[...]
-
Page 31
Basic Configuration 2-5 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 al phanumeric characters and are case sensit ive. T o pre vent unauthoriz[...]
-
Page 32
Initial Configuration 2-6 2 Note: The IP address for this switch is obtained via DHCP by default. Before you can assign an IP address to the swi tch, you must obtain the following information from your net wo rk administrator: • IP address for the switch • Default gateway for the network • Network mask for this ne twork T o assig n an IP addr[...]
-
Page 33
Basic Configuration 2-7 2 5. W ait a few minutes, and the n check the IP configuration sett ings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration changes b y typing “copy run ning-config startup-con fi g.” Enter the startup file name and press <Enter>. Enabling SNMP Management Access Th[...]
-
Page 34
Initial Configuration 2-8 2 T o conf igure a community string, compl ete the following step s: 1. From the Privileged Exe c level global configurat ion mode prompt, type “snmp-server community string mode ,” where “string” is the communi ty ac cess string and “mode” is rw (read/wri te) or ro (read only). Press <Ente r>. (Note that[...]
-
Page 35
Managing System Fi les 2-9 2 2. Enter the name of the sta rt-up file. Press <En te r>. Managing System Files The switch’s flash memory suppo rts three types of system fil es that can be managed by the CLI program, We b interface, or SNMP . The switch’s file sys tem allows fi les to be uploaded an d downloaded, cop ied, deleted, and set as[...]
-
Page 36
Initial Configuration 2-10 2[...]
-
Page 37
3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP W eb agent . Using a Web bro wser you can configure the switch and view statistics to moni tor net work activity . The Web agent can be accessed by any computer on the network usi ng a standard W eb browser (Internet Explorer 5.0 or above, or Net sca[...]
-
Page 38
Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access t he web-browser interface you must first ente r a user name and password. The administra tor has Read/W rite access to all co nfi gurati on p arameters and stat is tics. Th e defau lt use r name and p assword for the admi nis trator i s “ad min.” Home Page When your w[...]
-
Page 39
Panel Display 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down list. Once a configuration change has been made on a p age, be sure to click on the Apply button to confirm the new setting. The followi ng table summarizes the web page configuration buttons. Notes: 1. To ensure prope r screen refresh, be sure that [...]
-
Page 40
Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define sy stem paramet ers, manage and control the s witch, and all i ts port s, or monitor net work conditions. Th e following table brie fly describes the selection s avai lable from this program. T able 3-2 Main Menu Menu Description Page System 3-8 System Information P[...]
-
Page 41
Main Menu 3-5 3 SSH 3-42 Host-Key Sett ings Gen erates the ho st key pair (public and private) 3-44 Settings Configures Secure Shell s erver settings 3-46 Port Secu rit y Configur e s pe r port secur ity , including st at us , respons e fo r security breach, and maximum allowed MAC addresses 3-47 802.1X Port authent ication 3-49 Information Display[...]
-
Page 42
Configuring the Switch 3-6 3 Input Trunk Configuration Sets the i nput rate limit f or each trunk 3-84 Output Port Configuration Sets the output rate limit for each port 3-84 Output Trunk Configuration Sets the output rate limit for each trunk 3-84 Port Statistics Lists Ethernet and RMON port stat ist ics 3-85 Address T able 3-90 Static Addresses D[...]
-
Page 43
Main Menu 3-7 3 Port Information Shows VLAN port type , and associate d primary or secondary VLANs 3-120 Port Configura tion Sets the private VLAN interface type , and associates the interfaces with a private VLAN 3-121 Trunk Information Shows VLAN port type , and as sociated primary or seco ndary VLANs 3-120 Trunk Configuration Sets t he priv ate [...]
-
Page 44
Configuring the Switch 3-8 3 Basic Configuration Displaying System Information Y ou can easily ident ify the system by displayi ng t he device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location ?[...]
-
Page 45
Basic Configuration 3-9 3 CLI – S pecify the hostname, loca tion and cont act info rmation. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/firmware version numb ers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Number[...]
-
Page 46
Configuring the Switch 3-10 3 These additional p arameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Statu s – Displays the status of the redundant power supp ly. Web – Click System, Switch Information. Figure 3-4 Switch Info rmation CLI – Use the following command to di splay version information. Co[...]
-
Page 47
Basic Configuration 3-11 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensi ons for managed devices that support Multicast Filtering, T raf fic Classes, an d Virtual LANs. Y ou can access these extensions to display default sett ings for the key variables. Field Attributes • Extended Multicast Filtering Services – This [...]
-
Page 48
Configuring the Switch 3-12 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to con fi gure an IP interface for management access over the network. The IP address for thi s switch is obt ain ed via DHCP by defa ult. T o manually configure an address, you need to change the swit ch’s default setti[...]
-
Page 49
Basic Configuration 3-13 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN through whi ch the management st ation is attached, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply . Figure 3-6 Manual IP Config uration CLI – S pecify the management interfac e, IP[...]
-
Page 50
Configuring the Switch 3-14 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can confi gure the swi tch to be dynamically con figured by these s ervices. Web – Click System, IP Configura tion. S pecif y the VLAN to whi ch the management statio n is attached, set the I P Address Mode to DHCP or BOOTP . Click Apply to save your[...]
-
Page 51
Basic Configuration 3-15 3 Web – If the address assigned by DHCP is no longer funct ioning, you will not be able to renew the IP settings via the w e b interface. Y ou can only restart DHCP service via the web interface if the curren t address is still availabl e. CLI – Enter the following command to rest art DHCP service. Managing Firmware Y o[...]
-
Page 52
Configuring the Switch 3-16 3 Downloading System So ftware from a Serv er When downloading runtime code, you can specify the destination fil e name to replace the current image, or first download the file using a dif ferent name from the current runtime code fi le, and then set the new file as t he startup file. Web –Click System, File Manageme n[...]
-
Page 53
Basic Configuration 3-17 3 T o del ete a file se lect System, Fil e, Delete. Sel ect the file name from the give n list by checking the tick box and click Apply . Note that t he file currently designated as the startup code cannot be deleted. Figure 3-10 Dele ti ng Files CLI – T o download new firmware form a TFTP server , enter the IP address of[...]
-
Page 54
Configuring the Switch 3-18 3 Saving or Restoring Configuration Settings Y ou can upload/do wnload configuration setti ngs to/from a TFTP server or copy fil es to and from switch unit s in a st ack. The configurati on files can be later do wn loaded to restore the switch’s settings. Command Attributes • File Transfer Method – The configuratio[...]
-
Page 55
Basic Configuration 3-19 3 Downloading Configuration Set tings from a Server Y ou can download the conf igurat ion file un der a new file name and then set i t as the startup fi le, or you can specify the current sta rtup configuration fi le as the destination file to directly replac e it. Note that the file “Fac tory_Default_Config.cf g” can b[...]
-
Page 56
Configuring the Switch 3-20 3 CLI – Enter the IP address of the TFTP server , specify the source file on the server , set the sta rtup file name on the switch, and then rest art the switch. T o selec t another configurati on file as the start -up configuration, use t he boot system command and then rest art the switch. Console Port Settings Y ou [...]
-
Page 57
Basic Configuration 3-21 3 • Speed – Sets the t erminal line’ s baud rate f or transmit (to termi nal) and receiv e (from terminal ). Set the s peed to match t he baud rate o f the device conn ected to the serial port. (Range: 96 00, 19200, 38400, 57600, or 1 15200 baud; Default: 9600 bps) • Stop Bits – Sets the number of the s top bits t[...]
-
Page 58
Configuring the Switch 3-22 3 CLI – Enter Line Configuration mode for the con sole, then specify the conne ction parameters a s required. T o display the current console port sett ings, use the show line comm and fro m the No rmal Exec level. Telnet Settings Y ou can access the onboard conf ig uration pr ogram over t he network using T elnet (i.e[...]
-
Page 59
Basic Configuration 3-23 3 • Password Threshold – Set s the p assword intrusion threshold, which limits t he number of failed l ogon attempts. When the logon attempt threshold is reached, the system interfa ce becomes silent f or a specified amo unt of time (set by the Silent Time parameter) before al lowing the next log on at tempt. (Range: 0-[...]
-
Page 60
Configuring the Switch 3-24 3 CLI – Enter Line Configuration mode for a virtu al t erminal, then specify the connection p arameters as required. T o display the current virtual te rmi nal settings, use the show li ne command from t he Normal Exec level. Configuring Event Logging The switch allows yo u to co ntrol t he loggi ng of error messages, [...]
-
Page 61
Basic Configuration 3-25 3 • RAM Level – Limits log messages sav ed to the swi tch’s temporary RAM memory for all levels up to the specified level. For exa mple, if level 7 is specifi ed, all messages from level 0 to level 7 will be logged to RAM. (Ra nge: 0-7, Default: 6) Note: The Flash Level must be equal to or less than the RAM Level. Web[...]
-
Page 62
Configuring the Switch 3-26 3 Remote Log Configuration The Remote Logs pag e allows you to configure the l ogging of messages that are sent to syslog servers or other management stations. Y ou can also limit the error messages sent t o only those messag es below a specifi ed level. Command Attributes • Remote Log Status – Enables/disables the l[...]
-
Page 63
Basic Configuration 3-27 3 CLI – Enter the syslog server host I P address, choose t he facility t ype and set the logging tr ap. Displaying Log Messages The Logs pa ge allows you to scro ll through t he logged sy stem and e vent message s. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on [...]
-
Page 64
Configuring the Switch 3-28 3 Sending Simple Mail Transfer Protocol Alerts T o al ert system administ rators of problems, the switch can use SMTP (Simple Mail T ransfer Protocol) to send emai l messages when triggered by log ging events of a specified le vel. The messages a re sent to spec ified SMTP servers on the network and can be retrieved usin[...]
-
Page 65
Basic Configuration 3-29 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email add ress, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in th e SMTP Server field and click Add. T o delet e an IP address, click the entry in t he SMTP Server List and click Remove. S pe[...]
-
Page 66
Configuring the Switch 3-30 3 CLI – Enter the IP addres s of at least one SMTP serv er , set the syslog severity level to trigger an emai l message, and spe cify t he switch (s ource) a nd u p to f iv e recipi ent (destination) e mail addresses. Enable SMTP with the logg ing sendmail command to complete t he configuration. Use the show logging se[...]
-
Page 67
Basic Configuration 3-31 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the swit ch to set it s internal clock based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries . Y ou can also manually set t[...]
-
Page 68
Configuring the Switch 3-32 3 CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current ti me and settings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime meridian , zero degrees longitude. T o d[...]
-
Page 69
Simple Network Manag ement Protocol 3-33 3 Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication protocol designed specifi cally for managing devices on a network. Equipment commonly managed with SNMP i ncludes switches, routers and host computers. SNMP is typically used to con fi gure these devices for pr[...]
-
Page 70
Configuring the Switch 3-34 3 Web – Click SNMP , Configuratio n. Add new communit y strings as required, select the access right s from the Access Mode drop-down list, t hen click Add. Figure 3-22 Configuring SN MP CLI – The following example adds the strin g “spiderman” with read/write access. Specifying Trap Managers and Trap Types T raps[...]
-
Page 71
User Authentication 3-35 3 Web – Click SNMP , Configuration. Fill in the IP addres s and community string for each trap manager that will receive these messages, specify the SNMP versi on, mark the trap t ypes required, and then click Add . Figure 3-23 Config uri ng IP Trap Managers CLI – This exampl e adds a trap manager and enables both authe[...]
-
Page 72
Configuring the Switch 3-36 3 Command Attributes • Account List – Displays the current list of user account s and associated access levels. (Defaul ts: admin, and guest) • New Account – Displays configuratio n set tings for a new account. - User Name – The name of the user. (Maximum length: 8 charact ers) - Access Level – Specifies the [...]
-
Page 73
User Authentication 3-37 3 Configuring Local/Remote Logon Authentic ation Use the Authenticati on Settings menu to restrict mana gement access based on specified user name s and p asswords. Y ou can manually configure access right s on the switch, or you can use a remote access aut hentication server base d on RADIUS or T ACACS+ protocols. Remote A[...]
-
Page 74
Configuring the Switch 3-38 3 Command Attributes • Authentication – Select the authenticatio n, or authentication sequen ce required: - Local – User authentica tion is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server onl y. - TACACS – User authentication is perf ormed using a TACACS+ [...]
-
Page 75
User Authentication 3-39 3 Web – Click Security , Authent ication Setti ngs. T o configure local or remote authenticati on pref erences, specify the authenti cation sequence (i.e., one to three methods), fill in the parame te rs fo r RADI US o r T ACACS+ authentica ti on if sel e ct ed , and click Apply . Figure 3-25 Authenticati on Settin gs CLI[...]
