SMC Networks SMC TigerStack IV SMC6224M manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 522 pages
- 5.68 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Switch
SMC Networks SMC8612T
2 pages 0.05 mb -
Switch
SMC Networks SMC8505T
2 pages 0.54 mb -
Switch
SMC Networks Series D- 7K
8 pages 0.57 mb -
Switch
SMC Networks Edge-core ES4710BD
2 pages 0.15 mb -
Switch
SMC Networks SMC7724M/VSW
316 pages 2.29 mb -
Switch
SMC Networks SMC8516T
28 pages 0.85 mb -
Switch
SMC Networks SMC8612T2
2 pages 0.4 mb -
Switch
SMC Networks SMC8708L2
2 pages 0.23 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation SMC Networks SMC TigerStack IV SMC6224M. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel SMC Networks SMC TigerStack IV SMC6224M ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation SMC Networks SMC TigerStack IV SMC6224M décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation SMC Networks SMC TigerStack IV SMC6224M devrait contenir:
- informations sur les caractéristiques techniques du dispositif SMC Networks SMC TigerStack IV SMC6224M
- nom du fabricant et année de fabrication SMC Networks SMC TigerStack IV SMC6224M
- instructions d'utilisation, de réglage et d’entretien de l'équipement SMC Networks SMC TigerStack IV SMC6224M
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage SMC Networks SMC TigerStack IV SMC6224M ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles SMC Networks SMC TigerStack IV SMC6224M et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service SMC Networks en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées SMC Networks SMC TigerStack IV SMC6224M, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif SMC Networks SMC TigerStack IV SMC6224M, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation SMC Networks SMC TigerStack IV SMC6224M. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
T igerStack 10/100 24/48-P ort 10/100Mbps Stackable Managed Switch Management Guide ◆ 24/48 auto-M DI/M DI-X 1 0B ASE- T/100B ASE-TX ports ◆ 2 Gigabit RJ -45 ports shared with 2 SFP transc ei v er slots ◆ 2 Gigab it stacki ng ports that act as Ethernet ports in stan dalone mo de ◆ Stacks up to 8 units (SMC622 4M) ◆ Stacks up to 4 units (S[...]
-
Page 2
[...]
-
Page 3
38 T esl a Irvi ne, CA 9261 8 Phone: (949) 679 -8000 T igerStack 10/100 Management Guide From SMC’ s T iger line of feature-r ich workgro up LAN solutions Ja nuar y 20 05 Pub. # 14910 0005900[...]
-
Page 4
Infor mation fur nished by SMC Networks , Inc . (S MC) is believed to be accu- rate and reliable. How e ve r, no responsibility is assumed by SMC for its use, nor fo r an y infrin ge ments o f pate nts or other r ights of third par tie s which may result from its use. N o license is g rante d by implication or ot herwise under any pate nt or pa ten[...]
-
Page 5
i L IMITED W ARRANTY Limited W ar ranty Statement: SMC Ne tworks, Inc. (“SM C”) war ra nts its p roduc ts to be free from defects i n workmanship and material s, under nor mal use and ser vice, for the applicable warranty ter m. All SMC products carr y a standard 90-day li m ited warranty fr om the date of purchase from SMC or its Au thorized R[...]
-
Page 6
L IM ITE D W AR RANTY ii WARRA NTI ES E X CL USIV E: IF AN SM C PRODUCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’S SOL E REMED Y SHALL BE REP AI R OR REPLA CEMENT OF THE PR OD UCT IN Q UESTION , A T SMC’S OPTION . THE FOREG OING W ARRANTIES AND REME DIES ARE EX CLUSIV E AND AR E IN LI EU OF ALL OTHER W ARRANTIES OR CONDITION S , EXPRESS[...]
-
Page 7
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descr iption o f Software F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System De faults . . . . . . . . . . [...]
-
Page 8
C ONTENTS iv Display ing Switch Hard ware/Soft ware Ve rsions . . . . . . . . . . . 3-13 Displaying Brid ge Exte nsion Capabilities . . . . . . . . . . . . . . . . . 3-15 Settin g the Switc h’s IP Addr ess . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Manual C onfigur ation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Usi[...]
-
Page 9
C ONTENTS v Filter ing Addres ses for M anageme nt Access . . . . . . . . . . . . . . . 3-75 Acces s Control List s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 Configu ring Acce ss Contro l Lists . . . . . . . . . . . . . . . . . . . . . . . 3-77 Settin g the ACL Na me and Typ e . . . . . . . . . . . . . . .[...]
-
Page 10
C ONTENTS vi Display ing Basic VLAN Informa tion . . . . . . . . . . . . . . . 3-148 Display ing Curren t VLAN s . . . . . . . . . . . . . . . . . . . . . . . 3-149 Creatin g VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151 Addi ng Static M embers to V LANs (VL AN Index) . . . . 3-153 Addi ng Static M embers to V LANs ( P[...]
-
Page 11
C ONTENTS vii Telnet C onnectio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Enter ing Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Keywo rds and A rgumen ts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Minimum Ab brevia tion . . . . . . . . . . . .[...]
-
Page 12
C ONTENTS viii quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 System Ma nagem ent Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Device Des ignation Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-33 prom pt . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 13
C ONTENTS ix clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 SMTP Alert C ommand s . . . . . . . . . . . . . . . . . . . [...]
-
Page 14
C ONTENTS x RADIUS Clien t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96 radius-s erver ho st . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 radius-s erver po rt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 radius-s erver key . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 15
C ONTENTS xi MAC AC Ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 access -list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 permit , deny (M AC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-128 show mac acce ss-list . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 16
C ONTENTS xii show rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161 Link Ag greg ation Comm ands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161 channel -group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163 lacp . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 17
C ONTENTS xiii Configu ring VLA N Interfac es . . . . . . . . . . . . . . . . . . . . . . . . . 4-198 interfa ce vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198 switchp ort mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-199 switchp ort accep table-frame -types . . . . . . . . . . . . . . . . [...]
-
Page 18
C ONTENTS xiv map ip prec eden ce (Int erfac e Configur ation) . . . . . . . . . 4-230 map ip ds cp (Globa l Configur ation) . . . . . . . . . . . . . . . . 4-231 map ip ds cp (Inte rface Config uration) . . . . . . . . . . . . . . . 4-231 show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-233 show m ap ip preceden ce [...]
-
Page 19
C ONTENTS xv A PPEN DICES : A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Manag ement Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Standards . . . . . . . . . .[...]
-
Page 20
C ONTENTS xvi[...]
-
Page 21
xvii T ABLES Table 1-1 Key F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Configu ration Opt ions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2 Main Me nu . . . . . . . . . . . . .[...]
-
Page 22
T ABLES xviii Table 4-21 SMTP Al ert Command s . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 Table 4-22 Time Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 Table 4-23 System Stat us Comman ds . . . . . . . . . . . . . . . . . . . . . . . . 4-77 Table 4-24 Frame Siz e Command s . . . . . . . . . . . . . . . . .[...]
-
Page 23
T AB LES xix Table 4-58 Priority Comma nds (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-220 Table 4-59 Default C oS Priority Le vels . . . . . . . . . . . . . . . . . . . . . . 4-224 Table 4-60 Priority Command s (Layer 3 a nd 4) . . . . . . . . . . . . . . . 4-227 Table 4-61 Mappin g IP Prec edenc e Values . . . . . . . . . . . . . . . . . [...]
-
Page 24
T ABLES xx[...]
-
Page 25
xxi F IGUR ES Figur e 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figur e 3-2 Panel Disp lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figur e 3-3 Syste m Informa tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Figur e 3-4 Switch Informatio n . . . . .[...]
-
Page 26
F IGU RES xxii Figure 3-37 ACL Config urati on - Exten ded IP . . . . . . . . . . . . . . . . . 3-83 Figure 3-38 ACL Config urati on - MAC . . . . . . . . . . . . . . . . . . . . . . . 3-85 Figure 3-39 Binding a Po rt to an ACL . . . . . . . . . . . . . . . . . . . . . . . . 3-87 Figure 3-40 Disp laying P ort/T runk Information . . . . . . . . . . [...]
-
Page 27
F IGU R ES xxiii Figure 3-74 Queue Mo de . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173 Figure 3-75 Configu ring Queue Sc heduling . . . . . . . . . . . . . . . . . . . 3-174 Figure 3-76 IP Prece dence/ DSCP Priority Status . . . . . . . . . . . . . . 3-176 Figure 3-77 Mapping IP Pr ecedenc e Priority Val ues . . . . . . . [...]
-
Page 28
F IGU RES xxiv[...]
-
Page 29
1-1 C HAPTER 1 I NTRODUCTION Th is switch provides a broad rang e of features for La yer 2 sw itchin g. It incl udes a m anagement agent t hat allo ws y ou to con figure the featu res listed in this manual. The default c onfiguration can be used for most of t he featu res p rovid ed b y this swit ch. How eve r, there a re many op tions that you sho[...]
-
Page 30
I NTR O DU C TI ON 1-2 Descri ptio n of Softwar e Featu res Th e swit ch provides a wide rang e of advanc ed per for mance e nhanc ing featu res . Flo w contro l elimi nates t he loss of pac ket s due to bottl enecks caus ed by por t satu ration . Broad cas t stor m supp ressio n prevents br oadc ast traff ic stor ms from engulfing the n etw ork. P[...]
-
Page 31
D ESCRIPTION OF S OFTWA R E F EAT UR E S 1-3 Configuration Backup and Restor e – Y ou ca n sa v e the current configuration s ettings to a file on a TFTP ser ver , and later download th is file to restore the swit c h config uration setting s . Authentication – T hi s swi tch a uthenti cate s managem ent acces s via t he cons ole por t , T elne[...]
-
Page 32
I NTR O DU C TI ON 1-4 Rate Limi ting – T his feature controls the maximum rate for traffic tran smitted o r recei v ed on an interf ace. Rate limi ting i s configu red on in terfa ces a t the ed g e of a netw or k to li mit traf fic in to o r out of th e network. T raffic that fa l ls within the rate limit is transmitt ed, while pack ets tha t e[...]
-
Page 33
D ESCRIPTION OF S OFTWA R E F EAT UR E S 1-5 Store-and-F orw ard Switching – T he swit ch co pies eac h frame into its memor y befo re f orward ing the m to an ot her por t. T his en sures that all frames are a st andard E thern et s ize and hav e bee n v erified for ac curacy with the cycli c redund ancy ch ec k (CRC ). This prev ents b ad frame[...]
-
Page 34
I NTR O DU C TI ON 1-6 switch to restr ict traffic to the VL AN g r oups to w hich a use r has bee n assig ned. By segment ing your network into V LANs, y o u can : • El iminat e broad cast st orms w hich se verel y degr ade perf orma nce in a flat ne twor k. • Simp lify ne twor k manag ement f or node chang es/move s by r emotely con figuring [...]
-
Page 35
S YSTEM D EFAULTS 1-7 System Default s Th e switch’ s system defaults are provided in the co nfiguration file “Fac tory_D efault_C onfig.cf g.” To re set the s witch defaul ts, this fi le should be set as the startup conf iguration file (page 3-23). Th e follo w ing table list s some of the bas ic system defaults . Table 1-2 System Defaul ts [...]
-
Page 36
I NTR O DU C TI ON 1-8 Web Manag ement HT TP S e rv er Ena bl ed HTTP Port Number 80 HTTP Secure Se rver Enabled HT TP S e cu re P o rt Num ber 443 SN MP Co mmu nity Str ing s “pu bli c” ( read only ) “private” (r e ad/ write) Traps Authent ication traps: enab led Link-up-d own events: enabled Port Configura tion Adm i n S tatus En abled Au[...]
-
Page 37
S YSTEM D EFAULTS 1-9 Virtual LANs Defaul t VLAN 1 PVID 1 Accept able Frame Type All Ingress Filtering Disabled Switchport Mode (Egres s Mode) Hybrid : tagge d/untagg ed frame s GVRP (global) Disabled GVRP (port interfac e) Dis abled Traffic Prioritization Ingress Port Pri ority 0 Weighted Rou nd Robin Queue : 0 1 2 3 Weight: 1 2 4 6 IP Preceden ce[...]
-
Page 38
I NTR O DU C TI ON 1-10[...]
-
Page 39
2-1 C HAPTER 2 I NITI AL C ONFI GURATION Connect ing to the Swi tch Configura tion Options The swi tch in cludes a built-i n netw ork managem ent agent. T he agent offe rs a variety o f mana geme nt opt ions, including S NMP , RM ON (Grou ps 1, 2, 3, 9) and a web-bas ed interf ace . A PC ma y also be co nnected directly to t he switch for configura[...]
-
Page 40
I NI T IA L C ONFIGURATION 2-2 The sw itc h’ s w eb int erface , CLI co nfigur ation prog ra m, and SN MP agent allow you to per for m th e following manag emen t func tions: • S et us er n ames an d passw ord s • S et an IP int erfa ce f or a m anage men t VLAN • C onf igu re SN MP p ara me ter s • Ena ble/dis able a ny port • Set th e[...]
-
Page 41
C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible ter minal, or a PC r unning a ter minal em ulatio n pro g ram to the sw itc h. Y ou c an use th e con sole ca ble pro vided with this pac kage, or use a nul l-mod em cable t hat compli es wit h the wi ring assig nments s hown in the I nstalla tion Guide. T o conn ect a terminal to the con sol[...]
-
Page 42
I NI T IA L C ONFIGURATION 2-4 F or a des cript ion of ho w to use t he CLI, s ee “U sing th e Comman d Line Interface” on pag e 4-1. F or a list of all the CLI commands and detailed inf or mation on usi ng the CLI , refer to “Com mand Grou ps” on page 4-12. Remote Connections Pri or to access ing th e switc h’ s onboa rd agent via a n et[...]
-
Page 43
S TAC K O PERATIONS 2-5 Stack Operation s Y ou can stack up to eight SMC6224M units , four SMC6248M units , or four u nits wh en bo th switc h ty pes are s tack ed together . R efer to t he Installation Guide for details on stacking these units . On e unit in the stack acts as the Mast er for configurat ion tasks and fir mwar e upg rade . All of th[...]
-
Page 44
I NI T IA L C ONFIGURATION 2-6 Recovering from Stack Failure or Topology Change Note the fo llowing p oints about r ecov ering from a stack c hang e: • When usin g a “line” topo logy, if any link o r unit in the stack fails, the stack will be sp lit into two se parate segments . The new st ack segments will then reboot an d resume normal oper[...]
-
Page 45
B ASIC C ONFIGURATION 2-7 Basic Configuratio n Console Connectio n The CLI program pr ovid es tw o dif ferent comm and l ev els — n or mal access level (Nor mal Exec) and privileged acc ess level (Pri vileg ed Exec). The commands av ailable at the Nor mal Ex ec lev el are a limited subset of those av ailabl e at the Pri vileg ed Exec lev el and a[...]
-
Page 46
I NI T IA L C ONFIGURATION 2-8 Setting Passwor ds Note: If th is is your first time to log into the CLI p rogram, you should defi ne new p assword s for both de fault us er names using t he “usern ame” comman d, reco rd them and put them in a safe place. P assw ords can consist o f up to 8 a lphanume ric c haracters an d are ca se sens itiv e. [...]
-
Page 47
B ASIC C ONFIGURATION 2-9 Setting an IP Address Y ou must est ablish IP address in for matio n for the stack to obtain manag em ent ac cess t hroug h the network. T his c an be don e in eith er of the following ways: Manual — Y ou have to input the infor m ation, including IP address and subne t mask. If your manag eme nt statio n is not in th e [...]
-
Page 48
I NI T IA L C ONFIGURATION 2-10 2. T ype “ip addre ss ip-addr ess netmask , ” where “ip -addr ess” is the swi tch IP addr ess and “netma sk” is th e network mask fo r the network. Pr ess <Ent er>. 3. T ype “ exit” t o return to th e glob al conf igurati on mode pr ompt. Press <Ent er>. 4. T o set th e IP a ddre ss of the[...]
-
Page 49
B ASIC C ONFIGURATION 2-11 2. At the int erface -confi gurati on mode pr ompt, use on e of t he follo wing commands: • To o btain IP settings v ia DHC P, type “ip addr ess dh cp” and pr ess <Ent er>. • To ob tai n IP set tings v ia BOOT P, type “ip ad dress bo otp” and press <E nter >. 3. T yp e “end ” to return to the P[...]
-
Page 50
I NI T IA L C ONFIGURATION 2-12 When SN MP mana gement st ation s se nd request s to the sw itc h (eit her to retur n infor m ation or to set a param eter), the switch provides the reques ted dat a or sets t he spec ified para meter . The swit ch ca n also be config ured to send inf or ma tion to SNMP man ag ers (wi thou t being reque sted by the m[...]
-
Page 51
B ASIC C ONFIGURATION 2-13 2. T o remove an existing string , simply type “no snmp-se r ver community string , ” wher e “stri ng” is the com mun ity access strin g to re mov e . Press <Ent er>. Trap R eceivers Y ou can a lso sp ecify SNMP station s that are to re ceiv e traps from the swit ch . T o conf igure a trap recei ver , com pl[...]
-
Page 52
I NI T IA L C ONFIGURATION 2-14 2. Enter t he name o f the st ar t-up fi le . Press <E nter>. Managi ng Sys tem F iles Th e switch’ s f lash memo r y suppo r ts three ty pes of sy stem file s that can be man ag ed b y the CLI program, w eb int erface , or SN MP . The swit ch’ s fi le syste m allo ws file s to be uploade d and do wnloade d[...]
-
Page 53
M ANAG ING S YSTEM F ILES 2-15 Due to th e size limit of the f l ash memor y , the s witch supp or ts only two operation c ode files . Ho wever , you can hav e as many diagnostic code files and config uration files as av ailable f lash memo r y space allows . In th e system flash memor y , on e file of eac h type m us t b e set as the start-up file[...]
-
Page 54
I NI T IA L C ONFIGURATION 2-16[...]
-
Page 55
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using th e Web Inter face Th is switch pr ovides an e mbed ded HTTP web age nt. U sing a web brows er y ou can configure the s witch and view statis tics to monito r netw ork acti vity . T he w eb agent can b e accesse d b y any comp uter o n the netw ork usin g a stand ard web browse r (Inte r net Exp lore r[...]
-
Page 56
C ONFIGURING THE S WI T CH 3-2 Notes: 1. You are al lowed th ree at tempts to ente r the cor rect p assword ; on th e third failed at tempt t he curr ent connec tion i s termina ted. 2. If you log into th e web interface as guest (Normal Exe c level), you c an vie w the co nfigura tion s etting s or c hange the gues t password. If you log in as “[...]
-
Page 57
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-3 Naviga ting the We b Br owse r Inter face T o access th e web-b rowser in terface yo u must first enter a us er name a nd passw ord. The administrato r has R e ad/W rite ac cess to all co nfiguration paramet ers a nd stati stics . The default user nam e and pa ssw ord for the administra tor is “[...]
-
Page 58
C ONFIGURING THE S WI T CH 3-4 Configura tion Options Config urable paramet ers ha ve a dialog box or a dro p-do wn list . Once a config urati on chan ge has been ma de on a pag e, be su re to c lick on the Apply button to conf ir m the new se tting . Th e fol lowing table summar izes the web p age confi guratio n but tons . Notes: 1. To ensu re pr[...]
-
Page 59
M AIN M ENU 3-5 Main Menu Using the on board w eb a g ent, y ou can def ine sys tem para meters , manage and cont rol the switch, an d all its por ts , or m onitor network condition s . Th e follo w ing table brie fly des cribes the sele ctions av ailable from this prog ram. Table 3-2 M ain Me nu Menu Desc ription Page System 3 -11 Syst em Info rma[...]
-
Page 60
C ONFIGURING THE S WI T CH 3-6 SNTP 3-42 Conf iguration Configu res SNTP client settings , including broadc ast mode or a specif ied list of servers 3-4 2 Cloc k Time Z one Sets the local ti me zone for t he syste m clock 3 -44 SNMP 3-45 Conf iguratio n Configures com munity string s and related trap functi ons 3-4 5 Security 3-48 User Accou nts As[...]
-
Page 61
M AIN M ENU 3-7 IP Filter Sets IP addr esses of cli ents allowed manage ment acce ss via the web, SNMP, and Telnet 3-7 5 Por t 3-8 8 Port I nformati on Displays port connecti on stat us 3-88 Trunk Information Disp lays tru nk connection statu s 3-88 Port Conf iguratio n Configures port conn ection settings 3-91 Trunk Confi guration Configu res t ru[...]
-
Page 62
C ONFIGURING THE S WI T CH 3-8 Output Port C onfigurat ion Sets the output ra te limit for e ach port 3-114 Output Trunk Co nfiguratio n Sets the output ra te limit for e ach trunk 3-114 Port Statistics Lists Ethernet and R MON port statistics 3- 115 Addres s Table 3-122 Static Addres ses Disp lays entries for interface , addres s or VLAN 3-122 Dyn[...]
-
Page 63
M AIN M ENU 3-9 Static Members hip by Por t Configu res membership ty pe for interfaces, inclu ding tagged, u ntagged or forbidden 3-156 Port Configur ation Spec ifies defaul t PVID and VLAN attributes 3- 157 Trunk Configuration Spec ifies defa ult trunk VID and V LAN att ribu tes 3-157 Private VLAN 3-160 Informa tion Disp lays Private VLAN fea tur[...]
-
Page 64
C ONFIGURING THE S WI T CH 3-10 Queue Sched uling Configur es Weighted Ro und Robin qu euei ng 3-174 IP Prece dence/ DSCP Priority Status Globally se lects IP Preced ence or DSCP Priorit y, or disables both. 3-176 IP Preceden ce Priority Set s IP Type of Servic e priorit y, mappi ng the precede nce tag to a clas s-of-s ervice value 3-176 IP DSCP Pr[...]
-
Page 65
B ASIC C ONFIGURATION 3-11 Basic Configuratio n Displaying System I nformation Y ou can e asily identify the sys tem b y displa ying the device n ame, l ocatio n and c ontact infor mation . Field Att ributes • System Name – Name as signed t o the s witch s ystem. • Object ID – MIB II obje ct ID fo r switc h’s netw ork mana gemen t subsy s[...]
-
Page 66
C ONFIGURING THE S WI T CH 3-12 We b – Click Syste m, S ystem I nfor matio n. Spe cify the syst em n ame, locati on, and co ntact infor matio n for th e s ystem a dministr ator , then c lick Apply . (Thi s pag e a lso inc ludes a T el net butt on tha t allows access to the Command Line Interfac e via T elne t.) Figure 3-3 System Information[...]
-
Page 67
B ASIC C ONFIGURATION 3-13 CLI – Specify the hostname, location and con tact infor m ation. Displaying Switch Hardware/Software Vers ions Use the Switch Infor mation p age to display hardware/fir mware version n umbers for the main board an d management softw are, as well as the po wer status of t he syste m. Field Att ributes Main Board • Seri[...]
-
Page 68
C ONFIGURING THE S WI T CH 3-14 • Internal Power Statu s – Disp lays the stat us of the internal po wer supply . Manag ement Softw ar e • Loader Vers ion – Vers ion nu mber of loa der co de. • Boot- ROM V ersio n – Version of Power-On Self-Test (POST) and boot co de. • Operation Code Version – Ver sion numb er of ru ntime code. • [...]
-
Page 69
B ASIC C ONFIGURATION 3-15 CLI – Use the following command to di splay v e rsion infor mation. Displaying Bridge Extension Capabilit ies Th e Brid g e MIB includ es ex tension s for ma nag ed devic es tha t suppor t Multicast Filte ring, T raffic Classe s , and Virtual LANs . Y ou can access t hese exten sions to disp lay defau lt set tings for t[...]
-
Page 70
C ONFIGURING THE S WI T CH 3-16 • Configurable PVID Tagging – This switc h allows you to override the defa ult Port VL AN ID (PVID u sed in frame tag s) and egress status (VLAN -Tagge d or Unta gged ) on each port. ( Refer to “VLAN Configuration” on page 3-143.) • Local VLAN Capable – This swi tch does no t support m ultiple loca l brid[...]
-
Page 71
B ASIC C ONFIGURATION 3-17 CLI – Enter the following comman d. Setting the Switch’s IP Addres s Th is sec tion des crib es how to co nfig ure an IP inte rface for man age ment acces s ov er the netw ork. The IP addres s for the stack i s obtain ed via DHCP b y default. T o man ually confi gure an address , yo u need to ch ange the s witch’ s [...]
