Go to page of
Similar user manuals
-
Switch
Accton Technology ES4548C
426 pages 7.39 mb -
Switch
Accton Technology ES3008
2 pages 0.18 mb -
Switch
Accton Technology 12se
21 pages 1.05 mb -
Switch
Accton Technology 3016P
19 pages 0.92 mb -
Switch
Accton Technology ES4524M-POE
60 pages 1.48 mb -
Switch
Accton Technology ES4524C
426 pages 7.39 mb -
Switch
Accton Technology ES3628EA
62 pages 1.51 mb -
Switch
Accton Technology VM2524
72 pages 1.89 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Accton Technology ES3528M-SFP, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Accton Technology ES3528M-SFP one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Accton Technology ES3528M-SFP. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Accton Technology ES3528M-SFP should contain:
- informations concerning technical data of Accton Technology ES3528M-SFP
- name of the manufacturer and a year of construction of the Accton Technology ES3528M-SFP item
- rules of operation, control and maintenance of the Accton Technology ES3528M-SFP item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Accton Technology ES3528M-SFP alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Accton Technology ES3528M-SFP, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Accton Technology service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Accton Technology ES3528M-SFP.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Accton Technology ES3528M-SFP item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
P owered by Accton www .edge-core.com Manage ment G uide ES3528M -SFP Fast Et hernet Swi tch[...]
-
Page 2
[...]
-
Page 3
Manage ment Guide Fast Ethernet Switch Laye r 2 Workgr oup Switch with 24 1 00BASE-B X (SFP) P orts, 2 1000B ASE-T (RJ -45) and 2 Com bination G igabit (RJ -45/SFP) P orts[...]
-
Page 4
ES352 8M-SFP E12200 7-DG-R0 1 1491000 35500A[...]
-
Page 5
v About This Gui de Purp ose This guide gives specific information on how to operate and use the management functions of the s witch. Audience The guide is intended for use by network admin istrators who are responsible for operating and maintaining net work equipment; consequently , it assume s a basic working knowledge of general switch functions[...]
-
Page 6
vi[...]
-
Page 7
i Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem Def aults 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uration O ptions 2-1 Requi red Connect ions 2-2 Remo te Co nnect ions 2-3 Basi c Confi gurati on 2-3 Conso le Conn ection 2-3 Setting Pa sswords 2-4 Sett ing[...]
-
Page 8
Contents ii Savi ng or Resto ring Con figuration Setting s 3-21 Downloa ding Confi guration Se ttings from a Server 3-22 Console Port Setti ngs 3-23 Telnet Setti ngs 3-25 Confi guring Eve nt Loggin g 3-28 Displ aying Lo g Messages 3-28 System Log Configurati on 3-28 Remot e Log Confi guration 3-30 Simple M ail Trans fer Protoco l 3-31 Resettin g th[...]
-
Page 9
Contents iii Config uring the SSH Se rver 3-74 Generati ng the Hos t Key Pair 3-75 Importing User Pub lic Keys 3-76 Config uring Port Se curity 3-80 Config uring 802 .1X Port Authen tication 3-81 Displayi ng 802 .1X Globa l Settings 3-83 Config uring 802.1 X Global Settings 3-83 Config uring Port Set tings for 8 02.1X 3-84 Displayi ng 802.1X Statis[...]
-
Page 10
Contents iv Setting S tatic Addre sses 3-133 Disp laying the Ad dress Tab le 3-134 Chang ing the Ag ing Time 3-136 Spanning Tree Algori thm Config uration 3-136 Displ aying Global S ettin gs 3 -138 Confi guring Gl obal Setti ngs 3-141 Displ aying Inter face S ettin gs 3-14 4 Confi guring Interfac e Settings 3-147 Confi guring Mu ltiple Spa nning Tr[...]
-
Page 11
Contents v Selectin g the Que ue Mode 3-195 Setting the Servic e Weight for Traffic C lasse s 3-1 95 Layer 3/ 4 Priority Se ttings 3-196 Mapping Layer 3/4 Priorities to CoS Values 3-196 Enabling IP DSCP Priority 3-197 Mapping DSCP Priority 3-198 Quality of Service 3-199 Config uring Quali ty of Servi ce Parame ters 3-200 Config uring a C lass Ma p [...]