-
Page 76
Configuring the Switch 3-40 3 Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransf er Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to th e switch’s we b int erface. Command Usage • Both the HTTP and HTTPS service can be enabled independ ently on t[...]
-
Page 77
User Authentication 3-41 3 Web – Click Security , HTTPS Sett ings. Enable HTTPS a nd speci fy th e port number , then click Appl y . Figure 3-26 HTTPS Setti ngs CLI – This example enables the HTTP secu re server and modifies the port number . Replacing the Default Secure-site Certificate When you log onto the web int erfa ce using HTTPS (for se[...]
-
Page 78
Configuring the Switch 3-42 3 Configuring the Secure Shell The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments. These tools, includi ng commands such as rlogin (remo te login), rsh (remote shell), and rcp (remote co[...]
-
Page 79
User Authentication 3-43 3 3. Import Client’ s Public Key to the Switch – Use the copy t f tp publ ic-key command (page 4-65) to copy a file contai nin g the public key for all the SSH client’ s granted management acces s to the switch. (Note that these cl ie nts must be configured locally on the switch via the User Accounts p age as describe[...]
-
Page 80
Configuring the Switch 3-44 3 Generating the Host Key Pair A host public/pri vate key p air is used to provide secure communicati ons betwe en an SSH client and the switch. Af t er generating this key p air , you must provide the host public key to SSH clien ts and import the clie nt’s public key to the switch as described in the proceedi ng sect[...]
-
Page 81
User Authentication 3-45 3 Web – Click Security , SSH, Host-Key Setti ngs. Select the host-k ey type from the drop-down box, select the optio n to save the host key from memory to fla sh (if required) prior t o generating the key , and then click Generate. Figure 3-27 SS H Host-Key Settings CLI – This example generates a host -k ey pair using b[...]
-
Page 82
Configuring the Switch 3-46 3 Configuring the SSH Server The SSH server incl udes basic sett ings for authe ntication. Field Attributes • SSH Server St atu s – Allows you to enable/ disable t he SSH server on th e switch. (Default: Disa bled) • Version – The Secure Shell vers ion number. Version 2. 0 is displayed, but the switch supports ma[...]
-
Page 83
User Authentication 3-47 3 CLI – This exampl e enables SSH, set s the authen tication p arameters, and displa ys the current configuration. It shows that th e admini strato r has made a conne cti on via SHH, and then disables th is connection. Configuring Port Security Port security is a feature that allows you to co nfigure a switch port with on[...]
-
Page 84
Configuring the Switch 3-48 3 • If a port is disabled (shut down) due to a security violation, it mus t be manu ally re-enabled from the Port/Port Confi gurat ion page (page 3-66). Command Attributes •P o r t – Port number. • Name – Descriptive text (page 4-109). • Action – Indicate s the action to be taken when a port security violat[...]
-
Page 85
User Authentication 3-49 3 Configuring 802.1X Port Auth entication Network switches can provide open and easy access to net work resources by simply att aching a client PC. Alth ough this automatic conf iguration and access is a desirable feat ure, it also al lows unauthorized personnel to easil y intrude and possibly gain access to sensitive netwo[...]
-
Page 86
Configuring the Switch 3-50 3 • The RADIUS server and clie nt a lso have t o su pport th e same EAP authe nticat i on type – MD5. (Some clients have native sup port in Windows, otherwise the dot1 x client must support i t.) Displaying 802.1X Global Settings The 802.1X proto col provides client authentication . Command Attributes • 802.1X Syst[...]
-
Page 87
User Authentication 3-51 3 Configuring 802.1X Global Settin gs The 802.1X proto col provides client authentication . Command Attributes • 802.1X System Auth entication Control – Set s the global settin g for 802. 1X. (Default: Disabl ed) Web – Select Security , 802.1X, Configurat ion. Enable 80 2.1X globally for the switch, and click Apply . [...]
-
Page 88
Configuring the Switch 3-52 3 • Max-Req – Sets the maximum number of times the swit ch port will retransmit an EAP request packet to the clie nt before it times out the aut hentication sessio n. (Range: 1-10; Default 2) • Quiet Peri od – Sets the time tha t a switch port waits af ter the Max Request Count has been exc eeded before attempt i[...]
-
Page 89
User Authentication 3-53 3 CLI – This example set s the 802.1X paramete rs on port 2. For a description of the additional fields displa yed in this exampl e, see “show dot1 x” on page 4-86 . Console(config)#interface ethernet 1/2 4-108 Console(config-if)#dot1x port-control a uto 4-82 Console(config-if)#dot1x re-authenticat ion 4-84 Console(co[...]
-
Page 90
Configuring the Switch 3-54 3 Displaying 802.1X Statistics This switch can display st atistics for do t1x protocol exc hanges for any po rt. T able 3-5 802.1X Statistics Parameter Descripti on Rx EAPOL Start The number of EAPOL Start frames that have been rec eived by this Authenticat or . Rx EAPOL Logoff The number of EAPOL Logoff frames th at hav[...]
-
Page 91
User Authentication 3-55 3 Web – Select Security , 802.1X, S tatistics. Se lect the require d port and then click Query . Click Refresh to update the st atistics. Figure 3-33 802.1X Port Statistics CLI – This example displays the 802. 1X statistics fo r port 4. Filtering IP Addresses for Management Access Y ou create a list of up to 16 IP addre[...]
-
Page 92
Configuring the Switch 3-56 3 • IP address can be configured for SNMP, web and Telnet access respect ively. Each of these groups can include up to five dif ferent sets of ad dresses, eit her individual addresses or address ranges. • When entering addresses fo r the same group (i.e., SNMP, we b or Telnet), the switch will n ot accept overlappi n[...]
-
Page 93
Access Control Li sts 3-57 3 CLI – This example allows SNMP access for a specific cli ent. Access Control Lists Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incomin g packets,[...]
-
Page 94
Configuring the Switch 3-58 3 3. Explicit default ru le (permit any any) in the ingre ss IP ACL for ing ress ports. 4. Explicit default ru le (permit any any) in the ingress MAC ACL for ingress port s. 5. If no explicit rule is mat ched, the implicit defa ult is permit all. Setting the ACL Name and Type Use the ACL Configuration p age to designat e[...]
-
Page 95
Access Control Li sts 3-59 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Address Type – Specifies the so urce IP address. Use “Any” to inc lude all possible addresses, “Host” to speci fy a specific hos t address in th e Address fiel d, or “IP” to speci[...]
-
Page 96
Configuring the Switch 3-60 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destination Address Type – Spec if ies the source or destination I P address. Use “Any” to include al l poss ible addresses, “Hos t” to sp ecify a specific host address in th[...]
-
Page 97
Access Control Li sts 3-61 3 Web – S pecify the action (i. e., Permit or Deny). S peci fy the source and/or destination addre sses. Select the address type (Any , Host, or IP). If you select “Host,” enter a specific addre ss. If you select “IP ,” enter a subnet address and the mask for an address range. Set any other required criteria , s[...]
-
Page 98
Configuring the Switch 3-62 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destinatio n Address Ty pe – Use “Any” to include all possib le addresses, “Host” to indica te a specific MAC ad dress, or “MAC” to speci fy an address range with the Address and [...]
-
Page 99
Access Control Li sts 3-63 3 Binding a Port to an Access Control List After configurin g Access Control Lists (ACL), you should bi nd them to the ports that need to filter traf fic. Y ou can assi gn one IP access list to any port, but you can only assign one MAC access li st to all the port s on the switch. Command Usage • You must configure a ma[...]
-
Page 100
Configuring the Switch 3-64 3 CLI – This example assigns an IP and MAC access list to port 1, an d an IP access list to port 3. Port Configuration Displaying Connection Status Y ou can use t he Port Informati on or T runk Informat ion pages to display the current connection st atus, includi ng li nk state, spe ed/ duplex mode, flow control, and a[...]
-
Page 101
Port Configuration 3-65 3 Web – Click Port, Port In fo rma ti o n or T runk Inform at io n . Figure 3-40 Displayi ng Port/Trunk Information Field Attributes (CLI ) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 100 0BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access t his item on t[...]
-
Page 102
Configuring the Switch 3-66 3 • Max MAC count – Shows the maximum number of MAC address that can be learned by a p ort. (0 - 1024 addresse s) • Port security action – Shows the response to take when a security viol ation is detected. (shutdo wn, trap, trap-and-shutdown, or none) Current S tatus: • Link Status – Indicates if the link is [...]
-
Page 103
Port Configuration 3-67 3 • Flow Control – Allows automatic or manual selection of fl ow cont rol. • Autonegotiation (Port Capabili ties) – Allows auto-n egotiation to be enabl ed/ disabled. When auto -negotiation is enabl ed, you need to specify the capa bilities to be advertised. When aut o-neg otiation is disabled, you can force the sett[...]
-
Page 104
Configuring the Switch 3-68 3 CLI – Select the interface, and the n enter the required settings. Creating Trunk Groups Y ou can create multipl e li nks between devices that work as one virt ual, aggregate link. A port trun k offers a dramatic increase in bandwi dth for netwo rk segments where bottlenecks exist , as well as providing a fault-to le[...]
-
Page 105
Port Configuration 3-69 3 • The ports at both ends of a trunk must be configured in an identic al mann er, including communi cation mode (i .e., sp eed, duplex mo de and fl ow control), VLAN assignments, and Co S settings. • All the ports in a trun k have to be treated as a whole when move d from/to, added or deleted from a VLAN. • STP, VLAN,[...]
-
Page 106
Configuring the Switch 3-70 3 CLI – This example creates trunk 2 wi th ports 1 and 2. Just conne ct these ports to two stati c trunk ports on ano ther switch to form a tru nk. Enabling LACP on Selected Port s Command Usage • To avoid creat ing a loop in t he network, be sure you enable LACP b efore connecting the ports, and also disconnec t the[...]
-
Page 107
Port Configuration 3-71 3 Command Attributes • Member List (Current) – Shows configured trunks (Unit, Port). • New – Includes entry fields f or creating new trunks. - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) Web – Click Port, L ACP , Configuration. Select any of the switch po rts from t he scroll-down po[...]
-
Page 108
Configuring the Switch 3-72 3 CLI – The followi ng example enables LACP for ports 1 t o 6. Just connect these ports to LACP-enabled trunk port s on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp 4-125 Console(config-if)#exit . . . Console(config)#interface ethernet 1/6 Console(config-if)#lacp [...]
-
Page 109
Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must me et the followin g criteria: • Ports must have the same LACP Sy stem Priority. • Ports must have the same LACP port Admin Key. • However, if t he “port chan nel” Admin Key is se t (page 4-142), t he[...]
-
Page 110
Configuring the Switch 3-74 3 Web – Click Port, L ACP , Aggregation Port. Set the System Priority , Admin Key , and Port Priority for the Port Actor . Y ou can optionally conf igure these settings for the Port Partner . (Be aware th at these sett ings onl y af fect the administ rative st ate of the partne r , and will not tak e effect un til the [...]
-
Page 111
Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for port s 1-4. Ports 1-4 are used as active members of the LAG . Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages . Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp actor system-pr iority 3 4-126 Console(con[...]
-
Page 112
Configuring the Switch 3-76 3 Web – Click Port, LACP , Port Counters Inf ormation. Select a member port to display the corresponding info rmation. Figure 3-45 L ACP - Port Counter s Information CLI – The following example displ ays LACP counters. LACPDUs Unknown Pkts Number of frames receiv ed that either (1) Carry the Slow Protocols Ethernet T[...]
-
Page 113
Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display confi gurat ion settings and the operati onal state for th e loca l side of an link aggrega tion. T able 3-7 LACP Internal Configuration Informat ion Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Cu[...]
-
Page 114
Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informati on. Select a port channel to di spl ay the corresponding info rmation. Figure 3-46 LACP - Port Internal Infor mation CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the local side of port channel 1. Console#show lacp [...]
-
Page 115
Port Configuration 3-79 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal state for the remote side of an link aggregat ion. Web – Click Port, L ACP , Port Neighbors In formation. Select a port channel t o display the correspondi ng in formation. Figure 3-47 LACP - Port Neig [...]
-
Page 116
Configuring the Switch 3-80 3 CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the remote s ide of port channel 1. Console#show lacp 1 neighbors 4-129 Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- [...]
-
Page 117
Port Configuration 3-81 3 Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malf unctioning, or if application programs are no t well designed or properl y configured. If there is too much broadcast traf fic on your network, perfo rmance can be severely degraded or everything c an come to complete halt. [...]
