Microsoft ES4625 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Microsoft ES4625. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Microsoft ES4625 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Microsoft ES4625 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Microsoft ES4625 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Microsoft ES4625
- nom du fabricant et année de fabrication Microsoft ES4625
- instructions d'utilisation, de réglage et d’entretien de l'équipement Microsoft ES4625
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Microsoft ES4625 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Microsoft ES4625 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Microsoft en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Microsoft ES4625, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Microsoft ES4625, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Microsoft ES4625. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    P owered by Accton Manage ment G uide ES4625/ES4649 24/48-Port Giga bit Ethernet S tackable Layer 3 Sw itch[...]

  • Page 2

    [...]

  • Page 3

    Manage ment Guide Giga bit Ethernet Switch Layer 3 Swit ch with 20/4 4 RJ-45 Ports, 4 Combination Ports (SFP/RJ-45), 1 Exten der Modul e Slot, and 2 Sta cking P orts[...]

  • Page 4

    ES462 5 ES464 9 F3.1.1.2 1 E0420 05-R01 1491000 22900 A[...]

  • Page 5

    v Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uration O ptions 2-1 Requi red Connect ions 2-2 Remo te C onnec tio ns 2-3 Stac k Oper ation s 2-3 Selectin g the St ack Master 2-3 Selectin g the Ba ckup U[...]

  • Page 6

    Contents vi Display ing Switch Hard ware/Software Vers ions 3-13 Disp laying Bri dge Extensio n Capab ilities 3-15 Confi guring Support for Jumbo Frames 3-16 Setting t he Switc h’s IP Addre ss 3-17 Manual Configu ration 3-18 Using DHCP/BOOTP 3-19 Managi ng F irmw are 3-20 Downloa ding Sys tem Software from a S erver 3-21 Savi ng or Resto ring Con[...]

  • Page 7

    Contents vii Config uring Port Set tings for 8 02.1X 3-69 Displayi ng 802.1X Statistics 3-72 Filter ing IP Addre sses for Ma nagement Access 3-74 Access Control Lis ts 3-76 Config uring Acces s Control Li sts 3-76 Setting the ACL Na me and Type 3-77 Config uring a Stan dard IP ACL 3-77 Config uring an Exten ded IP ACL 3-78 Config uring a MAC ACL 3-[...]

  • Page 8

    Contents viii Crea ting VLAN s 3-14 0 Adding Sta tic Members to VLANs (VLAN Index) 3-141 Adding Sta tic Members to VLANs (Port Index) 3-143 Configuri ng VLAN Beh avior for Inter faces 3-144 Configuri ng Private VLANs 3-146 Enabling Private VLANs 3-146 Config uring Uplin k and Downlink Po rts 3-147 Configuri ng Protoco l-Based VLANs 3-147 Config uri[...]

  • Page 9

    Contents ix Enabling the Server, Setting Exc luded Addr esses 3-188 Config uring Addres s Pools 3-1 90 Displayi ng Addr ess Bindi ngs 3-194 Config uring Rou ter Redunda ncy 3-195 Virtual R outer Redu ndancy Pro tocol 3-196 Config uring VRRP G roups 3-196 Displayi ng VRRP Global Stati stics 3-201 Displayi ng VRRP G roup Stat istics 3-202 IP Routi ng[...]

  • Page 10

    Contents x Displ aying Li nk State Dat abase Info rmatio n 3-256 Displ aying Inform ation on Bo rder Routers 3-258 Displ aying Inf ormation on N eighbor Routers 3-2 59 Multi cast Rout ing 3-26 0 Confi guring Gl obal Setti ngs for Mu lticast Ro uting 3-260 Disp laying th e Multicas t Routin g Table 3-261 Confi guring DVMR P 3-264 Config uring Globa [...]

  • Page 11

    Contents xi data bit s 4-17 parity 4- 17 speed 4- 18 stopbit s 4-18 discon nect 4-19 show lin e 4-19 General Commands 4-20 enable 4- 20 disabl e 4-21 configu re 4-22 show history 4-22 reload 4- 23 end 4- 23 exit 4- 24 quit 4- 24 System M anageme nt Comm ands 4-25 Devic e Designa tion Comm ands 4-25 prompt 4- 25 hostnam e 4-26 swit ch re number 4-2 [...]

  • Page 12

    Contents xii Event Lo gging Commands 4-43 logging on 4-43 logging histo ry 4-44 logging host 4-45 logging facility 4-45 loggi ng t rap 4-46 clear lo g 4-47 show log ging 4-47 show log 4-49 SMTP Alert Comma nds 4-49 logging send mail hos t 4-50 logging send mail lev el 4-50 logging send mail sou rce-em ail 4-51 logging send mail des tination-e mail [...]

  • Page 13

    Contents xiii radius-serv er key 4-73 radius-s erver retransm it 4-74 radius-s erver timeout 4-74 show radiu s-server 4- 75 TACACS+ Client 4-75 tacacs -server hos t 4- 76 tacacs -server port 4-76 tacacs -server key 4-77 show t acacs-se rver 4-77 Port Securi ty Commands 4-78 port sec urity 4-78 802.1X Port Authen tication 4-80 dot1x sy stem-au th-co[...]

  • Page 14

    Contents xiv show acces s-group 4-106 SNMP Com mands 4-1 07 snmp- serve r 4-10 7 show s nmp 4-108 snmp-serv er community 4-109 snmp-serv er contact 4-109 snmp-serv er location 4-110 snmp-serv er host 4-1 10 snmp-serv er enable traps 4-112 snmp-serv er engine-id 4-113 show s nmp e ngine -id 4-11 4 snmp- server view 4-11 5 show snmp vi ew 4-116 snmp-[...]

  • Page 15

    Contents xv ip doma in-name 4-137 ip doma in-list 4-1 38 ip name -server 4-139 ip doma in-lookup 4-1 40 show h osts 4-141 show dns 4-141 show d ns cach e 4-142 clear dn s cache 4-142 Inte rfac e Comm and s 4- 143 interf ace 4-143 des cript ion 4-14 4 speed-d uplex 4-1 44 negot iat ion 4 -14 5 capabi lities 4-1 46 media-t ype 4-148 shutdow n 4-148 s[...]

  • Page 16

    Contents xvi spanni ng-tree ma x-age 4-173 spanni ng-tree pri ority 4-174 spanni ng-tree pat hcost method 4-175 spanni ng-tree tran smissi on-limit 4-175 spanni ng-tree ms t-configu ration 4-176 mst v lan 4-176 mst pri ority 4-177 name 4 -177 revi sion 4-178 max-ho ps 4-179 spanni ng-tree sp anning -disable d 4-179 spanni ng-tree co st 4-180 spanni[...]

  • Page 17

    Contents xvii show brid ge-ex t 4-202 switchpo rt gvrp 4-2 03 show g vrp configura tion 4-203 garp time r 4-204 show garp timer 4-205 Priority Com mands 4-206 Priority Co mmands (Layer 2) 4-206 queue m ode 4-2 06 switchpo rt priority default 4-207 queue ba ndwidth 4-208 queue co s-map 4-2 09 show q ueue mode 4-210 show q ueue band width 4-210 show [...]

  • Page 18

    Contents xviii ip igmp snoopin g query-in terval 4-231 ip igmp snoopin g query -max-res ponse-t ime 4-231 ip igmp snoopin g router-port -expire-tim e 4-232 Stati c Multicas t Routin g Command s 4-233 ip igmp snoopin g vlan m router 4-233 show ip igmp sno oping mro uter 4-234 IGMP Com mands (Lay er 3) 4-2 34 ip igm p 4- 235 ip igmp robus tval 4-235 [...]

  • Page 19

    Contents xix ip spli t-horizo n 4-260 ip rip au thenticati on ke y 4-260 ip rip au thenticati on mode 4-261 show rip g lobals 4-262 show ip ri p 4-262 Open Shorte st Path Firs t (OSPF) 4-264 router ospf 4-265 router-id 4-2 65 compati ble rfc15 83 4-266 default-i nformation originate 4-267 timers s pf 4-268 area range 4-268 area defa ult-cost 4-269 [...]

  • Page 20

    Contents xx nbr-timeout 4-3 01 report-int erval 4-301 flash-up date-interv al 4-302 prune -lifetime 4-3 02 defa ult -gat eway 4 -303 ip dvm rp 4-303 ip dvm rp metric 4-3 04 clear ip dvmrp ro ute 4-305 show rout er dvmrp 4-305 show ip dvmrp rout e 4-306 show ip dvmrp nei ghbor 4-3 07 show ip dvmrp int erface 4-307 PIM-DM Multic ast Rout ing Comma nd[...]

  • Page 21

    Contents xxi Appendix A: Software Specification s A-1 Soft war e F eatu res A -1 Managem ent Featu res A-2 Standards A-2 Managem ent Inform ation Bases A-3 Appendix B: Troub leshooting B-1 Problems Accessing the Ma nagement Int erface B-1 Using Sys tem Logs B-2 Glossa ry Index[...]

  • Page 22

    Contents xxii[...]

  • Page 23

    xxiii Tables Table 1- 1 Key Featu res 1-1 Tab le 1-2 Sys tem Defa ult s 1-6 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 3- 3 Logging Lev els 3-29 Table 3- 4 SNMPv3 Security Mod els and L evels 3-38 Table 3-5 Sup ported Notif ication Messa ges 3-49 Table 3-6 HTTPS Sys tem Support 3-58 Table 3- 7 802.1X Sta[...]

  • Page 24

    xxiv T ables Table 4-1 8 Logging Levels 4-44 Table 4-1 9 s how l ogging fla sh/ram - d isplay des cription 4-48 Table 4-2 0 show logging trap - disp lay des cription 4-48 Table 4-2 1 SMTP Alert Comm ands 4-49 Table 4-22 Time Comm ands 4-53 Table 4-2 3 System Status C ommands 4-57 Table 4-24 Frame Size Command s 4-63 Table 4-2 5 Flash/File Co mmands[...]

  • Page 25

    xxv T ables Table 4- 63 Private VLAN C ommands 4-19 7 Table 4- 64 Protocol-based V LAN Comm ands 4-198 Table 4- 65 GVRP and Bridge Ext ensio n Commands 4-20 2 Table 4- 66 Priority Com mands 4 -206 Table 4- 67 Priority Comm ands ( Layer 2) 4-20 6 Table 4- 68 Default CoS Priori ty Level s 4-209 Table 4- 69 Priority Comm ands ( Layer 3 an d 4) 4-21 1 [...]

  • Page 26

    xxvi T ables Table 4-1 08 show i p dvmrp n eighbor - di splay d escriptio n 4-307 Table 4-1 09 PIM-DM Mul ticast Rou ting Com mands 4-308 Table 4-1 10 show i p pim nei ghbor - dis play des cription 4-314 Table 4-1 11 Router Red undancy Commands 4-314 Table 4-1 12 VRRP Comma nds 4-315 Table 4-1 13 show vrrp - display descr iption 4 -320 Table 4-1 14[...]

  • Page 27

    xxvii Figures Figur e 3-1 Home P age 3-2 Figure 3-2 Front Panel Indi cators 3 -3 Figure 3 -3 System Informa tion 3-12 Figure 3 -4 Switch Inform ation 3-14 Figure 3 -5 Displaying Bridge Ext ension Con figuration 3-15 Figure 3 -6 Configuring S upport for Jum bo Frames 3-16 Figure 3 -7 IP Interface Co nfiguration - M anual 3-18 Figure 3 -8 Default Gat[...]

  • Page 28

    xxviii Figures Figure 3 -42 802.1X Port Con figurati on 3-70 Figure 3 -43 802.1X Port Stat istics 3-73 Figure 3-44 IP Filter 3-75 Figure 3 -45 Selecting ACL Ty pe 3-77 Figure 3 -46 ACL Configurati on - Standard IP 3-78 Figure 3 -47 ACL Configur ation - Ext ended IP 3-80 Figure 3 -48 ACL Configur ation - MAC 3-8 2 Figure 3 -49 Selecting ACL Mask Typ[...]

  • Page 29

    xxix Figures Figure 3 -87 Traffic Cl asses 3-153 Figure 3- 88 Que ue Mode 3-15 4 Figure 3-89 Queue Sch edulin g 3- 155 Figure 3 -90 IP Precedence/DS CP Priority S tatus 3-156 Figure 3-91 IP Precedenc e Priority 3 -157 Figure 3-92 IP DSCP Priority 3-159 Figure 3-93 IP Port Priority Statu s 3-16 0 Figure 3-94 IP Port Priority 3-160 Figure 3 -95 Confi[...]

  • Page 30

    xxx Figures Figure 3-132 RI P Network Addresse s 3 -227 Figure 3-133 RIP Inte rface Settings 3-230 Figure 3-134 RIP Stati stics 3-232 Figure 3-135 O SPF General Config uration 3-237 Figure 3-136 O SPF Area Configuratio n 3 -240 Figure 3-137 O SPF Range Configurat ion 3-242 Figure 3-138 O SPF Interface Config uration 3-245 Figure 3 -139 OSPF Inte rf[...]

  • Page 31

    1-1 Chapter 1: Introduction This switc h provides a b road rang e of featur es for Lay er 2 switchi ng and Laye r 3 routing. It in cludes a managem ent agen t that allows you to confi gure the features listed in this manual. Th e default c onfiguration can be use d for most of the feature s provided by this switc h. Howe ver , there are m any optio[...]

  • Page 32

    Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a w ide range of a dvanc ed perfor mance enha ncing features . Broadca st storm s uppressio n preve nts broadcast traffic storms from engulf ing the network . Untagged (por t-based) , tagged, and pr otocol-b ased VLANs, plus sup port for autom atic GVRP VLAN regi stration pr[...]

  • Page 33

    Description of Softw are Feat ures 1-3 1 DHCP Server and DHCP Relay – A DHCP server is prov ided to assign IP addresses to h ost devices. Since DHCP uses a broadcast mechanism, a DHCP server and i ts client must physica lly res ide on the same s ubnet . Since it is not practical to have a DHCP server on every subnet, DHCP Relay is also supported [...]

  • Page 34

    Introduction 1-4 1 Sp anning T ree Algorithm – The switch su pports these span ning tree pr otocol s: S panning Tree Protocol (S TP , IEEE 80 2.1D) – Th is protoc ol provid es loop d etection and recov ery by al lowing two or more redundan t connect ions to be c reated between a pair of LAN seg ments. Whe n there ar e multipl e physical paths b[...]

  • Page 35

    Description of Softw are Feat ures 1-5 1 When th ese service s are enabl ed, the prior ities are m apped to a Clas s of Service value by the switch, and the traffic the n sent to the co rrespo nding outpu t queue. IP R ou tin g – The switch prov ides Laye r 3 IP routing. T o main tain a high rate of throug hput, the swi tch forwa rds all traffic [...]

  • Page 36

    Introduction 1-6 1 Multicast Filte ring – S p ecific mul ticast traffic can be as signed to i ts own VLAN to ensure t hat it does n ot interfere w ith normal network traffic and to guara ntee real-time delive ry by se tting the required prior ity level for the designa ted VLAN. The switch uses IGMP Snooping a nd Query at Layer 2 and IG MP at Laye[...]

  • Page 37

    System Defaults 1-7 1 Authentic ation Privileged Exec Level Us ername “a dmin” Pass word “ adm in” Normal E xec Lev el Username “gues t” Pass wor d “gue st” Enable P rivilege d Exec from Nor mal Exec Lev el Pass word “ sup er” RADIUS A uthen tication Disabled T A CACS Aut henticatio n Disabled 802.1X P ort Aut henticatio n Dis a[...]

  • Page 38

    Introduction 1-8 1 Span nin g T ree Algorithm Status Enabled, RSTP (Defaults: All val ues ba sed on IEE E 802 .1w) Fast Forw arding (Edge Po rt) Disabled Address T able Aging Time 300 seco nds Virtual LANs Default V LAN 1 PVID 1 Acceptab le Fram e Type All Ingress F iltering Disabled Switchpo rt Mode (Egress M ode) Hybrid: ta gged/u ntagged f rames[...]

  • Page 39

    System Defaults 1-9 1 Multicast Filtering IGMP Sn ooping (La yer 2) Snooping : Enab led Querier: D isable d IGMP (Layer 3) Disabled Multicast Rou ting DVMRP Disabled PIM-D M Disabled System L og Status Enabled Message s Logg ed Levels 0- 7 (all) Message s Logg ed to F lash Levels 0-3 SMTP Em ail Aler ts Event Ha ndler Enabled (but no server defined[...]

  • Page 40

    Introduction 1-10 1[...]

  • Page 41

    2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in ne twork mana gement agent. The agent offers a var iety of m anageme nt opti ons, inc luding S NMP , R MON a nd a web- based i nterfac e. A P C may also be connec ted direct ly to the swit ch for con figuratio n and monit oring via [...]

  • Page 42

    Initial Confi guration 2-2 2 • Configu re Spa nning T ree pa ramet ers • Configure Class of Se rvice (C oS) prio rity que uing • Configu re up to 6 stat ic or LACP t runks per sw itch, up to 32 per stack • Enable po rt mirror ing • Set br oadcast stor m contr ol on any port • Displa y system in formatio n and statis tics • Configu re [...]

  • Page 43

    Stack Operations 2-3 2 For a des cription of how to use t he CLI, se e “Usin g the Comma nd Line Interface” on page 4-1. For a lis t of all the CLI com mands and detailed inf ormation on using the CLI, ref er to “Com mand Gr oups” on page 4-10. Remote Connections Prior to acces sing the switc h’s onboa rd age nt via a netw ork c onnection[...]

  • Page 44

    Initial Confi guration 2-4 2 • If more than one stack Master is selected usi ng the Mas ter/Slav e push bu tton on the switch’s front panel, th e system will select the unit with the lowest MAC address as the Mast er. • If the Mas ter unit fail s and anoth er unit takes o ver con trol of the stac k, the unit numbering will not change. • I f[...]

  • Page 45

    Stack Operations 2-5 2 the Maste r button is not depress ed on any unit. The stack re boots and resum es operat ions. How ever , note that the IP address will be the s ame for any c ommon VLANs ( with active port con nectio ns) that a ppear in both of th e new stack s egments. T o resol ve the con flicting IP add resses, you sho uld manual ly repla[...]

  • Page 46

    Initial Confi guration 2-6 2 Consistent Runtime Code in Each S witch – The main board runtime firmware version fo r each uni t in the stack m ust be th e same as the Master unit’s ru ntime firmware. After Auto-ID assignme nt is comp leted, the M aster unit che cks the im age versions for consistency. If the fir mware versions ( i.e., ru ntime c[...]

  • Page 47

    Basic Configur ation 2-7 2 Setting Passwo rds Note: If this is yo ur first time to log into the CLI pr ogram, you s hould define new passwords for both default user names us ing the “usernam e” command, record them and put them in a safe place . Passwo rds can con sist of up to 8 al phanum eric cha racters an d are case s ensitive . T o p reven[...]

  • Page 48

    Initial Confi guration 2-8 2 Before y ou can assign an IP addr ess to the swi tch, you m ust obtain th e following inform ation from y our netwo rk administ rator: • I P addr ess fo r the sw itch • Default ga teway for the netwo rk • Network mask for thi s network T o assig n an IP add ress to the switch, com plete the followin g steps: 1. Fr[...]

  • Page 49

    Basic Configur ation 2-9 2 5. W ait a few minutes, and then c heck the IP con figur ation settings by typin g the “show ip int erface” co mman d. Press <E nter>. 6. Then save y our con figuratio n changes by typing “copy runn ing-conf ig startup-co nfig.” Ente r the startup file nam e and pres s <Enter >. Enabling SNMP Managemen[...]

  • Page 50

    Initial Confi guration 2-10 2 The defa ult s tri ngs are: • public - with read-on ly acc ess. A uthorize d mana geme nt stat ions are only able to ret rieve MIB obje cts. • private - w ith re ad-write access. Author ized ma nagem ent stat ions a re able t o both ret rieve and modify MIB obje cts. T o preve nt unaut horized a ccess to the sw itc[...]

  • Page 51

    Basic Configur ation 2-11 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag eme nt access for SNMPv3 cl ients, you ne ed to first creat e a view tha t defines the portions of MIB that the cli ent can read or writ e, assign t he view to a group , and then assign the use r to a group. The fo llowing ex ample cre ates one view cal[...]

  • Page 52

    Initial Confi guration 2-12 2 Managing System Files The s wit ch’ s fl ash memory supp ort s th ree type s of s yste m fi les t hat can be mana ged by the CLI program, web interface, or SNMP . The switch’s file syst em allows files to be upload ed and dow nloade d, copied, deleted, a nd set as a start-up file. The thre e types of files ar e: ?[...]

  • Page 53

    3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an embed ded HT TP web agent. Using a web browse r you c an configur e the switch and view statistics to m onitor netw ork activ ity . The w eb agent can be acce ssed by any compu ter on the ne twork using a standar d web bro wser (Interne t Explorer 5. 0 or ab[...]

  • Page 54

    Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o acce ss the web- browser interfac e you mus t first enter a us er name a nd password . The ad ministra tor has Read/Write access to all co nfigurat ion parame ters and statistics. The default user nam e and passwo rd “admin” is used for the adminis trator . Home Page When yo[...]

  • Page 55

    Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable parameters have a dialo g box or a drop -down list. O nce a co nfigur ation change ha s been m ade on a page, b e sure to click o n the App ly button to confirm the new set ting. The following table su mmar izes the web page c onfigurat ion buttons. Notes: 1. To ensu r[...]

  • Page 56

    Configuring the Switch 3-4 3 Main Menu Using th e onboard web agent, you can def ine system parameter s, manag e and contro l the switch, and all its ports, or monit or networ k condition s. The foll owing table briefly des cribes the select ions availab le from th is program . T able 3-2 Switc h Main Me nu Menu Descr iption Page System 3-12 System[...]

  • Page 57

    Navigating the Web Brow ser Interface 3-5 3 SNMPv3 3-4 2 Engine ID Sets t he SNM P v3 eng ine ID 3-43 Remote E ngine ID Sets the S NMP v3 engi ne ID on a remo te device 3-43 User s Conf igu res SN MP v3 us ers 3-44 Remote U sers Configure s SNM P v3 users on a r emote dev ice 3-46 Grou ps Conf igu res SN MP v3 gr oups 3 -48 View s Conf igur es SN M[...]

  • Page 58

    Configuring the Switch 3-6 3 LACP 3-93 Configura tion Allo ws po rts to dyna mically join trunk s 3-95 Aggregat ion Port Config ures para meters for link aggre gation gro up members 3-97 Port Coun ters In formati on Displays s tatistic s for LA CP proto col mes sages 3-100 Port Inter nal Info rmation Displays settings and o perational state f or th[...]

  • Page 59

    Navigating the Web Brow ser Interface 3-7 3 Trun k Co nfigu rati on Confi gures trun k sett in gs for a spec ifie d MST i nstan ce 3-1 33 VLAN 3-135 802.1Q V LAN GVRP Sta tus Enabl es GVR P VLAN r egistra tion protoc ol 3-138 Basic Info rmatio n Displays i nforma tion on the VLAN type s upported b y this s witch 3-138 Current T able Shows the cu rr[...]

  • Page 60

    Configuring the Switch 3-8 3 QoS 3-161 Diff Ser v Con figu re Q oS cla ssif icat ion cr it eria and se rvic e poli ci es 3-1 61 Clas s Map Cr eates a clas s map f or a ty pe of t raf fi c 3-162 Policy Ma p Cre ates a policy ma p for m ultiple inte rfaces 3 -165 Service P olicy Ap plies a policy map defin ed to an in gress port 3-16 8 IGMP Sn oopin [...]

  • Page 61

    Navigating the Web Brow ser Interface 3-9 3 ARP 3-210 General Se ts the pro tocol timeou t, and ena bles or disab les prox y ARP for the specif ied VL AN 3-21 1 Static Add resses Statica lly maps a physi cal add ress to an IP add ress 3 -212 Dynamic A ddres ses Shows dy namica lly lear ned entrie s in the IP routin g table 3-21 3 Other Add resses S[...]

  • Page 62

    Configuring the Switch 3-10 3 Routing P rotoco l 3 -206 RIP 3-224 General S ettings En ables or d isables RIP , sets the globa l RIP versio n and timer values 3-225 Network A ddress es Configure s the n etwork int erfaces that will u se RIP 3-227 Interface Setting s Config ures RIP p arame ters for ea ch inte rface, including s end and recei ve ver[...]

  • Page 63

    Navigating the Web Brow ser Interface 3-11 3 PIM-DM General S ettings En ables or d isables PIM-D M globally for the switch 3-271 Interface Setting s Enabl es or d isables PIM -DM p er interfac e, conf igures protocol settings fo r hello , prune an d graft messa ges 3-272 Interface Info rmatio n Displa ys summar y information for eac h interface 3-[...]

  • Page 64

    Configuring the Switch 3-12 3 Basic Configuration Displaying Syste m Information Y o u can easi ly identif y the system by display ing the de vice nam e, locatio n and contac t informati on. Field Attributes • Syst em Name – Name assi gned to the sw itch syst em. • Object ID – MIB II object ID for switch’s network m anagem ent subs ystem.[...]

  • Page 65

    Basic Configur ation 3-13 3 CLI – S peci fy th e ho stnam e, l ocat ion and co nt act infor mat ion. Displaying Switch Hardware/Soft ware Versions Use the Sw itch Infor mation page to di splay ha rdware/ firmware ve rsion nu mbers for the main bo ard and m anagem ent software, as well as th e power status of the system . Field Attributes Main Boa[...]

  • Page 66

    Configuring the Switch 3-14 3 • Operation Code Version – Version nu mber of ru ntime cod e. • Role – Shows tha t this switch is operating as Master or Slave . These addi tional param eters are di splaye d for the CLI . • Unit ID – Unit number in sta ck. • Redundant Power Status – Displa ys the statu s of the redu ndant pow er supp l[...]

  • Page 67

    Basic Configur ation 3-15 3 Displaying Bridge Extension Capa bilities The Bridg e MIB includ es extens ions for mana ged dev ices that support Mult icast Fil ter ing, T raf fic Cl asses , and Vi rtu al L ANs. Y ou can acces s the se ex tens ions to dis play def ault se tti ngs for t he key va riabl es. Field Attributes • Extended Multica st Filte[...]

  • Page 68

    Configuring the Switch 3-16 3 CLI – Enter the fo llowing co mman d. Configuring Suppor t for Jumbo Frames The switc h provides more efficient t hroughpu t for large seq uentia l data transfers by support ing jumb o frames up to 9216 bytes . Compared to standard E thernet frame s that run only up to 1.5 KB, using jumbo fra mes signi ficantly re du[...]

  • Page 69

    Basic Configur ation 3-17 3 Setting the Switch’s IP Address Thi s sec tion desc ribe s how to confi gur e an in it ial I P int erf ace f or m anage ment access over th e network. The IP address f or this st ack is obtai ned via DHCP by default. T o manua lly configu re an addr ess, you ne ed to chan ge the stack’s defa ult set ting s to valu es[...]

  • Page 70

    Configuring the Switch 3-18 3 Manual Co nfiguration We b – Click I P , General, Rout ing Interf ace. Select the VLAN th rough which t he manage ment station is at tached, set the IP Address Mode to “St atic,” and spec ify a “Primar y” interfac e. Enter the IP address, subnet mas k and gate way , th en click Apply . Figure 3-7 IP In terfac[...]

  • Page 71

    Basic Configur ation 3-19 3 Using DHCP/BOOTP If your netw ork prov ides D HCP/ BOOTP servi ces, y ou can confi gure the stack t o be dyna mic ally co nfi gured by thes e serv ices . We b – Clic k IP , Ge neral, R outing Inter face. Specify the VLAN to which the mana gemen t st atio n is att ached, set th e IP Addr ess Mo de to D HCP or BO OTP . C[...]

  • Page 72

    Configuring the Switch 3-20 3 Renewing DCHP – DHC P may lea se addres ses to clie nts indefinitel y or for a specific period of time . If the addr ess expi res or the stac k is moved to another network segment, you will lose management access to the stack. In this case, you can reboo t the stack or su bmit a clie nt request to restart DHC P servi[...]

  • Page 73

    Basic Configur ation 3-21 3 Downloadi ng System Softw are from a Se rver When dow nload ing runtim e code, you can speci fy the destin ation file na me to replace th e curren t image, or first download the file us ing a different nam e from the current ru ntime co de file, and th en set the new file as the start up file. We b – Click Sy stem, F i[...]

  • Page 74

    Configuring the Switch 3-22 3 T o delete a f ile select Sy stem, File Ma nagemen t, Dele te. Select the fil e name from the given l ist by check ing the tick bo x and click Ap ply . Note that the file currentl y designa ted as the star tup code ca nnot be de leted. Figure 3 -12 D eleting Fi les CLI – T o downl oad new firmware fo rm a TFTP se rve[...]

  • Page 75

    Basic Configur ation 3-23 3 Saving or Restoring Confi guration Settings Y o u can up load/d ownload configura tion settin gs to/fr om a TFT P server, or copy files to and from sw itch units in a stack. The conf iguration file ca n be lat er down loaded to restor e the switch ’s settings. Command Attributes • File Trans fer Metho d – The conf [...]

  • Page 76

    Configuring the Switch 3-24 3 Downloadi ng Configuration Se ttings from a Se rver Y o u can dow nload the con figurat ion file under a new file nam e and then set it as the startup file, or you can sp ecify th e curre nt startup co nfigur ation file a s the destinat ion file to direct ly replac e it. Note that the file “Fac tory_De fault_Con fig.[...]

  • Page 77

    Basic Configur ation 3-25 3 CLI – Enter the IP ad dress of the TFT P server, specify th e source file on th e server, set the startup file name on the switch , and then restart the sw itch. T o selec t anothe r configurat ion file as th e start-up con figuratio n, use the boot system comma nd and then restart the switch . Console Port Settings Y [...]

  • Page 78

    Configuring the Switch 3-26 3 • Speed – Sets the termi nal line’s baud rate for trans mit (to termi nal) and rec eive (from termi nal). Set th e speed to match the ba ud rate of th e device co nnected to the serial po rt. (Range: 9600, 19 200, 3840 0, 57600, or 1 15200 ba ud, Auto ; Default: Auto ) • Stop Bits – Sets the nu mber of th e s[...]

  • Page 79

    Basic Configur ation 3-27 3 CLI – Enter Line Co nfigurat ion mod e for the con sole, then spe cify the con nection parameter s as require d. T o disp lay the curr ent cons ole port sett ings, use t he show line command fr om the Normal Ex ec level. Telnet Set tings Y o u can acces s the onbo ard con figuratio n program over the ne twork using T e[...]

  • Page 80

    Configuring the Switch 3-28 3 • Password 3 – Specifies a passw ord fo r the line c onnec tion. Wh en a conn ection is started on a line with pa ssword pr otection , the syste m prompt s for the pas sword. If you ente r the correc t passw ord, the sy stem sh ows a prom pt. (Defau lt: No password ) • Login 3 – Ena bles passw ord chec king at [...]

  • Page 81

    Basic Configur ation 3-29 3 Configuring Event Logging The sw itch allow s you to contr ol the l ogging of error messag es, includ ing th e type o f events that are re corded in switch memor y , logging to a remote Sy stem Log (syslog) server, and disp lays a list of recent ev ent mes sages. System Log Configuration The syste m allows yo u to enable[...]