-
Page 72
C ONFIGURING THE S WI T CH 3-18 Requests will be broad cast periodically by the switch for an IP address. (DHCP /BOOTP values can includ e the IP addres s, subn et mask, an d defau lt gatew ay.) • IP Address – Ad dress of the VLA N interface that is allowed manag ement ac cess. Val id IP a ddresses consist of four n umbers , 0 to 255, separated[...]
-
Page 73
B ASIC C ONFIGURATION 3-19 CLI – Specif y the mana g ement interface , IP ad dress an d default gatew ay . Usin g D HCP/ BOO TP If y o ur ne twork p rovide s D HCP/B OO TP s er vic es, you can con fig ure the swit ch t o be dyna mically co nfigur ed by t hese se r vices . We b – Click System, IP Configuration. Specify the VLAN to which the mana[...]
-
Page 74
C ONFIGURING THE S WI T CH 3-20 CLI – Specify the manag eme nt inte rface, and set the I P addre ss mod e to DHCP or BO OTP , and then ente r the “i p dh cp re sta rt” com mand . Renewing DCHP – DHC P may le ase a ddr esses to cli ents i ndef ini tely or for a specific period of tim e. If the ad dress exp ires or the swit ch i s mov ed to a[...]
-
Page 75
B ASIC C ONFIGURATION 3-21 Managing Fir mware Y ou can up load/ download fir m ware to or from a TFTP se r ver, or copy files to and from switch units in a stack. By saving r unti me code to a file on a TFTP ser ver , tha t file can la ter be downloade d to the switch to restore oper ation. Y o u can als o set th e swi tch to use n ew fir mware wi [...]
-
Page 76
C ONFIGURING THE S WI T CH 3-22 Download ing System Softwar e from a Server When d ownl oading runtime code , yo u can s pecify t he dest inati on fi le name t o replace the cu r rent image, or fi rst do wnload the file us ing a differe nt na me from th e current r untim e code fi le, an d then s et the new file as t he star tup file . We b – Cli[...]
-
Page 77
B ASIC C ONFIGURATION 3-23 If you do wnload to a new dest ination file, g o to the Sys tem/File/Se t Start -Up menu, mark the operation code file used at star tup , and click Appl y . T o start the new fir mw are, reboot th e system via the Sys tem/R eset menu. Figure 3-9 Select Start-Up Operati on File T o delete a file select Syst em, File, Delet[...]
-
Page 78
C ONFIGURING THE S WI T CH 3-24 CLI – T o down load ne w fir mware for m a TFTP se r v er, ente r the IP addr ess of the TFT P ser ver, select “opco de” as th e file type, the n ent er the source and destin ation file names . When t he file has fin ished downloading, set th e new file to s tar t up the syst em, an d then re star t th e switch[...]
-
Page 79
B ASIC C ONFIGURATION 3-25 - runn ing-co nfig t o startu p-config – Co pie s the runn ing co nfig to the start up co nfig. - runni ng-co nfig to tftp – Co pies the running configuration to a TFTP serv er. - startu p-config to fi le – Copies t he startup con figuration to a file on the s wit ch. - sta rtup-c onfig to running -conf ig – Cop i[...]
-
Page 80
C ONFIGURING THE S WI T CH 3-26 Download ing Config uration S etting s from a Ser ver Y ou can d ow nload th e conf igurati on fi le under a new file na me an d then set i t as th e startup file , or you c an sp ecify th e cur rent startup configurati on file as th e destination file to directly re place it. N ote that t he file “Factor y_D efau [...]
-
Page 81
B ASIC C ONFIGURATION 3-27 If you down load to a new file name us ing “tf tp to s tar tup -config ” or “tf tp to file, ” t he file is automatic ally set as the st art-up configuration file. T o use the ne w sett ings , reboot the syst em via the System/R eset me nu. Note that y ou ca n also se lect any co nfigura tion fi le as the start-up [...]
-
Page 82
C ONFIGURING THE S WI T CH 3-28 Conso le P ort Set ting s Y ou can access the onboard c onfig uration program by attach ing a VT100 compa tible de vice to the swi tch ’ s serial consol e port. Managem ent acce ss thro ugh t he co nsole po r t is co ntro lled by vario us par amete rs , incl ud ing a password, t imeouts, and bas ic com municatio n [...]
-
Page 83
B ASIC C ONFIGURATION 3-29 • Speed – Sets th e ter mina l line’ s baud ra te for tr ansmit ( to ter minal ) and receive (from ter minal ). Set the s peed to match the baud rate of the device connected to the serial port . (Range: 9600, 19 200, 38400, 57600, or 115200 baud; Default: 9600 bps) • Stop Bits – Sets the numbe r of the sto p bit[...]
-
Page 84
C ONFIGURING THE S WI T CH 3-30 CLI – Ente r Line Co nfiguratio n mode for the c onsol e, then speci fy the con nection p aramete rs as required. T o displ ay t he current cons ole p or t sett ings , us e the show line command fr om the Nor mal E xec leve l. Telnet Settings Y ou can access the on board co nfigur ation pro g ram o ve r the netw or[...]
-
Page 85
B ASIC C ONFIGURATION 3-31 • Telnet Port Numbe r – Set s the TCP port nu mber for T elnet on the switch. (De fault: 23) • Login Timeout – Se ts th e inte r va l tha t the system wa its for a u ser t o log into the CLI. If a login attempt is not de tecte d within th e time out inte rval, t he conne ction i s terminat ed for the ses sion. (Ra[...]
-
Page 86
C ONFIGURING THE S WI T CH 3-32 We b – Clic k System, Line , T elnet. Spe cify th e connecti on paramet ers for T elne t access , then clic k Apply . Figure 3-14 Enabl ing Telnet CLI – Enter Line Con figuration mode fo r a vir tual ter minal, th en specify the co nnection parameters as requi red. T o di splay the c ur rent virtual ter minal set[...]
-
Page 87
B ASIC C ONFIGURATION 3-33 Configur ing Event Logging Th e switc h all o ws you to control the log ging of er ror messag es , including the type of ev ents t hat are reco rded in switc h memor y , log ging t o a remote Syst em Log (s yslog) ser ve r , and di spla ys a li st of re cent eve nt messages . System Log Co nfigurat ion The syst em allo ws[...]
-
Page 88
C ONFIGURING THE S WI T CH 3-34 • RAM Level – Limits log messa ges saved to the swi tch’s te mporary RAM memory for all levels up to th e specified level. For example, if level 7 is specified, all me ssages from leve l 0 to level 7 will be lo gged to RAM. (Range: 0-7, Default: 6) Note: The Fla sh Le vel mu st be equa l to or les s th an th e [...]
-
Page 89
B ASIC C ONFIGURATION 3-35 We b – Click Sys tem, Log, System Logs . Specif y System Log Status , set the lev el of ev ent mes sages to be lo g ged to RAM and f lash me mor y , then cli ck Apply . Figure 3-15 System Logs CLI – Enab le system log ging and then speci fy the l ev el of m essages to be log ged to RAM and flash mem or y . Use th e sh[...]
-
Page 90
C ONFIGURING THE S WI T CH 3-36 The fac ility ty pe is us ed by th e sysl og server to disp atch lo g messag es to an approp riate ser vice. The attribute spe cifies the facility type t ag sen t in sys log mess ages. (Se e RFC 3164.) This type has no effect on the kind of messages reported by t he switch . Howe ver, it ma y be used by the sy slog s[...]
-
Page 91
B ASIC C ONFIGURATION 3-37 We b – Cli ck Sy stem , L og, Remot e L ogs. T o a dd a n IP add res s t o th e Hos t I P L i s t , t y p e t h e n e w I P a d d r e s s i n t h e H o s t I P A d d r e s s b ox , a n d t h e n c l i c k Add. T o delete an IP add ress , cli ck th e entry in the Hos t IP Li st, and th en click R e mov e. Figure 3-16 Rem[...]
-
Page 92
C ONFIGURING THE S WI T CH 3-38 Displaying Log Messages Th e Logs pag e allows y ou to scroll t hrough the log g ed syste m and eve n t messages . Th e switc h can sto re up to 2048 lo g entries in tem porary random access me mor y (RAM; i.e., memo r y f lushed on power reset) and up to 4096 entries in per m anent flash memor y . We b – Clic k Sy[...]
-
Page 93
B ASIC C ONFIGURATION 3-39 Send ing Simple Mail Transfer Proto col Alerts T o alert sy stem admin istra tors of proble ms , the swi tch can use SMT P (Simpl e Mail T ransfe r Pr otocol ) t o send email messag es when trig g ered by log ging ev ents o f a speci fied lev el. T he mes sages are se nt to sp ecified SMTP s er v ers on the netw ork and c[...]
-
Page 94
C ONFIGURING THE S WI T CH 3-40 We b – Clic k System, Log, SMT P . Enabl e SMTP , speci fy a source email addre ss, and select the minimum sev erity lev el. T o add an IP address to the SMTP Ser v er List, type t he new IP add ress in the SMTP Ser ver fie ld and click Add. T o delete an IP address , cl ic k the e ntr y in the SMTP Ser ver List an[...]
-
Page 95
B ASIC C ONFIGURATION 3-41 CLI – Enter t he IP addr ess o f at least one SMT P ser v er, set th e syslog severity lev el to trig g er an email messag e, and specify the switch (source) and up to fiv e recip ient (destina tion ) emai l address es . En able S MTP with the lo g g ing sendmail co mmand to com plete th e confi guration . Use th e show[...]
-
Page 96
C ONFIGURING THE S WI T CH 3-42 CLI – Use th e reload com mand to rest ar t th e swit ch. When pro mpted, confir m that you want to reset th e switch. Note: Wh en restarting the system, it will alway s run the Power-On Self-Test. Setting the Syst em Clock Simple Network Time Protocol (SNTP) allows the switch to set its int er nal cloc k bas ed on[...]
-
Page 97
B ASIC C ONFIGURATION 3-43 • SNTP Se rver – Set s the IP address for up to thr ee time server s. Th e switch a ttempts to update the t ime from the fir st server , if this fails it attemp ts an up date from th e next se rver in the sequ ence. We b – Select SNTP , C onfigurati on. Modify a ny of the re quired parameters , and click Apply . Fig[...]
-
Page 98
C ONFIGURING THE S WI T CH 3-44 Setti ng the Ti me Zone SNTP uses Coordi nated Uni v ersal Time ( or UTC , for merly Greenw ich Mean Time , or GMT) based on the time at the E ar th ’ s prim e meri dian, zero deg rees lo ngitud e . T o d isplay a time cor respo nding to your local time, you mu st i nd icat e t he numb er o f ho urs and mi nutes yo[...]
-
Page 99
S IMP LE N ETWORK M ANAG EMENT P RO T O C O L 3-45 Simple Ne twork Managemen t Protocol Simpl e Network Manag eme nt Prot ocol ( SNMP) is a c ommunica tion prot ocol designe d spec ifica lly for ma nagi ng dev ices on a network. Equipm ent commo nly managed with SNM P include s switc hes , routers and hos t comp ut ers . SNM P is ty pica lly us ed [...]
-
Page 100
C ONFIGURING THE S WI T CH 3-46 • Acc ess Mo de - Read-Only – Specifies read-o nly acce ss. Au thoriz ed managem ent stations are only able to retrieve MIB objects. - Read/Write – Specifie s read -write a ccess. Au thor ized m anage ment station s are able to both retrieve and mo dify MIB obje cts. We b – Clic k SNMP , Config uration. Add n[...]
-
Page 101
S IMP LE N ETWORK M ANAG EMENT P RO T O C O L 3-47 Command A ttribut es • Trap Manager C apability – T his switc h supports up to five trap managers. • Current – Displ ays a lis t of th e trap m anagers curren tly con figured . • Trap Manager IP Addres s – IP add res s of th e hos t (the targ eted reci pien t). • Trap Manager Communit[...]
-
Page 102
C ONFIGURING THE S WI T CH 3-48 CLI – This example adds a trap manager and e nables bo th authentica tion and link-u p , link -down traps. User A uthen ticatio n Y ou can rest rict manageme nt access to this sw itch using the following optio ns: • Use r Ac cou nts – Ma nual ly c onfi gur e acce ss r ights on th e switc h fo r specified users.[...]
-
Page 103
U SER A UTHENTICATION 3-49 Command A ttribut es • Account List – Disp lays th e current list o f user accounts and associa ted access levels. (D efaults: admin, an d guest) • New Account – Displays configuration sett ings for a new account. - User N ame – The name of the user. (Maximum length: 8 characters; maximum numb er of users: 16) -[...]
-
Page 104
C ONFIGURING THE S WI T CH 3-50 CLI – Assig n a user name to access-lev el 15 (i. e., administ rato r), th en spe cify th e passw ord. Configur ing Local/Remote Logo n Authenticatio n Use the A uthentic ation Setting s men u to restrict manageme nt acces s based on spec ified user nam es and pas sw ords . Y o u can manual ly config ure access rig[...]
-
Page 105
U SER A UTHENTICATION 3-51 Command U sa ge • By defau lt, man agement ac cess is always ch ecked again st the auth entica tion d ataba se st ored on the lo cal swit ch. If a remote auth entica tion ser ver is used, y ou must sp ecify t he authent ication seque nce and the corresp onding p arameters f or the remo te authe ntic ation pr otoc ol. Lo[...]
-
Page 106
C ONFIGURING THE S WI T CH 3-52 • RADIUS S ettings - Global – Provides glo bally applicable RADIUS set tings. - ServerIndex – Specifies one of five RA DIUS servers that may be config ured. T he swi tch attem pts aut henticat ion usi ng th e listed seque nce of server s. The process end s when a s erver eith er approve s or de nies ac cess to [...]
-
Page 107
U SER A UTHENTICATION 3-53 We b – Click Security , A uth entica tion Se ttings . T o co nfigure local or rem ote auth entica tion p referen ces , speci fy the a uthen ticati on seq uence (i.e., one to th ree meth ods), fill in the para meters for RADIUS or T A CA CS+ authent ication if select ed, and clic k Apply . Figure 3-25 Authentication Sett[...]
-
Page 108
C ONFIGURING THE S WI T CH 3-54 CLI – Sp ecify a ll the requi red para meters to enable log o n auth entica tion. Configur ing HTTPS Y ou can c onfigure t he swit ch to enable t he Secure H yper text T ransf er Proto col (HT TP S) over the Sec ure S ocket Layer (SS L), providing secur e acces s (i. e. , an encrypted conne ction ) to th e switc h?[...]
-
Page 109
U SER A UTHENTICATION 3-55 • When you star t HTTPS, the connect ion is establi shed in th is way: - T he c lient aut hentica tes the server using th e ser ver’s di gital certif icate. - T he cl ient and ser ver nego tiate a se t of secur ity protoc ols to use for the connect ion. - T he cli ent and server gener ate se ssion keys for encr ypting[...]
-
Page 110
C ONFIGURING THE S WI T CH 3-56 We b – Click Sec urity , HTTPS Settings . Enable HTTPS and specify the por t num ber, then click Ap ply . Figure 3-26 HTTPS Settings CLI – This example e nables t he HTTP secur e ser ve r and modifi es the por t num ber . Replaci ng the Default Secure-si te Certificat e Whe n y ou log ont o the web interface usin[...]
-
Page 111
U SER A UTHENTICATION 3-57 When y o u ha v e obtain ed these , place t hem on y our TFTP s er v er, an d use the fol lowi ng comm and at th e switc h's comm and-line interface t o replace the d efault ( unr ecogniz ed) cer tifica te wi th an auth oriz ed one : Note: The swi tch mus t be re set for the new certi fic ate to be act ivate d. T o r[...]
-
Page 112
C ONFIGURING THE S WI T CH 3-58 Command U sa ge The SSH ser ver on this switc h su pports bot h passw ord and public k ey auth entica tion. I f passw ord authe nticati on is sp ecifie d by t he SSH cli ent, then the pas swo rd c an be au thentic ated e ither lo cally or via a RADIUS o r T A CA CS+ remote authenti cation se r ver , as specifi ed on [...]
-
Page 113
U SER A UTHENTICATION 3-59 3. Import Client’ s Public Key to the Switch – Use the copy tftp publ ic-key command (p age 4-86) to copy a fi le contai ning the pu blic k ey for all the SSH c lien t’ s g rante d man ag eme nt acce ss to th e swi tch. (Not e tha t thes e client s must be configured locally on the s witch vi a the User Accounts pag[...]
-
Page 114
C ONFIGURING THE S WI T CH 3-60 e. T he s witch co mpar es th e de cr yp ted byt es to the origin al byte s it se nt. If the two set s match, this means th at the c lient's priv ate key cor respon ds to an authorized public key , and the client is auth enticate d. Notes: 1. To use S SH with onl y pass word a uthen tica tion, the host pu blic k[...]
-
Page 115
U SER A UTHENTICATION 3-61 the client to select either DES (56-bit) or 3DES (168-b it) for da ta encr yption . • Save Host-Key from Memory to Flash – Saves th e host key from RAM (i.e., vo latile memory to flas h m emory. Otherwi se, t he host key pair is stored to RAM by default. Note that you must se lect this item prior to gene rating the ho[...]
-
Page 116
C ONFIGURING THE S WI T CH 3-62 CLI – This exam ple generates a host-k ey pair usi ng bo th the RSA and DSA a lg or ithm s , sto res t he keys to f l ash me mo r y , a nd th en dis plays the host’ s publ ic keys . Confi guring t he SSH Server The SSH se r ver inc ludes b asic se ttings for auth enticatio n. Field Att ributes • SSH Server Sta [...]
-
Page 117
U SER A UTHENTICATION 3-63 fails and th e clien t has to restar t the a uthenti catio n proces s. (Range: 1-5 time s; D efault: 3) • SSH Server-Key Size – Specifies t he SSH server key size. (Range: 512-896 bits; Default:768) - The server key is a pr ivate key t hat is neve r shared ou tside the switch. - The host key is shared with the SSH cli[...]
-
Page 118
C ONFIGURING THE S WI T CH 3-64 CLI – This example ena bles SSH, s ets th e auth entica tion para meter s , and disp la ys the cur rent confi gurati on. It sho ws that the admi nistra tor has mad e a connec tion via SHH, an d then disables this connecti on. Configur ing Port Secur ity P or t security is a fe ature that allo ws you to configure a [...]
-
Page 119
U SER A UTHENTICATION 3-65 already in the address table wil l be retained an d will no t ag e out. An y othe r device that attempts to use the por t will be pre v ented from ac cessing the switch. Command U sa ge • A secur e port h as the fo llowing restrict ions: - It c annot u se por t monito ring. - It c annot b e a multi-VLA N port. - It c an[...]
-
Page 120
C ONFIGURING THE S WI T CH 3-66 We b – Click Security , P or t S ecurity . Set the action to ta ke when an invalid addr ess i s dete cted on a por t, ma rk th e checkbox in the St atus c olum n to enab le securi ty for a port , s et the m aximu m numb er of MA C add resses allowe d on a por t, and click Appl y . Figure 3-29 Configuring Port Secur[...]
-
Page 121
U SER A UTHENTICATION 3-67 Th is switch uses the Extensib le A uth entica tio n Prot ocol o ver LA Ns (EAPOL ) to ex c hang e au thenti cati on prot ocol m essag es with the cl ient, an d a re mote RA DIUS a uthen tic ation ser v er to v erify user ident ity a nd ac cess righ ts . When a clien t (i. e., Suppli cant) co nnec ts to a sw itch por t, t[...]
-
Page 122
C ONFIGURING THE S WI T CH 3-68 • The RADIUS server and 802.1X client support EAP. (The switch only supp orts E APOL in or der to pas s the EA P pa cke ts from the s erve r to the clie nt.) • The RADIUS s erver and clie nt also have to support t he same EAP authe ntic ation type – MD 5. (So me clie nts hav e nati ve sup port in Wind ows, o th[...]
-
Page 123
U SER A UTHENTICATION 3-69 CLI – T his example sho ws the default global setting for 802.1X. Confi guring 802. 1X Global Set tings The 802.1X protocol includes port authentication. The 802.1X protocol mu st be enabled global ly for t he switc h system before port setting s are acti ve . Command A ttribut es • 802.1X System Authentication C ontr[...]
-
Page 124
C ONFIGURING THE S WI T CH 3-70 CLI – This example e nables 802.1X globally for the switch. Confi guring Por t Settin gs for 8 02.1X When 802.1X is enabled, y ou need to configure the parameters for the auth entica tion p roces s that r uns betw een the clien t and t he swi tch ( i.e ., auth entica tor), as wel l as th e clie nt ident ity l ookup[...]
-
Page 125
U SER A UTHENTICATION 3-71 • Max-Req – Se ts the maximum numb er of times the swit ch port will retransmit an EAP request packet to the client before it times out th e au thenti cati on s essio n. (R ange : 1- 10; De fau lt 2) • Quiet Period – Sets the time that a switch port wa its after the Max Reques t Count ha s been e xceeded be fore a[...]
-
Page 126
C ONFIGURING THE S WI T CH 3-72 CLI – T his example sets the 802.1X parameters on port 2. For a des cript ion of th e addit ion al field s disp laye d in this e xampl e, see “s how dot1x” on page 4-112. Console(config)#interfa ce ethernet 1/2 4-143 Console(config-if)#dot1 x port-control auto 4-108 Console(config-if)#dot1 x re-authentication 4[...]
-
Page 127
U SER A UTHENTICATION 3-73 Displaying 802.1X Statistics Th is switch can display statist ics for dot1x protocol e x changes for any por t. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAP OL St a rt frames that ha ve been receive d by this Authentica tor. Rx EAPOL Logoff The number of EAPOL Logoff frames that have [...]
-
Page 128
C ONFIGURING THE S WI T CH 3-74 We b – Select Sec urity , 802.1X , Statistics . Select the require d por t and then click Quer y . Click R efresh to upda te the statist ics . Figure 3-33 Displaying 802.1X Port Statistics CLI – This example d isplays the 802.1X statistics for por t 4. Conso le#s how dot 1x stat istic s inter face et herne t 1/4 [...]
-
Page 129
U SER A UTHENTICATION 3-75 Filte ring Addresses for Managem ent Acce ss Y ou create a list of up to 16 I P address es or IP a ddress groups that ar e allowe d manag ement ac cess to the sw itch through the web interface, SNMP , or T elne t . Command U sa ge • The m anage ment inter faces ar e open to all IP addr esses by d efault. Once y ou add a[...]
-
Page 130
C ONFIGURING THE S WI T CH 3-76 • Start IP Address – A single I P address, o r the s tarting add ress of a rang e. • End IP Address – Th e end addr ess o f a range. • Add/Remove Filtering Entry – Adds /rem oves an IP ad dress fr om the lis t. We b – Click Security , I P Filter . Enter the IP addresses or range of addre sses that are a[...]
-
Page 131
A CCE SS C ONTR OL L IST S 3-77 CLI – This exampl e allo ws SNM P access f or a sp ecific cl ient. Acce ss Cont rol List s Acce ss Contro l Lists (A CL) prov ide pac ket filteri ng for I P frames (based on ad dres s , protoc ol, Layer 4 prot ocol p or t number or TCP c ontrol c ode) or an y frames (b ased on MA C address or Ethernet typ e). To fi[...]
-
Page 132
C ONFIGURING THE S WI T CH 3-78 Command U sa ge The fol lo wing restri ctions apply to A CLs: • Eac h AC L can ha ve up to 32 ru les. • The m axi mum numb er o f A CLs i s 8 8. • However , due to reso urce rest rictions, the avera ge number of rul es bound to t he ports s hould not ex ceed 20. • Thi s swit ch supp orts AC Ls for ing res s f[...]
-
Page 133
A CCE SS C ONTR OL L IST S 3-79 - MAC : MAC A CL mode that fil ters pac kets b ased on the sou rce or d estination MAC ad dress and t he Ethe rnet frame typ e (RFC 1060). We b – Click Security , A CL, Configuratio n. Enter an A CL name in the Name fi eld, sele ct the lis t type (IP Sta ndard, IP Extend ed, or MA C), and click Add to open the conf[...]
-
Page 134
C ONFIGURING THE S WI T CH 3-80 Confi guring a Stan dard IP ACL Command A ttribut es • Act ion – An ACL can contain any com binatio n of perm it or de ny rules. • Address Type – Spe cifies the sour ce IP addre ss. Use “A ny” to inc lude all p ossible addres ses, “ Host” t o specify a speci fic hos t addres s in th e Add ress field, [...]