-
Page 118
Configuring the Switch 3-82 3 CLI – S pecify any int erface, and then enter the thres hol d. The following disables broadcast storm contro l for port 1, and then set s broadcast suppressi on at 600 octets per seco nd for port 2 (which applies to all po rts). Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port[...]
-
Page 119
Port Configuration 3-83 3 • Target Unit – The unit whose port will “duplica te” or “mirror” the traffic on the source port. • Target Port – The port that will mi rror the traffic o n the source port. Web – Click Port, Mirror Port Configuration. S pecif y the source port/unit, the traffic type to be mirrored, and the moni to r port[...]
-
Page 120
Configuring the Switch 3-84 3 Rate Limit Granul arity Rate limit granulari ty is an additional fe atu re enabling the network manager great er control over traf fic on the network. The “rate li mit granularity” is multiplie d by the “rate limit level” (p age 3-84) to set the actual rate limit for an interface. Granularit y is a global setti[...]
-
Page 121
Port Configuration 3-85 3 Web – Click Port, Rate Limit, Input/Output Port/T runk Configuration. Enable the Rate Limit S tatus for the required interfaces, set th e Rate Limit Level, and cli ck Apply . Figure 3-51 Output Rate Li mit Port Configurati on CLI - This example sets the rat e limit level for input and output traf fic passing through port[...]
-
Page 122
Configuring the Switch 3-86 3 T able 3-9 Po rt Statis tics Parameter Description Interface Stat istics Received Octets The total number of octets received on the interface, in cluding framing characters. Received Unicast Pack ets The number of subnetwo rk-unica st packets delivered to a highe r-layer protocol. Received Multicast Packets The number [...]
-
Page 123
Port Configuration 3-87 3 Excessive Collisions A count of frames for which tr ansmission on a particular interfac e fails due to excessiv e collisions. This counter does n ot increment when the interface is operating in full-dup lex mode. Single Collision Frames The number of successfully t ransmitted frames for which transmiss ion is inhibited by [...]
-
Page 124
Configuring the Switch 3-88 3 Fragments The total number of frames received that were less than 64 octets in length (excluding framing bit s, but including FCS octe ts ) and had either an FCS or alignment error . 64 Bytes Frames Th e tot al number of frames (including bad packets) received and transmitted that were 64 octets in length (exc luding f[...]
-
Page 125
Port Configuration 3-89 3 Web – Click Port, Port S tatistics. Sel ect the required int erface, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen. Figure 3-52 Port Statistics[...]
-
Page 126
Configuring the Switch 3-90 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for al l known devices. Thi s information is used to pa ss traff ic directly between the inboun d and outbound ports. All the addresses learned by monitoring traf f ic are stored in t he dynamic address t able. Y ou[...]
-
Page 127
Address T able Settings 3-91 3 Web – Click Address T able, S tatic Ad dresses. S pecify th e interface, the MAC address and VLAN, then click Add S tatic Address. Figure 3-53 Configurin g a Static Address Table CLI – This exampl e adds an address to the st atic address t able, but set s it to be deleted when t he switch is reset. Displaying the [...]
-
Page 128
Configuring the Switch 3-92 3 Web – Click Address T able, Dynamic Add resses. S pecify the search type (i.e., mark the Interfac e, MAC Ad dress, or VLAN checkbox), select the met hod of sorting the displayed addresses, and the n click Query . Figure 3-54 Configurin g a Dynamic Address Table CLI – This example also displa ys the address table en[...]
-
Page 129
Spanning Tree Algorithm Configuration 3-93 3 Changing the Aging Time Y ou can set the aging ti me for entries in the dynamic add ress table. Command Attributes • Aging Status – Enables/disables the funct ion. • Aging Time – The time after which a learned entry is di scarded. (Range: 10-30000 seconds; Default: 300 second s) Web – Click Add[...]
-
Page 130
Configuring the Switch 3-94 3 Once a st able network topolo gy has been est ablished, al l bridges listen for Hello BPDUs (Bridge Protocol Data Unit s) transm itt ed from the Root Bridge. If a brid ge does not get a Hello BPDU af ter a predefined interval (Maximum Age), t he brid ge assumes that the link to th e Root Bridge is down. This bridge wil[...]
-
Page 131
Spanning Tree Algorithm Configuration 3-95 3 information that would make it return to a discard ing state; othe rwise, temporary data loops mi ght result. • Designated Root – The priority and MAC address of th e device in the Spanning Tree that this switch has accep ted as the root device. - Root Port – The number of the port on this switch t[...]
-
Page 132
Configuring the Switch 3-96 3 Web – Click S panning T ree, ST A, Informatio n. Figure 3-56 Displaying Spa nning Tree Information CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Console#show s[...]
-
Page 133
Spanning Tree Algorithm Configuration 3-97 3 Configuring Global Settings Global setti ngs apply to the entire switch. Command Usage • Spanning Tree Protoco l* Uses RSTP for the internal stat e machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol * 8 RSTP supports conne ctions to either STP or RSTP nodes by monitoring the incomin[...]
-
Page 134
Configuring the Switch 3-98 3 • Maximum Age – The maximum time (in sec onds) a device can wait without receiving a configurat io n message before attempting to reconfigure. All device ports (except for designated port s) should receive configuration messag es at regular inte rv als. Any port that ages out STA information (provided in the last c[...]
-
Page 135
Spanning Tree Algorithm Configuration 3-99 3 Web – Click S p anni ng T ree, ST A, Configuration. Modify the required attributes, and click Apply . Figure 3-57 Config uri ng Spanning Tree CLI – This example enables S panning T ree Protocol, s et s the mode to RSTP , and then configures the ST A and RSTP parameters. Console(config)#spanning-tree [...]
-
Page 136
Configuring the Switch 3-100 3 Displaying Interface Settings The ST A Port Information and ST A Trunk I nformation pag es display the current status of ports an d trunks in th e S pann ing T ree. Field Attributes • Spanning Tr ee – Shows if STA has been enabled on th is in terface. • STA Status – Displays current state of this port withi n [...]
-
Page 137
Spanning Tree Algorithm Configuration 3-101 3 • Trunk Member – Indicates if a port is a member of a tr unk. (STA Port Information only) These additional p arameters are only displayed fo r the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This paramet er is used by the STA to determine t he best path between de[...]
-
Page 138
Configuring the Switch 3-102 3 • Admin Edge Port – You can enable this option if an int erface is attached to a LAN segment that is at th e end of a bridged LAN or to an end node. Since end nodes cannot cause f orwarding loops, they c an pass directly through t o the spanning tree forwarding state. Spe cifying Edge Ports provides quicker co nve[...]
-
Page 139
Spanning Tree Algorithm Configuration 3-103 3 Configuring Interface Settings Y ou can configure RSTP attributes for s pecific interfa ces, including po rt priority , pat h cost, link type, and edge port. Y ou may use a diff erent priority or path cost for port s of the same media type to in dicate the preferred pat h, link type to indicate a point-[...]
-
Page 140
Configuring the Switch 3-104 3 • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exac tly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines i f th e interface is attached to a point-to-point link or to s hared media. (This is the de[...]
-
Page 141
VLAN Configuration 3-105 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to iso late broadcast traff ic for each subnet into separate d omains. Th is switch provides a similar s ervice at Layer 2 by using VLANs to organize any group of network nod es into separate broadcast domains. VLANs confine broadcast traf fic to the[...]
-
Page 142
Configuring the Switch 3-106 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN- unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging. VLAN Classification – When the switch receives a fr ame, it classifies the frame in one of two[...]
-
Page 143
VLAN Configuration 3-107 3 these host s, and core switches in the network, enabl e GVRP on the links between these devices. Y ou should also determine security boundaries in th e network and disable GVRP on the boundary port s to prevent advertisement s from being propagated , or forbid those ports from jo in ing restricted VLANs. Note: If you have[...]
-
Page 144
Configuring the Switch 3-108 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Prot oco l (GVRP) defines a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the network. VLANs are dynamically config ured based on join messages issued by host devices and propagat ed throughout the ne[...]
-
Page 145
VLAN Configuration 3-109 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T abl e shows t he current port members of each VLAN and whether or not the port supp orts VLAN t agging. Port s assigned to a large VLAN group that crosses several switches sh ould use VLAN tagging. However , if you just want to create a small[...]
-
Page 146
Configuring the Switch 3-110 3 Web – Click VLAN, 802.1Q VLAN, Current T able. Select any ID from t he scroll-down list. Figure 3-62 Disp laying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no lea din g zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatic ally learned via GV[...]
-
Page 147
VLAN Configuration 3-111 3 Creating VLANs Use the VLAN S tat i c List to create or remove VLAN groups. T o propagate information abo ut VLAN group s used on this switch to ex ternal network de vices, you must specify a VLAN ID for each of thes e groups. Command Attributes • Current – Lists all the curre nt VLAN groups created for this system. U[...]
-
Page 148
Configuring the Switch 3-112 3 CLI – This example creates a new VLAN. Adding Static Members to VLANs (VLAN Index) Use the VLAN S tat ic T able to con figure port members for the selected VL AN index. Assign ports a s t agged if they are co nnect ed to 802. 1Q VLAN co mplian t d evic es, or untagged t hey are not connected to any VLAN-aware device[...]
-
Page 149
VLAN Configuration 3-113 3 • Membership Type – Select VLAN membership for each int erface by marking the appropriate radio button fo r a port or trunk: - Tagged : Interface is a member of the VLAN. All packet s transmitted by the port will be tagged, th at is, carry a t ag and t herefore c arry VLAN or CoS i nfo rmation. - Untagged : Interface [...]
-
Page 150
Configuring the Switch 3-114 3 Adding Static Members to VLANs (Port Index) Use the VLAN S tat ic Membership by Port menu to assi gn VLAN groups to the selected interfa ce as a tagged member . Command Attributes • Interface – Port or trunk identif ier. • Member – VLANs for which the select ed i nterface is a tagged membe r. • Non-Member ?[...]
-
Page 151
VLAN Configuration 3-115 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN beh avior fo r specifi c inte rface s, includi ng the d efaul t VLAN identifier (PVID), acce pted frame types, in gress fi ltering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a wa y for switches to exchan[...]
-
Page 152
Configuring the Switch 3-116 3 • GARP Leave Timer 10 – The interval a port waits before leav ing a VLAN group. This time shoul d be set to more than t wice the joi n time. This ensures that afte r a Leave or LeaveAll message has be en issued, t he applicants can rejoin before the port actually leave s the group. (Range: 60-3000 centisecon ds; D[...]
-
Page 153
VLAN Configuration 3-117 3 CLI – This exampl e set s port 3 to accept only t agged frames, assi gns PVI D 3 as th e native VLAN ID, enabl es GVRP , set s the GARP timers, and then se t s the switchport mode to hybrid. Private VLANs Private VLANs provide port-based security and isolation between p orts within the a ssigned VLAN. This switch suppor[...]
-
Page 154
Configuring the Switch 3-118 3 2. Use the Private VLAN Port Configurati on men u (page 3-121) to set the port type to promis cuous (i.e., the single channel t o the external network), or isolated (i.e., havi ng acc ess only to the promiscuous port in it s own VLAN). Then assign the promiscuous port and all host ports to an isolated VLAN. Displaying[...]
-
Page 155
VLAN Configuration 3-119 3 Configuring Private VLANs The Private VLAN Configuratio n pa ge is us ed to create/ remove primary , community , or isolated VLANs. Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Type – There are three types of private VLANs: - Primary VLANs – Conveys traff ic between promisc uous ports, a nd t[...]
-
Page 156
Configuring the Switch 3-120 3 Web – Click VLAN, Priva te VLAN, Associatio n. Sele ct the required prima ry VLAN from the scroll -down box, highlight one or more community VLANs in the Non-Association list bo x, and click Add to associate th ese entries with the select ed primary VLAN. (A community VLAN can onl y be associated wit h one primary V[...]
-
Page 157
VLAN Configuration 3-121 3 Web – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Info rmatio n CLI – This example shows the switch configured wit h prima ry VLAN 5 and community VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have bee n configured [...]
-
Page 158
Configuring the Switch 3-122 3 • Community VL AN – A community VLAN conveys traffi c between community ports, and fro m community ports to thei r desig nated promiscuous port s. Set PVLAN Port T ype to “Host,” and then specif y the associated Community VLAN. • Isolated VLAN – Conveys tra ffic only bet we en the VLAN’s is ola ted ports[...]
-
Page 159
Class of Service Conf iguration 3-123 3 Class of Service Configuration Class of Service (CoS) al lows you to specif y which data packet s have greater precedence when traf fic is buf fered in the switc h due to congestion. Thi s switch supports Co S with four priority queu es for each port. Data p acket s in a port’s high-priority queu e wil l be[...]