  • Page 82

    Configuring the Switch 3-30 3 We b – Click Sy stem, Lo gs, Syst em Log s. Specify System Lo g S tatus, set the leve l o f event mess ages to be logg ed t o RAM an d fl ash m emory , th en cl ick Ap ply . Figu re 3 -17 Sys tem Lo gs CLI – Enable system lo gging an d then sp ecify the level of mes sages to be logge d to RAM an d flash memo ry . U[...]

  • Page 83

    Basic Configur ation 3-31 3 We b – Click System, Logs, Remote Logs. T o add an IP address to t he Host IP List, type the new IP addre ss in the Host IP Addres s box, and the n click Add. T o delete an IP addr ess, click the entry in th e Host IP List , and the n click Rem ove. Figu re 3 -18 Rem ote Lo gs CLI – Enter the sy slog ser ver host IP [...]

  • Page 84

    Configuring the Switch 3-32 3 Displaying Log Me ssages Use the Log s page to scro ll through th e logged sy stem an d event mes sages . The switch can store up t o 2048 lo g entries in tem porary random access mem ory (RAM ; i.e., memor y flushed o n power r eset) and up t o 4096 ent ries in perm anent flas h memory . We b – Click Sy stem, Log , [...]

  • Page 85

    Basic Configur ation 3-33 3 • SMTP Se rver List – Spe cifi es a lis t of up t o thr ee r ecipi ent SMTP server s. T he switch attempts to connec t to the other lis ted server s if the first fa ils. Use the N ew SMTP Serv er text field an d the Add/R emove bu ttons to conf igure the list. • Email Dest ination Addr ess List – S peci fie s the[...]

  • Page 86

    Configuring the Switch 3-34 3 CLI – Enter the IP ad dress of at least on e SMT P server, set t he syslo g severit y level to trigger a n email m essage, and speci fy the sw itch (sou rce) and up to five rec ipient (destina tion) email ad dresses . Enable SM TP with the logging se ndmail co mmand to compl ete the conf iguration. Use th e show lo g[...]

  • Page 87

    Basic Configur ation 3-35 3 CLI – Th is ex ampl e re number s al l uni t s in the st ac k. Resetting the Syste m We b – Click System, Reset . Click the Reset b utton to res tart the s witch. When prompted, confirm th at you want reset the switch. Figure 3 -22 Re settin g the Sys tem CLI – Us e th e rel oad c omman d to rest ar t the swit ch. [...]

  • Page 88

    Configuring the Switch 3-36 3 We b – Sele ct SN TP , Conf igur ati on. Mo dify an y of t he requ ir ed pa ramet ers, and cl ick Apply . Figure 3 -23 S NTP Conf igurati on CLI – This examp le configu res the sw itch to operat e as an SNT P client and then displays the curre nt time an d setting s. Setting the T ime Zone SNT P uses Coor dina ted [...]

  • Page 89

    Simple Network Management Proto col 3-37 3 We b – Select SNTP , Clock T ime Zone. Set the of fset for your time zone rel ative to the UTC, an d click Ap ply . Figu re 3 -24 Cl ock T ime Zo ne CLI - This exam ple shows ho w to set the tim e zone for the system clock. Simple Network Manage ment Protocol Simp le Ne twor k Manage ment Pr ot ocol (SNM[...]

  • Page 90

    Configuring the Switch 3-38 3 The SNMP v3 sec urity st ructure c onsists of s ecurity mo dels, w ith each m odel ha ving it’ s own security levels. There are three sec urity models def ined, SNMPv1, SNMP v2c, and SNMPv3 . User s are as sign ed to “g roup s” tha t are de fin ed by a securi ty model an d specifi ed securit y levels. Each group [...]

  • Page 91

    Simple Network Management Proto col 3-39 3 Enabling the SNMP Agen t Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes SNM P Agen t St atus – Enables SN MP on the switc h. We b – Click SN MP , Agent S tatus. Enable th e SNMP Agent by marking the Enabled chec kbox , and cli ck Ap ply . Figure 3 -25 E [...]

  • Page 92

    Configuring the Switch 3-40 3 Web – Click SNM P , Configura tion. Add ne w commu nity strin gs as requi red, sele ct the access righ ts from th e Acces s Mode drop-d own l ist, then cl ick Ad d. Figure 3- 26 Co nfigur ing SNMP Comm unity Stri ngs CLI – The followi ng exam ple adds the string “sp iderman” with rea d/write ac cess. Specifying[...]

  • Page 93

    Simple Network Management Proto col 3-41 3 To send an i nform to a SNM Pv2c hos t, compl ete these st eps: 1. En able the SNMP ag ent (p age 3- 39) . 2. Ena ble trap info rms as desc ribed in th e following pages . 3. Cre ate a view w ith the requi red notific ation mes sages (page 3 -52). 4. Cre ate a grou p that includ es the req uired notif y vi[...]

  • Page 94

    Configuring the Switch 3-42 3 • Enable Link-up and Link- down Traps 4 – Issu es a not ificatio n messag e whenev er a port link is established or broken. (Default : Enabled) We b – Click SN MP , Configu ration. Enter the IP ad dress and commu nity string fo r each management station that will receiv e trap message s, specify th e UDP port, SN[...]

  • Page 95

    Simple Network Management Proto col 3-43 3 Setting a Local Engine ID An SNMP v3 eng ine is an indepe ndent S NMP a gent t hat resid es on the switch . This engine prot ects against messag e replay , de lay , and r edirection . The engi ne ID is also use d in comb ination with user passw ords to gener ate the security ke ys for aut hent icat ing an [...]

  • Page 96

    Configuring the Switch 3-44 3 The en gine ID can be s pecif ied by ente ring 1 to 26 hex adeci mal ch arac ters . If les s than 26 ch aracters ar e specifi ed, trailing zeroes are added to the va lue. For example, the value “ 1234” is e quivalent to “1234” fol lowed by 22 zeroes. We b – Click SNMP , SNMPv3, Remote Engine ID. Ente r an ID [...]

  • Page 97

    Simple Network Management Proto col 3-45 3 • Privacy Protocol – The encryp tion alg orithm us e for d ata priv acy; on ly 56-bit DES is currentl y availabl e. • Privacy P assw ord – A minim um of eight plai n text char acters is requ ired. • Actions – Enables t he user to be assigned t o another SNMPv3 group. We b – Click SN MP , SNMP[...]

  • Page 98

    Configuring the Switch 3-46 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user na me and assign it to a group. Configuring Rem ote SNMPv3 Users Each SNMP v3 user is defined by a un ique nam e. Users mu st be conf igured with a specific security level and a ssigned to a grou p. The SNM Pv3 grou p restr icts users to a specifi [...]

  • Page 99

    Simple Network Management Proto col 3-47 3 • Privacy Protocol – The encryp tion alg orithm us e for d ata priv acy; on ly 56-bit DES is currentl y availabl e. • Privacy P assw ord – A minim um of eight plai n text char acters is requ ired. We b – Click SN MP , SNMPv 3, Remote Users. Clic k New to co nfigure a us er name. In the Ne w User [...]

  • Page 100

    Configuring the Switch 3-48 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user na me and assign it to a group. Configuring SNM Pv3 Groups An SNMP v3 group se ts the acces s policy fo r its assigne d users, res tricting th em to specific read, write, and notify views. Y ou can us e the pre- defined de fault gro ups or create n[...]

  • Page 101

    Simple Network Management Proto col 3-49 3 T ab le 3-5 Supporte d Noti fication M essag es Object La bel Objec t ID Description RFC 1493 Traps newRoot 1.3.6. 1.2.1.1 7.0.1 The newR oot trap in dicate s that the sendin g agent has becom e the new root of the S pannin g Tree; the trap is sent by a bridge soon afte r its election as the new root, e.g.[...]

  • Page 102

    Configuring the Switch 3-50 3 Private Tr aps swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.6 4.2.1.0.1 This trap is sent wh en the power state chan ges. swFanFai lureTra p 1.3.6.1.4. 1.259. 6.10.6 4.2.1.0.17 This trap is sent when t he fan fail s. swFanRe coverTr ap 1.3.6.1.4. 1.259. 6.10.64.2. 1.0.18 Th is trap is sent when the fan fail ure ha[...]

  • Page 103

    Simple Network Management Proto col 3-51 3 We b – Click SNMP , SNMPv3, Groups. Click New to configure a new group. In the New G roup page , define a na me, assi gn a se curity m odel a nd lev el, and then s elect read, wr ite, and notify views. Cli ck Add to sav e the new gr oup and retur n to the Groups list. T o delete a gr oup, che ck the box [...]

  • Page 104

    Configuring the Switch 3-52 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict use r access to speci fied portio ns of the M IB tree. The prede fined view “defaultv iew” incl udes acces s to the en tire MIB tree. Command Attributes • View Name – The nam e of the SNMP view. (Ran ge: 1-64 cha racters) • View OID Subt rees – Shows [...]

  • Page 105

    User Authent ication 3-53 3 CLI – Us e th e snmp-s erver vi ew comm and to co nfigure a ne w view . This exam ple view incl udes the MIB-2 in terfaces tabl e, and the wildc ard mask select s all ind ex entries. User Authentication Y o u can rest rict man agemen t access t o this swit ch and prov ide secu re networ k access us ing the fol lowing o[...]

  • Page 106

    Configuring the Switch 3-54 3 Command Attributes • Account List – Dis plays the cu rrent list of user accoun ts and ass ociate d access levels. (D efaults : admin, and gu est) • New Account – Displ ays configu ration set tings for a ne w accoun t. - User Name – The name of the us er. (Maxim um lengt h: 8 charact ers; maxi mum num ber of u[...]

  • Page 107

    User Authent ication 3-55 3 Configuring Local/Remote Logon Authentication Use the Authe ntication Setting s menu to r estrict m anagem ent a ccess based on specifie d user name s and passwo rds. Y ou can m anual ly con figure a ccess rights o n the swit ch, or yo u ca n use a re mote acces s aut hent ica tion ser ver ba sed on RAD IUS or T A CACS+ [...]

  • Page 108

    Configuring the Switch 3-56 3 • RADIUS Settings - Global – Provides g lobally ap plicable RADIUS se ttings. - ServerIndex – Speci fies one of five RADI US serv ers that may be configu red. The switch at tempts authent ication usin g the listed se quence of servers. Th e process ends whe n a server e ither appr oves or den ies acce ss to a use[...]

  • Page 109

    User Authent ication 3-57 3 We b – Click Security , Authentication Sett ings. T o configure lo cal or remote authenti cation pre ferenc es, specif y the aut henticat ion seque nce (i.e., on e to three methods), fill in t he parameters f or RADIUS or T ACA CS+ authentic ation if sel ected, and click Ap ply . Figure 3-3 5 Aut henticatio n Serv er S[...]

  • Page 110

    Configuring the Switch 3-58 3 Configuring HTTPS Y o u can conf igure the sw itch to enab le the Secur e Hyper text T ransf er Protocol (HTTPS ) over the S ecure Soc ket Layer (SSL), prov iding secu re acce ss (i.e., an encrypt ed con nectio n) to t he sw itch’s web interf ace. Command Usage • Both the HT TP and HTTP S service can be enable d in[...]

  • Page 111

    User Authent ication 3-59 3 We b – C lick Sec urity , H TTPS Se ttings. En able HTTP S and specify th e port number, then c lic k A pply. Figure 3- 36 HT TPS S ettings CLI – This example ena bles the H TTP secure server an d modifies the p ort num ber . Replac ing the Default Secure-sit e Certificate When you log onto the we b interfa ce using [...]

  • Page 112

    Configuring the Switch 3-60 3 Configuring the Secure She ll The Berkl ey-standard includes r emote ac cess too ls original ly designe d for Unix systems. Some of these tools have also been imple mented fo r Micros oft Windows and other environm ents. These to ols, includ ing com mands su ch as rl ogin (rem ote login), rsh (remote she ll), and rcp ([...]

  • Page 113

    User Authent ication 3-61 3 be config ured loca lly on the sw itch via the U ser Accou nts page as descr ibed on page 3-53.) Th e clients are subs equen tly authen ticated u sing these k eys. The curren t firmware on ly accepts publ ic key files base d on standard UNI X format as shown in the followin g example f or an RSA V ersion 1 k ey: 1024 35 [...]

  • Page 114

    Configuring the Switch 3-62 3 Field Attributes • Public-Key of Host-Key – T he pu bli c key for the h ost . - RSA (Versi on 1): The fir st field indic ates the size of the host key ( e.g., 1024 ), the second f ield is the encod ed public expone nt (e.g., 6 5537), and the las t string is the encod ed modul us. - DSA (Versi on 2): The fir st fiel[...]

  • Page 115

    User Authent ication 3-63 3 CLI – Th is ex ampl e ge nera tes a hos t-ke y p air usin g bot h th e RSA and DSA algorithms, stores the keys to flash memory , and then displays the host’s p ublic keys. Configuring the SSH Server The SSH se rver inc ludes ba sic settings for authent ication . Field Attributes • SSH Server Status – Allo ws you [...]

  • Page 116

    Configuring the Switch 3-64 3 We b – Click Security , SSH, Settings. Enable SSH and adjust the authenticati on para meters as requir ed, then clic k Apply . Note that y ou must firs t generate t he host key pair on the SS H Ho st-Key Settings pag e befor e yo u can e nable the SSH server . Figure 3-3 8 SS H Server Setting s CLI – This examp le [...]

  • Page 117

    User Authent ication 3-65 3 Configuring Port Security Port securit y is a feature t hat allows you to conf igure a switch port with one or more device MA C addres ses that are autho rized to acc ess the ne twork th rough that port. When por t securit y is enabled on a port, the switch stops lear ning new M AC address es on the sp ecified po rt when[...]

  • Page 118

    Configuring the Switch 3-66 3 We b – Click Security , Port Security . Set the action to take when an invalid addre ss is detected o n a port, mar k the chec kbox in the Status column to enable secu rity for a port, set the maxi mum number of MAC a ddresse s allowe d on a port, and click A pply . Figure 3-3 9 Po rt Securit y CLI – This examp le [...]

  • Page 119

    User Authent ication 3-67 3 Configuring 802. 1X Port Authentication Netw ork switch es can pr ovid e open an d eas y access to netw ork resour ces by simply attac hing a client PC. Although this autom atic co nfigurati on and acce ss is a desirabl e feature, it also allow s unautho rized pers onnel to eas ily intrude and possibly gain acces s to se[...]

  • Page 120

    Configuring the Switch 3-68 3 • The RADI US ser ver and c lient also have to supp ort th e same EA P authenti cation type – MD 5. (Som e clients ha ve native su pport in Wi ndows , otherw ise the dot 1x client mus t support it.) Displaying 802 .1X Global Settings The 80 2.1X proto col pr ovid es por t auth enti cati on. Command Attributes 802.1[...]

  • Page 121

    User Authent ication 3-69 3 Configuring 80 2.1X Globa l Settings The 80 2.1X proto col pr ovid es por t auth enti cati on. The 802. 1X pro tocol must be enabled globa lly for the switch s yste m befor e port settin gs are active. Command Attributes 802.1X Sy stem Auth entication Con trol – Sets t he global se tting for 802 .1X. (Def aul t: D isab[...]

  • Page 122

    Configuring the Switch 3-70 3 • Max Reque st – Sets th e maximum number of times th e switch port will retra nsmit an EAP reques t pack et to th e client b efore it times out the authen tication session . (Ran ge: 1-10 ; Def aul t 2) • Quiet Period – Sets the ti me tha t a switch po rt waits a fter the Ma x Reque st co unt has b een exce ed[...]

  • Page 123

    User Authent ication 3-71 3 CLI – Th is ex ampl e se ts t he 80 2.1 X pa rame ters on po rt 2. For a de scri ptio n of the addition al fields disp layed in this examp le, see “sho w dot1x” on page 4-85 . Console(config)#interface ethernet 1/2 4-143 Console(config-if)#dot1x port-control aut o 4-81 Console(config-if)#dot1x re-authenticatio n 4-[...]

  • Page 124

    Configuring the Switch 3-72 3 Display ing 802.1X Statistics Thi s swit ch c an di spl ay st ati sti cs fo r do t1x prot ocol exch anges for any port . T ab le 3-7 802.1X S tatisti cs Paramete r Descr iption Rx EAPO L Start Th e numb er of EAPOL Start fra mes that ha ve bee n received b y this Au thenti cator . Rx EA POL L ogoff Th e number o f EAPO[...]

  • Page 125

    User Authent ication 3-73 3 We b – Select Securi ty , 802.1X, S tatistics. Select the requir ed port and th en click Query . Click Refresh to update t he statis tics. Figure 3- 43 80 2.1X P ort Statis tics CLI – Th is ex ampl e dis pla ys th e dot 1x s tat is tics for p ort 4. Console#show dot1x statistics interface e thernet 1/4 4-85 Eth 1/4 R[...]

  • Page 126

    Configuring the Switch 3-74 3 Filteri ng IP Addresses for Management Access Y o u can cre ate a list of up to 16 IP add resses o r IP address grou ps that are all owed manage ment ac cess to the swi tch throu gh the web i nterface , SNMP , or T elne t. Command Usage • The ma nagemen t inter faces a re open to al l IP addr esses by def ault. On ce[...]

  • Page 127

    User Authent ication 3-75 3 We b – Click Se curity , IP F ilter . Enter the IP ad dresses or range of add resses t hat are allowe d manage ment acc ess to an inter face, and cli ck Add IP Filter ing Entry . Figure 3-4 4 IP F ilter CLI – Th is ex ampl e re stri ct s mana geme nt ac cess for T eln et cl ie nts. Console(config)#management telnet-c[...]

  • Page 128

    Configuring the Switch 3-76 3 Access Control Lists Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC addre ss or Et hernet ty pe). To f ilter inc oming pa ckets, first crea te an a ccess list, add th e required r ul[...]

  • Page 129

    Access C ontrol Lis ts 3-77 3 Setting the ACL Name and Ty pe Use the AC L Configur ation page to de signate th e name and type of an A CL. Command Attributes • Name – Name of the AC L. (Maxim um lengt h: 16 charac ters) • Type – There are three fil tering mode s: - Standa rd : IP ACL mod e that filte rs packets b ased on the sourc e IP addr[...]

  • Page 130

    Configuring the Switch 3-78 3 and comp ared with th e address for each IP pac ket ente ring the por t(s) to which thi s ACL ha s been as sign ed. We b – S pecify the action (i .e., Permit o r Deny). Select th e address type (Any , Host, or IP). If yo u sele ct “Hos t,” ent er a s pecific addres s. If y ou se lect “IP ,” enter a subne t ad[...]

  • Page 131

    Access C ontrol Lis ts 3-79 3 • Protocol – Speci fies the prot ocol type to m atch as TCP , UDP or Others, whe re others in dicates a s pecific p rotocol n umber (0- 255). (O ptions: T CP, UDP, Others; Default: TCP) • Source/D estination Por t – Source /destina tion port number for the specifie d protocol type. (Rang e: 0-6 5535) • Source[...]

  • Page 132

    Configuring the Switch 3-80 3 We b – S pecify the action (i.e., Permit or Deny ). S pecify the source an d/or destinat ion addres ses. Sele ct the addre ss type (Any , Host, or IP) . If you selec t “Host,” enter a spec ific ad dress. I f you selec t “IP ,” ent er a s ubnet address and the mask for an address r ange. Set any other re quire[...]

  • Page 133

    Access C ontrol Lis ts 3-81 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any combinati on of permit o r deny rules . • Source/D estination Address Type – Use “Any” to include all possible ad dresses , “Host” to indicate a sp ecific M AC address , or “MA C” to specif y an addres s range with the Add r[...]

  • Page 134

    Configuring the Switch 3-82 3 We b – S pecify the action (i.e., Permit or Deny ). S pecify the source an d/or destinat ion addres ses. Sele ct the addre ss type ( Any , Hos t, or MAC). If yo u select “Host,” enter a specifi c addres s (e.g., 1 1- 22-33-4 4-55-66 ). If you s elect “MAC,” enter a base addr ess and a hexidecima l bitmas k fo[...]

  • Page 135

    Access C ontrol Lis ts 3-83 3 Configuring ACL Masks Y o u must spec ify masks that con trol the orde r in which A CL rules are ch ecked . The swi tch i ncl udes t wo s ystem def ault masks that p ass/ filt er p ack ets matc hing the permit /deny rule s specified i n an ingress AC L. Y ou can also config ure up to seve n user-de fined m asks f or an[...]

  • Page 136

    Configuring the Switch 3-84 3 Configuring an IP ACL Mask This mask d efines the fields to c heck in the IP header . Command Usage • Masks t hat include an entry fo r a Layer 4 prot ocol sou rce port or d estination port can only be applied to packets with a heade r length of exa ctly five bytes. Command Attributes • Source/D estination A ddress[...]

  • Page 137

    Access C ontrol Lis ts 3-85 3 We b – Configu re the mask to matc h the required rules in the IP ingre ss or egress ACLs. S et the mask to check for a ny source or destinat ion addres s, a spe cific host address , or an addres s rang e. Include other criteri a to search fo r in the rules, such as a protoc ol type or one of the servi ce type s. Or [...]

  • Page 138

    Configuring the Switch 3-86 3 Configuring a MAC ACL Mask This mask d efines the fields to c heck in the packe t header. Command Usage Y o u must conf igure a ma sk for an ACL rule befor e you can bind i t to a port. Command Attributes • Source/D estination A ddress Type – Use “ Any ” to mat ch any addr ess, “Host ” to specify t he host [...]

  • Page 139

    Access C ontrol Lis ts 3-87 3 CLI – This e xample s hows how t o create an Ingr ess M AC A CL and b ind it t o a por t. You can the n see that th e order of th e rules have be en chan ged by the mask. Binding a Port to an Access Control Lis t After configur ing the Acce ss Cont rol Lists (AC L), you shoul d bind them to the ports tha t need to fi[...]

  • Page 140

    Configuring the Switch 3-88 3 We b – Click Security , ACL, P ort Bi nding. M ark the Enab le field for the port you w ant to bind to an ACL for ingre ss or egres s traffic, select the r equired AC L from the drop-do wn list, then click Apply . Figure 3 -52 A CL Po rt Binding CLI – This examp les assign s an IP an d MAC ingres s ACL to po rt 1, [...]

  • Page 141

    Port Configurati on 3-89 3 • Autonegotiation – Shows if au to-negotia tion is enab led or disa bled. • Media Type 6 – Shows the forced /preferred port type to use f or comb ination por ts 21-24. (Copper-Force d, SFP-Forced, SFP-P referred-Auto) • Trunk Me mber 6 – Sh ows if port is a trunk mem ber. • Creation 7 – Shows if a trunk is[...]

  • Page 142

    Configuring the Switch 3-90 3 • Broadcas t storm – Shows if broadca st sto rm cont rol is enable d or disabl ed. • Broadcas t storm lim it – Shows the br oadcast storm th reshold. (500 - 26214 3 packets per secon d) • Flow control 8 – Shows if flow contro l is enabled or disabled. • LACP – Shows if LACP is enab led or disab led. •[...]

  • Page 143

    Port Configurati on 3-91 3 Configuring I nterface Connections Y o u can u se the Port Co nfigurat ion or Trunk C onfigur ation page to ena ble/disa ble an interface, set auto-ne gotiation an d the interf ace capabilitie s to adverti se, or manua lly fix the speed and duplex mode. Command Attributes • Name – Allow s you to label an interface . ([...]

  • Page 144

    Configuring the Switch 3-92 3 We b – Cli ck Po rt, Port Conf igur ati on or T run k Con fig urat ion. Modif y t he re quir ed interface settings, and click Apply . Figure 3-5 4 Por t - Port Configur ation CLI – Select the interface, and then enter the requ ired settings. Console(config)#interface ethernet 1/13 4-143 Console(config-if)#descripti[...]

  • Page 145

    Port Configurati on 3-93 3 Creating Tr unk Groups Y o u can crea te multipl e links betw een de vices that work as one vi rtual, aggr egate link. A por t trunk offers a dram atic inc rease in band width for ne twork se gments where b ottlenec ks e xist, a s well a s pr oviding a fault -tolera nt link b etwee n two devices (i.e ., single s witch or [...]

  • Page 146

    Configuring the Switch 3-94 3 Statically Configuring a Trunk Command Usage • When co nfiguri ng stati c trunks, you m ay no t be able to link sw itches of different types, dependi ng on the m anufactu rer’s implemen tatio n. However , note that the static trunks on th is switch a re Cisco Ethe rChann el compatible. • To avoid cr eating a loop[...]

  • Page 147

    Port Configurati on 3-95 3 CLI – This examp le creates trunk 1 with ports 9 and 10. Jus t connect these ports to two static trun k ports on ano ther switc h to form a tru nk. Enabling LACP o n Selected Ports Command Usage • To avoid c reating a loop in the netw ork, be sure you enabl e LACP bef ore conn ecting the ports, and also disconne ct th[...]

  • Page 148

    Configuring the Switch 3-96 3 Command Attributes • Member Li st (Cur rent ) – Show s conf igured trunk s (Unit, Por t). • New – Include s entry field s for creatin g new trunk s. - Unit – Stack unit. (Range: 1-8) - Port – Port ident ifier. (Range : 1-25/49) We b – Click Por t, LACP , Conf iguration . Select any of the switch po rts fr[...]

  • Page 149

    Port Configurati on 3-97 3 Configuring LACP Pa rameters Dynami cally Creati ng a Port Chann el – Ports assigne d to a com mon port ch annel mu st meet the f ollowing c riteria: • Ports must have the same LACP Syste m Priority. • Ports must have th e same LACP port Admin Key. • Howeve r, if the “port channel ” Admin Key is set (page 4-14[...]

  • Page 150

    Configuring the Switch 3-98 3 We b – Click Por t, LACP , Aggreg ation Port. Set the System Priority , Admi n Key , and Por t Prio rit y for the Por t Acto r . Y ou can opti onal ly co nfig ure th ese setti ngs fo r the Por t Par tne r . (Be a ware that th ese se tti ngs o nly af fect the admin ist rati ve s ta te of the partner , and will not tak[...]

  • Page 151

    Port Configurati on 3-99 3 CLI – The followi ng exam ple confi gures LACP parameters f or ports 1-10. Por ts 1-8 are used as active me mbers of t he LAG , ports 9 and 10 are se t to backu p mode. Console(config)#interface ethernet 1/1 4-143 Console(config-if)#lacp actor system-prio rity 3 4-160 Console(config-if)#lacp actor admin-key 1 20 4-161 C[...]

  • Page 152

    Configuring the Switch 3-100 3 Displaying LACP Port Co unters Y o u can disp lay statistics f or LACP protocol mes sages . We b – Click Port, LACP , Port Counte rs Information. Select a member port t o display the corres ponding informa tion. Figure 3 -58 L ACP - Por t Coun ters In formation CLI – The followi ng exam ple displ ays LACP c ounter[...]

  • Page 153

    Port Configurati on 3-101 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can disp lay confi guration s ettings an d the oper ational state for the local sid e of an link aggreg ation. T a ble 3- 9 LACP I nterna l Configur ation I nformation Field Descr iption Oper Key Cu rrent o peratio nal value o f the k ey for the aggreg ation p[...]

  • Page 154

    Configuring the Switch 3-102 3 We b – Click Port, LACP , Port Internal Info rmation. Sele ct a port chan nel to display the corres ponding informa tion. Figure 3-59 LAC P - Po rt Inter nal Inform ation CLI – The followi ng exam ple displ ays the LACP configu ration sett ings and operat ional state for th e local side of port chan nel 1. Console[...]

  • Page 155

    Port Configurati on 3-103 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can disp lay confi guration s ettings an d the oper ational state for the remote si de of an link ag gregatio n. We b – Click Po rt, LACP , Port Ne ighbors In formation. Se lect a port cha nnel to display t he corres ponding information . Figure 3- 60 LA CP[...]

  • Page 156

    Configuring the Switch 3-104 3 CLI – The followi ng exam ple displ ays the LACP configu ration sett ings and operat ional state for th e remote side of port ch annel 1. Setting Broadcast Storm Threshol ds Broadca st storms may occu r when a de vice on yo ur networ k is malfunc tioning, or if applicat ion progra ms are no t well designe d or prope[...]

  • Page 157

    Port Configurati on 3-105 3 We b – Click Po rt, Port Broad cast Cont rol or Tr unk Broa dcast C ontrol. Chec k the Enabled box f or any interfac e, set the thresh old, and click Apply . Figure 3- 61 Po rt B roadcast Con trol CLI – S pecify any i nterface , and then enter the th reshold. The followi ng disab les broadca st storm control for po r[...]

  • Page 158

    Configuring the Switch 3-106 3 Configuring Port Mirroring Y o u can mirr or traffic from any s ource port to a target port for re al-time an alysis. Y ou c an then attach a logic an alyzer o r RMON pr obe to th e target port and s tudy the traffic crossing the source port in a comple tely unob trusive mann er . Command Usage • Monitor port speed [...]

  • Page 159

    Port Configurati on 3-107 3 Configuring Rat e Limits This funct ion allows the netwo rk manag er to control the maximum rate for traffic transmi tted or recei ved on an in terface. Rate limiti ng is config ured on inte rfaces at the edge o f a networ k to limit traffic into or ou t of the switch . Tr affic that fa lls within the rate lim it is tran[...]

  • Page 160

    Configuring the Switch 3-108 3 Showing Port Statistics Y o u can disp lay standard statistics on ne twork traffic fro m the Inte rfaces Grou p and Ethernet- like MIBs, as well as a detailed b reakdown of traffic based on the RMON MIB. Inter faces an d Etherne t-like statistics d isplay err ors on the tr affic passing throug h each port. This inform[...]

  • Page 161

    Port Configurati on 3-109 3 Transmit Discard ed Packets Th e numbe r of outbound pack ets w hich were cho sen to b e dis carded e ven though no errors had been detec ted to prevent th eir bein g transmit ted. One poss ible rea son for di scardin g such a packet could b e to free up buffer spa ce. Transmit Erro rs The numb er of outb ound pack ets t[...]

  • Page 162

    Configuring the Switch 3-110 3 Received Frame s The total number of frames (bad, bro adcast and m ulticast) re ceived . Broadcas t Frame s The to tal num ber of go od fram es receive d that were direc ted to the broadcas t addre ss. Note th at this does not include multic ast packe ts. Multicast Frames The total numbe r of go od frames receive d th[...]

  • Page 163

    Port Configurati on 3-111 3 We b – Click Po rt, Port St atistics. Sele ct the requ ired interfac e, and click Q uery . Y ou can also use the Refres h button at the bott om of the page to update the sc reen. Figure 3 -64 P ort Statist ics[...]

  • Page 164

    Configuring the Switch 3-112 3 CLI – Th is e xampl e show s st at isti cs f or po rt 12 . Address Table Settings Switche s store the add resses fo r all known devi ces. This i nformatio n is used to pass traffic directly between the i nbound and outbo und ports. All the ad dresses learned by monito ring traffic are stor ed in the dynam ic addres [...]