-
Page 12
Contents vi Cluster M ember Con figuration 3-242 Cluster M ember In formation 3-243 Cluster C andida te Informat ion 3-243 UPnP 3 -245 UPnP C onfi gurati on 3-24 5 Chapter 4: Comma nd Line Interfa ce 4-1 Using the Comm and Line I nterface 4-1 Acces sing the CL I 4-1 Cons ole Connec tion 4-1 Telnet Co nnection 4-2 Entering C ommands 4-3 Keywo rds an[...]
-
Page 13
Contents vii reload 4- 24 reload c ancel 4-24 show relo ad 4-25 end 4- 25 exit 4- 26 quit 4- 26 System M anageme nt Comm ands 4-27 Devic e Designa tion Comm ands 4-27 prompt 4- 27 hostnam e 4-28 Banner 4- 28 banner c onfigure 4-29 banner c onfigur e company 4-30 banner c onfigure dc -power-info 4-31 banner c onfigur e departme nt 4-31 banner c onfi[...]
-
Page 14
Contents viii ip ssh s ave ho st-key 4- 52 show ip ssh 4-52 show ss h 4-53 show pub lic-key 4-54 Event Lo gging Commands 4-55 logging on 4-55 logging histo ry 4-56 logging host 4-57 logging facility 4-57 loggi ng tr ap 4-5 8 clear lo gging 4 -58 show log ging 4-59 show log 4-60 SMTP Alert Comma nds 4-61 logging send mail hos t 4-61 logging send mai[...]
-
Page 15
Contents ix jumbo fra me 4-84 Flash/ File Comman ds 4-85 copy 4- 85 delete 4- 88 dir 4-89 whic hboot 4-90 boot syste m 4-90 Authen tication Comm ands 4-91 Authentic ation Seq uence 4-91 authentic ation lo gin 4-92 authentic ation en able 4-93 RADIUS Client 4-94 radius-s erver host 4-95 radius-serv er acct-por t 4-95 radius-serv er auth-port 4-96 ra[...]
-
Page 16
Contents x dot1x p ort-control 4-114 dot1x o peration-m ode 4-115 dot1x re -authentic ate 4-115 dot1x re -authentic ation 4-116 dot1x ti meout qui et-period 4-1 16 dot1x ti meout re-a uthperiod 4-117 dot1x ti meout tx -period 4-117 dot1 x intrus ion- actio n 4-11 8 show dot1 x 4-118 Network Ac cess – MA C Address Authenticatio n 4-121 network -ac[...]
-
Page 17
Contents xi ip acce ss-group 4-143 show ip a ccess-group 4-144 MAC ACLs 4-144 access -list ma c 4-145 permit, d eny (MAC ACL) 4-146 show mac access -list 4-147 mac acces s-group 4-148 show mac access -group 4-148 ACL I nform ation 4-14 9 show access- list 4 -149 show acc ess-group 4-1 49 SNMP Comma nds 4-150 snmp- server 4 -151 show sn mp 4-151 snm[...]
-
Page 18
Contents xii Link Agg regatio n Comman ds 4-180 channe l-group 4-181 lacp 4 -182 lacp sy stem-pr iorit y 4-18 3 lacp a dmin-key (Etherne t Interface ) 4-184 lacp a dmin-key (Por t Channel) 4-185 lacp p ort-priority 4-186 show l acp 4- 186 Address Tab le Commands 4-190 mac-ad dress-tab le static 4-190 clear m ac-address -table dyn amic 4-191 show ma[...]
-
Page 19
Contents xiii show lld p info remote-devic e 4-213 show lld p info statistics 4-213 UPnP Comman ds 4-215 upnp de vice 4-2 15 upnp de vice ttl 4-216 upnp de vice adv ertise du ration 4-216 show upn p 4-217 Spanning Tree Comma nds 4-217 spanni ng-tree 4-2 18 spanni ng-tree mod e 4-219 spanni ng-tree forw ard-time 4-220 spanni ng-tree hel lo-time 4-22[...]
-
Page 20
Contents xiv vlan da tabase 4-242 vlan 4-2 43 Configuri ng VLAN In terfaces 4-2 44 inter face vlan 4-244 switchpo rt mode 4-245 switchpo rt accept able-frame -types 4-246 switchpo rt ingress -filtering 4-246 switchpo rt native vlan 4-247 switchpo rt allo wed vlan 4-248 switchpo rt forbidde n vlan 4-249 Display ing VLAN Inform ation 4-250 show vla n[...]
