Vai alla pagina of
Manuali d’uso simili
-
Switch
LevelOne FSW-1621
10 pagine 0.41 mb -
Switch
LevelOne FSW-2409TFX
27 pagine 0.32 mb -
Switch
LevelOne GSW-1601TX
40 pagine 0.26 mb -
Switch
LevelOne GSW-2474T
41 pagine 0.56 mb -
Switch
LevelOne FSW-0800FXT
14 pagine 1.75 mb -
Switch
LevelOne KVM-0221/KVM-0421
15 pagine 0.26 mb -
Switch
LevelOne FSW-0512
2 pagine 0.09 mb -
Switch
LevelOne Gigabit Chassis switch
16 pagine 0.29 mb
Un buon manuale d’uso
Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso LevelOne GSW-2692. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica LevelOne GSW-2692 o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.
Che cosa è il manuale d’uso?
La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso LevelOne GSW-2692 descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.
Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.
Quindi cosa dovrebbe contenere il manuale perfetto?
Innanzitutto, il manuale d’uso LevelOne GSW-2692 dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo LevelOne GSW-2692
- nome del fabbricante e anno di fabbricazione LevelOne GSW-2692
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature LevelOne GSW-2692
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti
Perché non leggiamo i manuali d’uso?
Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio LevelOne GSW-2692 non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti LevelOne GSW-2692 e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio LevelOne in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche LevelOne GSW-2692, come nel caso della versione cartacea.
Perché leggere il manuale d’uso?
Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo LevelOne GSW-2692, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.
Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso LevelOne GSW-2692. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.
Sommario del manuale d’uso
-
Pagina 1
LevelOne GSW-2692 24-Port 10/100M + 2G Combo L2 Stackable Switch User Manual V ersion 1.0-0608[...]
-
Pagina 2
[...]
-
Pagina 3
i Contents Chapter 1: Intr oduction 1- 1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3 Stack Operations 2-3 Selecting th e Stack Master 2-3 Recovering from Stack Failure or Topolo g[...]
-
Pagina 4
Contents ii Managing F irmware 3-15 Downloading System Software from a Server 3-16 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Setti ngs from a Server 3-19 Console Port Setti ngs 3-20 Telnet Settings 3-22 Configuring Event Logging 3-24 System Log Configuration 3-24 Remote Log Configuration 3-26 Displaying Log Message s[...]
-
Pagina 5
Contents iii Enabling LACP on Selected Ports 3-70 Configuring LACP Parameters 3-73 Displaying LACP Port Counters 3-75 Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settings and Status for the Remote Side 3-79 Setting Broadcast Storm Threshol ds 3-81 Configuring Port Mi rroring 3-82 Configuring Rate Limits 3-83 Rate Lim[...]
-
Pagina 6
Contents iv Mapping DSCP Priority 3-131 Mapping IP Port Priority 3-132 Mapping CoS Values to ACLs 3-133 Multicast Filtering 3-135 Layer 2 IGMP (Snooping and Query) 3-135 Configuring IGMP Snoopin g and Query Parameters 3-136 Displaying Interfaces Attached to a Multicast Router 3-137 Specifying Static Interfaces for a Multicast Router 3-138 Displayin[...]
-
Pagina 7
Contents v General Commands 4-19 enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 end 4-22 exit 4-23 quit 4-23 System Management Comma nds 4-24 Device Designation Commands 4-24 prompt 4-24 hostname 4-2 5 User Access Commands 4-25 username 4-26 enable password 4-27 IP Filter Commands 4-28 management 4-28 show management 4-29 Web[...]
-
Pagina 8
Contents vi clear logging 4-46 show logging 4-47 show log 4-48 SMTP Alert Commands 4-49 loggin g sen d m a i l ho st 4-49 logging sendmail l evel 4-50 logging sendmail source-email 4-51 logging sendmail destinatio n-email 4-51 logging sendmail 4- 52 show logging sendmail 4-52 Time Commands 4-53 sntp client 4-53 sntp server 4-54 sntp poll 4-55 show [...]
-
Pagina 9
Contents vii TACACS+ Client 4-76 tacacs-server host 4-77 tacacs-server port 4-77 tacacs-server key 4-78 show tacacs-server 4-78 Port Security Commands 4-79 port security 4-79 802.1X Port Authentication 4-81 dot1x system-auth-control 4-81 dot1x default 4-82 dot1x max-req 4-82 dot1x port-cont rol 4-82 dot1x operation-mode 4-83 dot1x re-authenticate 4[...]
-
Pagina 10
Contents viii snmp-server enable traps 4-106 show snmp 4-107 Interface Comma nds 4-108 interfac e 4-108 description 4-109 speed-duplex 4-109 negotiation 4-110 capabilities 4-111 flowcontrol 4-112 shutdown 4-113 switchport broadcast packet-rate 4-114 clear counters 4-114 show interfaces status 4-115 show interfaces counters 4-116 show interfaces swi[...]
-
Pagina 11
Contents ix spanning-tree cost 4-142 spanning-tree port-pri ority 4-143 spanning-tree edge-p ort 4-144 spanning-tree portfast 4-145 spanning-tree link-typ e 4-145 spanning-tree protoc ol-migration 4-146 show spanning-tree 4-147 VLAN Commands 4-149 Editing VLAN Groups 4-149 vlan database 4-149 vlan 4-150 Configuring VLAN Interfaces 4-151 interface v[...]
-
Pagina 12
Contents x Priority Commands (Layer 3 and 4) 4-174 map ip port (Global Configuration) 4-174 map ip port (Interface Configuration) 4-175 map ip precedence (Global Configuration ) 4-175 map ip precedence (Interfa ce Configuration) 4-176 map ip dscp (Global Configuration) 4-1 77 map ip dscp (Interface Configurati on) 4-177 show map ip port 4-178 show [...]
-
Pagina 13
Contents xi Appendix A: Software Specifications A-1 Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3 Appendix B: Trouble shooting B- 1 Problems Accessing the Ma nag ement Interface B-1 Using System Logs B-2 Glossary Index[...]
-
Pagina 14
Contents xii[...]
-
Pagina 15
xiii Tables Table 1-1 Key Featur es 1-1 Table 1-2 System Defau lts 1-5 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-25 Table 3-4 HTTPS System Support 3-40 Table 3-5 802.1X Statistics 3-54 Table 3-6 LACP Port Counters 3-75 Table 3-7 LACP Intern al Configuration Information 3-77 Table 3-8 LACP Neighbor Co nfi[...]
-
Pagina 16
T ables xiv Table 4-27 Authentication Commands 4-71 Table 4-28 Authentication Sequence 4-71 Table 4-29 RADIUS Client Comma nds 4-73 Table 4-30 TACACS Commands 4-76 Table 4-31 Port Security Commands 4-79 Table 4-32 802.1X Port Authenti cation 4-81 Table 4-34 IP ACLs 4-90 Table 4-33 Access Control Lists 4-90 Table 4-35 Egress Queu e Priority Mapping [...]
-
Pagina 17
xv Figures Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-8 Figure 3-4 Switch Information 3-10 Figure 3-5 Bridge Extension Configuration 3-11 Figure 3-6 Manual IP C onfiguration 3-13 Figure 3-7 DHCP IP Configuration 3-1 4 Figure 3-8 Copy Firmwa re 3-16 Figure 3-9 Setting the Startup Code 3-1 6 Figure 3-10 Dele[...]
-
Pagina 18
Figures xvi Figure 3-43 LACP Configuration 3-71 Figure 3-44 LACP Port Configuratio n 3-74 Figure 3-45 LACP - Port Counters Information 3-76 Figure 3-46 LACP - Port Internal Info rmation 3-78 Figure 3-47 LACP - Port Neighbors Information 3-79 Figure 3-48 Port Broadcast Co ntrol 3-81 Figure 3-49 Mirror Port Configuration 3-83 Figure 3-50 Rate Limit G[...]
-
Pagina 19
1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed i n this manual. The default configurati on can be used for most of the featur es provided by this switch. However , there are many options that you should configure to max[...]
-
Pagina 20
Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks caused by port saturation. Broadcast storm supp ression prevents broadcast traffic sto rms from engulfing the network. Port-ba sed and private VLANs, plus [...]
-
Pagina 21
Description of Softwa re Features 1-3 1 Port Mirroring – The switch can unobtrusi vely mirror tr affic fro m any port to a monitor port. Y ou can then att ach a protocol analyz er or RMON probe to this port to perform traf fic analysis and verify connect ion integrity . Port T runking – Ports can be combin ed into an aggregate connection . T ru[...]
-
Pagina 22
Introduction 1-4 1 Vir tual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same col lision domain regardless of the ir physical location or connecti on point in the netwo rk. The switch suppo rts ta gged VLANs based on the IEEE 802.1Q sta ndard. Members of VLAN group s can be dynamically [...]
-
Pagina 23
System Defaults 1-5 1 System Defaults The switch’s system de faults are provided in the configuration file “Factory_Default_Con fig.cfg.” To reset the swi tch defaults, this f ile should be set as the startup config urati on file (page 3-20). The following t able lists some of the basic system defaul ts. T able 1-2 System Defaults Function Pa[...]
-
Pagina 24
Introduction 1-6 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Rate Limiting Input and output limits Disabled Port T runking Static T runks None LACP (all ports) Disabled Broadcast Storm Protection Status Disabled (all ports) Broadcast Limi t Rate 32,000 oc tets per sec ond Spanning T ree Algorithm Statu[...]
-
Pagina 25
System Defaults 1-7 1 System Log Status Enabled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler En abled (but no serv er defined ) SNTP Clock Synchronization Disabled T abl e 1-2 System Defaults (Continued ) Function Parameter Default[...]
-
Pagina 26
Introduction 1-8 1[...]
-
Pagina 27
2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management option s, including SNMP , RMON and a web-based interface. A PC may also be co nnected directly to the switch f or configuration a nd monitoring via a command line in[...]
-
Pagina 28
Initial Configuration 2-2 2 • Configure Class of Servi ce (CoS) priority queuing • Configure up to 4 static or LACP trunks • Enable port mirroring • Set broadcast storm cont ro l on any port • Display syst em information and statistics • Configure any stack unit throug h the same IP address Required Connections The switch provides an RS[...]
-
Pagina 29
Stack Operations 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a net wo rk connection, you must first config ure it with a val id IP address, s ubnet mask, and default gatewa y using a console connection, DHCP or BOOTP protocol . The IP address for this switch is obtained v ia DHCP by default. T o manual ly configure[...]
-
Pagina 30
Initial Configuration 2-4 2 Recovering from Stack Failure or Topology Change When a link or unit in the st ack fails, a trap message is sen t and a failure event is logged. The stack wil l be rebooted after an y system failure or topolog y change. It takes two to three min utes for the stack to reboo t. Also note that powering down a unit or i nser[...]
-
Pagina 31
Basic Configuration 2-5 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 al phanumeric characters and are case sensit ive. T o pre vent unauthoriz[...]
-
Pagina 32
Initial Configuration 2-6 2 Note: The IP address for this switch is obtained via DHCP by default. Before you can assign an IP address to the swi tch, you must obtain the following information from your net wo rk administrator: • IP address for the switch • Default gateway for the network • Network mask for this ne twork T o assig n an IP addr[...]
-
Pagina 33
Basic Configuration 2-7 2 5. W ait a few minutes, and the n check the IP configuration sett ings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration changes b y typing “copy run ning-config startup-con fi g.” Enter the startup file name and press <Enter>. Enabling SNMP Management Access Th[...]
-
Pagina 34
Initial Configuration 2-8 2 T o conf igure a community string, compl ete the following step s: 1. From the Privileged Exe c level global configurat ion mode prompt, type “snmp-server community string mode ,” where “string” is the communi ty ac cess string and “mode” is rw (read/wri te) or ro (read only). Press <Ente r>. (Note that[...]
-
Pagina 35
Managing System Fi les 2-9 2 2. Enter the name of the sta rt-up file. Press <En te r>. Managing System Files The switch’s flash memory suppo rts three types of system fil es that can be managed by the CLI program, We b interface, or SNMP . The switch’s file sys tem allows fi les to be uploaded an d downloaded, cop ied, deleted, and set as[...]
-
Pagina 36
Initial Configuration 2-10 2[...]
-
Pagina 37
3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP W eb agent . Using a Web bro wser you can configure the switch and view statistics to moni tor net work activity . The Web agent can be accessed by any computer on the network usi ng a standard W eb browser (Internet Explorer 5.0 or above, or Net sca[...]
-
Pagina 38
Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access t he web-browser interface you must first ente r a user name and password. The administra tor has Read/W rite access to all co nfi gurati on p arameters and stat is tics. Th e defau lt use r name and p assword for the admi nis trator i s “ad min.” Home Page When your w[...]
-
Pagina 39
Panel Display 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down list. Once a configuration change has been made on a p age, be sure to click on the Apply button to confirm the new setting. The followi ng table summarizes the web page configuration buttons. Notes: 1. To ensure prope r screen refresh, be sure that [...]
-
Pagina 40
Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define sy stem paramet ers, manage and control the s witch, and all i ts port s, or monitor net work conditions. Th e following table brie fly describes the selection s avai lable from this program. T able 3-2 Main Menu Menu Description Page System 3-8 System Information P[...]
-
Pagina 41
Main Menu 3-5 3 SSH 3-42 Host-Key Sett ings Gen erates the ho st key pair (public and private) 3-44 Settings Configures Secure Shell s erver settings 3-46 Port Secu rit y Configur e s pe r port secur ity , including st at us , respons e fo r security breach, and maximum allowed MAC addresses 3-47 802.1X Port authent ication 3-49 Information Display[...]
-
Pagina 42
Configuring the Switch 3-6 3 Input Trunk Configuration Sets the i nput rate limit f or each trunk 3-84 Output Port Configuration Sets the output rate limit for each port 3-84 Output Trunk Configuration Sets the output rate limit for each trunk 3-84 Port Statistics Lists Ethernet and RMON port stat ist ics 3-85 Address T able 3-90 Static Addresses D[...]