  • Page 165

    Address T able Settings 3-113 3 We b – Clic k Address T able, St atic Addres ses. Specify the interf ace, the MA C addr ess and V LAN, t hen clic k Add S tatic Addr ess . Figure 3 -65 S tatic A ddresses CLI – This exam ple add s an addres s to the static add ress table, but sets it to be deleted when t he switch is re set. Displaying the Addres[...]

  • Page 166

    Configuring the Switch 3-114 3 We b – C lick Addr ess T abl e, Dynam ic Add resses. Specify the s earch type (i.e., mark the Inte rfac e, M AC Add res s, or VLAN chec kbox) , s elec t th e meth od of sort in g th e displaye d addre sses, an d then click Q uery . Figure 3-6 6 Dy namic Addresse s CLI – This exam ple also dis plays th e address ta[...]

  • Page 167

    Spanning Tree Algorithm Configurati on 3-115 3 Changing the Aging Time Y o u can set the a ging time for entries i n the dyna mic add ress table. Command Attributes • Aging Status – Enab les/disa bles the aging fu nction. • Aging Time – The time afte r which a learned entry is di scarded . (Range: 10-1000000 seconds; Default: 300 sec onds) [...]

  • Page 168

    Configuring the Switch 3-116 3 Once a stable network top ology has been esta blished, all br idges lis ten for Hello BPDUs (Bri dge Protoco l Data Units) transmitt ed from the R oot Bridge. If a bri dge does not g et a Hello BPD U after a predefi ned interv al (Maxim um Age), t he bridge assumes that t he link to the Root Bridge is down. This bridg[...]

  • Page 169

    Spanning Tree Algorithm Configurati on 3-117 3 new root po rt is select ed from am ong the de vice por ts attache d to the netwo rk. (Refer ences to “por ts” in this se ction mea n “interface s,” wh ich includes both po rts and trun ks.) • Hello Time – Interval (in seco nds) at w hich the ro ot device t ransmits a configur ation mes sag[...]

  • Page 170

    Configuring the Switch 3-118 3 • Root Forward Delay – The maximum time (in seconds ) this device will wait bef ore changin g states (i. e., discardi ng to learn ing to forwa rding). Thi s delay is requi red because e very de vice must receive in formatio n about to pology ch anges be fore it starts to forward frames. In addition, each port need[...]

  • Page 171

    Spanning Tree Algorithm Configurati on 3-119 3 Note: The current root por t and current root cost display as zero when th is device is not connected to the network. Configuring Globa l Settings Global s ettings ap ply to the en tire switch. Command Usage • Spannin g Tree Protoc ol 12 Uses RSTP for the inter nal state mac hine, but sends only 802 [...]

  • Page 172

    Configuring the Switch 3-120 3 • Multiple S panni ng Tre e Protoco l - To a llow mul tiple spanni ng trees t o operat e over the ne twork, y ou must configur e a related se t of bridges w ith the same MSTP co nfigurati on, allowing them to participat e in a spec ific set of sp anning tre e instan ces. - A span ning tree i nst ance ca n exis t onl[...]

  • Page 173

    Spanning Tree Algorithm Configurati on 3-121 3 • Forward Delay – The maximum time (in s econds) this d evice will wai t before changin g states (i. e., discardi ng to learn ing to forwa rding). Thi s delay is requi red because every de vice must receive in formatio n about to pology ch anges b efore it starts t o forward frame s. In addit ion, [...]

  • Page 174

    Configuring the Switch 3-122 3 We b – Click Spanning T ree, ST A, Configura tion. Modify the required attributes , and click Apply . Figure 3- 69 STA Global Con figura tion[...]

  • Page 175

    Spanning Tree Algorithm Configurati on 3-123 3 CLI – Th is ex ampl e en able s S panni ng T ree Prot ocol , se ts the m ode t o MST , and then configu res the ST A an d MSTP parameters. Displaying Int erface Settings The S T A Por t Informat ion a nd ST A Trunk Informa tion pages displ ay the c urrent status of ports and tru nks in the Spanning T[...]

  • Page 176

    Configuring the Switch 3-124 3 • Oper Path Cost – The contribu tion of this port to the pa th cost of pa ths towards the spann ing tree ro ot which include this p ort. • Oper Link Type – Th e operatio nal point -to-point sta tus of the LAN se gment atta che d to t his i nter fac e. Thi s par amet er is det ermin ed by manual conf igur at io[...]

  • Page 177

    Spanning Tree Algorithm Configurati on 3-125 3 • Intern al p ath cos t – The path c ost for the MST. See the pr ecedin g item. • Priority – Def ines the pr iority us ed for thi s port in t he Span ning Tree A lgori thm. If the path cost for all po rts on a swit ch is the sam e, the po rt with the hig hest pr iority (i.e., lowest value) will[...]

  • Page 178

    Configuring the Switch 3-126 3 CLI – This examp le show s the ST A attributes for por t 5. Configuring I nterface Settings Y o u can conf igure RSTP and MSTP attribu tes for spec ific interface s, including port priority , path cost, link typ e, and edge port. Y ou may use a different pr iority or path cost for por ts of the same media typ e to i[...]

  • Page 179

    Spanning Tree Algorithm Configurati on 3-127 3 The follow ing interfa ce attribut es can be configure d: • Spanning Tree – Enables/dis ables STA on this interface. (Default: Ena bled) • Priority – Defines th e priority us ed for this por t in the Spanning Tre e Protocol. If the path cost for all ports on a switch are the sa me, the por t wi[...]

  • Page 180

    Configuring the Switch 3-128 3 • Migratio n – If at any time the switch det ects STP BPDU s, includ ing Config uration or Topol ogy Change N otificat ion BPDU s, it will autom atically se t the selecte d interface t o forced S TP-comp atible m ode. Ho wever, y ou can al so use th e Protocol Migratio n button to man ually re-che ck the app ropri[...]

  • Page 181

    Spanning Tree Algorithm Configurati on 3-129 3 T o use mul tiple spann ing trees: 1. Set the spanning tree type to MSTP (ST A Configuratio n, page 3-1 19) . 2. Enter the spanning tree prior ity for the sele cted MST instance (MSTP VL AN Config uration). 3. Add the VLANs that will share this MSTI (MSTP VLAN Configuration). Note: All VLANs are automa[...]

  • Page 182

    Configuring the Switch 3-130 3 We b – Click Spanning T ree, MS TP , VLA N Configu ration. Se lect an instance identifier fro m the list, set the instance priority , and cl ick Apply . T o add the VL AN memb ers to an M STI instan ce, enter the in stance identi fier , the VLA N identifi er , and click Add. Figure 3 -72 M STP VLA N Conf igurati on [...]

  • Page 183

    Spanning Tree Algorithm Configurati on 3-131 3 CLI – Th is ex ampl e se ts the pr io rity for MSTI 1 , an d ad ds VL ANs 1 -5 t o th is MST I. ----------------------------------------------------- ---------- Eth 1/ 7 information ----------------------------------------------------- ---------- Admin status: enabled Role: master State: forwarding E[...]

  • Page 184

    Configuring the Switch 3-132 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk Inf ormation pages display th e current status of por ts and trunks in th e selected M ST instance. Field Attributes MST Instan ce ID – Inst ance ide ntifier to conf igure. (R ange: 0-4 094; Def ault: 0) The other attributes are des[...]

  • Page 185

    Spanning Tree Algorithm Configurati on 3-133 3 Configuring I nterface Settings for MSTP Y o u can conf igure the ST A i nterface settings for an M ST Instanc e using the MS TP Port Confi guration and MSTP T runk Con figuratio n pages. Field Attributes The follow ing attribu tes are read- only and cannot be changed: • STA State – Disp lays curre[...]

  • Page 186

    Configuring the Switch 3-134 3 • Admin MST Path Cost – This parameter is used by the MST P to determine the best path betwee n devi ces. Theref ore, lower value s shou ld be ass igne d to port s attached t o faster m edia, and hi gher value s assigne d to ports w ith slower media. (Path co st takes pre cedence ov er port priority.) Not e that w[...]

  • Page 187

    VLAN Configurati on 3-135 3 VLAN Configuration IEEE 802.1Q VLANs In large netw orks, routers ar e used to isolat e broadc ast traffic for eac h subnet into separate doma ins. This swi tch provides a simi lar service at Laye r 2 by using VLANs to organ ize any group of networ k nodes in to separate broad cast domains. VLANs confine br oadca st traff[...]

  • Page 188

    Configuring the Switch 3-136 3 Note: VLAN-tagged frames c an pass throug h VLAN-awa re or VLAN-unaw are network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support VLAN t agging. VLAN Classification – When the switch rece ives a fr ame, it clas sifies the f rame in on[...]

  • Page 189

    VLAN Configurati on 3-137 3 these hos ts, and core swi tches in th e network , enable G VRP on the links betwe en these dev ices. Y ou sho uld also determine se curity bou ndarie s in the netw ork and disable G VRP on th e boundar y ports to prev ent advertis ements from being propagate d, or forbid thos e ports from joining rest ricted VLA Ns. Not[...]

  • Page 190

    Configuring the Switch 3-138 3 Enabling or Di sabling GVRP (Gl obal Settin g) GARP VLAN Registra tion Protoco l (GVRP) defi nes a way for swi tches to exc hange VLAN infor mat ion i n order to reg ist er VLAN member s on por ts acros s the ne twor k. VLANs ar e dynamic ally con figured ba sed on join m essages issued by host devi ces and pro pagate[...]

  • Page 191

    VLAN Configurati on 3-139 3 CLI – Enter the fo llowing co mman d. Displaying Current VLANs The VLAN Cu rrent T a ble shows the current por t membe rs of each VLAN and whether or not the port su pports VLAN tagging. Ports assigned t o a large VLAN group th at crosses s everal sw itches shou ld use VLAN tagging. How ever , if you just want to crea [...]

  • Page 192

    Configuring the Switch 3-140 3 Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4093 , no leading zer oes). • Type – Show s how this VLAN was added to the switc h. - Dynamic : Automa tically le arned v ia G VRP. - Static : Added as a s tatic e ntry. • Name – Name of t he VLAN (1 to 32 characters). • Status – Show s if th[...]

  • Page 193

    VLAN Configurati on 3-141 3 We b – Click VL AN, 802.1Q VLAN, St atic List. T o cre ate a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k A dd. Figure 3 -78 V LAN St atic List - Creati ng VLANs CLI – Th is ex ampl e cr eate s a ne w VLAN . Adding Static Members to VLANs (VLAN In dex) Use[...]

  • Page 194

    Configuring the Switch 3-142 3 Command Attributes • VLAN – ID of config ured VLAN (1-4093). • Name – Name of t he VLAN (1 to 32 characters). • Status – Enabl es or disab les the specif ied VLAN. - Enable : VLAN is oper ational. - Disable : VLAN is sus pended; i.e., does not pa ss pack ets. • Port – Port i dentifier. • Trunk – Tr[...]

  • Page 195

    VLAN Configurati on 3-143 3 CLI – The followin g exam ple adds tagged and untagged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Membership by Port menu t o assign VLAN groups to the selected interface as a tagged me mber . Command Attributes • Inte rfac e – Port or trunk id entifier. • Member – V LANs[...]

  • Page 196

    Configuring the Switch 3-144 3 Configuring VLAN Be havior for Interfac es Y ou can co nfi gure VL AN beh avio r for speci fic inte rfac es, i ncl udin g the de faul t VLA N identifier ( PVID), acce pted fram e types, in gress filte ring, GVR P status, and GA RP time rs . Command Usage • GVRP – GA RP VLAN Registrat ion Protocol defines a w ay fo[...]

  • Page 197

    VLAN Configurati on 3-145 3 Leave or Leave All mess age ha s been i ssued, the appli cants ca n rejoin b efore the port actua lly leave s the group. (Range: 60 -3000 cen tiseco nds; Defaul t: 60) • GARP LeaveAll Timer 16 – The interval betwe en sendin g out a Leav eAll query messag e for VLAN gro up participa nts and the port leav ing the group[...]

  • Page 198

    Configuring the Switch 3-146 3 CLI – Th is examp le sets por t 3 to accept only tagge d frames , assi gns PV ID 3 as the nati ve VL AN ID , ena bl es G V RP , se ts t he GA RP t im ers , a nd t hen se ts th e swi tchp or t mode to hybri d. Configuring Pri vate VLANs Private VLA Ns prov ide port-bas ed secu rity and isolat ion betw een ports withi[...]

  • Page 199

    VLAN Configurati on 3-147 3 Configuring Upli nk and Downl ink Ports Use the P riva te V LAN Li nk S t atus pag e to set port s as down lin k or u pli nk po rt s. Ports design ated as d ownlin k ports can no t comm unicate w ith any other po rts on the swi tch ex cept f or th e upli nk por ts . Upli nk po rts can com munic ate with an y other port s[...]

  • Page 200

    Configuring the Switch 3-148 3 Command Usage T o c onfigure protocol- based VLANs , follow these steps: 1. First con figure VLAN groups for the prot ocols you w ant to use (pag e 3-140). Although not m andat ory , we sug gest c onfiguring a separ ate VLA N for each major pr otocol run ning on yo ur networ k. Do not ad d port mem bers at this t ime.[...]

  • Page 201

    VLAN Configurati on 3-149 3 Mapping Protocols to VLANs Map a protocol group to a VLAN for e ach interface that will p articip ate in the gr oup. Command Usage • When c reating a p rotocol-bas ed V LAN, onl y ass ign inte rfaces u sing thi s configur ation scr een. If yo u assign interfaces using a ny of the other V LAN menus such as th e VLAN Sta[...]

  • Page 202

    Configuring the Switch 3-150 3 CLI – The following maps the traffic entering Port 1 which mat ches t he protoco l type specified i n protocol group 1 to VLAN 3. Class of Service Config uration Class of Service (CoS) allows you to specif y which data packets have great er precede nce when traffic is buffered in the s witch due to congestion . This[...]

  • Page 203

    Class of Servi ce Configurati on 3-151 3 We b – Click Priority , De fault Port Pri ority or Default T runk Priority . Modify the default priority for any inte rface, then clic k Apply . Figure 3-8 6 De fault Port Priorit y CLI – Th is ex ampl e as signs a de faul t pri ori ty o f 5 t o por t 3. Console(config)#interface ethernet 1/3 4-143 Conso[...]

  • Page 204

    Configuring the Switch 3-152 3 Mapping CoS Values to Egress Queues This switc h process es Class of Ser vice (Co S) priority tagged traffic by using ei ght priority qu eues for each port , with servic e sched ules base d on strict o r Weighted Round Ro bin (WRR ). Up to eight separate traffic priorit ies are define d in IEEE 802.1p. The defau lt pr[...]

  • Page 205

    Class of Servi ce Configurati on 3-153 3 We b – Click Priority , T raffic Classes. Assign priorities to the traff ic classes (i .e., output que ues), then c lick Apply . Figure 3- 87 Traffic Clas ses CLI – Th e fo llow ing e xamp le s hows ho w to chan ge t he Co S assi gnme nt s to a one-to -one mappi ng. * Mapping specif ic values for Co S pr[...]

  • Page 206

    Configuring the Switch 3-154 3 Selecting th e Queue M ode Y o u can set the s witch to service the queues bas ed on a st rict rule that requires al l traffic in a higher pr iority queue to be proce ssed b efore lower priority que ues are serviced, or use Weight ed Round -Robin (W RR) qu euing that specifies a re lative weight o f each queu e. WRR u[...]

  • Page 207

    Class of Servi ce Configurati on 3-155 3 We b – Click Pr iority , Q ueue Sched uling. Selec t the inte rface, highli ght a traffic class (i.e., output queue), ent er a weigh t, then click App ly . Figure 3- 89 Q ueue S cheduling CLI – The followi ng exam ple shows how to ass ign WRR w eights to eac h of the priority qu eues. Console(config)#que[...]

  • Page 208

    Configuring the Switch 3-156 3 Layer 3/4 Priori ty Settings Mapping Layer 3/4 Pr iorities to CoS Va lues This swi tch suppo rts several com mon me thods of prioritizin g layer 3/4 traffic to meet applicat ion requirem ents. Traff ic prior ities can be specifi ed in the IP hea der of a frame, u sing the prior ity bits in the T ype of Ser vice (T o S[...]

  • Page 209

    Class of Servi ce Configurati on 3-157 3 Mapping IP Preceden ce The T ype of Servi ce (T oS) oct et in t he IPv4 header incl udes t hree pr eced ence bi t s defining eight different priority leve ls ranging from high est priority for netwo rk control pac ket s to lo west pri orit y fo r ro uti ne tr af fic . Th e def aul t IP Prec edenc e val ues a[...]

  • Page 210

    Configuring the Switch 3-158 3 CLI – The followi ng exam ple globally enables IP Pr eceden ce service on the switch , maps IP Prec edence va lue 1 to CoS v alue 0 (on por t 1), and the n displays the IP Pre ceden ce set ting s. * Mapping specif ic values for IP Precedence is implement ed as an interface conf iguration command, but any changes wil[...]

  • Page 211

    Class of Servi ce Configurati on 3-159 3 We b – Clic k Prio rity, IP DS CP Pr iori ty . Sel ect an en try from the DS C P tab le, ent er a value in th e Class of Serv ice V alu e field, then click Apply . Figure 3 -92 I P DSCP P riority CLI – The followi ng exam ple globall y enables DSCP Priorit y service on the switch, maps DSC P value 0 to C[...]

  • Page 212

    Configuring the Switch 3-160 3 Mapping IP Port Priority Y o u can also map netwo rk applic ations to Cl ass of Ser vice value s based on th e IP port numb er (i.e., TCP/UD P port num ber) in the fram e header. Some of the more common TC P service ports include: HT TP: 80, FTP: 21 , T e lnet: 23 an d POP3: 1 1 0. Command Attributes • IP P ort Pr i[...]

  • Page 213

    Quality of Service 3-161 3 CLI – The followin g exam ple globally ena bles IP Po rt Priority se rvice on the sw itch, maps HTTP traf fic (on port 1) to CoS value 0, and then displays th e IP Port Priorit y settings . * Mapping specif ic values for IP Port Priority i s implemented as an i nterface configuration command, but any changes will appl y[...]

  • Page 214

    Configuring the Switch 3-162 3 Configuring Quality of Service Par ameters T o creat e a se rvice poli cy for a specifi c categ ory or ing ress traffic , follow these steps: 1. Use the “C lass Ma p” to design ate a clas s name for a specific ca tegory of traffic. 2. Edit the rules fo r each cl ass to s pecify a type of tr affic based on an acc e[...]

  • Page 215

    Quality of Service 3-163 3 Command Attributes Class Map • Modify Name and Des cription – Con figu res th e name an d a brie f desc ript ion of a class map . (Ran ge: 1-32 char acters for the name; 1-256 char acters fo r the descri ption) • Edit Rules – Opens the “Match C lass Se ttings” page for the sel ected clas s entry. Modi fy th e [...]

  • Page 216

    Configuring the Switch 3-164 3 We b – C lick QoS , DiffServ , th en click Ad d Class to c reate a new clas s, or Edit Rules to change the rules of an existin g class. Figure 3 -95 C onfigu ring Class Maps CLI - This exampl e create s a class map c all “rd-cla ss,” and sets it to m atch packets marked for DSCP service value 3. Console(config)#[...]

  • Page 217

    Quality of Service 3-165 3 Creating QoS Policies This funct ion create s a policy m ap that can be attached to multiple inter faces. Command Usage • To configur e a Policy M ap, follow th ese steps : - Cre ate a Class M ap as de scribed on pa ge 3-162. - Ope n the Policy Map page, an d click Add Pol icy. - When the Policy Configuration page o pen[...]

  • Page 218

    Configuring the Switch 3-166 3 Policy Rule Settings - Class Setting s - • Class N ame – Nam e of class ma p. • Action – Show s the service provi ded to ing ress traffic by setting a CoS, DSCP , or IP Prece dence val ue in a mat ching pack et (as spec ified in M atch Cla ss Setting s on page 3-162) . • Meter – The maxim um throug hput an[...]

  • Page 219

    Quality of Service 3-167 3 We b – Click QoS, Dif fServ , Policy Map t o display the li st of existing p olicy maps. T o add a new policy ma p click Add Po licy . T o configur e the policy ru le settings click Edit Classes. Figure 3-96 Con figurin g Poli cy Maps[...]

  • Page 220

    Configuring the Switch 3-168 3 CLI – This exam ple c reates a poli cy ma p called “rd-p olicy ,” sets the averag e bandwidth the 1 Mbps, the bur st rate to 15 22 bps, and the re sponse to reduce th e DSCP value for viol ating packets to 0. Attaching a Policy Map to Ingress Qu eues This funct ion binds a po licy map to the ingre ss queue of a [...]

  • Page 221

    Mult ica st Fi lteri ng 3-169 3 Multicast Filtering Multicast ing is used to s upport r eal-time applicat ions suc h as videoc onferenci ng or streaming audio. A multicas t server do es not ha ve to establish a se parate conn ection with each client. It merely bro adcasts it s servic e to the network , and any ho sts that wan t to receive th e mult[...]

  • Page 222

    Configuring the Switch 3-170 3 Based on t he group m ember ship inform ation lear ned from I GMP , a router /switch ca n determi ne which ( if any) mu lticast traffic needs to be forw arded to e ach of its ports. At Layer 3, mul ticast route rs use this inf ormation, along with a multicast routing protocol such as DV MRP or PIM, to support IP multi[...]

  • Page 223

    Mult ica st Fi lteri ng 3-171 3 Configuring IG MP Snooping and Query Parame ters Y o u can conf igure the sw itch to forw ard mult icast traffic intel ligently . Based on the IGMP quer y and repo rt me ssa ges, t he sw itch for wards traf fic on ly t o the por ts that request multicast traffic. This preve nts the switch from broa dcasting t he traf[...]

  • Page 224

    Configuring the Switch 3-172 3 We b – Click IGMP Snooping, IGMP Co nfiguration. Adjust the IGMP settings as required , and then click Apply . (The default set tings are shown be low .) Figure 3 -98 I GMP Conf igurati on CLI – Th is examp le mo difies the settin gs for m ulticas t filterin g, and then disp lays t he current status . Console(conf[...]

  • Page 225

    Mult ica st Fi lteri ng 3-173 3 Displaying Interfaces Attac hed to a Mu lticast Router Multicast routers t hat are attached to ports on the sw itch use inf ormati on obtained fro m IGM P , alon g wi th a mult ica st ro uti ng pr otoc ol s uch as DV MRP or PIM, to supp ort IP m ulti casti ng acros s th e Int ern et. T hese rout ers ma y be dyna mica[...]

  • Page 226

    Configuring the Switch 3-174 3 Specifying Static Inter faces for a M ulticast Route r Depend ing on you r networ k connect ions, IGM P sno oping m ay not alw ays be abl e to locate the IGMP quer ier . Therefore, if th e IGMP que rier is a know n multicas t router/ swi tch c onnec ted over t he net wor k to an i nte rfac e (po rt or trun k) on your [...]

  • Page 227

    Mult ica st Fi lteri ng 3-175 3 Displaying Port Members o f Multicast Se rvices Y o u can disp lay the port m ember s associa ted with a spe cified VLA N and mu lticast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN fo r which to displ ay port me mbers. • Multicast IP Address – The IP address for a specific multicast servic e. ?[...]

  • Page 228

    Configuring the Switch 3-176 3 Assigning Po rts to Multica st Services Multicast filtering ca n be dynam ically conf igured usi ng IGMP Sn ooping an d IGMP Query me ssages as describ ed in “C onfiguring IGMP Snoop ing and Q uery Parame ters” on page 3 -171. For ce rtain applica tions that r equire tight er cont rol, you may ne ed to st aticall [...]

  • Page 229

    Mult ica st Fi lteri ng 3-177 3 Layer 3 IGMP (Query used wit h Multicast Routing) IGMP Snoo ping – IGM P Snoo ping is a Laye r 2 function (page 3-1 71) that ca n be used to prov ide mult icast filter ing when no other switc hes in the net work supp ort multicast routing. (N ote that IGM P Snoo ping can onl y be globally en abled. ) IGMP Q uery ?[...]

  • Page 230

    Configuring the Switch 3-178 3 • Last Memb er Quer y In ter val – A mult icast cl ient sen ds an I GMP lea ve mes sage when it l eave s a group . Th e rout er t hen c hec ks to s ee if t his was th e la st ho st i n the grou p by sending an IGMP query and s tarting a tim er based on this comm and. If no r eport s ar e recei ved bef ore t he tim[...]

  • Page 231

    Mult ica st Fi lteri ng 3-179 3 We b – Click IP , IGMP , Interface Setti ngs. S pe cify each interface tha t will support IGMP ( Layer 3), s pecify the IGM P param eters f or eac h interf ace, then c lick App ly . Figure 3- 103 I GMP In terface S ettings CLI – Th is ex ampl e co nfig ures the I GMP p aram ete rs f or VLA N 1. Console(config)#in[...]

  • Page 232

    Configuring the Switch 3-180 3 Displaying Multicast G roup Informatio n When I GMP (La yer 3) is enab led on this switc h the cu rrent m ulticast g roups lea rned via IGMP can be displaye d in the IP/IG MP/Gr oup Informa tion page. Wh en IGMP (Layer 3 ) is disabled a nd IGMP (L ayer 2) is ena bled, you ca n view the active multicast groups in the I[...]

  • Page 233

    Configuring Doma in Name Service 3-181 3 Configuring Domain Name Service The Domain Naming System ( DNS) service on thi s switch allows host n ames to be mapped to IP addre sses using s tatic table entrie s or by redire ction to othe r name server s on the net work. Wh en a client device de signates t his switch as a DNS server , the client will at[...]

  • Page 234

    Configuring the Switch 3-182 3 We b – Select DN S, General C onfigura tion. Set th e default dom ain name or list of domain nam es, spe cify on e or more nam e server s to use to use for addre ss resolution , enab le domain lookup status , and click A pply . Figure 3- 105 D NS Ge neral Con figura tion CLI - Th is exa mple se ts a de faul t dom ai[...]

  • Page 235

    Configuring Doma in Name Service 3-183 3 Configuring Sta tic DNS Host to Address Entries Y o u can man ually conf igure static en tries in the DN S table that are used to map domain names to IP addresse s. Command Usage • Static ent ries may be used for loc al devices connec ted directl y to the attach ed network , or for com monly use d resourc [...]

  • Page 236

    Configuring the Switch 3-184 3 We b – Select DN S, S tatic Host T able. Enter a host name and on e or more corres ponding addres ses, the n cli ck Apply . Figu re 3 -106 DN S Stat ic Ho st T able CLI - Th is ex ample map s t wo ad dress to a host nam e, and the n conf ig ures a n al ias host nam e for the sam e add resse s. Console(config)#ip hos[...]

  • Page 237

    Configuring Doma in Name Service 3-185 3 Displaying the DNS Cache Y o u can disp lay entries in the DNS cache tha t have been learned via the designa ted name se rvers. Field Attributes • No – The entry nu mber fo r each resour ce recor d. • Flag – Th e flag is alway s “4” indicat ing a cach e entry and therefore unr eliable . • Type [...]

  • Page 238

    Configuring the Switch 3-186 3 CLI - This examp le displays all the reso urce reco rds learne d from the designat ed name ser vers. Dynamic Host Configurati on Protocol Dynami c Host Conf iguration Pr otocol (DHC P) can dy namicall y allocate an IP a ddress a nd ot her confi guration informa tion to n etwork c lients when t hey boo t up. If a subne[...]

  • Page 239

    Dynamic Ho st Configura tion Protocol 3-187 3 Command Usage Y ou must specify th e IP address for at least one DHCP server . Otherwise, the switch’ s DHCP relay agent wi ll not forwar d client request s to a DHCP server . Command Attributes • VLAN ID – ID of confi gured VLAN . • VLAN Name – Name of th e VLAN . • Server IP Address – Ad[...]

  • Page 240

    Configuring the Switch 3-188 3 Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol ( DHCP) server that can assign temp orary IP addres ses to any attache d host reques ting service. It can also provide ot her netwo rk settings such as the d omain na me, defau lt gatew ay , Doma in Name Servers (DNS), Wind ows Inte[...]

  • Page 241

    Dynamic Ho st Configura tion Protocol 3-189 3 We b – Click DHCP , Server , General. Enter a single address or an address range, and click Ad d. Figure 3-1 09 DH CP Serve r Gen eral Confi guratio n CLI – This examp le enabl es the DH CP and sets an exc luded add ress ran ge. Console(config)#service dhcp 4-125 Console(config)#ip dhcp excluded-add[...]

  • Page 242

    Configuring the Switch 3-190 3 Configuring Addre ss Pools Y o u must conf igure IP ad dress poo ls for each I P interface t hat will provid e address es to attached clients via the DHC P serve r . Command Usage • First conf igure addr ess pool s for the net work inter faces. Then you can m anually bind an ad dress to a specific clien t if require[...]

  • Page 243

    Dynamic Ho st Configura tion Protocol 3-191 3 • Client-Identifier – A unique desi gnation f or the client dev ice, eit her a text string (1-15 ch aracters) or hexade cimal val ue. Setting the Optional Parameter s • Default R outer – The IP ad dress o f the primar y and alternat e gat eway router. The IP addres s of the ro uter shoul d be on[...]

  • Page 244

    Configuring the Switch 3-192 3 Configurin g a Networ k Address Pool We b – Click DHCP , Server , Pool Configuration. Cli ck the Configure but ton for any entry . Click the r adio butt on for “Net work.” E nter the I P address and sub net mask f or the netwo rk pool. Con figure th e optional parameters such as gat eway serve r and DNS server .[...]

  • Page 245

    Dynamic Ho st Configura tion Protocol 3-193 3 Configurin g a Host Ad dress Pool We b – Click DHCP , Server , Pool Configuration. Cli ck the Configure but ton for any entry . Click the radio but ton for “Host.” Enter the IP a ddress, subnet mask , and hardwar e address for the client device. C onfigur e the option al paramete rs such as gatewa[...]

  • Page 246

    Configuring the Switch 3-194 3 Displaying Addres s Bindings Y o u can disp lay the host devices which have acquire d an IP addr ess from th is switch’ s DHCP server . Command Attributes • IP A dd res s – IP a ddress as signed to hos t. • Mac Add res s – MAC addr ess of host. • Leas e tim e – Durati on that this IP address ca n be used[...]

  • Page 247

    Configuring Rout er Redundan cy 3-195 3 Configuring Router Redund ancy Router r edundanc y protoc ols use a virtu al IP addr ess to sup port a primar y route r and multipl e backup rou ters. The bac kup route rs can be config ured to take over the work load if the m aster rout er fails , or can also be co nfig ured to s hare t he tr af fi c loa d. [...]

  • Page 248

    Configuring the Switch 3-196 3 • Se vera l vir tual master rout ers conf ig ured f or mutua l back up and l oad sha ri ng. Load sharin g can be a ccompl ished by assign ing a sub set of addr esses t o different host address pools using the DHCP server. (See “Configuring Ad dress Pools” on page 3-19 0.) Virtual Router Redundancy Protocol Virtu[...]

  • Page 249

    Configuring Rout er Redundan cy 3-197 3 • VRRP creates a virt ual MAC ad dress fo r the mast er router ba sed on a stan dard prefix, wit h the last octe t equal to the gr oup ID . When a ba ckup router takes ove r as the maste r, it cont inues to forwar d tra ffic add ressed to this virtual MAC address . Howeve r, the backu p router cannot re ply[...]