-
Page 135
A CCE SS C ONTR OL L IST S 3-81 We b – Spec ify the action ( i.e ., P er mit or Deny). Se lect t he addres s type (Any , Host , or IP) . If y ou se lect “Host , ” enter a s pecific a ddres s . If y ou sele ct “IP , ” en ter a su bnet addre ss an d the ma sk for an add res s ran ge. T hen click Add. Figure 3-36 ACL Configuration - Standard[...]
-
Page 136
C ONFIGURING THE S WI T CH 3-82 to sp ecify a ra nge of ad dresses with th e Address and SubM ask fields . (Options: Any, Host , IP; Defau lt: Any) • Source/Destination Addr ess – Source o r destin ation IP addres s. • Source/Destination Subnet Mask – Subnet mask for source o r dest inatio n addr ess. (S ee the d escript ion fo r Subnet Mas[...]
-
Page 137
A CCE SS C ONTR OL L IST S 3-83 For exam ple, use the code va lue and mask b elow to c atch p ackets wit h the following flags set: - SYN flag valid, use cont rol-code 2, cont rol bitmask 2 - Bot h SYN a nd ACK va lid, us e cont rol-c ode 1 8, cont rol bit mask 18 - SYN valid and ACK invalid, use co ntrol-code 2, control bit mask 18 We b – Specif[...]
-
Page 138
C ONFIGURING THE S WI T CH 3-84 3. P er mit all TCP pack ets from class C addresses 192.168.1.0 w ith the TCP cont rol co de set to “SYN . ” Confi guring a MAC ACL Command A ttribut es • Act ion – An ACL can contain any com binatio n of perm it or de ny rules. • Source/Destination Addr ess Type – Use “Any” to include all poss ible a[...]
-
Page 139
A CCE SS C ONTR OL L IST S 3-85 We b – Specify th e action (i.e ., P er mit or Deny). S pecify th e source an d/or dest inatio n add resses . Se lect the address type ( Any , Ho st, or MA C). I f you select “Ho st, ” ente r a sp ecific ad dress ( e .g ., 11-22-33-4 4-55-66). If you select “M A C , ” enter a base address and a hexidecimal [...]
-
Page 140
C ONFIGURING THE S WI T CH 3-86 Binding a P ort to an Access Control Lis t Aft er con figur ing Acce ss Co ntrol Lists (A CL), y ou shoul d bin d them to the p or ts that n eed to filter traffic. Y ou can assig n one IP acc ess list to any port, bu t yo u can o nly assi gn on e MA C access list t o all the po r ts on the switch. Command U sa ge Th [...]
-
Page 141
A CCE SS C ONTR OL L IST S 3-87 We b – Click Security , A CL, P or t Binding . Mark the Enabled field for the port you w ant t o bind to an A CL, select the re quired A CL from the drop-down list, th en click Apply . Figure 3-39 Binding a Po rt to an ACL CLI – T his exa mple assigns an I P and MA C access list to port 1, and an IP acces s list [...]
-
Page 142
C ONFIGURING THE S WI T CH 3-88 Port Con figuratio n Displaying Connection Status Y ou can us e the P or t Infor ma tion or T r un k In for matio n pag es to display the cur rent c onne ction status , incl uding link sta te, s peed/dup lex mod e, flow co ntrol , and aut o-negotiation . Field Attrib utes (W eb) • Name – Inter face l abel. • Ty[...]
-
Page 143
P ORT C ONFIGURATION 3-89 We b – Click P or t, Po r t In for matio n or T r unk In for matio n. Figure 3-40 Displaying Port/Trunk Information Field Attrib utes (CLI) Basic In for mation: • Port t ype – Indicates the port type. ( 100BASE-TX, 1000BA SE-T, or SFP) • MAC address – The p hysic al layer addres s for th is po rt. (To access this[...]
-
Page 144
C ONFIGURING THE S WI T CH 3-90 - 10full - Suppo rts 10 Mbps full-duple x operat ion - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-dup lex operation - 1000full - Supports 1000 Mbps full-duplex operation - Sym - Tra nsmits a nd rec eives p ause f rame s for f low co ntro l - FC - Sup port s flow contr ol • [...]
-
Page 145
P ORT C ONFIGURATION 3-91 CLI – This exampl e show s the co nnection status fo r P or t 5. Configur ing Interface Connections Y ou can use the P or t Configuratio n or T r unk Conf iguration page to enable/disable an int erface , set a uto- negotia tion a nd th e inte rfac e capabilities to ad v er tise, or man ually fix the sp eed, dup lex mode,[...]
-
Page 146
C ONFIGURING THE S WI T CH 3-92 • Autonegotiation ( Port Capabilities) – Allows aut o-negot iation to b e enabled/disab led. When auto-n egotiation is enabled, you nee d to speci fy the cap abilities to be a dvertised. W hen auto -negotiat ion is disa bled , you can fo rce th e set ting s for speed , mo de, and flow control.T he followin g capa[...]
-
Page 147
P ORT C ONFIGURATION 3-93 We b – Click P or t, P or t Config uration or T r unk Configuration. Modi fy the required interface settings , and click Apply . Figure 3-41 Port/Trunk Configuration CLI – Select the inte rface, and t hen ent er the r equire d settin gs . Creating Tru nk Groups Y ou can c reate mu ltiple li nks betwee n devices that w [...]
-
Page 148
C ONFIGURING THE S WI T CH 3-94 automatic ally nego tiat e a tr unke d link with L A CP-config ured ports on anoth er device . Y ou can config ure any n umber of por ts on the sw itc h as LA CP , as long as the y are not already co nfigured as par t of a static t r unk. If ports on another device are also co nfigur ed as LA CP , the swi tch a nd th[...]
-
Page 149
P ORT C ONFIGURATION 3-95 Stati cally Conf iguring a Tru nk Command U sa ge • When config uring static trunks, you may not be able to link switc hes of di fferent t ypes, de pendi ng on the manu facturer’ s implemen tatio n. Howeve r, note that th e st atic tr unks on this sw itch are Cisco Ethe rCha nnel c ompa tible. • To a void c reat ing [...]
-
Page 150
C ONFIGURING THE S WI T CH 3-96 We b – Click P or t, T r unk Membership . Enter a tr unk ID of 1-4 in the T runk field, s elect any o f the switc h ports fro m the scro ll-do wn port list, and c lick A dd. Aft er you hav e comple ted addi ng ports to t he member list, click Apply . Figure 3-42 Stati c T runk Configuration[...]
-
Page 151
P ORT C ONFIGURATION 3-97 CLI – Th is example cre ates trunk 2 with p or ts 1 and 2. J ust conne ct thes e por ts to two static tr un k por ts on anot her switch to fo r m a tr u nk. Enabl ing LACP on Selected Ports Command U sa ge • To a void c reat ing a loo p in the netw ork, b e sure you enable LAC P befor e co nne cting t he po rts, a nd a[...]
-
Page 152
C ONFIGURING THE S WI T CH 3-98 • A trunk formed w ith another switc h using LACP will automatically be assi gned th e next available t runk ID. • If m ore th an eigh t po rts att ach ed to the s ame ta rget s witch have LAC P enabled, th e additional ports will be placed in standby mod e, and will only be enable d if one of the active links fa[...]
-
Page 153
P ORT C ONFIGURATION 3-99 CLI – T he f oll owing exa mp le en able s LACP f or p or ts 1 t o 6. J us t co nnec t these ports to LA CP-e nabled trunk po r ts on an othe r switc h to fo r m a tr unk. Confi guring LA CP Parameter s Dynamically Creating a Po r t Chan nel – P or ts ass igned to a common por t channel must meet the following crite ri[...]
-
Page 154
C ONFIGURING THE S WI T CH 3-100 Note: If the po rt chann el adm in key (l acp adm in key, page 4-168) is not set (t hroug h the CL I) wh en a ch annel gro up is forme d (i.e., it has a null value of 0), this key is set to t he same value as th e port a dmin key used by the inte rfaces that j oined the gro up (lacp adm in key, as described in this [...]
-
Page 155
P ORT C ONFIGURATION 3-101 We b – Click P or t, LA CP , Ag gr eg ation P o rt. Set the System Priori ty , Admin Key , and Po r t Priority for t he P or t Actor . Y ou can optionally config ure thes e settings for the P o rt Part ner . (Be aware t hat thes e setti ngs only affect the ad ministra tiv e sta te of the p ar tner, and will not take eff[...]
-
Page 156
C ONFIGURING THE S WI T CH 3-102 CLI – The follow ing examp le configure s LA CP paramet ers for ports 1-4. P ort s 1-4 ar e used as a ctiv e me mbers of the LA G . Console(config)#interfa ce ethernet 1/1 4-143 Console(config-if)#lacp actor system-priority 3 4-166 Console(config-if)#lacp actor admin-key 120 4-167 Console(config-if)#lacp actor por[...]
-
Page 157
P ORT C ONFIGURATION 3-103 Displa ying LACP Port Coun ters Y ou can dis play sta tistic s for L A C P prot ocol mes sag es . We b – Click P or t, LA CP , P o rt Counte rs Infor matio n. Select a member port to di spla y the correspond ing in for mation. Figure 3-45 LACP - Port Counters Information Table 3-6 LACP Port Counters Field D escription L[...]
-
Page 158
C ONFIGURING THE S WI T CH 3-104 CLI – The follo wing ex ample dis pla ys LA CP counte rs . Displa ying LACP Sett ings and Sta tus for the Local S ide Y ou c an display configuration set tings and the oper ational state for th e local side of an link ag g re g ation. Console#show lacp count ers 4-170 Port channel : 1 ----------------------- -----[...]
-
Page 159
P ORT C ONFIGURATION 3-105 Admi n Sta te, Oper Stat e Administra tive or operatio nal values of the ac tor’s sta te parameters: • Expire d – The actor’s receive machine is in the exp ired state; • Defaulted – The actor’s recei ve machine is using defaulted operational partner inf ormation, administra tively con figured for the partner[...]
-
Page 160
C ONFIGURING THE S WI T CH 3-106 We b – Click P or t, LA CP , P o rt Inter nal Infor matio n. Select a por t channel to disp lay th e cor resp ondin g infor mat ion. Figure 3-46 LACP - Port Inte rnal Informati on CLI – The follo wing ex ample dis pla ys the L A CP co nfiguration settin gs and o peration al sta te for th e local s ide of port ch[...]
-
Page 161
P ORT C ONFIGURATION 3-107 Displa ying LACP Settings and Status for the Remote Side Y ou c an display configuration set tings and the oper ational state for th e remote side of an link ag g reg ation . Table 3-8 LAC P Neigh bor Conf igurati on Infor mation Field Description Partner Admin Sys tem ID LAG partn er’s syst em ID ass igned by t he use [...]
-
Page 162
C ONFIGURING THE S WI T CH 3-108 We b – Click P or t, LA CP , P o rt Neigh bors Infor mation. Select a por t channel to display the cor re sponding info r matio n. Figure 3-47 LACP - Port Neighbors Information CLI – The follo wing ex ample dis pla ys the L A CP co nfiguration settin gs and o peration al sta te for th e remote s ide of port chan[...]
-
Page 163
P ORT C ONFIGURATION 3-109 Setting Broadcast Storm Thresholds Broadc ast st or ms m ay occu r when a d evice on your n etwo rk is malfunctionin g, or if application prog rams are no t w ell d esigned or pro perly co nfigured. If ther e is to o mu ch broadcas t tra ffic on y our network, pe rfor manc e can be se v er ely de g rad ed or ever yt hing [...]
-
Page 164
C ONFIGURING THE S WI T CH 3-110 We b – Click P ort, P ort/T r unk Br oadcas t Contro l. Set the t hresh old, mark the En abled fiel d for the desired interface and clic k Apply . Fi gure 3-48 Port Bro adca st Co nt rol[...]
-
Page 165
P ORT C ONFIGURATION 3-111 CLI – Specif y any inter face, a nd th en en ter the thre shol d. T he f ollowin g di sables br oadcas t storm contr ol for p ort 1, and then set s broa dcast supp ressio n a t 600 oct ets pe r s econd for por t 2 (w hich a pplies to all por ts). Configur ing Port M irrorin g Y ou can mi r ror tra ffic from any source p[...]
-
Page 166
C ONFIGURING THE S WI T CH 3-112 Command A ttribut es • Mirro r Sessions – Displays a list of current mirro r sessions. • Source Unit – The unit whose port traffic will be moni tored. (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) • Source Port – The po rt who se tr affic wi ll be monito red. (Range: 1-26/50) • Type – A[...]
-
Page 167
P ORT C ONFIGURATION 3-113 CLI – Use the int erfa ce comm and to se lect the mo nitor por t , the n us e th e port monit or comma nd to s pecify the sourc e port and traffi c type . Configur ing Rate Limits Th is func tion allows the network manag er to cont rol the ma ximum rate for traffic transmi tted or receiv ed on a po rt. Rate limitin g is[...]
-
Page 168
C ONFIGURING THE S WI T CH 3-114 We b – Click P or t, Rate Limit, Granularity . Se lect the require d rate limit g ran ularity for F ast Ethernet and Gigabit Ethe r net, and click app ly . Figure 3-50 Rate Limit Granular ity Configuration CLI - T his exam ple sets and d ispl ays Fast Et her n et an d Gi g abit E th er net g ran ularity . Rate Lim[...]
-
Page 169
P ORT C ONFIGURATION 3-115 We b – Click P or t, Rate Limit, Input/Out put P or t/T r unk Co nfiguration. Enable the Rate Limit Statu s for the requir ed interf aces, set the Rate Limit Level, and click Apply . Figure 3-51 Output Rate Limit Port Configuration CLI - T his example sets the rate limit level for input and output traffic pass ing thro [...]
-
Page 170
C ONFIGURING THE S WI T CH 3-116 Note: RMON groups 2, 3 and 9 can only be acce ssed usin g SNMP management so ftware such as SMC EliteView. Table 3-9 Port Statistics Parameter Description Interface Stat istics Received Octets The total number o f octets rece ived on the i nterface, including framing characters. Received Unica st Packets The number [...]
-
Page 171
P ORT C ONFIGURATION 3-117 Transmit Multicast Packets The total number of packets tha t higher-level protocols requested be transmitted, an d whic h wer e addr essed to a multicast address at this sub-laye r, including those that were discar ded or not sent. Transmit Broadcast Packets The total number of packets tha t higher-level protocols request[...]
-
Page 172
C ONFIGURING THE S WI T CH 3-118 Multiple Collis ion Frames A count of succes sfully transm itted frames for which transmiss ion is inhibited by more than one co llision. Carrier Sense Errors The n umber of tim es that the carrier sense con dition was lost or n ever asserted when attemptin g to transmit a fr ame. SQE Test Errors A count of times th[...]
-
Page 173
P ORT C ONFIGURATION 3-119 Multicast Frames The total number of good frames rec eived that were directed to this multicast ad dress. CRC/ Ali gnme nt E rro rs The num ber of CRC /alignment errors (FCS or alignment errors). Undersize Frames The total number of fra mes received that were le ss than 64 octet s long (excludi ng framin g bits, but inc l[...]
-
Page 174
C ONFIGURING THE S WI T CH 3-120 We b – Click P or t, P or t Statistics . Se lect the require d int erface , and click Quer y . Y ou can also u se the Refr esh bu tton at the b ottom o f the pag e to update the screen. Figure 3-52 Port Statistics[...]
-
Page 175
P ORT C ONFIGURATION 3-121 CLI – T his e xample show s statistics for port 13. Cons ole#s how i nter faces cou nters ethe rnet 1/ 13 4-15 2 Ethe rnet 1/ 13 Ift able stats : Octets in put: 86 8453, Octets output : 34921 22 Un icast inpu t: 7 315, Unit cast outpu t: 6658 Di scard inpu t: 0 , Dis card outp ut: 0 Er ror i nput: 0, Error out put: 0 Un[...]
-
Page 176
C ONFIGURING THE S WI T CH 3-122 Addre ss T able Sett ings Switches store t he add resse s for all known devices . Th is infor mation is used to pass traff ic dir ectly be twee n the inb ound and outb ound ports . All the add resse s learned b y moni toring tra ffic are stored in the dy namic addre ss table . Y ou can also manua lly configure stati[...]
-
Page 177
A DDR E SS T ABLE S ETTINGS 3-123 We b – Click Address T a ble, Static Addresses . Specify th e interface, the MA C address and VLAN , then click Add St atic Addr ess . Figure 3-53 Configuring a Static Addr ess Table CLI – T his e xample adds an address to t he static addre ss table , but set s it to be delete d when the sw itch is reset. Conso[...]
-
Page 178
C ONFIGURING THE S WI T CH 3-124 Displaying the Address Table The Dynami c Addres s T able c ontain s the MA C ad dresses learned b y moni toring the so urce add ress for traffic e nterin g the s witch . When the destination address for inbound traffic is found in the da tabase, the pac ke ts intende d for tha t address are forw arded direct ly to [...]
-
Page 179
A DDR E SS T ABLE S ETTINGS 3-125 We b – Clic k Address T able , Dy namic Add resses . Specify t he searc h typ e (i.e., ma rk the In ter face, MA C Ad dres s , or VLAN che ckbox), sel ect t he metho d of sorting t he displa yed addre sses , a nd then click Qu er y . Figure 3-54 Configuring a Dynamic Ad dress Table CLI – This exampl e also disp[...]
-
Page 180
C ONFIGURING THE S WI T CH 3-126 Changing the Agin g Time Y ou can set th e aging tim e for ent ries i n the dy namic add ress ta ble. Command A ttribut es • Agin g Stat us – Enable s/disab les t he functi on. • Agin g Time – T he time af ter whi ch a lea rned ent ry is dis carded . (Range: 10-30000 seconds; Default: 300 second s) We b – [...]
-
Page 181
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-127 Th e spa nning tree alg o rithm s supp or ted by this swit ch inclu de th ese ve r s i o n s : • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanni ng Tree Protocol (IEEE 802.1w) ST A uses a distri bute d alg ori thm to s elect a bridgin g device (STA-compl iant switch , bridg[...]
-
Page 182
C ONFIGURING THE S WI T CH 3-128 that can be used whe n a node or po rt fails, and ret aining the for ward ing data base fo r ports ins ensiti ve to chan ges in th e tree s tr ucture wh en reco nfigurati on occur s . Displaying Global Settings Y ou can d ispl ay a summary of the current bridge ST A inform a tion th at applies to t he entir e swi tc[...]
-
Page 183
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-129 • Designated Root – T he priori ty and MAC addre ss of th e device in th e Span ning Tree t hat thi s switch ha s accep ted as t he root de vice. - Root Por t – T he numbe r of the port on thi s switch th at is clos est to the r oot. Thi s swit ch comm un icat es wit h th e roo t devi ce thro[...]
-
Page 184
C ONFIGURING THE S WI T CH 3-130 • Root Forward Delay – T he maximum t ime (in s econds) this d evice will wait b efore chan ging states ( i .e., discarding to learning to forwardi ng). This delay is required because e very device must re ceive information about topology change s before it starts to forward frames. In ad dition , eac h por t ne[...]
-
Page 185
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-131 CLI – T his comman d displays global ST A se ttings , followed by settings for each p or t. Note: The curren t root port an d current root cost displ ay as zero when this device is not conn ected to the ne twork. Console#show spanning-t ree 4-193 Spanning-tree informati on -----------------------[...]
-
Page 186
C ONFIGURING THE S WI T CH 3-132 Configur ing Global Settings Global se ttings apply to the ent ire switch. Command U sa ge • Spa nning Tree P rotoc ol 8 Uses RST P for the intern al state m achine, but sends only 802.1D BPDUs. • Rapi d Spannin g Tree Pr otocol 8 RSTP suppor ts co nnec tion s to eit her STP or RS TP nod es by moni torin g the i[...]
-
Page 187
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-133 • Priori ty – Bridge priority is use d in se lect ing t he root devi ce, r oot po rt, and d esign ated por t. The de vice w ith th e highes t prio rity b ecomes the STA root device. However, if all devices have the same priority, the device w ith the lo west M AC address will the n become t he [...]
-
Page 188
C ONFIGURING THE S WI T CH 3-134 • Forward De lay – The maximum time (in s econds) this device will wait b e f o r e c h a n g i n g s t a t e s ( i . e . , d i s c a r d i n g t o l e a r n i n g t o f o r w a r d i n g ) . T h i s delay i s required because eve ry device m ust recei ve informati on about topolog y changes be fore it s tarts t[...]
-
Page 189
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-135 We b – Click Spanning T ree, ST A, Configuration. Modify the required attributes , and click Apply . Figure 3-57 STA Configuration CLI – Thi s exa mple ena bles S pan ning T ree Proto col, s et s the mode t o RSTP , and th en config ures the ST A and RSTP p arameter s . Console(config)#spanning[...]
-
Page 190
C ONFIGURING THE S WI T CH 3-136 Displaying In terface Settings The ST A P ort Infor mation and ST A T r unk In for mation pages d isplay the cur re nt sta tus of por ts and tr u nks in the S pannin g T ree. Field Att ributes • Spanning Tree – Show s if ST A has be en ena bled on this i nterface. • STA S tat us – Displays current state of t[...]
-
Page 191
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-137 • Designated Port – The po rt prior ity a nd numb er o f the po rt on the designat ed bridging device through whic h this swit ch must comm unicate with the root of t he Spann ing Tr ee. • Oper Link T ype – The op eratio nal point -to- point s tatus of th e LAN segmen t attache d to this in[...]
-
Page 192
C ONFIGURING THE S WI T CH 3-138 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Informat ion only) These additio nal parameter s are only displa yed for th e CLI: • Admin status – Shows if this in terface is enabled. • Path cost – T h i s p a r a m e t e r i s u s e d b y t h e S T A t o d e t e r m i n e t h e b[...]
-
Page 193
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-139 • Adm in Ed ge Po rt – You can enable this option if an inte rface is attac hed to a LAN segm ent th at is at th e end of a bridge d LAN or to an en d node. Sin ce end node s cannot cause fo rwarding l oops, th ey can pas s directly thro ugh to t he spann ing tre e forwardi ng stat e. Specify i[...]
-
Page 194
C ONFIGURING THE S WI T CH 3-140 CLI – This exampl e show s the ST A attr ibutes for po rt 5. Configur ing Interface Sett ings Y ou can c onfigure RST P attri butes for specifi c interfa ces , in cluding por t prior ity , path c ost, li nk type , and ed g e port. Y ou ma y use a diffe rent priorit y or path c ost for po r ts of the same med ia ty[...]
-
Page 195
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-141 contra dictor y informat ion. Port add ress ta ble is clea red, and t he port begi ns lear ning add resse s. - Forwarding - Por t forwards packets, and cont inues learn ing addr esse s. • Trunk – Indica tes if a port is a member of a t runk. (STA Po rt Confi guration o nly) Th e fo llowi ng int[...]
-
Page 196
C ONFIGURING THE S WI T CH 3-142 - D e f a u l t – - Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex: 200,000; full duplex: 100,000; trunk: 50,000 - Gigab it Ethernet – Fu ll duplex: 10,000; trunk: 5,000 • Admin Link Type – The link type attache d to this in terface . - Po int-to- [...]
-
Page 197
VLAN C ONFIGURATION 3-143 We b – Click Spannin g T ree, S T A, P or t Co nfigur ation or T r un k Configuration. Mo dify the requir ed attri butes , th en clic k Apply . Figure 3-59 STA Port Configuration CLI – T his exa mple se ts ST A at tributes for por t 7. VLA N Con fig urat ion IEEE 80 2.1Q VLANs In la rg e net w orks , rou ters are u sed[...]
-
Page 198
C ONFIGURING THE S WI T CH 3-144 VLANs help to sim plify ne twork manag emen t by allowing you to move device s to a new VLAN withou t having t o c h ang e any p hysical conn ection s . VLAN s can be easily org aniz ed to ref l ect de pa rt menta l groups (su ch as Mar keti ng or R&D ), usage groups (suc h as e-m ail), o r multicast g roups (us[...]
-
Page 199
VLAN C ONFIGURATION 3-145 Note: VL AN-ta gged fra mes ca n pass th rou gh VLAN -aware or VLAN-u naware network interco nnecti on dev ices, bu t the V LAN tags should b e str ipped off be fore pass ing it on to a ny e nd-n ode hos t that does no t supp ort VLA N ta gging. VLAN C lassif ication – When the sw itch rece iv es a frame , it class ifies[...]