-
Pagina 43
Main Menu 3-7 3 Port Information Shows VLAN port type , and associate d primary or secondary VLANs 3-120 Port Configura tion Sets the private VLAN interface type , and associates the interfaces with a private VLAN 3-121 Trunk Information Shows VLAN port type , and as sociated primary or seco ndary VLANs 3-120 Trunk Configuration Sets t he priv ate [...]
-
Pagina 44
Configuring the Switch 3-8 3 Basic Configuration Displaying System Information Y ou can easily ident ify the system by displayi ng t he device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location ?[...]
-
Pagina 45
Basic Configuration 3-9 3 CLI – S pecify the hostname, loca tion and cont act info rmation. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/firmware version numb ers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Number[...]
-
Pagina 46
Configuring the Switch 3-10 3 These additional p arameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Statu s – Displays the status of the redundant power supp ly. Web – Click System, Switch Information. Figure 3-4 Switch Info rmation CLI – Use the following command to di splay version information. Co[...]
-
Pagina 47
Basic Configuration 3-11 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensi ons for managed devices that support Multicast Filtering, T raf fic Classes, an d Virtual LANs. Y ou can access these extensions to display default sett ings for the key variables. Field Attributes • Extended Multicast Filtering Services – This [...]
-
Pagina 48
Configuring the Switch 3-12 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to con fi gure an IP interface for management access over the network. The IP address for thi s switch is obt ain ed via DHCP by defa ult. T o manually configure an address, you need to change the swit ch’s default setti[...]
-
Pagina 49
Basic Configuration 3-13 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN through whi ch the management st ation is attached, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply . Figure 3-6 Manual IP Config uration CLI – S pecify the management interfac e, IP[...]
-
Pagina 50
Configuring the Switch 3-14 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can confi gure the swi tch to be dynamically con figured by these s ervices. Web – Click System, IP Configura tion. S pecif y the VLAN to whi ch the management statio n is attached, set the I P Address Mode to DHCP or BOOTP . Click Apply to save your[...]
-
Pagina 51
Basic Configuration 3-15 3 Web – If the address assigned by DHCP is no longer funct ioning, you will not be able to renew the IP settings via the w e b interface. Y ou can only restart DHCP service via the web interface if the curren t address is still availabl e. CLI – Enter the following command to rest art DHCP service. Managing Firmware Y o[...]
-
Pagina 52
Configuring the Switch 3-16 3 Downloading System So ftware from a Serv er When downloading runtime code, you can specify the destination fil e name to replace the current image, or first download the file using a dif ferent name from the current runtime code fi le, and then set the new file as t he startup file. Web –Click System, File Manageme n[...]
-
Pagina 53
Basic Configuration 3-17 3 T o del ete a file se lect System, Fil e, Delete. Sel ect the file name from the give n list by checking the tick box and click Apply . Note that t he file currently designated as the startup code cannot be deleted. Figure 3-10 Dele ti ng Files CLI – T o download new firmware form a TFTP server , enter the IP address of[...]
-
Pagina 54
Configuring the Switch 3-18 3 Saving or Restoring Configuration Settings Y ou can upload/do wnload configuration setti ngs to/from a TFTP server or copy fil es to and from switch unit s in a st ack. The configurati on files can be later do wn loaded to restore the switch’s settings. Command Attributes • File Transfer Method – The configuratio[...]
-
Pagina 55
Basic Configuration 3-19 3 Downloading Configuration Set tings from a Server Y ou can download the conf igurat ion file un der a new file name and then set i t as the startup fi le, or you can specify the current sta rtup configuration fi le as the destination file to directly replac e it. Note that the file “Fac tory_Default_Config.cf g” can b[...]
-
Pagina 56
Configuring the Switch 3-20 3 CLI – Enter the IP address of the TFTP server , specify the source file on the server , set the sta rtup file name on the switch, and then rest art the switch. T o selec t another configurati on file as the start -up configuration, use t he boot system command and then rest art the switch. Console Port Settings Y ou [...]
-
Pagina 57
Basic Configuration 3-21 3 • Speed – Sets the t erminal line’ s baud rate f or transmit (to termi nal) and receiv e (from terminal ). Set the s peed to match t he baud rate o f the device conn ected to the serial port. (Range: 96 00, 19200, 38400, 57600, or 1 15200 baud; Default: 9600 bps) • Stop Bits – Sets the number of the s top bits t[...]
-
Pagina 58
Configuring the Switch 3-22 3 CLI – Enter Line Configuration mode for the con sole, then specify the conne ction parameters a s required. T o display the current console port sett ings, use the show line comm and fro m the No rmal Exec level. Telnet Settings Y ou can access the onboard conf ig uration pr ogram over t he network using T elnet (i.e[...]
-
Pagina 59
Basic Configuration 3-23 3 • Password Threshold – Set s the p assword intrusion threshold, which limits t he number of failed l ogon attempts. When the logon attempt threshold is reached, the system interfa ce becomes silent f or a specified amo unt of time (set by the Silent Time parameter) before al lowing the next log on at tempt. (Range: 0-[...]
-
Pagina 60
Configuring the Switch 3-24 3 CLI – Enter Line Configuration mode for a virtu al t erminal, then specify the connection p arameters as required. T o display the current virtual te rmi nal settings, use the show li ne command from t he Normal Exec level. Configuring Event Logging The switch allows yo u to co ntrol t he loggi ng of error messages, [...]
-
Pagina 61
Basic Configuration 3-25 3 • RAM Level – Limits log messages sav ed to the swi tch’s temporary RAM memory for all levels up to the specified level. For exa mple, if level 7 is specifi ed, all messages from level 0 to level 7 will be logged to RAM. (Ra nge: 0-7, Default: 6) Note: The Flash Level must be equal to or less than the RAM Level. Web[...]
-
Pagina 62
Configuring the Switch 3-26 3 Remote Log Configuration The Remote Logs pag e allows you to configure the l ogging of messages that are sent to syslog servers or other management stations. Y ou can also limit the error messages sent t o only those messag es below a specifi ed level. Command Attributes • Remote Log Status – Enables/disables the l[...]
-
Pagina 63
Basic Configuration 3-27 3 CLI – Enter the syslog server host I P address, choose t he facility t ype and set the logging tr ap. Displaying Log Messages The Logs pa ge allows you to scro ll through t he logged sy stem and e vent message s. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on [...]
-
Pagina 64
Configuring the Switch 3-28 3 Sending Simple Mail Transfer Protocol Alerts T o al ert system administ rators of problems, the switch can use SMTP (Simple Mail T ransfer Protocol) to send emai l messages when triggered by log ging events of a specified le vel. The messages a re sent to spec ified SMTP servers on the network and can be retrieved usin[...]
-
Pagina 65
Basic Configuration 3-29 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email add ress, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in th e SMTP Server field and click Add. T o delet e an IP address, click the entry in t he SMTP Server List and click Remove. S pe[...]
-
Pagina 66
Configuring the Switch 3-30 3 CLI – Enter the IP addres s of at least one SMTP serv er , set the syslog severity level to trigger an emai l message, and spe cify t he switch (s ource) a nd u p to f iv e recipi ent (destination) e mail addresses. Enable SMTP with the logg ing sendmail command to complete t he configuration. Use the show logging se[...]
-
Pagina 67
Basic Configuration 3-31 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the swit ch to set it s internal clock based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries . Y ou can also manually set t[...]
-
Pagina 68
Configuring the Switch 3-32 3 CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current ti me and settings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime meridian , zero degrees longitude. T o d[...]
-
Pagina 69
Simple Network Manag ement Protocol 3-33 3 Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication protocol designed specifi cally for managing devices on a network. Equipment commonly managed with SNMP i ncludes switches, routers and host computers. SNMP is typically used to con fi gure these devices for pr[...]
-
Pagina 70
Configuring the Switch 3-34 3 Web – Click SNMP , Configuratio n. Add new communit y strings as required, select the access right s from the Access Mode drop-down list, t hen click Add. Figure 3-22 Configuring SN MP CLI – The following example adds the strin g “spiderman” with read/write access. Specifying Trap Managers and Trap Types T raps[...]
-
Pagina 71
User Authentication 3-35 3 Web – Click SNMP , Configuration. Fill in the IP addres s and community string for each trap manager that will receive these messages, specify the SNMP versi on, mark the trap t ypes required, and then click Add . Figure 3-23 Config uri ng IP Trap Managers CLI – This exampl e adds a trap manager and enables both authe[...]
-
Pagina 72
Configuring the Switch 3-36 3 Command Attributes • Account List – Displays the current list of user account s and associated access levels. (Defaul ts: admin, and guest) • New Account – Displays configuratio n set tings for a new account. - User Name – The name of the user. (Maximum length: 8 charact ers) - Access Level – Specifies the [...]
-
Pagina 73
User Authentication 3-37 3 Configuring Local/Remote Logon Authentic ation Use the Authenticati on Settings menu to restrict mana gement access based on specified user name s and p asswords. Y ou can manually configure access right s on the switch, or you can use a remote access aut hentication server base d on RADIUS or T ACACS+ protocols. Remote A[...]
-
Pagina 74
Configuring the Switch 3-38 3 Command Attributes • Authentication – Select the authenticatio n, or authentication sequen ce required: - Local – User authentica tion is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server onl y. - TACACS – User authentication is perf ormed using a TACACS+ [...]
-
Pagina 75
User Authentication 3-39 3 Web – Click Security , Authent ication Setti ngs. T o configure local or remote authenticati on pref erences, specify the authenti cation sequence (i.e., one to three methods), fill in the parame te rs fo r RADI US o r T ACACS+ authentica ti on if sel e ct ed , and click Apply . Figure 3-25 Authenticati on Settin gs CLI[...]
-
Pagina 76
Configuring the Switch 3-40 3 Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransf er Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to th e switch’s we b int erface. Command Usage • Both the HTTP and HTTPS service can be enabled independ ently on t[...]
-
Pagina 77
User Authentication 3-41 3 Web – Click Security , HTTPS Sett ings. Enable HTTPS a nd speci fy th e port number , then click Appl y . Figure 3-26 HTTPS Setti ngs CLI – This example enables the HTTP secu re server and modifies the port number . Replacing the Default Secure-site Certificate When you log onto the web int erfa ce using HTTPS (for se[...]
-
Pagina 78
Configuring the Switch 3-42 3 Configuring the Secure Shell The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments. These tools, includi ng commands such as rlogin (remo te login), rsh (remote shell), and rcp (remote co[...]
-
Pagina 79
User Authentication 3-43 3 3. Import Client’ s Public Key to the Switch – Use the copy t f tp publ ic-key command (page 4-65) to copy a file contai nin g the public key for all the SSH client’ s granted management acces s to the switch. (Note that these cl ie nts must be configured locally on the switch via the User Accounts p age as describe[...]
-
Pagina 80
Configuring the Switch 3-44 3 Generating the Host Key Pair A host public/pri vate key p air is used to provide secure communicati ons betwe en an SSH client and the switch. Af t er generating this key p air , you must provide the host public key to SSH clien ts and import the clie nt’s public key to the switch as described in the proceedi ng sect[...]
-
Pagina 81
User Authentication 3-45 3 Web – Click Security , SSH, Host-Key Setti ngs. Select the host-k ey type from the drop-down box, select the optio n to save the host key from memory to fla sh (if required) prior t o generating the key , and then click Generate. Figure 3-27 SS H Host-Key Settings CLI – This example generates a host -k ey pair using b[...]
-
Pagina 82
Configuring the Switch 3-46 3 Configuring the SSH Server The SSH server incl udes basic sett ings for authe ntication. Field Attributes • SSH Server St atu s – Allows you to enable/ disable t he SSH server on th e switch. (Default: Disa bled) • Version – The Secure Shell vers ion number. Version 2. 0 is displayed, but the switch supports ma[...]
-
Pagina 83
User Authentication 3-47 3 CLI – This exampl e enables SSH, set s the authen tication p arameters, and displa ys the current configuration. It shows that th e admini strato r has made a conne cti on via SHH, and then disables th is connection. Configuring Port Security Port security is a feature that allows you to co nfigure a switch port with on[...]
-
Pagina 84
Configuring the Switch 3-48 3 • If a port is disabled (shut down) due to a security violation, it mus t be manu ally re-enabled from the Port/Port Confi gurat ion page (page 3-66). Command Attributes •P o r t – Port number. • Name – Descriptive text (page 4-109). • Action – Indicate s the action to be taken when a port security violat[...]
-
Pagina 85
User Authentication 3-49 3 Configuring 802.1X Port Auth entication Network switches can provide open and easy access to net work resources by simply att aching a client PC. Alth ough this automatic conf iguration and access is a desirable feat ure, it also al lows unauthorized personnel to easil y intrude and possibly gain access to sensitive netwo[...]
-
Pagina 86
Configuring the Switch 3-50 3 • The RADIUS server and clie nt a lso have t o su pport th e same EAP authe nticat i on type – MD5. (Some clients have native sup port in Windows, otherwise the dot1 x client must support i t.) Displaying 802.1X Global Settings The 802.1X proto col provides client authentication . Command Attributes • 802.1X Syst[...]
-
Pagina 87
User Authentication 3-51 3 Configuring 802.1X Global Settin gs The 802.1X proto col provides client authentication . Command Attributes • 802.1X System Auth entication Control – Set s the global settin g for 802. 1X. (Default: Disabl ed) Web – Select Security , 802.1X, Configurat ion. Enable 80 2.1X globally for the switch, and click Apply . [...]
-
Pagina 88
Configuring the Switch 3-52 3 • Max-Req – Sets the maximum number of times the swit ch port will retransmit an EAP request packet to the clie nt before it times out the aut hentication sessio n. (Range: 1-10; Default 2) • Quiet Peri od – Sets the time tha t a switch port waits af ter the Max Request Count has been exc eeded before attempt i[...]
-
Pagina 89
User Authentication 3-53 3 CLI – This example set s the 802.1X paramete rs on port 2. For a description of the additional fields displa yed in this exampl e, see “show dot1 x” on page 4-86 . Console(config)#interface ethernet 1/2 4-108 Console(config-if)#dot1x port-control a uto 4-82 Console(config-if)#dot1x re-authenticat ion 4-84 Console(co[...]