  • Page 250

    Configuring the Switch 3-198 3 Command Attributes ( VRRP Group C onfiguration Detail ) • Associat ed IP Table – IP interfaces as sociat ed with this vi rtual rou ter group. • Associat ed IP – IP addre ss of the virt ual router, o r seconda ry IP addr esses assigne d to the current VLAN interf ace that are supporte d by this VRRP group. If t[...]

  • Page 251

    Configuring Rout er Redundan cy 3-199 3 We b – Click I P , VRR P , Grou p Configu ration. Select the VLAN ID, en ter the VRID group num ber , and click Add. Figure 3 -1 14 V RRP Gro up Con figuration[...]

  • Page 252

    Configuring the Switch 3-200 3 Click the Ed it button for a gr oup entry to open the de tailed configur ation windo w . Enter the IP address o f a real interfa ce on this rou ter to mak e it the maste r virtual router fo r the group. Otherwis e, enter the vi rtual add ress for an ex isting gr oup to make it a b ackup router . Click Add IP t o enter[...]

  • Page 253

    Configuring Rout er Redundan cy 3-201 3 CLI – This example creates VR RP group 1, set s this switch as t he master virtual router by assigning the primary i nterface address for the selected VLAN to the virtual IP address. It then adds a secondary IP address to t he VRRP group, set s all of the other VRRP p arameters, and then displays the config[...]

  • Page 254

    Configuring the Switch 3-202 3 CLI – This example displays count ers for protocol er rors for all the VRRP groups configured on this switch. Displaying VRRP Group Statisti cs The VRRP Group St atistics page display s counte rs for VRRP pr otocol eve nts and errors t hat h ave occ urred on a s pecific VRRP i nterfac e. Field Attributes • VLA N I[...]

  • Page 255

    Configuring Rout er Redundan cy 3-203 3 We b – Click I P , VRR P , Gr oup S tatistics. Select the VLAN and v irtual router group. Figure 3-117 VRRP Grou p Stati stics CLI – This example displays VRRP protocol statistics for gr oup 1, VLAN 1. Console#show vrrp 1 interface vlan 1 coun ters 4-322 Total Number of Times Transitioned to MA STER : 6 T[...]

  • Page 256

    Configuring the Switch 3-204 3 IP Routing Overview This switc h supports IP ro uting and ro uting path mana geme nt via static routin g definitions (page 3-222) and dynam ic routing su ch as RIP (page 3 -224) or OS PF (page 3-234 ). When IP r outing is enab led (page 3-2 25), this swi tch acts as a wire-spee d router, passing tra ffic between VL AN[...]

  • Page 257

    IP Routing 3-205 3 IP Swit chin g IP Switchi ng (or pac ket forwar ding) e ncompasse s tasks requi red to forward packe ts for both Lay er 2 and Lay er 3, as wel l as tradition al routing. These func tions inclu de: • Lay er 2 for war ding ( swit chi ng) b ased on th e La yer 2 des tinat ion MAC ad dres s • Lay er 3 for war ding ( rout ing ): -[...]

  • Page 258

    Configuring the Switch 3-206 3 the high throug hput an d low latency of swi tching b y enab ling th e traffic to b ypass the routing en gine once the path calcu lation has been perfor med. Rout ing Pat h Manag eme nt Routing Path Mana gement involves the det erminatio n and upda ting of all the rou ting inform ation requ ired for packet for warding[...]

  • Page 259

    IP Routing 3-207 3 Basic IP Interf ace Configuration T o a llow rou ting between different I P su bnets, you must enabl e IP Ro uting as described in this sect ion. Y ou also nee d to yo u define a VLAN for each IP subnet that will b e connected dir ectly to this switch. Note that you must first create a VLAN as describ ed unde r “Crea ting VLAN [...]

  • Page 260

    Configuring the Switch 3-208 3 Configuring I P Routing Interfaces Y o u can speci fy the IP sub nets connec ted to this router by m anually as signin g an IP addr ess to e ach V LAN, or b y usi ng t he RI P or OSPF dyna mic rout ing prot oco l to identify ro utes that lead to other in terfaces by exchang ing protoc ol mess ages with other rout ers [...]

  • Page 261

    IP Routing 3-209 3 We b - Click IP , General, Routing Inte rface. S pecify an IP interf ace for each VLAN that will sup port rout ing to other sub nets. First spe cify a prima ry addres s, and cl ick Set IP Conf iguration . If you need t o assign secondar y address es, enter t hese address es one at a time , and click Set IP Config uration after en[...]

  • Page 262

    Configuring the Switch 3-210 3 Address Resolut ion Protocol If IP routin g is enabled (page 3-207), the router us es its routing table s to make routing de cisions, and use s Address Re solution Protoco l (ARP) to forward tra ffic from one hop to the next . ARP i s used t o map an IP addr ess to a physi cal layer (i. e., MAC) add ress. W hen an IP [...]

  • Page 263

    IP Routing 3-211 3 Basic ARP Config uration Y o u can use th e ARP Gener al configur ation men u to specif y the timeout for ARP cac he en tri es, or to enab le P roxy ARP f or speci fic VLAN inte rf aces. Command Usage • The aging time dete rmines ho w long dyna mic entr ies remai n the cach e. If the timeout i s too sho rt, the router may tie u[...]

  • Page 264

    Configuring the Switch 3-212 3 Configuring Sta tic ARP Addresses For devices that do not re spond to ARP requests, tr affic will be dropped because the IP addres s cann ot be mapped to a phys ical addre ss. If this oc curs, you ca n manuall y map an IP address t o the corres ponding physical ad dress in the ARP . Command Usage • You can def ine u[...]

  • Page 265

    IP Routing 3-213 3 Displaying Dyna mically Learned ARP Entries The ARP c ache cont ains ent rie s th at ma p IP a ddre sse s to t he co rres pondi ng physica l address. M ost of these en tries will be dynamically le arned through re plies to broadcast messa ges. Y ou can dis play all of the dy namic en tries in the AR P cache, change specifi c dyna[...]

  • Page 266

    Configuring the Switch 3-214 3 CLI - This exampl e shows all ent ries in the ARP c ache. Displaying Local ARP Entries The A RP cac he al so cont ains en tri es for loca l int erfa ces, incl udin g sub net, host , and broadca st add resse s. Command Attributes • IP A dd res s – IP a ddress of a local entry i n the cach e. • MAC Address – MAC[...]

  • Page 267

    IP Routing 3-215 3 CLI - This router uses the T ype speci fication “ other” to indica te local cac he entries in the ARP cach e. Disp la ying AR P S tat ist ics Y o u can disp lay statistics for ARP messag es cross ing all interf aces on this router . We b - Click IP , ARP , S tatistics. Figure 3- 124 A RP Sta tistics Console#show arp 4-247 Arp[...]

  • Page 268

    Configuring the Switch 3-216 3 CLI - This exampl e provid es detailed statisti cs on commo n IP-rel ated prot ocols. Displaying Stat istics for IP Protocols IP Statistics The Intern et Protocol (IP) provid es a mecha nism for trans mitting bl ocks of data (often call ed packets or fram es) f rom a source to a desti nation, where t hese n etwor k de[...]

  • Page 269

    IP Routing 3-217 3 Datagram s Forw arded The numb er of in put datag rams f or which th is entit y was not their fin al IP destinatio n, as a result of w hich a n attempt was m ade to find a rou te to forwar d them to that fin al destina tion. Reassem bly Require d The number of IP fragm ents rec eived which n eeded to be reassemb led at this entit[...]

  • Page 270

    Configuring the Switch 3-218 3 We b - Click IP , S tatisti cs, IP . Figure 3-1 25 IP Statistic s CLI - See the exam ple on page 3-215 . ICMP Statistic s Internet C ontrol Mess age Prot ocol (ICM P) is a networ k layer protoc ol that trans mits mess age p acket s to repor t e rrors in proces sing IP pac ket s. I CMP i s th eref ore an integral par t[...]

  • Page 271

    IP Routing 3-219 3 We b - Click IP , S tatisti cs, ICMP . Figure 3 -126 ICMP S tatistics CLI - See the exam ple on page 3-215 . Timestamps Th e number of ICMP Timestam p (reques t) mess ages r eceived/se nt. Timestamp Re plies The number of ICM P Timestam p Reply m essag es receive d/sent . Address M asks The numb er of I CMP Addr ess Ma sk Req ues[...]

  • Page 272

    Configuring the Switch 3-220 3 UDP Statistics User Datagr am Protoco l (UDP) pro vides a da tagram mode of packet-swit ched commu nic ation s. I t u ses IP as t he un derl ying tran spo rt me chani sm, prov idin g access to I P-like services. UDP packets are delivered ju st like IP p ackets – connect ion-less datagrams th at may be discarded befo[...]

  • Page 273

    IP Routing 3-221 3 TCP Statistics The Transmission C ontrol Prot ocol (TCP) provides hi ghly reliab le host-to- host connect ions in packet-s witche d netwo rks, a nd is used in c onjuncti on wit h IP to support a wide varie ty of Interne t protoc ols. We b - Click IP , S tatisti cs, TCP . Figure 3- 128 T CP Sta tistics CLI - See the exam ple on pa[...]

  • Page 274

    Configuring the Switch 3-222 3 Configuring Sta tic Routes Thi s ro uter can d ynam icall y co nfig ure rout es to oth er net wor k segm ent s us ing dynamic r outing pro tocols (i.e., R IP or OSPF) . However, you can also manua lly enter static ro utes in the routing table. St atic rout es may be required t o access network segme nts where dyn amic[...]

  • Page 275

    IP Routing 3-223 3 Displaying the Rout ing Table Y o u can di splay all the route s that can b e acce ssed v ia the lo cal networ k interf aces, via static routes , or via a dyna micall y learned ro ute. If rout e informatio n is availa ble throug h more than one of these m ethods, the priority f or route selec tion is lo cal, static, and t hen dyn[...]

  • Page 276

    Configuring the Switch 3-224 3 CLI - This exampl e shows rout es obtained f rom vario us method s. Configuring t he Routing Information Protocol The RIP pro tocol is the m ost widely use d routing pr otocol. The RIP protoc ol uses a distance-v ector-bas ed approa ch to rout ing. Route s are dete rmined on the basis of minimiz ing the dis tance vect[...]

  • Page 277

    IP Routing 3-225 3 routing loops may occur , and its small h op cou nt limitation of 15 r estricts its use to smaller net work s. Moreov er , RIP (version 1) wastes v aluable net work band width by pro pagating routing informat ion v ia bro adcasts; it also consid ers to o few network variables to make the best rout ing decision . Configuring G ene[...]

  • Page 278

    Configuring the Switch 3-226 3 We b - C lick Rout ing Protoc ol, RIP , General Se ttings. Enab le or disable R IP , set the RIP version used on pre viously uns et interfac es to RIPv1 or RIPv2, set the ba sic update time r, and then c lick Apply . Figure 3 -131 RIP G eneral Se ttings CLI - Th is ex ample se ts the r out er to use R IP V ers ion 2, [...]

  • Page 279

    IP Routing 3-227 3 Specifying Network I nterfaces for R IP Y ou must spe cif y netw ork inte rfac es t hat will be in clud ed i n th e RIP rout ing proc ess. Command Usage • RIP only s ends up dates to inter faces sp ecified b y this comma nd. • Subne t addresse s are inte rprete d as class A, B or C, ba sed on th e first fiel d in the specifie[...]

  • Page 280

    Configuring the Switch 3-228 3 Configuring Netw ork Interface s for RIP For each inte rface that participates in the RIP routi ng proces s, you mus t specify the protocol messag e type ac cepted (i .e., RIP v ersion) a nd the mes sage typ e sent ( i.e., RIP v ers ion or com pat ibi lit y mod e), t he me thod for preve nti ng l oopba ck of prot ocol[...]

  • Page 281

    IP Routing 3-229 3 Protocol Messa ge A uthentic ation RIPv1 is n ot a secure pr otocol. An y device se nding prot ocol mess ages fro m UDP port 5 20 will b e consi dered a route r by its neighb ors. Mal icious or unw anted protocol messag es can be eas ily propag ated thr oughout the netwo rk if no authen ticatio n is required . RIPv2 sup ports au [...]

  • Page 282

    Configuring the Switch 3-230 3 • Authen tication K ey – S pecifies the key to use for authe nticating RIPv2 packets. For auth entication to function pr operly, bo th the sendi ng and rec eiving in terface must use th e same pa sswor d. (Range : 1-16 cha racters, cas e sensit ive) We b - C lick Rout ing Protocol , RIP , Interface Set tings. Sele[...]

  • Page 283

    IP Routing 3-231 3 Displaying RIP Information a nd Statistics Y o u can disp lay basic i nformat ion about t he curren t global co nfiguratio n setting s for RIP , statistics abou t rou te cha nges an d que ries, i nformati on abou t the interf aces on thi s rout er th at are us ing R IP , and i nfor mati on abou t kno wn RIP pe er dev ices . T a b[...]

  • Page 284

    Configuring the Switch 3-232 3 We b - C lick Rout ing Protoc ol, RIP , S tatistics. Figure 3 -134 R IP Sta tistics[...]

  • Page 285

    IP Routing 3-233 3 CLI - The informa tion displa yed by the RI P S tatistics scree n via the we b interface can be acce ssed from the C LI using the f ollow ing comm ands. Console #show r ip glob als 4-262 RIP Pro cess: Ena bled Update Ti me in Seco nds: 30 Number of Ro ute Cha nge: 4 Numb er of Q ueries : 0 Console #show i p rip con figurat ion 4-[...]

  • Page 286

    Configuring the Switch 3-234 3 Configuring t he Open Shortest Path First Protocol Open Sho rtest Path Firs t (OSPF) is more sui ted for larg e area networ ks which experienc e freque nt change s in the links. It also han dles subn ets much be tter than RIP . OSPF pr otocol ac tively tests the status of eac h link to its neigh bors to generat e a sh[...]

  • Page 287

    IP Routing 3-235 3 • OSPFv2 is a co mpatible upgr ade to OSPF . It involves enhancem ents to protoco l messag e authenti cation, a nd the addit ion of a point- to-multipo int interf ace which allows OSPF to run ove r non-broad cast networks , as well as su pport for overlappi ng area r anges. • When using OSPF , yo u must orga nize your network[...]

  • Page 288

    Configuring the Switch 3-236 3 • AS Boundary Router 24 – Allo ws this router to exchang e routing inform ation with b ounda ry router s in other auto nomo us systems to which it may be attached. I f a router is enab led as a n ASB R, the n eve ry ot her rout er i n the autonom ous s ystem can l earn about exte rnal rou tes from this de vice. ( [...]

  • Page 289

    IP Routing 3-237 3 We b - C lick Rout ing Protocol , OSPF , G eneral Co nfiguration. Enable OSPF , specify the Route r ID, configu re the other global param eters as re quired, an d click Appl y . Figure 3 -135 OSPF General C onfigu ration CLI - Th is ex ample co nfigu res the rout er wi th t he sam e se tti ngs as show n in the screen ca pture for[...]

  • Page 290

    Configuring the Switch 3-238 3 Configuring O SPF Areas An autono mous sys tem must be configu red with a backbone ar ea, design ated by area ident ifier 0.0.0. 0. By defau lt, all other areas are created as normal transit are as. Rout ers i n a norma l area may imp ort or ex port routi ng in forma tio n about indi vidu al nodes. T o reduce th e amo[...]

  • Page 291

    IP Routing 3-239 3 • Routes t hat can be ad vertised with NSSA external LSAs include network destinat ions outside the AS learne d via OSPF, the default ro ute, static route s, routes der ived from other rout ing protoc ols such as RIP, or direct ly conne cted network s that are not ru nning OSPF . • Al so, note that unli ke s tub a rea s, al l[...]

  • Page 292

    Configuring the Switch 3-240 3 We b - C lick Rout ing Protoc ol, OSPF , Area Con figuratio n. Set any are a to a stub or NSSA as required, specify the cos t for the defa ult summary ro ute sent into a stub, and click Ap ply . Figur e 3- 136 OSP F Area Conf igur atio n CLI - This exampl e configur es area 0.0 .0.1 as a nor mal area, area 0.0.0.2 as [...]

  • Page 293

    IP Routing 3-241 3 Configuring Area Ranges (Ro ute Summariz ation for ABRs ) An OSPF area can inc lude a large number of nodes. If the Area B order Router (ABR) has to ad vertise route info rmation for each of th ese nodes, thi s wastes a l ot of bandw idth and proce ssor time. Instead, you c an c onfigure a n ABR to ad vertise a sin gle su mmary r[...]

  • Page 294

    Configuring the Switch 3-242 3 We b - C lick Rout ing Protoc ol, OSPF , Area Ran ge Configur ation. S pec ify the area identifie r , the base address and ne twork mas k, sele ct whet her or n ot to adver tise the summ ary route to ot her areas , and then clic k Apply . Figure 3-137 OS PF Ra nge C onfiguratio n CLI - This exampl e sum mariz es al l [...]

  • Page 295

    IP Routing 3-243 3 Configuring O SPF Interfaces Y o u should specify a rou ting interfa ce for any local subnet that needs to comm unicate w ith othe r network s egme nts located on this ro uter or elsew here in t he network. First c onfigure a VLAN fo r each subnet that will be directl y connected to this rou ter , assign I P interfa ces to e ach [...]

  • Page 296

    Configuring the Switch 3-244 3 - On sl ow links, the router ma y send pa ckets m ore quic kly than dev ices can receive t hem. To avoid this p roblem , you ca n use the transmit delay to f orce the router to wait a spec ified interva l between transmi ssions. • Retransmit Inter val – Sets the time betwe en resen ding lin k-state advertisem ents[...]

  • Page 297

    IP Routing 3-245 3 - You can assig n a unique pa ssword t o each netwo rk (i.e., au tonom ous system ) to impro ve the secu rity of the rout ing databas e. Howe ver, the pas sword must be used cons istentl y on all neighbo ring rou ters through out a netw ork. • Messag e Diges t Key-id – As signs a ke y-id used in conjunction with the authenti [...]

  • Page 298

    Configuring the Switch 3-246 3 Chan ge any of the in terf ace- spec ifi c prot ocol par amete rs, an d then click Ap ply . Figure 3-139 OS PF In terface Configura tion - Detailed CLI - Th is ex ampl e co nfi gures the int erfa ce p ara met ers f or V LAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 4-280 Console(config-[...]

  • Page 299

    IP Routing 3-247 3 Configuring Virtua l Links All OSPF areas mus t connect to th e backbone . If an area does n ot h ave a direct phy sical conn ection to the backbone , you can co nfigur e a vir tual link t hat provid es a log ical path to the back bone. T o c onnec t an isolated area to the ba ckbon e, the logical path ca n cross a si ngle non-ba[...]

  • Page 300

    Configuring the Switch 3-248 3 We b - Click R outing Pr otocol, OSP F , Virtual Link C onfigur ation. T o create a new virtual l ink, spec ify the A rea ID and N eighbor R outer ID, co nfigure th e link attribute s, and click Ad d. T o mod ify the settin gs for an ex isting link, click the Detail but ton for the requi red entry , modify the link se[...]

  • Page 301

    IP Routing 3-249 3 Configuring Netw ork Area Address es OSPF pro tocol broadca st mess ages (i.e., Li nk S tate Advertisem ents or LSAs) are restricte d by area to limit their impact on n etwork pe rforman ce. A large ne twork should be split up into separ ate OSPF areas to increa se net work stability , and to reduce pr otocol traffic by sum mariz[...]

  • Page 302

    Configuring the Switch 3-250 3 We b - C lick Rout ing Protocol , OSPF , N etwork Area Ad dress C onfigura tion. Conf igur e a b ackbo ne area t hat is conti guous wit h al l the oth er a reas in yo ur network , configure a n area for all of th e other OSPF interfaces, then click App ly . Figure 3- 141 O SPF Netw ork A rea Ad dress Con figura tion[...]

  • Page 303

    IP Routing 3-251 3 CLI - This exampl e configur es the back bone area and one tra nsit area. Console(config-router)#network 10.0.0.0 2 55.0.0.0 area 0.0.0.0 4-271 Console(config-router)#network 10.1.1.0 2 55.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf 4-282 Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0)[...]

  • Page 304

    Configuring the Switch 3-252 3 Configuring Sum mary Addresse s (for Extern al AS Routes) An Autono mous Syst em Boun dary Rout er (ASBR) ca n redistribut e routes le arned from oth er protocols into all attach ed autono mous sys tems. (Se e “R edistribut ing External Routes” on page 3-253) T o reduce the am ount of ext ernal LSAs i mported into[...]

  • Page 305

    IP Routing 3-253 3 CLI - Th is ex ample Th is ex ampl e cre ates a su mmary addr ess f or al l route s contained in 192.168.x. x. Redistributing External Routes Y o u can conf igure this ro uter to impo rt exte rnal routing informa tion from othe r routing pr otocols int o the autono mous system. Command Usage • This route r supports redistribu t[...]

  • Page 306

    Configuring the Switch 3-254 3 We b - Click R outing Pr otocol, OSP F , Redist ribute. Specify the proto col type to import, the m etric type an d path cost, th en click Add . Figure 3-1 43 O SPF Redis tribute Confi guration CLI - This exampl e redistrib utes route s learned from RIP as Type 1 external routes . Configuring NSSA Se ttings Use the OS[...]

  • Page 307

    IP Routing 3-255 3 Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. We b - Click Routing Protocol, OSPF , N SSA Settings. Create a new NSSA or modify the routing b ehavior for an existi ng NSSA, and click App ly . Figure 3 -144 OSPF NSSA Se ttings CLI - This exampl e configur es area 0. 0.0.1 as a stub an d sets[...]

  • Page 308

    Configuring the Switch 3-256 3 Displaying Link State Data base Informati on OSPF route rs advertise rou tes using Link S tate Advertiseme nts (LSAs). The full col lect ion of L SAs c ollec ted by a rout er in terf ace f ro m the att ach ed are a is k nown as a link st ate dat abase. Routers that are connected to mu ltiple inte rfaces will have a se[...]

  • Page 309

    IP Routing 3-257 3 We b - Click R outing Pr otocol, OSP F , Link State Database Inform ation. Specify parameter s for the LSAs you w ant to dis play , then c lick Query . Figure 3 -145 OSPF Lin k State Datab ase Inform ation CLI - The CLI provide s a wide r selection o f display op tions for viewing the Link St ate Database. See “show ip ospf dat[...]

  • Page 310

    Configuring the Switch 3-258 3 Displaying Inform ation on Border Routers Y o u can di splay ent ries in the local rou ting table fo r Area Bo rder Rou ters (ABR) and Autonomo us System Boundar y Routers (ASBR) known by this devi ce. Field Attributes • Dest inat ion – Identifier for t he destinat ion route r. • Next Hop – IP addres s of the [...]

  • Page 311

    IP Routing 3-259 3 Displaying Inform ation on Neighbor Routers Y o u can disp lay about ne ighborin g router s on each interface w ithin an OSP F area. Field Attributes • ID – Nei ghbor’s router ID. • Priority – Neighbor’s route r priority. • State – OSP F stat e an d id entif icat ion flag . States inc lude: - Down – Connec tion [...]

  • Page 312

    Configuring the Switch 3-260 3 Multicast Routing This route r can route m ulticas t traffic to different subne tworks us ing either Distance V ec tor Multi cast Routi ng Protocol (DV MRP) or Protocol-Ind epend ent Multic asting - Dense Mo de (PIM -DM). Thes e protoc ols flood mul ticast tra ffic downstream , and calculat e the short est-path, so ur[...]

  • Page 313

    Multic ast Rou ting 3-261 3 Displaying the Mult icast Routing Table Y o u can disp lay inform ation on each multic ast route t his router has learned via DVMRP or PIM. The r outer learns m ulticast routes from n eighbor ing routers, and also adv ertises thes e routes to its neighbors . The router sto res entries for all paths learned by itself or f[...]

  • Page 314

    Configuring the Switch 3-262 3 We b – Click IP , Multica st Routing, Mult icast Routing T able. Click Det ail to display addition al informa tion for any en try . Figure 3-149 Mu lticas t Routi ng T able[...]

  • Page 315

    Multic ast Rou ting 3-263 3 CLI – This examp le show s that mult icast forwar ding is enab led. The m ulticast routing table displays on e entry for a mu lticast source rout ed by DVM RP , and another sou rce rout ed via PIM. Console#show ip mroute 4-297 IP Multicast Forwarding is enabled. IP Multicast Routing Table Flags: P - Prune, F - Forwardi[...]

  • Page 316

    Configuring the Switch 3-264 3 Configuring DVMRP The Distance- V ec tor Multicas t Routing Pr otocol (DVM RP) beha ves some what similarly to RIP . A router su pporting DVMR P perio dically floo ds its attached netw orks to pass inform ation about suppo rted multica st service s along to new route rs and hosts. Router s that rece ive a DVMR P packe[...]

  • Page 317

    Multic ast Rou ting 3-265 3 Command Usage Broadca sting period ically flo ods the netw ork with traf fic from a ny active mul ticast serv er . If IGMP snoopin g is disabl ed, multic ast traffic is flooded to all ports on the router. Howe ver , if IGMP s noopin g is enabled , then the first packet for any source gro up pair is flooded to all DVM RP [...]

  • Page 318

    Configuring the Switch 3-266 3 which th is device ha s received pr obes , and is used to ver ify whethe r or not thes e neighbo rs are s till active members of the mu lticast tr ee. (Ra nge: 1-655 35 sec onds; Default: 10 se conds ) • Neighbor T imeout Interval – Sets the i nterval to wait for messages fr om a DVMRP neighbor before de claring i[...]

  • Page 319

    Multic ast Rou ting 3-267 3 We b – Click Routing Pr otocol, DVMRP , General Settings. Enable or disable DVMRP . Set th e global parame ters that control neigh bor time out, the exc hange of routing inf ormation, or the prune lifetime, and cl ick Apply . Figure 3 -150 DVMR P General Settin gs CLI – This sets the glob al paramete rs for DVMR P an[...]

  • Page 320

    Configuring the Switch 3-268 3 DVMRP Interface Settings • VLAN – Selec ts a VLA N inte rf ace on t his rou ter. • Metric – Sets the metric f or this inte rface used t o calculate di stance vectors. • Status – Enabl es or disable s DVMRP. - If DVM RP is enabled on any interfa ce, Layer 3 IGM P should also be enabled on the router (page 3[...]

  • Page 321

    Multic ast Rou ting 3-269 3 Displaying Neigh bor Information Y o u can disp lay all the neigh boring DVMRP ro uters. Command Attributes • Neighbor Addres s – The IP addre ss of th e networ k device immedi ately ups tream for this multicast deli very tree. • Inte rfac e – Th e IP interfac e on this rou ter that conn ects to the upstrea m nei[...]

  • Page 322

    Configuring the Switch 3-270 3 Displaying the Routing Tab le The router lea rns so urce-routed informa tion from ne ighboring DVMRP r outers an d also adv ertises lear ned routes to its neighbors . The router merely recor ds path inf orma tion it h as l earn ed on its own or f rom other rout ers. It does not c ons ider group m embersh ip or prune m[...]

  • Page 323

    Multic ast Rou ting 3-271 3 CLI – Th is ex ampl e dis pla ys k nown DV MRP r oute s. Configuring PI M-DM Protocol -Indepe ndent Mul ticasting (PIM) provi des two different modes of ope ration: sparse mod e and dense mode. Sparse mode (SM) is designed for netwo rks where the pro bability of m ulticas t group me mbers is low , such a s the Inter ne[...]

  • Page 324

    Configuring the Switch 3-272 3 We b – Click Rou ting Protoco l, PIM-DM, G eneral Set tings. Ena ble or disabl e PIM-DM glo bally for the router , and click Ap ply . Figure 3-1 54 P IM-DM General S etting s CLI – This examp le enables PIM-DM globally and d isplays th e current statu s. Configuring PIM-DM Interfa ce Settings T o fully en able PIM[...]

  • Page 325

    Multic ast Rou ting 3-273 3 • Trigger Hello Int erval – Confi gures the maximu m time before transmitt ing a triggered PI M hello mes sage after the rou ter is reboot ed or PIM is ena bled on an interface. (Rang e: 1-65535 se conds ; Default : 5) - When a rou ter first st arts or PIM is enab led on a n interface , the he llo-interva l is set to[...]

  • Page 326

    Configuring the Switch 3-274 3 We b – Click Routing Protocol, PIM-DM, Interfa ce Settings. Select a VLAN, enable or disable PI M-DM for the se lected interface, modify any of th e protocol para meters as required , and click Ap ply . Figure 3-1 55 P IM-DM Inte rface S etting s CLI – Thi s e xampl e se ts the PIM- DM pr otoc ol p aramete rs f or[...]

  • Page 327

    Multic ast Rou ting 3-275 3 Displaying Interfa ce Information Y o u can dis play a summ ary of the current in terface statu s for PIM-DM , including the number of neighbor ing PIM rout ers, and the address o f the design ated PIM ro uter. Command Attributes • Inte rfac e – A VLA N interfac e on this router. • Address – Th e IP addres s for [...]

  • Page 328

    Configuring the Switch 3-276 3 We b – Click Rout ing Protocol, PIM-DM, Ne ighbor Informati on. Figure 3 -157 PIM-DM Ne ighbo r Inform ation CLI – This examp le display s the only neig hboring PIM-DM ro uter. Console#show ip pim neighbor 4-314 Address VLAN Interface Uptime Expire Mode --------------- ---------------- -------- -------- ------- 10[...]

  • Page 329

    4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Com mand Li ne Interface (CLI). Note: You can only access the console interface through the Master unit in the stack. Using the Command Line Interface Accessing the CLI When acc essing t he manag ement interface for the switch over a direc t conne ction to the serve r ’[...]

  • Page 330

    Command Line I nterface 4-2 4 Note: The IP address for this switc h is obtained via DHCP by default. T o acce ss the stack through a T elne t sessio n, you mu st first set the IP add ress for the Maste r unit, and set the defaul t gateway if you are mana ging the switch fro m a different IP su bnet. For exa mple, If your cor porate net work is con [...]

  • Page 331

    Entering Co mmands 4-3 4 Entering Commands Thi s sect ion desc ri bes how t o ente r CLI com mands. Keywords and Argument s A CLI comma nd is a ser ies of keywor ds and argu ments. Keywo rds identif y a comm and, and argu ments spec ify configu ration parame ters. For ex ample, in t he comma nd “show inte rfac es s ta tus ether net 1 /5, ” show[...]

  • Page 332

    Command Line I nterface 4-4 4 Showing Com mands If you ente r a “?” at the co mman d prompt, the system will displa y the first le vel of keywords for the cu rrent comm and clas s (Norm al Exec or Privi leged Exe c) or configuration c lass (Global, ACL, DHCP , Interface, Line, Router , VLAN Dat abase, or MSTP). Y o u can also dis play a list of[...]

  • Page 333

    Entering Co mmands 4-5 4 The comman d “ show interf aces ? ” will d isplay the follo wing information: Partial Keyword Lookup If you termi nate a partial keyword with a questio n mark, alte rnatives that matc h the initial lette rs are provi ded. (Re membe r not to leave a space betwe en the comm and and quest ion mark. ) For examp le “ s? ?[...]