-
Page 200
C ONFIGURING THE S WI T CH 3-146 Automatic VLAN Registration – GVRP (GARP VLAN Registratio n Prot ocol) defines a system whereb y th e switc h can au tomati call y learn the VLANs to wh ich each e nd station shou ld be assigned . If an end station (o r its netw ork adapter) suppor ts the IEEE 802.1Q VLAN protocol, it can be config ured to b roadc[...]
-
Page 201
VLAN C ONFIGURATION 3-147 F or w a rdi ng T a gged/U nta gged Frame s If you wan t to cr eat e a smal l por t-bas ed VL AN fo r de vices atta ched dire ctly to a sin gle sw itch, you can as sign p or ts to the s ame unt ag g ed VLAN . Howev er, to partic ipate in a VLAN g ro up that cros ses several switc hes , yo u should create a VLA N for that g[...]
-
Page 202
C ONFIGURING THE S WI T CH 3-148 Enabl ing or Disa bling G VRP (Global Settin g) GAR P VLA N R egis tration Protoc ol (GVRP) define s a wa y for swit ch es to ex chang e VLAN info r mation in order to reg ister VLAN memb ers on ports a cross the netw ork. VLANs ar e dyna micall y configure d based o n join me ssag es iss ued by host d evices and pr[...]
-
Page 203
VLAN C ONFIGURATION 3-149 • Maximum Number of Supported VLANs – Maximum numbe r of VLAN s that can be con figured on thi s swit ch. We b – Click VLAN , 802.1Q VLAN , Basic Infor matio n. Figure 3-61 VLAN Basic Information CLI – Enter the following comman d. Displaying Current VLANs The VL AN Current T abl e sho ws the cur rent p ort member [...]
-
Page 204
C ONFIGURING THE S WI T CH 3-150 • Status – Shows h ow th is VL AN was added t o the s witch . - Dynamic GVRP : Automatically learned via GVRP. - Permanent : Adde d as a st atic entry. • Egress Ports – Show s all the VL AN port membe rs. • Untagged Ports – Show s the untagged VLAN p ort membe rs. We b – Click VLAN , 802.1Q VLAN , Cur [...]
-
Page 205
VLAN C ONFIGURATION 3-151 • Status – Sh ows if this VLAN is enabled or dis abled. - Acti ve : VLAN is op erational. - Susp end : VL AN i s suspe nded; i.e ., do es no t pass pa cket s. • Ports / Channel groups – Shows the VL AN in terfa ce mem bers. CLI – Cur rent VL AN infor mation can be displayed wit h the following command. Creati ng [...]
-
Page 206
C ONFIGURING THE S WI T CH 3-152 • State (CLI) – Enabl es or d isabl es the sp ecified VLAN. - Acti ve : VLAN is op erational. - Susp end : VL AN i s suspe nded; i.e ., do es no t pass pa cket s. • Add – Ad ds a new VLAN gro up to the curre nt list. • Remove – Remove s a VLAN gr oup from th e c urrent list. If an y po rt is assign ed to[...]
-
Page 207
VLAN C ONFIGURATION 3-153 Adding S tatic Members to VLANs (VLAN Index) Use the VLAN S tatic T able t o configu re port members fo r the s elected VLAN index. Assign por ts as tag g ed if they are connected to 802.1Q VLAN compli ant devices , or untag ged they a re not c onnecte d to any VLAN - a ware devi ces . Or confi gure a po r t as forbi dden [...]
-
Page 208
C ONFIGURING THE S WI T CH 3-154 • Membership Type – Sel ect VLAN m embership for eac h int erface by marki ng th e approp riate r adio bu tton f or a po rt or tr unk: - Ta gged : Interf ace is a member of the V LAN. All pa ckets transmitt ed by the port will be tagged, that is, c arry a tag and therefo re carry VLAN o r CoS infor mation. - Un [...]
-
Page 209
VLAN C ONFIGURATION 3-155 We b – Click VLAN , 802.1Q VLAN , Static T able. Se lect a VLAN ID fro m the s croll-down list. Mod ify the VL AN name and status if re quired. Selec t the me mbersh ip type by markin g the approp riat e radio button in the list of por ts or tr un ks . C lick Apply . Figu re 3-64 Conf iguring a VLAN S tatic Table CLI –[...]
-
Page 210
C ONFIGURING THE S WI T CH 3-156 Adding S tatic Members to VLANs (Port Index) Use th e VLAN Static Membership by P or t men u to assign V LAN g roups to th e sel ect ed in te rfac e as a tag g ed mem ber . Command A ttribut es • Interface – P ort or tru nk id entifi er. • Member – VLAN s for wh ich th e selected inter face i s a tagg ed mem[...]
-
Page 211
VLAN C ONFIGURATION 3-157 Confi guring VLAN Behavior for Interfa ces Y ou can config ure VLAN behavior for specific interfaces , in cluding the default VLAN iden tifier ( PVID), ac ce pted fr ame typ es , ingress filteri ng, GVRP status , and GARP t imers . Command U sa ge • GVR P – GARP VL AN Reg istra tion Pr otoc ol def ines a wa y for swit [...]
-
Page 212
C ONFIGURING THE S WI T CH 3-158 - Ingres s filtering only affects tagged frames. - If ing ress filt ering i s disabled and a port recei ves frames tagged fo r VLAN s for which it is not a member, these frames will b e flooded to all other ports (e xcept for those VL ANs explicitly forbidden on this po rt). - If ing ress filt ering is enabled and a[...]
-
Page 213
VLAN C ONFIGURATION 3-159 • Mode – Indicate s VLAN memb ership mode for an inte rface. (Default : Hybri d) - 1Q Trunk – Spec ifies a port as an end-point for a VLAN tru nk. A trunk is a direct link betw een two sw itches, so the port transmits tagged frames that ide ntify the source V LAN. Note that frames belongi ng to th e port’s defau lt[...]
-
Page 214
C ONFIGURING THE S WI T CH 3-160 CLI – This exampl e sets po r t 3 to accept only tagg ed frames , assi gns PVID 3 as the native VLAN ID , enables GV RP , sets th e GARP time rs , and the n sets th e swit c h por t mod e to hybrid. Priva te VLAN s Pri vate VLA Ns pro vide port-based securit y and i solation betw een p or ts within the ass igned V[...]
-
Page 215
VLAN C ONFIGURATION 3-161 2. Use the P riv ate VL AN Asso ciation menu (pag e 3-16 4) to map the seco ndar y (i.e., com munity) VLA N(s) to the prima r y VL AN . 3. Use the Pr iv ate VLAN P ort Configur ation menu (page 3-166) to set the por t type to prom iscuous ( i.e., having acc ess to all p or ts in the pri mar y VLAN ), or host ( i.e. , ha vi[...]
-
Page 216
C ONFIGURING THE S WI T CH 3-162 We b – Click VLAN , Private VLAN , Infor ma tion. S elect th e desir ed por t fr om the VLAN ID dro p-d own m en u. Figure 3-67 Private VLAN Information CLI – T his e xample s how s the s witch config ured with primary VLAN 5 and seco ndary VLAN 6. P or t 3 ha s been con figured as a prom iscuous po rt and mappe[...]
-
Page 217
VLAN C ONFIGURATION 3-163 Confi guring Pri vate VLANs Th e Private VL AN C onfigu rati on pag e is u sed to c reate /rem ov e pr imar y , community , or isolated VLANs . Command A ttribut es • VLAN ID – ID of configured VLAN (1-4094). • Type – The re ar e thr ee typ es of priva te VL ANs: - Prim ary VL ANs – Convey s traffic bet ween prom[...]
-
Page 218
C ONFIGURING THE S WI T CH 3-164 CLI – T hi s exa mple c onfigu res VLAN 5 as a pri mar y VL AN , and V LAN 6 as a comm unity VLAN and VLAN 7 as an isolated VLAN . Associating VLANs Eac h comm unit y VLAN m ust b e associ ated wit h a pr imar y VL AN . Command A ttribut es • Primary VLAN ID – ID of primary VLAN (1-4094). • Associati on – [...]
-
Page 219
VLAN C ONFIGURATION 3-165 CLI – T his exam ple asso cia tes com munit y VL ANs 6 a nd 7 with p rim ar y VLAN 5. Displaying Private VLAN Interface Infor mation Use the Priv ate VLAN P ort Infor mation a nd Pri v ate VLAN T r unk Infor mation men us to display t he interfaces as sociated wit h priv at e VLANs. Command A ttribut es • Port/Trunk ?[...]
-
Page 220
C ONFIGURING THE S WI T CH 3-166 We b – Cli ck VL AN, Pr ivate VLAN , Por t Inf orma tio n or Tr unk Infor mation. Figure 3-70 Private VLAN Port Information CLI – T his e xample s how s the s witch config ured with primary VLAN 5 and c ommun ity VLAN 6. P or t 3 has been con figured as a promi scuous po r t a n d m ap pe d to VL A N 5 , w h i l[...]
-
Page 221
VLAN C ONFIGURATION 3-167 - Host – Th e port is a community po rt or an isolat ed port. A comm unity port can co mmunica te wi th other port s in its ow n commu nity VLA N and wit h desi gnated promisc uous por t(s). A n isol ated po rt can o nly commu nicate wi th th e singl e desi gnated promi scuous port i n the is olated VLAN; it canno t comm[...]
-
Page 222
C ONFIGURING THE S WI T CH 3-168 We b – Click VLA N, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Ty pe for each port that will join a pri vate VLA N. As sign promi scuous ports t o a pr imary or isolated VLAN. Assign host por ts to a co mmuni ty or iso lated VL AN. Afte r all the po rts have b een config ured, cli [...]
-
Page 223
C LASS OF S ER VICE C ONFIGURATION 3-169 Cla ss of Service C onfigura tion Class of Ser vice (CoS) allows you to specify which data pack ets have greater pr ecedence w hen traf fic is buffered in the s witch due to cong esti on . Th is switch s uppor ts CoS wit h four pr iorit y queue s for each por t. Data packets in a por t’ s hig h-priority qu[...]
-
Page 224
C ONFIGURING THE S WI T CH 3-170 Command A ttribut es • Default Priority 11 – The prior ity that is assigned to unta gged frame s received on the specified interface. (Range: 0-7, Default: 0) • Number of Egress Traffic Cl asses – The num ber of qu eue buffers provid ed for each port. We b – Click P riority , De fault P or t Priority or De[...]
-
Page 225
C LASS OF S ER VICE C ONFIGURATION 3-171 Mapping CoS Values to Egr ess Queues Th is switch processes Class of Ser v ice (CoS) priority tag g ed traffic by using fo ur priorit y queues for ea ch por t, wit h ser vice sc hedules ba sed on strict o r W eighte d R oun d R obin (WRR). Up to e ight se parate traffi c priorities are defined in IEEE 8 02.1[...]
-
Page 226
C ONFIGURING THE S WI T CH 3-172 Command A ttribut es • Priori ty – CoS value. (Ran ge: 0-7, where 7 is the highest priority) • Traffic Class 12 – Output queue buffer. (Rang e: 0-3, where 3 is the highes t CoS priority queue) We b – Click Priority , T raffic Classes . The cur rent mapping of CoS values to outpu t queu es is displ ayed. As[...]
-
Page 227
C LASS OF S ER VICE C ONFIGURATION 3-173 Selecti ng the Queue Mode Y ou can set th e swit ch to ser vice the qu eues ba sed on a strict r ule th at require s all traffi c in a hi gher pri ority qu eue to be proce ssed bef ore lo wer prior ity queues are ser viced, or use W eight ed R ound-R obin (W RR) queuin g that specifies a relati ve w eight of[...]
-
Page 228
C ONFIGURING THE S WI T CH 3-174 Setti ng the Se rvice Weight for Traffic Classes Th is sw itch us es the W eight ed Round Robin (WRR ) al g orit hm to deter min e the frequency at which it ser vices each priority queue. As described in “M apping CoS V alues to Egress Queues” on page 3-171, the traff ic classe s are map ped to one of t he four [...]
-
Page 229
C LASS OF S ER VICE C ONFIGURATION 3-175 CLI – The follo wing ex ample s hows how to assi gn WRR w eight s to eac h of the priorit y queues . Layer 3/4 Priority Setting s Mapping Layer 3/4 Prio rities to CoS Values Th is switch suppo rt s several common meth ods of pr ioritizing layer 3/4 traffic to meet applicatio n requirements . T raffic prior[...]
-
Page 230
C ONFIGURING THE S WI T CH 3-176 Selecti ng IP Precedence/DSCP Priority The swi tch a llow s you to c hoose betw een us ing IP Pre cedenc e or DSCP prior ity . Select o ne of th e methods or dis able th is feature . Command A ttribut es • Disabled – Disables bo th priority services. (Th is is the d efault setti ng.) • IP Precedence – Map s [...]
-
Page 231
C LASS OF S ER VICE C ONFIGURATION 3-177 Command A ttribut es • IP Precedence Priority Table – Sh ows th e IP Pre cedence t o CoS map. • Class of Service Value – Ma ps a CoS val ue to t he select ed IP Preced ence value . Note t hat “0” rep resents low p riority and “7 ” repr esent h igh pr iority. We b – Clic k Priorit y , IP Pre[...]
-
Page 232
C ONFIGURING THE S WI T CH 3-178 CLI – The follo wing ex ample gl obally en ables IP Preceden ce ser vice on the sw itc h, maps IP Preceden ce v alue 1 to CoS v alue 0 (on port 1), a nd the n displ ays t he IP Pr ecedence setting s . Note: Mapp ing specific values for IP Precedence is impl emented as an interface configuration comman d, but any c[...]
-
Page 233
C LASS OF S ER VICE C ONFIGURATION 3-179 Command A ttribut es • DSCP Priori ty Table – Sh ows the DSC P Pr iori ty to CoS m ap. • Class of Service Value – M aps a Co S value to the sele cted DSCP Priority value . Note that “0” repr esents low priorit y and “7” repr esent high pr iori ty. Note: IP DSCP se ttings apply to all inte rfa[...]
-
Page 234
C ONFIGURING THE S WI T CH 3-180 CLI – T he following example globally enables DSCP Priority ser vice on the s witch, maps DSCP value 0 to Co S value 1 (on por t 1), and th en displays the DSCP Priority set tings . Note: Mapp ing sp ecific values for IP DSCP is imple mented as an interface configuration comman d, but any changes will apply to the[...]
-
Page 235
C LASS OF S ER VICE C ONFIGURATION 3-181 We b – Click Priority , IP P o rt Priority St atus . Set IP P ort Priority Status to Ena bled . Figure 3-79 IP Port Prio rity Status Clic k Priority , IP P or t Priori ty . Enter the po rt number for a netw o rk application in the I P P or t Numb er bo x and the new CoS value in the Class of Ser vic e bo x[...]
-
Page 236
C ONFIGURING THE S WI T CH 3-182 CLI – T he following example globally enables IP P or t Priority ser vic e on the s witch , maps HTT P tra ffi c on po r t 5 to CoS value 0, and then dis plays all the IP P or t Priority sett ings for tha t por t. Note: Mapp ing specific val ues for IP Port Priority is implemented as an interface configuration com[...]
-
Page 237
C LASS OF S ER VICE C ONFIGURATION 3-183 • ACL CoS Priority Mapping – Displa ys the conf igured info rmation. We b – Click Priority , A CL CoS Priori ty . E nable mapping for any port, select an A CL from the scroll-down list, the n click Add. Figure 3-81 ACL CoS Pri ority CLI – This examp le assig ns a CoS v alue of z ero to pack ets matc [...]
-
Page 238
C ONFIGURING THE S WI T CH 3-184 Mu ltic ast Fi lte ring Multicasting is used to suppor t real-t ime application s such as vide oconferencin g or streaming audio . A multicast ser ver doe s not have to estab lish a se para te conn ection with e ach client . It mer ely broad casts its se r vic e to the network, and any h osts th at want to recei ve [...]
-
Page 239
M ULTICAST F ILT ER IN G 3-185 Laye r 2 IG MP (Snooping and Query) IGMP Snoo ping and Quer y – If multicast routing is no t suppor ted on othe r swit ches in your network, you can us e IGMP Sn ooping and Q uer y (pag e 3-185) to monitor IGMP ser vice requests passing between multicast clients and ser v ers, and dynamica lly configure th e switch [...]
-
Page 240
C ONFIGURING THE S WI T CH 3-186 mult icastin g, on e of th ese de vices is electe d “queri er” and assumes t he role o f queryin g the L AN for group members. It then propagates the service requests on to any upst ream multica st switch/ router to en sure that it will continue to re ceive the m ulticas t ser vice. Note: Multic ast routers use [...]
-
Page 241
M ULTICAST F ILT ER IN G 3-187 Notes: 1. A ll sy stems on the subnet must supp ort th e sam e ver sion. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. We b – Clic k IGMP Sn oopin g, IG MP Co nfiguration. A djust the IGMP sett ings as req uired, a nd then click Apply . (Th e default settin gs ar[...]
-
Page 242
C ONFIGURING THE S WI T CH 3-188 Displaying Interfaces A ttach ed to a Mult icast Router Mult icast r outers t hat are attac hed to ports on the swi tch use information obtained from IGMP , along with a m ulticas t routing protoco l suc h as D V MRP or PIM , to supp or t IP multic ast ing acro ss the Inter n et. T hese routers may be dynamically di[...]
-
Page 243
M ULTICAST F ILT ER IN G 3-189 CLI – T his examp le shows th at P or t 11 h as been statically configured as a port attache d to a mult icast router . Specif ying Static Interfaces for a Multicast Router De pendin g on y o ur network conn ecti ons , I GMP snoopin g m a y n ot al wa ys be ab le to loca te th e IGMP queri er . Therefore , if t he I[...]
-
Page 244
C ONFIGURING THE S WI T CH 3-190 We b – Click IGMP Sn ooping, Static Multicas t R outer P or t Config uration. Specify the int erfaces at tache d to a m ultic ast router , i ndicate the VLAN which will forward all the corr esponding multicast traffic , and then click Add. After you hav e finished adding int erfaces to the list, click Apply . Figu[...]
-
Page 245
M ULTICAST F ILT ER IN G 3-191 We b – Click IGMP Snoop ing, IP Multicast R egi stration T able. Select a VLAN ID and the IP address for a multicast ser v ice from the scroll-d o wn lists . Th e switch will display all the interfaces that are propag ating this multicast ser vice. Figure 3-85 IP Multicast R egistrati on Table CLI – T his example [...]
-
Page 246
C ONFIGURING THE S WI T CH 3-192 Assigning Por ts to Multicast S ervices Multicast fi ltering can be dynamical ly configured using IGM P Snoopin g and I GMP Query messages as de scribe d in “Con figu ring IGM P snoo ping and Query P arameters” on pag e 3-133. F or certain applications that require tigh ter cont rol, y ou ma y need t o static al[...]
-
Page 247
M ULTICAST F ILT ER IN G 3-193 We b – Clic k IGMP Sn ooping , IGMP Member P o rt T able . Specif y the interface attached to a multicast se r v ice (via an IGMP-en abled switch or multicast rou ter), indica te the VLAN tha t will pr opag at e the multicas t ser vice, s pecify the multicast IP address , and click Add. After you ha ve complete d ad[...]
-
Page 248
C ONFIGURING THE S WI T CH 3-194[...]
-
Page 249
4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This c hapte r descr ibes ho w to u se the Co mmand Line Int erface (C LI). Note: Yo u ca n only ac ces s the co nsole i nter face throug h the Ma ster unit in the stac k. Using th e Command Line Inte rface Accessing the CLI When ac cessing the man ag eme nt inte rface for the sw itch o ver a d irect con ne[...]
-
Page 250
C OMMAND L IN E I NTE RF A CE 4-2 3. Wh en finished , exit th e ses sion wi th the “q uit” or “exit ” comma nd. Aft er connec ting to the syst em throug h the c onso le port, th e login screen dis plays: Telnet Connection T elnet operat es o ver the IP tran sport proto col. In th is envi ronment , you r mana g eme nt stati on and any ne tw [...]
-
Page 251
U SIN G THE C OMMAND L INE I NTE RF A CE 4-3 After y ou config ure the swi tch wi th an I P address , y ou can op en a T elnet sess ion by perfo r ming the se st eps: 1. Fr om the remote hos t, enter the T elnet command a n d the IP a ddress of the d evice you want to acc ess . 2. At the pro mpt, enter th e user name and sys tem password. The CLI w[...]
-
Page 252
C OMMAND L IN E I NTE RF A CE 4-4 Ent ering Comman ds Th is sec tion des crib es how to en ter CL I co mmands . Keywords and Arg uments A CLI com mand is a ser ies of ke yw ords an d arguments . K eyw ords id entify a comman d, and argument s specify con figuration p arameters . F or exa m pl e, in the comma nd “sho w inter faces statu s ethernet[...]
-
Page 253
E NTERING C OMMAN DS 4-5 Command C ompletion If you ter minat e input with a T ab key , the CLI will print th e remaining character s of a par tial keyword up to th e point of ambigu ity . In th e “logging hi story” exampl e, t yping lo g follo wed by a tab will result in prin ting the c omman d up to “ lo ggi ng .” Getting Help on Comm and[...]
-
Page 254
C OMMAND L IN E I NTE RF A CE 4-6 Showing Commands If you en ter a “?” at the command prom pt, the sy stem will display the first lev el of k eyw ords fo r the current c ommand class (N or mal Ex ec or Pri vileged Ex ec) or confi guratio n clas s (Globa l, A CL, Int erface, Line or VLAN Dat abase). Y o u can also display a list of valid k eywor[...]
-
Page 255
E NTERING C OMMAN DS 4-7 The c omm and “ sho w interfaces ? ” will d isplay the following infor mation: Partial Keyword Lookup If y ou ter minate a partial keyw ord with a question mark, alternati ves that match the initial lett ers are provided. (R ememb er not to leav e a space betw een the co mmand and que stion ma rk.) F or example “ s? ?[...]
-
Page 256
C OMMAND L IN E I NTE RF A CE 4-8 Understanding Command Modes The comman d set is divide d into Ex ec and Con figurati on class es . Ex ec commands g enerally display infor mation on sys tem status or clear stat istical c ount ers . Conf igura tion com mand s , on t he othe r hand , modify inte rface pa rameters o r enable certai n switc h ing fu n[...]
-
Page 257
E NTERING C OMMAN DS 4-9 Pri vi le g ed Ex ec mode from wi thin Nor mal Ex ec mode , by enter ing the ena ble command, followed b y the privileg ed lev el p assw ord “super” (pag e 4-36). T o ente r Pri vileged Ex ec mode, e nter th e follo wing us er names an d pass w or ds: Configur ation Commands Configuration command s are privileged level [...]
-
Page 258
C OMMAND L IN E I NTE RF A CE 4-10 • Line Config urati on - The se co mmands modif y the co nsole port and Teln et configurat ion, an d includ e command such as parity and databits . • VLAN Configurat ion - I ncludes t he comman d to crea te VL AN group s. T o e nter th e Global C onfigu ratio n mode, ente r the c omma nd configure in Privilege[...]
-
Page 259
E NTERING C OMMAN DS 4-11 Command L ine Processi ng Comma nds are n ot case sensiti v e . Y ou can abb reviate commands and par ame ters as lon g as th ey c ont ain e nou gh lett ers to di ffer ent iat e the m from any other cur rent ly a vai lable c ommands o r para meters . Y o u can use the T ab key to comp lete partial c ommands , or enter a pa[...]
-
Page 260
C OMMAND L IN E I NTE RF A CE 4-12 Comma nd Grou ps The syst em com mands ca n be bro ken down into th e funct ional groups shown be low . Table 4-4 Command Grou ps Command Group Description Page Li ne S ets com mun ica tio n pa ra me ters for the s erial port and Telne t, including baud rate and console time-out 4-14 General Basic commands for ent[...]
-
Page 261
C OMMAND G RO UP S 4-13 The access mode sho wn in the fo llow ing tab les is i ndicated by t hese abbr eviat ions: NE (Nor mal Exec) PE (Privileg ed Exec) GC (Glo bal Configuration) ACL (Acce ss Co ntrol List Co nfigur ation) IC (Int erfa ce Co nfi gura tion ) LC (Line Configuration ) VC ( VLAN Database Configuration) Address Tab le Configures the [...]
-
Page 262
C OMMAND L IN E I NTE RF A CE 4-14 Line Comm ands Y ou can access the onboard c onfig uration program by attach ing a VT100 compa tible de vice to th e ser v er’ s serial port. These comman ds are us ed to set co mmuni cation p arameter s for th e serial port or T el net (i.e ., a vir tual ter minal) . Tabl e 4-5 L ine Comm ands Com man d Funct i[...]