-
Pagina 90
Configuring the Switch 3-54 3 Displaying 802.1X Statistics This switch can display st atistics for do t1x protocol exc hanges for any po rt. T able 3-5 802.1X Statistics Parameter Descripti on Rx EAPOL Start The number of EAPOL Start frames that have been rec eived by this Authenticat or . Rx EAPOL Logoff The number of EAPOL Logoff frames th at hav[...]
-
Pagina 91
User Authentication 3-55 3 Web – Select Security , 802.1X, S tatistics. Se lect the require d port and then click Query . Click Refresh to update the st atistics. Figure 3-33 802.1X Port Statistics CLI – This example displays the 802. 1X statistics fo r port 4. Filtering IP Addresses for Management Access Y ou create a list of up to 16 IP addre[...]
-
Pagina 92
Configuring the Switch 3-56 3 • IP address can be configured for SNMP, web and Telnet access respect ively. Each of these groups can include up to five dif ferent sets of ad dresses, eit her individual addresses or address ranges. • When entering addresses fo r the same group (i.e., SNMP, we b or Telnet), the switch will n ot accept overlappi n[...]
-
Pagina 93
Access Control Li sts 3-57 3 CLI – This example allows SNMP access for a specific cli ent. Access Control Lists Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incomin g packets,[...]
-
Pagina 94
Configuring the Switch 3-58 3 3. Explicit default ru le (permit any any) in the ingre ss IP ACL for ing ress ports. 4. Explicit default ru le (permit any any) in the ingress MAC ACL for ingress port s. 5. If no explicit rule is mat ched, the implicit defa ult is permit all. Setting the ACL Name and Type Use the ACL Configuration p age to designat e[...]
-
Pagina 95
Access Control Li sts 3-59 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Address Type – Specifies the so urce IP address. Use “Any” to inc lude all possible addresses, “Host” to speci fy a specific hos t address in th e Address fiel d, or “IP” to speci[...]
-
Pagina 96
Configuring the Switch 3-60 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destination Address Type – Spec if ies the source or destination I P address. Use “Any” to include al l poss ible addresses, “Hos t” to sp ecify a specific host address in th[...]
-
Pagina 97
Access Control Li sts 3-61 3 Web – S pecify the action (i. e., Permit or Deny). S peci fy the source and/or destination addre sses. Select the address type (Any , Host, or IP). If you select “Host,” enter a specific addre ss. If you select “IP ,” enter a subnet address and the mask for an address range. Set any other required criteria , s[...]
-
Pagina 98
Configuring the Switch 3-62 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destinatio n Address Ty pe – Use “Any” to include all possib le addresses, “Host” to indica te a specific MAC ad dress, or “MAC” to speci fy an address range with the Address and [...]
-
Pagina 99
Access Control Li sts 3-63 3 Binding a Port to an Access Control List After configurin g Access Control Lists (ACL), you should bi nd them to the ports that need to filter traf fic. Y ou can assi gn one IP access list to any port, but you can only assign one MAC access li st to all the port s on the switch. Command Usage • You must configure a ma[...]
-
Pagina 100
Configuring the Switch 3-64 3 CLI – This example assigns an IP and MAC access list to port 1, an d an IP access list to port 3. Port Configuration Displaying Connection Status Y ou can use t he Port Informati on or T runk Informat ion pages to display the current connection st atus, includi ng li nk state, spe ed/ duplex mode, flow control, and a[...]
-
Pagina 101
Port Configuration 3-65 3 Web – Click Port, Port In fo rma ti o n or T runk Inform at io n . Figure 3-40 Displayi ng Port/Trunk Information Field Attributes (CLI ) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 100 0BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access t his item on t[...]
-
Pagina 102
Configuring the Switch 3-66 3 • Max MAC count – Shows the maximum number of MAC address that can be learned by a p ort. (0 - 1024 addresse s) • Port security action – Shows the response to take when a security viol ation is detected. (shutdo wn, trap, trap-and-shutdown, or none) Current S tatus: • Link Status – Indicates if the link is [...]
-
Pagina 103
Port Configuration 3-67 3 • Flow Control – Allows automatic or manual selection of fl ow cont rol. • Autonegotiation (Port Capabili ties) – Allows auto-n egotiation to be enabl ed/ disabled. When auto -negotiation is enabl ed, you need to specify the capa bilities to be advertised. When aut o-neg otiation is disabled, you can force the sett[...]
-
Pagina 104
Configuring the Switch 3-68 3 CLI – Select the interface, and the n enter the required settings. Creating Trunk Groups Y ou can create multipl e li nks between devices that work as one virt ual, aggregate link. A port trun k offers a dramatic increase in bandwi dth for netwo rk segments where bottlenecks exist , as well as providing a fault-to le[...]
-
Pagina 105
Port Configuration 3-69 3 • The ports at both ends of a trunk must be configured in an identic al mann er, including communi cation mode (i .e., sp eed, duplex mo de and fl ow control), VLAN assignments, and Co S settings. • All the ports in a trun k have to be treated as a whole when move d from/to, added or deleted from a VLAN. • STP, VLAN,[...]
-
Pagina 106
Configuring the Switch 3-70 3 CLI – This example creates trunk 2 wi th ports 1 and 2. Just conne ct these ports to two stati c trunk ports on ano ther switch to form a tru nk. Enabling LACP on Selected Port s Command Usage • To avoid creat ing a loop in t he network, be sure you enable LACP b efore connecting the ports, and also disconnec t the[...]
-
Pagina 107
Port Configuration 3-71 3 Command Attributes • Member List (Current) – Shows configured trunks (Unit, Port). • New – Includes entry fields f or creating new trunks. - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) Web – Click Port, L ACP , Configuration. Select any of the switch po rts from t he scroll-down po[...]
-
Pagina 108
Configuring the Switch 3-72 3 CLI – The followi ng example enables LACP for ports 1 t o 6. Just connect these ports to LACP-enabled trunk port s on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp 4-125 Console(config-if)#exit . . . Console(config)#interface ethernet 1/6 Console(config-if)#lacp [...]
-
Pagina 109
Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must me et the followin g criteria: • Ports must have the same LACP Sy stem Priority. • Ports must have the same LACP port Admin Key. • However, if t he “port chan nel” Admin Key is se t (page 4-142), t he[...]
-
Pagina 110
Configuring the Switch 3-74 3 Web – Click Port, L ACP , Aggregation Port. Set the System Priority , Admin Key , and Port Priority for the Port Actor . Y ou can optionally conf igure these settings for the Port Partner . (Be aware th at these sett ings onl y af fect the administ rative st ate of the partne r , and will not tak e effect un til the [...]
-
Pagina 111
Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for port s 1-4. Ports 1-4 are used as active members of the LAG . Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages . Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp actor system-pr iority 3 4-126 Console(con[...]
-
Pagina 112
Configuring the Switch 3-76 3 Web – Click Port, LACP , Port Counters Inf ormation. Select a member port to display the corresponding info rmation. Figure 3-45 L ACP - Port Counter s Information CLI – The following example displ ays LACP counters. LACPDUs Unknown Pkts Number of frames receiv ed that either (1) Carry the Slow Protocols Ethernet T[...]
-
Pagina 113
Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display confi gurat ion settings and the operati onal state for th e loca l side of an link aggrega tion. T able 3-7 LACP Internal Configuration Informat ion Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Cu[...]
-
Pagina 114
Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informati on. Select a port channel to di spl ay the corresponding info rmation. Figure 3-46 LACP - Port Internal Infor mation CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the local side of port channel 1. Console#show lacp [...]
-
Pagina 115
Port Configuration 3-79 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal state for the remote side of an link aggregat ion. Web – Click Port, L ACP , Port Neighbors In formation. Select a port channel t o display the correspondi ng in formation. Figure 3-47 LACP - Port Neig [...]
-
Pagina 116
Configuring the Switch 3-80 3 CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the remote s ide of port channel 1. Console#show lacp 1 neighbors 4-129 Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- [...]
-
Pagina 117
Port Configuration 3-81 3 Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malf unctioning, or if application programs are no t well designed or properl y configured. If there is too much broadcast traf fic on your network, perfo rmance can be severely degraded or everything c an come to complete halt. [...]
-
Pagina 118
Configuring the Switch 3-82 3 CLI – S pecify any int erface, and then enter the thres hol d. The following disables broadcast storm contro l for port 1, and then set s broadcast suppressi on at 600 octets per seco nd for port 2 (which applies to all po rts). Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port[...]
-
Pagina 119
Port Configuration 3-83 3 • Target Unit – The unit whose port will “duplica te” or “mirror” the traffic on the source port. • Target Port – The port that will mi rror the traffic o n the source port. Web – Click Port, Mirror Port Configuration. S pecif y the source port/unit, the traffic type to be mirrored, and the moni to r port[...]
-
Pagina 120
Configuring the Switch 3-84 3 Rate Limit Granul arity Rate limit granulari ty is an additional fe atu re enabling the network manager great er control over traf fic on the network. The “rate li mit granularity” is multiplie d by the “rate limit level” (p age 3-84) to set the actual rate limit for an interface. Granularit y is a global setti[...]
-
Pagina 121
Port Configuration 3-85 3 Web – Click Port, Rate Limit, Input/Output Port/T runk Configuration. Enable the Rate Limit S tatus for the required interfaces, set th e Rate Limit Level, and cli ck Apply . Figure 3-51 Output Rate Li mit Port Configurati on CLI - This example sets the rat e limit level for input and output traf fic passing through port[...]
-
Pagina 122
Configuring the Switch 3-86 3 T able 3-9 Po rt Statis tics Parameter Description Interface Stat istics Received Octets The total number of octets received on the interface, in cluding framing characters. Received Unicast Pack ets The number of subnetwo rk-unica st packets delivered to a highe r-layer protocol. Received Multicast Packets The number [...]
-
Pagina 123
Port Configuration 3-87 3 Excessive Collisions A count of frames for which tr ansmission on a particular interfac e fails due to excessiv e collisions. This counter does n ot increment when the interface is operating in full-dup lex mode. Single Collision Frames The number of successfully t ransmitted frames for which transmiss ion is inhibited by [...]
-
Pagina 124
Configuring the Switch 3-88 3 Fragments The total number of frames received that were less than 64 octets in length (excluding framing bit s, but including FCS octe ts ) and had either an FCS or alignment error . 64 Bytes Frames Th e tot al number of frames (including bad packets) received and transmitted that were 64 octets in length (exc luding f[...]
-
Pagina 125
Port Configuration 3-89 3 Web – Click Port, Port S tatistics. Sel ect the required int erface, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen. Figure 3-52 Port Statistics[...]
-
Pagina 126
Configuring the Switch 3-90 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for al l known devices. Thi s information is used to pa ss traff ic directly between the inboun d and outbound ports. All the addresses learned by monitoring traf f ic are stored in t he dynamic address t able. Y ou[...]
-
Pagina 127
Address T able Settings 3-91 3 Web – Click Address T able, S tatic Ad dresses. S pecify th e interface, the MAC address and VLAN, then click Add S tatic Address. Figure 3-53 Configurin g a Static Address Table CLI – This exampl e adds an address to the st atic address t able, but set s it to be deleted when t he switch is reset. Displaying the [...]
-
Pagina 128
Configuring the Switch 3-92 3 Web – Click Address T able, Dynamic Add resses. S pecify the search type (i.e., mark the Interfac e, MAC Ad dress, or VLAN checkbox), select the met hod of sorting the displayed addresses, and the n click Query . Figure 3-54 Configurin g a Dynamic Address Table CLI – This example also displa ys the address table en[...]
-
Pagina 129
Spanning Tree Algorithm Configuration 3-93 3 Changing the Aging Time Y ou can set the aging ti me for entries in the dynamic add ress table. Command Attributes • Aging Status – Enables/disables the funct ion. • Aging Time – The time after which a learned entry is di scarded. (Range: 10-30000 seconds; Default: 300 second s) Web – Click Add[...]
-
Pagina 130
Configuring the Switch 3-94 3 Once a st able network topolo gy has been est ablished, al l bridges listen for Hello BPDUs (Bridge Protocol Data Unit s) transm itt ed from the Root Bridge. If a brid ge does not get a Hello BPDU af ter a predefined interval (Maximum Age), t he brid ge assumes that the link to th e Root Bridge is down. This bridge wil[...]
-
Pagina 131
Spanning Tree Algorithm Configuration 3-95 3 information that would make it return to a discard ing state; othe rwise, temporary data loops mi ght result. • Designated Root – The priority and MAC address of th e device in the Spanning Tree that this switch has accep ted as the root device. - Root Port – The number of the port on this switch t[...]
-
Pagina 132
Configuring the Switch 3-96 3 Web – Click S panning T ree, ST A, Informatio n. Figure 3-56 Displaying Spa nning Tree Information CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Console#show s[...]
-
Pagina 133
Spanning Tree Algorithm Configuration 3-97 3 Configuring Global Settings Global setti ngs apply to the entire switch. Command Usage • Spanning Tree Protoco l* Uses RSTP for the internal stat e machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol * 8 RSTP supports conne ctions to either STP or RSTP nodes by monitoring the incomin[...]
-
Pagina 134
Configuring the Switch 3-98 3 • Maximum Age – The maximum time (in sec onds) a device can wait without receiving a configurat io n message before attempting to reconfigure. All device ports (except for designated port s) should receive configuration messag es at regular inte rv als. Any port that ages out STA information (provided in the last c[...]
-
Pagina 135
Spanning Tree Algorithm Configuration 3-99 3 Web – Click S p anni ng T ree, ST A, Configuration. Modify the required attributes, and click Apply . Figure 3-57 Config uri ng Spanning Tree CLI – This example enables S panning T ree Protocol, s et s the mode to RSTP , and then configures the ST A and RSTP parameters. Console(config)#spanning-tree [...]
-
Pagina 136
Configuring the Switch 3-100 3 Displaying Interface Settings The ST A Port Information and ST A Trunk I nformation pag es display the current status of ports an d trunks in th e S pann ing T ree. Field Attributes • Spanning Tr ee – Shows if STA has been enabled on th is in terface. • STA Status – Displays current state of this port withi n [...]