-
Page 160
Configuring the Switch 3-124 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then cli ck Apply . Figure 3-72 Po rt Priority Configuration CLI – This example assigns a defau lt priority of 5 to port 3. Console(config)#interface ethernet 1/3 4-108 Console(config-if)#swit[...]
-
Page 161
Class of Service Conf iguration 3-125 3 Mapping CoS Values to Egress Que ues This switch processe s Class of Service (CoS) p riority tagge d traffi c by using four priority queues for each port, wit h servi ce schedules based on strict or We ighted Round Robin (WRR). Up to ei ght separate traf fic priorities are defi ned in IEEE 802.1p. The default[...]
-
Page 162
Configuring the Switch 3-126 3 Web – Click Priority , T raff ic Classes. The current mapping of CoS val ues t o output queues is displayed. Assign priorities to the traf fic classes (i.e., out put queues), then click Appl y . Figure 3-73 Traffic Classes CLI – The following example shows ho w to change the CoS assignment s to a one-to-one mappin[...]
-
Page 163
Class of Service Conf iguration 3-127 3 Selecting the Queue Mode Y ou can set the switch to servi ce the queues based on a strict rule that requi res all traff ic in a higher pri ority queue to be processed before l ower priority queues a re serviced, or use W eighted Round-Robin (WRR) queuin g that specifies a relative weight of each queue. WRR us[...]
-
Page 164
Configuring the Switch 3-128 3 Web – Click Priorit y , Queue Sc hedu li ng. Hi ghl igh t a traf fic class (i .e., ou tpu t que ue), enter a weight, th en click Apply . Figure 3-75 Configuring Queue Scheduling CLI – The following example sho ws how to assign WRR weight s to each of the priority queues. Layer 3/4 Priority Settings Mapping Layer 3[...]
-
Page 165
Class of Service Conf iguration 3-129 3 Selecting IP Precedence/DSCP Prio rity The switch allows you to choose betwe en using IP Precedence or DSCP priority . Select one of the methods or disabl e this feature. Command Attributes • Disabled – Disables both priority service s. (This is the default setti ng.) • IP Precedence – Maps l ayer 3/4[...]
-
Page 166
Configuring the Switch 3-130 3 Web – Click Priority , IP Precedence Priority . Select an entry from the IP Preceden ce Priority T able, enter a value i n the Class of Service V alue f ield, and then cl ick Apply . Figure 3-77 IP Precedence Prior ity CLI – The f ollowing example globally ena bles IP Precedence se rvice on the swi tch, maps IP Pr[...]
-
Page 167
Class of Service Conf iguration 3-131 3 Mapping DSCP Priority The DSCP is six bits wide , allowing coding for up to 64 dif ferent forwarding behaviors. The DSCP replaces the T oS bits, but it retain s backward compatibili ty with the three precede nce bits so that non-DSCP co mpliant, T oS-enabled devices, will not conflic t with the DSCP mapping. [...]
-
Page 168
Configuring the Switch 3-132 3 CLI – The following example global ly enables DSCP Priority service on t he swit ch, maps DSCP value 0 t o CoS value 1 (o n port 1), and the n displays th e DSCP Priority settings. * Mapping speci fic values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the all inter[...]
-
Page 169
Class of Service Conf iguration 3-133 3 Click Priority , IP Port Priorit y . Enter the port number for a network application in t he IP Port Number box and the new CoS value in the Cla ss of Service box, and then click Apply . Figure 3-80 IP Port Pr iority CLI – The following example global ly enables IP Port Priority service on the switch, maps [...]
-
Page 170
Configuring the Switch 3-134 3 Command Attributes • Port – Port identifier. • Name 15 – Name of ACL. • Type – Type of ACL (IP or MAC). • CoS Pr iority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Prior ity Mapping – Displays the configured information. Web – Click Priority , ACL CoS Priority . E[...]
-
Page 171
Multicast Filt ering 3-135 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio. A multicast server does not have to est ablish a sep arate connection wit h each client. It merel y bro adcasts it s service to the network, and any host s that want to receive the multicast registe[...]
-
Page 172
Configuring the Switch 3-136 3 Configuring IGMP Sn ooping and Query P arameters Y ou can configure the switch t o forward multicast traff ic intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the port s tha t request multicast tr affic. This preven ts the switch from broadcast ing the traf f ic to all[...]
-
Page 173
Multicast Filt ering 3-137 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP set tings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-82 IGMP Configura tion CLI – This exampl e modifies the se ttings for mul ticast filt ering, and then di splays the current st atus. Displaying Interfaces A[...]
-
Page 174
Configuring the Switch 3-138 3 Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multicast routers dynamically discovered by this swit ch or those that are statical ly assigned to an interfa ce on this switch. Web – Click IGMP Snoopi ng, Multicast Router Port Inf ormation. Select the re quired VLAN I[...]
-
Page 175
Multicast Filt ering 3-139 3 Web – Click IGMP Snoopi ng, S tatic Multicast Router Port Config uration. S pecify the interfaces att ached to a mult icast router , indicate the VLAN which will forward al l the corresponding mult icast traf fic, and then click Add. Aft er you have finished adding interfaces to the li st, click Apply . Figure 3-84 St[...]
-
Page 176
Configuring the Switch 3-140 3 Displaying Port Members of Multicast Se rvices Y ou can display the port members associ ated with a specified VLAN and multica st service. Command Attributes • VLAN ID – Selects the VLAN for which to display port members. • Multicast IP Address – The IP address for a speci fic multicast service. • Multicast [...]
-
Page 177
Multicast Filt ering 3-141 3 Assigning Ports to Multicast Services Multicast f iltering can b e dynamically co nfigured usin g IGMP Snooping an d IGMP Query messages as described in “Config uring IGMP snooping and Query Parameters” on page 3 - 133. For ce rt ain applica tions th at requi re ti ght er control , you may need to st aticall y confi[...]
-
Page 178
Configuring the Switch 3-142 3 CLI – This example assigns a multic ast address to VLAN 1, and then disp lays all the known multicast services suppo rted on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 4-182 Console(config)#exit Console#show mac-address-table multicas t vlan 1 4-184 VLAN M'cast IP addr. Memb[...]
-
Page 179
4-1 Chapter 4: Command Line Interface This chapter descri bes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface for the switch over a direct con nection to the server’s console port, or via a T elnet connection, the switch can be managed by entering command key[...]
-
Page 180
Command Line Interfa ce 4-2 4 Note: The IP address for this switch is obtained via DHCP by default. T o access t he switch through a T elnet session, you must first set the IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet. For exampl e, If your corp orate network is c onnected to [...]
-
Page 181
Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords an d arguments. Keywords identify a command, and argument s specify configuration p arameters. For example, in the command “show interfaces st atus ethernet 1/5,” show interfaces and status ar[...]
-
Page 182
Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration cl ass (Global, ACL, Interface, Line or VLAN Dat abase). Y ou can also display a list of valid keywords for a specific comm[...]
-
Page 183
Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a partial keyword with a qu estion mark, alternati ves that match t he initial letters are provi ded. (Remember not to leave a sp ace between the command and question mark.) For exampl e “ s? ” shows all the keywords starti ng with “s.” Negating the Effect of Commands For many[...]
-
Page 184
Command Line Interfa ce 4-6 4 Exec Commands When you open a new console session on the swit ch wit h the user name and password “guest,” the system enters the Normal Exec command mod e (or guest mode), displaying th e “Console>” command prompt. Only a limit ed number of the commands are available in t his mode. Y ou can access all comman[...]
-
Page 185
Entering Commands 4-7 4 T o ent er the Global Configurati on mode, ente r the command configure in Privileged Exec mode. The s ystem prompt will change to “Consol e(config)#” which gives you access privilege to all Global Configuration comma nds. T o ente r the other modes, at the confi guration prompt type one of the fo llowing commands. Use t[...]
-
Page 186
Command Line Interfa ce 4-8 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and p arameters as long as t hey conta in enough letters to diff erentiate them f rom any other curre ntly available comma nds or paramet ers. Y ou can use t he T ab k ey to complete parti al commands, or enter a p artial command fol[...]
-
Page 187
Command Groups 4-9 4 Command Groups The system commands can be broken down into the functiona l groups shown bel ow . The access mode shown in the followi ng tables is indic ated by these abbreviati ons: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Confi guration) GC (Global Configuratio n) VC (VLAN Database Conf igur[...]
-
Page 188
Command Line Interfa ce 4-10 4 Line Commands Y ou can access the onboard config uration program b y attaching a VT100 compatib le device to the server’s serial port. These commands are used to set communication p arameters for the serial port or T elnet (i.e., a virtual terminal). line This command identif ies a specifi c line for con figuration,[...]
-
Page 189
Line Comma nds 4-11 4 Command Usage T elne t is considered a virtual terminal connection and wil l be shown as “Vty” in screen displays such as show users . However , the serial communication paramet ers (e.g., dat abits) do not af fect T elnet connections. Example T o en ter console l ine mode, enter t he following comman d: Related Commands s[...]
-
Page 190
Command Line Interfa ce 4-12 4 Example Related Commands username (4-26) password (4-12) password This command specifies the password for a line. Use the no form to rem ove the password. Syntax p assword { 0 | 7 } pass wor d no pa ssword •{ 0 | 7 } - 0 means plain password, 7 means encryp ted password • password - Character string t hat specifie[...]
-
Page 191
Line Comma nds 4-13 4 timeout login response This command sets th e interval that the system waits for a user to log into the CLI. Use the no form to restore the default. Syntax timeout l ogin respons e [ seconds ] no timeout lo gin response seconds - Integer that specifies the timeout interval. (Range: 0 - 300 seconds; 0: disabled) Default Setting[...]
-
Page 192
Command Line Interfa ce 4-14 4 Command Mode Line Configuration Command Usage • If user input is detec ted within the timeout int erval, the session is kept open ; otherwise the sessi on is terminated. • This command app lies to both the local consol e and Telnet con nections. • The timeout for Telnet cannot b e disabled. • Using the command[...]
-
Page 193
Line Comma nds 4-15 4 Related Commands silent-ti me (4-15) timeout login response (4-13) silent-time This command sets th e amount of time the management cons ole is inaccessible after the nu mber of uns uccessful logon atte mpt s exceeds the threshold set by the p assword-thresh command. Use the no form to remove th e silent time valu e. Syntax si[...]
-
Page 194
Command Line Interfa ce 4-16 4 Command Usage The databi ts command can be used to mask t he high bit o n input from devices that generat e 7 data bit s with parity . If p arity is being gene rated, specify 7 dat a bits pe r character . If no parity is re quired, specify 8 d ata bit s per character . Example T o speci fy 7 data bit s, enter this com[...]
-
Page 195
Line Comma nds 4-17 4 speed This command sets th e terminal line’ s baud rate. This command set s both the transmit (to t erminal) an d receive (f rom terminal) sp eeds. Use t he no form to restor e the default sett in g. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 1 15200 bps) Default Settin[...]
-
Page 196
Command Line Interfa ce 4-18 4 disconnect This command termina tes an SSH, T elnet, or console con nection. Syntax disconnec t session-id session-id – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecifying session identifier “0” wil l disconnect the console con nec[...]
-
Page 197
General Comma nds 4-19 4 Example T o sh ow all lines, enter this command: General Commands enable This command activates Pri v il eged Exec mode. In privileged mode, add itional commands are avail able, and cert ain command s display addi tional informat ion. See “Understandin g Command Modes” on page 4-5. Syntax enable [ level ] level - Privil[...]
-
Page 198
Command Line Interfa ce 4-20 4 Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the def ault password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on p age 4-27.) • The “#” character is appended to the end of the prompt to indi[...]
-
Page 199
General Comma nds 4-21 4 configure This command activates Globa l Configuration mode. Y ou must enter this mode to modify any settings on the switch. Y ou must also enter Global Config uration mode prior to enabling some of the oth er configuration modes, incl uding Interface Configuration, Line Conf iguration, and VLAN Dat abase Configuration . Se[...]
-
Page 200
Command Line Interfa ce 4-22 4 The ! command repeats commands from the Execution command history buf fer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command hist ory buffer when you are in any of the configuration modes. In this example , the !2 command repeat s the second command in the Execution histo [...]
-
Page 201
General Comma nds 4-23 4 exit This command returns to the previous conf iguration mode or exit the confi guration program. Default Setting None Command Mode Any Example This example shows how to return to the Pri vileged Exec mode from the Global Configuration mode, and then quit the CLI session : quit This command exit s the configuration program.[...]