-
Page 21
Contents xv match 4-2 74 policy -map 4-2 75 class 4-2 76 set 4 -277 police 4-2 77 service -policy 4-2 78 show cla ss-ma p 4-279 show p olicy-map 4-279 show p olicy-map i nterface 4-280 Voice VLAN Comm ands 4-280 voice vl an 4-281 voice vl an aging 4-282 voice vl an mac-addres s 4-282 switchp ort voice vlan 4-283 switchp ort voice vlan r ule 4-284 s[...]
-
Page 22
Contents xvi show ip igmp pr ofile 4-302 show ip igmp thrott le inte rface 4-303 Multic ast VLAN Regis tration C ommands 4-304 mvr (Glob al Confi guration) 4-3 04 mvr (Int erface Confi guration) 4-305 show m vr 4-30 7 IP Interface Comm ands 4-309 ip addr ess 4-309 ip defa ult-gate way 4-310 ip dhcp rest art 4-31 1 show i p inte rface 4 -311 show ip[...]
-
Page 23
Contents xvii Appendix B: Troub leshooting B-1 Problems Accessing the Ma nagement Int erface B-1 Using Sys tem Logs B-2 Glossa ry Index[...]
-
Page 24
Contents xviii[...]
-
Page 25
xix Tabl es Table 1-1 Key Featu res 1-1 Table 1-2 System Defaults 1-6 Table 3-1 Configura tion Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-29 Table 3-5 Supported Notification Me ssages 3-47 Table 3-6 HTTPS Syste m Support 3-69 Table 3-7 802.1X Statistic s 3-87 Table 3-8 LACP Port Counters 3-120 Table 3-9 LACP Inte rnal Config ura[...]
-
Page 26
T ables xx Table 4-2 8 File Dire ctory Info rmation 4-89 Table 4-2 9 Authe ntication Command s 4-91 Table 4-3 0 Authe ntication Sequence 4-91 Table 4-31 RADIUS Client Comm ands 4-94 Table 4-3 2 TACACS Comma nds 4-98 Table 4-3 4 Port Se curity Comma nds 4-111 Table 4-3 5 802.1X Po rt Authentic ation 4 -112 Table 4-3 6 Network Acces s 4-121 Table 4-3[...]
-
Page 27
T ables xxi Table 4-74 Multic ast Filter ing Comma nds 4 -287 Table 4-75 IGMP Snoopi ng Com mands 4-287 Table 4-76 IGMP Query Command s (Layer 2 ) 4-292 Table 4-77 Static Multicast Routing Comma nds 4-295 Table 4-78 IGMP Fi ltering an d Throttlin g Command s 4-297 Table 4-79 Multic ast VLAN Regis tration C ommands 4-304 Table 4-80 show mvr - displa[...]
-
Page 28
T ables xxii[...]
-
Page 29
xxiii Figu res Figure 3-1 Home Page 3-2 Figure 3-2 Panel Displa y 3-3 Figu re 3- 3 S ystem Info rmati on 3 -12 Figure 3-4 Switch Informatio n 3-14 Figure 3-5 Bridge Extension Configurati on 3-15 Figure 3-6 Manual IP Configu ration 3-17 Figure 3-7 DHCP IP Configuration 3-18 Figure 3-8 Jumbo F rames C onfigurati on 3-19 Figure 3-9 Copy F irmware 3-20[...]
-
Page 30
Figures xxiv Figure 3-4 3 AAA Accoun ting Summary 3-66 Figure 3-44 AAA Authorization Setti ngs 3-67 Figure 3-45 AAA Authorization Exec Settin gs 3-68 Figure 3-46 AAA Authorization Summa ry 3-6 9 Figu re 3- 47 HTTPS Setti ngs 3 -70 Figu re 3- 48 HTTPS Setti ngs 3 -71 Figu re 3- 49 SSH S erver S etti ngs 3- 74 Figure 3-5 0 SSH Host-Ke y Settings 3-76[...]