  • Page 334

    Command Line I nterface 4-6 4 Understanding Command Modes The comm and set is divided into Ex ec and Co nfigurati on classe s. Exec com mand s general ly display i nformat ion on sys tem status or cl ear statistical co unters. Configu ration co mman ds, on the o ther han d, mod ify interfac e parameter s or enab le certain switch ing func tions. Th[...]

  • Page 335

    Entering Co mmands 4-7 4 Configurati on Commands Configu ration com mand s are privi leged level co mmand s used to m odify sw itch settings . These comm ands modi fy the running co nfigur ation only and are not saved when the sw itch is reb ooted. T o store the ru nning co nfigurat ion in non-v olatile storag e, use the copy runn ing-con fig start[...]

  • Page 336

    Command Line I nterface 4-8 4 T o enter the other m odes, at the configura tion prom pt type one o f the followi ng comm ands. U se the exit or end command to return to th e Privileged Exec mode. For exam ple, you can use the fo llowing comm and s to enter inte rface conf iguration mode, and th en return to Priv ileged Exec mode T a ble 4-2 Config [...]

  • Page 337

    Entering Co mmands 4-9 4 Command Line Processi ng Comma nds are not case sens itive. Y ou ca n abbrevia te comm ands and parameters as long as they contain en ough lette rs to differentiat e them from a ny other c urrently availabl e comma nds or parame ters. Y ou can use the T ab key to co mplete parti al comm ands, or en ter a par tial comm and f[...]

  • Page 338

    Command Line I nterface 4-10 4 Command Groups The syst em com mands can be b roken down into the fun ctiona l groups shown below . T able 4-4 C omman d Gro up Index Comman d Grou p De scription Pa ge Line Se ts commun ication paramete rs for t he seri al port and T elnet, including bau d rate and conso le time-ou t 4-1 1 General Basic comma nds for[...]

  • Page 339

    Line Commands 4-11 4 The access mode sho wn in the fo llowing table s is indicate d by these ab brevia tions: NE (Nor mal Exec ) MST (Multip le S panning Tree) PE (Privileg ed Exec) ACL (Access Contro l List Configurat ion) GC (Global Configur ation) DC (DHCP Server Co nfiguratio n) LC (Line Co nfigurat ion) RC (Rou ter Conf igur ati on) IC ( Inter[...]

  • Page 340

    Command Line I nterface 4-12 4 line This comm and id entifies a s pecific li ne for con figura tion, and to process subse quent line conf iguration co mmand s. Syntax line { conso le | vty } • console - Console t erminal line . • vty - Vi rtua l ter min al fo r re mote c onso le ac ces s (i. e., Telne t). Default Sett ing Ther e is no defaul t [...]

  • Page 341

    Line Commands 4-13 4 Command Usage • There are three authe ntication modes pr ovided by the switch its elf at login : - log in sele cts auth entication by a single global pass word as specified by the password li ne configur ation com mand. When usi ng this meth od, the management in terface st arts in No rmal Exec (NE) mode. - login local se lec[...]

  • Page 342

    Command Line I nterface 4-14 4 • The enc rypted pass word is re quired for compat ibility wit h legacy pa ssword settings (i.e., plain text or encrypt ed) wh en reading t he configur ation file during sys tem bo otup or w hen dow nloading t he conf iguration f ile from a TFTP server . There is no ne ed for you to ma nually co nfigur e encry pted [...]

  • Page 343

    Line Commands 4-15 4 exec-time out This comm and se ts the interval th at the syst em waits until user input is de tected. Use t he no form to re store the d efault. Syntax exec-tim eout [ seconds ] no exec-time out seconds - Integer that specifies the ti meout interval. (Range: 0 - 655 35 seconds; 0: no timeout) Default Sett ing CLI: No timeout T [...]

  • Page 344

    Command Line I nterface 4-16 4 Command Usage • When th e logon att empt thr eshold is rea ched, the system interface become s silent for a specified am ount of time before all owing the nex t logon a ttempt. (Use the silent-time com man d to set this in terv al .) W hen this thr esh old is reached for Telnet, the Te lnet logon interfac e shuts do[...]

  • Page 345

    Line Commands 4-17 4 databits This comm and sets the num ber of d ata bits per character that are inte rpreted and generat ed by the co nsole po rt. Use the no form to res tore th e defau lt va lue. Syntax da tab i ts { 7 | 8 } no databit s • 7 - Seven data b its per char acter. • 8 - Eig ht data bits pe r character. Default Sett ing 8 data bit[...]

  • Page 346

    Command Line I nterface 4-18 4 Command Usage Commu nication protoco ls provid ed by devices such as termina ls and mode ms often require a sp ecific parity bi t setting. Example T o specify no parity , enter this command: speed This command set s the ter minal line’ s baud rate. Th is command set s both the transmi t (to termina l) and recei ve ([...]

  • Page 347

    Line Commands 4-19 4 Default Sett ing 1 stop bit Command Mode Line Co nfigurat ion Example T o spec ify 2 stop bits, enter this comm and: disco nnect Thi s comm and t ermi nate s an S SH, T elne t, o r co nsol e conn ect ion. Syntax disconnect sessio n-id sessio n-i d – The session identifier for an SSH, T elnet or console connection. (Range: 0-4[...]

  • Page 348

    Command Line I nterface 4-20 4 Example T o show all lines, en ter this co mmand: General Commands enab le Thi s com mand a cti vates Priv il eged E xec m ode. In pr ivi leg ed mode , ad dit ional comm ands are availabl e, and c ertain comm ands display a dditiona l informa tion. See “Unde rstandin g Comma nd Modes” on page 4-6. Syntax enable [ [...]

  • Page 349

    General Co mmands 4-21 4 Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “super ” is the d efault p assword required to ch ange th e comma nd m ode from Normal Exec to Pr ivileged Exec. (To s et this password, s ee the enable password c omman d on page 4-2 8.) • The “#” ch aracter is appended to the end of th e promp [...]

  • Page 350

    Command Line I nterface 4-22 4 configure This c ommand activ ates Gl obal C onfigu ration mo de. Y ou must enter this m ode t o modify an y setting s on the swi tch. Y ou must also enter Global Con figurat ion mod e prior to en abling som e of the oth er configu ration mode s, includi ng Interfac e Configu ration, Line C onfigur ation, VLAN Databas[...]

  • Page 351

    General Co mmands 4-23 4 The ! comman d re peat s co mmand s fro m the Exec utio n com mand hi st ory bu ff er when yo u are in Norm al Exec or Privi leged Exec M ode, and commands from the Configu ration comm and history buffer wh en you are in an y of the con figuratio n mode s. In t his ex ample , the !2 comman d repe ats the secon d com mand in[...]

  • Page 352

    Command Line I nterface 4-24 4 exit Thi s comma nd retu rns to the pre viou s conf igur atio n mode or exit s the co nfi gurat ion program. Default Sett ing None Command Mode Any Example This examp le shows ho w to return t o the Privilege d Exec mod e from the G lobal Configu ration mode , and then quit the CLI session: quit Thi s comma nd exi ts [...]

  • Page 353

    System Management Commands 4-25 4 System Management Co mmands Thes e co mmands a re u sed t o con trol sys tem l ogs, pa sswor ds, u ser names, brow ser configur ation op tions, and display or co nfigure a va riety of othe r system i nformat ion. Device Designation Commands prompt This comm and cu stomize s the CLI prom pt. Use the no form to resto[...]

  • Page 354

    Command Line I nterface 4-26 4 Command Mode Global Co nfigurat ion Example hostname This comm and sp ecifies or m odifies th e host na me for this de vice. Us e the no form to restor e the defaul t host name . Syntax hostnam e name no hostname name - The name of this host. (Maxi mum length: 255 characters) Default Sett ing None Command Mode Global [...]

  • Page 355

    System Management Commands 4-27 4 User Access Commands The bas ic com mands requi red for mana gement access ar e listed in this secti on. This switc h also incl udes othe r options for password ch ecking via the conso le or a T elnet connec tion (page 4-1 1), user authe ntication via a remo te aut henticat ion server (page 4-70), and host acce ss [...]

  • Page 356

    Command Line I nterface 4-28 4 Command Usage The encry pted passwor d is requir ed for compat ibility with leg acy passwo rd settings (i.e., plain t ext or encryp ted) when rea ding t he c onfigura tion file during system bo otup or when dow nloadi ng the con figuratio n file from a T FTP serve r . There is no nee d for you to manually configure en[...]

  • Page 357

    System Management Commands 4-29 4 Related Commands enable (4-20) aut hent icat ion en able (4-71 ) IP Filt er Commands managem ent This comm and sp ecifies the client IP addr esses that are allow ed manage ment access t o the switch through v arious prot ocols. U se the no form to restore the default se tting. Syntax [ no ] management { all-client [...]

  • Page 358

    Command Line I nterface 4-30 4 • You can delete an add ress rang e just by specifyin g the start add ress, or by specifyi ng both t he start add ress and en d address . Example Thi s exam ple res tri cts m anage ment ac cess to the in dica ted ad dres ses. show ma nagement This comm and disp lays the cl ient IP addr esses th at are allow ed manag[...]

  • Page 359

    System Management Commands 4-31 4 Web Server Commands ip http port This comm and speci fies the TCP port num ber used by the web br owser inter face. Use t he no form to us e the defa ult port. Syntax ip http port port- number no ip http port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 80 Comma[...]

  • Page 360

    Command Line I nterface 4-32 4 Example Related Commands ip htt p port (4 -31) ip http sec ure-server This comm and enabl es the se cure hype rtext transfe r protocol (HTTPS) ove r the Secure Socket Layer (SSL ), pro viding s ecure a ccess (i .e., an encrypted conn ection) to the swit ch’s web interfac e. Use the no f orm t o disable th is functio[...]

  • Page 361

    System Management Commands 4-33 4 Example Related Commands ip http secu re-port (4-33) copy tftp https-certif icate (4-64) ip http sec ure-port This comm and specif ies the UD P port numbe r used for HTTP S connectio n to the switch’ s web interface. Us e the no f orm to re store the de fault por t. Syntax ip http secure- port po rt_numb er no ip[...]

  • Page 362

    Command Line I nterface 4-34 4 Telnet Ser ver Commands ip telnet s erver This command allows this device to be monitored or configured from T elnet. It also specifie s the TCP port num ber used by the T elnet interface. Use the no for m wit hout the “port ” keyword to disable thi s functio n. Use the no from with the “port” keyword to use t[...]

  • Page 363

    System Management Commands 4-35 4 Thi s sect ion de scri bes th e comma nds use d to con figur e the SS H serve r . Howev er , note that y ou also nee d to install a SSH cl ient on the managem ent station whe n using thi s protocol to configure t he switch. Note: The switch supports both SSH Version 1.5 and 2.0 clients. The SSH se rver on th is swi[...]

  • Page 364

    Command Line I nterface 4-36 4 10.1.0 .54 1024 35 156 84995401867 6692593339 4677505 46173253136 7489083654 7254 15020245 5931998 68544358361 6519999233 2978176 6065830956 10 82591321289 0233 76546801 7262725 71413428762 941301 196195 566782 595664 1048695742 7888146206 51941746 7729848 65468615717 7393901647 7935594 23035774130 98022737087 794545 [...]

  • Page 365

    System Management Commands 4-37 4 ip ssh se rver This comm and enable s the Secur e Shell (SSH) ser ver on this swi tch. Use the no form to disa ble this se rvice. Syntax [ no ] i p ssh server Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • The SSH server suppo rts up to four client ses sions. The m aximum number of [...]

  • Page 366

    Command Line I nterface 4-38 4 Command Usage The ti meo ut specifies th e interval the swit ch will wait for a response from the client duri ng the SSH neg otiation pha se. Onc e an SSH ses sion has been establishe d, the timeo ut for user inpu t is contro lled by the ex ec-timeout comm and for vty se ssions. Example Related Commands exec-tim eout [...]

  • Page 367

    System Management Commands 4-39 4 Default Sett ing 768 bits Command Mode Global Co nfigurat ion Command Usage • The serve r key is a pr ivate key t hat is never shared outsi de the swi tch. • The host ke y is shared w ith the SSH c lient, and is fixed at 1024 bi ts. Example delete pub lic-key This comm and de letes the sp ecified user ’s publ[...]

  • Page 368

    Command Line I nterface 4-40 4 Command Usage • This co mmand stores the hos t key p air in mem ory (i. e., RAM ). Use the i p ssh save ho st-key co mm and to s ave the h ost key pai r to fl ash mem ory . • Some S SH client pr ograms automatic ally add the public key t o the known hosts file as part of the con figurat ion process . Otherwi se, y[...]

  • Page 369

    System Management Commands 4-41 4 ip ssh sa ve host- key This comm and sa ves the hos t key from R AM to flash m emory . Syntax ip ssh save ho st-key [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Default Sett ing Saves both the DSA an d RSA key . Command Mode Privileged Exec Example Related Commands ip ssh crypt o host -key g e[...]

  • Page 370

    Command Line I nterface 4-42 4 show pub lic-key Thi s com mand s hows the publ ic ke y for the s pec ifi ed use r or for the host . Syntax show p ublic-key [ user [ usernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys . Command Mode Privileged Exec Command Usage • I f no para mete r[...]

  • Page 371

    System Management Commands 4-43 4 • When a n RS A key is displa yed, the first fi eld indica tes the size of the host k ey (e.g., 10 24), the sec ond field is the e ncoded public expo nent (e.g. , 35), and the last string is the e ncode d modu lus. Wh en a DSA ke y is dis played, t he firs t fi eld in dica tes tha t th e encryp ti on meth od used[...]

  • Page 372

    Command Line I nterface 4-44 4 Default Sett ing None Command Mode Global Co nfigurat ion Command Usage The logging process co ntrol s error mes sages save d to switch m emory . Y o u can use the logging history comm and to co ntrol the type of error m essage s that are st ored. Example Related Commands logging hi story ( 4-44) clear log (4-47) logg[...]

  • Page 373

    System Management Commands 4-45 4 Default Sett ing Flash: error s (level 3 - 0) RAM: w arnings (lev el 7 - 0) Command Mode Global Co nfigurat ion Command Usage The messa ge l evel spec ifi ed f or fl ash memor y mus t be a hi gher pri orit y ( i.e., numer ically lo wer) than that specifi ed for RAM. Example logging hos t This comm and ad ds a syslo[...]

  • Page 374

    Command Line I nterface 4-46 4 Default Sett ing 23 Command Mode Global Co nfigurat ion Command Usage The comm and spec ifies the fac ility type tag sent in syslog mes sages . (See RFC 3164. ) This type has no effect on th e kind of mes sages rep orted by the switch . Howeve r , it m ay be use d by the syslo g serve r to sort mess ages or to store m[...]

  • Page 375

    System Management Commands 4-47 4 clear log This c omman d clea rs mess ages from t he lo g buffer . Syntax clear lo g [ f lash | ram ] • flas h - Event hi story sto red in flash m emory (i.e ., perman ent memo ry). • ram - Event histor y stored in temporary RAM (i.e. , memory flushed on power reset) . Default Sett ing Flash and RAM Command Mod[...]

  • Page 376

    Command Line I nterface 4-48 4 Example The f ollo win g exampl e shows th at sys tem lo ggin g is en able d, th e mess age le vel fo r flash mem ory is “erro rs” (i.e., def ault leve l 3 - 0), and the m essage l evel for RAM is “debugg ing” (i.e., de fault level 7 - 0). The follow ing exam ple displays settings for the tra p function . Rela[...]

  • Page 377

    System Management Commands 4-49 4 show log This comm and disp lays the lo g messag es store d in local mem ory . Syntax show log { flash | ra m } • flas h - Event hi story sto red in flash m emory (i.e ., perman ent memo ry). • ram - Event histor y stored in temporary RAM (i.e. , memory flushed on power reset) . Default Sett ing None Command Mo[...]

  • Page 378

    Command Line I nterface 4-50 4 logging se ndmail h ost This co mmand specifies SMTP servers t hat wi ll be sent a lert me ssage s. Use the no form to r emove an SMTP serv er . Syntax [ no ] logging sendmail host ip_addres s ip_address - IP address of an SMTP server that will be sent alert messages for event handling. Default Sett ing None Command M[...]

  • Page 379

    System Management Commands 4-51 4 Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to t he configured email recipient s. (For examp le, using Level 7 wil l report all even ts from le vel 7 to level 0.) Example This examp le will sen d email aler ts for system er rors from l evel 3 throu[...]

  • Page 380

    Command Line I nterface 4-52 4 Command Usage Y o u can speci fy up to five re cipients for aler t messa ges. How ever , you mus t enter a se parate comm and to spe cify eac h recipien t. Example logging se ndmail This comm and enable s SMTP even t handling . Use the no form to disable this func tio n. Syntax [ no ] log ging sendmail Default Sett in[...]

  • Page 381

    System Management Commands 4-53 4 Time Commands The syste m clock can be dynam ically set by polling a set of specif ied time ser vers (NTP or SNTP) . Mai nt ain ing a n ac cura te ti me on the swi tch enabl es t he sy stem log to record meaningful d ates and times f or event ent ries. If the clock is not set, the switch will only record th e time [...]

  • Page 382

    Command Line I nterface 4-54 4 Example Related Commands sntp ser ver (4-5 4) sntp poll (4-55) show sn tp (4-55 ) sntp serv er This comm and sets the IP address of th e server s to which SN TP time reques ts are issued. U se the this com mand w ith no arg uments to clear all time serve rs from th e current l ist. Syntax sntp server [ ip1 [ ip2 [ ip3[...]

  • Page 383

    System Management Commands 4-55 4 sntp poll This comm and se ts the interval betw een send ing time requests when the switch i s set to SNTP client mode. U se the no form to resto re to the d efault. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16- 16384 seconds) Default Sett ing 16 seco nds Command Mode G[...]

  • Page 384

    Command Line I nterface 4-56 4 cloc k time zon e This command set s the t ime zone for t he switch’ s internal clock. Syntax clock timezone name hou r hours minute minutes { before-utc | af ter-utc } • name - Nam e of timezo ne, us ually an acr onym. (Ra nge: 1-29 chara cters) • hours - Num ber of hour s before /after UTC . (Rang e: 0-13 hour[...]

  • Page 385

    System Management Commands 4-57 4 Default Sett ing None Command Mode Privileged Exec Example This examp le show s how to set the system clock to 15: 12:34, Feb ruary 1st , 2002. show ca lendar This comm and disp lays the system cl ock. Default Sett ing None Command Mode Normal Exec, Privileged Exec Example System Status Commands show sta rtup-confi[...]

  • Page 386

    Command Line I nterface 4-58 4 Command Usage • Use this comm and in co njunctio n with the s how running-conf ig command to compar e the inform ation in runn ing mem ory to the information stored in non-volatile memory. • This co mmand displays settings for ke y comm and mo des. Eac h mode group is s epar ated by “ !” sy mbol s, an d in clu[...]

  • Page 387

    System Management Commands 4-59 4 Related Commands show runni ng-con fig (4- 59) show runn ing-config This comm and disp lays the con figurat ion inform ation cu rrently in us e. Default Sett ing None Command Mode Privileged Exec Command Usage • Us e this comma nd in conj unct ion wi th t he show startup-co nfig command to compar e the inform ati[...]

  • Page 388

    Command Line I nterface 4-60 4 - IP a ddre ss conf igured f or VLA Ns - La yer 4 prece dence set tings - Rou ting prot ocol configu ration settings - Spa nning tree settings - Any configure d setting s for the cons ole port and Telnet Example Related Commands show startu p-config (4-57) Console#show running-config building running-config, please wa[...]

  • Page 389

    System Management Commands 4-61 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descr iption of th e items sh own by this comma nd, refer to “ Display ing System In formatio n” on page 3- 12. • Th e POST result s sh ould a ll displ ay “P ASS.”[...]

  • Page 390

    Command Line I nterface 4-62 4 show us ers Shows all act ive cons ole an d T e lnet s essions, includi ng use r nam e, idle time, a nd IP address of T elnet cl ient. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage The sess ion use d to execut e this co mman d is indi cated by a “* ” symb ol next t o the Line (i.e [...]

  • Page 391

    System Management Commands 4-63 4 Example Frame Size Commands jumbo frame This comm and enabl es suppo rt for jumbo frames. Use the no form to di sabl e it. Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • This swi tch provid es more eff icient thr oughput for large seq uential data transfer [...]

  • Page 392

    Command Line I nterface 4-64 4 Example Flash/File Commands These c omman ds a re use d to m anage the system code or co nfigurat ion fi les. copy This comm and mov es (uplo ad/downl oad) a cod e image or configurat ion file between t he switch’s flas h memory and a TFTP se rver . When yo u save the system code or con figurat ion setting s to a fi[...]

  • Page 393

    Flash/File Commands 4-65 4 Default Sett ing None Command Mode Privileged Exec Command Usage • The sy stem prompts for data requi red to comple te the copy co mmand. • The de stination f ile nam e shoul d not con tain slashe s ( or /) , the lead ing letter of the file na me should no t be a pe riod (.), and the maximum length fo r file names on[...]

  • Page 394

    Command Line I nterface 4-66 4 The follow ing exam ple shows how to copy t he runni ng configu ration to a s tartup file. The follow ing exam ple shows how to dow nload a co nfiguratio n file: This examp le show s how to cop y a secure- site certifica te from an TFTP server. It then r eboots the swi tch to activa te the c ertificat e: This examp le[...]

  • Page 395

    Flash/File Commands 4-67 4 delete This comm and dele tes a file or im age. Syntax delete [ un it :] filename • filename - Name of co nfiguratio n file or code i mage. • unit - Stac k unit. (Ran ge: 1-8) Default Sett ing None Command Mode Privileged Exec Command Usage • If the file type i s used for sys tem startup, then t his file c annot be [...]

  • Page 396

    Command Line I nterface 4-68 4 Command Usage • If y ou enter the co mmand dir witho ut an y par amet ers, the system dis plays all files. • A colon (:) is required af ter the spec ified unit n umber. • Fi le i nfor mat ion i s show n bel ow: Example The follow ing exam ple shows how to disp lay all file info rmation: whichboo t This c omman d[...]

  • Page 397

    Flash/File Commands 4-69 4 Example This examp le show s the inform ation dis played by th e whichboot command. See the table un der the dir comman d for a des criptio n of the file inform ation disp laye d by this co mmand. boot syste m This comm and sp ecifies the file or imag e used to start u p the system . Syntax boot syst em [ unit : ] { boot-[...]

  • Page 398

    Command Line I nterface 4-70 4 Authentication Commands Y o u can conf igure thi s switch to au thentica te users logging in to the syste m for manage ment ac cess usin g local or rem ote auth enticatio n method s. Y ou can al so enable po rt-based authent ication for net work clien t access u sing IEEE 802.1X. Authenticat ion Sequence authentica ti[...]

  • Page 399

    Authentication Co mmands 4-71 4 • RADIUS and TACACS+ logon authentication assigns a specif ic privilege level for eac h user name and passw ord pair . The user name , pass wor d, and privilege l evel must be configur ed on the au thentic ation serv er. • You c an speci fy three authen tication m ethod s in a s ingle co mmand to in dicate the au[...]

  • Page 400

    Command Line I nterface 4-72 4 authenti cation is at tempted on the TACA CS+ se rver. If the TAC ACS+ s erver is not avai lable, the loca l user nam e and pass word is ch ecked . Example Related Commands enable pass word - sets the passwo rd for cha nging com mand modes (4-2 8) RADIUS Client Remote Authentic ation Dial- in User Service (RADIUS ) is[...]

  • Page 401

    Authentication Co mmands 4-73 4 • key - Encryption key used to authenticate logon access for client. Do not use blank spaces i n the string. (Maximum length: 20 characters) Default Sett ing • auth -p ort - 18 12 • timeout - 5 se conds • retran smit - 2 Command Mode Global Co nfigurat ion Example radius- server por t This comm and sets the R[...]

  • Page 402

    Command Line I nterface 4-74 4 Command Mode Global Co nfigurat ion Example radius- server r etransmit This c omman d sets th e numb er o f retrie s. Use the no form to res tore the defa ult. Syntax radi us-s erver re trans mit numb er_o f_re tri es no radius-server retransmit number_of_retries - Numbe r of times the switch will try to authenticate [...]

  • Page 403

    Authentication Co mmands 4-75 4 show radi us-server This comm and disp lays the cur rent sett ings for the R ADIUS server . Default Sett ing None Command Mode Privileged Exec Example TACACS+ Client T erminal Acce ss Controller Acces s Control System (T ACA CS+) is a logo n authenti cation pro tocol tha t uses software running on a ce ntral server t[...]

  • Page 404

    Command Line I nterface 4-76 4 tacacs-se rver host This command specifies the T ACACS+ server . Use the no form to restore the default. Syntax t aca cs-serv er host host_ ip_addr ess no tacacs-serv er host host_ip_address - IP addr ess of a T ACACS+ server . Default Sett ing 10. 1 1.12 .13 Command Mode Global Co nfigurat ion Example tacacs-se rver [...]

  • Page 405

    Authentication Co mmands 4-77 4 tacacs-se rver key This comm and sets the T ACACS + encrypti on key . Use t he no form to restor e the default. Syntax t aca cs-serv er key ke y_st ring no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 2 0 chara[...]

  • Page 406

    Command Line I nterface 4-78 4 Port Security Commands These com mands can be use d to enable po rt secur ity on a port. When using po rt securi ty , the sw itch st ops learn ing new M AC ad dresses on the s pecified port whe n it has r eache d a conf igur ed max imum num ber . Only i ncomi ng tra f fic wit h sour ce address es alrea dy store d in t[...]

  • Page 407

    Authentication Co mmands 4-79 4 Command Usage • If you e nable port se curity , the sw itch s tops learni ng new MAC addre sses on the spec ified port whe n it has reac hed a con figured m aximum number . Only incomin g traffic w ith sour ce addre sses al ready st ored in th e dynam ic or stat ic address table will be ac cepted . • First use th[...]

  • Page 408

    Command Line I nterface 4-80 4 802.1X Port Authenti cation The switch su pports IEEE 802.1 X (dot1x) port-b ased ac cess contro l that prev ents unautho rized ac cess to the ne twork by r equiring users to first submit c reden tials for authenti cation. Cli ent authent ication is controlled c entrally by a RADIUS server using EAP (Extensible Au the[...]

  • Page 409

    Authentication Co mmands 4-81 4 dot1x default This c omman d sets a ll confi gurable d ot1x g lobal and po rt set tings t o the ir defau lt values. Command Mode Global Co nfigurat ion Example dot1x max- req This co mmand sets the m aximum numbe r of tim es the s witch p ort will re transmi t an EAP request/identity packet to the client before it ti[...]

  • Page 410

    Command Line I nterface 4-82 4 Default force-au thorized Command Mode Interfa ce Conf iguration Example dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho rize d port . Use th e no form with no keyw ords to re store the de fault to single h ost. U se the no form with the multi-host max-coun[...]

  • Page 411

    Authentication Co mmands 4-83 4 dot1x re-aut henticate This comm and for ces re-auth enticatio n on all ports or a spe cific interfac e. Syntax dot1x re- authentic ate [ interface ] inte rface • etherne t unit / port - unit - S tac k uni t. (Ra nge: 1-8) - port - Port num ber. (Rang e: 1-25/49 ) Command Mode Privileged Exec Example dot1x re-aut h[...]

  • Page 412

    Command Line I nterface 4-84 4 Example dot1x timeout re-auth period This comm and se ts the time pe riod after wh ich a conne cted clie nt must be re-authe nticated . Syntax dot1x ti meout re-a uthperiod seconds no dot1x timeou t re-authperiod secon ds - The number of sec onds. (Range: 1-65535) Default 3600 seco nds Command Mode Interface C onfigur[...]

  • Page 413

    Authentication Co mmands 4-85 4 show dot 1x Thi s comm and s hows gener al po rt au the ntica ti on rel ate d sett in gs on the s witc h or a specific interface. Syntax show d ot1x [ statistics ] [ in terfac e interf ac e ] • statistics - Displa ys dot 1x statu s for each port. • interface • etherne t unit / port - unit - S tac k uni t. (Ra n[...]

  • Page 414

    Command Line I nterface 4-86 4 - Max Count – The maximum numbe r of hosts allo wed to access t his port (page 4 -82). - Port -co ntro l – Shows the dot 1x mode on a port as auto, force-au thorized , or force- unautho rized (pag e 4-81). - Sup plicant – M AC addr ess of author ized client . - Cur rent Identifie r – The int eger (0-2 55) used[...]

  • Page 415

    Access Contr ol List Commands 4-87 4 Access Control List Com mands Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC address or Et hernet type ). To filter pac kets, firs t create an ac cess list, ad d the re quired[...]

  • Page 416

    Command Line I nterface 4-88 4 The follow ing restric tions apply to ACLs: • This swi tch supp orts ACLs for both ing ress and e gress filtering. H oweve r, you ca n only bind on e IP ACL an d one MAC ACL to any por t for ingres s filtering, and one IP ACL an d one MAC ACL to a ny port for eg ress filter ing. In other w ords, onl y four ACLs c an[...]

  • Page 417

    Access Contr ol List Commands 4-89 4 IP ACLs access-l ist ip This co mmand adds an IP a ccess l ist and e nters c onfigura tion mo de for standard or extende d IP ACLs . Use the no form to remove the spe cified ACL. Syntax [ no ] access-list ip { stan dar d | exte nded } acl_nam e • standar d – Specifie s an ACL that fil ters packet s based on [...]

  • Page 418

    Command Line I nterface 4-90 4 Example Related Commands permit , deny 4-90 ip ac cess-g roup (4 -98) show ip acc ess -list (4-9 3) permit , deny (Standard ACL ) This comm and adds a rule to a St andard IP AC L. The rul e sets a filter condit ion for packets eman ating from the specifie d source. Use the no form to r emove a rul e. Syntax [ no ] { p[...]

  • Page 419

    Access Contr ol List Commands 4-91 4 permit , deny (Extended ACL) This comm and adds a r ule to an Exten ded IP ACL. The rule sets a filter condi tion for packets with spec ific sour ce or desti nation IP ad dresses, protoc ol types, sour ce or destinat ion protoc ol ports, or TCP con trol codes . Use the no form to remove a rule . Syntax [ no ] { [...]

  • Page 420

    Command Line I nterface 4-92 4 Command Usage • All new rule s are appen ded to th e end of the list. • Address bitmask s are simi lar to a s ubnet m ask, con taining fou r integer s from 0 to 25 5, each sepa rated by a per iod. The binary mask uses 1 b its to i ndicate “match” and 0 bits to indicat e “ignore .” The bitm ask is b itwise [...]

  • Page 421

    Access Contr ol List Commands 4-93 4 Related Commands acce ss- list i p (4 -89) show ip access-list This comm and disp lays the ru les for confi gured IP ACL s. Syntax show ip acce ss-list { standard | exte nded } [ ac l_na me ] • standar d – Specifie s a standard I P ACL. • extended – Specifies an extend ed IP ACL. • acl_name – Name o [...]

  • Page 422

    Command Line I nterface 4-94 4 • You must configur e a mask for an ACL r ule befor e you ca n bind it to a p ort or set the queu e or frame pr iorities associate d with the rule. Example Related Commands mas k (IP A CL ) (4-9 4) ip ac cess-g roup (4 -98) mask (IP ACL ) This co mmand defines a mask f or IP AC Ls. Thi s mask defines t he field s to[...]