-
Page 202
Command Line Interfa ce 4-24 4 System Management Commands These commands are used to control system l ogs, passwords, user n ames, browser configuration options, and di splay or confi gure a variety of other system information. Device Designation Commands prompt This command customi zes the CLI prompt. Use the no form to restore the default prompt.[...]
-
Page 203
System Management Comma nds 4-25 4 Example hostname This command specifies or modif ies the host name for this device . Use the no form to restore the de fault host name. Syntax hostname name no hostname name - The name of this host. (M aximum length: 255 characters) Default Setting None Command Mode Global Configurat ion Example User Access Comman[...]
-
Page 204
Command Line Interfa ce 4-26 4 username This command adds named users, requi res aut hentication at logi n, specifies or changes a user's pas swo rd (o r sp eci fy that no p assword is requ ired), or specifi es or changes a user's a ccess level. Use t he no form to remove a user name. Syntax username name { access-level level | nopassword[...]
-
Page 205
System Management Comma nds 4-27 4 enable password After initiall y logg ing onto the system, you should se t the Privil eged Exec p asswo rd. Remember to record it in a safe place. Thi s command controls access to the Privileged Exec level f rom the Normal Exec level. Use the no form to reset the default p assword. Syntax enable p assword [ level [...]
-
Page 206
Command Line Interfa ce 4-28 4 IP Filter Commands management This command specif ies the cli ent IP addresses that are allowed mana gement access to the switch through various protocols. Use the no form to restore the default setti ng. Syntax [ no ] management { all-cl ient | http-client | snmp-client | telnet-client } start-address [ end-address ][...]
-
Page 207
System Management Comma nds 4-29 4 Example This example re stricts ma nagement access to t he indicated add resses. show managem ent This command displays the cli ent IP addresses that are allowed management access to the swi tch through various protocols. Syntax show management { all-client | http-client | snmp-client | telnet-client } • all-cli[...]
-
Page 208
Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by t he web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 80 Command Mode Globa[...]
-
Page 209
System Management Comma nds 4-31 4 Example Related Commands ip http port (4 -3 0) ip http secure-server This command enables the secure hype rtext transfer protocol (HTTPS) over th e Secure Socket Layer (SSL), providing se cure access (i.e., an encrypt ed connection) to the switch’ s web interface. Use the no form to disable thi s function. Synta[...]
-
Page 210
Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4 -32) copy tf tp https-certi ficate (4-65) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’ s web interface. Use the no form to restore the default po rt. Syntax ip http secure- port port_numb er no ip http secu[...]
-
Page 211
System Management Comma nds 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number used by t he T elne t interface. Use the no form to use the default port . Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 23 Comman[...]
-
Page 212
Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments. These tools, includi ng commands such as rlogin (remo te login), rsh [...]
-
Page 213
System Management Comma nds 4-35 4 The SSH server on this switch suppo rts both pas sword and public key authenticati on. If p assword authenticatio n is specified b y the SSH client, then the password can be authe nticated either locall y or via a RADIUS or T ACACS+ remote authenticati on server , as speci fi ed by the authentication login command[...]
-
Page 214
Command Line Interfa ce 4-36 4 corresponding t o the public keys stored on t he switch can gai n access. The following exch anges take pl ace during this p rocess: a. The client sends it s public key to the switch. b. The switch compar es the client's public key to those st ored in memory . c. If a match is found , the switch uses the public k[...]
-
Page 215
System Management Comma nds 4-37 4 ip ssh timeout This command config ures the timeout for t he SSH server . Use the no form to restore the default sett in g. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation. (Range: 1- 120) Default Setting 10 seconds Command Mode Global Configurat i[...]
-
Page 216
Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size This command sets the SSH serve r key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey . (Range: 512-896 bits) Default Setting 768 bits Command M[...]
-
Page 217
System Management Comma nds 4-39 4 Example ip ssh crypto host-key generate This command generates the host key p air (i.e., public and pri vate). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type. Default Setting Generates both the DSA and RSA key p airs. Command Mode Pr[...]
-
Page 218
Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from f lash memory. • The SSH server must be disabl ed before you can execute this command. Example Related Commands ip ssh crypto host-key genera[...]
-
Page 219
System Management Comma nds 4-41 4 Example show ssh This command displays the current SSH server connect ions. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Username Encryption 0[...]
-
Page 220
Command Line Interfa ce 4-42 4 show public-key This command shows the public key fo r the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no para meters are ente red, [...]
-
Page 221
System Management Comma nds 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory . The no form disables the logging process. Syntax [ no ] logging on Default Setting None Command Mode Global Configurat ion Command Usage The logging process control s error message[...]
-
Page 222
Command Line Interfa ce 4-44 4 logging history This command limi ts syslog mes sages saved to s witch memory based o n severity . The no form return s the logging of syslog messages to the default level. Syntax logging histo ry { flash | ram } leve l no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.e., permane[...]
-
Page 223
System Management Comma nds 4-45 4 logging ho st This command adds a syslog server host IP address that wi ll receive logging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server . Default Setting None Command Mode Global Configurat ion Command Usage[...]
-
Page 224
Command Line Interfa ce 4-46 4 logging tra p This command enables the logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on severity . Use this command without a specif ied level to enable re mote logging. Use the no form to disable remote loggi ng. Syntax logging trap [ le vel ] no logging [...]
-
Page 225
System Management Comma nds 4-47 4 Related Commands show logging (4-47) show logging This command displays the conf iguration settings fo r logging messages to loca l switch memory , to an SMTP event handler , or to a remote syslog server . Syntax show logging { flash | ram | sendmail | trap } • flash - Displays settings for storing event message[...]
-
Page 226
Command Line Interfa ce 4-48 4 The following example dis plays settings for the trap fun ction. Related Commands show logging s endmail (4-52) show log This command displays the system and event messages stored in memory . Syntax show log { flash | ram } [ login ] [ tai l ] • flash - Event hi story stored in fl ash memory (i.e., p ermanent memory[...]
-
Page 227
System Management Comma nds 4-49 4 Example The following example shows sampl e messages stored in RAM. SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP serv ers and email reci pients. logging sendmail ho st This command specif ies SMTP serve rs that wi ll be sent alert messa [...]
-
Page 228
Command Line Interfa ce 4-50 4 Command Mode Global Configurat ion Command Usage • You can specify up to three SMTP servers for event han din g. However, you must enter a separate command to speci fy each server. • To send email a lerts, the swit ch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally[...]
-
Page 229
System Management Comma nds 4-51 4 logging sendmail source- email This command sets th e email address used for the “From” field in al ert messages. Use the no form to delet e the source emai l address. Syntax [no] logging se ndmail sour ce-email email-address email-address - The source email address used in alert messages. (Range: 0-41 charact[...]
-
Page 230
Command Line Interfa ce 4-52 4 logging s endmail This command enables SMTP even t hand ling. Use the no form to disable this function. Syntax [ no ] loggin g sendmail Default Setting Enabled Command Mode Global Configurat ion Example show logging sendmail This command displ ays the settings for the SMTP event handl er . Command Mode Normal Exec, Pr[...]
-
Page 231
System Management Comma nds 4-53 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP). Maintaini ng an accurate time on the switch ena bles the system log to record meaningful dates and t imes for event entries. If th e clock is not set, the switch will only record the time from the facto[...]
-
Page 232
Command Line Interfa ce 4-54 4 Example Related Commands sntp server (4-54) sntp poll (4 -55) show sntp (4-55) sntp server This command sets th e IP address of the se rvers to which SNTP time request s are issued. Use the this comman d with no arguments to clear all time servers from the current list. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip - IP[...]
-
Page 233
System Management Comma nds 4-55 4 sntp poll This command sets th e interval between send ing time requests wh en the switch is set to SN TP client mode. Use the no f orm to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds ) Default Setting 16 seconds Command Mode Globa[...]
-
Page 234
Command Line Interfa ce 4-56 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | af ter-utc } • name - Name of timezone, usua ll y an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 0-12 hou rs) • minute[...]
-
Page 235
System Management Comma nds 4-57 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, April 1st, 2004. show calend ar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileg ed Exec Example System Status Commands light unit This command displ[...]
-
Page 236
Command Line Interfa ce 4-58 4 Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The unit ID is displayed using the port status LED in dicators for ports 1 to 8. When the light unit command is ent ered, the LED corresponding to the switch’ s ID will flash for about 15 seconds. Example show startu p-config This command [...]
-
Page 237
System Management Comma nds 4-59 4 Example Related Commands show running-confi g (4-60) Console#show startup-config building startup-config, please wait... .. ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community p[...]
-
Page 238
Command Line Interfa ce 4-60 4 show running-con fig This command displays the conf ig uration information curre ntly in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjuncti on with the show startup-config command to compare the inf ormation in running memory to the information stored i n non-volatil[...]
-
Page 239
System Management Comma nds 4-61 4 Example Related Commands show startup-con fig (4-58) Console#show running-config building running-config, please wait... .. ! phymap 00-90-cc-55-44-32 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.[...]
-
Page 240
Command Line Interfa ce 4-62 4 show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” on page 3-8. • The POST results should all display “PASS.” If any POST test [...]
-
Page 241
System Management Comma nds 4-63 4 Command Usage The session used to execute this comman d is indicated by a “*” symbol next to the Line (i.e., sessi on) index number . Example show version This command displ ays hardware and sof twa re version information for the system. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command U[...]
-
Page 242
Command Line Interfa ce 4-64 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configurat ion Command Usage • This switch p rovides more effi cient throughput for large sequential data transfers by supporti[...]
-
Page 243
Flash/File Co mmands 4-65 4 • Enabling jumbo frames will limit the maximum threshold for broad cast storm control to 64 packets pe r second. (See the switchport broadcast co mmand on page 4-114.) • The current settin g for jumbo frames can b e displayed with t he show system command (page 4-62). Example Flash/File Commands These commands are us[...]
-
Page 244
Command Line Interfa ce 4-66 4 • public-key - Keyword that allows you to copy a SSH key from a TFTP server. (“Secure Shel l Commands” on page 4-34) • unit - Keyword that allows you to copy to/from a unit. Default Setting None Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. ?[...]
-
Page 245
Flash/File Co mmands 4-67 4 The following example shows how to cop y the running configurati on to a startup file. The following example shows how to do wnload a configurati on file: This example shows how to copy a secure-site certificate from an TFTP server . It then reboot s the switch to activate the certific ate: This example shows how to copy[...]
-
Page 246
Command Line Interfa ce 4-68 4 delete This command deletes a file or image. Syntax delete [ un it :] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used f or system startup, then this fi le cannot be deleted. ?[...]
-
Page 247
Flash/File Co mmands 4-69 4 Command Usage • If you enter the command dir without a ny parameters, the system displ ays all files. • A colon (:) is required after the specified un it number. • File information is sho wn below: Example The following example shows how to di splay all file informatio n: whichboo t This command displ ays which fil[...]
-
Page 248
Command Line Interfa ce 4-70 4 Example This example shows the informat io n displayed by the whichboot command. See the tabl e under the dir command for a description of the fil e information displaye d by this command. boot system This command specif ies the image used to st art up the sys tem. Syntax boot system [ unit :] { boot-rom | config | op[...]
-
Page 249
Authentication Commands 4-71 4 Authentication Commands Y ou can confi gure this switch to authen ti cate users logging into the system for management access using l ocal or RADIUS authentication met hods. Y ou can also enable port-based au the ntication for network cli ent access using IEEE 802.1X. Authentication Sequence authentication login This [...]
-
Page 250
Command Line Interfa ce 4-72 4 • RADIUS and TACACS+ logon authen tication assigns a specif ic privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authenti c at ion server. • You can specif y three authentication methods in a si ngle command to indic ate the authenti cation[...]
-
Page 251
Authentication Commands 4-73 4 authenticati on is att empt ed on the TACACS+ serve r. I f t he TACACS+ se rv er is not available, the local user name and password is checked. Example Related Commands enable password - sets the password for changing co mmand modes (4-27) RADIUS Client Remote Authent ication Dial-in User Service (RADIUS) is a logo n [...]
-
Page 252
Command Line Interfa ce 4-74 4 • retransmit - Number of times the switch will try to aut henticate logon access via the RADIUS server. (Range: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting • auth-port - 1812 • timeout - 5 seco[...]
-
Page 253
Authentication Commands 4-75 4 Default Setting None Command Mode Global Configurat ion Example radius-server retransmit This command sets th e number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_ retries no radius-server retransmit number_of_retries - Number of times the switch will try to authentica[...]