-
Page 263
L INE C OMMAN DS 4-15 line This com mand iden tifies a specific line for config uration, an d to pro cess subs equent line co nfigu ration c ommand s . Synta x lin e { console | vty } - console - Cons ole te rminal line. - vty - Virtual te rmi nal fo r remote con sole access ( i.e., Telne t). Default Setting Th ere is no default line. Command Mode [...]
-
Page 264
C OMMAND L IN E I NTE RF A CE 4-16 login This comma nd enabl es pass wo rd ch eckin g at logi n. Use the no fo r m to disa ble pas sw or d checking and allow c onne ction s witho ut a pa ssword. Synta x login [ local ] no logi n local - Selects local pa ssw or d c h ecking . A u thent ication is base d on the us er nam e spec ified with t he user n[...]
-
Page 265
L INE C OMMAN DS 4-17 Example Related Commands usern ame (4-35) passw ord (4-17) password This com mand speci fies the passw ord for a line . Use the no fo r m to remove the pa ssword. Synta x password { 0 | 7 } password no pass wor d -{ 0 | 7 } - 0 means plain password, 7 mean s encrypte d password - password - Character string that specifies the [...]
-
Page 266
C OMMAND L IN E I NTE RF A CE 4-18 configuration file from a TF TP server. There is no nee d for you to man ually config ure encr ypted p asswo rds. Example Related Commands login (4-16) password-thr esh ( 4-20) timeout login r esponse Th is command s ets the int er val that th e system waits for a user to lo g into the C LI. Us e the no for m to r[...]
-
Page 267
L INE C OMMAN DS 4-19 Example T o s et th e tim eout to t wo min ute s , e nter thi s comm and: Related Commands silent-tim e (4-21) ex ec-timeo ut (4-14) exec-timeout Th is command sets th e inter va l t hat the system waits until user in put is detect ed. Use th e no for m to res tore t he defaul t. Synta x ex ec-timeout [ second s ] no ex ec -ti[...]
-
Page 268
C OMMAND L IN E I NTE RF A CE 4-20 Example T o s et th e tim eout to t wo min ute s , e nter thi s comm and: Related Commands silent-tim e (4-21) tim eout l ogin resp onse (4 -13) password -thresh Th is command sets the pass w ord int r usion th reshold which limits t he number of faile d log on a ttempts . Use th e no for m to remove t he thresh o[...]
-
Page 269
L INE C OMMAN DS 4-21 Example T o se t the pass w o rd thres hold to five attempts, enter this comma nd: Related Commands silent-tim e (4-21) tim eout l ogin resp onse (4 -13) sil ent-ti me Th is comm and sets th e amount of time th e manag eme nt conso le is inacce ssible after th e num ber of uns uccessf ul logon atte mpts ex ceeds th e thresh ol[...]
-
Page 270
C OMMAND L IN E I NTE RF A CE 4-22 databits Th is comm and sets th e number of d ata bits per charact er that a re inter pre ted and g ene rated by the conso le po r t. Us e the no fo r m to r es tor e the d efault value. Synta x data bits { 7 | 8 } no data bits - 7 - Seven data bits per charac ter. - 8 - E ight dat a bits pe r charact er. Default [...]
-
Page 271
L INE C OMMAN DS 4-23 parity Th is comm and define s the g ene ratio n of a par ity bit . Use the no for m to restor e the d efault set ting . Synta x parity { none | even | od d } no parity - none - No parity - even - Eve n pari ty - odd - Odd p arity Default Setting No pari ty Command Mode Line Con figuration Command Usage Commun ication prot oco[...]
-
Page 272
C OMMAND L IN E I NTE RF A CE 4-24 Default Setting 9600 Command Mode Line Con figuration Command Usage Set t he speed to ma tch the baud r ate of th e device co nnected to the seri al por t. Some baud rate s av aila ble on devi ces co nne cted to th e por t mig ht not b e supp or ted. The sys tem indic ates if the speed you s elected is not supp or[...]
-
Page 273
L INE C OMMAN DS 4-25 disconnect This comma nd ter minates an SSH, T eln et, or conso le connec tion. Synta x disconnect s ession- id sessio n-i d – T he se ssion identif ier for a n SSH, T elne t or co nsole conne ction. (R ang e: 0-4) Command Mode Pri vileged Ex ec Command Usage Specifying s ession id entifier “0” will disconn ect the con s[...]
-
Page 274
C OMMAND L IN E I NTE RF A CE 4-26 Example T o show all lines, enter this command: General Com mands Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabl ed Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 times Inte[...]
-
Page 275
G ENERAL C OMMAN DS 4-27 enable Th is command activates Pri v ileged E x ec mode. In privileg ed mode, additi onal commands ar e av ailable, an d cer tain commands display additi onal infor mation. See “Underst anding Command Mo des” on pag e 4-8. Synta x ena ble [ level ] leve l - Privilege level to log into the device. The device has two pred[...]
-
Page 276
C OMMAND L IN E I NTE RF A CE 4-28 disable Th is command retur ns to Nor mal Exec mode from privilege d mode. In nor mal access m ode, you ca n only displa y bas ic information o n the switch's configuration or Ether net statistics . T o g ain access to all comm ands, you must use t he pr ivileg ed mod e . S ee “ Under sta nding Comma nd Mod[...]
-
Page 277
G ENERAL C OMMAN DS 4-29 Example Related Commands end (4-30) sho w hi sto ry This com mand sh ows the cont ents o f the co mmand hi story buffer . Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage The histo r y buffer si ze is fix ed at 10 Ex ecution co mmands an d 10 Conf igurati on c ommand s . Example In this ex a[...]
-
Page 278
C OMMAND L IN E I NTE RF A CE 4-30 The ! comman d repeats c ommands fro m the Ex ecution co mmand his tory buffer when y ou are in Nor mal Ex ec or Pri vileged Ex ec Mode , and comm ands from th e Configur ation comma nd history buffer when y ou are in any of the co nfiguration modes . In t his example, the !2 command repeats the se cond com mand i[...]
-
Page 279
G ENERAL C OMMAN DS 4-31 Command Mode Global C onfigu ratio n, In terface Conf iguration, Line Co nfiguration, and VLAN D atabase Configu ration . Example This examp le sho w s ho w to re tur n to the Pri vileged E xec mode fro m the Interface Config uration mod e: exit Th is command retur ns to th e previous configuration mo de or exit the config [...]
-
Page 280
C OMMAND L IN E I NTE RF A CE 4-32 Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage The quit and exi t com mands c an bot h exit th e confi gurati on pr og ram. Example Th is example shows how to q uit a CLI session: System Ma nageme nt Comma nds These comm ands are used to control system logs , passw ords , user nam es , browse r conf [...]
-
Page 281
S YS TEM M ANAG EMENT C OMMAN DS 4-33 Device Designation Co mmands pro mpt This com mand custo mizes t he CLI pr ompt. Us e the no for m to rest or e the default prom pt. Synta x prompt string no prompt string - Any a lpha nu meric s tring to use for the C LI pr ompt. (Maxim um lengt h: 255 ch aracters ) Default Setting Cons ole Command Mode Glob a[...]
-
Page 282
C OMMAND L IN E I NTE RF A CE 4-34 hostna me This comman d specifi es or modi fies the h ost name for t his device . Use the no for m t o rest ore th e defau lt hos t name. Synta x hostname name no hostname name - The name of this host. (Maximum length: 255 c haracters) Default Setting None Command Mode Glob al Config uration Example User Access Co[...]
-
Page 283
S YS TEM M ANAG EMENT C OMMAN DS 4-35 userna me This com mand adds n amed use rs , req uires auth entica tion a t login, spec ifies o r chang es a use r's password (or spe cify that no pass w ord is requ ired ), or spe cif ies or chang e s a user 's a cces s le v e l. Use the no fo r m to remo ve a u ser name . Synta x user name na me { a[...]
-
Page 284
C OMMAND L IN E I NTE RF A CE 4-36 Command Usage Th e encr ypted pa ssw ord is required for comp atibility with leg acy pas sw ord sett ings (i.e ., pl ain te xt o r encrypted) when r eadin g th e con figurat ion file dur ing sy stem boot up or wh en do wnlo ading the config urat ion fi le fr om a T FTP ser ver . Th ere is n o nee d for you to man [...]
-
Page 285
S YS TEM M ANAG EMENT C OMMAN DS 4-37 Command Usage • You c annot set a n ull pa ssword. You will h ave to e nter a p asswo rd to change the command mode from Normal Exec to Privilege d Exec with th e enable command (page 4-27). • The encr ypted password is required for compatibility with legac y pas sword s ettings (i.e. , plain text or encryp[...]
-
Page 286
C OMMAND L IN E I NTE RF A CE 4-38 management This com mand speci fies the client IP address es that a re allo wed man ag eme nt acc ess to the swit ch t hrough va rious proto cols . Us e the no for m to restor e the d efault set ting . Synta x [ no ] mana gement { all-client | http-client | snmp-cl ient | telnet-client } start-addre ss [ e nd-addr[...]
-
Page 287
S YS TEM M ANAG EMENT C OMMAN DS 4-39 • You can delet e an addres s range j ust by sp ecifyi ng the st art addres s, or by sp ecifying both the start ad dress and e nd addres s. Example This examp le restri cts managem ent access to the i ndicated addres ses . show management Th is command displays the client IP add resses th at are allowe d man [...]
-
Page 288
C OMMAND L IN E I NTE RF A CE 4-40 Example Web Server Com mands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address ----------------------- ------------------------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address ----------------------- ---------[...]
-
Page 289
S YS TEM M ANAG EMENT C OMMAN DS 4-41 ip h ttp port This comma nd specifi es the T CP port n umber u sed b y the web bro wser interface. Use the no for m to use the defa ult por t. Synta x ip http por t por t-nu mber no ip http por t por t- num ber - T h e T C P p o r t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e . (Range: 1-65535) De[...]
-
Page 290
C OMMAND L IN E I NTE RF A CE 4-42 Example Related Commands ip http por t (4-41) ip http secure-server This com mand ena bles t he secure h yper tex t tran sfer prot ocol (HTTPS) over the Se cure Socket Laye r (SSL ), pr oviding se cure acces s (i. e., an encrypted c onnectio n) to the swit ch’ s web inter face . Use the no for m to disable this [...]
-
Page 291
S YS TEM M ANAG EMENT C OMMAN DS 4-43 • The cl ient and server establ ish a secure en crypted c onnec tion. A pad lock ic on sho uld app ea r in the stat us ba r for Inte rnet Explor er 5.x and Netscape Navigator 6.2 or later versions. • Th e foll owing web brow sers a nd op erating s ystems curren tly su pport HTTPS: • To sp ecify a s ecure-[...]
-
Page 292
C OMMAND L IN E I NTE RF A CE 4-44 Command Mode Glob al Config uration Command Usage • You cannot con figure the HT TP and HT TPS server s to us e the s ame port . • If yo u change t he HTTPS po rt number, client s attemp ting to c onnect to th e HTTPS serv er m ust spec ify th e por t numbe r in th e URL, in this for ma t: https:// devic e : p[...]
-
Page 293
S YS TEM M ANAG EMENT C OMMAN DS 4-45 Default Setting 23 Command Mode Glob al Config uration Example Related Commands ip telne t ser ver (4-45) ip tel net server Th is command allows this device to be monitored or configured from T e lnet. Use the no for m to d isabl e this f uncti on. Synta x [ no ] ip telnet ser ver Default Setting Ena bled Comma[...]
-
Page 294
C OMMAND L IN E I NTE RF A CE 4-46 Secure Shell Commands The B erkley-standard includes remote access to ols originally designed for Unix s ystem s . Some of thes e tool s hav e also be en imp lemen ted for Micros oft W indows and othe r envir onmen ts . The se to ols , includin g comm ands suc h as rl o gin (r emote log in), rsh (remo te shell) , [...]
-
Page 295
S YS TEM M ANAG EMENT C OMMAN DS 4-47 The SSH ser ver on this switc h su pports bot h passw ord and public k ey auth entica tion. I f passw ord authe nticati on is sp ecifie d by t he SSH cli ent, then the pas swo rd c an be au thentic ated e ither lo cally or via a RADIUS o r T A CA CS+ remote auth entica tion ser ver , as s pecified b y th e auth[...]
-
Page 296
C OMMAND L IN E I NTE RF A CE 4-48 2. Provide Host Public Key to Clients – Many SSH client prog rams automatically imp or t the host public key during the initi al connectio n setup w ith the switch. Othe rwise, you need t o manually creat e a known hosts file o n the man ag ement station and plac e the host public key in it. An entr y for a pu b[...]
-
Page 297
S YS TEM M ANAG EMENT C OMMAN DS 4-49 a. Th e client send s its publi c key to the switch. b. The swi tch c ompares t he clien t's publi c k ey to t hose stor ed in m emor y . c. If a ma tch is found, the s witch uses th e public key t o encrypt a ran dom seque nce of by tes , and se nds th is stri ng to the clie nt. d. The clien t uses it s p[...]
-
Page 298
C OMMAND L IN E I NTE RF A CE 4-50 Example Related Commands ip ssh cr ypto h ost-key g ener ate (4-52) show ssh (4-55) ip ssh timeout This com mand confi gures the timeout for the SSH ser ver . Use the no for m to restor e the d efault set ting . Synta x ip ssh timeout seconds no ip ssh tim eout seconds – T he timeout for client re sponse du ring[...]
-
Page 299
S YS TEM M ANAG EMENT C OMMAN DS 4-51 ip ssh auth enticati on-retri es This com mand confi gures the numb er of ti mes th e SSH ser v er attempt s to reau thentic ate a user . Use th e no for m to re store t he defa ult setti ng . Synta x ip ssh a uthentication-retries coun t no ip ssh authentication-ret ries count – T he number of a uthentica ti[...]
-
Page 300
C OMMAND L IN E I NTE RF A CE 4-52 Command Usage • The se rver key is a pr ivate key that i s never shar ed outsid e the switch . • The host key is shared with the SSH client, and is fixed at 1024 bits. Example delete pub lic-key This comma nd deletes the sp ecified us er’ s public key . Synta x delete public-k ey user name [ dsa | rsa ] -u s[...]
-
Page 301
S YS TEM M ANAG EMENT C OMMAN DS 4-53 Command Mode Pri vileged Ex ec Command Usage • This comm and st ores the ho st k ey pa ir in me mory (i. e., R AM). Use th e ip ssh sav e host-key com mand to s ave the h ost key pair t o flash memory. • So me SS H cli ent pr ogr ams a utom atica lly a dd th e pu blic k ey to th e know n hosts file as part [...]
-
Page 302
C OMMAND L IN E I NTE RF A CE 4-54 Command Usage • Thi s command clears the host key fr om volatil e memory ( RAM). Use the no ip ss h save hos t-ke y command t o clear the host key from fla sh memory. • The SSH s erver must b e disabled before you can exe cute this command. Example Related Commands ip ssh cr ypto h ost-key g ener ate (4-52) ip[...]
-
Page 303
S YS TEM M ANAG EMENT C OMMAN DS 4-55 show ip ssh This com mand disp lays the co nnecti on settin gs used when authenti cating clie nt acces s to the SS H ser v er . Command Mode Pri vileged Ex ec Example show ssh This com mand di spla ys the cur ren t SSH ser v er connect ions . Command Mode Pri vileged Ex ec Example Console#show ip ssh SSH Enable[...]
-
Page 304
C OMMAND L IN E I NTE RF A CE 4-56 show p ublic- key This com mand sh ows the publ ic k ey for t he spe cified user or fo r the ho st. Synta x show publi c-key [ user [ u ser name ]| host ] user name – Name of an SSH user . (Range: 1-8 c haract ers) Default Setting Shows all public key s . Encryption The encryption method is automatically negotia[...]
-
Page 305
S YS TEM M ANAG EMENT C OMMAN DS 4-57 Command Mode Pri vileged Ex ec Command Usage • If no p arameters are entered, all keys are displayed. If the user key word is en tered, but no use r name is specified , then the publ ic keys for a ll user s are displ ayed. • When an RSA key is disp layed, the fir st field indicat es the s ize of t he host k[...]
-
Page 306
C OMMAND L IN E I NTE RF A CE 4-58 Event Logging Command s loggi ng on Th is command controls lo g ging o f er ror messag es, sending debug or er ror messag es to swi tc h me mor y . T he no for m disa bles t he log gin g proces s . Synta x [ no ] lo gg ing on Default Setting None Command Mode Glob al Config uration Command Usage The log gin g proc[...]
-
Page 307
S YS TEM M ANAG EMENT C OMMAN DS 4-59 Example Related Commands log ging histo r y (4-59) clear log ging (4 -63) loggi ng hist ory Th is comm and limits syslog me ssag es sav ed to swit c h m emor y ba sed on severity . T he no for m retu rn s the log gin g of syslog me ssag es to th e defau lt level. Synta x loggin g hi stor y { fl a s h | ram } le[...]
-
Page 308
C OMMAND L IN E I NTE RF A CE 4-60 Default Setting Flash: errors (lev el 3 - 0) RAM: war nings (level 6 - 0) Command Mode Glob al Config uration Command Usage Th e messag e level specified for f lash memo r y must be a hi gher prio rity (i.e ., n umerically low er) than that specified fo r RAM. Example loggi ng host Th is command adds a syslog ser [...]
-
Page 309
S YS TEM M ANAG EMENT C OMMAN DS 4-61 Command Usage • By using this c ommand more than once yo u can build up a list of ho st IP add res ses. • The maximum n umber of host IP addresses allowed is five. Example loggi ng facility Th is command sets the facility type for remote log ging of sys log messag es . Use the no for m to retu rn the type t[...]
-
Page 310
C OMMAND L IN E I NTE RF A CE 4-62 loggi ng trap This comman d enables t he log ging of system me ssages to a remote ser v er , or l imi ts the sysl og me ssages sav ed to a re mote s er v er bas ed on se veri ty . Use this command w ithout a specified level to enable remote lo g gi ng . Use the no for m to disable remo te log ging . Synta x loggi [...]
-
Page 311
S YS TEM M ANAG EMENT C OMMAN DS 4-63 clear l ogging This comma nd clears m essages from t he log bu ffer . Synta x clear lo gging [ fl a s h | ram ] - fl ash - Even t hist ory st ored in f lash memo ry (i. e., pe rmanent me mory ). - ram - Eve nt hist ory stored in temp orary RAM (i.e., mem ory flush ed on power re set) . Default Setting Flash and[...]
-
Page 312
C OMMAND L IN E I NTE RF A CE 4-64 Default Setting None Command Mode Pri vileged Ex ec Example Th e following example shows that system log ging is enabled, the me ssag e lev el for f lash memor y is “er rors” (i.e., default level 3 - 0), the messag e level for RAM is “infor mational” (i.e., default level 6 - 0). The follo wing exam ple dis[...]
-
Page 313
S YS TEM M ANAG EMENT C OMMAN DS 4-65 Related Commands show log ging send mail (4-70) show log This com mand di spla ys the system an d ev ent m essages sto red i n memor y . Synta x sho w log { fl a s h | ram } [ login ] [ tail ] - fl ash - Event h isto ry store d in fl ash memo ry (i.e. , permane nt me mory ). - ram - Eve nt hist ory stored in te[...]
-
Page 314
C OMMAND L IN E I NTE RF A CE 4-66 Command Usage This comman d sho ws the system and ev ent mes sages stored i n memor y , including the time stamp , messag e lev el (p age 4-59), p rogram module, fu nction, a nd event numbe r . Example The follo wing exam ple sh ows s ample m essages sto red in RA M. SMTP Alert Commands These commands configure SM[...]
-
Page 315
S YS TEM M ANAG EMENT C OMMAN DS 4-67 loggi ng se ndmail ho st Th is command spec ifies SMTP ser ve rs t hat will be sent alert messag es . Use the no for m to remo ve an SMTP ser ver . Synta x [ no ] lo ggi ng sendmail host ip_addr ess ip_a ddr ess - IP ad dress o f an SMTP ser ver that will be sent alert me ssages f or ev ent ha ndl ing . Default[...]
-
Page 316
C OMMAND L IN E I NTE RF A CE 4-68 Example loggi ng send mail level Th is comm and sets th e severity thr eshold used to tr ig g er al er t messa g es . Synta x loggi ng s en dma il le v el le vel leve l - One of the syst em messag e lev els (pag e 4-59). Me ssage s sent include the selected level down to level 0 . (R ange: 0-7; Default: 7) Default[...]
-
Page 317
S YS TEM M ANAG EMENT C OMMAN DS 4-69 loggi ng sendmail sou rce-email This comma nd sets the email address used for t he “F rom” field in alert messa g es . Use the no for m to dele te th e source email add ress . Synta x [no] lo g ging sendmail source-email email-add r ess email-add r ess - The sour ce email addre ss used i n alert mes sages .[...]
-
Page 318
C OMMAND L IN E I NTE RF A CE 4-70 Command Mode Glob al Config uration Command Usage Y ou can s pecify up to fi v e recipien ts for al ert messages . Ho wev er , y ou mu st enter a separate comman d to speci fy each recipi ent. Example loggi ng se ndmail This com mand ena bles SMT P ev ent hand ling . U se the no fo r m to disab le this func tion. [...]
-
Page 319
S YS TEM M ANAG EMENT C OMMAN DS 4-71 Example Time Command s Th e system clock can be dynam ically set by polling a se t of specified time ser v er s (NTP or SNTP). Mainta ining an accurate tim e on th e switch enab les the s ystem l og to reco rd meani ngful dates and t imes for ev ent entries . If the c lock is not set, the switch will o nly reco[...]
-
Page 320
C OMMAND L IN E I NTE RF A CE 4-72 sntp client Th is command enables SNTP c lient requests for time s ync hron ization fr om NTP or SNTP time ser v ers spe cifie d with the sntp ser vers comm and. Use th e no for m to disable SNTP client requests . Synta x [ no ] sntp clie nt Default Setting Disabled Command Mode Glob al Config uration Command Usag[...]
-
Page 321
S YS TEM M ANAG EMENT C OMMAN DS 4-73 sntp server This com mand set s the IP address of the ser ver s to whic h SNTP ti me reques ts are i ssued. Use the this co mmand with no arg uments to clea r all time ser vers from the cur rent lis t. Synta x sntp ser v er [ ip1 [ ip2 [ ip3 ]]] ip - I P a d d r e s s o f a t i m e s e r v e r ( N T P o r S N T[...]
-
Page 322
C OMMAND L IN E I NTE RF A CE 4-74 sntp po ll This com mand set s the in ter va l betw een sendi ng time req uests when the switch is set to SNT P client mode. Use the no f o r m to rest ore to th e defa ult. Synta x sntp p oll sec onds no sntp poll seconds - Inter v al betwee n time requests . (Range: 16-16384 seconds) Default Setting 16 seconds C[...]
-
Page 323
S YS TEM M ANAG EMENT C OMMAN DS 4-75 Example clock t imezone This comma nd sets the time z one for t he switc h’ s inte r nal clo ck. Synta x clock timezone na me hour hours min ute minutes { befor e-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 charact ers) • hour s - Numb er of hours before/af ter UTC. (R an[...]
-
Page 324
C OMMAND L IN E I NTE RF A CE 4-76 Example Related Commands show sntp ( 4-74) calend ar set This com mand sets the sys tem clo ck. It ma y be use d if there is no time ser ver on your network, or if you h a ve n ot conf igu red th e switch to r eceive signa ls from a tim e ser ver . Synta x calendar set ho ur min sec { day month y ear | month day y[...]
-
Page 325
S YS TEM M ANAG EMENT C OMMAN DS 4-77 show cal endar This com mand disp lays the sy stem clo ck. Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Example System Status Commands Console#show calendar 15:12:34 April 1 2004 Console# Table 4-23 System Status Commands Command Function Mode Page light unit Displa ys the unit ID of a sw[...]
-
Page 326
C OMMAND L IN E I NTE RF A CE 4-78 ligh t unit Th is command displays the uni t ID of a switch using its front-pan el LED indicators . Synta x light unit [ unit ] uni t - sp eci fies a un it in a swit c h sta ck to lig ht th e p anel LED s Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage Th e unit ID is disp layed u[...]
-
Page 327
S YS TEM M ANAG EMENT C OMMAN DS 4-79 • This c ommand d isplays settings for key comman d modes. Each mo de group is separ ated b y “!” symb ols, an d inclu des the configur ation mode command , and corresponding commands. This command displays the follow ing inform ation: - SNMP commun ity strings - Users (names and access levels) - VLA N da[...]