  • Page 423

    Access Contr ol List Commands 4-95 4 Command Usage • Packe ts crossing a po rt are che cked agains t all the rule s in the ACL unt il a match is found. The order i n which the se pack ets are checked i s determ ined by the mask , and not the or der in whic h the ACL rules were enter ed. • First crea te the requir ed ACLs and ingress or eg ress [...]

  • Page 424

    Command Line I nterface 4-96 4 This s hows how to create a stand ard ACL with an in gress m ask to de ny acc ess to the IP hos t 171.69.1 98.102, and permi t access to an y others . This show s how to crea te an exte nded ACL with an egres s mask to drop packets leaving ne twork 171 .69.19 8.0 when th e Layer 4 so urce port is 23. Console(config)#a[...]

  • Page 425

    Access Contr ol List Commands 4-97 4 This is a mo re compreh ensive ex ample. It deni es any TC P packets in which the SYN bit is ON , and permi ts all other packets. It then sets the ingress m ask to ch eck the deny rul e first, and finally binds po rt 1 to this AC L. Note that once the ACL is bound to a n interface (i .e., the AC L is active), th[...]

  • Page 426

    Command Line I nterface 4-98 4 Related Commands mas k (IP A CL ) (4-9 4) ip acces s-group This comm and bind s a port to an I P ACL. Use the no f orm to remove t he port. Syntax [ no ] ip access-group acl_na me { in | out } • acl_name – Name o f the ACL. (Max imum le ngth: 16 char acters) • in – Indi cates that th is list applies to in gres[...]

  • Page 427

    Access Contr ol List Commands 4-99 4 MAC ACLs access-l ist mac This comm and adds a MAC acce ss list and enters MAC ACL con figuratio n mode. Use t he no form to re move the sp ecified ACL . Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL. (Maximum length: 16 characters) Default Sett ing None Command Mode Global Co nfigurat ion[...]

  • Page 428

    Command Line I nterface 4-100 4 Related Commands permit , deny (4-100 ) mac acce ss-g roup (4-1 05) show mac a ccess -list ( 4-101 ) permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL . The rule filte rs packets matching a specifie d MAC so urce or de stination a ddress (i. e., phys ical layer ad dress), or Ethernet p rotocol type . Use[...]

  • Page 429

    Access Contr ol List Commands 4-101 4 • vid-bi tmask 29 – VLAN bitm ask. (Ran ge: 1-4093 ) • protocol – A specific Ether net pr otocol n umber. (Rang e: 600 -fff hex. ) • protoc ol - bitmas k 29 – Protoc ol bitmask . ( Range : 600-fff hex . ) Default Sett ing None Command Mode MAC ACL Command Usage • New rules are added t o the end of[...]

  • Page 430

    Command Line I nterface 4-102 4 access-l ist mac mas k-preced ence This comm and ch anges to MA C Mask m ode used t o configur e acces s control mask s. Us e th e no form to de lete the mask table. Syntax [ no ] access-list ip m ask-pre cedenc e { in | ou t } • in – Ingr ess ma sk for ingres s ACLs . • out – Egress m ask for eg ress ACLs. D[...]

  • Page 431

    Access Contr ol List Commands 4-103 4 • vid-bitm ask – VLAN ID of rule must match this bitmask. • ethertype – Ch eck the Ethe rnet typ e field . • ethertyp e-bitma sk – Ethernet ty pe of rule must match t his bitmask. Default Sett ing None Command Mode MAC Mask Command Usage • Up to seven mask s can be assi gned to an ingress o r egre[...]

  • Page 432

    Command Line I nterface 4-104 4 This examp le creates an Egress M AC ACL. show ac cess-list m ac mask-prec edence This comma nd shows the ingress or egress rule masks fo r MAC ACLs. Syntax show a ccess -list ma c m ask-pre cedenc e [ in | out ] • in – Ingr ess ma sk p receden ce for ingress AC Ls. • out – Egress m ask prece dence fo r egres[...]

  • Page 433

    Access Contr ol List Commands 4-105 4 mac access -group This comm and bind s a port to a MAC ACL. Use the no f orm to remove the port. Syntax mac a ccess-group acl_na me { in | out } • acl_name – Name o f the ACL. (Max imum le ngth: 16 char acters) • in – Indi cates that th is list applies to in gress p ackets . • out – Indica tes that [...]

  • Page 434

    Command Line I nterface 4-106 4 ACL Information show ac cess-list This co mmand shows a ll ACLs and associa ted rule s, as we ll as al l the us er-defin ed masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n interface (i.e ., the ACL is active), the order in which th e rules are disp layed is determin ed by the ass ociate[...]

  • Page 435

    SNMP Commands 4-107 4 SNMP Command s Controls a ccess to this switch fr om management st ations using the Simple Netwo rk Manage ment Prot ocol (SNMP ), as well as t he error ty pes sent to trap manager s. SNMP V ersi on 3 also provid es secu rity featur es that cove r messa ge integrit y , authenti cation, an d encrypt ion; as we ll as controll in[...]

  • Page 436

    Command Line I nterface 4-108 4 Example show sn mp This comm and ca n be used to check the statu s of SNMP co mmuni cations. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage This comm and prov ides info rmation on the com munity access st rings, co unter inf orma tion for SNMP inpu t and out put prot ocol dat a un it s[...]

  • Page 437

    SNMP Commands 4-109 4 snmp- server com munity This comm and define s the SNMP v1 and v2c commu nity acces s string. U se the no form to rem ove the sp ecified co mmun ity string. Syntax snmp-s erver comm unity st ring [ ro | rw ] no snmp-s erver com muni ty string • strin g - Commu nity strin g that acts l ike a pass word and per mits acc ess to [...]

  • Page 438

    Command Line I nterface 4-110 4 Related Commands snmp -serve r loca tion (4 -1 1 0) snmp- server loc ation This comm and se ts the system lo cation st ring. Use th e no form to remove the location string . Syntax snmp-s erver locat ion tex t no snmp-s erver lo cation text - St ring that describes the system location. (Maximum length : 255 character[...]

  • Page 439

    SNMP Commands 4-111 4 to us ing th e snmp -server host command. (Maximum le ngth: 32 charac ters) • version - Specifies whethe r to send no tifications as SNMP Ve rsion 1, 2c or 3 tr aps . (Ran ge: 1, 2 c, 3; Def ault : 1) - auth | noaut h | priv - This group u ses SNM Pv3 with a uthentic ation, no authenti cation, or with authe nticati on and pr[...]

  • Page 440

    Command Line I nterface 4-112 4 To send an info rm to a SNMPv3 hos t, complete thes e steps: 1. En able t he S NMP ag ent (pag e 4- 107) . 2. Allo w the swit ch to send SNMP traps; i.e. , notifica tions (page 4-1 12). 3. Specify the target host that will re ceive inform messa ges with the snmp-s erver host comman d as d escri bed i n t his se cti o[...]

  • Page 441

    SNMP Commands 4-113 4 SNMP notifications, you must enter at least one snmp-s erver en able t raps comm and. If you en ter the com mand wi th no keywo rds, bot h authen tication and link-u p-down no tificati ons are ena bled. If you en ter the com mand w ith a keywo rd, only the not ificatio n type relate d to that keyw ord is ena bled. •T h e snm[...]

  • Page 442

    Command Line I nterface 4-114 4 • A remote en gine ID is req uired whe n using SNMP v3 infor ms. (See snmp-s erver ho st on pa ge 4-110.) Th e remo te engi ne ID is used to comput e the secu rity digest for authe nticating and enc rypting p ackets s ent to a user on the remot e host. S NMP passw ords are l ocalized us ing the e ngine ID of the au[...]

  • Page 443

    SNMP Commands 4-115 4 snmp- server vie w This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove a n S NMP view. Syntax snmp-s erver view view-na me oid-tree { includ ed | exclude d } no snmp-s erver vi ew view -name • view-name - Name of an SNMP view. ( Range : 1-64 c haract ers) • oid-tre e - O bject [...]

  • Page 444

    Command Line I nterface 4-116 4 show sn mp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp- server group This comm and adds a n SNMP grou p, mapp ing SNMP us ers to SNM P views. Use the no form to remove an SNMP gro up. Syntax snmp-s erver gro up grou pname { v1 | v2c | v3 { auth | noa uth | priv }[...]

  • Page 445

    SNMP Commands 4-117 4 Default Sett ing • Default gr oups: pu blic 30 (read onl y), pr iv ate 31 (read /write) • readvi ew - Every obj ect belonging to the Intern et OID space (1.3 .6.1). • writevie w - Nothing is defined. • notifyvie w - Nothi ng is de fine d. Command Mode Global Co nfigurat ion Command Usage • A group set s the acce ss p[...]

  • Page 446

    Command Line I nterface 4-118 4 show sn mp group Four def ault groups are pr ovided – SNM Pv1 rea d-only ac cess and r ead/writ e access, and SNM Pv2c read -only ac cess and re ad/wri te access . Command Mode Privileged Exec Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View[...]

  • Page 447

    SNMP Commands 4-119 4 snmp- server use r Thi s com mand a dds a use r to an SN MP grou p, r estr ic ting the user t o a s pec ifi c SNMP Re ad, Write, or No tify View . Use the no form to remove a user from an SNM P group. Syntax snmp-s erver use r username groupn ame [ remo te ip-a ddress ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sha } auth-[...]

  • Page 448

    Command Line I nterface 4-120 4 the user res ides. Then u se the snm p-serve r user command to specify t he user and t he IP addr ess for the rem ote devi ce where t he user re sides. The remote ag ent’s SNMP engine ID is used to co mpute aut henticat ion/privac y digests from the user’s password. I f the remote engine ID is not first configure[...]

  • Page 449

    DHCP Co mmands 4-121 4 DHCP Commands Thes e comma nds ar e used t o confi gur e Dynami c Host Confi gura tion Proto col (DHCP) client, rel ay , and server functions . Y ou can configur e any VL AN in terface to be automaticall y assigned an IP address via DHCP . This switch can be config ured to relay DHCP client configuration requests to a DHCP s [...]

  • Page 450

    Command Line I nterface 4-122 4 Command Usage This c ommand is use d to i nclude a clien t identif ier in all comm unicati ons w ith the DHCP serve r . The id entifier type depends on the requireme nts of you r DHCP server . Example Related Commands ip dhcp restar t client ( 4-122) ip dhcp res tart client This command submit s a BOOTP or DHCP clien[...]

  • Page 451

    DHCP Co mmands 4-123 4 DHCP Relay ip dhcp res tart relay This command enables DHCP re lay for the s pecified VLAN. Use the no form to disable i t. Syntax [ no ] ip dhcp relay Default Sett ing Disabled Command Mode Interface C onfigur ation (VLAN) Command Usage This comm and is use d to configu re DHCP relay func tions for host devices attac hed to [...]

  • Page 452

    Command Line I nterface 4-124 4 ip dhcp rela y server This comm and sp ecifies the addresse s of DHC P server s to be used by the switch’s DHCP relay agent. Us e the no form to clear all a ddresses. Syntax ip dhcp relay ser ver address 1 [ address2 [ address 3 ... ]] no ip dhcp relay server address - IP addres s of DHCP server . (Range : 1-3 addr[...]

  • Page 453

    DHCP Co mmands 4-125 4 servic e dhcp This command enable s the DHCP server on this s witch. Use the no form to disable the DHCP server . Syntax [ no ] service dhcp Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage If the DHCP server is running, you mus t resta rt it to imp lement any configur ation chang es. Example ip dhcp[...]

  • Page 454

    Command Line I nterface 4-126 4 Default Sett ing All IP pool addr esses m ay be assig ned. Command Mode Global Co nfigurat ion Example ip dhcp po ol This command configures a DHCP address pool and enter DHCP Pool Configu ration mode . Use the no form to rem ove the a ddress pool. Syntax [ no ] ip dhcp pool nam e name - A s tring or integer . (Range[...]

  • Page 455

    DHCP Co mmands 4-127 4 network This command confi gures the subnet n umber and mask fo r a DHCP address pool. Use t he no form to re move th e subnet n umber an d mask. Syntax network networ k-numb er [ mask ] no network • net work- numb er - The IP ad dress of the DHCP add ress pool. • mask - The bit combinat ion that identi fies the ne twork [...]

  • Page 456

    Command Line I nterface 4-128 4 Command Mode DHCP Pool Configuration Usage Guidelines The IP addr ess of the ro uter sho uld be on the sa me su bnet as the cl ient. Y ou can speci fy up to two ro uters. Ro uters are lis ted in order of prefere nce (st arting with ad dress1 as th e most pr efer red r outer ). Example domain-na me This command spec i[...]

  • Page 457

    DHCP Co mmands 4-129 4 Usage Guidelines • If DNS IP se rvers are not confi gured for a DHCP client, the clien t cannot correlat e host name s to IP addr esses. • Servers are listed in ord er of preferen ce (st arting with addr ess1 as the mo st preferre d server ). Example next-ser ver This co mmand configu res the next s erver in the boo t pro[...]

  • Page 458

    Command Line I nterface 4-130 4 Example Related Commands next-s erver (4-1 29) netbios-na me-serve r This com mand configur es Ne tBIOS Wi ndows I nternet Naming Servic e (WINS) name serv ers tha t are av aila ble t o Micro sof t DHCP clien ts . Use th e no for m to remove the NetBIOS n ame server list. Syntax netb ios- name-s erver addr ess1 [ add[...]

  • Page 459

    DHCP Co mmands 4-131 4 netbios-nod e-type This command confi gures the NetBIOS node typ e for Microsof t DHCP client s. Use the no f orm to remo ve t he NetB IOS nod e ty pe . Syntax netbios-node- type type no netbios-node -type type - S pec ifies the NetBIOS node type: • broadcas t • hybrid (recomm ended) • mixe d • peer-to- peer Default S[...]

  • Page 460

    Command Line I nterface 4-132 4 Command Modes DHCP Pool Configuration Example The follow ing exam ple leases an address to clients usin g this pool for 7 days. host Use this comm and to spe cify the IP addres s and net work ma sk to ma nually bi nd to a DHCP client. Use the no form to remove the IP address for the clie nt. Syntax host address [ mas[...]

  • Page 461

    DHCP Co mmands 4-133 4 Example Related Commands client-id entifier (4-133 ) hardwar e-addre ss (4- 134) client-iden tifier This command specifies the client identifier of a DHCP client. Use the no form to remov e the client iden tifier. Syntax client-identifier { text text | hex hex } no client-identifier • text - A text strin g. (Range : 1-15 ch[...]

  • Page 462

    Command Line I nterface 4-134 4 hardware-addres s This command specifie s the hardware address of a DHCP client . This command is valid for ma nual bindi ngs only . Use the no form to rem ove the ha rdware ad dress. Syntax hardware-addr ess hardwa re-addr ess type no hardware -address • hardw are-addre ss - S peci fies th e MAC addre ss of the c [...]

  • Page 463

    DHCP Co mmands 4-135 4 Usage Guidelines •A n ad dress sp ecifies t he client’s IP address . If an aste risk (*) is use d as the address paramet er, the DHCP server clears all auto matic bindings. •U s e t h e no host command to delet e a m anual bind ing . • This comm and is nor mally us ed after modi fying th e address pool, or after movin[...]

  • Page 464

    Command Line I nterface 4-136 4 DNS Commands Thes e comma nds ar e used t o confi gur e Domain Naming Syste m (DNS) servic es. Y ou can ma nual ly co nfi gure en tr ies in the DNS domai n nam e to IP addres s mapp ing table, config ure defa ult domain na mes, or specify one or more name serv ers to use for domain name to addr ess translati on. Note[...]

  • Page 465

    DNS Commands 4-137 4 Command Usage Servers or other netw ork devices may su pport one or m ore conn ections vi a multiple IP address es. If more t han one IP ad dress is associated with a host name usi ng this com mand, a D NS client can try each ad dress in successi on, until it establishes a c onnection with the tar get de vice. Example Thi s exa[...]

  • Page 466

    Command Line I nterface 4-138 4 Default Sett ing None Command Mode Global Co nfigurat ion Example Related Commands ip d omai n-l ist ( 4-1 38) ip name-s erver (4-1 39) ip d omai n-l ookup (4- 140) ip domain- list This comm and de fines a list of do main na mes that ca n be append ed to inco mplete host nam es (i.e., ho st names passe d from a cli e[...]

  • Page 467

    DNS Commands 4-139 4 Example This examp le adds t wo doma in names t o the curren t list and then displays t he list. Related Commands ip d omai n-na me (4-1 37) ip name-s erver Thi s com mand sp ecif ies the ad dres s of o ne or more domai n name s erv ers to use for name-to -addres s resolu tion. Use t he no form t o rem ov e a na me serv er f ro[...]

  • Page 468

    Command Line I nterface 4-140 4 Example Thi s exam ple adds two doma in-n ame se rver s to the l ist an d then displ ays th e lis t. Related Commands ip d omai n-na me (4-1 37) ip d omai n-l ookup (4- 140) ip domain- lookup This comm and enabl es DNS ho st name -to-addre ss trans lation. Use t he no for m to disable D NS. Syntax [ no ] ip dom ain-l[...]

  • Page 469

    DNS Commands 4-141 4 Related Commands ip d omai n-na me (4-1 37) ip name-s erver (4-1 39) show hos ts This comm and disp lays the static host name -to-add ress ma pping table. Command Mode Privileged Exec Example Note that a host name will be displayed as an a lias if it is mapped to th e same address (es) as a prev iously con figured en try . show[...]

  • Page 470

    Command Line I nterface 4-142 4 show dns cache This comm and disp lays ent ries in the D NS cache . Command Mode Privileged Exec Example clear dns cac he This comm and clea rs all entries in the DNS cache. Command Mode Privileged Exec Example Console#show dns cache NO FLAG TYPE IP TTL DOMAIN 2 4 CNAME 66.218.71.84 298 www.yahoo.akadns.net 3 4 CNAME[...]

  • Page 471

    Interface Co mmands 4-143 4 Interface Commands Thes e comma nds ar e used t o displ ay or set commun ica tion p ara mete rs for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an interfac e type and en ter interfa ce configu ration mo de. Use t he no form to r emove a trunk. Syntax inte rfac e in terf ac e no inter[...]

  • Page 472

    Command Line I nterface 4-144 4 Command Mode Global Co nfigurat ion Example T o spec ify port 4, en ter the followi ng comman d: descri ption This comm and adds a desc ription to an interface. Use the no for m to remove t he descri ption. Syntax description string no description string - Comment or a description to help you remember what is attache[...]

  • Page 473

    Interface Co mmands 4-145 4 Default Sett ing • Auto-ne gotiation is enabled by default. • When aut o-negot iation is disa bled, the default spe ed-dupl ex settin g is: - Gigab it Ethe rnet por ts – 1000f ull ( 1 Gbps full-dup lex) - 10 Gigabit Ether net por ts – 10000fu ll ( 10 Gbps ful l-d uple x) Command Mode Interface C onfigur ation (Et[...]

  • Page 474

    Command Line I nterface 4-146 4 • If aut onegotiation is di sabled, auto-MDI/MDI- X pin signal c onfiguration will also be disa bled for th e RJ-45 ports. Example The fo llowing exampl e conf igures p ort 1 1 to use au tonegot iation. Related Commands capabili ties (4 -146) speed-d uplex (4 -144) capabiliti es Thi s comma nd adve rti ses th e por[...]

  • Page 475

    Interface Co mmands 4-147 4 Related Commands negotiat ion (4-145 ) speed-d uplex (4 -144) flo wcon tro l (4-1 47) flowcontrol 32 This comm and enabl es flow control. Use th e no form to di sabl e flo w contr ol. Syntax [ no ] flowcontrol Default Sett ing Disabled Command Mode Interface C onfigur ation (Eth ernet, Por t Channel ) Command Usage • F[...]

  • Page 476

    Command Line I nterface 4-148 4 media-type This co mman d forces the por t type s electe d for c ombinat ion ports 21-24/45- 48. U se the no form to restore the defaul t mode. Syntax media-type mode no media-type • mode - copper- forced - Always uses the built -in RJ-45 port . - sfp-force d - Always uses the SFP po rt (even if m odule not inst al[...]

  • Page 477

    Interface Co mmands 4-149 4 switchpo rt broadcast pa cket-rate This comm and co nfigures broadcas t storm co ntrol. Use the no f orm t o disable broadca st st orm cont rol. Syntax switchpo rt bro adcast packet-ra te rate no switchport broadc ast rate - Threshold level as a rate; i.e., packets per second. (Range: 1000 BASE - 5 00- 262143, 10G B ASE [...]

  • Page 478

    Command Line I nterface 4-150 4 Command Mode Privileged Exec Command Usage S t atistics are only initializ ed for a power r eset. This comman d sets the base value fo r displaye d statistics t o zero for the current managem ent ses sion. How ever , i f you log ou t an d back int o t he mana geme nt in terf ace, the s ta tis tics displayed will show[...]

  • Page 479

    Interface Co mmands 4-151 4 Example show inte rfaces counte rs This c omman d disp lays in terface statistics. Syntax show i nterface s cou nters [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Port num ber. (Rang e: 1-25/49 ) • port-chann el cha nnel-id (Rang e: 1-3 2) Default Sett ing Shows the co[...]

  • Page 480

    Command Line I nterface 4-152 4 Example show inte rfaces swi tchport This comm and disp lays the adminis trative an d operat ional status of th e specifie d int er face s. Syntax show i nterface s swi tchport [ interfac e ] interfa ce • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Por t nu mber . (Ran ge: 1-25 /49) • port-[...]

  • Page 481

    Interface Co mmands 4-153 4 Example This examp le show s the configu ration setting for po rt 4. Console#show interfaces switchport ethern et 1/4 Broadcast threshold: Enabled, 500 packets/second LACP status: Disabled Ingress rate limit: Disable, 1000M bits per second Egress rate limit: Disable, 1000M bits per second VLAN membership mode: Hybrid Ing[...]

  • Page 482

    Command Line I nterface 4-154 4 Mirror Port Commands This secti on descr ibes how to mirror traffic from a so urce port to a target port . port monitor This c omman d conf igures a mir ror sess ion. U se the no fo rm to clear a m irror session . Syntax port mo nitor interface [ rx | tx | bot h ] no port monitor in te rfac e • int er face - ethern[...]

  • Page 483

    Mirror Por t Commands 4-155 4 Example The follow ing exam ple configur es the sw itch to mi rror all packets from po rt 6 to 1 1: show port monitor This c omman d disp lays mir ror inf ormati on. Syntax sh ow port moni tor [ in terf ac e ] inte rface - ethernet unit / port (source port) • unit - Stack un it. (Range : 1-8) • port - Por t nu mber[...]

  • Page 484

    Command Line I nterface 4-156 4 Rate Limit Commands This funct ion allows the netwo rk manag er to control the maximum rate for traffic transmi tted or recei ved on an in terface. Rate limiti ng is config ured on inte rfaces at the edge of a network to limit tr affic into or out of the network. T raff ic that falls within the rate lim it is transmi[...]

  • Page 485

    Link Aggregati on Commands 4-157 4 Link Aggregation Comma nds Ports can be statica lly groupe d into an aggr egate lin k (i.e., trunk ) to increa se the bandwidth of a network co nnect ion or to ens ure fault rec overy . Or you can use t he Link Aggr egation Con trol Protoc ol (LACP) to automati cally nego tiate a trunk link between this s witch an[...]

  • Page 486

    Command Line I nterface 4-158 4 Dynami cally Crea ting a Port Ch annel – Ports assi gned to a co mmon po rt chann el must meet the follow ing criter ia: • Ports mu st have the same LACP system priori ty. • Ports must have the same port admi n key (Ethernet Interface). • If the p ort chann el adm in key (lacp ad min k ey - Po rt Chann el) is[...]

  • Page 487

    Link Aggregati on Commands 4-159 4 lacp Thi s com mand enab les 8 02. 3ad Li nk A ggr egati on Co ntro l Pr ot ocol (LAC P) f or th e cur ren t inte rf ace. U se t he no form to disabl e it. Syntax [ no ] la cp Default Sett ing Disabled Command Mode Interface C onfigur ation (Eth ernet) Command Usage • The port s on both end s of an LAC P trunk m[...]

  • Page 488

    Command Line I nterface 4-160 4 lacp system- priority This c ommand config ures a port's LACP s ystem priority . Use the no form to restore the defaul t setting. Syntax lacp { actor | pa r tn er } system -prior ity prio rit y no lacp { actor | pa r t n e r } system -prio rity • actor - Th e local side an ag gregat e link. • partner - The r[...]

  • Page 489

    Link Aggregati on Commands 4-161 4 lacp admin-ke y (Ethernet Inter face) This c ommand conf igures a port's LAC P adm inistration key . Use the no f orm to restore t he default setting. Syntax lacp { actor | pa r tn er } admin -key key [ no ] lacp { ac tor | pa r t n e r } admin-key • actor - Th e local side an ag gregat e link. • partner [...]

  • Page 490

    Command Line I nterface 4-162 4 Default Sett ing 0 Command Mode Interface C onfigur ation (Por t Channel ) Command Usage • Ports are on ly allowed to join the sam e LAG if (1) th e LACP sys tem prio rity matches, ( 2) the LACP port a dmin key matches, and (3) th e LACP port channel key matc hes (if con figured) . • If the po rt channel admin k [...]

  • Page 491

    Link Aggregati on Commands 4-163 4 Example show la cp This c omman d disp lays LA CP inf ormati on. Syntax show la cp [ port-chan nel ] { counter s | internal | neighb ors | sys- id } • port-cha nnel - Local ident ifier for a link ag gregat ion group. (Range: 1- 32) • counter s - Statistics for LACP protoc ol mess ages. • inte rn al - Configu[...]

  • Page 492

    Command Line I nterface 4-164 4 Console#show lacp 1 internal Port channel: 1 ----------------------------------------- -------------------------------- Oper Key: 3 Admin Key: 0 Eth 1/ 2 ----------------------------------------- -------------------------------- LACPDUs Internal: 30 sec LACP System Priority: 32768 LACP Port Priority: 32768 Admin Key:[...]

  • Page 493

    Link Aggregati on Commands 4-165 4 Console#show lacp 1 neighbors Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ----------------------------------------- -------------------------------- Partner Admin System ID: 32768, 00-00-00-00-00-00 Partner Oper System ID: 32768, 00-01-F4-78-AE-C0 Par[...]

  • Page 494

    Command Line I nterface 4-166 4 Address Table Command s Thes e comma nds ar e used t o confi gur e the addr ess tabl e for filte ring spec ifi ed addr esse s, dis play ing cu rren t entr ies , clea ring the t able , or set tin g the agi ng tim e. Console#show lacp sysid Port Channel System Priority System MAC Address -------------------------------[...]

  • Page 495

    Address T able Commands 4-167 4 mac-addr ess-table stati c This comm and maps a static ad dress to a destination port in a VLAN. Use the no form to rem ove an a ddress. Syntax mac-ad dress-table s t atic mac -addres s interf ace int erfa ce vlan vlan-i d [ ac tion ] no ma c-add ress -t abl e st atic ma c-addr ess vlan vlan-i d • mac-a ddress - MA[...]

  • Page 496

    Command Line I nterface 4-168 4 clear mac -address- table dynamic This comm and rem oves any l earned en tries from the forward ing databa se and clears the transmi t and rece ive counts for any static or system configur ed entr ies. Default Sett ing None Command Mode Privileged Exec Example show ma c-address-tab le This comm and sh ows class es of[...]

  • Page 497

    Address T able Commands 4-169 4 means t o match a bi t and “1” means to ignore a bi t. For exam ple, a mas k of 00-00-0 0-00-0 0-00 means an exact m atch, an d a mask of FF-FF-FF -FF-FF-FF m eans “any .” • The maxi mum nu mber of add ress ent ries is 819 1. Example mac-addr ess-table agin g-time This comm and se ts the aging time for entr[...]

  • Page 498

    Command Line I nterface 4-170 4 Spanning Tree Command s This secti on include s comm ands that con figure th e S panning Tree Algorithm (S T A) globally fo r the switch , and com mands tha t configur e ST A for th e selected i nterface . T able 4-58 Spannin g Tr ee C omman ds Comman d F unction Mode Page span nin g-tr ee Enables t he s panni ng tr [...]

  • Page 499

    Spanning Tree Commands 4-171 4 span nin g-t ree Thi s com mand en able s the S p anni ng T ree Algo rit hm glo bal ly for th e swit ch. Use th e no form to disab le it. Syntax [ no ] sp anning-tree Default Sett ing S panning tree is ena bled. Command Mode Global Co nfigurat ion Command Usage The S panning Tree Algorithm (ST A) can be used to dete c[...]

  • Page 500

    Command Line I nterface 4-172 4 memb ers may be inadverte ntly disa bled to prev ent netwo rk loops, thus isolating group memb ers. Wh en op erating multipl e VLANs , we r ecommen d selecti ng the MST P option. • Rapid S panning Tree Protoco l RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol m essages and [...]

  • Page 501

    Spanning Tree Commands 4-173 4 Command Usage This command set s the maximum time (in s econds) the r oot device wil l wait before changin g states (i.e., discardi ng to lear ning to fo rwarding) . This del ay is required becaus e every dev ice must re ceive inf ormatio n about topol ogy changes before i t starts to forwar d frames . In add ition, e[...]

  • Page 502

    Command Line I nterface 4-174 4 Default Sett ing 20 seco nds Command Mode Global Co nfigurat ion Command Usage This comm and sets the ma ximum t ime (i n second s) a d evice ca n wait wit hout receivin g a conf iguration m ess age befo re attem pting t o reconfi gure. All de vice ports (except for design ated ports) sh ould rece ive confi guration [...]

  • Page 503

    Spanning Tree Commands 4-175 4 spanning-tre e pathcost m ethod This comm and co nfigures the path cost met hod used fo r Rapid Sp anning T ree an d Multiple S panning Tr ee. U se t he no form to restor e the defaul t. Syntax spanning-tree pathcost method { lo ng | sho rt } no spanning-tree pathcost m ethod • lon g - Spec ifies 32-bi t based va lu[...]

  • Page 504

    Command Line I nterface 4-176 4 spanning-tre e mst-configura tion This comm and chang es to Mult iple S panning Tree (MST) con figuratio n mode. Default Sett ing • No VLANs ar e mappe d to any MST in stance. • The regi on name is set the switch ’s MAC address . Command Mode Global Co nfigurat ion Example Related Commands mst vlan (4-176 ) mst[...]

  • Page 505

    Spanning Tree Commands 4-177 4 and the sa me instan ce (on each bridge) with t he same s et of VLANs. Also , note that RS TP treats eac h MSTI re gion as a sing le node, con necting al l regions to the Commo n Spanning Tree. Example mst priority This c ommand conf igures t he prio rity of a spanni ng tree instanc e. Use the no form to restor e the [...]

  • Page 506

    Command Line I nterface 4-178 4 Default Sett ing Switch’s MAC ad dress Command Mode MST Conf iguration Command Usage The MST re gion name an d revision numbe r (page 4-178) are us ed to designa te a unique M ST regio n. A bridge (i.e., spanning- tree comp liant dev ice suc h as th is sw itch ) can only belo ng to one MST regi on. A nd all bri dge[...]