-
Page 31
Figures xxv Figu re 3- 88 Confi guri ng Span ning T ree 3-1 43 Figure 3-89 Displayi ng Spanni ng Tree Port Informa tion 3- 146 Figure 3-90 Configu ring Spann ing Tree pe r Port 3-149 Figure 3-91 Configu ring Mul tiple Spann ing Trees 3 -150 Figure 3-92 Displayi ng MSTP Interface Settings 3-152 Figure 3-93 Displayi ng MSTP Interface Settings 3-155 F[...]
-
Page 32
Figures xxvi Figure 3-1 33 Static M ulticast Router Po rt Configurati on 3-218 Figure 3-1 34 IP Mu lticast Re gistration Table 3 -219 Figure 3-1 35 IGMP Mem ber Port Tabl e 3-220 Figure 3-1 36 Enabl ing IGMP Filtering and Throttl ing 3-221 Figure 3-1 37 IGMP Prof ile Conf iguration 3-223 Figure 3-1 38 IGMP Fi lter and Th rottling Port Configu ratio[...]
-
Page 33
1-1 Chapter 1: Introduction This switc h provides a b road range of fe atures for Layer 2 switching. It inc ludes a manage ment agent th at allows you t o configure th e features listed in this manua l. The defau lt configurat ion can be used for most of the feat ures provide d by this switch . However , there ar e many option s that you sho uld co[...]
-
Page 34
Introduction 1-2 1 Description of Software F eatures The sw itch prov ides a w ide range of adva nced pe rformance enhanc ing features . Flow cont rol eliminate s the loss of packets due t o bottlenecks caused by po rt satura tion. Broadcast storm suppr ession preven ts broadcast tra f fic stor ms from engu lfi ng th e n etwor k. Port -bas ed an d [...]
-
Page 35
Description of So ftware Feature s 1-3 1 Rate Limiting – This feat ure controls the maximu m rate for traffic receiv ed on an interface . Rate limitin g is configure d on interface s at the edge of a network to li mit traffic into the netw ork. Pac kets that e xceed the acceptabl e amount of traffic ar e dropped . Port Mirroring – The swi tch c[...]
-
Page 36
Introduction 1-4 1 seconds or mo re for the older IEEE 802.1D STP st andard. It is intended as a complet e replacemen t for STP , but can still in teroperate wi th switches r unning the older standa rd by automat ically reconfig uring ports to STP-com pliant mod e if they detect S TP prot ocol mess ages fro m attached devices. Multiple Spanning T r[...]
-
Page 37
Description of So ftware Feature s 1-5 1 Multicast Filte ring – S p ecific multicas t traffic can be assign ed to its own VLAN to ensure t hat it does not inter fere with norm al network traf fic an d to guarantee real-time delivery by setting t he required priority l evel for the designate d VLAN. T he switch uses IGMP Snoo ping and Que ry to ma[...]
-
Page 38
Introduction 1-6 1 System Defaults The switc h’s system defaul t s are pr ovided in the co nfiguration file “Fact ory_Defau lt_Config. cfg.” To rese t the switch defau lts, this file s hould be set as the start up configurati on file (page 3-2 1). The f ollo wing t abl e list s so me of th e basic sy stem defaul t s. T ab le 1-2 S ystem Defau[...]
-
Page 39
System Default s 1-7 1 Port Conf iguration Admin St atus Enabled Auto-neg otiation Enabl ed Flow Con trol Disabled Rate Limi ting Input limits Disabled Port Trunking Sta tic T runks None LACP (all ports) Disabled Broa dca st Sto rm Protection Status Enabled (all port s) Broadcas t Limit Rat e 64 kbits per s econd Span nin g T ree Algorithm Status E[...]
-
Page 40
Introduction 1-8 1 System L og Status Enabled Message s Logged Levels 0- 6 (all) Message s Logged to Flash Levels 0- 3 SMTP Em ail Alerts Event Ha ndler Enabled (but no se rver define d) SNTP Clock Synchroni zation Disabled NTP Clock Synchroni zation Disabled DHCP Sn ooping Status Disabled IP Source Guard Status Disabled (all por ts) IP Clusteri ng[...]
-
Page 41
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a buil t-in network m anagement agent. The ag ent offers a variety of m anagement options, i ncluding S NMP , RM ON (Groups 1, 2, 3 , 9) and a web-base d interface . A PC may also be con nected directl y to the switch for configur ation and mo[...]