-
Pagina 137
Spanning Tree Algorithm Configuration 3-101 3 • Trunk Member – Indicates if a port is a member of a tr unk. (STA Port Information only) These additional p arameters are only displayed fo r the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This paramet er is used by the STA to determine t he best path between de[...]
-
Pagina 138
Configuring the Switch 3-102 3 • Admin Edge Port – You can enable this option if an int erface is attached to a LAN segment that is at th e end of a bridged LAN or to an end node. Since end nodes cannot cause f orwarding loops, they c an pass directly through t o the spanning tree forwarding state. Spe cifying Edge Ports provides quicker co nve[...]
-
Pagina 139
Spanning Tree Algorithm Configuration 3-103 3 Configuring Interface Settings Y ou can configure RSTP attributes for s pecific interfa ces, including po rt priority , pat h cost, link type, and edge port. Y ou may use a diff erent priority or path cost for port s of the same media type to in dicate the preferred pat h, link type to indicate a point-[...]
-
Pagina 140
Configuring the Switch 3-104 3 • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exac tly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines i f th e interface is attached to a point-to-point link or to s hared media. (This is the de[...]
-
Pagina 141
VLAN Configuration 3-105 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to iso late broadcast traff ic for each subnet into separate d omains. Th is switch provides a similar s ervice at Layer 2 by using VLANs to organize any group of network nod es into separate broadcast domains. VLANs confine broadcast traf fic to the[...]
-
Pagina 142
Configuring the Switch 3-106 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN- unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging. VLAN Classification – When the switch receives a fr ame, it classifies the frame in one of two[...]
-
Pagina 143
VLAN Configuration 3-107 3 these host s, and core switches in the network, enabl e GVRP on the links between these devices. Y ou should also determine security boundaries in th e network and disable GVRP on the boundary port s to prevent advertisement s from being propagated , or forbid those ports from jo in ing restricted VLANs. Note: If you have[...]
-
Pagina 144
Configuring the Switch 3-108 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Prot oco l (GVRP) defines a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the network. VLANs are dynamically config ured based on join messages issued by host devices and propagat ed throughout the ne[...]
-
Pagina 145
VLAN Configuration 3-109 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T abl e shows t he current port members of each VLAN and whether or not the port supp orts VLAN t agging. Port s assigned to a large VLAN group that crosses several switches sh ould use VLAN tagging. However , if you just want to create a small[...]
-
Pagina 146
Configuring the Switch 3-110 3 Web – Click VLAN, 802.1Q VLAN, Current T able. Select any ID from t he scroll-down list. Figure 3-62 Disp laying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no lea din g zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatic ally learned via GV[...]
-
Pagina 147
VLAN Configuration 3-111 3 Creating VLANs Use the VLAN S tat i c List to create or remove VLAN groups. T o propagate information abo ut VLAN group s used on this switch to ex ternal network de vices, you must specify a VLAN ID for each of thes e groups. Command Attributes • Current – Lists all the curre nt VLAN groups created for this system. U[...]
-
Pagina 148
Configuring the Switch 3-112 3 CLI – This example creates a new VLAN. Adding Static Members to VLANs (VLAN Index) Use the VLAN S tat ic T able to con figure port members for the selected VL AN index. Assign ports a s t agged if they are co nnect ed to 802. 1Q VLAN co mplian t d evic es, or untagged t hey are not connected to any VLAN-aware device[...]
-
Pagina 149
VLAN Configuration 3-113 3 • Membership Type – Select VLAN membership for each int erface by marking the appropriate radio button fo r a port or trunk: - Tagged : Interface is a member of the VLAN. All packet s transmitted by the port will be tagged, th at is, carry a t ag and t herefore c arry VLAN or CoS i nfo rmation. - Untagged : Interface [...]
-
Pagina 150
Configuring the Switch 3-114 3 Adding Static Members to VLANs (Port Index) Use the VLAN S tat ic Membership by Port menu to assi gn VLAN groups to the selected interfa ce as a tagged member . Command Attributes • Interface – Port or trunk identif ier. • Member – VLANs for which the select ed i nterface is a tagged membe r. • Non-Member ?[...]
-
Pagina 151
VLAN Configuration 3-115 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN beh avior fo r specifi c inte rface s, includi ng the d efaul t VLAN identifier (PVID), acce pted frame types, in gress fi ltering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a wa y for switches to exchan[...]
-
Pagina 152
Configuring the Switch 3-116 3 • GARP Leave Timer 10 – The interval a port waits before leav ing a VLAN group. This time shoul d be set to more than t wice the joi n time. This ensures that afte r a Leave or LeaveAll message has be en issued, t he applicants can rejoin before the port actually leave s the group. (Range: 60-3000 centisecon ds; D[...]
-
Pagina 153
VLAN Configuration 3-117 3 CLI – This exampl e set s port 3 to accept only t agged frames, assi gns PVI D 3 as th e native VLAN ID, enabl es GVRP , set s the GARP timers, and then se t s the switchport mode to hybrid. Private VLANs Private VLANs provide port-based security and isolation between p orts within the a ssigned VLAN. This switch suppor[...]
-
Pagina 154
Configuring the Switch 3-118 3 2. Use the Private VLAN Port Configurati on men u (page 3-121) to set the port type to promis cuous (i.e., the single channel t o the external network), or isolated (i.e., havi ng acc ess only to the promiscuous port in it s own VLAN). Then assign the promiscuous port and all host ports to an isolated VLAN. Displaying[...]
-
Pagina 155
VLAN Configuration 3-119 3 Configuring Private VLANs The Private VLAN Configuratio n pa ge is us ed to create/ remove primary , community , or isolated VLANs. Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Type – There are three types of private VLANs: - Primary VLANs – Conveys traff ic between promisc uous ports, a nd t[...]
-
Pagina 156
Configuring the Switch 3-120 3 Web – Click VLAN, Priva te VLAN, Associatio n. Sele ct the required prima ry VLAN from the scroll -down box, highlight one or more community VLANs in the Non-Association list bo x, and click Add to associate th ese entries with the select ed primary VLAN. (A community VLAN can onl y be associated wit h one primary V[...]
-
Pagina 157
VLAN Configuration 3-121 3 Web – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Info rmatio n CLI – This example shows the switch configured wit h prima ry VLAN 5 and community VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have bee n configured [...]
-
Pagina 158
Configuring the Switch 3-122 3 • Community VL AN – A community VLAN conveys traffi c between community ports, and fro m community ports to thei r desig nated promiscuous port s. Set PVLAN Port T ype to “Host,” and then specif y the associated Community VLAN. • Isolated VLAN – Conveys tra ffic only bet we en the VLAN’s is ola ted ports[...]
-
Pagina 159
Class of Service Conf iguration 3-123 3 Class of Service Configuration Class of Service (CoS) al lows you to specif y which data packet s have greater precedence when traf fic is buf fered in the switc h due to congestion. Thi s switch supports Co S with four priority queu es for each port. Data p acket s in a port’s high-priority queu e wil l be[...]
-
Pagina 160
Configuring the Switch 3-124 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then cli ck Apply . Figure 3-72 Po rt Priority Configuration CLI – This example assigns a defau lt priority of 5 to port 3. Console(config)#interface ethernet 1/3 4-108 Console(config-if)#swit[...]
-
Pagina 161
Class of Service Conf iguration 3-125 3 Mapping CoS Values to Egress Que ues This switch processe s Class of Service (CoS) p riority tagge d traffi c by using four priority queues for each port, wit h servi ce schedules based on strict or We ighted Round Robin (WRR). Up to ei ght separate traf fic priorities are defi ned in IEEE 802.1p. The default[...]
-
Pagina 162
Configuring the Switch 3-126 3 Web – Click Priority , T raff ic Classes. The current mapping of CoS val ues t o output queues is displayed. Assign priorities to the traf fic classes (i.e., out put queues), then click Appl y . Figure 3-73 Traffic Classes CLI – The following example shows ho w to change the CoS assignment s to a one-to-one mappin[...]
-
Pagina 163
Class of Service Conf iguration 3-127 3 Selecting the Queue Mode Y ou can set the switch to servi ce the queues based on a strict rule that requi res all traff ic in a higher pri ority queue to be processed before l ower priority queues a re serviced, or use W eighted Round-Robin (WRR) queuin g that specifies a relative weight of each queue. WRR us[...]
-
Pagina 164
Configuring the Switch 3-128 3 Web – Click Priorit y , Queue Sc hedu li ng. Hi ghl igh t a traf fic class (i .e., ou tpu t que ue), enter a weight, th en click Apply . Figure 3-75 Configuring Queue Scheduling CLI – The following example sho ws how to assign WRR weight s to each of the priority queues. Layer 3/4 Priority Settings Mapping Layer 3[...]
-
Pagina 165
Class of Service Conf iguration 3-129 3 Selecting IP Precedence/DSCP Prio rity The switch allows you to choose betwe en using IP Precedence or DSCP priority . Select one of the methods or disabl e this feature. Command Attributes • Disabled – Disables both priority service s. (This is the default setti ng.) • IP Precedence – Maps l ayer 3/4[...]
-
Pagina 166
Configuring the Switch 3-130 3 Web – Click Priority , IP Precedence Priority . Select an entry from the IP Preceden ce Priority T able, enter a value i n the Class of Service V alue f ield, and then cl ick Apply . Figure 3-77 IP Precedence Prior ity CLI – The f ollowing example globally ena bles IP Precedence se rvice on the swi tch, maps IP Pr[...]
-
Pagina 167
Class of Service Conf iguration 3-131 3 Mapping DSCP Priority The DSCP is six bits wide , allowing coding for up to 64 dif ferent forwarding behaviors. The DSCP replaces the T oS bits, but it retain s backward compatibili ty with the three precede nce bits so that non-DSCP co mpliant, T oS-enabled devices, will not conflic t with the DSCP mapping. [...]
-
Pagina 168
Configuring the Switch 3-132 3 CLI – The following example global ly enables DSCP Priority service on t he swit ch, maps DSCP value 0 t o CoS value 1 (o n port 1), and the n displays th e DSCP Priority settings. * Mapping speci fic values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the all inter[...]
-
Pagina 169
Class of Service Conf iguration 3-133 3 Click Priority , IP Port Priorit y . Enter the port number for a network application in t he IP Port Number box and the new CoS value in the Cla ss of Service box, and then click Apply . Figure 3-80 IP Port Pr iority CLI – The following example global ly enables IP Port Priority service on the switch, maps [...]
-
Pagina 170
Configuring the Switch 3-134 3 Command Attributes • Port – Port identifier. • Name 15 – Name of ACL. • Type – Type of ACL (IP or MAC). • CoS Pr iority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Prior ity Mapping – Displays the configured information. Web – Click Priority , ACL CoS Priority . E[...]
-
Pagina 171
Multicast Filt ering 3-135 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio. A multicast server does not have to est ablish a sep arate connection wit h each client. It merel y bro adcasts it s service to the network, and any host s that want to receive the multicast registe[...]
-
Pagina 172
Configuring the Switch 3-136 3 Configuring IGMP Sn ooping and Query P arameters Y ou can configure the switch t o forward multicast traff ic intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the port s tha t request multicast tr affic. This preven ts the switch from broadcast ing the traf f ic to all[...]
-
Pagina 173
Multicast Filt ering 3-137 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP set tings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-82 IGMP Configura tion CLI – This exampl e modifies the se ttings for mul ticast filt ering, and then di splays the current st atus. Displaying Interfaces A[...]
-
Pagina 174
Configuring the Switch 3-138 3 Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multicast routers dynamically discovered by this swit ch or those that are statical ly assigned to an interfa ce on this switch. Web – Click IGMP Snoopi ng, Multicast Router Port Inf ormation. Select the re quired VLAN I[...]
-
Pagina 175
Multicast Filt ering 3-139 3 Web – Click IGMP Snoopi ng, S tatic Multicast Router Port Config uration. S pecify the interfaces att ached to a mult icast router , indicate the VLAN which will forward al l the corresponding mult icast traf fic, and then click Add. Aft er you have finished adding interfaces to the li st, click Apply . Figure 3-84 St[...]
-
Pagina 176
Configuring the Switch 3-140 3 Displaying Port Members of Multicast Se rvices Y ou can display the port members associ ated with a specified VLAN and multica st service. Command Attributes • VLAN ID – Selects the VLAN for which to display port members. • Multicast IP Address – The IP address for a speci fic multicast service. • Multicast [...]
-
Pagina 177
Multicast Filt ering 3-141 3 Assigning Ports to Multicast Services Multicast f iltering can b e dynamically co nfigured usin g IGMP Snooping an d IGMP Query messages as described in “Config uring IGMP snooping and Query Parameters” on page 3 - 133. For ce rt ain applica tions th at requi re ti ght er control , you may need to st aticall y confi[...]
-
Pagina 178
Configuring the Switch 3-142 3 CLI – This example assigns a multic ast address to VLAN 1, and then disp lays all the known multicast services suppo rted on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 4-182 Console(config)#exit Console#show mac-address-table multicas t vlan 1 4-184 VLAN M'cast IP addr. Memb[...]
-
Pagina 179
4-1 Chapter 4: Command Line Interface This chapter descri bes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface for the switch over a direct con nection to the server’s console port, or via a T elnet connection, the switch can be managed by entering command key[...]
-
Pagina 180
Command Line Interfa ce 4-2 4 Note: The IP address for this switch is obtained via DHCP by default. T o access t he switch through a T elnet session, you must first set the IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet. For exampl e, If your corp orate network is c onnected to [...]
-
Pagina 181
Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords an d arguments. Keywords identify a command, and argument s specify configuration p arameters. For example, in the command “show interfaces st atus ethernet 1/5,” show interfaces and status ar[...]
-
Pagina 182
Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration cl ass (Global, ACL, Interface, Line or VLAN Dat abase). Y ou can also display a list of valid keywords for a specific comm[...]
-
Pagina 183
Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a partial keyword with a qu estion mark, alternati ves that match t he initial letters are provi ded. (Remember not to leave a sp ace between the command and question mark.) For exampl e “ s? ” shows all the keywords starti ng with “s.” Negating the Effect of Commands For many[...]