-
Page 254
Command Line Interfa ce 4-76 4 Example show radius-server This command displays the current sett ings for the RADIUS server . Default Setting None Command Mode Privileged Exec Example TACACS+ Client T ermi nal Access Cont roller Access Control Syst em (T ACACS+) is a logon authenticati on prot ocol that uses soft ware running on a central server to[...]
-
Page 255
Authentication Commands 4-77 4 tacacs-server host This command specifies the T ACACS+ server . Use the no form to restore t he default. Syntax t acacs-server host host_ip_addre ss no t acacs-server host host_ip_address - IP address of a T A CACS+ server . Default Setting 10.1 1.12.13 Command Mode Global Configurat ion Example tacacs-server port Thi[...]
-
Page 256
Command Line Interfa ce 4-78 4 tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to r estore the default. Syntax t acacs-server key key_stri ng no t acacs-server key key_string - Encryption key used to authenticate log on access for the client. Do not use blank spaces in the string. (Maximum length: 20 characters) D[...]
-
Page 257
Authentication Commands 4-79 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stop s learning new MAC ad dresses on the speci fied port when it has reached a co nfigured maximum nu mber . Only i ncoming traf fic with source addresses already s tored in th e dynamic or st a[...]
-
Page 258
Command Line Interfa ce 4-80 4 Command Usage • If you enable po rt se curity, th e switch stop s l earning new MAC addre sses on the specified port when it has reached a configured maximum number. Only incoming traffi c with source addresses already s tored in the dynamic or static address table wi ll be accepted. • First use th e port security[...]
-
Page 259
Authentication Commands 4-81 4 802.1X Port Authentication The switch supports IEEE 802.1X (dot 1x) port-based access control that prevent s unauthorized access to the network by requiring users to first submit creden tials for authenticati on. Client authenticat ion is controlled centrall y by a RADIUS se rver using EAP (Extensible Authent ication [...]
-
Page 260
Command Line Interfa ce 4-82 4 dot1x default This command sets al l configurable dot1x global and port settings to their default values. Command Mode Global Configurat ion Example dot1x max-req This command sets th e maxi mum number of time s the switch port will ret ransmi t an EAP request/identity p acket to the client bef ore it times out the au[...]
-
Page 261
Authentication Commands 4-83 4 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows singl e or multiple hosts (cl ients) to connec t to an 802.1X-authorized port. Use the no form with no keywords to restore the defau lt to single host. Use th e no form wi th the multi-host max-count keywords[...]
-
Page 262
Command Line Interfa ce 4-84 4 dot1x re-authenticate This command forces re-authenticat ion on all ports or a specif ic i nterface. Syntax dot1x re-authenticate [ inte rface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) Command Mode Privileged Exec Example dot1x re-authentication This co[...]
-
Page 263
Authentication Commands 4-85 4 Command Mode Interface Configuration Example dot1x timeout re-authperiod This command sets the time perio d after which a connected clie nt must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-aut hperiod seconds - The number of seconds. (Range: 1-65535) Default 3600 seconds Command[...]
-
Page 264
Command Line Interfa ce 4-86 4 Example show dot1x This command shows general port aut henticat ion related set tings on the swit ch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port. • interface • ethernet unit / port - unit - S tack uni t . (Range: 1-8) - port[...]
-
Page 265
Authentication Commands 4-87 4 • 802.1X Port Details – Displays the port access control parameters for each interface, incl uding the following i te ms: - reauth-enabled – Periodic re-authentication (page 4-84). - reauth-period – Time after which a connected client must be re-authenticated (pag e 4-85). - quiet-period – T ime a port waits[...]
-
Page 266
Command Line Interfa ce 4-88 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mod e Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is disabled o[...]
-
Page 267
Access Contro l List Comman d s 4-89 4 Access Control List Commands Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filt er packets, first creat e an access list, add the required rules a[...]
-
Page 268
Command Line Interfa ce 4-90 4 IP ACLs access-list ip This command adds an IP access list and enters configurat ion mod e for st an dard or extended IP ACLs. Us e the no form to remove t he specif ied ACL. Syntax [ no ] access-li st ip { standard | extended } acl_name • standard – Specif ie s an ACL that filters packets based on the source IP a[...]
-
Page 269
Access Contro l List Comman d s 4-91 4 Command Usage • When you create a new ACL or enter co nfiguration mode for an exist ing ACL, use the permit or deny command to add ne w rules to the bottom of the li st. To create an ACL, you must add at least one rule to the list. • To remove a rule, use the no permit or no d eny command followed by the e[...]
-
Page 270
Command Line Interfa ce 4-92 4 Example This example configures one pe rmit rule for the specific add re ss 10.1.1.21 and another rule for the address range 168.9 2.16.x – 168.92.31.x using a bit mask. Related Commands access-list ip (4-90) permit , deny (Extende d ACL) This command adds a rule to an Extende d IP ACL. The rule sets a filt er condi[...]
-
Page 271
Access Contro l List Comman d s 4-93 4 Default Setting None Command Mode Extended ACL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are simi lar to a subne t mask, contai ning four inte gers from 0 to 255, each s eparated by a peri od. The binary mask uses 1 bits to indicate “match” and 0 bits to indi[...]
-
Page 272
Command Line Interfa ce 4-94 4 This permit s all TCP pack ets from c lass C addresses 192 .168.1.0 with t he TCP control code set to “SYN.” Related Commands access-list ip (4-90) show ip access-list This command displays the ru le s for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ acl_name ] • standard – Specifi[...]
-
Page 273
Access Contro l List Comman d s 4-95 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. • You must configure a mask for an ACL rule bef ore you can bi nd it to a port. Example Related Commands show ip ac[...]
-
Page 274
Command Line Interfa ce 4-96 4 Command Usage A packet matchi ng a rule within the specifi ed ACL is mapped to one of the output queues as s hown in the followin g table. For i nformation on mappin g the CoS values to o utput queues, see queue cos-map on page 4-171. Example Related Commands queue cos-map (4-171) show map access-list ip (4-96) show m[...]
-
Page 275
Access Contro l List Comman d s 4-97 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL confi guration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-li st mac acl_name acl_name – Name of the ACL. (Maximum length: 1 6 characters) Default Setting None Command Mode Global Configurat ion Comman[...]
-
Page 276
Command Line Interfa ce 4-98 4 Related Commands permit, deny (MAC ACL) (4-98) mac access-g roup (4-99) show mac access-l ist (4-99) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rule fi lters pac kets matching a specified MAC source or destinatio n address (i.e., p hysical layer addre ss), or Ethernet protocol ty pe. Use the no[...]
-
Page 277
Access Contro l List Comman d s 4-99 4 Example This rule permits p ackets from any sou rce MAC address to the destination addre ss 00-90-cc-94-34-de where the Ethernet type is 0800. Related Commands access-list mac (4-97) show mac access-list This command displays the ru le s for configured MAC ACLs. Syntax show mac access-list [ acl_name ] acl_nam[...]
-
Page 278
Command Line Interfa ce 4-100 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. Example Related Commands show mac access-l ist (4-99) show mac access-group This command shows the ports assigned to MAC ACL[...]
-
Page 279
Access Contro l List Comman d s 4-101 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS valu es to the rule. • A packet matching a rule wit hi n the specified ACL is mapped to o ne of the output queues as sho wn below. Example Related Commands queue cos-map (4-171) show map [...]
-
Page 280
Command Line Interfa ce 4-102 4 ACL Information show access-list This command shows all ACLs and associated rules, as well as al l the user-defi ne d masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interf ace (i.e., the ACL is active), the order i n which the rules are disp layed is determined by th e associated mask. [...]
-
Page 281
SNMP Commands 4-103 4 SNMP Commands Controls access to thi s switch from management st ations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the communi t y access string for the Simple Network Management Proto c ol . Use the no form to remove th e sp[...]
-
Page 282
Command Line Interfa ce 4-104 4 Example snmp-server contact This command set s the system cont act string. Use the no form to rem ove the system cont act informati on. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information . (Maximum length: 255 characters) Default Setting None Comm[...]
-
Page 283
SNMP Commands 4-105 4 Related Commands snmp-server contact (4-104) snmp-server host This command specifies the recipient of a Simple Network Manag ement Protocol notificati on operation. Use t he no form to remove the specified host. Syntax snmp-server host host-addr community-string [ version { 1 | 2c }] no snmp-server host host-addr • host-addr[...]
-
Page 284
Command Line Interfa ce 4-106 4 Example Related Commands snmp-server enable trap s (4-106) snmp-serv er enable traps This command enables this devi ce to send Simple Network Mana gement Protocol traps (SNMP no ti fications). Use the no form to disabl e SNMP notifications. Syntax [ no ] snmp-serve r enable traps [ authentication | link-up-down ] •[...]
-
Page 285
SNMP Commands 4-107 4 show snmp This command checks the st atus of SNMP communications. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage This command provides information on the commu nity access strings, counter information for SNMP input and output protocol dat a units, and whet her or not SNMP logging has been enable[...]
-
Page 286
Command Line Interfa ce 4-108 4 Interface Commands These commands are used to display or set co mmunication para meters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interf ace co nfiguration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-cha nn[...]
-
Page 287
Interface Commands 4-109 4 Command Mode Global Configurat ion Example T o sp eci fy port 24, enter t he following command: description This command adds a description t o an interface. Use the no form to remove th e description. Syntax description string no description string - Comment or a d escription to help you remember what is attached to this[...]
-
Page 288
Command Line Interfa ce 4-110 4 Default Setting • Auto-negotiat ion is enabled by default. • When auto-negoti ation is disabled, the default spe ed-duplex setting is 1 00half for 100BASE-TX ports and 1000full f or Gigabit Ethernet ports. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • To force operation to the[...]
-
Page 289
Interface Commands 4-111 4 • If autonegoti ation is disabled, auto-MDI /MDI-X pin signal configuratio n will also be disabled for the RJ-45 port s. Example The following example conf igures port 1 1 to use autonegotiation. Related Commands capabili ties (4-1 1 1 ) speed-duplex (4 -109) capabilities This command advertises the port capabilities of[...]
-
Page 290
Command Line Interfa ce 4-112 4 Example The following example configures Et hernet port 5 cap abilities t o 100half, 100full and flow cont rol. Related Commands negotiation (4-1 10) speed-duplex (4 -109) flowcontrol (4-1 12) flowcontrol This command enable s flow contro l. Use the no form to disable flow control. Syntax [ no ] flowcontrol Default S[...]
-
Page 291
Interface Commands 4-113 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-1 10) capabilities (flowcon trol, symmetri c) (4-1 1 1) shutdown This command disables an int erfac e. T o rest art a disabled interfac e, use the no form. Syntax [ no ] shut down Default Setting All interfaces are enabled. Comm[...]
-
Page 292
Command Line Interfa ce 4-114 4 switchport broad cast packet-rate This command confi gures broadcast storm contro l. Use the no form to disa ble broadcast storm contro l. Syntax switchport broadcast octet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., octets per second. (Range: 64-95232000) Default Setting Enabled for all[...]
-
Page 293
Interface Commands 4-115 4 Command Mode Privileged Exec Command Usage S tat istics are only initia lized for a power reset. This command set s the base value for displayed st atistics to zero for t he current management session. However , i f you log out and back into the manag ement interface, the statistics displayed will sh ow the absolute val u[...]
-
Page 294
Command Line Interfa ce 4-116 4 Example show interfaces counters This command displays inte rface statis tics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting Shows the counters for all in[...]
-
Page 295
Interface Commands 4-117 4 Example show interfaces switchport This command displays the admi nistrative and opera tional statu s of the specified interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (RAnge: 1-26) • port-cha nnel channel-id (Range: [...]
-
Page 296
Command Line Interfa ce 4-118 4 Example This example shows the configu ration setting for port 24. Console#show interfaces switchport ethe rnet 1/24 Broadcast threshold: Enabled, 32000 octets/second LACP status: Enabled Ingress rate limit: disable, Level: 30 Egress rate limit: disable, Level: 30 VLAN membership mode: Hybrid Ingress rule: Disable d [...]
-
Page 297
Mirror Port Commands 4-119 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion. Use the no form to clear a mirror session. Syntax port monitor in terface [ rx | tx ] no port monit or interface • interface - ethernet unit / port (source por[...]
-
Page 298
Command Line Interfa ce 4-120 4 Example The following example conf igures the switch to mirro r received packet s from port 6 to 1 1: show port mo nitor This command displays mirror informa ti on. Syntax show port monit or [ interface ] interface - ethernet unit / port (source port) • unit - Stack unit. (Range: 1-8) • port - Port number. (Range[...]