-
Page 42
Initial Configur ation 2-2 2 • Configu re up to 8 static or LACP trunks • Enable po rt mirroring • Set br oadcast s torm c ontrol on any po rt • Displa y system inform ation and st atistics Required Connections The switch pr ovides an RS -232 serial por t that enables a co nnection t o a PC or termin al for monitoring an d configur ing the [...]
-
Page 43
Basic Co nfiguration 2-3 2 Remote Connections Prior to accessing the sw itch’s onboard agent v ia a net work conn ection, y ou must fi rst c onf igure it w ith a val id I P add ress , su bnet mask, and defa ult g atewa y us ing a console connection, DHCP or BOO TP protocol. The IP address f or this switch is obtained via DHCP by default. T o manu[...]
-
Page 44
Initial Configur ation 2-4 2 Setting Passwords Note: If this is yo ur first time to lo g into the CLI program, y ou should define new passwords for both default user names us ing the “u sername” command, record them and put them in a safe place . Passwo rds can consist of up to 8 alphanu meric cha racters and ar e case sensiti ve. T o pre vent [...]
-
Page 45
Basic Co nfiguration 2-5 2 Before y ou can assign an IP address to th e switch, you m ust obtain the fol lowing inform ation from your net work admi nistrator: • I P addr ess fo r the sw itch • Default ga teway for the ne twork • Network mask for thi s network T o assig n an IP address to the switch, complete th e following steps: 1. From the[...]
-
Page 46
Initial Configur ation 2-6 2 5. W ait a few minutes, an d then check the I P configurat ion settings by t yping the “show ip int erface” com mand. Pre ss <Enter>. 6. Then save y our config uration chang es by typing “co py running-co nfig startup-co nfig.” Enter the start up file name and pr ess <Enter >. Enabling SNMP Managemen[...]
-
Page 47
Basic Co nfiguration 2-7 2 The defa ult s tri ngs are: • public - with re ad-only access. A uthorized manageme nt statio ns are o nly able t o ret rieve MIB obje cts. • private - w ith read- write acces s. Author ized manag ement st ations are able to both ret rieve and modify MIB obje cts. T o preve nt unautho rized access to the swi tch from [...]
-
Page 48
Initial Configur ation 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re managem ent access for SNMPv3 cli ents, you need to first create a view tha t defines the po rtions of M IB that the cli ent can read or write, assig n the view to a group , and then assign the user to a group . The following ex ample creat es one view calle[...]
-
Page 49
Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memory supp ort s th ree type s of syste m fi les t hat can be mana ged by the CLI program, web interface, or SNMP . The switch’ s file system allows files to be upload ed and downlo aded, cop ied, deleted, a nd set as a start-up file. The thre e types of files are: • Co[...]
-
Page 50
Initial Configur ation 2-10 2[...]
-
Page 51
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch provi des an em bedded HT TP web ag ent. Usin g a web browser yo u can configur e the switch and view statistics to m onitor networ k activity . The web agent can be acce ssed by any computer on the network usi ng a standard web browser (Interne t Explorer 5.0 or a bove,[...]
-
Page 52
Configuri ng the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-brow ser interfac e you must first enter a user nam e and password . The admin istrator has Read/Write access to all configur ation parame ters and statisti cs. The defaul t user name an d password for the admini strator is “ad min.” Home Page When you r web [...]
-
Page 53
Panel Displa y 3-3 3 Configurati on Options Configu rable parame ters have a dialo g box or a drop-down list. O nce a conf iguration change ha s been mad e on a page, be sure to cl ick on the Appl y button to conf irm the new set ting. The followi ng table summ arizes the web page c onfiguration buttons. Notes: 1. To ensure proper screen ref resh, [...]
-
Page 54
Configuri ng the Switch 3-4 3 Main Menu Using th e onboard web ag ent, you can de fine system parameters, ma nage and contro l the switch, and a ll its ports, or monitor netw ork condition s. The followi ng table briefly des cribes the sel ections avai lable from th is program. T ab le 3-2 Ma in Menu Menu Descr iption Page System 3-12 System Inform[...]
-
Page 55
Main Menu 3-5 3 Remote E ngine ID Sets the S NMP v3 e ngine ID for a remo te device 3-43 Users Configure s SNMP v 3 users on thi s switch 3-4 3 Remo te Us ers Confi gur es SNMP v3 use rs fr om a rem ote devi ce 3-45 Grou ps Conf igu res SN MP v3 gr oups 3-46 View s Confi gures SNMP v3 vie ws 3 -49 Security 3-5 1 User Acco unts Assigns a new passwo [...]