-
Pagina 184
Command Line Interfa ce 4-6 4 Exec Commands When you open a new console session on the swit ch wit h the user name and password “guest,” the system enters the Normal Exec command mod e (or guest mode), displaying th e “Console>” command prompt. Only a limit ed number of the commands are available in t his mode. Y ou can access all comman[...]
-
Pagina 185
Entering Commands 4-7 4 T o ent er the Global Configurati on mode, ente r the command configure in Privileged Exec mode. The s ystem prompt will change to “Consol e(config)#” which gives you access privilege to all Global Configuration comma nds. T o ente r the other modes, at the confi guration prompt type one of the fo llowing commands. Use t[...]
-
Pagina 186
Command Line Interfa ce 4-8 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and p arameters as long as t hey conta in enough letters to diff erentiate them f rom any other curre ntly available comma nds or paramet ers. Y ou can use t he T ab k ey to complete parti al commands, or enter a p artial command fol[...]
-
Pagina 187
Command Groups 4-9 4 Command Groups The system commands can be broken down into the functiona l groups shown bel ow . The access mode shown in the followi ng tables is indic ated by these abbreviati ons: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Confi guration) GC (Global Configuratio n) VC (VLAN Database Conf igur[...]
-
Pagina 188
Command Line Interfa ce 4-10 4 Line Commands Y ou can access the onboard config uration program b y attaching a VT100 compatib le device to the server’s serial port. These commands are used to set communication p arameters for the serial port or T elnet (i.e., a virtual terminal). line This command identif ies a specifi c line for con figuration,[...]
-
Pagina 189
Line Comma nds 4-11 4 Command Usage T elne t is considered a virtual terminal connection and wil l be shown as “Vty” in screen displays such as show users . However , the serial communication paramet ers (e.g., dat abits) do not af fect T elnet connections. Example T o en ter console l ine mode, enter t he following comman d: Related Commands s[...]
-
Pagina 190
Command Line Interfa ce 4-12 4 Example Related Commands username (4-26) password (4-12) password This command specifies the password for a line. Use the no form to rem ove the password. Syntax p assword { 0 | 7 } pass wor d no pa ssword •{ 0 | 7 } - 0 means plain password, 7 means encryp ted password • password - Character string t hat specifie[...]
-
Pagina 191
Line Comma nds 4-13 4 timeout login response This command sets th e interval that the system waits for a user to log into the CLI. Use the no form to restore the default. Syntax timeout l ogin respons e [ seconds ] no timeout lo gin response seconds - Integer that specifies the timeout interval. (Range: 0 - 300 seconds; 0: disabled) Default Setting[...]
-
Pagina 192
Command Line Interfa ce 4-14 4 Command Mode Line Configuration Command Usage • If user input is detec ted within the timeout int erval, the session is kept open ; otherwise the sessi on is terminated. • This command app lies to both the local consol e and Telnet con nections. • The timeout for Telnet cannot b e disabled. • Using the command[...]
-
Pagina 193
Line Comma nds 4-15 4 Related Commands silent-ti me (4-15) timeout login response (4-13) silent-time This command sets th e amount of time the management cons ole is inaccessible after the nu mber of uns uccessful logon atte mpt s exceeds the threshold set by the p assword-thresh command. Use the no form to remove th e silent time valu e. Syntax si[...]
-
Pagina 194
Command Line Interfa ce 4-16 4 Command Usage The databi ts command can be used to mask t he high bit o n input from devices that generat e 7 data bit s with parity . If p arity is being gene rated, specify 7 dat a bits pe r character . If no parity is re quired, specify 8 d ata bit s per character . Example T o speci fy 7 data bit s, enter this com[...]
-
Pagina 195
Line Comma nds 4-17 4 speed This command sets th e terminal line’ s baud rate. This command set s both the transmit (to t erminal) an d receive (f rom terminal) sp eeds. Use t he no form to restor e the default sett in g. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 1 15200 bps) Default Settin[...]
-
Pagina 196
Command Line Interfa ce 4-18 4 disconnect This command termina tes an SSH, T elnet, or console con nection. Syntax disconnec t session-id session-id – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecifying session identifier “0” wil l disconnect the console con nec[...]
-
Pagina 197
General Comma nds 4-19 4 Example T o sh ow all lines, enter this command: General Commands enable This command activates Pri v il eged Exec mode. In privileged mode, add itional commands are avail able, and cert ain command s display addi tional informat ion. See “Understandin g Command Modes” on page 4-5. Syntax enable [ level ] level - Privil[...]
-
Pagina 198
Command Line Interfa ce 4-20 4 Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the def ault password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on p age 4-27.) • The “#” character is appended to the end of the prompt to indi[...]
-
Pagina 199
General Comma nds 4-21 4 configure This command activates Globa l Configuration mode. Y ou must enter this mode to modify any settings on the switch. Y ou must also enter Global Config uration mode prior to enabling some of the oth er configuration modes, incl uding Interface Configuration, Line Conf iguration, and VLAN Dat abase Configuration . Se[...]
-
Pagina 200
Command Line Interfa ce 4-22 4 The ! command repeats commands from the Execution command history buf fer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command hist ory buffer when you are in any of the configuration modes. In this example , the !2 command repeat s the second command in the Execution histo [...]
-
Pagina 201
General Comma nds 4-23 4 exit This command returns to the previous conf iguration mode or exit the confi guration program. Default Setting None Command Mode Any Example This example shows how to return to the Pri vileged Exec mode from the Global Configuration mode, and then quit the CLI session : quit This command exit s the configuration program.[...]
-
Pagina 202
Command Line Interfa ce 4-24 4 System Management Commands These commands are used to control system l ogs, passwords, user n ames, browser configuration options, and di splay or confi gure a variety of other system information. Device Designation Commands prompt This command customi zes the CLI prompt. Use the no form to restore the default prompt.[...]
-
Pagina 203
System Management Comma nds 4-25 4 Example hostname This command specifies or modif ies the host name for this device . Use the no form to restore the de fault host name. Syntax hostname name no hostname name - The name of this host. (M aximum length: 255 characters) Default Setting None Command Mode Global Configurat ion Example User Access Comman[...]
-
Pagina 204
Command Line Interfa ce 4-26 4 username This command adds named users, requi res aut hentication at logi n, specifies or changes a user's pas swo rd (o r sp eci fy that no p assword is requ ired), or specifi es or changes a user's a ccess level. Use t he no form to remove a user name. Syntax username name { access-level level | nopassword[...]
-
Pagina 205
System Management Comma nds 4-27 4 enable password After initiall y logg ing onto the system, you should se t the Privil eged Exec p asswo rd. Remember to record it in a safe place. Thi s command controls access to the Privileged Exec level f rom the Normal Exec level. Use the no form to reset the default p assword. Syntax enable p assword [ level [...]
-
Pagina 206
Command Line Interfa ce 4-28 4 IP Filter Commands management This command specif ies the cli ent IP addresses that are allowed mana gement access to the switch through various protocols. Use the no form to restore the default setti ng. Syntax [ no ] management { all-cl ient | http-client | snmp-client | telnet-client } start-address [ end-address ][...]
-
Pagina 207
System Management Comma nds 4-29 4 Example This example re stricts ma nagement access to t he indicated add resses. show managem ent This command displays the cli ent IP addresses that are allowed management access to the swi tch through various protocols. Syntax show management { all-client | http-client | snmp-client | telnet-client } • all-cli[...]
-
Pagina 208
Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by t he web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 80 Command Mode Globa[...]
-
Pagina 209
System Management Comma nds 4-31 4 Example Related Commands ip http port (4 -3 0) ip http secure-server This command enables the secure hype rtext transfer protocol (HTTPS) over th e Secure Socket Layer (SSL), providing se cure access (i.e., an encrypt ed connection) to the switch’ s web interface. Use the no form to disable thi s function. Synta[...]
-
Pagina 210
Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4 -32) copy tf tp https-certi ficate (4-65) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’ s web interface. Use the no form to restore the default po rt. Syntax ip http secure- port port_numb er no ip http secu[...]
-
Pagina 211
System Management Comma nds 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number used by t he T elne t interface. Use the no form to use the default port . Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 23 Comman[...]
-
Pagina 212
Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments. These tools, includi ng commands such as rlogin (remo te login), rsh [...]
-
Pagina 213
System Management Comma nds 4-35 4 The SSH server on this switch suppo rts both pas sword and public key authenticati on. If p assword authenticatio n is specified b y the SSH client, then the password can be authe nticated either locall y or via a RADIUS or T ACACS+ remote authenticati on server , as speci fi ed by the authentication login command[...]
-
Pagina 214
Command Line Interfa ce 4-36 4 corresponding t o the public keys stored on t he switch can gai n access. The following exch anges take pl ace during this p rocess: a. The client sends it s public key to the switch. b. The switch compar es the client's public key to those st ored in memory . c. If a match is found , the switch uses the public k[...]
-
Pagina 215
System Management Comma nds 4-37 4 ip ssh timeout This command config ures the timeout for t he SSH server . Use the no form to restore the default sett in g. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation. (Range: 1- 120) Default Setting 10 seconds Command Mode Global Configurat i[...]
-
Pagina 216
Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size This command sets the SSH serve r key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey . (Range: 512-896 bits) Default Setting 768 bits Command M[...]
-
Pagina 217
System Management Comma nds 4-39 4 Example ip ssh crypto host-key generate This command generates the host key p air (i.e., public and pri vate). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type. Default Setting Generates both the DSA and RSA key p airs. Command Mode Pr[...]
-
Pagina 218
Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from f lash memory. • The SSH server must be disabl ed before you can execute this command. Example Related Commands ip ssh crypto host-key genera[...]
-
Pagina 219
System Management Comma nds 4-41 4 Example show ssh This command displays the current SSH server connect ions. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Username Encryption 0[...]
-
Pagina 220
Command Line Interfa ce 4-42 4 show public-key This command shows the public key fo r the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no para meters are ente red, [...]
-
Pagina 221
System Management Comma nds 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory . The no form disables the logging process. Syntax [ no ] logging on Default Setting None Command Mode Global Configurat ion Command Usage The logging process control s error message[...]
-
Pagina 222
Command Line Interfa ce 4-44 4 logging history This command limi ts syslog mes sages saved to s witch memory based o n severity . The no form return s the logging of syslog messages to the default level. Syntax logging histo ry { flash | ram } leve l no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.e., permane[...]
-
Pagina 223
System Management Comma nds 4-45 4 logging ho st This command adds a syslog server host IP address that wi ll receive logging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server . Default Setting None Command Mode Global Configurat ion Command Usage[...]
-
Pagina 224
Command Line Interfa ce 4-46 4 logging tra p This command enables the logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on severity . Use this command without a specif ied level to enable re mote logging. Use the no form to disable remote loggi ng. Syntax logging trap [ le vel ] no logging [...]
-
Pagina 225
System Management Comma nds 4-47 4 Related Commands show logging (4-47) show logging This command displays the conf iguration settings fo r logging messages to loca l switch memory , to an SMTP event handler , or to a remote syslog server . Syntax show logging { flash | ram | sendmail | trap } • flash - Displays settings for storing event message[...]
-
Pagina 226
Command Line Interfa ce 4-48 4 The following example dis plays settings for the trap fun ction. Related Commands show logging s endmail (4-52) show log This command displays the system and event messages stored in memory . Syntax show log { flash | ram } [ login ] [ tai l ] • flash - Event hi story stored in fl ash memory (i.e., p ermanent memory[...]
-
Pagina 227
System Management Comma nds 4-49 4 Example The following example shows sampl e messages stored in RAM. SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP serv ers and email reci pients. logging sendmail ho st This command specif ies SMTP serve rs that wi ll be sent alert messa [...]
-
Pagina 228
Command Line Interfa ce 4-50 4 Command Mode Global Configurat ion Command Usage • You can specify up to three SMTP servers for event han din g. However, you must enter a separate command to speci fy each server. • To send email a lerts, the swit ch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally[...]
-
Pagina 229
System Management Comma nds 4-51 4 logging sendmail source- email This command sets th e email address used for the “From” field in al ert messages. Use the no form to delet e the source emai l address. Syntax [no] logging se ndmail sour ce-email email-address email-address - The source email address used in alert messages. (Range: 0-41 charact[...]
-
Pagina 230
Command Line Interfa ce 4-52 4 logging s endmail This command enables SMTP even t hand ling. Use the no form to disable this function. Syntax [ no ] loggin g sendmail Default Setting Enabled Command Mode Global Configurat ion Example show logging sendmail This command displ ays the settings for the SMTP event handl er . Command Mode Normal Exec, Pr[...]
-
Pagina 231
System Management Comma nds 4-53 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP). Maintaini ng an accurate time on the switch ena bles the system log to record meaningful dates and t imes for event entries. If th e clock is not set, the switch will only record the time from the facto[...]
-
Pagina 232
Command Line Interfa ce 4-54 4 Example Related Commands sntp server (4-54) sntp poll (4 -55) show sntp (4-55) sntp server This command sets th e IP address of the se rvers to which SNTP time request s are issued. Use the this comman d with no arguments to clear all time servers from the current list. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip - IP[...]
-
Pagina 233
System Management Comma nds 4-55 4 sntp poll This command sets th e interval between send ing time requests wh en the switch is set to SN TP client mode. Use the no f orm to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds ) Default Setting 16 seconds Command Mode Globa[...]
-
Pagina 234
Command Line Interfa ce 4-56 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | af ter-utc } • name - Name of timezone, usua ll y an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 0-12 hou rs) • minute[...]
-
Pagina 235
System Management Comma nds 4-57 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, April 1st, 2004. show calend ar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileg ed Exec Example System Status Commands light unit This command displ[...]
-
Pagina 236
Command Line Interfa ce 4-58 4 Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The unit ID is displayed using the port status LED in dicators for ports 1 to 8. When the light unit command is ent ered, the LED corresponding to the switch’ s ID will flash for about 15 seconds. Example show startu p-config This command [...]
-
Pagina 237
System Management Comma nds 4-59 4 Example Related Commands show running-confi g (4-60) Console#show startup-config building startup-config, please wait... .. ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community p[...]
-
Pagina 238
Command Line Interfa ce 4-60 4 show running-con fig This command displays the conf ig uration information curre ntly in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjuncti on with the show startup-config command to compare the inf ormation in running memory to the information stored i n non-volatil[...]