-
Page 299
Rate Limit Co mmands 4-121 4 Rate Limit Commands This function allows th e network manager to cont ro l the maximum rate for traf fic transmitted or received on an i nterface. Rate li miting is configured on interfaces at the edge of a network to limit traffic i nto or out of the network. T raf fic that f alls within the rate limit is tran smit ted[...]
-
Page 300
Command Line Interfa ce 4-122 4 Example rate-limit granularity Use this command to define t he rate li mit granul arity for the Fast Ethernet port s, and the Gigabit Etherne t ports. Use the no form of this command to restore the def ault setting. Syntax rate-limit { fastethernet | gigabitethernet } granularity [ granularity ] no rate-limit { faste[...]
-
Page 301
Link Aggregation Commands 4-123 4 Command Usage • For Fast Ethern et interfaces, the rate limit granularity can be se t to 512 Kbps, 1 Mbps, or 3.3 Mbps. • For Gigabit Ethernet interfaces, the rat e limit granulari ty is 33.3 Mbps. Example Link Aggregation Commands Ports can b e statical ly grouped into an aggregate link (i .e., trunk) to incre[...]
-
Page 302
Command Line Interfa ce 4-124 4 Guidelines for Cre a tin g Tru nk s General Guidelines – • Finish configuri ng port trunks b efore you connect the corresponding n etwork cables between swit ches to avoid creating a loop. • A trunk can have up to eight port s. • The ports at both ends of a connect ion must be configured as trunk ports. • A[...]
-
Page 303
Link Aggregation Commands 4-125 4 Example The following example creat es trunk 1 and then adds port 1 1: lacp This command enables 802.3ad Link Aggrega tion Control Protoco l (LACP) for the current inte rface. Use the no form to disable it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Conf iguration (Ethernet) Command Usage ?[...]
-
Page 304
Command Line Interfa ce 4-126 4 Example The following shows LACP enabled on port s 1 1-13. Because LACP has also been enabled on the port s at the other end of the links , the show in terfaces status port-cha nnel 1 command shows that T runk 1 has been established. lacp system-priority This command configures a port's LACP system priority . Us[...]
-
Page 305
Link Aggregation Commands 4-127 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined wit h the switch’s MAC address to form the LAG identifier. This ident ifier is used to indicate a specific LAG during LACP negotiations wit[...]
-
Page 306
Command Line Interfa ce 4-128 4 • Once the remote side of a link ha s been established, LACP operation al settings are already in use on that side. Configuring LACP sett ings for the partner only app li es to its administrati ve state, not its opera tional state, and will only take effe ct t he next time an aggregate link is est ablished with the[...]
-
Page 307
Link Aggregation Commands 4-129 4 lacp port-priori ty This command configures LACP port priori ty . Use the no form to restore th e default setting. Syntax lacp { actor | pa r t n e r } port-priority priority no lacp { actor | pa r t n e r } port-priority • actor - The local side an aggregat e link. • partner - The remote side of an aggregate l[...]
-
Page 308
Command Line Interfa ce 4-130 4 Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- ---------------------------------- Eth 1/ 1 --------------------------------------- ---------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Ma[...]
-
Page 309
Link Aggregation Commands 4-131 4 Console#show lacp 1 internal Port channel : 1 --------------------------------------- ---------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------------------------------------- ---------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Adm[...]
-
Page 310
Command Line Interfa ce 4-132 4 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- ---------------------------------- Partner Admin System ID : 32768, 00-0 0-00-00-00-00 Partner Oper System ID : 32768, 00-90 -CC-00-00-01 Pa[...]
-
Page 311
Address T able Co mmands 4-133 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearin g the t able, or setting the agi ng time. Console#show lacp sysid Port Channel System Priority Sys tem MAC Address --------------------------------------- -----------[...]
-
Page 312
Command Line Interfa ce 4-134 4 mac-address-table static This command maps a st atic address to a desti nat ion port in a VLAN. Use the no form to remove an address. Syntax mac-address-t able st atic mac-address interface interf ace vlan vlan-id [ ac tion ] no mac-address-t able st atic mac-address vlan vlan-id • mac-address - MAC address. • in[...]
-
Page 313
Address T able Co mmands 4-135 4 clear mac-address-table dynamic This command removes any learned entrie s from the forwarding databa se and clears the transmit and receive count s for any static or system configured entries. Default Setting None Command Mode Privileged Exec Example show mac-address-table This command shows classes of entries in th[...]
-
Page 314
Command Line Interfa ce 4-136 4 means to match a bit and “1” means to ignore a bit . For example, a mask of 00-00-00-00-00-00 mean s an exact matc h, and a mask o f FF-FF-FF-FF-FF -F F means “any.” • The maximum number of address entries is 8191. Example mac-address-table aging-time This command sets th e aging time for entrie s in th e a[...]
-
Page 315
Spanning Tree Commands 4-137 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. spanning-tree This command enables the S panning T ree Alg orithm globall y for the switch. Use t he no form to disable it. Sy[...]
-
Page 316
Command Line Interfa ce 4-138 4 an ST A-compliant switch, bridge or router) in your netwo rk to ensure that only one route exist s between any two stati ons on the network, and provide backup links which auto matically t ake over when a primary link goes down. Example This example shows how to enable the S panning T ree Algorithm for the swit ch: s[...]
-
Page 317
Spanning Tree Commands 4-139 4 spanning-tree forward-time This command confi gures the spanni ng tree bridge forward t ime globally fo r this switch. Use the no form to restore the defaul t. Syntax sp anning-tree forward-time seconds no spanning-tree forward-time seconds - T ime in seconds. (Range: 4-30 seconds) The minimum value is the higher of 4[...]
-
Page 318
Command Line Interfa ce 4-140 4 Command Usage This command sets the t ime interval (in seconds) at which the root devi ce transmits a configurati on message. Example spanning-tree max-age This command configures the sp anning tree bridge maximum age glob ally for this switch. Use the no form to restore the defaul t. Syntax sp anning-tree max-age se[...]
-
Page 319
Spanning Tree Commands 4-141 4 spanning-tree priority This command confi gures the span ning tree priority globally for thi s switch. Use the no form to restore the def ault. Syntax sp anning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range – 0-61440, in steps of 4096; Options: 0, 4096, 8192, 12288, 16384[...]
-
Page 320
Command Line Interfa ce 4-142 4 Command Usage The path cost met hod is used to determine the best p ath between devices . Therefore, lower values should be assigned to ports att ached to fast er media, and higher values assign ed to ports with slower medi a. Note that path cost (page 4-142) t akes precedence over port prio rity (page 4-143). Exampl[...]
-
Page 321
Spanning Tree Commands 4-143 4 Default Setting • Ethernet – ha lf duplex: 2,00 0,000; full du plex: 1,000,00 0; trunk: 500,000 • Fast Ethernet – half duplex: 2 00,000; full d uplex: 100,000; trunk: 50,000 • Gigabit Ethern et – full duplex: 10,000; trun k: 5,000 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usa[...]
-
Page 322
Command Line Interfa ce 4-144 4 Example Related Commands spanning-t ree cost (4-142) spanning-tree edge-port This command specifi es an interface as an edge port. Use the no form to resto re the default. Syntax [ no ] sp anning-tree edge-por t Default Setting Disabled Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage ?[...]
-
Page 323
Spanning Tree Commands 4-145 4 spanning-tree portfast This command sets an in terface to fast f orwarding. Use the no form to disabl e fast forwarding. Syntax [ no ] sp anning-tree port fast Default Setting Disabled Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage • This command is used to enable/di sab le th e fast [...]
-
Page 324
Command Line Interfa ce 4-146 4 Default Setting auto Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • Specify a po int-to-point link if the interf ace can only be connected to exac tly one other bridge , or a shared link if i t can be connected to two or more bridges. • When automatic detect ion is selected, the [...]
-
Page 325
Spanning Tree Commands 4-147 4 show spanning-tree This command shows the configuratio n for th e spanning tree . Syntax show sp anning-tree [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exe[...]
-
Page 326
Command Line Interfa ce 4-148 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: RSTP Spanning tree enabled/disabled: enab led Priority: 4096 0 Bridge Hello Time (sec.): 2 Bridge Max Age (sec.): 20 Bridge Forward Delay (sec.): 15 Root Hello Time (sec.):[...]
-
Page 327
VLAN Commands 4-149 4 VLAN Commands A VLAN is a group of port s that can be l ocated anywhere in the network, but communicate as though t hey belong to the same physical segme nt. This section describes commands used to create VLAN grou ps, add port members, specify how VLAN tagging is used, and enable automatic VLAN registrati on for the selected [...]
-
Page 328
Command Line Interfa ce 4-150 4 Example Related Commands show vlan (4-157) vlan This command config ures a VLAN. Use the no form to restore the defau lt settings or delete a VLAN. Syntax vlan vlan-id [ name vlan -name ] media ethernet [ st ate { active | suspend }] no vlan vlan-id [ nam e | st ate ] • vlan-id - ID of configured VLAN. (Range: 1-40[...]
-
Page 329
VLAN Commands 4-151 4 Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, whic h is used to configur e VLA N parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (R ange: 1-4094, no lead ing zeroes) Default Setting None Command Mode Global Configu[...]
-
Page 330
Command Line Interfa ce 4-152 4 switchport mode This command confi gures the VLAN membership mode for a port. Use the no form to restore the de fault. Syntax switchport mode { trunk | hybrid | private-vlan } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trun k. A trunk is a direct link between two swi tches, so the port[...]
-
Page 331
VLAN Commands 4-153 4 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage When set to receive all frame types, any received fra mes that are untagged are assigned to the def ault VLAN. Example The following example shows how to rest rict the traffic received on port 1 to tagged frames: Related Commands switchport mode (4-[...]
-
Page 332
Command Line Interfa ce 4-154 4 Example The following example shows how to set the interface to port 1 and then enable ingress filtering : switchport native vlan This command configures the PVID (i.e., def au lt VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Def[...]
-
Page 333
VLAN Commands 4-155 4 switchport allowed vlan This command confi gures VLAN groups on t he selected int erface. Use the no form to restore the de fault. Syntax switchport allowed vlan { add vlan-list [ ta g g e d | untagged ] | remove vlan-list } no switch port allowed vl an • add vlan-list - List of VLAN identifiers to add. • remove vlan-list [...]
-
Page 334
Command Line Interfa ce 4-156 4 switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan { ad d vlan-list | remove vlan-list } no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identi[...]
-
Page 335
VLAN Commands 4-157 4 show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name | private-vl an private-vlan-type ] • id - Keyword to be fo ll ow ed by the VLA N ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no le ading zeroes) • name - Keyword to be fo ll ow ed by the VLA N na m e . - vlan-name[...]
-
Page 336
Command Line Interfa ce 4-158 4 Configuring Private VLANs Private VLANs provide port-based security and isolation between port s within the a ssigned VLAN. This switch support s two types of private VLANs: primary/ secondary associated group s, and stan d-alone isolated VLANs. A primary VLAN contain s promiscuous port s that can communicate wi t h [...]
-
Page 337
VLAN Commands 4-159 4 3. Use the switchport mode private-vlan command to config ure ports as promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e., community port). 4. Use the switchport private-vlan host-association c ommand t o assign a port to a secondary VLAN. 5. Use the switchport private- vlan ma pping command to as[...]
-
Page 338
Command Line Interfa ce 4-160 4 an associated “primary” VLAN tha t contains promiscuous ports. When usi ng an isolated VLAN, it must be config ured to contain a single promi scuous port. • Port membership for private VLANs is stati c. Once a port has been assig ned to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP. ?[...]
-
Page 339
VLAN Commands 4-161 4 switchport mode private-vlan Use this command to set the private VLAN mode for an interface. Use the no form to restore the default sett ing. Syntax switchport mode private-vlan { host | promiscuou s } no switchport mo de private-vlan • host – This port type can subsequentl y be assigned to a community or isolated VLAN. ?[...]
-
Page 340
Command Line Interfa ce 4-162 4 Command Mode Interface Co nfiguration (Ethe rnet, Port Ch annel) Command Usage All ports assi gned to a secondary (i.e., community ) VLAN can pass traf fic between group members, but must co mmunicate with resources out side of the group via promiscuous portsin the associat ed primary VLAN. Example switchport privat [...]
-
Page 341
VLAN Commands 4-163 4 switchport privat e-vlan mapping Use this command to map an interface t o a pri mary VLAN. Use th e no form to remove this mapping. Syntax switchport privat e-vlan mapping prima ry-vlan-id no switchport private-vlan mapping primary-vlan-id – ID of primary VLAN. (Range: 1 -4094, no leading zeroes). Default Setting None Comman[...]