-
Page 56
Configuri ng the Switch 3-6 3 Informatio n Displays global c onfiguratio n settings for 802.1X P ort authentic ation 3-83 Configura tion Config ures the g lobal conf iguration setti ngs 3-83 Port Conf iguration Sets p arameters for individual ports 3-84 Statistics Displays p rotocol sta tistics for the select ed port 3-87 Web Auth entication 3-88 C[...]
-
Page 57
Main Menu 3-7 3 Port Neig hbors Info rmation Displays s ettings an d operatio nal state f or the remote side 3-124 Port Broa dcast Con trol Sets the b roadcast storm thre shold for e ach port 3-125 Trunk Bro adcast Co ntrol Sets t he broadc ast storm t hreshold for e ach trunk 3 -125 Mirror Port Configura tion Sets t he source and target po rts for[...]
-
Page 58
Configuri ng the Switch 3-8 3 GVRP Sta tus Enabl es GVRP on t he switch 3 -158 802.1Q T unnel Configura tion Enables 8 02.1Q (Q inQ) Tunneling 3-170 Basic Info rmation Displa ys informa tion on the VLAN type s upported b y this switc h 3-15 9 Current T able Shows the cu rrent port mem bers of each VL AN and whether or not the po rt is tagge d or un[...]
-
Page 59
Main Menu 3-9 3 Remote Port Informatio n Displays L LDP inform ation abo ut a remote d evice conn ected to a port on this switch 3-187 Remote Trunk Informat ion Dis plays LLD P informat ion about a re mote devic e connect ed to a trunk on this switc h 3-187 Remote In formation Details Displays detailed LLDP inf ormation a bout a remote device conne[...]
-
Page 60
Configuri ng the Switch 3-10 3 Static Multica st Router Port Configura tion Assigns ports that are atta ched to a neighborin g multicas t router 3-21 7 IP Multicast Reg istration Table Displays a ll multicas t groups a ctive on this s witch, inclu ding multicast IP address es and VL AN ID 3-218 IGMP Memb er Por t Tabl e Indic ates multi cast addr e[...]
-
Page 61
Main Menu 3-11 3 Membe r Co nfig urat ion A dds sw itch Memb ers to the cl us ter 3-242 Member I nformation Displa ys cluster Member sw itch informati on 3-243 Candidate Informati on Displays netw ork Cand idate switc h information 3-243 UPNP 3-245 Configura tion Enabl es UPNP a nd defines tim eout valu es 3 -245 T able 3 -2 Mai n Menu (Cont inued [...]
-
Page 62
Configuri ng the Switch 3-12 3 Basic Configuration Displaying Syste m Information Y o u can easily id entify the syst em by display ing the device name, loca tion and contac t informati on. Field Attributes • Syst em Name – Name assi gned to the swit ch system. • Object ID – MIB II object ID for switch’s netw ork manage ment subs ystem. ?[...]
-
Page 63
Basic Co nfiguration 3-13 3 CLI – S peci fy th e ho stnam e, l ocat ion and co nt act infor mat ion. Displaying Switch Hardware/ Software Versions Use the Sw itch Inform ation page to displa y hardware/ firmware ve rsion number s for the main board and management soft ware, as well as the power status of the s ystem. Field Attributes Main Boar d [...]
-
Page 64
Configuri ng the Switch 3-14 3 We b – Click System, Switch Information. Figure 3-4 Switch I nformatio n CLI – Use the foll owing comm and to displ ay version infor mation. Console#show version 4-83 Unit 1 Serial number: Hardware version: EPLD Version: 4.04 Number of ports: 28 Main power status: Up Redundant power status: Not present Agent (mast[...]
-
Page 65
Basic Co nfiguration 3-15 3 Displaying Bridge Extensi on Capabilities The Bridg e MIB includes ex tensions for m anaged dev ices that suppor t Multicast Fil ter ing, T raf fic Cl asses , and Vi rtu al L ANs. Y ou can acces s the se ex tens ions to dis play def ault se tti ngs for t he key va riabl es. Field Attributes • Extended Multicast Filteri[...]