-
Pagina 239
System Management Comma nds 4-61 4 Example Related Commands show startup-con fig (4-58) Console#show running-config building running-config, please wait... .. ! phymap 00-90-cc-55-44-32 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.[...]
-
Pagina 240
Command Line Interfa ce 4-62 4 show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” on page 3-8. • The POST results should all display “PASS.” If any POST test [...]
-
Pagina 241
System Management Comma nds 4-63 4 Command Usage The session used to execute this comman d is indicated by a “*” symbol next to the Line (i.e., sessi on) index number . Example show version This command displ ays hardware and sof twa re version information for the system. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command U[...]
-
Pagina 242
Command Line Interfa ce 4-64 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configurat ion Command Usage • This switch p rovides more effi cient throughput for large sequential data transfers by supporti[...]
-
Pagina 243
Flash/File Co mmands 4-65 4 • Enabling jumbo frames will limit the maximum threshold for broad cast storm control to 64 packets pe r second. (See the switchport broadcast co mmand on page 4-114.) • The current settin g for jumbo frames can b e displayed with t he show system command (page 4-62). Example Flash/File Commands These commands are us[...]
-
Pagina 244
Command Line Interfa ce 4-66 4 • public-key - Keyword that allows you to copy a SSH key from a TFTP server. (“Secure Shel l Commands” on page 4-34) • unit - Keyword that allows you to copy to/from a unit. Default Setting None Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. ?[...]
-
Pagina 245
Flash/File Co mmands 4-67 4 The following example shows how to cop y the running configurati on to a startup file. The following example shows how to do wnload a configurati on file: This example shows how to copy a secure-site certificate from an TFTP server . It then reboot s the switch to activate the certific ate: This example shows how to copy[...]
-
Pagina 246
Command Line Interfa ce 4-68 4 delete This command deletes a file or image. Syntax delete [ un it :] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used f or system startup, then this fi le cannot be deleted. ?[...]
-
Pagina 247
Flash/File Co mmands 4-69 4 Command Usage • If you enter the command dir without a ny parameters, the system displ ays all files. • A colon (:) is required after the specified un it number. • File information is sho wn below: Example The following example shows how to di splay all file informatio n: whichboo t This command displ ays which fil[...]
-
Pagina 248
Command Line Interfa ce 4-70 4 Example This example shows the informat io n displayed by the whichboot command. See the tabl e under the dir command for a description of the fil e information displaye d by this command. boot system This command specif ies the image used to st art up the sys tem. Syntax boot system [ unit :] { boot-rom | config | op[...]
-
Pagina 249
Authentication Commands 4-71 4 Authentication Commands Y ou can confi gure this switch to authen ti cate users logging into the system for management access using l ocal or RADIUS authentication met hods. Y ou can also enable port-based au the ntication for network cli ent access using IEEE 802.1X. Authentication Sequence authentication login This [...]
-
Pagina 250
Command Line Interfa ce 4-72 4 • RADIUS and TACACS+ logon authen tication assigns a specif ic privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authenti c at ion server. • You can specif y three authentication methods in a si ngle command to indic ate the authenti cation[...]
-
Pagina 251
Authentication Commands 4-73 4 authenticati on is att empt ed on the TACACS+ serve r. I f t he TACACS+ se rv er is not available, the local user name and password is checked. Example Related Commands enable password - sets the password for changing co mmand modes (4-27) RADIUS Client Remote Authent ication Dial-in User Service (RADIUS) is a logo n [...]
-
Pagina 252
Command Line Interfa ce 4-74 4 • retransmit - Number of times the switch will try to aut henticate logon access via the RADIUS server. (Range: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting • auth-port - 1812 • timeout - 5 seco[...]
-
Pagina 253
Authentication Commands 4-75 4 Default Setting None Command Mode Global Configurat ion Example radius-server retransmit This command sets th e number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_ retries no radius-server retransmit number_of_retries - Number of times the switch will try to authentica[...]
-
Pagina 254
Command Line Interfa ce 4-76 4 Example show radius-server This command displays the current sett ings for the RADIUS server . Default Setting None Command Mode Privileged Exec Example TACACS+ Client T ermi nal Access Cont roller Access Control Syst em (T ACACS+) is a logon authenticati on prot ocol that uses soft ware running on a central server to[...]
-
Pagina 255
Authentication Commands 4-77 4 tacacs-server host This command specifies the T ACACS+ server . Use the no form to restore t he default. Syntax t acacs-server host host_ip_addre ss no t acacs-server host host_ip_address - IP address of a T A CACS+ server . Default Setting 10.1 1.12.13 Command Mode Global Configurat ion Example tacacs-server port Thi[...]
-
Pagina 256
Command Line Interfa ce 4-78 4 tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to r estore the default. Syntax t acacs-server key key_stri ng no t acacs-server key key_string - Encryption key used to authenticate log on access for the client. Do not use blank spaces in the string. (Maximum length: 20 characters) D[...]
-
Pagina 257
Authentication Commands 4-79 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stop s learning new MAC ad dresses on the speci fied port when it has reached a co nfigured maximum nu mber . Only i ncoming traf fic with source addresses already s tored in th e dynamic or st a[...]
-
Pagina 258
Command Line Interfa ce 4-80 4 Command Usage • If you enable po rt se curity, th e switch stop s l earning new MAC addre sses on the specified port when it has reached a configured maximum number. Only incoming traffi c with source addresses already s tored in the dynamic or static address table wi ll be accepted. • First use th e port security[...]
-
Pagina 259
Authentication Commands 4-81 4 802.1X Port Authentication The switch supports IEEE 802.1X (dot 1x) port-based access control that prevent s unauthorized access to the network by requiring users to first submit creden tials for authenticati on. Client authenticat ion is controlled centrall y by a RADIUS se rver using EAP (Extensible Authent ication [...]
-
Pagina 260
Command Line Interfa ce 4-82 4 dot1x default This command sets al l configurable dot1x global and port settings to their default values. Command Mode Global Configurat ion Example dot1x max-req This command sets th e maxi mum number of time s the switch port will ret ransmi t an EAP request/identity p acket to the client bef ore it times out the au[...]
-
Pagina 261
Authentication Commands 4-83 4 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows singl e or multiple hosts (cl ients) to connec t to an 802.1X-authorized port. Use the no form with no keywords to restore the defau lt to single host. Use th e no form wi th the multi-host max-count keywords[...]
-
Pagina 262
Command Line Interfa ce 4-84 4 dot1x re-authenticate This command forces re-authenticat ion on all ports or a specif ic i nterface. Syntax dot1x re-authenticate [ inte rface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) Command Mode Privileged Exec Example dot1x re-authentication This co[...]
-
Pagina 263
Authentication Commands 4-85 4 Command Mode Interface Configuration Example dot1x timeout re-authperiod This command sets the time perio d after which a connected clie nt must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-aut hperiod seconds - The number of seconds. (Range: 1-65535) Default 3600 seconds Command[...]
-
Pagina 264
Command Line Interfa ce 4-86 4 Example show dot1x This command shows general port aut henticat ion related set tings on the swit ch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port. • interface • ethernet unit / port - unit - S tack uni t . (Range: 1-8) - port[...]
-
Pagina 265
Authentication Commands 4-87 4 • 802.1X Port Details – Displays the port access control parameters for each interface, incl uding the following i te ms: - reauth-enabled – Periodic re-authentication (page 4-84). - reauth-period – Time after which a connected client must be re-authenticated (pag e 4-85). - quiet-period – T ime a port waits[...]
-
Pagina 266
Command Line Interfa ce 4-88 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mod e Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is disabled o[...]
-
Pagina 267
Access Contro l List Comman d s 4-89 4 Access Control List Commands Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filt er packets, first creat e an access list, add the required rules a[...]
-
Pagina 268
Command Line Interfa ce 4-90 4 IP ACLs access-list ip This command adds an IP access list and enters configurat ion mod e for st an dard or extended IP ACLs. Us e the no form to remove t he specif ied ACL. Syntax [ no ] access-li st ip { standard | extended } acl_name • standard – Specif ie s an ACL that filters packets based on the source IP a[...]
-
Pagina 269
Access Contro l List Comman d s 4-91 4 Command Usage • When you create a new ACL or enter co nfiguration mode for an exist ing ACL, use the permit or deny command to add ne w rules to the bottom of the li st. To create an ACL, you must add at least one rule to the list. • To remove a rule, use the no permit or no d eny command followed by the e[...]
-
Pagina 270
Command Line Interfa ce 4-92 4 Example This example configures one pe rmit rule for the specific add re ss 10.1.1.21 and another rule for the address range 168.9 2.16.x – 168.92.31.x using a bit mask. Related Commands access-list ip (4-90) permit , deny (Extende d ACL) This command adds a rule to an Extende d IP ACL. The rule sets a filt er condi[...]
-
Pagina 271
Access Contro l List Comman d s 4-93 4 Default Setting None Command Mode Extended ACL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are simi lar to a subne t mask, contai ning four inte gers from 0 to 255, each s eparated by a peri od. The binary mask uses 1 bits to indicate “match” and 0 bits to indi[...]
-
Pagina 272
Command Line Interfa ce 4-94 4 This permit s all TCP pack ets from c lass C addresses 192 .168.1.0 with t he TCP control code set to “SYN.” Related Commands access-list ip (4-90) show ip access-list This command displays the ru le s for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ acl_name ] • standard – Specifi[...]
-
Pagina 273
Access Contro l List Comman d s 4-95 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. • You must configure a mask for an ACL rule bef ore you can bi nd it to a port. Example Related Commands show ip ac[...]
-
Pagina 274
Command Line Interfa ce 4-96 4 Command Usage A packet matchi ng a rule within the specifi ed ACL is mapped to one of the output queues as s hown in the followin g table. For i nformation on mappin g the CoS values to o utput queues, see queue cos-map on page 4-171. Example Related Commands queue cos-map (4-171) show map access-list ip (4-96) show m[...]
-
Pagina 275
Access Contro l List Comman d s 4-97 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL confi guration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-li st mac acl_name acl_name – Name of the ACL. (Maximum length: 1 6 characters) Default Setting None Command Mode Global Configurat ion Comman[...]
-
Pagina 276
Command Line Interfa ce 4-98 4 Related Commands permit, deny (MAC ACL) (4-98) mac access-g roup (4-99) show mac access-l ist (4-99) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rule fi lters pac kets matching a specified MAC source or destinatio n address (i.e., p hysical layer addre ss), or Ethernet protocol ty pe. Use the no[...]
-
Pagina 277
Access Contro l List Comman d s 4-99 4 Example This rule permits p ackets from any sou rce MAC address to the destination addre ss 00-90-cc-94-34-de where the Ethernet type is 0800. Related Commands access-list mac (4-97) show mac access-list This command displays the ru le s for configured MAC ACLs. Syntax show mac access-list [ acl_name ] acl_nam[...]
-
Pagina 278
Command Line Interfa ce 4-100 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. Example Related Commands show mac access-l ist (4-99) show mac access-group This command shows the ports assigned to MAC ACL[...]
-
Pagina 279
Access Contro l List Comman d s 4-101 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS valu es to the rule. • A packet matching a rule wit hi n the specified ACL is mapped to o ne of the output queues as sho wn below. Example Related Commands queue cos-map (4-171) show map [...]
-
Pagina 280
Command Line Interfa ce 4-102 4 ACL Information show access-list This command shows all ACLs and associated rules, as well as al l the user-defi ne d masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interf ace (i.e., the ACL is active), the order i n which the rules are disp layed is determined by th e associated mask. [...]
-
Pagina 281
SNMP Commands 4-103 4 SNMP Commands Controls access to thi s switch from management st ations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the communi t y access string for the Simple Network Management Proto c ol . Use the no form to remove th e sp[...]
-
Pagina 282
Command Line Interfa ce 4-104 4 Example snmp-server contact This command set s the system cont act string. Use the no form to rem ove the system cont act informati on. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information . (Maximum length: 255 characters) Default Setting None Comm[...]
-
Pagina 283
SNMP Commands 4-105 4 Related Commands snmp-server contact (4-104) snmp-server host This command specifies the recipient of a Simple Network Manag ement Protocol notificati on operation. Use t he no form to remove the specified host. Syntax snmp-server host host-addr community-string [ version { 1 | 2c }] no snmp-server host host-addr • host-addr[...]
-
Pagina 284
Command Line Interfa ce 4-106 4 Example Related Commands snmp-server enable trap s (4-106) snmp-serv er enable traps This command enables this devi ce to send Simple Network Mana gement Protocol traps (SNMP no ti fications). Use the no form to disabl e SNMP notifications. Syntax [ no ] snmp-serve r enable traps [ authentication | link-up-down ] •[...]
-
Pagina 285
SNMP Commands 4-107 4 show snmp This command checks the st atus of SNMP communications. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage This command provides information on the commu nity access strings, counter information for SNMP input and output protocol dat a units, and whet her or not SNMP logging has been enable[...]
-
Pagina 286
Command Line Interfa ce 4-108 4 Interface Commands These commands are used to display or set co mmunication para meters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interf ace co nfiguration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-cha nn[...]
-
Pagina 287
Interface Commands 4-109 4 Command Mode Global Configurat ion Example T o sp eci fy port 24, enter t he following command: description This command adds a description t o an interface. Use the no form to remove th e description. Syntax description string no description string - Comment or a d escription to help you remember what is attached to this[...]
-
Pagina 288
Command Line Interfa ce 4-110 4 Default Setting • Auto-negotiat ion is enabled by default. • When auto-negoti ation is disabled, the default spe ed-duplex setting is 1 00half for 100BASE-TX ports and 1000full f or Gigabit Ethernet ports. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • To force operation to the[...]
-
Pagina 289
Interface Commands 4-111 4 • If autonegoti ation is disabled, auto-MDI /MDI-X pin signal configuratio n will also be disabled for the RJ-45 port s. Example The following example conf igures port 1 1 to use autonegotiation. Related Commands capabili ties (4-1 1 1 ) speed-duplex (4 -109) capabilities This command advertises the port capabilities of[...]