-
Page 328
C OMMAND L IN E I NTE RF A CE 4-80 Related Commands show r u nning -config (4-80) show run ning-conf ig This com mand disp lays the co nfigur ation infor mation cur rently in use. Default Setting None Command Mode Pri vileged Ex ec Command Usage • Use this comma nd in co njuncti on with the show startup-config command to comp are the information [...]
-
Page 329
S YS TEM M ANAG EMENT C OMMAN DS 4-81 Example Console#show running-co nfig building startup-config , please wait..... ! phymap 00-30-f1-ce-2a-2 0 00-00-00-00-00-00 00-00-00-00-00-0 0 00-00-00-00-00-00 00-00 -00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00 -00-00-00-00 ! SNTP server 0.0.0.0 0.0 .0.0 0.0.0.0 ! clock timezone hours 0 minute 0 af[...]
-
Page 330
C OMMAND L IN E I NTE RF A CE 4-82 Related Commands show star tu p-config ( 4-78) show system Th is command dis plays system infor mation. Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage • For a descr ipti on of th e item s show n by this c ommand, refer t o “Displaying System Information” on page -11. • Th[...]
-
Page 331
S YS TEM M ANAG EMENT C OMMAN DS 4-83 show us ers Shows all activ e console and T elne t session s , inc luding user name, idle time, and IP address o f T elnet client . Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage The sessio n used to e xecu te thi s command is in dicated by a “*” symbol next t o the Li ne [...]
-
Page 332
C OMMAND L IN E I NTE RF A CE 4-84 Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage See “Disp la ying Sw itch Hardw are/S oftware V ersions” o n pag e 3 -13 for detailed info r mation on th e items disp layed by this comman d. Example Frame Size Commands jumbo f rame This com mand ena bles supp ort for jumbo frames . Use t he no for[...]
-
Page 333
F LASH /F ILE C OMMAN DS 4-85 Command Mode Glob al Config uration Command Usage • This s witch p rovides more efficien t thro ughput for large sequ ential data transfers by supporting jumbo frames up to 9216 bytes. Compa red to standa rd Ethernet fra mes that run only up to 1.5 K B, usi ng ju mbo frames s igni ficantl y redu ces the per-pac ket o[...]
-
Page 334
C OMMAND L IN E I NTE RF A CE 4-86 copy Th is comm and mov es (upload /downloa d) a co de ima g e or co nfigur ation file b etw een the sw itc h’ s flash memory and a TFTP server . When y o u sa ve the s ystem co de or con figur ation se ttings to a file on a TFTP ser ver , tha t file can lat er be downloaded to the switch to res tore syste m ope[...]
-
Page 335
F LASH /F ILE C OMMAN DS 4-87 Command Mode Pri vileged Ex ec Command Usage • The syst em p rompts for data requ ired to co mplete the copy command. • Th e desti natio n fi le na me shou ld n ot cont ain sla s he s ( or /), the leading letter of the file name shou ld not be a period (. ), and the maximum length for file names on the TFTP server[...]
-
Page 336
C OMMAND L IN E I NTE RF A CE 4-88 Example The f ollo wing example shows ho w to up loa d the co nfigura t io n sett ings to a file on the TFTP ser ver : Th e fo llowing exam ple sh ows how to co py the r unnin g conf igura tion to a star tup file. Th e fo llowing exa mple shows how to do wnload a configur ation file: This examp le sho ws ho w to c[...]
-
Page 337
F LASH /F ILE C OMMAN DS 4-89 This examp le sho ws ho w to co py a pub lic-key used b y SSH from an TFT P ser v er . No te th at pu blic k ey au thenti catio n via SSH is only supported f or users configure d locally on the swit c h: delete Th is command deletes a fi le or image. Synta x delete [ uni t :] fil ename filename - Name of the configurat[...]
-
Page 338
C OMMAND L IN E I NTE RF A CE 4-90 Example Th is example shows how to delete th e test2.cfg con figuration file from flas h memor y for uni t 1. Related Commands dir (4-90) delete pub lic-ke y (4 -52) dir Th is command displays a list of files in f lash memor y . Synta x dir [ unit :] {{ boot-rom : | config: | opco de: } [: filena me ]} Th e type o[...]
-
Page 339
F LASH /F ILE C OMMAN DS 4-91 • File informatio n is shown below: Example Th e following example shows how to display all file info r mation : whichboot This comma nd displa ys wh ich fil es were bo oted when th e system po w ered up . Synta x whichboot [ un it ] unit - Stack unit. (Range – SMC6224M: 1-8, SM C6248M: 1-4, mixed stack: 1-4) Defau[...]
-
Page 340
C OMMAND L IN E I NTE RF A CE 4-92 Example This examp le sho ws the infor matio n displ aye d by t he whichboot comm and. See the t able un der the dir command for a d escription of t he file infor mati on displayed by this command. boot system This com mand speci fies the image used t o start up t he system. Synta x boot system [ unit :] { boot-r [...]
-
Page 341
A UTH EN TI CAT IO N C OMMAN DS 4-93 Example Related Commands dir (4-90) whichbo ot (4-9 1) Aut henticat ion Com mands Y ou can conf igure th is sw itc h to authent icate u sers log ging i nto t he sys tem for manag em ent access using loc al or RADIUS auth entic ation meth ods . Y ou can a lso enabl e port-based aut henticat ion for n etwo rk clie[...]
-
Page 342
C OMMAND L IN E I NTE RF A CE 4-94 auth entication l ogin This co mmand defi nes th e login authen tica tion met hod and prece dence . Use th e no for m to rest ore the defaul t. Synta x authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • local - Us e local pas sword. • radius - Us e RADIUS server password. • tac[...]
-
Page 343
A UTH EN TI CAT IO N C OMMAN DS 4-95 Example Related Commands username - for s etting the local us er names and pass wo rds (4-35) authent ication e nable This co mmand defi nes th e auth entic ation me thod an d prec edence to use when c hanging from Ex ec co mmand mode to Pr ivile g ed Ex ec comm and mode wit h the ena ble command (s ee page 4-27[...]
-
Page 344
C OMMAND L IN E I NTE RF A CE 4-96 • You can s pecify three a uthe nticatio n meth ods in a sin gle command to indi cate the auth entic ation sequen ce. For exam ple, i f you e nter “ authentication enable radi us tacacs local ,” th e user name and password o n the RADIUS server is verified first. If the RADIUS server is not ava ilable, t hen[...]
-
Page 345
A UTH EN TI CAT IO N C OMMAN DS 4-97 radi us-ser ver host This comma nd specifies primary and bac kup RADIUS ser v ers and auth entica tion p aramete rs that apply t o eac h ser v er . Us e the no for m to restor e the d efault values . Synta x [ no ] radius-ser ver index host { host_ ip_addr ess | host_ alias } [ auth-por t au th _po rt ] [ timeo [...]
-
Page 346
C OMMAND L IN E I NTE RF A CE 4-98 radi us-ser ver port This command s ets th e RADIUS ser v er netw ork port. Use t he no for m to restor e the d efault. Synta x radius-ser ver port port_num ber no radius-ser ver por t por t_ nu mber - RADIUS se r ver UDP por t used fo r authentication messages . (Range: 1-65535) Default Setting 1812 Command Mode [...]
-
Page 347
A UTH EN TI CAT IO N C OMMAN DS 4-99 Example radi us-ser ver retran smit This com mand sets the n umber o f retr ies . Use th e no for m to resto re the defa ult. Synta x radius-ser ver retrans mit number_ of_r etries no radius-ser ve r ret ransmi t numb er_of_r etrie s - Number of times the switch will tr y to authent icate log on ac cess via the [...]
-
Page 348
C OMMAND L IN E I NTE RF A CE 4-100 Command Mode Glob al Config uration Example show rad ius-server This com mand disp lays the current s etti ngs for the RADIUS s er ver . Default Setting None Command Mode Pri vileged Ex ec Example Console(config)#radius- server timeout 10 Console(config)# Console#show radius-ser ver Remote RADIUS server co nfigur[...]
-
Page 349
A UTH EN TI CAT IO N C OMMAN DS 4-101 TACACS+ C lient T er minal Access Controller Acc ess Co ntrol System (TA CA CS+ ) is a log on authe ntic ation prot ocol tha t uses so ftware r unn ing on a centr al ser ver to con trol acces s to T A CA CS-aw are d evices on t he netw ork. An auth entica tion s er v er contains a da tabas e of mult iple user n[...]
-
Page 350
C OMMAND L IN E I NTE RF A CE 4-102 tacacs-server p ort This com mand speci fies the T A CA CS+ ser v er netw ork port. U se the no for m to restor e the defau lt. Synta x tacacs-ser ver port port_nu mber no tacacs-ser ver por t por t_ nu mber - TA CA C S+ ser ver TCP p or t used f or auth enti cation messages . (Range: 1-65535) Default Setting 49 [...]
-
Page 351
A UTH EN TI CAT IO N C OMMAN DS 4-103 Example show ta cacs-server This com mand di spla ys the cur ren t setti ngs for the T A CA CS+ ser v er . Default Setting None Command Mode Pri vileged Ex ec Example Po rt Secur ity Comman ds These comm ands can be used t o enable port securi ty on a p ort. When usin g por t secu rity , th e swit ch stops lear[...]
-
Page 352
C OMMAND L IN E I NTE RF A CE 4-104 port secu rity This com mand ena bles or co nfigure s port securi ty . Use th e no for m with out a ny k eyw ords to di sable port secu rity . Use th e no for m with the appr opriat e ke ywo rd to restor e the def ault setti ngs for a resp onse t o secur ity vio latio n or for th e maximum number of a llo wed add[...]
-
Page 353
A UTH EN TI CAT IO N C OMMAN DS 4-105 Command Usage • If y ou ena ble po rt secu rity, t he sw itch stop s lear nin g new MA C addr esses o n the spec ified p or t wh en it has reach ed a co nfigured maxi mum n umber. Only incom ing traffi c with s ource add resse s already stored in the dynamic or static address tab le will be accepted. • Fir [...]
-
Page 354
C OMMAND L IN E I NTE RF A CE 4-106 802.1X Port Au thenticat ion The swit c h suppor ts IEEE 80 2.1X (dot1x) port -based access co ntrol that prev ents unaut horize d access to the netw ork b y requir ing users to first sub mit crede ntials for aut henticat ion. Client au thenti catio n is cont rolled cent rally b y a RADIUS s er ver u sing E AP (E[...]
-
Page 355
A UTH EN TI CAT IO N C OMMAN DS 4-107 dot1 x syste m-auth- contro l This command enables 802.1X port authentication globa l ly o n the switch. Use the no for m to restore the default. Synta x [ no ] system-auth-control Default Setting Disabled Command Mode Glob al Config uration Example dot 1x def ault Th is co mmand s ets al l conf igurable dot1x [...]
-
Page 356
C OMMAND L IN E I NTE RF A CE 4-108 Default 2 Command Mode Interf ace Conf iguratio n Example dot 1x po rt-co ntr ol Th is comman d sets th e dot1x mode on a por t int erfac e . Use the no for m to resto re the default. Synta x dot1x por t-contr ol { auto | forc e-authoriz ed | force-unauthorize d } no dot1x por t-contr ol • auto – Req uires a [...]
-
Page 357
A UTH EN TI CAT IO N C OMMAN DS 4-109 dot1x o peration-mo de Th is command allows single or multiple host s (client s) to connect to an 802.1X-authorized por t. Use the no for m with no keyw ords to re store t he defau lt to sing le host. Use th e no for m with th e multi-host max-co unt ke yw ords to restore the defaul t maxi mum co unt. Synta x d[...]
-
Page 358
C OMMAND L IN E I NTE RF A CE 4-110 dot 1x re- aut henti cate Th is command forces re-authent ication on all p ort s or a specific interface. Synta x dot1x re-authenticate [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - P ort numb er. ( Ran ge: 1-26 ) Command[...]
-
Page 359
A UTH EN TI CAT IO N C OMMAN DS 4-111 dot1x t imeout quiet -perio d Th is comman d sets the time that a switch po rt waits afte r the Max Request Coun t has be en ex ceeded be fore atte mpting to acquire a new client. Us e the no for m to reset th e default . Synta x dot1x timeout quiet-period second s no dot1x timeout quiet-period secon ds - The n[...]
-
Page 360
C OMMAND L IN E I NTE RF A CE 4-112 Example dot1x t imeout tx -period Th is command se ts the time that an inter face on the switch waits during an auth entica tion ses sion bef ore re-tran smitti ng an EAP p acket. Use the no form to r eset to the defa ult v alue . Synta x dot1x timeout tx -period second s no dot1x timeout t x-period secon ds - Th[...]
-
Page 361
A UTH EN TI CAT IO N C OMMAN DS 4-113 Command Mode Pri vileged Ex ec Command Usage Th is command displays the following in for matio n: • Global 802.1X Parameters – Shows whether or not 802.1X port authenticatio n is globally enable d on the switch. • 802.1X Port Summary – Disp lays th e port ac cess contro l para meters for each inter face[...]
-
Page 362
C OMMAND L IN E I NTE RF A CE 4-114 - Max Count – The maximum number of hosts allowe d to access this port (page 4-109) . - P ort-con trol – Shows the do t1x mod e on a por t a s auto , force -authorize d, or for ce-unauthori zed (page 4-10 8). - Supplicant – MAC address o f authorized c lient. - Current Identifier– The integer (0-255) used[...]
-
Page 363
A UTH EN TI CAT IO N C OMMAN DS 4-115 Example Console#show dot1x Global 802.1X Parameter s system-auth-control: e nable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is di[...]
-
Page 364
C OMMAND L IN E I NTE RF A CE 4-116 Access Control List Commands Acce ss Contro l Lists (A CL) pro vide pac ket fi lterin g for IP fr ames (b ased on ad dres s , protoc ol, Layer 4 prot ocol p or t number or TCP c ontrol c ode) or any fra mes (based on MA C addr ess or Ethe r net typ e). To filte r packe ts, fir st create an access li st, a dd the [...]
-
Page 365
A CCE SS C ONTR OL L IST C OMMAN DS 4-117 • Thi s switch suppo rts ACLs for ingre ss filtering on ly. You can only bind one I P ACL to any port and one MAC ACL g lobally f o r in gress filt ering . In othe r word s, only two ACLs can b e bound to an inte rface - In gres s IP ACL and Ing ress MA C ACL. Th e order in which activ e A CLs are check e[...]
-
Page 366
C OMMAND L IN E I NTE RF A CE 4-118 access-l ist ip This command adds an IP acces s list and ente rs configurat ion mode for stand ard or extende d IP A CLs . Use t he no for m to remove the spe cified AC L . Synta x [ no ] access-l ist ip { standard | extended } acl_name • standard – Specifi es an ACL t hat fi lters packets b ased on t he sour[...]
-
Page 367
A CCE SS C ONTR OL L IST C OMMAN DS 4-119 Command Usage • Wh en you crea te a new ACL or ente r configu ratio n mode for a n existin g ACL , use th e permit or deny command to add new rules to the bo ttom of t he list. To create an ACL , you must add at least on e rule to the list . • To remove a rule , use the no permit or no deny command foll[...]
-
Page 368
C OMMAND L IN E I NTE RF A CE 4-120 Command Usage • New ru les are append ed to the end of th e list. • Ad dress bi tmasks a re simila r to a su bnet ma sk, conta ining f our integers from 0 to 255, eac h separated by a period. The binary mask uses 1 bit s to indica te “mat ch” and 0 bit s to ind icate “i gnore.” The bit mask is bit wis[...]
-
Page 369
A CCE SS C ONTR OL L IST C OMMAN DS 4-121 [ precedence pr ec edence ] [ tos tos ] [ dscp dscp ] [ source-por t sp o rt [ end ]] [ desti nation-por t dport [ en d ]] [ control-flag control- flags fla g-b itm ask ] • pro tocol- numb er – A specific protocol number. (R ange: 0-255) • sour ce – Source IP addres s. • destination – Destin ati[...]
-
Page 370
C OMMAND L IN E I NTE RF A CE 4-122 • The co ntrol-co de bit mask is a deci mal number (repres enting an equiva lent bit ma sk) tha t is appl ied to the cont rol code . Enter a deci mal nu mber, w here the e quivalen t bina ry bit “1 ” means to matc h a bit and “0” me ans to ig nore a bit. The followin g bits ma y be speci fied: 1 (fi n) [...]
-
Page 371
A CCE SS C ONTR OL L IST C OMMAN DS 4-123 Related Commands access-list ip (4-118) show ip access-list This c ommand displays the r ules for configured IP A CLs . Synta x sho w ip access-list { standard | extended } [ acl_name ] • standard – Specifie s a standard IP ACL. • extended – S pe cifies an ext ended IP ACL. • acl_name – Name of [...]
-
Page 372
C OMMAND L IN E I NTE RF A CE 4-124 Command Mode Int erface Conf iguratio n (Eth ernet) Command Usage • A p ort can only be bo und to one ACL. • If a port is alread y bound to an ACL and you bind it to a dif ferent ACL, the sw itch will replace the old binding wit h the new o ne. • You must co nfigure a mask f or an AC L rule be fore yo u can[...]
-
Page 373
A CCE SS C ONTR OL L IST C OMMAN DS 4-125 map access-list ip This com mand set s the output q ueue for pack ets matc hing an A CL r ule. The specifi ed CoS v alue is o nly used t o map the matc hing pac ket to an out put queue; i t is no t writ ten to the pac ket its elf . Use t he no for m to remo ve t he CoS mapp ing . Synta x [ no ] map access-l[...]
-
Page 374
C OMMAND L IN E I NTE RF A CE 4-126 show map access-list ip This com mand sh ows the CoS v alue map ped to an IP A CL for the current inte rface . (The CoS v alue determines th e output qu eue for pac kets matching an A CL r ule.) Synta x sho w map access-lis t ip [ interface ] interface • ethernet unit / port - unit - Sta ck uni t. (Range – SM[...]
-
Page 375
A CCE SS C ONTR OL L IST C OMMAN DS 4-127 MAC ACL s access-list mac This command adds a MA C access list an d ente rs MA C A CL conf iguration mode. Use t he no for m to remo ve t he specifie d A CL. Synta x [ no ] access-l ist mac ac l_ nam e acl_ name – Name of t he A CL. (Maximum length: 16 chara cters) Default Setting None Command Mode Glob a[...]
-
Page 376
C OMMAND L IN E I NTE RF A CE 4-128 Command Usage • Wh en you crea te a new ACL or ente r configu ratio n mode for a n existin g ACL , use th e permit or deny command to add new rules to the bo ttom of t he list. To create an ACL , you must add at least on e rule to the list . • To remove a rule , use the no permit or no deny command follo wed [...]
-
Page 377
A CCE SS C ONTR OL L IST C OMMAN DS 4-129 • address- bitmas k 16 – Bit mask for MAC add ress (in he xidecimal format). • vid – VLAN ID. ( Range: 1-4094) • vid-en d – Upper b ound of VID range. (Range: 1-4094) • pro tocol – A specific Ethernet protocol number. (Range: 0-65535) • pro tocol- end – Upper bound of pr otocol range. (R[...]
-
Page 378
C OMMAND L IN E I NTE RF A CE 4-130 show mac access-list Th is command displays the r ules for configured MAC A CLs . Synta x show mac access-l ist [ acl_name ] acl_n ame – Name of the A CL. (Maximum len gth: 16 characters) Command Mode Pri vileged Ex ec Example Related Commands per mit, deny 4-128 mac access-g roup (4-130) mac access-group Th is[...]
-
Page 379
A CCE SS C ONTR OL L IST C OMMAN DS 4-131 Command Usage • A p ort can only be bo und to one ACL. • If a port is alread y bound to an ACL and you bind it to a dif ferent ACL, the sw itch will replace the old binding wit h the new o ne. Example Related Commands show mac access-list (4-130) show mac access-gr oup This command show s the p orts as [...]
-
Page 380
C OMMAND L IN E I NTE RF A CE 4-132 Default Setting None Command Mode Int erface Conf iguratio n (Eth ernet) Command Usage • You mus t configure an ACL mask be fore you can map C oS values to the rul e. • A packet matc hing a rule within the specified ACL is mapped to one of t he ou tput queu es as shown b elow. Example Related Commands queue c[...]
-
Page 381
A CCE SS C ONTR OL L IST C OMMAN DS 4-133 Command Mode Pri vileged Ex ec Example Related Commands map access-list mac (4-131) ACL I nformation show access-list This command sho ws all A CLs and associated r ules , as well as all the user -defined mas ks . Command Mode Pri vileged Ex ec Command Usage Once th e A C L is bo und t o an inte rface (i. e[...]
-
Page 382
C OMMAND L IN E I NTE RF A CE 4-134 Example show access-gr oup Th is comm and shows the po r t assign ment s of A CLs . Command Mode Pri vileged Ex ecutiv e Example Console#show access-lis t IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255 .255.15.0 IP extended access-list bob: permit 10.7.1.1 255.2 55.255.0 any permit 192[...]
-
Page 383
SNMP C OMMAN DS 4-135 SNMP Commands Controls acces s to this sw itch from manageme nt stations using the Simple Netw ork M anagement Pr otocol (SNM P), as w ell as th e er ror t ypes sen t to trap mana g ers . snmp-s erver communit y This com mand defin es the c ommun ity access string for the Simple Network M anag ement Pr otocol. Us e th e no for[...]
-
Page 384
C OMMAND L IN E I NTE RF A CE 4-136 • rw - Sp ecifie s read/wr ite acce ss. Au thorized managem ent stat ions are able to both retrieve and modify MIB objects. Default Setting • public - Read-only acce ss. Authorized managemen t stations are only able to retriev e MIB objects. • private - Read/ write access. Authoriz ed management stat ions a[...]
-
Page 385
SNMP C OMMAN DS 4-137 Example Related Commands snmp-ser v er locatio n (4-137) snmp-s erver location This comma nd sets th e system lo cation st ring . Use t he no f o r m t o r e m ov e the l ocat ion string. Synta x snmp-ser ver locati on text no snmp-ser ver location text - String t hat describe s the sy stem locatio n. (Maxim um length : 255 ch[...]
-
Page 386
C OMMAND L IN E I NTE RF A CE 4-138 snmp-s erver h ost This co mmand specif ies the reci pient of a Sim ple Ne tw ork Ma nagement Prot ocol n otificat ion o peration . Use th e no for m to remo ve t he specified host. Synta x snmp- ser ve r host host-add r community-string [ ve r s i o n { 1 | 2c }] no snmp-ser ver host host- addr • host- addr - [...]
-
Page 387
SNMP C OMMAN DS 4-139 enable traps command and the snmp-server ho st comma nd for th at host mus t be en abled . • Som e notif ication type s cann ot be co ntro lled with t he snm p-s er ver enable traps comma nd. For exam ple, so me no tifica tion type s are al ways enabl ed. • The switch can se nd SNMP version 1 or version 2c notifications to[...]
-
Page 388
C OMMAND L IN E I NTE RF A CE 4-140 Command Usage • If you do no t enter an snm p-s er ve r e nab le t ra ps command, n o not ifica tions contro lled b y this comma nd are se nt. In order to con figure th is device t o send SNMP no tifica tions, you must e nter at least one snmp-server enable traps comma nd. If yo u en ter t he comm and wit h no [...]
-
Page 389
SNMP C OMMAN DS 4-141 Example Console#show snmp SNMP traps: Authentication: enabled Link-up-down: enabled SNMP communities: 1. private, and the privilege is read-write 2. public, and the p rivilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0[...]
-
Page 390
C OMMAND L IN E I NTE RF A CE 4-142 Interface Commands These comm ands are used to disp lay o r set co mmunic ation param eters for an Eth ern et p or t, a g g regated link, o r VLAN . Table 4-40 Interface Commands Comma nd Func tion M ode Page interface Configures a n interface type a nd enters interface configur ation m ode GC 4-143 descriptio n [...]
-
Page 391
I NTERFACE C OMMAN DS 4-143 interface This com mand conf igures an interf ace type and en ter inter face config urati on m ode. Use the no for m to remo ve a tr unk. Synta x interf ace interfac e no interface port-channel cha nnel -id interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed s[...]
-
Page 392
C OMMAND L IN E I NTE RF A CE 4-144 Default Setting None Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Example The follo wing exampl e adds a descriptio n to port 24. speed -duplex This comman d conf igures the spee d and dupl ex mode of a giv en interfa ce when auto neg oti atio n is di sab led. Us e the no for m to rest ore [...]