-
Page 66
Configuri ng the Switch 3-16 3 CLI – Enter the fo llowing comm and. Setting the Switch’s IP Address Thi s sect ion desc ri bes how to conf igur e an IP int erf ace for manage ment ac ces s over the netwo rk. The IP address for th e stack is obtained via DHCP b y default. T o manuall y configure an address, you need to change the switch’s defa[...]
-
Page 67
Basic Co nfiguration 3-17 3 Manual Co nfiguration We b – Click Syst em, IP Configur ation. Select the VLAN through whi ch the manage ment station is attached , set the IP Addr ess Mode to “St atic,” ent er the IP address , subnet mask and gateway , then click Ap ply . Figure 3-6 Manu al IP Conf iguration CLI – S pecify the manageme nt inter[...]
-
Page 68
Configuri ng the Switch 3-18 3 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gured by thes e serv ices . We b – Click Syst em, IP Configur ation. S pecify the VLAN to which the m anagement statio n is attached, set the IP Address Mode to DHCP or BOO TP . Click Apply to save[...]
-
Page 69
Basic Co nfiguration 3-19 3 We b – If the a ddress assigned by DHCP i s no longer functio ning, you will not be able to rene w the IP settings v ia the web inter face. Y ou can only restart DHC P service vi a the web interf ace if the curre nt address is st ill available. CLI – Enter t he following command t o rest art DHCP service. Enabling Ju[...]
-
Page 70
Configuri ng the Switch 3-20 3 • File Na me – The file name shoul d not contain slashes ( or / ), the leadi ng letter of the file n ame sh ould not be a period (.), and t he maximu m length f or file na mes on the TFTP ser ver is 127 char acters or 31 char acters for files on t he switch. (Val id cha ract ers: A -Z, a-z, 0-9, “. ”, “-”[...]
-
Page 71
Basic Co nfiguration 3-21 3 T o delete a fi le, select Syst em, File, Delete. Sele ct the file na me from the given li st by checki ng the tick box and click Apply . Not e that t he file currently designat ed as the startup code cannot be deleted. Figure 3-1 1 Deletin g Files CLI – T o downlo ad new firmw are form a TFTP se rver , e nter the IP a[...]
-
Page 72
Configuri ng the Switch 3-22 3 - tftp to f ile – Copies a f ile from a TFTP serve r to the switch . - tftp to r unning-config – Copies a file from a TFTP server to the r unning confi g. - tftp to sta rtup-config – Copies a file from a TFTP s erver to the star tup config. • TFTP Server IP Address – The IP address o f a T FTP server . • F[...]
-
Page 73
Basic Co nfiguration 3-23 3 Note: You can also select any c onfiguration file as the start-up configuration by using the System/File/Set Start-Up page. Figure 3 -13 Settin g the Star tup Config uration Setti ngs CLI – Enter the IP ad dress of the TFTP server, specify the s ource file on the ser ver , set the startup file name on th e switch, and [...]
-
Page 74
Configuri ng the Switch 3-24 3 system interface beco mes silen t for a specified am ount of time (s et by the Silen t Time para meter) before allowing the ne xt logon attem pt. (Range: 0-120; Default: 3 att empt s) • Sile nt T ime – Sets the amo unt of time the manageme nt console is inac cessible after the numbe r of unsucce ssful logon at tem[...]
-
Page 75
Basic Co nfiguration 3-25 3 CLI – Enter Line Co nfiguration m ode for the con sole, then spe cify the conne ction parameter s as required. T o di splay the curr ent console po rt settings, u se the show line command from the Norma l Exec level . Telnet Set tings Y ou ca n access t he onboard con figuration pr ogram over th e network using T elnet[...]
-
Page 76
Configuri ng the Switch 3-26 3 • Password Threshold – Sets the password intrus ion threshold, which limits the number of failed log on attempts. W hen the logon attempt t hreshold is re ached, the system interface beco mes silen t for a specified am ount of time (s et by the Silen t Time para meter) before allowing the ne xt logon attem pt. (Ra[...]
-
Page 77
Basic Co nfiguration 3-27 3 CLI – Enter Line Co nfigurati on mode for a virtua l terminal, the n specify the connection parameters as requir ed. T o display the current virtual termi nal setti ngs, use the sho w line comma nd fr om the No rmal Ex ec lev el . Console(config)#line vty 4-13 Console(config-line)#login local 4-13 Console(config-line)#[...]