-
Pagina 290
Command Line Interfa ce 4-112 4 Example The following example configures Et hernet port 5 cap abilities t o 100half, 100full and flow cont rol. Related Commands negotiation (4-1 10) speed-duplex (4 -109) flowcontrol (4-1 12) flowcontrol This command enable s flow contro l. Use the no form to disable flow control. Syntax [ no ] flowcontrol Default S[...]
-
Pagina 291
Interface Commands 4-113 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-1 10) capabilities (flowcon trol, symmetri c) (4-1 1 1) shutdown This command disables an int erfac e. T o rest art a disabled interfac e, use the no form. Syntax [ no ] shut down Default Setting All interfaces are enabled. Comm[...]
-
Pagina 292
Command Line Interfa ce 4-114 4 switchport broad cast packet-rate This command confi gures broadcast storm contro l. Use the no form to disa ble broadcast storm contro l. Syntax switchport broadcast octet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., octets per second. (Range: 64-95232000) Default Setting Enabled for all[...]
-
Pagina 293
Interface Commands 4-115 4 Command Mode Privileged Exec Command Usage S tat istics are only initia lized for a power reset. This command set s the base value for displayed st atistics to zero for t he current management session. However , i f you log out and back into the manag ement interface, the statistics displayed will sh ow the absolute val u[...]
-
Pagina 294
Command Line Interfa ce 4-116 4 Example show interfaces counters This command displays inte rface statis tics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting Shows the counters for all in[...]
-
Pagina 295
Interface Commands 4-117 4 Example show interfaces switchport This command displays the admi nistrative and opera tional statu s of the specified interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (RAnge: 1-26) • port-cha nnel channel-id (Range: [...]
-
Pagina 296
Command Line Interfa ce 4-118 4 Example This example shows the configu ration setting for port 24. Console#show interfaces switchport ethe rnet 1/24 Broadcast threshold: Enabled, 32000 octets/second LACP status: Enabled Ingress rate limit: disable, Level: 30 Egress rate limit: disable, Level: 30 VLAN membership mode: Hybrid Ingress rule: Disable d [...]
-
Pagina 297
Mirror Port Commands 4-119 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion. Use the no form to clear a mirror session. Syntax port monitor in terface [ rx | tx ] no port monit or interface • interface - ethernet unit / port (source por[...]
-
Pagina 298
Command Line Interfa ce 4-120 4 Example The following example conf igures the switch to mirro r received packet s from port 6 to 1 1: show port mo nitor This command displays mirror informa ti on. Syntax show port monit or [ interface ] interface - ethernet unit / port (source port) • unit - Stack unit. (Range: 1-8) • port - Port number. (Range[...]
-
Pagina 299
Rate Limit Co mmands 4-121 4 Rate Limit Commands This function allows th e network manager to cont ro l the maximum rate for traf fic transmitted or received on an i nterface. Rate li miting is configured on interfaces at the edge of a network to limit traffic i nto or out of the network. T raf fic that f alls within the rate limit is tran smit ted[...]
-
Pagina 300
Command Line Interfa ce 4-122 4 Example rate-limit granularity Use this command to define t he rate li mit granul arity for the Fast Ethernet port s, and the Gigabit Etherne t ports. Use the no form of this command to restore the def ault setting. Syntax rate-limit { fastethernet | gigabitethernet } granularity [ granularity ] no rate-limit { faste[...]
-
Pagina 301
Link Aggregation Commands 4-123 4 Command Usage • For Fast Ethern et interfaces, the rate limit granularity can be se t to 512 Kbps, 1 Mbps, or 3.3 Mbps. • For Gigabit Ethernet interfaces, the rat e limit granulari ty is 33.3 Mbps. Example Link Aggregation Commands Ports can b e statical ly grouped into an aggregate link (i .e., trunk) to incre[...]
-
Pagina 302
Command Line Interfa ce 4-124 4 Guidelines for Cre a tin g Tru nk s General Guidelines – • Finish configuri ng port trunks b efore you connect the corresponding n etwork cables between swit ches to avoid creating a loop. • A trunk can have up to eight port s. • The ports at both ends of a connect ion must be configured as trunk ports. • A[...]
-
Pagina 303
Link Aggregation Commands 4-125 4 Example The following example creat es trunk 1 and then adds port 1 1: lacp This command enables 802.3ad Link Aggrega tion Control Protoco l (LACP) for the current inte rface. Use the no form to disable it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Conf iguration (Ethernet) Command Usage ?[...]
-
Pagina 304
Command Line Interfa ce 4-126 4 Example The following shows LACP enabled on port s 1 1-13. Because LACP has also been enabled on the port s at the other end of the links , the show in terfaces status port-cha nnel 1 command shows that T runk 1 has been established. lacp system-priority This command configures a port's LACP system priority . Us[...]
-
Pagina 305
Link Aggregation Commands 4-127 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined wit h the switch’s MAC address to form the LAG identifier. This ident ifier is used to indicate a specific LAG during LACP negotiations wit[...]
-
Pagina 306
Command Line Interfa ce 4-128 4 • Once the remote side of a link ha s been established, LACP operation al settings are already in use on that side. Configuring LACP sett ings for the partner only app li es to its administrati ve state, not its opera tional state, and will only take effe ct t he next time an aggregate link is est ablished with the[...]
-
Pagina 307
Link Aggregation Commands 4-129 4 lacp port-priori ty This command configures LACP port priori ty . Use the no form to restore th e default setting. Syntax lacp { actor | pa r t n e r } port-priority priority no lacp { actor | pa r t n e r } port-priority • actor - The local side an aggregat e link. • partner - The remote side of an aggregate l[...]
-
Pagina 308
Command Line Interfa ce 4-130 4 Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- ---------------------------------- Eth 1/ 1 --------------------------------------- ---------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Ma[...]
-
Pagina 309
Link Aggregation Commands 4-131 4 Console#show lacp 1 internal Port channel : 1 --------------------------------------- ---------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------------------------------------- ---------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Adm[...]
-
Pagina 310
Command Line Interfa ce 4-132 4 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- ---------------------------------- Partner Admin System ID : 32768, 00-0 0-00-00-00-00 Partner Oper System ID : 32768, 00-90 -CC-00-00-01 Pa[...]
-
Pagina 311
Address T able Co mmands 4-133 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearin g the t able, or setting the agi ng time. Console#show lacp sysid Port Channel System Priority Sys tem MAC Address --------------------------------------- -----------[...]
-
Pagina 312
Command Line Interfa ce 4-134 4 mac-address-table static This command maps a st atic address to a desti nat ion port in a VLAN. Use the no form to remove an address. Syntax mac-address-t able st atic mac-address interface interf ace vlan vlan-id [ ac tion ] no mac-address-t able st atic mac-address vlan vlan-id • mac-address - MAC address. • in[...]
-
Pagina 313
Address T able Co mmands 4-135 4 clear mac-address-table dynamic This command removes any learned entrie s from the forwarding databa se and clears the transmit and receive count s for any static or system configured entries. Default Setting None Command Mode Privileged Exec Example show mac-address-table This command shows classes of entries in th[...]
-
Pagina 314
Command Line Interfa ce 4-136 4 means to match a bit and “1” means to ignore a bit . For example, a mask of 00-00-00-00-00-00 mean s an exact matc h, and a mask o f FF-FF-FF-FF-FF -F F means “any.” • The maximum number of address entries is 8191. Example mac-address-table aging-time This command sets th e aging time for entrie s in th e a[...]
-
Pagina 315
Spanning Tree Commands 4-137 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. spanning-tree This command enables the S panning T ree Alg orithm globall y for the switch. Use t he no form to disable it. Sy[...]
-
Pagina 316
Command Line Interfa ce 4-138 4 an ST A-compliant switch, bridge or router) in your netwo rk to ensure that only one route exist s between any two stati ons on the network, and provide backup links which auto matically t ake over when a primary link goes down. Example This example shows how to enable the S panning T ree Algorithm for the swit ch: s[...]
-
Pagina 317
Spanning Tree Commands 4-139 4 spanning-tree forward-time This command confi gures the spanni ng tree bridge forward t ime globally fo r this switch. Use the no form to restore the defaul t. Syntax sp anning-tree forward-time seconds no spanning-tree forward-time seconds - T ime in seconds. (Range: 4-30 seconds) The minimum value is the higher of 4[...]
-
Pagina 318
Command Line Interfa ce 4-140 4 Command Usage This command sets the t ime interval (in seconds) at which the root devi ce transmits a configurati on message. Example spanning-tree max-age This command configures the sp anning tree bridge maximum age glob ally for this switch. Use the no form to restore the defaul t. Syntax sp anning-tree max-age se[...]
-
Pagina 319
Spanning Tree Commands 4-141 4 spanning-tree priority This command confi gures the span ning tree priority globally for thi s switch. Use the no form to restore the def ault. Syntax sp anning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range – 0-61440, in steps of 4096; Options: 0, 4096, 8192, 12288, 16384[...]
-
Pagina 320
Command Line Interfa ce 4-142 4 Command Usage The path cost met hod is used to determine the best p ath between devices . Therefore, lower values should be assigned to ports att ached to fast er media, and higher values assign ed to ports with slower medi a. Note that path cost (page 4-142) t akes precedence over port prio rity (page 4-143). Exampl[...]
-
Pagina 321
Spanning Tree Commands 4-143 4 Default Setting • Ethernet – ha lf duplex: 2,00 0,000; full du plex: 1,000,00 0; trunk: 500,000 • Fast Ethernet – half duplex: 2 00,000; full d uplex: 100,000; trunk: 50,000 • Gigabit Ethern et – full duplex: 10,000; trun k: 5,000 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usa[...]
-
Pagina 322
Command Line Interfa ce 4-144 4 Example Related Commands spanning-t ree cost (4-142) spanning-tree edge-port This command specifi es an interface as an edge port. Use the no form to resto re the default. Syntax [ no ] sp anning-tree edge-por t Default Setting Disabled Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage ?[...]
-
Pagina 323
Spanning Tree Commands 4-145 4 spanning-tree portfast This command sets an in terface to fast f orwarding. Use the no form to disabl e fast forwarding. Syntax [ no ] sp anning-tree port fast Default Setting Disabled Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage • This command is used to enable/di sab le th e fast [...]
-
Pagina 324
Command Line Interfa ce 4-146 4 Default Setting auto Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • Specify a po int-to-point link if the interf ace can only be connected to exac tly one other bridge , or a shared link if i t can be connected to two or more bridges. • When automatic detect ion is selected, the [...]
-
Pagina 325
Spanning Tree Commands 4-147 4 show spanning-tree This command shows the configuratio n for th e spanning tree . Syntax show sp anning-tree [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exe[...]
-
Pagina 326
Command Line Interfa ce 4-148 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: RSTP Spanning tree enabled/disabled: enab led Priority: 4096 0 Bridge Hello Time (sec.): 2 Bridge Max Age (sec.): 20 Bridge Forward Delay (sec.): 15 Root Hello Time (sec.):[...]
-
Pagina 327
VLAN Commands 4-149 4 VLAN Commands A VLAN is a group of port s that can be l ocated anywhere in the network, but communicate as though t hey belong to the same physical segme nt. This section describes commands used to create VLAN grou ps, add port members, specify how VLAN tagging is used, and enable automatic VLAN registrati on for the selected [...]
-
Pagina 328
Command Line Interfa ce 4-150 4 Example Related Commands show vlan (4-157) vlan This command config ures a VLAN. Use the no form to restore the defau lt settings or delete a VLAN. Syntax vlan vlan-id [ name vlan -name ] media ethernet [ st ate { active | suspend }] no vlan vlan-id [ nam e | st ate ] • vlan-id - ID of configured VLAN. (Range: 1-40[...]
-
Pagina 329
VLAN Commands 4-151 4 Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, whic h is used to configur e VLA N parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (R ange: 1-4094, no lead ing zeroes) Default Setting None Command Mode Global Configu[...]
-
Pagina 330
Command Line Interfa ce 4-152 4 switchport mode This command confi gures the VLAN membership mode for a port. Use the no form to restore the de fault. Syntax switchport mode { trunk | hybrid | private-vlan } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trun k. A trunk is a direct link between two swi tches, so the port[...]
-
Pagina 331
VLAN Commands 4-153 4 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage When set to receive all frame types, any received fra mes that are untagged are assigned to the def ault VLAN. Example The following example shows how to rest rict the traffic received on port 1 to tagged frames: Related Commands switchport mode (4-[...]
-
Pagina 332
Command Line Interfa ce 4-154 4 Example The following example shows how to set the interface to port 1 and then enable ingress filtering : switchport native vlan This command configures the PVID (i.e., def au lt VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Def[...]
-
Pagina 333
VLAN Commands 4-155 4 switchport allowed vlan This command confi gures VLAN groups on t he selected int erface. Use the no form to restore the de fault. Syntax switchport allowed vlan { add vlan-list [ ta g g e d | untagged ] | remove vlan-list } no switch port allowed vl an • add vlan-list - List of VLAN identifiers to add. • remove vlan-list [...]
-
Pagina 334
Command Line Interfa ce 4-156 4 switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan { ad d vlan-list | remove vlan-list } no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identi[...]
-
Pagina 335
VLAN Commands 4-157 4 show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name | private-vl an private-vlan-type ] • id - Keyword to be fo ll ow ed by the VLA N ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no le ading zeroes) • name - Keyword to be fo ll ow ed by the VLA N na m e . - vlan-name[...]
-
Pagina 336
Command Line Interfa ce 4-158 4 Configuring Private VLANs Private VLANs provide port-based security and isolation between port s within the a ssigned VLAN. This switch support s two types of private VLANs: primary/ secondary associated group s, and stan d-alone isolated VLANs. A primary VLAN contain s promiscuous port s that can communicate wi t h [...]
-
Pagina 337
VLAN Commands 4-159 4 3. Use the switchport mode private-vlan command to config ure ports as promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e., community port). 4. Use the switchport private-vlan host-association c ommand t o assign a port to a secondary VLAN. 5. Use the switchport private- vlan ma pping command to as[...]