-
Page 342
Command Line Interfa ce 4-164 4 Example GVRP and Bridge Extension Commands GARP VLAN Registration Protoco l def ines a way for switches to exch ange VLAN information in order to automatical ly register VLAN members o n interfaces across the network. This section describ es how to enable GVRP for individual inte rfaces and globally for the switch, a[...]
-
Page 343
GVRP and Bridge Extension Commands 4-165 4 Example show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Enabling or Disabling GVRP (Global Setting)” on p age 3-108 and “Displaying Bridge Extensi on Cap abilities” o n p age 3-1 1 for a des cr[...]
-
Page 344
Command Line Interfa ce 4-166 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting Shows both global and interfa ce-specific co[...]
-
Page 345
GVRP and Bridge Extension Commands 4-167 4 Command Usage • Group Address Registration Protocol is used b y GVRP and GMRP to register or deregister client attri butes for client services withi n a bridged LAN. The default values fo r the GARP timers are independent of the media access method or da ta rate. These value s should not be c hanged unle[...]
-
Page 346
Command Line Interfa ce 4-168 4 Related Commands garp timer (4-166) Priority Commands The commands described in this secti on allow you to specify which dat a packet s have greater precedence when traf fic is bu f fered in the switch due to cong estion. This switch support s CoS with four priority queu es for each port. Dat a packet s in a port’s[...]
-
Page 347
Priority Commands 4-169 4 queue mode This command sets th e queue mode to strict priorit y or Weighted Round -Robin (WRR) for the class of se rvice (CoS) pri orit y queues. Use t he no form to re store the default value. Syntax queue mode { strict | wrr } no queue mode • strict - Services the egre ss queues in sequential order, trans mitting all [...]
-
Page 348
Command Line Interfa ce 4-170 4 Default Setting The priority is not set, and the default value for unt agged frames recei ved on the interface is zero. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchp ort pri ority. • T[...]
-
Page 349
Priority Commands 4-171 4 Command Mode Global Configurat ion Command Usage WRR controls bandwid th sharing at the egress port by defining scheduling weights. Example This example shows how to assign WRR weigh ts to priority queues 1 - 3: Related Commands show queue bandwid th (4-172) queue cos-map This command assigns class of servi ce (CoS) values[...]
-
Page 350
Command Line Interfa ce 4-172 4 Command Usage • CoS values assigned at the ingre ss port are also used at the egress port. • This command sets the CoS priority for all interfaces. Example The following example shows how to map CoS val ues 0, 1 and 2 to eg ress queue 0, value 3 to egress queue 1, va lue s 4 and 5 to egress qu eue 2 , an d values[...]
-
Page 351
Priority Commands 4-173 4 Example show queue cos-map This command shows the class of se rvice priority map. Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Exam[...]
-
Page 352
Command Line Interfa ce 4-174 4 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i .e., class of service mapping for TCP/UDP sockets). Use th e no form to disable IP port mapping. Syntax [ no ] map ip po rt Default Setting Disabled Command Mode Global Configurat ion Command Usage The precede[...]
-
Page 353
Priority Commands 4-175 4 map ip port (Interface Configuration) This command set IP port priority (i. e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number.(Range 1-65535) • cos-value - Class-of-Service val ue. [...]
-
Page 354
Command Line Interfa ce 4-176 4 Example The following example shows how to en able IP precedence mapping globa lly: map ip precedence (Interface Config uration) This command sets IP preced ence priority (i.e. , IP T ype of Service priority). Use the no form to restore the def ault tabl e. Syntax map ip preceden ce ip-precedence-value cos cos-val ue[...]
-
Page 355
Priority Commands 4-177 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiate d Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configurat ion Command Usage • The precedence for priority mappin g is IP Port, I[...]
-
Page 356
Command Line Interfa ce 4-178 4 Default Setting The DSCP default values are defi ned in the following t able. Note that all the DSCP values that are not specif ied are mapped to CoS value 0. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, a[...]
-
Page 357
Priority Commands 4-179 4 Default Setting None Command Mode Privileged Exec Example The following s hows that HTTP traf fic has been mapp ed to CoS value 0: Related Commands map ip port (Global Configu ration) (4-174) map ip port (Interface Config uration) (4-175) show map ip precedence This command shows the IP precedence priorit y map. Syntax sho[...]
-
Page 358
Command Line Interfa ce 4-180 4 Example Related Commands map ip port (Global Configu ration) (4-174) map ip precedence (Interface Conf iguration) (4-176) show map ip dscp This command shows the IP DSCP priori t y map. Syntax show map ip dscp [ in terface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. ([...]
-
Page 359
Multicast Filter ing Commands 4-181 4 Example Related Commands map ip dscp (Global Conf iguration) (4-177) map ip dscp (Interface Config uration) (4-177) Multicast Filtering Commands This switch uses IGMP (Internet Group Manage ment Protocol) to query for any attache d host s tha t want to rece ive a specif ic mul ticast servi ce. It identif ies th[...]
-
Page 360
Command Line Interfa ce 4-182 4 ip igmp snoopi ng This command enables IGMP sno opi ng on t his swi t ch. Use the no form to disab le i t. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping. ip igmp snoopi ng vlan static This command adds a port to a multic [...]
-
Page 361
Multicast Filter ing Commands 4-183 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping ve rsion. Use the no form to restore the default. Syntax ip igmp snoopi ng version { 1 | 2 } no ip igmp snoo ping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP V ersion 2 Command Mode Global Configurat ion Command[...]
-
Page 362
Command Line Interfa ce 4-184 4 Example The following s hows the current IGMP snooping configu ration: show mac-address -table multicast This command shows kn own multicast addresse s. Syntax show mac-addre ss-t able multicast [ vlan vlan-id ] [ user | igmp -snooping ] • vlan-id - VLAN ID ( 1 to 4094) • user - Displa y only the user-co nfigured[...]
-
Page 363
Multicast Filter ing Commands 4-185 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the swit ch as an I GMP queri er . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected.[...]
-
Page 364
Command Line Interfa ce 4-186 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count defines how lon g the querier waits for a respon se from a multicast cli ent before taking ac tion. If a querier has sent a number of queries defined by t his command, b ut a client ha s not responded, a countdown timer is starte[...]
-
Page 365
Multicast Filter ing Commands 4-187 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s. (Range: 5-25) Defau[...]
-
Page 366
Command Line Interfa ce 4-188 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this comma nd to take ef fect. Example The following shows how to confi gure th e default timeout to 300 seco nds: Related Commands ip igmp snooping version (4-183) Static Multicast Routing Commands ip igmp sno[...]
-
Page 367
Multicast Filter ing Commands 4-189 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier . Ther ef ore, if the IGMP querier is a known multicast router/swit ch connected over the network to an in terface (port or trunk) on your router , you can manually configure that interf ace to [...]
-
Page 368
Command Line Interfa ce 4-190 4 IP Interface Commands An IP addresses may be used for management access to the swi tch over your network. The IP address for th is switch is obtain ed via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on. Y[...]
-
Page 369
IP Interface Commands 4-191 4 • If you select the bootp or dhcp option, IP is en abled but wi ll not fun ction until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort to lea rn its IP address. (BOOTP and DHCP values can include t he IP address, default g ateway, and subnet mask ). • [...]
-
Page 370
Command Line Interfa ce 4-192 4 ip dhcp restart This command submit s a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request fo r any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires t he server to reassi[...]
-
Page 371
IP Interface Commands 4-193 4 show ip re directs This command shows the default gateway configured for th is device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-191) ping This command sends ICMP echo reques t p ackets to another node on the network. Syntax ping host [ size size ] [ count count ][...]
-
Page 372
Command Line Interfa ce 4-194 4 Example Related Commands interface (4-108) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 [...]
-
Page 373
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1X), HTTPS, SSH, Port Security Access Control List s IP , MAC (up to 88 lists) DHCP Client Port Configuration 100BASE-TX: 10/100 Mb ps, half/ full duplex 1000BASE-T : 10/100 Mbps at hal f/full dupl ex, 1000 Mbp s at full duplex Flow Control F[...]
-
Page 374
Software Specifications A-2 A Additional Featu res BOOTP client SNTP (Simple Network T ime Protoco l) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1,2,3,9) SMTP Email Alerts Management Features In-Band Management T elne t, Web-based HTTP or HTTPS, SNMP manager , or Secure Shell Out-of-Band Manageme nt RS-232 DB-9 cons[...]
-
Page 375
Management Inform ation Bases A-3 A Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674 ) Extensible SNMP Age nts MIB (RFC 2 742) Forwarding T able MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evoluti on MIB (RFC 2863) IP Multicasti ng relat[...]
-
Page 376
Software Specifications A-4 A[...]
-
Page 377
B-1 Appendix B: Troubleshooting Problems Accessing the Management Int erface T abl e B-1 T roubleshooting Cha rt Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the management s tation and the s witch. • Check that you have a valid network connect[...]
-
Page 378
T roubleshootin g B-2 B Using System Logs If a fault does occur , refer to the Install ation Guide to ensure that the probl em you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these s teps: 1. Enable logging. 2. Set the error messages reported to incl ude all categories. 3. Designate the [...]
-
Page 379
Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk tr af fic and restrict ac cess to certain users or devices by checking each p acket for certain IP or MAC (i.e., Laye r 2) information. Boot Protocol (BOOTP) BOOTP is used to provide boot up information fo r network devices, includin g IP address informati on, the address of the [...]
-
Page 380
Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automati cally over a S panning T ree net work. Generic Attribute Regi stration Protocol (GARP) GARP is a p[...]
-
Page 381
Glossary-3 Glossary IGMP Snooping Listening to IGMP Query and IGMP Re port packet s transferred between IP Multicast Routers and IP Multicast host group s to identif y IP Mult icast group members. IGMP Query On each subnetwork, on e IGMP-cap able device wi ll ac t as t he querier — t hat i s, the device that asks all ho sts to report on the IP mu[...]
-
Page 382
Glossary Glossary-4 MD5 Message-Digest Algorithm An algorithm that is used to crea te digit al signatures . It is intended for use wi th 32 bit machines and is safe r than the MD4 algori t hm, which has been broken. MD5 is a one-way hash funct ion, meaning that it takes a messag e and converts i t i nto a fixed string of digit s, also called a mess[...]
-
Page 383
Glossary-5 Glossary Remote Monitoring (RMON) RMON provides comprehensi ve net work monitoring cap abilities. It eliminates the polling requi red in st andard SNMP , and can set alarms on a variety of traf fic conditions, in cluding specific error types. Rapid Spanning Tr ee Protocol (RSTP) RSTP reduces the convergence time for n etwork topology c h[...]
-
Page 384
Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a dat agram mode for p acket-switched communi catio ns. It uses IP as the underlying transpo rt mechanism to provide access to I P-like services. UDP packet s are delivered just like IP p ackets – con nect ion-less datagrams th at may be discarded before reachi ng their target s. UDP i[...]
-
Page 385
Index-1 Numerics 802.1X, port authe ntication 3-49 A acceptable frame type 3-115, 4-152 Access Control List See ACL ACL Extended IP 3-58, 4-89, 4-90, 4-92 MAC 3-58, 4-89, 4-97, 4-97–4-99 Standard IP 3-58, 4-89, 4-90, 4-91 address table 3-90, 4-133 aging time 3-93, 4-136 B BOOTP 3-14, 4-190 BPDU 3-94 broadcast storm, t hreshold 3-81, 4-114 C Class[...]
-
Page 386
Index-2 Index IGMP groups, display ing 3-140, 4-184 Layer 2 3-135, 4-181 query 3-135, 4-185 query, Layer 2 3-136, 4-185 snooping 3-135, 4-182 snooping, config urin g 3-136, 4-181 ingress filtering 3-115, 4-153 IP address BOOTP/DHCP 3-14, 4-190, 4-192 setting 2-5 , 3-1 2 , 4- 190 IP precedence enabling 3-129, 4-174, 4-175 mapping priorities 3-129, 4[...]
-
Page 387
Index-3 Index Q queue weights 3-127, 4-170 R RADIUS, logon a uthentication 4-73 rate limits, setting 3-8 3, 4-121 remote logging 4-46 restarting th e s y st e m 3-30, 4-22 RSTP 3-93, 4-138 global configuratio n 3-94, 4-138 S secure sh ell 3-42, 4- 34 Secure Shell configuration 3-42, 4-37 serial port configur ing 4-10 Simple Network Ma nagement Prot[...]
-
Page 388
Index-4 Index W Web interface access requirements 3-1 configuration but tons 3-3 home page 3-2 menu lis t 3-4 panel display 3-3[...]
-
Page 389
[...]
-
Page 390
GSW-2692 E072006-R01[...]