-
Page 393
I NTERFACE C OMMAN DS 4-145 Command Usage • To force operati on to the speed a nd dup lex mode s pecified in a speed-duplex command, us e the no negotiation command to disa ble auto-n egotiat ion on the sele cted in terface. • Whe n usin g th e negotiation comma nd to en able auto-n egoti ation , the op timal settings will be det ermined by th [...]
-
Page 394
C OMMAND L IN E I NTE RF A CE 4-146 auto-negotiatio n is disabled, you must manually specify the link attr ibutes w ith the speed-duplex and flowcontrol c ommands. • If autone gotiat ion is dis abled , auto-M DI/MDI -X pin sig nal configuratio n will also be disabled for th e RJ-45 ports. Example The follo wing exam ple confi gures port 11 to use[...]
-
Page 395
I NTERFACE C OMMAN DS 4-147 Default Setting • 100BASE-TX: 10h alf, 10full, 100half, 100full • 1000BASE-T: 10h alf, 10full, 100half, 100full, 1000full • SFP: 1000full Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage When a uto- negotia tion is enabl ed w ith t he negotiation command, the switch will neg otia[...]
-
Page 396
C OMMAND L IN E I NTE RF A CE 4-148 Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • Flow c ontrol can eliminate frame loss by “blocking” traffic from end sta tions or se gmen ts co nnec ted dire ctly to th e swi tch whe n its bu ffe rs fill. When enabled, back p ressure is used for ha lf-dup lex ope ration [...]
-
Page 397
I NTERFACE C OMMAN DS 4-149 Default Setting All interfaces are enable d. Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage Th is com mand a llows you to dis able a por t du e to ab nor m al be havior (e.g ., excessiv e collis ions), and then reenable it after the prob lem has been r esolv ed. Y ou may also w ant t[...]
-
Page 398
C OMMAND L IN E I NTE RF A CE 4-150 • This command can en able or disab le broa dcast sto rm contro l for t he select ed interfac e. However, the speci fied thr eshold val ue appli es to all po rts on the s witch . Example The following shows ho w to configure broadcast storm control at 600 packet s per se con d: clear counters This com mand clea[...]
-
Page 399
I NTERFACE C OMMAN DS 4-151 Example The follo wing exam ple clears statist ics on por t 5. show i nterfac es st atus Th is command displays the status for an interface. Synta x sho w interfaces status [ interface ] interface • ethernet uni t / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port -[...]
-
Page 400
C OMMAND L IN E I NTE RF A CE 4-152 Example show interfaces counters Th is command displays interface statistic s . Synta x show interfaces counter s [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number. ( Range: 1-26/50) • port-channel ch [...]
-
Page 401
I NTERFACE C OMMAN DS 4-153 Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage If no inte rface is specified , infor mation on all in terfaces is dis played. F or a descri ption o f the items displa yed b y this command, s ee “Showing P or t Statistics ” on pag e 3-115. Example Console#show interfaces counters ethernet 1/7 Ethernet 1/[...]
-
Page 402
C OMMAND L IN E I NTE RF A CE 4-154 sho w interfa ces swit chpo rt Th is command displays the adminis trati ve and operational status o f the specified interfaces . Synta x show interfaces s witchpor t [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port -[...]
-
Page 403
I NTERFACE C OMMAN DS 4-155 Table 4-41 Interfaces Switchport Statistics Field Description Broadcas t threshol d S hows if broa dcast stor m suppression is enab led or disable d; if enable d it also shows the threshold level (page 4-149). Lacp status Shows if Link Agg regation Co ntrol Protocol has been enable d or disable d (page 4 -164). Ingress/E[...]
-
Page 404
C OMMAND L IN E I NTE RF A CE 4-156 Mirror Port Commands Th is sec tion des crib es how to mir ror tr affic from a sourc e por t to a targ et por t. port monit or This comma nd configures a mirror sess ion. Use th e no for m to clear a mir ror session . Synta x por t moni tor interface [ rx | tx ] no por t mo nitor interface • interface - et hern[...]
-
Page 405
M IR R OR P ORT C OMMAN DS 4-157 • T he dest inati on por t is se t by sp ecify ing an Ethe rne t interf ace. • T he mirror port an d monit or po rt spe eds sh ould m atch, o ther wise traf fic ma y be dr opped from the monito r port. • You can on ly cre ate a si ngle mirror session . Example Th e fo llowi ng exa mp le co nfigu re s the s wit[...]
-
Page 406
C OMMAND L IN E I NTE RF A CE 4-158 Example The fol lo wing sh ow s mir r oring co nfigured from port 6 to po r t 11: Rate Limit Commands Th is func tion allows the network manag er to cont rol the ma ximum rate for traffic transmitted or receiv ed on an i nterface . Rate limiting is config ured on interf aces at the edg e of a network to limit tra[...]
-
Page 407
R ATE L IMIT C OMMAN DS 4-159 rate-limit Use thi s comma nd to de fine the rat e li mit lev el for a specific interface. Use this comm and w ithout s pecifyin g a rate to restor e the d efault rate limit level. Use the no for m to re stor e the defa ult sta tus of di sabled . Synta x rate-l imit { input | output } level [ rate ] no rate-limit { inp[...]
-
Page 408
C OMMAND L IN E I NTE RF A CE 4-160 rate-limit granularit y Use th is command to defi ne the rate lim it g ranu larity for th e F ast Ethernet por ts , and the Gig abit E ther net p or ts . Use th e no for m of this co mmand to re stor e the defa ult se tting . Synta x rate-l imit { f astether net | giga bitether net } granul arity [ granula rity ][...]
-
Page 409
L INK A GG RE G A T I O N C OMMAN DS 4-161 show rate-limit Use this comman d to display the rate limit g ranularity . Default Setting F ast Ethernet int erfa ce – 3.3 Mbps Gig abit Ether net in terfac e – 33. 3 Mbps Command Mode Pri vileged Ex ec Command Usage • For Fast Ethe rnet interfaces, the rate limit granularity is 8 Kbps, 64 Kbps, 51 [...]
-
Page 410
C OMMAND L IN E I NTE RF A CE 4-162 Guidelines for Creating Trunks General Guidelin es – • Fini sh conf iguri ng port tr unks be fore you connect the corre spondi ng netw ork cable s bet ween sw itches to a void creat ing a loop. • A tr unk can have up to eigh t ports. • T he po rts at bo th en ds of a conn ectio n mus t be co nfig ured as [...]
-
Page 411
L INK A GG RE G A T I O N C OMMAN DS 4-163 • All th e ports in a trunk ha ve to be tre ated a s a whol e when mo ved from /t o, adde d or dele ted fr om a VL AN v ia the speci fie d port -chann el. • STP , VLA N, and IG MP se tting s can o nly b e made fo r the en tir e trunk via the sp ecified po rt-chann el. Dynam icall y Cr e ating a Port Ch[...]
-
Page 412
C OMMAND L IN E I NTE RF A CE 4-164 Command Usage • When co nfiguring st atic trunks, the swi tches must comp ly with the Cis co Et her Chann el s tanda rd. •U s e no channel-group to remo ve a por t group from a tru nk. •U s e no interfaces po rt-channel to remove a tr unk from the swit ch. Example The follo wing exampl e creates tr unk 1 a [...]
-
Page 413
L INK A GG RE G A T I O N C OMMAN DS 4-165 Example Th e fo llowing shows LA CP e nab led on po r ts 1 1-13. Be caus e LA CP has also been enab led on the po r ts at the other end o f the lin ks , the show interfaces status por t-channel 1 command sh ows that T r unk 1 has been establish ed. Console(config)#interfa ce ethernet 1/11 Console(config-if[...]
-
Page 414
C OMMAND L IN E I NTE RF A CE 4-166 lacp system-priority This comman d config ures a port's LA CP syste m priori ty . Use t he no for m to re stor e the defa ult se tting . Synta x lac p { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The local s ide an aggregate link. • partner - The re[...]
-
Page 415
L INK A GG RE G A T I O N C OMMAN DS 4-167 lacp admin-key (Ethernet In terfa ce) Th is comm and configur es a po rt' s LA CP a dminist ration key . Use th e no for m to restor e the d efault set ting . Synta x lac p { actor | par tner } admin-k ey ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The lo cal side a n aggregate li nk.[...]
-
Page 416
C OMMAND L IN E I NTE RF A CE 4-168 lacp admin-key ( Port Channel) This comma nd confi gures a port ch annel's LA CP adminis tration key st ring . Use the no for m t o restore the d efault s ettin g . Synta x lac p { actor | par tner } admin-k ey ke y [ no ] lacp { actor | par tner } admin-k ey ke y - T he por t c hannel admin key is u sed to [...]
-
Page 417
L INK A GG RE G A T I O N C OMMAN DS 4-169 lacp port-prio rity This comman d conf igures LA CP p or t pr iority . Use th e no for m to res to re the d efault s ettin g . Synta x lac p { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The lo cal side a n aggregate li nk. • partner - The remo te si[...]
-
Page 418
C OMMAND L IN E I NTE RF A CE 4-170 sho w lac p Th is command displays LA CP infor mati on. Synta x sho w lacp [ port-cha nnel ] { counters | inter nal | neighbors | sysid } • port-chan nel - Local identifier for a link aggregation group . (Range: 1-4) • counters - Statistic s for LACP protoc ol message s. • inter nal - Co nfig urati on setti[...]
-
Page 419
L INK A GG RE G A T I O N C OMMAN DS 4-171 Example Console#show lacp 1 cou nters Port channel: 1 ----------------------- ------------------------------------ -------- Eth 1/ 1 ----------------------- ------------------------------------ -------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LAC[...]
-
Page 420
C OMMAND L IN E I NTE RF A CE 4-172 Console#show lacp 1 int ernal Port channel : 1 ----------------------- ------------------------------------ -------- Oper Key : 4 Admin Key : 0 Eth 1/1 ----------------------- ------------------------------------ -------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key [...]
-
Page 421
L INK A GG RE G A T I O N C OMMAN DS 4-173 Adm in S tat e, Oper Sta te Adminis trative or operat ional values of the actor’s st ate parameters: • Exp ired – The actor’s receiv e machine is in the expi red state; • Defa ulted – The actor’s receive mac hine is using de faulted operationa l partne r information, adm inistrative ly config[...]
-
Page 422
C OMMAND L IN E I NTE RF A CE 4-174 Console#show lacp 1 nei ghbors Port channel 1 neighbors ----------------------- ------------------------------------ -------- Eth 1/1 ----------------------- ------------------------------------ -------- Partner Admin System ID : 32768, 00-00-00-00-00-00 Partner Oper System I D : 32768, 00-00-00-00-00-01 Partner [...]
-
Page 423
A DDRESS T AB LE C OMMAN DS 4-175 Addr ess T abl e Com mands These comm ands are used to config ure the ad dress t able for filter ing spe cified addresse s , displa yi ng current ent ries , clear ing t he tabl e, o r set ting the agin g time. Console#show lacp sysid Port Channel System Priority System MAC Address ----------------------- ----------[...]
-
Page 424
C OMMAND L IN E I NTE RF A CE 4-176 mac-ad dress-ta ble st atic Th is command map s a static ad dress to a destinatio n po rt in a VLAN . Use the no for m to remo ve an addres s . Synta x mac-address-ta ble static mac-ad dr ess interface interface vlan vlan -id [ action ] no mac-address-ta ble static mac-address vlan vlan- id • mac-address - MAC [...]
-
Page 425
A DDRESS T AB LE C OMMAN DS 4-177 • A st at ic add ress c ann ot be le arne d on anot her po rt u ntil th e add res s is removed w ith the no fo rm of this command. Example clear mac-address-table dynamic Th is command removes any lear ned entries from th e forwar din g database and clea rs th e tra nsmi t an d re ceive coun ts fo r any stat ic o[...]
-
Page 426
C OMMAND L IN E I NTE RF A CE 4-178 • vlan - id - VLAN ID (Range: 1-4094 ) • sort - Sor t by addr ess, vlan or interfa ce. Default Setting None Command Mode Pri vileged Ex ec Command Usage • The M AC Addres s Table con tains the MAC ad dresses a ssocia ted with each int erface . Note t hat the Type field may incl ude the fo llowing types : - [...]
-
Page 427
A DDRESS T AB LE C OMMAN DS 4-179 ma c-ad dres s-ta ble agi ng- tim e Th is comman d sets the aging time for entries i n the addres s table. Use the no for m t o restor e the d efault a ging tim e . Synta x mac-address-ta ble a ging-time seco nds no mac-address-ta ble agi ng-time seconds - Aging time . (Range : 10-1000000 sec onds; 0 to disable agi[...]
-
Page 428
C OMMAND L IN E I NTE RF A CE 4-180 Spanni ng Tre e Comma nds This sect ion inc ludes co mmands t hat con figure the Spann ing T ree Alg orith m (STA) globally for the sw itch, and c ommand s that co nfigure ST A for t he select ed interfac e. Table 4-50 Spanning Tree Commands Comma nd Funct ion Mode Pag e spanning-t ree En ables the spa nning tree[...]
-
Page 429
S PANNING T REE C OMMAN DS 4-181 spanning- tree This com mand ena bles the Spannin g T ree Alg ori thm glo bally for the swit ch. Use t he no for m to disable it. Synta x [ no ] spanning-tree Default Setting Spannin g tree is enabled. Command Mode Glob al Config uration Command Usage The Spa nning T ree Algorith m (ST A) can be used to dete ct and [...]
-
Page 430
C OMMAND L IN E I NTE RF A CE 4-182 spanning- tree mode This com mand sele cts th e spanni ng tr ee mode f or this s witch . Use t he no for m to restor e the defau lt. Synta x spanning-tree mode { stp | rs tp } no spanning-tree mode • stp - Spanning Tree Protocol ( IEEE 802.1D) • rst p - Rapi d Spanning Tree Pro tocol ( IEEE 802. 1w) Default S[...]
-
Page 431
S PANNING T REE C OMMAN DS 4-183 spanning- tree forward-tim e Th is command configures th e spanning tree bridg e forward time glo bally for this switch. Use the no for m to res tore the d efault. Synta x spanning-tree for w ard -t ime se con ds no spanning-tree forw ar d-ti me secon ds - Time in second s . (Ran ge : 4 - 30 second s) The mi nim um [...]
-
Page 432
C OMMAND L IN E I NTE RF A CE 4-184 Default Setting 2 second s Command Mode Glob al Config uration Command Usage Th is com mand se ts the time i nter val (in s econd s) at wh ich the ro ot device tran smits a configuration message. Example spanning- tree max-age This comman d conf igures t he spann ing tree bridge maxi mum age g loball y for this s[...]
-
Page 433
S PANNING T REE C OMMAN DS 4-185 a new roo t por t is selec ted from among th e device port s attache d to the network. Example spanning- tree priority Th is command configure s the spanning tree prio rity globally for this swit ch. Use t he no for m to res tore the d efault. Synta x spanning-tree pri ority prior ity no spanning-tree priority prior[...]
-
Page 434
C OMMAND L IN E I NTE RF A CE 4-186 spanning- tree pathcost method This comma nd confi gures the path cost method u sed for Rap id Spanning T re e . Use the no for m t o resto re the d efault. Synta x spanning-tree pathcost method { long | short } no spanning-tree pathcost metho d • lon g - Specifies 32-bit based values that range from 0-200,000,[...]
-
Page 435
S PANNING T REE C OMMAN DS 4-187 Default Setting 3 Command Mode Glob al Config uration Command Usage Th is command limits the m aximum transmission rate for BPDUs . Example spanning- tree spanning-disabled This co mmand di sables the sp annin g tree algori thm for the spe cified interface. Use the no for m to re enable the sp anning tree alg orit h[...]
-
Page 436
C OMMAND L IN E I NTE RF A CE 4-188 spanning- tree cost This com mand conf igures the spanni ng tree p ath co st for th e specifi ed interface. Use the no for m to rest ore the default. Synta x spanning-tree cost cost no spanning-tree cost cost - Th e path cost for the po r t. (Range : 1-200,000,000)) The reco mmend ed range is : - Ethernet: 200,00[...]
-
Page 437
S PANNING T REE C OMMAN DS 4-189 spanning- tree port-pr iority This comma nd config ures the pr iority fo r the spec ified in terface . Use th e no for m t o res tore th e defau lt. Synta x spanning-tree por t-priority priority no spanning-tree por t-priority priority - The priority for a port. (Range: 0-240, in ste ps of 16) Default Setting 128 Co[...]
-
Page 438
C OMMAND L IN E I NTE RF A CE 4-190 Default Setting Disabled Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • You can enable this option if an interfa ce is att ached to a LA N segmen t that i s at the en d of a bri dged LA N or to an en d node. Si nce end no des c annot c ause fo rwardi ng loop s, th ey can p a[...]
-
Page 439
S PANNING T REE C OMMAN DS 4-191 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage • This co mmand is used to enabl e/disabl e the fast spann ing-tree mode for the se lected port. In this mo de, ports skip th e Discardin g and Learni ng states, and proceed s traight to Forwardi ng. • Since end-no des ca nnot c[...]
-
Page 440
C OMMAND L IN E I NTE RF A CE 4-192 Default Setting auto Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • Spe cify a poin t-to-po int link i f the i nterface can on ly be conn ected t o exactl y one othe r bridge , or a sh ared lin k if it can b e conne cted to tw o or more bri dge s. • Whe n automati c dete c[...]
-
Page 441
S PANNING T REE C OMMAN DS 4-193 Command Usage If at any time the switch detects STP BPDUs , including Configuratio n or T opolo g y Chang e Notific ation BPDUs , it will automatically se t the selecte d interface to forced STP-co mpatible mode. Howev e r , you can also use t he spanning- tree prot ocol-mig ration command at any t ime to manually r[...]
-
Page 442
C OMMAND L IN E I NTE RF A CE 4-194 • For a descri ption o f the it ems dis played under “Sp anning- tree information,” see “Configuring Global Settings” on page 3-132. For a descripti on of the items displayed for specific interfaces, see “Displaying Interface Settings” on page 3-136. Example Console#show spanning-t ree Spanning-tree[...]
-
Page 443
VLAN C OMMAN DS 4-195 VLAN Comman ds A VLAN is a g r oup of po r ts that can be lo cate d anywh ere in the network, but commun icate a s though they bel ong to the sam e ph ysical s egment. This sect ion descr ibes co mmand s used t o create VLA N groups , ad d port memb ers , speci fy how VLAN tagging is use d, and en able auto matic VLAN registra[...]
-
Page 444
C OMMAND L IN E I NTE RF A CE 4-196 Command Mode Glob al Config uration Command Usage • Use the VLAN databas e command mode to add, chang e, and d elete VLA Ns. Af ter fin ishing config ura tion cha nges, y ou can display the VLA N sett ings by e nteri ng the show vla n comman d. •U s e t h e interface vlan co mmand mode to d efine the por t me[...]
-
Page 445
VLAN C OMMAN DS 4-197 • state - Keywo rd to be follo wed by t he VLAN state. - active - VLA N is operational. - suspend - VLAN i s suspe nded. Suspende d VLANs do no t pass packets . Default Setting By default only VLAN 1 exis ts and is active . Command Mode VLAN D atabase Configu ration Command Usage • no vlan vl an-id deletes th e VL AN. • [...]
-
Page 446
C OMMAND L IN E I NTE RF A CE 4-198 Configur ing VLAN Interf aces interface vlan This com mand enter s inte rface confi g uration mode fo r V LANs , which is used to con figure VLA N paramete rs for a ph ysical i nterface . Synta x interface vlan vlan- id vlan-i d - ID of the configured VLAN . ( Range: 1-4094, no lead ing zero es) Default Setting N[...]
-
Page 447
VLAN C OMMAN DS 4-199 Example Th e followi ng examp le shows how to se t the inte rfac e configu ratio n mode to VLAN 1, and then a ssign an IP address to the VLAN: Related Commands shutdown (4-148) swit chpo rt mo de This com mand conf igures t he VLAN membershi p mode fo r a port. Use the no for m to r estor e the defa ult. Synta x s witchpor t m[...]
-
Page 448
C OMMAND L IN E I NTE RF A CE 4-200 Example Th e fo llowing shows how to se t the c onfigu rat ion mode to por t 1, an d then set the s witchpo rt mo de to h ybr id: Related Commands switchpor t acceptable-frame-types (4-2 00) switchpor t acceptable-fra me-types This com mand conf igures t he acceptab le frame ty pes fo r a port. Use t he no for m [...]
-
Page 449
VLAN C OMMAN DS 4-201 Related Commands switchpor t mode (4-1 99) switchp ort ingress-fi ltering Th is command en ables ing res s filt erin g for an i nterface . Use t he no for m to resto re the default. Synta x [ no ] s witchpor t ing ress-filtering Default Setting Disabled Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Com[...]
-
Page 450
C OMMAND L IN E I NTE RF A CE 4-202 swit chpo rt nat ive vlan Th is comm and configur es the P VID (i. e ., de fault VLA N ID) for a por t. Use th e no for m to rest ore the defaul t. Synta x s witchpor t nativ e vlan vl an- id no s witchpor t nativ e v lan vlan-i d - Default VL AN ID for a por t. (Range: 1-4094, no leading zeroes) Default Setting [...]
-
Page 451
VLAN C OMMAN DS 4-203 swit chpo rt a llow ed vl an This com mand confi gures VLA N g roups o n the s elected i nterface . Use the no for m to r estor e the defa ult. Synta x s witchpor t allow ed vlan { add vlan - list [ tagged | untagged ] | rem ov e vlan-l ist } no s witchpor t allo wed vlan • add vlan- list - L ist of VLAN ident ifiers to add [...]
-
Page 452
C OMMAND L IN E I NTE RF A CE 4-204 • If a VLAN on the forbidden list for an interface is manually added to that in terface , the VLA N is autom atically rem oved from the forbidden list for th at interface. Example The following example sho ws how to add VLANs 1, 2, 5 and 6 to the allowe d list as tag g ed VLANs for po rt 1: swit chpo rt for bid[...]
-
Page 453
VLAN C OMMAN DS 4-205 Example Th e fo llowing exa mpl e shows how to prevent p or t 1 fro m being add ed to VLAN 3: Displaying VLAN Inform ation show vlan Th is comm and shows VL AN infor matio n. Synta x sho w vlan [ id vlan -id | name vlan- name | priv ate-vlan private-v lan-type ] • id - Key word t o be follo wed by the VLA N ID. - vlan - id -[...]
-
Page 454
C OMMAND L IN E I NTE RF A CE 4-206 Command Mode Nor m al Exe c, Pri vileg ed Exec Example Th e fo llowing exa mpl e shows how to dis play infor ma tion f or V LAN 1: Configur ing Private VLA Ns Pri vate VLA Ns pro vide port-based securit y and i solation betw een p or ts within the ass igned VLAN . Th is switch suppor t s tw o typ es of priv ate V[...]
-
Page 455
VLAN C OMMAN DS 4-207 This s ection de scri bes comm ands u sed to c onfigu re pri v ate VL ANs . T o confi gure pr imar y/seco ndary associated g roups , fol low these steps : 1. Use the pri v ate-vlan comm and to d esign ate one o r mor e commu nity VLANs and the primar y VLA N that will channel traffic out side of the comm unity g roup s . 2. Us[...]
-
Page 456
C OMMAND L IN E I NTE RF A CE 4-208 5. Use the s witchpor t pri v ate-vlan m apping command to assign a por t to a primar y VLAN . 6. Use the sho w vlan pri v ate-vlan command to v erify your config urati on settin gs . T o confi gure iso lated VLA Ns , follo w thes e steps: 1. Use the pri v ate-vlan command to designa te an isolated V LAN that wil[...]
-
Page 457
VLAN C OMMAN DS 4-209 Default Setting None Command Mode VLAN Co nfiguration Command Usage • Pri vate VLAN s are u sed to r estric t traffi c to po rts within the s ame commun ity or isolat ed VLAN , and ch annel traffic p assing outsi de the co mmunity t hrough pr omisc uous p orts. Wh en usin g commun ity VLANs, they must be mapped to an associa[...]
-
Page 458
C OMMAND L IN E I NTE RF A CE 4-210 private vla n association Use th is comm and to as sociate a prima r y VLAN w ith a sec ondary (i.e ., comm unity) VLAN . Us e the no for m to remo ve all associations for the specified primar y V LAN . Synta x pri v ate-vlan primar y-vlan- id associatio n { secondar y-vlan- id | add secon dar y-vl an-id | remo v[...]