  • Page 507

    Spanning Tree Commands 4-179 4 max-hops This comm and co nfigures the maximum numbe r of hops in the regi on befor e a BPDU is discarde d. U se the no fo rm to restor e the defaul t. Syntax max-h op s hop-numb er hop-number - M aximum hop num ber for multiple spanning tree. (Range: 1-40) Default Sett ing 20 Command Mode MST Conf iguration Command U[...]

  • Page 508

    Command Line I nterface 4-180 4 span nin g-t ree co st This comm and co nfigures the spanning tree path cost for th e specified i nterface . Use t he no form to re store the d efault. Syntax spanning-tree cost co st no spanning-tree co st cost - T he path cos t for the p ort. (Range: 0 for auto-configuration, or 1-200,000,000) The recommended r ang[...]

  • Page 509

    Spanning Tree Commands 4-181 4 spanning-tre e port-priority This c ommand conf igures t he prio rity fo r the s pecified interf ace. Us e the no form to restore t he default . Syntax spanning-tree port-priority prio rity no spanning-tree port -priority priority - The priority for a por t. (Range: 0-240, in ste ps of 16) Default Sett ing 128 Command[...]

  • Page 510

    Command Line I nterface 4-182 4 devices such as workstat ions or servers, re tains t he curre nt forwa rding databas e to redu ce the amo unt of fra me floodi ng requ ired to re build addr ess tables d uring reconf iguration even ts, does not cause the s panning tree t o initiate reconfig uration w hen the interfac e cha nges sta te, and a lso over[...]

  • Page 511

    Spanning Tree Commands 4-183 4 Related Commands spanning-tr ee edg e-port (4-181) spanning-tre e link-type This c ommand conf igures t he link type for Ra pid Sp anning Tree and Multipl e S panning Tree. Use the no form to restore t he default . Syntax spanning-tree link -type { auto | point-to-po int | shared } no spanning-tree lin k-type • auto[...]

  • Page 512

    Command Line I nterface 4-184 4 The recom mende d range is - - Ether net: 200, 000-20, 000,00 0 - Fas t Ether net: 20,00 0-2,000 ,000 - Gigab it Ethern et: 2,000-20 0,000 - 10 Gi gabi t Ethe rne t: 200- 20, 000 Default Sett ing By default , the system automat ically de tects the spee d and duple x mode use d on eac h port , and co nfi gures the p a[...]

  • Page 513

    Spanning Tree Commands 4-185 4 Command Mode Interface C onfigur ation (Eth ernet, Por t Channel ) Command Usage • This comm and de fines the pri ority for the us e of an inter face in the mul tiple spannin g-tree. If the p ath cos t for al l interfaces on a switch are the same, t he interface with the highest priority (t hat is, lo west value) wi[...]

  • Page 514

    Command Line I nterface 4-186 4 show sp anning-tree This c ommand shows the c onfigura tion fo r the c ommon spanning tree (CST) or for an instance withi n the multiple sp anning tree (MST). Syntax show s panning-tree [ in terface | mst instance_id ] • int er face • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Por t nu mbe[...]

  • Page 515

    Spanning Tree Commands 4-187 4 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode: MSTP Spanning tree enable/disable: enable Instance: 0 Vlans configuration: 1-4093 Priority: 32768 Bridge Hello Time (sec.): 2 Bridge Max Age (sec.): 20 Bridge Forward Delay [...]

  • Page 516

    Command Line I nterface 4-188 4 show sp anning-tree ms t configuration This c ommand shows the c onfigu ration of the multiple spanning tree. Command Mode Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be located anywher e in the netwo rk, but comm unicate as t hough the y belong to the same ph ysical segment. This sect[...]

  • Page 517

    VLAN Commands 4-189 4 vlan databas e This comm and ente rs VLAN databa se mode. Al l comman ds in this mod e will take effect imm ediately . Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • Use the VLAN databa se co mmand mode to ad d, chan ge, an d delete VLANs . After finishi ng config uration ch anges, yo u can displ a[...]

  • Page 518

    Command Line I nterface 4-190 4 Command Usage • no vlan v lan-id deletes the VL AN. • no vlan v lan-id name rem oves th e VLAN nam e. • no vlan v lan-id state re turns the VL AN to the defau lt state (i.e ., active). • You can con figure up to 255 VLANs on the switch . Example The follow ing exam ple adds a VLAN, us ing VLAN ID 10 5 and n a[...]

  • Page 519

    VLAN Commands 4-191 4 Example The follow ing exam ple shows how to set the i nterface configura tion mode to VLAN 1, and t hen assi gn an IP addres s to the VLAN : Related Commands shutdown (4 -148) switchpo rt mode This comm and conf igures the VLAN me mbership mode for a port . Use the no form to restor e the default. Syntax switchport mode { tru[...]

  • Page 520

    Command Line I nterface 4-192 4 switchpo rt accepta ble-frame-type s This co mmand configur es the a cceptable f rame ty pes for a port. Us e the no form to restore t he default . Syntax switchpo rt acceptable -frame-ty pes { all | tag g e d } no switchp ort acceptable -frame-ty pes • all - The por t accepts al l frames, tag ged or unta gged. •[...]

  • Page 521

    VLAN Commands 4-193 4 • If ingress filtering is enable d and a po rt rece ives frame s tagged for VLA Ns for whi ch i t is not a memb er, t hese fra mes wi ll b e di scar ded. • Ingress filt ering does no t affect VLAN independen t BPDU fram es, suc h as GVRP or STA. How ever, t hey do af fect VLAN dependen t BPDU f rames , such as GMR P. Examp[...]

  • Page 522

    Command Line I nterface 4-194 4 switchpo rt allowed v lan This c ommand config ures V LAN gr oups on the se lected interfac e. Us e the no form to restor e the defaul t. Syntax switchpo rt allow ed vlan { add vlan-list [ t agged | untagged ] | remo ve vlan -li st } no switchp ort allow ed vlan • add vlan-l ist - Lis t of VLAN ide ntifi ers to ad [...]

  • Page 523

    VLAN Commands 4-195 4 switchpo rt forbidden vlan This c ommand config ures for bidden VLANs . Use the no form to re move the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan -list | remove vlan-li st } no switchp ort forbi dden vlan • add vlan-l ist - Lis t of VLAN ide ntifi ers to ad d. • remo ve vlan-l ist - Lis t of VLAN[...]

  • Page 524

    Command Line I nterface 4-196 4 show vl an This comma nd shows VLAN information . Syntax show v lan [ id vlan-id | name vlan-n ame ] • id - Key word to be foll owed by the VLAN ID. vlan-i d - ID of t he conf ig ured VL AN. (Rang e: 1- 4093, no le adi ng zero es) • name - Keyw ord to be follow ed by the VLAN name. vlan-n ame - ASCII string from [...]

  • Page 525

    VLAN Commands 4-197 4 Configuring Pri vate VLANs Private VLA Ns prov ide port-bas ed secu rity and isolat ion betw een ports within the assigne d VLA N. This sectio n descr ibes c omma nds use d to c onfigure priva te VlA Ns. pvlan This comm and enab les or con figures a p rivate VLAN . Use the no form to di sabl e t he private VLAN . Syntax pvlan [...]

  • Page 526

    Command Line I nterface 4-198 4 show pv lan This comm and displ ays the con figured privat e VLAN. Command Mode Privileged Exec Example Configuring Prot ocol-based VLANs The net work d evices r equired to sup port mult iple pro tocols c annot b e easil y group ed into a common VLAN. This may require non-standard devices to pass traf fic between d i[...]

  • Page 527

    VLAN Commands 4-199 4 3. Then map the protoco l for each inte rface to the ap propriat e VLAN using the protocol-vlan protoco l-group com mand ( Interface C onfigur ation mod e). protocol-vla n protocol-group ( Confi guring Gr oups) Thi s comman d creat es a pr otocol group , or to ad d speci fic protoc ols t o a group. Use the no f orm to remo ve [...]

  • Page 528

    Command Line I nterface 4-200 4 Command Mode Interface C onfigur ation (Eth ernet, Por t Channel ) Command Usage • When cre ating a pro tocol-based VLAN, only assign inte rfaces vi a this comm and. If you assi gn interfac es using a ny of the othe r VLAN comm ands (such as vlan on page 4-189), these in terfaces will admit traffic of any protocol [...]

  • Page 529

    VLAN Commands 4-201 4 show inte rfaces protoco l-vlan protocol -group This comm and show s the mapp ing from pr otocol gr oups to VLAN s for the selec ted int er face s. Syntax show interface s protocol-vlan prot ocol-group [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Port num ber. (Rang e: 1-25/49[...]

  • Page 530

    Command Line I nterface 4-202 4 GVRP and Bridge Extens ion Commands GARP VL AN Regist ration Pro tocol define s a way for sw itches to exchang e VLAN informat ion in order to automatica lly registe r VLAN mem bers on int erfaces ac ross the netwo rk. This se ction de scribes how to enable GVRP fo r individua l interface s and globa lly for the swi [...]

  • Page 531

    GVRP and Bridge Extens ion Commands 4-203 4 Command Mode Privileged Exec Command Usage See “Dis play ing Bas ic VLA N I nfor mati on” on p age 3-138 an d “Di spl ayin g Bridge E xtension C apabilities ” on page 3-15 for a descri ption of the displaye d ite ms . Example switchpo rt gvrp This comm and enabl es GVRP for a port. Use the no form[...]

  • Page 532

    Command Line I nterface 4-204 4 Default Sett ing Shows bo th global an d interface- specifi c configur ation. Command Mode Normal Exec, Priv ileged Exec Example garp timer This comm and se ts the values for the join, leave an d leavea ll timers. U se the no form to r estore the time rs’ default v alues. Syntax garp t imer { join | leave | leaveal[...]

  • Page 533

    GVRP and Bridge Extens ion Commands 4-205 4 Example Related Commands show garp t imer ( 4-205) show ga rp timer This c omman d show s the GARP time rs for the se lected interfac e. Syntax sh ow garp time r [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Port num ber. (Rang e: 1-25/49 ) • port-chann [...]

  • Page 534

    Command Line I nterface 4-206 4 Priority Commands The comm ands des cribed in this secti on allow yo u to specif y which data pack ets have grea ter preced ence whe n traffic is buffered in the switch du e to conges tion. This switch su pports CoS with e ight priority qu eues for each port. Dat a pack ets in a port’s high-pr iority queu e will be[...]

  • Page 535

    Priority Co mmands 4-207 4 Default Sett ing Weighted R ound Robin Command Mode Global Co nfigurat ion Command Usage Y o u can set the sw itch to se rvice the qu eues ba sed on a stric t rule that requires all traffic in a higher prio rity queue t o be proces sed befor e lower priority qu eues are se rviced , or use Weighted R ound-Ro bin (WRR ) que[...]

  • Page 536

    Command Line I nterface 4-208 4 • This switch provide s eight priorit y queues for eac h port. It is con figured to use Weigh ted Round Ro bin, whi ch can be view ed with the show queue bandwidth comma nd. Inboun d frames th at do not have VLAN tag s are tagged with the input port’s default ingress user p riority, and th en pla ced in the appro[...]

  • Page 537

    Priority Co mmands 4-209 4 queue cos -map This comm and as signs clas s of service (CoS) val ues to the prior ity queues (i.e., hardwar e output queues 0 - 7). Us e the no form set the Co S map to the defa ult values. Syntax queue cos- map queue _id [ co s1 .. . cosn ] no queue cos- map • queue_i d - T he ID of th e pr iori ty queue . Ranges are [...]

  • Page 538

    Command Line I nterface 4-210 4 show que ue mode This c ommand shows the c urrent queue mo de. Default Sett ing None Command Mode Privileged Exec Example show que ue bandwi dth This command dis plays the weighted r ound-robin (WRR) bandwid th allocati on for the eight p riority queu es. Default Sett ing None Command Mode Privileged Exec Example sho[...]

  • Page 539

    Priority Co mmands 4-211 4 Default Sett ing None Command Mode Privileged Exec Example Priorit y Commands (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) This co mmand en ables I P port mapping (i.e., class of ser vice map ping for TCP/UDP socke ts). Use th e no form to disa ble IP por t mappin g. Syntax [ no ] m ap ip port Default Sett ing Di[...]

  • Page 540

    Command Line I nterface 4-212 4 Example The follow ing exampl e shows how to enable TC P/UDP port mapp ing globally : map ip port (Inte rface Confi guration) This command set s IP port p riority (i.e., TCP/UDP port priority ). Use the no form to remove a sp ecific setti ng. Syntax map ip port port-num ber cos co s-value no map ip port po rt-number [...]

  • Page 541

    Priority Co mmands 4-213 4 • IP Prece dence and IP DSCP c annot bo th be enab led. En abling one of these priority types will a utomatically dis able the other type. Example The follow ing exam ple shows how to enabl e IP prec edence m apping glob ally: map ip pr ecedence (Interface Configu ration) This co mmand se ts IP prec edence p riority ( i[...]

  • Page 542

    Command Line I nterface 4-214 4 map ip ds cp (Globa l Configurat ion) This comm and enabl es IP DSC P mapping ( i.e., Differentiat ed Services Code Point mapping) . Use the no for m to disa ble I P DSCP map ping. Syntax [ no ] m ap ip dscp Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • The prece dence for priority m[...]

  • Page 543

    Priority Co mmands 4-215 4 Default Sett ing The DS CP def ault value s are de fine d in the f ollo win g ta ble. N ote th at all the DSCP values t hat a re not specified are m apped to CoS val ue 0. Command Mode Interface C onfigur ation (Eth ernet, Por t Channel ) Command Usage • The prece dence for priority map ping is IP Por t, IP Preced ence [...]

  • Page 544

    Command Line I nterface 4-216 4 Default Sett ing None Command Mode Privileged Exec Example The follow ing shows t hat HTT P traffic has been mapped t o CoS value 0: Related Commands map ip port ( Global Configuratio n) (4-21 1) map ip port (Interface Configurat ion) (4-2 12) show ma p ip precede nce This comm and show s the IP prec edenc e priority[...]

  • Page 545

    Priority Co mmands 4-217 4 Example Related Commands map ip prec edence (G lobal Conf iguration ) (4- 212) map ip prec edenc e (Interface Configurat ion) (4-2 13) show ma p ip dscp This comm and show s the IP DSC P priorit y map. Syntax show m ap ip dscp [ inte rface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port -[...]

  • Page 546

    Command Line I nterface 4-218 4 Related Commands map ip dscp ( Global Co nfigurat ion) (4-21 4) map ip d scp (I nt erfa ce Co nfigu rati on) (4-2 14) Quality of Service Comm ands The comm ands des cribed in this section ar e used to configure Di fferentiated Services ( DiffServ) class ificatio n criteri a and serv ice policies . Y ou can class ify [...]

  • Page 547

    Quality of Servic e Commands 4-219 4 any tr affic that exceeds the s pecified rate, or jus t redu ce the DS CP servi ce le vel for traf fic ex ceed ing the sp ecif ie d rat e. 7. Use the servic e-policy c omma nd to as sign a policy m ap to a specific interfac e. Notes: 1. You can only configure one rule per Class Map. However, you can include mult[...]

  • Page 548

    Command Line I nterface 4-220 4 Related Commands show clas s map (4- 225) matc h This c omman d define s the criteria used to c lassify traffic. U se the no form to delete the matc hing crit er ia. Syntax [ no ] match { access- list ac l-name | ip dsc p dscp | ip p reced ence ip-p rece den ce | vlan vlan } • acl-nam e - Name of the access con tro[...]

  • Page 549

    Quality of Servic e Commands 4-221 4 This examp le creat es a class m ap call “rd _class# 2,” and se ts it to match packets mark ed f or IP Prec edenc e se rvic e val ue 5: This examp le creat es a class m ap call “rd _class# 3,” and se ts it to match packets marked for VLAN 1: policy- map This c ommand create s a p olicy m ap th at can be [...]

  • Page 550

    Command Line I nterface 4-222 4 average bandwidth to 100 ,000 Kbps, the bu rst rate to 1522 bytes, an d configur e the respons e to drop an y violating packets. class This comm and d efines a t raffic classific ation upon which a policy ca n act, and en ters Policy Ma p Class con figuratio n mode. Use the no form to delete a c lass ma p and ret urn[...]

  • Page 551

    Quality of Servic e Commands 4-223 4 set This comm and service s IP traffic by setting a CoS, DSCP , or IP Preced ence value in a matc hing pack et (a s specif ie d by the match com mand on pag e 4-220 ). Use the no form to remo ve the traf fic class ification. Syntax [ no ] set { cos new-co s | ip ds cp new-d scp | ip prec eden ce new-pr eced ence[...]

  • Page 552

    Command Line I nterface 4-224 4 Command Usage • You can configure up to 63 policer s (i.e., class maps) for Fa st Ethernet and Gigabit Ethe rnet ingre ss ports, and up to 225 polic ers for 10G Eth ernet ingress po rts. • Policing is b ased on a t oken b ucket, where buck et depth (i.e ., the maximu m burst befo re the bucke t overflow s) is by [...]

  • Page 553

    Quality of Servic e Commands 4-225 4 Example This examp le applie s a servic e policy to an in gress inte rface. show cl ass-map Thi s com mand dis play s th e QoS clas s ma ps whic h def ine matc hing cri ter ia u sed f or classifyin g traf fic. Syntax show c lass- map [ class- map-nam e ] class-map-name - Name o f t he cla ss ma p. ( Range : 1- 3[...]

  • Page 554

    Command Line I nterface 4-226 4 Example show pol icy-map inte rface Thi s comma nd dis play s the ser vic e polic y ass igned t o the sp ecif ied int erf ace. Syntax show po licy-ma p interface interface input interfa ce • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Por t nu mber . (Ran ge: 1-25 /49) • port-chann el cha n[...]

  • Page 555

    Multicast Filte ring Commands 4-227 4 IGMP Snooping Commands ip igmp sn ooping This comm and enables I GMP sn ooping o n this swi tch. Use t he no form to disa ble i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfigurat ion Example The follow ing exam ple enab les IGMP sno oping. ip igmp sn ooping vl an static [...]

  • Page 556

    Command Line I nterface 4-228 4 Default Sett ing None Command Mode Global Co nfigurat ion Example The follow ing shows h ow to statical ly configur e a multicas t group on a port: ip igmp sn ooping versio n This c ommand config ures the IGMP snoo ping v ersion. Use th e no form to rest ore the defaul t. Syntax ip igmp s nooping version { 1 | 2 } no[...]

  • Page 557

    Multicast Filte ring Commands 4-229 4 Command Usage See “Con figuring I GMP Sno oping a nd Que ry Param eters” o n page 3-171 for a descrip tion of the di splayed items. Example The fo llowing shows the c urrent I GMP s nooping configu ration: show ma c-address-tab le multicast This comm and sh ows know n multicast address es. Syntax show m ac-[...]

  • Page 558

    Command Line I nterface 4-230 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enable s the s witch as an IG MP quer ier . Use t he no form to disable it. Syntax [ no ] ip igm p snooping quer ier Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage If enabled , the switch w ill serve as qu erier if elec[...]

  • Page 559

    Multicast Filte ring Commands 4-231 4 Command Mode Global Co nfigurat ion Command Usage The que ry c ount de fines ho w lo ng the querier waits for a res ponse from a multicas t client before taking a ction. I f a q uerier ha s se nt a nu mber of queri es defined by thi s com mand, but a client has no t res ponded, a coun tdown ti mer is started us[...]

  • Page 560

    Command Line I nterface 4-232 4 Default Sett ing 10 seco nds Command Mode Global Co nfigurat ion Command Usage • The swit ch must be us ing IGMPv2 for this command to t ake effect. • This comm and de fines the time after a quer y, during w hich a resp onse is expecte d from a mu lticast c lient. If a q uerier h as s ent a number of q ueries def[...]

  • Page 561

    Multicast Filte ring Commands 4-233 4 Example The follow ing shows h ow to con figure th e default time out to 300 seconds: Related Commands ip i gmp s noo ping vers ion ( 4-22 8) Static Multi cast Routing Commands ip igmp sn ooping vlan mrouter This comm and statica lly configures a multic ast router port. Use th e no form to remov e the config ur[...]

  • Page 562

    Command Line I nterface 4-234 4 Example The fo llowing s hows h ow to configure port 1 1 as a mu lticast rout er port w ithin VL AN 1: show ip igmp snoopin g mrouter This comm and d isplays inf ormation on statical ly configur ed and dy namica lly learned multicast router por ts. Syntax show ip igmp snooping mrouter [ vl an vlan-id ] vlan-id - VLAN[...]

  • Page 563

    Multicast Filte ring Commands 4-235 4 ip igmp This comm and enabl es IGMP on a VLAN inte rface. Use the no form of th is comm and to disable IGMP on the specifie d interface. Syntax [ no ] ip igmp Default Sett ing Disabled Command Mode Interface C onfigur ation (VLAN) Command Usage IGMP query ca n be enab led globa lly at Layer 2 vi a the ip igm p [...]

  • Page 564

    Command Line I nterface 4-236 4 Command Usage The r obust nes s valu e is use d in calc ulat ing t he appr opr iat e range for ot her IGMP v ariables , such as the Group Mem bership Interval ( ip ig mp last-memb-query-i nterval , page 4-237) , as well as the O ther Querier Pr esent Interval, and t he St artup Query C ount (RFC 2236). Example ip igm[...]

  • Page 565

    Multicast Filte ring Commands 4-237 4 ip igmp ma x-resp-interva l Thi s com mand co nfi gures the maxim um re spons e tim e adv erti sed i n IGMP queri es. Use t he no form of this command to re store the defa ult. Syntax ip ig mp max-r esp-i nterval seco nds no ip igmp max-re sp-interval seconds - The report delay a dvertised in IGMP quer ies. (Ra[...]

  • Page 566

    Command Line I nterface 4-238 4 Command Mode Interface C onfigur ation (VLAN) Command Usage • A mul ticast cl ient send s an IGMP leave me ssage when it leav es a gr oup. T he router the n checks t o see if this wa s the last hos t in the group by se nding an IGMP que ry and sta rting a timer based on this comman d. If no repo rts are received b [...]

  • Page 567

    Multicast Filte ring Commands 4-239 4 show ip igmp interface This comm and show s the IG MP config uration for a specific VLA N interfac e or for a ll int er face s. Syntax show ip igmp interface [ vlan vlan-id ] vlan-id - VLAN ID (Range: 1-4093) Default Sett ing None Command Mode Normal Exec, Privileged Exec Example The follow ing exampl e shows t[...]

  • Page 568

    Command Line I nterface 4-240 4 Example The follow ing exampl e clears al l multicast group entries for VLAN 1: show ip igmp groups This command displays information on multicast groups acti ve on this switch. Syntax show ip igmp groups [ gro up-address | interf ace vlan vlan-id ] • grou p-ad dre ss - IP ad dress of the multicast group. • vlan-[...]

  • Page 569

    IP Interface Co mmands 4-241 4 IP Interface Commands There are no IP addre sses assi gned to thi s router by de fault. Y ou mu st manu ally configur e a new add ress to man age the router over your netw ork or to conn ect the router t o existing I P subne ts. Y ou may also need to a establis h a default ga teway between t his dev ice and ma nagem e[...]

  • Page 570

    Command Line I nterface 4-242 4 ip addr ess This command set s the IP address for the currently selecte d VLAN interface. Us e the no form t o rest ore th e defa ult IP addres s. Syntax ip addres s { ip-address ne tmask | bootp | dhc p } [ s econdar y ] no ip address • ip-a ddre ss - IP addres s • netma sk - Net work m ask for the assoc iated I[...]

  • Page 571

    IP Interface Co mmands 4-243 4 periodic ally by this de vice in an ef fort to lear n its IP addr ess. (BOOT P and DHCP values can include the IP address, de fault gateway, and subnet mask). • You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restar t client comm and , or by rebooti ng the r outer. Notes: 1. Each VLAN group [...]

  • Page 572

    Command Line I nterface 4-244 4 Related Commands show ip red irec ts (4-2 44) ip rou tin g (4 -2 49) ip rou te (4-25 0) show ip interface This command dis plays the setti ngs of an IP in terface. Command Mode Privileged Exec Example Related Commands show ip red irec ts (4-2 44) show ip redirects Thi s comm and s hows the defaul t g atewa y con figu[...]

  • Page 573

    IP Interface Co mmands 4-245 4 ping This comm and se nds ICMP echo reque st packets to anothe r node on the netwo rk. Syntax ping host [ count count ][ size size ] • host - IP ad dress or IP al ias of t he host . • count - Nu mber of pack ets to se nd. (Rang e: 1-16, def ault: 5) • size - Num ber of byte s in a packe t. (Range: 32-512, defaul[...]

  • Page 574

    Command Line I nterface 4-246 4 Address Resolut ion Protocol (ARP) arp This comm and adds a static entry in the Address R esolution Pr otocol (AR P) cach e. Use t he no form to r emove an entry from the cache. Syntax arp ip-addr ess hard ware-add ress no arp ip-a ddre ss • ip-a ddre ss - IP addres s to map t o a specified ha rdwar e address . •[...]

  • Page 575

    IP Interface Co mmands 4-247 4 arp-time out This comm and sets the agi ng time for dynamic en tries in the Ad dress Resolutio n Protocol (ARP) cache . Use the no form to restore the default. Syntax arp-timeou t seco nds no arp-timeo ut seconds - The time a dynami c entry remains in the AR P cache. (Range: 300-86400; 86400 is one day) Default Sett i[...]

  • Page 576

    Command Line I nterface 4-248 4 Command Usage This comm and disp lays inform ation abou t the ARP cache. The first line shows the cache timeout . It also show s each cach e entry , including the corres ponding IP address , MAC addr ess, type (s tatic, dynam ic, other), and VLAN in terfac e. Not e that e ntry ty pe “ot her” ind icates local addr[...]

  • Page 577

    IP Routing Co mmands 4-249 4 IP Routing Commands After you configu re networ k interfaces for this router, you mus t set the paths use d to send tra ffic between differe nt interfac es. If you ena ble routing on this dev ice, traffic will auto matically be forwarde d betwe en all of the loca l subnet works . However , to forwar d traffic to devices[...]

  • Page 578

    Command Line I nterface 4-250 4 Command Usage • The comm and affec ts both stat ic and dy namic uni cast routing . • If IP routing is enabled, all IP pa ckets ar e routed usin g either stat ic routing or dynamic r outing via RIP or OSP F, and oth er packet s for all non- IP protocol s (e. g., Ne tBue i, Net Ware or Apple Talk) are swi tche d ba[...]

  • Page 579

    IP Routing Co mmands 4-251 4 clear ip route This comm and rem oves dyna mically le arned entr ies from the IP routing table. Syntax clear ip route { network [ netmask ] | * } • network – Network or subne t address. • netma sk - Net work m ask for the associ ated IP s ubnet. Thi s mask id entifies the host ad dress bit s used for ro uting to s[...]

  • Page 580

    Command Line I nterface 4-252 4 Example show ip host-route This comm and disp lays the in terface as sociated w ith know n routes. Command Mode Privileged Exec Example Consol e#sh ow ip ro ute Ip Addr ess Netmask Next Hop Pro tocol M etri c Interf ace ------ ---- ---- - ------ ---- ----- -- ---- ---- ----- --- ---- --- ---- -- --- ---- -- 0.0.0. 0 [...]

  • Page 581

    IP Routing Co mmands 4-253 4 show ip traffic This comm and disp lays statistics fo r IP , ICM P , UDP , TCP and AR P protocols. Command Mode Privileged Exec Command Usage For a descr iption of the in formation shown by this comm and, see “D isplaying S tatistics for IP Proto cols” on page 3-2 16. Example Console#show ip traffic IP statistics: R[...]

  • Page 582

    Command Line I nterface 4-254 4 Routing Infor mation Protocol (RIP) router rip Thi s com mand e nab les Ro uti ng I nfor mati on Pr otoc ol ( RIP) rou ting for all IP int erf aces on th e ro uter . Use th e no form to di sable it. Syntax [ no ] r outer rip Command Mode Global Co nfigurat ion Default Sett ing Disabled Command Usage • RI P is used [...]

  • Page 583

    IP Routing Co mmands 4-255 4 timers basic This c ommand conf igures t he R IP upda te timer, timeout t imer , and garb age- coll ec tio n tim er. Use t he no form to rest ore the de faults. Syntax timers basic up date- seconds no timers basic update-seconds – Set s the update timer to the specified value, sets the timeout time value to 6 times th[...]

  • Page 584

    Command Line I nterface 4-256 4 network This command specifie s the network inte rfaces that will be included in the RIP routing pr ocess. Use the no form to remove an entry . Syntax [ no ] ne two rk subnet-add ress subnet- addres s – IP address of a netw ork direct ly conn ected to this r outer . Command Mode Rout er C onfi gura tion Default Set[...]

  • Page 585

    IP Routing Co mmands 4-257 4 Command Usage This comm and ca n be used to co nfigure a static ne ighbor wit h which this router w ill exchange inf ormati on, rather tha n relying on broadcas t messages generated by the RIP pr otocol. Example vers ion This comm and speci fies a RIP ve rsion us ed globally by the router. Use th e no form to restor e t[...]

  • Page 586

    Command Line I nterface 4-258 4 ip rip receive v ersion This command specif ies a RIP version to receiv e on an interface. Use the no form to restore t he default value. Syntax ip rip receiv e versio n { none | 1 | 2 | 1 2 } no ip rip receive version • none - Does no t accept incoming RIP packets. • 1 - Accepts only RIPv1 packets. • 2 - Accep[...]

  • Page 587

    IP Routing Co mmands 4-259 4 ip rip send version This comm and speci fies a RIP ve rsion to sen d on an int erface. Use the no form to restore t he default value. Syntax ip rip send ver sion { non e | 1 | 2 | v2-broadca st } no ip rip send version • none - Do es not tr ansmi t RI P up dates . • 1 - Sends only RIPv1 packets. • 2 - Sends only R[...]

  • Page 588

    Command Line I nterface 4-260 4 ip split-horiz on This comm and en ables split-ho rizon or poison-re verse (a variation) on an interface . Use t he no form to dis able split- horizon. Syntax ip split-horizon [ poison-reverse ] no ip split-horizon poison-reverse - E nables poison -reverse on the curre nt inte rface. Command Mode Interface C onfigur [...]

  • Page 589

    IP Routing Co mmands 4-261 4 • For auth entication to function pr operly , both the se nding and receiving interfa ce must be co nfigured w ith the sa me passw ord. Example This examp le sets an authe nticati on password of “small” to ve rify inco ming routin g messag es and to tag outg oing rou ting mess ages. Related Commands ip rip authent[...]

  • Page 590

    Command Line I nterface 4-262 4 show rip g lobals This c omman d disp lays g lobal co nfigurat ion s ettings for R IP . Command Mode Privileged Exec Example show ip rip This c omman d disp lays in formation abo ut inter faces configur ed fo r RIP . Syntax show ip rip { c onf igur atio n | st atus | p eer } • co nfig ura tion - S hows RIP conf igu[...]