-
Pagina 338
Command Line Interfa ce 4-160 4 an associated “primary” VLAN tha t contains promiscuous ports. When usi ng an isolated VLAN, it must be config ured to contain a single promi scuous port. • Port membership for private VLANs is stati c. Once a port has been assig ned to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP. ?[...]
-
Pagina 339
VLAN Commands 4-161 4 switchport mode private-vlan Use this command to set the private VLAN mode for an interface. Use the no form to restore the default sett ing. Syntax switchport mode private-vlan { host | promiscuou s } no switchport mo de private-vlan • host – This port type can subsequentl y be assigned to a community or isolated VLAN. ?[...]
-
Pagina 340
Command Line Interfa ce 4-162 4 Command Mode Interface Co nfiguration (Ethe rnet, Port Ch annel) Command Usage All ports assi gned to a secondary (i.e., community ) VLAN can pass traf fic between group members, but must co mmunicate with resources out side of the group via promiscuous portsin the associat ed primary VLAN. Example switchport privat [...]
-
Pagina 341
VLAN Commands 4-163 4 switchport privat e-vlan mapping Use this command to map an interface t o a pri mary VLAN. Use th e no form to remove this mapping. Syntax switchport privat e-vlan mapping prima ry-vlan-id no switchport private-vlan mapping primary-vlan-id – ID of primary VLAN. (Range: 1 -4094, no leading zeroes). Default Setting None Comman[...]
-
Pagina 342
Command Line Interfa ce 4-164 4 Example GVRP and Bridge Extension Commands GARP VLAN Registration Protoco l def ines a way for switches to exch ange VLAN information in order to automatical ly register VLAN members o n interfaces across the network. This section describ es how to enable GVRP for individual inte rfaces and globally for the switch, a[...]
-
Pagina 343
GVRP and Bridge Extension Commands 4-165 4 Example show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Enabling or Disabling GVRP (Global Setting)” on p age 3-108 and “Displaying Bridge Extensi on Cap abilities” o n p age 3-1 1 for a des cr[...]
-
Pagina 344
Command Line Interfa ce 4-166 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting Shows both global and interfa ce-specific co[...]
-
Pagina 345
GVRP and Bridge Extension Commands 4-167 4 Command Usage • Group Address Registration Protocol is used b y GVRP and GMRP to register or deregister client attri butes for client services withi n a bridged LAN. The default values fo r the GARP timers are independent of the media access method or da ta rate. These value s should not be c hanged unle[...]
-
Pagina 346
Command Line Interfa ce 4-168 4 Related Commands garp timer (4-166) Priority Commands The commands described in this secti on allow you to specify which dat a packet s have greater precedence when traf fic is bu f fered in the switch due to cong estion. This switch support s CoS with four priority queu es for each port. Dat a packet s in a port’s[...]
-
Pagina 347
Priority Commands 4-169 4 queue mode This command sets th e queue mode to strict priorit y or Weighted Round -Robin (WRR) for the class of se rvice (CoS) pri orit y queues. Use t he no form to re store the default value. Syntax queue mode { strict | wrr } no queue mode • strict - Services the egre ss queues in sequential order, trans mitting all [...]
-
Pagina 348
Command Line Interfa ce 4-170 4 Default Setting The priority is not set, and the default value for unt agged frames recei ved on the interface is zero. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchp ort pri ority. • T[...]
-
Pagina 349
Priority Commands 4-171 4 Command Mode Global Configurat ion Command Usage WRR controls bandwid th sharing at the egress port by defining scheduling weights. Example This example shows how to assign WRR weigh ts to priority queues 1 - 3: Related Commands show queue bandwid th (4-172) queue cos-map This command assigns class of servi ce (CoS) values[...]
-
Pagina 350
Command Line Interfa ce 4-172 4 Command Usage • CoS values assigned at the ingre ss port are also used at the egress port. • This command sets the CoS priority for all interfaces. Example The following example shows how to map CoS val ues 0, 1 and 2 to eg ress queue 0, value 3 to egress queue 1, va lue s 4 and 5 to egress qu eue 2 , an d values[...]
-
Pagina 351
Priority Commands 4-173 4 Example show queue cos-map This command shows the class of se rvice priority map. Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Exam[...]
-
Pagina 352
Command Line Interfa ce 4-174 4 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i .e., class of service mapping for TCP/UDP sockets). Use th e no form to disable IP port mapping. Syntax [ no ] map ip po rt Default Setting Disabled Command Mode Global Configurat ion Command Usage The precede[...]
-
Pagina 353
Priority Commands 4-175 4 map ip port (Interface Configuration) This command set IP port priority (i. e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number.(Range 1-65535) • cos-value - Class-of-Service val ue. [...]
-
Pagina 354
Command Line Interfa ce 4-176 4 Example The following example shows how to en able IP precedence mapping globa lly: map ip precedence (Interface Config uration) This command sets IP preced ence priority (i.e. , IP T ype of Service priority). Use the no form to restore the def ault tabl e. Syntax map ip preceden ce ip-precedence-value cos cos-val ue[...]
-
Pagina 355
Priority Commands 4-177 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiate d Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configurat ion Command Usage • The precedence for priority mappin g is IP Port, I[...]
-
Pagina 356
Command Line Interfa ce 4-178 4 Default Setting The DSCP default values are defi ned in the following t able. Note that all the DSCP values that are not specif ied are mapped to CoS value 0. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, a[...]
-
Pagina 357
Priority Commands 4-179 4 Default Setting None Command Mode Privileged Exec Example The following s hows that HTTP traf fic has been mapp ed to CoS value 0: Related Commands map ip port (Global Configu ration) (4-174) map ip port (Interface Config uration) (4-175) show map ip precedence This command shows the IP precedence priorit y map. Syntax sho[...]
-
Pagina 358
Command Line Interfa ce 4-180 4 Example Related Commands map ip port (Global Configu ration) (4-174) map ip precedence (Interface Conf iguration) (4-176) show map ip dscp This command shows the IP DSCP priori t y map. Syntax show map ip dscp [ in terface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. ([...]
-
Pagina 359
Multicast Filter ing Commands 4-181 4 Example Related Commands map ip dscp (Global Conf iguration) (4-177) map ip dscp (Interface Config uration) (4-177) Multicast Filtering Commands This switch uses IGMP (Internet Group Manage ment Protocol) to query for any attache d host s tha t want to rece ive a specif ic mul ticast servi ce. It identif ies th[...]
-
Pagina 360
Command Line Interfa ce 4-182 4 ip igmp snoopi ng This command enables IGMP sno opi ng on t his swi t ch. Use the no form to disab le i t. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping. ip igmp snoopi ng vlan static This command adds a port to a multic [...]
-
Pagina 361
Multicast Filter ing Commands 4-183 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping ve rsion. Use the no form to restore the default. Syntax ip igmp snoopi ng version { 1 | 2 } no ip igmp snoo ping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP V ersion 2 Command Mode Global Configurat ion Command[...]
-
Pagina 362
Command Line Interfa ce 4-184 4 Example The following s hows the current IGMP snooping configu ration: show mac-address -table multicast This command shows kn own multicast addresse s. Syntax show mac-addre ss-t able multicast [ vlan vlan-id ] [ user | igmp -snooping ] • vlan-id - VLAN ID ( 1 to 4094) • user - Displa y only the user-co nfigured[...]
-
Pagina 363
Multicast Filter ing Commands 4-185 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the swit ch as an I GMP queri er . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected.[...]
-
Pagina 364
Command Line Interfa ce 4-186 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count defines how lon g the querier waits for a respon se from a multicast cli ent before taking ac tion. If a querier has sent a number of queries defined by t his command, b ut a client ha s not responded, a countdown timer is starte[...]
-
Pagina 365
Multicast Filter ing Commands 4-187 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s. (Range: 5-25) Defau[...]
-
Pagina 366
Command Line Interfa ce 4-188 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this comma nd to take ef fect. Example The following shows how to confi gure th e default timeout to 300 seco nds: Related Commands ip igmp snooping version (4-183) Static Multicast Routing Commands ip igmp sno[...]
-
Pagina 367
Multicast Filter ing Commands 4-189 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier . Ther ef ore, if the IGMP querier is a known multicast router/swit ch connected over the network to an in terface (port or trunk) on your router , you can manually configure that interf ace to [...]
-
Pagina 368
Command Line Interfa ce 4-190 4 IP Interface Commands An IP addresses may be used for management access to the swi tch over your network. The IP address for th is switch is obtain ed via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on. Y[...]
-
Pagina 369
IP Interface Commands 4-191 4 • If you select the bootp or dhcp option, IP is en abled but wi ll not fun ction until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort to lea rn its IP address. (BOOTP and DHCP values can include t he IP address, default g ateway, and subnet mask ). • [...]
-
Pagina 370
Command Line Interfa ce 4-192 4 ip dhcp restart This command submit s a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request fo r any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires t he server to reassi[...]
-
Pagina 371
IP Interface Commands 4-193 4 show ip re directs This command shows the default gateway configured for th is device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-191) ping This command sends ICMP echo reques t p ackets to another node on the network. Syntax ping host [ size size ] [ count count ][...]
-
Pagina 372
Command Line Interfa ce 4-194 4 Example Related Commands interface (4-108) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 [...]
-
Pagina 373
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1X), HTTPS, SSH, Port Security Access Control List s IP , MAC (up to 88 lists) DHCP Client Port Configuration 100BASE-TX: 10/100 Mb ps, half/ full duplex 1000BASE-T : 10/100 Mbps at hal f/full dupl ex, 1000 Mbp s at full duplex Flow Control F[...]
-
Pagina 374
Software Specifications A-2 A Additional Featu res BOOTP client SNTP (Simple Network T ime Protoco l) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1,2,3,9) SMTP Email Alerts Management Features In-Band Management T elne t, Web-based HTTP or HTTPS, SNMP manager , or Secure Shell Out-of-Band Manageme nt RS-232 DB-9 cons[...]
-
Pagina 375
Management Inform ation Bases A-3 A Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674 ) Extensible SNMP Age nts MIB (RFC 2 742) Forwarding T able MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evoluti on MIB (RFC 2863) IP Multicasti ng relat[...]
-
Pagina 376
Software Specifications A-4 A[...]
-
Pagina 377
B-1 Appendix B: Troubleshooting Problems Accessing the Management Int erface T abl e B-1 T roubleshooting Cha rt Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the management s tation and the s witch. • Check that you have a valid network connect[...]
-
Pagina 378
T roubleshootin g B-2 B Using System Logs If a fault does occur , refer to the Install ation Guide to ensure that the probl em you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these s teps: 1. Enable logging. 2. Set the error messages reported to incl ude all categories. 3. Designate the [...]
-
Pagina 379
Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk tr af fic and restrict ac cess to certain users or devices by checking each p acket for certain IP or MAC (i.e., Laye r 2) information. Boot Protocol (BOOTP) BOOTP is used to provide boot up information fo r network devices, includin g IP address informati on, the address of the [...]
-
Pagina 380
Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automati cally over a S panning T ree net work. Generic Attribute Regi stration Protocol (GARP) GARP is a p[...]
-
Pagina 381
Glossary-3 Glossary IGMP Snooping Listening to IGMP Query and IGMP Re port packet s transferred between IP Multicast Routers and IP Multicast host group s to identif y IP Mult icast group members. IGMP Query On each subnetwork, on e IGMP-cap able device wi ll ac t as t he querier — t hat i s, the device that asks all ho sts to report on the IP mu[...]
-
Pagina 382
Glossary Glossary-4 MD5 Message-Digest Algorithm An algorithm that is used to crea te digit al signatures . It is intended for use wi th 32 bit machines and is safe r than the MD4 algori t hm, which has been broken. MD5 is a one-way hash funct ion, meaning that it takes a messag e and converts i t i nto a fixed string of digit s, also called a mess[...]
-
Pagina 383
Glossary-5 Glossary Remote Monitoring (RMON) RMON provides comprehensi ve net work monitoring cap abilities. It eliminates the polling requi red in st andard SNMP , and can set alarms on a variety of traf fic conditions, in cluding specific error types. Rapid Spanning Tr ee Protocol (RSTP) RSTP reduces the convergence time for n etwork topology c h[...]
-
Pagina 384
Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a dat agram mode for p acket-switched communi catio ns. It uses IP as the underlying transpo rt mechanism to provide access to I P-like services. UDP packet s are delivered just like IP p ackets – con nect ion-less datagrams th at may be discarded before reachi ng their target s. UDP i[...]
-
Pagina 385
Index-1 Numerics 802.1X, port authe ntication 3-49 A acceptable frame type 3-115, 4-152 Access Control List See ACL ACL Extended IP 3-58, 4-89, 4-90, 4-92 MAC 3-58, 4-89, 4-97, 4-97–4-99 Standard IP 3-58, 4-89, 4-90, 4-91 address table 3-90, 4-133 aging time 3-93, 4-136 B BOOTP 3-14, 4-190 BPDU 3-94 broadcast storm, t hreshold 3-81, 4-114 C Class[...]
-
Pagina 386
Index-2 Index IGMP groups, display ing 3-140, 4-184 Layer 2 3-135, 4-181 query 3-135, 4-185 query, Layer 2 3-136, 4-185 snooping 3-135, 4-182 snooping, config urin g 3-136, 4-181 ingress filtering 3-115, 4-153 IP address BOOTP/DHCP 3-14, 4-190, 4-192 setting 2-5 , 3-1 2 , 4- 190 IP precedence enabling 3-129, 4-174, 4-175 mapping priorities 3-129, 4[...]
-
Pagina 387
Index-3 Index Q queue weights 3-127, 4-170 R RADIUS, logon a uthentication 4-73 rate limits, setting 3-8 3, 4-121 remote logging 4-46 restarting th e s y st e m 3-30, 4-22 RSTP 3-93, 4-138 global configuratio n 3-94, 4-138 S secure sh ell 3-42, 4- 34 Secure Shell configuration 3-42, 4-37 serial port configur ing 4-10 Simple Network Ma nagement Prot[...]
-
Pagina 388
Index-4 Index W Web interface access requirements 3-1 configuration but tons 3-3 home page 3-2 menu lis t 3-4 panel display 3-3[...]
-
Pagina 389
[...]
-
Pagina 390
GSW-2692 E072006-R01[...]