-
Page 459
VLAN C OMMAN DS 4-211 swit chpo rt m ode p riva te- vlan Use th is command t o set the p riv ate VLA N mode for an in terface . Use the no for m t o restor e the d efaul t settin g . Synta x s witchpor t mode priv ate-vlan { host | promiscuous } no s witchpor t mode priv ate-vlan • host – This port typ e ca n subs eque ntly be as signed to a c [...]
-
Page 460
C OMMAND L IN E I NTE RF A CE 4-212 switchpor t private-v lan host-association Use th is command to ass ociate an in terface w ith a seco ndar y VLAN . Use the no for m to remo ve this association. Synta x s witchpor t priv ate-vlan host-association secondar y-vlan-id no s witchpor t priv ate-vlan host-association sec ondar y-vlan -id - ID of secon[...]
-
Page 461
VLAN C OMMAN DS 4-213 Default Setting None Command Mode Inte rface C onfigu ration (Ether ne t, P or t Chan nel) Command Usage Host ports assig ned to a i solated VLAN cannot pass tr affic bet ween group members , and m ust comm unicat e with res ources ou tside o f the group via a promiscu ous port. Example swit chpo rt pr ivat e- vlan mapp ing Us[...]
-
Page 462
C OMMAND L IN E I NTE RF A CE 4-214 Example sho w v lan pri vat e- vla n Use t his com mand to sho w the p ri va te VLAN conf igurati on sett ings on this sw itch. Synta x sho w vlan priv ate-vlan [ community | isolated | primar y ] • community – Disp lays all communit y VLANs, along wit h their associated p rimary VLAN and a ssigned ho st inte[...]
-
Page 463
GVRP AND B RIDGE E XTENSION C OMMAN DS 4-215 GVRP a nd B ridg e Exte nsio n Com mands GARP V LAN Registra tion Pr otoc ol defi nes a way for swit ches to ex chang e VLAN infor m ation in orde r t o auto matic ally re gis ter V LAN memb ers on in terface s acro ss the net w ork. Thi s secti on descr ibes h ow t o enable GVRP for individual interface[...]
-
Page 464
C OMMAND L IN E I NTE RF A CE 4-216 Command Mode Glob al Config uration Command Usage GVRP define s a wa y for switches to ex change VL AN info r mation in order to reg ister VL AN membe rs on p or ts ac ross the net w o rk. T his functio n should be enab led to pe r mit a utomatic VLA N registra tion, and to supp or t VLAN s which e xtend b eyond [...]
-
Page 465
GVRP AND B RIDGE E XTENSION C OMMAN DS 4-217 swi tchpor t gvrp This comma nd enables GVRP for a p or t. Use t he no for m to disable it. Synta x [ no ] s w i t c h p o rt g v rp Default Setting Disabled Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Example show gv rp configura tion Th is command shows if GVRP is enabled. Sy[...]
-
Page 466
C OMMAND L IN E I NTE RF A CE 4-218 Example gar p tim er Th is command sets th e v alues for the join, leav e and leaveall timers . Use the no for m to re store the timers’ d efault values . Synta x gar p timer { jo in | le ave | leavea ll } time r_value no gar p timer { join | leav e | lea vea ll } •{ join | leave | leave all } - Which timer t[...]
-
Page 467
GVRP AND B RIDGE E XTENSION C OMMAN DS 4-219 • Timer values mus t meet th e follow ing re striction s: - leave > = (2 x join) - leaveall > leave Note: Set GVRP ti mers on all Layer 2 devi ces con nected in the sam e networ k to the sa me values . Otherw ise, GVRP may not o perate succ essfully. Example Related Commands show g arp timer (4-2[...]
-
Page 468
C OMMAND L IN E I NTE RF A CE 4-220 Example Related Commands g arp timer (4-218) Priority Commands Th e commands desc ribed in this sect ion allow y ou to sp ecify which data pac ke ts hav e greater pre cedence wh en traffic is buffer ed in the switc h due to congestion . This swit ch s upports C oS with f our pri ority queues for eac h por t. Data[...]
-
Page 469
P RIORI TY C OMMAN DS 4-221 queue mode Th is comman d sets the queue mod e to stric t priority or W eighte d R ound -R obin (WRR) fo r the class of se r vice (CoS) pri ority queues . Use the no for m t o res tore th e defau lt value. Synta x queue mode { strict | wrr } no queue mode • strict - Services t he egress queues in sequential order, tran[...]
-
Page 470
C OMMAND L IN E I NTE RF A CE 4-222 Command Usage Y ou can s et the swit ch to ser vice th e queues based o n a strict r ule that require s all traffic in a h igher prio rity queue to b e proces sed before lo we r priorit y queues are ser viced, o r use W eighted R ound-R obin ( W R R ) q u e u i n g t h a t s p e c i f i e s a r e l a t i v e w e [...]
-
Page 471
P RIORI TY C OMMAN DS 4-223 frames). This priority does not ap ply to IEEE 802.1Q VLAN tagged frames. If the in coming frame is an IEEE 802.1Q VLAN tagg ed frame, the IEEE 802.1p User Priority bits will be used. • T his swit ch prov ides e ight prio ri ty queu es for ea ch por t. It is co nfigur ed to use Weig hted R oun d Rob in, which c an be v[...]
-
Page 472
C OMMAND L IN E I NTE RF A CE 4-224 Command Usage WRR c ontrols bandw idth sha ring at the egress port b y defi ning sched uling weight s . Example This examp le sho ws ho w to as sign WRR w eights t o pri ority queues 1 - 3: Related Commands sho w queue bandwid th (4- 226) queue cos-map Th is comm and assign s class of ser vice (Co S) values to th[...]
-
Page 473
P RIORI TY C OMMAN DS 4-225 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage • CoS value s assign ed at the ing ress po rt are also us ed at the egres s port. • This command sets t he CoS priority for all interface s. Example The follow ing exampl e sho ws how t o map CoS va lues 0, 1 and 2 t o eg ress queue [...]
-
Page 474
C OMMAND L IN E I NTE RF A CE 4-226 show queu e bandwidt h This com mand disp lays the we ighted r ound-ro bin (WRR) bandwidt h allocatio n for the fo ur priori ty queues. Default Setting None Command Mode Pri vileged Ex ec Example show queue cos-map This co mmand show s the cl ass of ser vice pri ority map . Synta x show queue cos-map [ interface [...]
-
Page 475
P RIORI TY C OMMAN DS 4-227 Example Priorit y Commands (Layer 3 and 4) Console#show queue cos- map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 0 0 0 1 2 2 3 3 Console# Table 4-60 Priority Commands (Layer 3 and 4) Command Fun ction Mode Page map ip port Enables TC P class of service m apping GC 4- 228 map ip port [...]
-
Page 476
C OMMAND L IN E I NTE RF A CE 4-228 map ip port ( Global C onfigu ration) Th is command enables IP por t mapping (i.e., class of se r v ice mapp ing for TCP/UDP sock ets). Us e the no f orm t o di s a b l e I P po rt m a p pi n g . Synta x [ no ] map ip por t Default Setting Disabled Command Mode Glob al Config uration Command Usage Th e p rece den[...]
-
Page 477
P RIORI TY C OMMAN DS 4-229 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage • The prece dence fo r priorit y mapping is IP Port, IP Precedence o r IP DSC P, an d defa ult s witch port priorit y. • This command sets the IP p ort priority for all interfaces. Example The follo wing exam ple sh ows ho w to map H[...]
-
Page 478
C OMMAND L IN E I NTE RF A CE 4-230 map ip precedence (I nterface Conf iguration) This command sets IP preced ence priori ty (i.e., IP T ype of Ser vice pri ori ty). U se the no for m to res tore the defau lt table . Synta x map ip precedence ip-pr ecedence-value cos cos- value no map ip precedence • prec edence -va lue - 3-bit precedence value .[...]
-
Page 479
P RIORI TY C OMMAN DS 4-231 map ip dscp ( Global Configuration) Th is command enables IP DSCP mapp ing (i.e., Differentiated Ser vices Code P oint mapping). Use t he no for m t o d isable IP DSCP mapping . Synta x [ no ] map ip dscp Default Setting Disabled Command Mode Glob al Config uration Command Usage • The prece dence fo r priorit y mapping[...]
-
Page 480
C OMMAND L IN E I NTE RF A CE 4-232 Default Setting Th e DS CP default v alu es are de fined in the fo llo w ing table. No te that all the DSCP v alues th at are not s pecifi ed are map ped to CoS v alue 0. Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • The prece dence fo r priorit y mapping is IP Port, IP Pre[...]
-
Page 481
P RIORI TY C OMMAN DS 4-233 show map ip port Use thi s comm and to s how the IP po rt pri ority m ap . Synta x show map ip por t [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number. ( Range: 1-26/50) • port-channel ch annel-id (Range: 1-4)[...]
-
Page 482
C OMMAND L IN E I NTE RF A CE 4-234 show m ap ip prece dence This com mand sh ows the IP preceden ce prio rity ma p . Synta x show map ip precedence [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number. ( Range: 1-26/50) • port-channel ch a[...]
-
Page 483
P RIORI TY C OMMAN DS 4-235 show map ip dscp Th is command shows the IP DSCP prio rity map . Synta x show map ip dscp [ in terface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number. ( Range: 1-26/50) • port-channel ch annel-id (Range: 1-4) Default S[...]
-
Page 484
C OMMAND L IN E I NTE RF A CE 4-236 Mult ica st Fi lte ring Comm and s Th is switch u ses IGMP ( Inter n et Grou p Manag e ment Prot ocol) to que r y for an y attac h ed ho sts t hat want to rece iv e a s pecific m ulticas t ser vic e. I t ident ifies the ports co ntainin g host s reques ting a ser vice a nd sends data out to those ports only . It [...]
-
Page 485
M ULTICAST F ILTERING C OMMAN DS 4-237 ip ig mp snoopi ng Th is command enables IG MP snoopin g on this switch. Use the no for m to d isable it. Synta x [ no ] ip igmp snooping Default Setting Ena bled Command Mode Glob al Config uration Example The follo wing ex ample ena bles I GMP sno oping . ip ig m p sno oping vlan static Th is command adds a [...]
-
Page 486
C OMMAND L IN E I NTE RF A CE 4-238 Command Mode Glob al Config uration Example Th e following shows how to statically configure a multicast g roup on a por t: ip ig mp snoopi ng vers ion This com mand con figures t he IGMP s nooping ve rsion. U se the no for m to resto re the default. Synta x ip ig mp sno oping v ersion { 1 | 2 } no ip igmp snoopi[...]
-
Page 487
M ULTICAST F ILTERING C OMMAN DS 4-239 show ip ig mp snoopi ng Th is comm and shows the IG MP sn oopin g config ura tion. Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Con figuri ng IGMP Sn oopin g and Que r y P arameters ” on pag e 3-1 85 for a d escr iption of th e dis played ite ms . Example Th e fo llowing shows the[...]
-
Page 488
C OMMAND L IN E I NTE RF A CE 4-240 Command Mode Pri vileged Ex ec Command Usage Mem ber ty pes d ispla yed inclu de IG MP or USE R, d e pe nding on sele cted opti ons. Example Th e following shows the multicast entries lear ned through IGMP snoo ping for VLAN 1: IGMP Query Co mmands (Layer 2) Console#show mac-addres s-table multicast vlan 1 igmp-s[...]
-
Page 489
M ULTICAST F ILTERING C OMMAN DS 4-241 ip ig mp snoopi ng qu erier This com mand enabl es the sw itc h as an IGM P querier . Use the no fo r m t o dis able i t. Synta x [ no ] ip igmp snooping querier Default Setting Ena bled Command Mode Glob al Config uration Command Usa ge If enabled, the sw itch will ser ve as querier if elected. T he querier i[...]
-
Page 490
C OMMAND L IN E I NTE RF A CE 4-242 Command Usage Th e qu er y count d efine s how lon g the querie r waits fo r a re spon se from a multica st clie nt bef ore takin g ac tion. If a que rier has sent a n umber of queri es d efine d by t his com mand, but a c lient has not respo nded, a c ountdown tim er is sta rt ed usin g the time define d by ip i[...]
-
Page 491
M ULTICAST F ILTERING C OMMAN DS 4-243 ip ig mp snoopi ng query- max-res ponse-t ime This com mand conf igures the quer y report dela y . Use the no for m to restor e the d efault. Synta x ip igmp snooping quer y-max-response-time seconds no ip igmp snooping quer y -max-response-time seconds - T he report del ay adv er tis ed in IGMP qu eries . (R [...]
-
Page 492
C OMMAND L IN E I NTE RF A CE 4-244 ip ig mp snoopi ng router -port-ex pire-t ime This com mand con figures the query timeo ut. Use the no fo r m to r estore the d efaul t. Synta x ip ig mp sno oping router -p or t-expi re-t ime seco nds no ip igmp snooping r outer-por t-expire-time seconds - T he time the switch waits afte r the pre vious querier [...]
-
Page 493
M ULTICAST F ILTERING C OMMAN DS 4-245 Static Multicast Routing Commands ip ig mp snoopi ng vlan mrouter Th is command statically config ures a m ulticast rout er por t. Use the no for m to remove the con figurat ion. Synta x [ no ] ip igmp snooping vlan vlan -id mr outer interface • vlan - id - VLAN ID (Range: 1-4093 ) • interface - ethernet u[...]
-
Page 494
C OMMAND L IN E I NTE RF A CE 4-246 Example Th e fo llo w ing shows how to conf igure por t 11 as a multicast r outer por t within VL AN 1: show ip igmp snoopi ng mrout er Th is command displays infor mation on static ally configured and dynamically le arned multicast router por ts . Synta x show ip igmp snoo ping mr outer [ vlan vlan-id ] vlan-i d[...]
-
Page 495
IP I NTERFACE C OMMAN DS 4-247 IP In terface Commands An IP add res ses may be used for manag emen t ac ces s to the swit ch ov e r y our networ k . The IP address for this switch is obtained via DHCP b y default . Y ou can man ually configur e a speci fic IP a ddress , or di rect the device to obtain an ad dress from a BOOTP or DHCP ser ver when i[...]
-
Page 496
C OMMAND L IN E I NTE RF A CE 4-248 Default Setting DHCP Command Mode Int erface Conf iguratio n (VLA N) Command Usage • You must assi gn an IP add ress to this device t o gain management access over t he netw ork. You can manual ly conf igure a s pecifi c IP addres s, or dir ect the devi ce to obt ain an add ress from a BOOTP or DHC P server . V[...]
-
Page 497
IP I NTERFACE C OMMAN DS 4-249 ip default-gateway Th is command establis hes a stat ic route between this switch and devices that exis t on ano ther ne twork segmen t. Use the no for m to rem ove th e stat ic rout e . Synta x ip default-gatew a y ga te way no ip default-gateway ga t e wa y - IP address o f the default g ateway Default Setting No st[...]
-
Page 498
C OMMAND L IN E I NTE RF A CE 4-250 Command Usage • This command is sues a BOOTP or DHCP client r equest fo r any IP interfa ce that has been set to BOOTP or DHCP mo de via the ip address co mmand. • D HCP req uire s t he se rver to re ass ig n the cli ent ’s l ast a ddr ess if available. • If the B OOTP or DHCP server ha s been moved to a [...]
-
Page 499
IP I NTERFACE C OMMAN DS 4-251 show ip redirects This com mand sh ows the defaul t gatewa y con figured for thi s device . Default Setting None Command Mode Pri vileged Ex ec Example Related Commands ip default-gatewa y (4-249) ping Th is comm and send s ICM P echo re ques t packets to ano ther no de on the network. Synta x ping ho st [ siz e size [...]
-
Page 500
C OMMAND L IN E I NTE RF A CE 4-252 Command Usage • Us e the pin g comman d to se e if an other s ite on the netw ork c an be reached . • Follow ing are so me results of the ping command: - Normal re sponse - The nor mal res ponse o ccurs in one to ten seco nds, depe ndin g on netw ork tr affic. - Destination does not respond - If the host does[...]
-
Page 501
A-1 A PPENDI X A S OFTWARE S PECIFI CATIO NS Software Features Authentication Local, RADIUS , TA CA CS , P or t (802.1X) , HTTPS , SSH, P or t Security Acc ess Co nt ro l Lis ts IP , MA C (up to 88 lists) DHCP Client P or t Co nfiguration 100B ASE-TX: 10/100 Mbps, ha lf/full duplex 1000B ASE-T : 10/100 Mbps at half/full dupl ex, 1000 M bps at full [...]
-
Page 502
S OFTWA R E S PECIFIC ATIONS A-2 Spanning T ree Algorithm Spanning T ree Pr otocol (STP , IEEE 802.1D ) Rapid Span ning T ree Protocol (RSTP , IEEE 802.1w) VLAN Suppor t Up to 255 g roups; port -based or tag ged (802.1Q) , GVRP for auto matic VLAN le ar ning, private VLANs Class of Ser vic e Supp orts four le vels of pr iority a nd W eighted R ound[...]
-
Page 503
S OFTW AR E S PECIFICATIONS A-3 RMON Groups 1, 2, 3, 9 (Statisti cs , Hi stor y , Alar m, Ev ent) Standards IEEE 802.1D Spanning T ree Protocol and traffic prio rities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Sp anning T ree Pr otocol IEEE 802.1X P o rt Authentication IEEE 802.3-2002 Eth er net, F ast Ethe r net , Gig abit Ether[...]
-
Page 504
S OFTWA R E S PECIFIC ATIONS A-4 Manage ment Info rmati on Bas es Bridge MIB ( RFC 1493) Entity MIB (RFC 2737) Ether -like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Ag ents MIB (RFC 2742) F orward ing T able MIB ( RFC 2 096) IGMP MIB (RFC 2933) Interface Gr oup MIB (RFC 2233) Interfaces Ev olution MIB (RFC 2863) IP Multicasting [...]
-
Page 505
B-1 A PPEND IX B T ROUBLESHOOTING Problems Accessing the M a nagement Interface Table B- 1 Troubleshoot ing Chart Symptom Acti on Cannot con nect using Telnet, web browse r, or SNMP software • Be sur e the swi tch is pow e re d up. • Chec k network cab ling betw een the manage ment stat ion and the swit ch. • Chec k that you have a valid netw[...]
-
Page 506
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • I f you cannot conne ct using SSH, you may have exce eded the maxim um number of concurre nt Telnet/SSH sessio ns perm itted. Try connec ting agai n at a later ti me. • B e sure the c ontrol parameters for the SSH server are properly configured on the swit ch, and t hat the SSH client s[...]
-
Page 507
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installatio n Guide to e nsure th at the prob lem you enco unt ere d is ac tual ly ca us ed by the sw itch . If th e probl em app ears to be cau sed by the sw itch, follow thes e ste ps : 1. Enable log ging . 2. Set t he error messages re ported to include a ll categori[...]
-
Page 508
T R OUBLESHOOTING B-4[...]
-
Page 509
Glossary-1 G LO SSARY Acc ess Cont rol L ist (ACL) A CLs ca n limit netw ork tr affic and restrict access t o certain users or devices by c hec king eac h pac ke t for certain IP or MA C (i. e. , Laye r 2) infor mation. Boot Proto col (BOOTP) BOOTP is used to pro vide boot up infor matio n for net w ork devices , including I P address infor m ation[...]
-
Page 510
G LOSSAR Y Glossary-2 Dynamic H ost C ontrol Pr otocol (DHC P) Pro vides a fram ew ork for pas sing conf i guration infor mation to hosts on a TCP/ IP netw ork. DH CP is based on t he Boot strap Protocol (BOOT P), adding the c apability of automatic allo ca tion of reusable network addresse s and ad ditio nal conf igu ration o ption s . Extensible [...]
-
Page 511
G LOSSAR Y Glossary-3 IEEE 802.1D Specifies a g eneral method for the operation of MA C bridg es , inc luding the S pan ning T r ee Pr otoc ol. IEEE 802.1Q VLAN T ag g in g—Defines Ethe r net fra me tags whic h carr y VLAN infor mation. I t allows switc hes to ass ign endstatio ns to different vir tual LANs , and define s a standar d wa y for VLA[...]
-
Page 512
G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, on e IGMP-capable device w ill act as the querier — that is , the device that asks all hosts to re por t on th e IP multic ast g ro ups they wish t o join or to which they already belong . Th e elected querier will be the device wi th the l ow est I P address in the s ubnetw ork. Internet Grou[...]
-
Page 513
G LOSSAR Y Glossary-5 Link Aggregation See Por t Trunk. Link Ag g regation Contr ol P rotocol (LA CP) Allows por ts to autom atically neg otiat e a tr unked link with LA CP-con figu red ports on an othe r device . Manag ement Infor m ation Base (MIB) An acro nym for Management Infor mation Base . It is a set of data base objec ts that conta ins inf[...]
-
Page 514
G LOSSAR Y Glossary-6 Port Mirr oring A method w hereb y data on a target port is mir rored to a monitor po r t for troub lesho oting with a logi c an aly zer or R MON p rob e. This allows da ta on the ta rg et por t to be studie d uno bstr uctively . Port Trunk Define s a network lin k ag g reg at ion an d tr unki ng method which sp ecifie s ho w [...]
-
Page 515
G LOSSAR Y Glossary-7 Sim ple Net wor k Ma nage ment Pr otoc ol (S NMP) The app licat ion p rotocol in t he Inte r net suite of pro tocol s whi ch offers network mana g ement se r v ices . Simple Ne twork Time Pr otocol (S NTP) SNTP allo ws a devi ce to s et its internal c lock based on peri odic updat es fr om a Netw ork Ti me Prot ocol (NTP) ser [...]
-
Page 516
G LOSSAR Y Glossary-8 User Datagr am Pr otocol (UDP ) UDP pro vides a datagram mode for pa ck et-switc hed com munica tions . I t uses IP as th e underl ying tr ansport mec hanis m to pr ovid e access to IP-l ike ser vi ces. UDP packet s are delive red just l ike IP pa ckets – conn ect ion -les s dat ag ram s th at m ay be d isc ard ed b efo r e [...]
-
Page 517
Index-1 Numeri cs 802.1X, port authen tication 3-66 A accept able frame t ype 3 -157 , 4-200 Access Contro l List Se e ACL ACL Extended I P 3-78 , 4-1 16 , 4-117 , 4-120 MAC 3 -79 , 4-116 , 4-127 , 4-127 – 4-13 0 Standard IP 3- 78 , 4-116 , 4- 117 , 4-119 addres s table 3 -122 , 4-175 aging time 3-126 , 4-179 B BOOTP 3-19 , 4-2 47 BPDU 3-127 broa[...]
-
Page 518
I ND EX Index-2 GVRP global setti ng 4-215 interface con figurati on 3-158 , 4-2 17 GVRP, g lobal setting 3-1 48 H hardware version, displ aying 3-13 , 4-83 HTTPS 3-54 , 4-42 HTTPS, secure server 3-54 , 4- 42 I IEEE 8 02.1D 3-127 , 4-182 IEEE 8 02.1w 3-127 , 4-182 IEEE 8 02.1X 3-66 , 4- 106 IGMP groups, dis playing 3-190 , 4-239 Layer 2 3- 185 , 4-[...]
-
Page 519
I NDEX Index-3 port priority configuring 3 -169 , 4-22 0 default i ngress 3-169 , 4-222 STA 3-138 , 4-189 port security, configuring 3-64 , 4- 103 port, statistics 3-115 , 4-152 ports autoneg otiati on 3-92 , 4-145 broadca st storm threshold 3-109 , 4-149 capabil ities 3-92 , 4-146 duple x mode 3-91 , 4-1 44 flow control 3-91 , 4-147 speed 3- 91 , [...]
-
Page 520
I ND EX Index-4 setting 3-22 , 4-92 static addr esses, s etting 3 -122 , 4-176 statis tics port 3-115 , 4-1 52 STP 3-132 , 4-182 STP Also see STA system cl ock, s etting 3-42 , 4-71 System Logs 3-33 sy stem sof twar e, d own loadi ng from server 3-22 , 4-86 T TACA CS+, lo gon a uth ent icati on 3 -50 , 4-101 time, setting 3-42 , 4-71 traffic c lass[...]
-
Page 521
[...]
-
Page 522
38 T esl a Irvi ne, CA 92 618 Phone : (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U. S.A. and Ca nada (24 hou rs a day , 7 days a wee k) (800) SMC- 4-Y OU ; Phn: (949) 679- 8000; Fax: (9 49) 679-1 481 Fro m Eur ope : Cont act det ail s can be f ound on www .sm c-europ e.co m or w ww .sm c.com INTERNET E-mail addresses: techsupp ort@sm c.com[...]