  • Page 591

    IP Routing Co mmands 4-263 4 Example Console #show i p rip con figurat ion Interfa ce Sen dMode R eceiveM ode Poison Aut hent ication ------- ----- --- ------- ----- --- - ------- ---- - ----- ----- ---- -- ----- ----- ------ 10.1.0. 253 ri p1Co mpatibl e RIPv1Orv 2 SplitH orizo n noAuthe ntica tion 10.1.1. 253 ri p1Co mpatibl e RIPv1Orv 2 SplitH o[...]

  • Page 592

    Command Line I nterface 4-264 4 Open Shortest Path First (OS PF) T a ble 4-8 9 Open Shortest Path Fir st Com mand s Comman d Function M ode Page General C onfigu ration router ospf E nables or disable s OSPF GC 4-2 65 router-id S ets the router ID for this device RC 4-265 compatibl e rfc15 83 Calculate s sum mary route costs using R FC 1583 (OSPF v[...]

  • Page 593

    IP Routing Co mmands 4-265 4 router ospf This c ommand enables Open Shorte st Path F irst (OS PF) rou ting for a ll IP int erfaces on th e rout er . Use the no form to disable it. Syntax [ no ] router ospf Command Mode Global Co nfigurat ion Default Sett ing Disabled Command Usage • OSPF is used to specify how routers ex chang e routing tabl e in[...]

  • Page 594

    Command Line I nterface 4-266 4 Command Usage • The rout er ID must be unique fo r every rout er in the auton omous sy stem. Usi ng th e de faul t se tti ng bas ed on the low est i nte rfac e add ress ensu res that each rou ter ID is unique . Also, no te that y ou can not set t he rout er ID to 0. 0.0.0 or 255 .255.25 5.255. • If this router al[...]

  • Page 595

    IP Routing Co mmands 4-267 4 default-inform ation originate This comm and gener ates a def ault extern al route into an autono mous sys tem. Use the no form t o disa ble th is fe atur e. Syntax default-inform ation originate [ al ways ] [ met ric interf ace -m etr ic ] [ metric-t ype metric -type ] no default-informat ion originate • always - Alw[...]

  • Page 596

    Command Line I nterface 4-268 4 Related Commands ip route (4-250) redistribute (4-270) timers spf Thi s comm and c onfi gure s th e hol d ti me be tween maki ng two con secut ive shor test path first (SPF) ca lculations. Us e the no form to restore the default val ue. Syntax timers sp f spf-holdtime no timers spf spf-holdtime - Minim um time bet we[...]

  • Page 597

    IP Routing Co mmands 4-269 4 Default Sett ing Disabled Command Usage • Th is comm and can be used t o adver tis e rout es bet ween ar eas. • If routes a re se t to be adv ertised, the rout er will is sue a T ype 3 sum mary LSA for each address r ange speci fied with th is comma nd. • This rou ter supports up 64 sum mary routes for area ranges[...]

  • Page 598

    Command Line I nterface 4-270 4 summar y-address This comm and aggr egates r outes lear ned from ot her protoc ols. Use the no f orm to rem ove a sum ma ry add ress. Syntax [ no ] su mmary-ad dress summar y-addr ess net mask • summary-a ddress - Summar y addres s covering a range of ad dresses. • netma sk - Network ma sk for th e summary route.[...]

  • Page 599

    IP Routing Co mmands 4-271 4 Default Sett ing redistr ibution - none protocol - R IP and static metric-v alue - 0 type -me tric - 2 Command Usage • This route r supports redistribu tion for bo th RIP and stati c routes. • Wh en you re distr ib ute ex tern al rou tes int o an OSP F auto nomous syste m (AS), the rout er automa tically bec omes an[...]

  • Page 600

    Command Line I nterface 4-272 4 Command Usage • An area ID un iquely def ines an OS PF broad cast are a. The area ID 0.0.0.0 indicate s the OSP F backb one for an autonomou s syst em. Each router mu st be connec ted to the bac kbone via a direct connect ion or a virtua l link. • Set the a rea ID to th e same va lue for al l routers on a networ [...]

  • Page 601

    IP Routing Co mmands 4-273 4 Command Usage • Al l ro uter s in a st ub mus t be conf igur ed wit h t he sa me ar ea I D. • Routing table spac e is saved in a stub by bloc king T ype-4 AS su mmary LSA s and Type 5 ex ternal LSAs . The defaul t setting for thi s command complete ly isolates t he stub by blo cking T ype-3 su mmary LSAs tha t adver[...]

  • Page 602

    Command Line I nterface 4-274 4 Command Usage • Al l ro uter s in a NSSA mus t be confi gured wit h th e sam e area ID. • An NSSA is simi lar to a s tub, becaus e when t he ro uter is an ABR, it ca n send a defa ult route f or other areas in the AS into the NSSA using t he default- info rma tio n-o rig in ate keyword. Howeve r , an NSSA is diff[...]

  • Page 603

    IP Routing Co mmands 4-275 4 • authenti cation - S pec ifies the authe nticati on mode. If no optiona l parameter s follow this keyword, then plain text authen tication is use d along with the passwor d speci fied by the a uthenti cation-key . If messag e-digest authenticatio n is s pecified, then the messag e-diges t-key and md 5 parameter s mus[...]

  • Page 604

    Command Line I nterface 4-276 4 Default Sett ing area-id : None router-id : None hel lo-i nter val : 10 second s ret ran smit-i nter val : 5 seco nds transm it-dela y : 1 second dead -int erva l : 40 seconds aut henti cat ion- key : None messag e-diges t-key : None Command Usage • Al l area s must be conn ected t o a backb one ar ea (0. 0.0.0 ) t[...]

  • Page 605

    IP Routing Co mmands 4-277 4 Command Mode Interface C onfigur ation (VLAN) Default Sett ing No au th en tica tio n Command Usage • Before s pecifying pl ain-text pa ssword authent ication for an interface , configur e a passwor d with the ip ospf authen tication-k ey com mand. Befo re specifyi ng MD5 au then tication f or an interf ace, con figur[...]

  • Page 606

    Command Line I nterface 4-278 4 Example This e xample sets a pass word for the spe cified in terface. Related Commands ip ospf authentication (4-276) ip ospf message-d igest-key This comm and en ables mess age-di gest (MD5) authent ication on th e specifi ed interface an d to assig n a key-id and key to be u sed by neig hboring rou ters. Use th e n[...]

  • Page 607

    IP Routing Co mmands 4-279 4 Related Commands ip ospf authentication (4-276) ip ospf cost This comm and expl icitly sets the co st of sendi ng a packet on an interface. Use the no form to restore the default value. Syntax ip o spf cos t cost no ip ospf cost cost - Link m etric for thi s interface. Use higher values to in dicate slo wer ports. (Rang[...]

  • Page 608

    Command Line I nterface 4-280 4 Example Related Commands ip ospf hello-interval (4-280) ip ospf hel lo-interva l This co mman d speci fies th e interv al betw een sen ding he llo pack ets on an interface . Use t he no form to re store the d efault value . Syntax ip ospf hello-interva l seco nds no ip ospf hello-interval secon ds - Interval at which[...]

  • Page 609

    IP Routing Co mmands 4-281 4 Default Sett ing 1 Command Usage • Set the priority to zero to prevent a router from being elect ed as a D R or BD R. If set to any value othe r than zero, the router with th e highest p riority will become the DR and the router wi th the next highest pr iority becom es the BDR. If two or more ro uters are ti ed wi th[...]

  • Page 610

    Command Line I nterface 4-282 4 ip ospf trans mit-delay This command set s the es timated time to s end a link-s tate u pdate packet o ver an int erf ace. Use the no form to restor e the defaul t value. Syntax ip ospf trans mit-del ay seco nds no ip ospf transmit-del ay secon ds - S ets the estimated time requ ired to send a link- state upda te. (R[...]

  • Page 611

    IP Routing Co mmands 4-283 4 show ip ospf border-routers This c ommand shows entries in the rou ting table that le ad to an Area Border Rou ter (ABR) or Autonomo us System Bound ary Router (ASBR ). Command Mode Privileged Exec Example T able 4-90 show ip ospf - d isplay descript ion Field Descr iption Routing P rocess with ID Ro uter ID Supports on[...]

  • Page 612

    Command Line I nterface 4-284 4 show ip ospf databas e This c ommand shows inform ation a bout d ifferent O SPF Lin k St a te A dvertise ments (LSAs) st ored in this router ’s d atabase. Syntax show ip ospf [ area-i d ] dat abase [ ad v-ro uter [ ip-a ddres s ]] show ip ospf [ area-i d ] dat abase [ asbr-summary ] [ link-state-id ] show ip ospf [[...]

  • Page 613

    IP Routing Co mmands 4-285 4 Command Mode Privileged Exec Examples The follow ing shows o utput fo r the show ip ospf dat abase command. Consol e#sh ow ip os pf datab ase Displa ying R outer Li nk State s(Area 1 0.1. 0.0) Link ID ADV Rou ter Age Seq# Checksum ----- ---- ------ - ------ ------ -- --- --- ---- ----- -- --- ------ -- 10.1.1 .252 10 .1[...]

  • Page 614

    Command Line I nterface 4-286 4 The follow ing shows o utput whe n using th e asbr-s ummary keyword. Consol e#sh ow ip os pf datab ase as br-sum mary OSPF Ro uter w ith id(1 0.1.1. 253) Displa ying S umma ry ASB Lin k Stat es(Area 0 .0.0 .0) LS age: 43 3 Option s: (No T OS-c apabil ity) LS Type: S umma ry Lin ks (AS Bou ndar y Router ) Link St ate [...]

  • Page 615

    IP Routing Co mmands 4-287 4 The follow ing shows o utput whe n using th e dat abase- summary keywo rd. Console#show ip ospf database database-summary Area ID (10.1.0.0) Router Network Sum-Net Sum-ASBR External-AS External-Nssa 21 1 0 0 0 Total LSA Counts : 4 Console# T able 4 -94 sho w ip os pf dat abase -summ ary - di spla y des cript ion Field D[...]

  • Page 616

    Command Line I nterface 4-288 4 The follow ing shows o utput whe n using th e externa l keywor d. Consol e#sh ow ip os pf datab ase ex ternal OSPF Rou ter wi th id( 192.16 8.5. 1) (Auto nomo us syst em 5) Displa ying A S Exte rnal Lin k Stat es LS age: 43 3 Option s: (No T OS-c apabil ity) LS Type : AS Ext ernal Li nk Link Sta te ID: 1 0.1. 1.253 ([...]

  • Page 617

    IP Routing Co mmands 4-289 4 The follow ing shows o utput whe n using th e network keywo rd. Consol e#sh ow ip os pf datab ase ne twork OSPF Ro uter w ith id(1 0.1.1. 253) Displa ying N et Lin k States (Are a 10.1.0. 0) Link Sta te Dat a Netw ork (Typ e 2) ------ ---- ---- ------ ---- ------ - LS age: 43 3 Option s: Sup port E xterna l rout ing cap[...]

  • Page 618

    Command Line I nterface 4-290 4 The follow ing shows o utput whe n using th e rout er keywor d. Consol e#sh ow ip os pf datab ase ro uter OSPF Ro uter w ith id(1 0.1.1. 253) Displa ying R oute r Link Sta tes( Area 10.1 .0.0 ) Link Sta te Dat a Rout er (Type 1 ) ------ ---- ---- ------ ---- ------ - LS age: 23 3 Option s: Sup port E xterna l rout in[...]

  • Page 619

    IP Routing Co mmands 4-291 4 The follow ing shows o utput whe n using th e summar y keyword . Number o f TOS me trics Type of Service me tric – T his rou ter only su pports TOS 0 (or no rmal s ervice) Metrics Cost of the link Consol e#sh ow ip os pf datab ase su mmary OSPF Ro uter w ith id(1 0.1.1. 253) Displa ying S umma ry Net Lin k Stat es(Are[...]

  • Page 620

    Command Line I nterface 4-292 4 show ip ospf interface This comma nd displays summary in formation for OSPF interfa ces. Syntax show ip ospf interfa ce [ vlan vlan -id ] vlan-i d - VLAN I D (Range: 1-40 93) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.1.1.253, Mask 255. 255.255.0, Area[...]

  • Page 621

    IP Routing Co mmands 4-293 4 show ip ospf neighbor This c omman d disp lays in formation abo ut neigh boring route rs on each i nterface wit hin an OS PF ar ea. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor ID Pri State Address --------------- ------ ---------------- - -------------- 10.1.1.252 1 FU[...]

  • Page 622

    Command Line I nterface 4-294 4 show ip ospf summary- address This co mmand dis plays all s ummary addre ss infor mation. Syntax show ip osp f summary -address Command Mode Privileged Exec Example This examp le show s a summ ary address and ass ociated net work ma sk. Related Commands summa ry-address (4 -270) show ip ospf virtual-lin ks This comm [...]

  • Page 623

    Multicast Routi ng Commands 4-295 4 Multicast Routing Comman ds This route r uses IGMP sn ooping an d quer y to determi ne the ports con nected to downstr eam mu lticast hosts , and to propagate this inform ation b ack up throug h the multicast tree to ens ure that req uested se rvices are forward ed throu gh each interm ediate node betwee n the mu[...]

  • Page 624

    Command Line I nterface 4-296 4 Default Sett ing No static mult icast router ports are config ured. Command Mode Global Co nfigurat ion Command Usage Depend ing on your net work conn ection s, IGMP snooping may not alway s be able to loca te the IGMP querier . Therefor e, if the IGMP querier is a known multicast router/ switch conne cted over the n[...]

  • Page 625

    Multicast Routi ng Commands 4-297 4 General Multicas t Routing Commands ip multica st-routing This comm and enables I P multicas t routin g. Use th e no form to disa ble IP mu lticast routing. Syntax [ no ] ip multicast- routing Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage This comm and is use d to enable m ulticast r[...]

  • Page 626

    Command Line I nterface 4-298 4 Command Usage This c omman d disp lays infor mation for mu lticast routin g. If n o option al parameter s are select ed, detailed info rmation for each entr y in the multic ast address table is display ed. If you sele ct a multica st group an d source pair, detailed info rmation is displayed on ly for the speci fied [...]

  • Page 627

    Multicast Routi ng Commands 4-299 4 DVMRP Multicast Routing Commands router dvmrp This comm and enabl es Distance-Vector Multicast Rou ting (DVMR P) global ly for the router and to enter rou ter config uration mod e. Use the no form to disable DV MRP multicast routing. Syntax [ no ] r outer dvmr p Command Mode Global Co nfigurat ion Command Usage T[...]

  • Page 628

    Command Line I nterface 4-300 4 Example Related Commands ip dvmrp (4 -303) show rout er dvmrp (4 -305) probe-interva l This comm and sets the in terval for se nding neig hbor prob e messag es to the multicast group add ress for all DV MRP ro uters. Use t he no form to restore th e default va lue. Syntax probe-inter val sec onds no probe -interval s[...]

  • Page 629

    Multicast Routi ng Commands 4-301 4 nbr-timeout This comm and sets the in terval to wai t for mess ages from a DVMRP neig hbor bef ore de clar ing it dead. Use the no for m to restore the defa ult value. Syntax nbr-timeout seconds no nbr-timeo ut secon ds - Interval before declaring a neighbor dead . (Range: 1-65535) Default Sett ing 35 seco nds Co[...]

  • Page 630

    Command Line I nterface 4-302 4 flash-upda te-interval This co mmand specifi es how often to se nd trigge r updat es, whi ch reflec t chang es in the netwo rk topolo gy . Use the no form to re store the de fault value. Syntax flas h-u pdate -int erva l seconds no flash-update-interval secon ds - Interval between sending flash updates when network t[...]

  • Page 631

    Multicast Routi ng Commands 4-303 4 default-gate way This comm and speci fies the de fault DVM RP gatew ay for IP multic ast traffic. Use the no form to remove the default gateway . Syntax defaul t-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway . Default Sett ing None Command Mode Rout er C onfi gura tion[...]

  • Page 632

    Command Line I nterface 4-304 4 Command Usage T o fully en able DVMR P , you need to ena ble mult icast routi ng globall y for the router w ith the ip multicast-routing c ommand (p age 4-297), enabl e DVMRP globally f or the rout er with t he router dvmr p command (page 4-299) , and also enable DVMRP for ea ch int erface t hat will par ticipate in [...]

  • Page 633

    Multicast Routi ng Commands 4-305 4 clear ip dv mrp route This comm and clea rs all dyna mic routes l earned by DVMRP . Command Mode Privileged Exec Example As show n belo w , this com mand clears everyt hing fro m the ro ute table e xcept f or the default rout e. show route r dvmrp This comm and disp lays the gl obal DVM RP config uration se tting[...]

  • Page 634

    Command Line I nterface 4-306 4 show ip dvmrp route This comm and disp lays all entri es in the DVMR P rout ing table. Command Mode Normal Exec, Priv ileged Exec Example DMVRP routes are sh own in the fol lowing exam ple: Console #show i p dvmrp r oute Source M ask Upst ream_nb r Interf ace M etric U pTim e Expir e ------- ----- --- ------- ----- -[...]

  • Page 635

    Multicast Routi ng Commands 4-307 4 show ip dvmrp neighbo r This comm and disp lays all of th e DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example show ip dvmrp interface This comm and displays the DVM RP confi guration for interfa ces whi ch have enabled DVMRP . Command Mode Normal Exec, Privileged Exec Example Console#show [...]

  • Page 636

    Command Line I nterface 4-308 4 PIM-DM Multicast Routing Commands router pim This comm and enabl es Protoco l-Indepe ndent M ulticast - Den se Mode (P IM-DM) globally fo r the router an d to enter router confi guration mode. Use the no form to disable PI M-DM mu lticast routing . Syntax [ no ] router pim Default Sett ing Disabled Command Mode Globa[...]

  • Page 637

    Multicast Routi ng Commands 4-309 4 ip pim den se-mode This comm and enabl es PIM-DM on the spe cified inter face. Use the no form to disable PI M-DM on th is interface. Syntax [ no ] ip pim dense-mode Default Sett ing Disabled Command Mode Interface C onfigur ation (VLAN) Command Usage • To fully enab le PIM-DM, yo u need to enable m ulticast ro[...]

  • Page 638

    Command Line I nterface 4-310 4 ip pim hel lo-interval This comm and conf igures the frequen cy at which PI M hello m essages ar e transmi tted. U se the no form to restor e the defaul t value. Syntax ip p im he llo- inte rv al seco nds no pim hello-interval secon ds - Interval between se nding PIM he llo messages. (Range: 1-65535) Default Sett ing[...]

  • Page 639

    Multicast Routi ng Commands 4-311 4 ip pim trigge r-hello-interval This comm and conf igures the maximum time befor e transmit ting a trigg ered PIM Hello mes sage after the rou ter is reboot ed or PIM is enab led on an i nterface. Use the no f orm to resto re the defau lt value. Syntax ip pim trigge rr-hello -interva l secon ds no ip pim triggerr-[...]

  • Page 640

    Command Line I nterface 4-312 4 Command Usage The multica st interfac e that first receives a m ulticast stre am from a particu lar sour ce f orwar ds th is t raf fic t o all othe r PIM i nte rfac es on t he rou ter . If there are no reques ting groups on that interf ace, the lea f node send s a prune m essage upstream an d enters a prune state f o[...]

  • Page 641

    Multicast Routi ng Commands 4-313 4 Default Sett ing 2 Command Mode Interface C onfigur ation (VLAN) Example show route r pim This comm and disp lays the gl obal PIM co nfigurati on setting s. Command Mode Normal Exec, Privileged Exec Example show ip pim interface This c ommand displ ays in formation about interfac es co nfigured for PIM. Syntax sh[...]

  • Page 642

    Command Line I nterface 4-314 4 show ip pim neighbor Thi s comma nd dis play s inf ormat ion ab out PI M nei ghbor s. Syntax show ip pim neighbor [ ip-address ] ip-address - IP address of a PIM neighbor . Default Sett ing Displays i nformat ion for all know n PIM neigh bors. Command Mode Normal Exec, Priv ileged Exec Example Router Redundancy Comma[...]

  • Page 643

    Router Redundan cy Commands 4-315 4 Virtual Router Redundancy Protocol Commands T o configu re VRR P , sel ect an inte rface on one r outer in the gr oup to ser ve as the mast er v irt ual r oute r . Thi s phys ical int erf ace i s use d as the v irt ual a ddr ess fo r t he router gr oup. No w set the sa me virt ual add ress an d a prio rity on the[...]

  • Page 644

    Command Line I nterface 4-316 4 Command Usage • The interf aces of all rou ters part icipating in a vi rtual ro uter group mus t be within th e same IP subn et. • The IP addr ess assi gned to th e virtual rou ter must already be con figured on the router that will be the O wner. In ot her words , the IP addr ess spe cified in this comm and mu s[...]

  • Page 645

    Router Redundan cy Commands 4-317 4 • When a VR RP pack et is received from anot her router in the group, its aut hent icat ion key i s comp ared to t he st rin g conf igu red o n th is ro uter . I f the keys m atch, the me ssage is a ccepted . Othe rwise, the p acket is disc arded. • Plain text au thentica tion doe s not prov ide any real secu[...]

  • Page 646

    Command Line I nterface 4-318 4 vrrp time rs adverti se This comm and se ts the interval at wh ich the ma ster virtua l router sen ds advert isements comm unica ting its state as the mas ter . Use the no form to restor e the defaul t interval . Syntax vrrp grou p timers ad vert ise in terv al no vrrp group time rs a dvert ise • group - Iden tifie[...]

  • Page 647

    Router Redundan cy Commands 4-319 4 Default Sett ing Preempt: Enabled Delay: 0 seconds Command Mode Interf ace (VLAN) Command Usage • If preem pt is enabled, and this back up rou ter has a prior ity higher th an the curren t acting master, it will tak e over as the new mas ter. Ho wever, n ote that if the or igin al mas ter (i.e. , th e owne r of[...]

  • Page 648

    Command Line I nterface 4-320 4 Example This examp le disp lays the full listing of status in formatio n for all groups. This examp le disp lays the brief listing of status informat ion for all groups. Console#show vrrp Vlan 1 - Group 1, state Master Virtual IP address 192.168.1.6 Virtual MAC address 00-00-5E-00-01-01 Advertisement interval 5 sec P[...]

  • Page 649

    Router Redundan cy Commands 4-321 4 show vrrp interface This comm and disp lays status inf ormation f or the speci fied VRRP interface . Syntax show v rrp interf ace vlan vlan- id [ brief ] • vlan-i d - Ident ifier of con figured VLA N interfac e. (Range : 1-4093) • brief - D isplays summ ary inf orma tion for all V RRP groups on this r outer .[...]

  • Page 650

    Command Line I nterface 4-322 4 show vrrp ro uter counters This comm and disp lays cou nters for err ors foun d in VRRP prot ocol packets. Command Mode Privileged Exec Example Note that un known er rors indi cate VR RP packets receiv ed with an un known or unsuppor ted v ersion numbe r . show vrrp interface coun ters This comm and disp lays cou nte[...]

  • Page 651

    Router Redundan cy Commands 4-323 4 clear vrrp router counters This com mand clea rs VR RP syst em statistics . Command Mode Privileged Exec Example clear vrrp inter face counte rs This comm and clea rs VRRP sy stem stati stics for th e specified gr oup and interface. clear vr rp group int erface in ter fac e co unters • group - Iden tifies a VRR[...]

  • Page 652

    Command Line I nterface 4-324 4[...]

  • Page 653

    A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS +, Port (802.1X), HTTPS, S SH, Port Security Acce ss Cont rol L ist s IP , MA C ( up to 32 lists) DHCP Client, Relay , Server DNS Client, Proxy Port Co nfigurati on 1000BASE- T : 10/100 Mbps at half/full duplex, 1000 M bps at full duplex 1000BASE- SX/LX/[...]

  • Page 654

    Software Specifi cations A-2 A Multicast Ro uting DVMRP , PIM-DM IP R outing ARP , Proxy ARP S tat ic rout es RIP , RIPv2 and O SPFv2 dynami c routing VRRP ( Vi rtual Route r Redu ndan cy Prot ocol ) Addi tio nal Fe atur es BOOTP client CIDR (Classless In ter-Domain Routing) SNTP (Simpl e Network Time Protocol) SNMP (Si mple Netwo rk Manag ement P [...]

  • Page 655

    Management Infor mation Bases A-3 A DHCP Relay (RFC 951) DHCP Server (RFC 2131) DVMRP (RFC 1075) HTTPS ICMP (RFC 792) IGMP (RFC 1 1 12) IGMPv2 (RFC 2236) OSPF (RFC 2 328, 1587 ) PIM-DM (dra ft-ie tf-id mr-pim-dm-0 6) RADIUS+ (RFC 2 618) RIP ( RFC 1058 ) RIPv 2 (RFC 2453) RMON (R FC 1757 gr oups 1,2,3,9) SNMP (RFC 1 157) SNMPv2 c (RFC 2571) SNMPv3 ([...]

  • Page 656

    Software Specifi cations A-4 A RMON MIB (RFC 2819) RMON I I Probe Configu ration G roup (RFC 20 21, partial imple mentation) SNMPv2 IP MIB (RFC 201 1) SNMP Fr amewor k MIB (RFC 341 1) SNMP-MPD MIB ( RFC 3412) SNMP T arg et MIB, SNMP Notification MIB (RFC 341 3) SNMP User- Based SM MIB (RF C 3414) SNMP View Based ACM M IB (RFC 3415) SNMP Co mmunity [...]

  • Page 657

    B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T able B -1 T rou bles hooti ng Cha rt Sympt om Act io n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be su re the swit ch is po wered up. • Check netwo rk cabling betwee n the manageme nt sta tion and th e switc h. • Check that you have a va li[...]

  • Page 658

    T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer t o the Inst allati on Guide to ensur e that the pr oblem you encount ered is ac tually cause d by the sw itch. If the pr oblem a ppears to be c aused by th e swit ch, fol low t hese st ep s: 1. Enable logg ing. 2. Set the erro r messa ges report ed to includ e all categ ories[...]

  • Page 659

    Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it netw ork traf fi c and rest ric t acce ss to cer tai n users or dev ices by checkin g each packet for certain IP or MAC (i.e. , Layer 2) in formation . Address Reso lution Protocol (ARP) ARP conv erts between IP add resses an d MAC (i. e., hardwa re) address es. ARP is used to loca t[...]

  • Page 660

    Glossary Glossar y-2 Distance Ve ctor Multicast Routi ng Protocol (DVMRP) A distance-ve ctor-styl e routing prot ocol use d for routing multicast datagrams through th e Internet. DVMRP co mbines m any of the fea tures of RIP w ith Reverse Path Forward ing (RPF). Dynamic Hos t Control Protocol (DHCP) Pro vides a fr amew ork for p ass ing conf igur a[...]

  • Page 661

    Glos sary -3 Glossary IEEE 802.1Q VLAN T agging—Defines Ethernet f rame tags which ca rry VLAN information. It allows switches to assign end stations to different virtual LA Ns, and def ines a standard wa y for VLAN s to com municat e across sw itched networ ks. IEEE 802.1p An IEEE standard for providing qu ality of service (QoS) in Ethernet netw[...]

  • Page 662

    Glossary Glossar y-4 IP Multicast Filtering A process whereb y this switch ca n pass mu lticast traffic alon g to participating h osts. IP Precedence The T ype of Servi ce (T oS) oct et in t he IPv4 header incl udes t hree pr eced ence bi t s defining eight different priority leve ls ranging from high est priority for netwo rk control packets to lo[...]

  • Page 663

    Glos sary -5 Glossary Network Time Prot ocol (NTP) NTP prov ides the m echanis ms to synch ronize ti me across t he networ k. The tim e server s operate in a hierarchi cal-mas ter-sla ve configur ation in orde r to synch ronize local clo cks within the subnet and to natio nal time stand ards via w ire or radio. Open Shortest Pa th First (OSPF) OSPF[...]

  • Page 664

    Glossary Glossar y-6 Dense Mo de is desi gned for net works wh ere the prob ability of a multicast client is high a nd fre quent flooding of mu lticast t raffic ca n be j ustified. Remote Authe ntication Dial-i n User Service (RADIUS) RADIUS is a logon aut henticat ion protoc ol that use s software run ning on a cen tral serv er to contro l acce ss[...]

  • Page 665

    Glos sary -7 Glossary Telnet Defines a r emote communicati on facility fo r interfaci ng to a ter minal device over TCP/IP . Termin al Access Con troller Ac cess Cont rol System Plus (TACACS+) TACACS+ is a l ogon aut henticat ion proto col that uses s oftware ru nning on a cen tral server to co ntrol a ccess to T ACACS- compl iant dev ices o n the [...]

  • Page 666

    Glossary Glossar y-8[...]

  • Page 667

    Index-1 Numerics 802.1X, po rt authenticatio n 3-67, 4-80 A accepta ble fram e type 3-144 , 4-192 Acce ss Cont rol L ist Se e ACL ACL Extende d IP 3-77 , 4-87 , 4-89 , 4-91 MAC 3-77, 4-87 , 4-99 , 4- 99–4 -10 1 Standard I P 3-77, 4-87 , 4-89, 4-90 Addr ess Res olut io n Prot ocol See ARP addr ess t able 3-112 , 4-166 aging time 3-115, 4-16 9 ARP [...]

  • Page 668

    Index-2 Index Dynami c Host Conf iguration Pr otocol See DHC P E edge port , STA 3-125, 3-127, 4-18 1 event logg ing 4-43 F firmware displayi ng ver sion 3-13 , 4-62 upgrading 3-21, 4-64 G GARP VLAN Registration Protocol See GVRP gateway , default 3-1 7, 3-207 , 4-243 GVRP global s etting 3-13 8, 4- 202 interface co nfigurat ion 3-144 , 4-203 H har[...]

  • Page 669

    Index-3 Index MSTP 4- 171 global s ettings 3-128, 4- 170 interface s ettings 3 -126, 4-170 multicast filtering 3 -169, 4-226 multicast groups 3 -175, 3-18 0, 4-2 29 displayi ng 3-180, 4 -229 static 3-17 5, 4-227 , 4-229 multicast routing 3 -260, 4-29 5 desc rip tion 3- 260 DVMRP 3-264, 4-29 9 enabling 3-260, 4-29 7 general com mand s 4-297 global s[...]

  • Page 670

    Index-4 Index interface pr otocol se ttings 3-228 , 4-256–4 -261 specifyi ng inte rfaces 3-227, 4- 256 sta tist ics 3-231, 4-263 router r edundan cy protocol s 3-195, 4- 314 VRRP 3-196 , 4-315 routing tabl e, displ aying 3-22 3, 4-251 , 4-252 RSTP 3-115 , 4-171 glo bal co nfig urat ion 3-116, 4-171 S secure sh ell 3-60 , 4-34 Secu re Sh ell confi[...]

  • Page 671

    Index-5 Index interface c onfigurat ion 3-144 , 4-192–4 -195 private 3-1 46, 4- 197 protocol 3- 147, 4-1 98 VRRP 3-196 , 4-315 authenti cation 3-198 , 4-3 16 configur ation setti ngs 3-19 6, 4-315 group st atistics 3-20 2, 4-319 preemp tion 3-197, 3-198, 4-31 8 pri ori ty 3-197, 3- 198, 4- 317 protocol mess age s tatistics 3-20 1, 4-322 timer s 3[...]

  • Page 672

    Index-6 Index[...]

  • Page 673

    [...]

  • Page 674

    ES4625 ES4649 E042005-R 01 14910002 2900A[...]