-
Page 78
Configuri ng the Switch 3-28 3 Configuring Event Logging The sw itch allows y ou to cont rol the l ogging of er ror messag es, includ ing the typ e of events that are re corded in switc h memory , lo gging to a remote Sy stem Log (sysl og) server, and disp lays a list of rec ent event mes sages. Displaying Log Me ssages The Logs page al lows you to[...]
-
Page 79
Basic Co nfiguration 3-29 3 The Sys tem Logs page allow s you to config ure and limit sys tem messa ges that are logged to flash or RA M memory . The def ault is for eve nt levels 0 to 3 to be log ged to flash and l evels 0 to 6 to be logg ed to RAM. Command Attributes • Syst em Log St at us – Enables /disables the logging of debug or error mes[...]
-
Page 80
Configuri ng the Switch 3-30 3 CLI – Enable system logg ing and then specify the level of messa ges to be log ged to RAM an d flash memory . Use the show lo ggin g command to display the curr ent settings . Remote Log Configuration The Remot e Logs page allow s you to config ure the loggin g of messages t hat are sent to sysl og servers or other [...]
-
Page 81
Basic Co nfiguration 3-31 3 We b – Click Sy stem, Log, Remo te Logs. T o ad d an IP address to the Host IP List, type the new IP address in the Host IP Addres s box, and the n click Add. T o de lete an IP addr ess, click the ent ry in the Host IP List, and then cl ick Remove . Figure 3 -18 Rem ote Logs CLI – Enter the sy slog server hos t IP ad[...]
-
Page 82
Configuri ng the Switch 3-32 3 • Debuggin g – Sends a debu gging notif ication. (Leve l 7) • Infor mation – Sends info rmatative n otification only . (Level 6 ) • Notice – Sends notif ication of a normal b ut significant condition, s uch as a cold star t. ( Level 5) • War ni ng – S ends noti fic ation of a warn ing condi tio n suc h[...]
-
Page 83
Basic Co nfiguration 3-33 3 CLI – Enter the ho st ip addres s, followed by the mail severity le vel, source an d destinat ion email addr esses and e nter the sendm ail comma nd to complete t he action. Us e the show logg ing command to display SM TP information. Resetting the Syste m This feat ure restarts the sy stem. Y ou ca n reboot the s yste[...]
-
Page 84
Configuri ng the Switch 3-34 3 CLI – Us e th e reload comma nd to restart the sw itch. When prompted, co nfirm that you wan t to reset the sw itch. Note: When restarting the system, it will al ways run the Power-On Self-Test. It will also retain all configuration info rmation stored in non-volatile mem ory (See “Sa ving or Restoring Configurati[...]
-
Page 85
Basic Co nfiguration 3-35 3 Figure 3- 21 SNTP Configura tion CLI – This examp le configure s the switch to oper ate as an SNTP unicast client an d then displ ays the curren t time and set tings. Configuring NTP The NTP c lient allows yo u to configure u p to 50 NTP se rvers to poll f or time updat es. Y ou c an also enable authe ntication to ensu[...]
-
Page 86
Configuri ng the Switch 3-36 3 • Authen ticate K ey – Spec ifies the numb er of the key in the NT P Authentication Ke y List to use for authenticat ion with the conf igured serve r. The authe ntication key must matc h the key c onf igur ed o n the N TP s erver . • Key Number – A number t hat spec ifies a ke y value in the NTP Authentica tio[...]
-
Page 87
Basic Co nfiguration 3-37 3 CLI – Th is ex ampl e co nfig ures the swit ch t o ope rate as a n NTP cli ent and t hen displays the curr ent settings. Setting the T ime Zone SNT P uses Coor dina ted Unive rsal T i me (o r UTC, for merl y Gre enwic h Mea n T ime, or GMT) ba sed on the time at the Earth’s prime meridi an, zero degre es longitude , [...]
-
Page 88
Configuri ng the Switch 3-38 3 We b – Select SNTP , Clock T ime Zone. Set the of fset for y our time zone r elative to the UTC u sing either a pred efined or cust om definition, and click Appl y . Figur e 3- 23 Set ting t he Sys tem Cl ock CLI - This exampl e shows how to set the time zone for the sys tem clock us ing one of the pred efined time [...]
-
Page 89
Simple Networ k Management Protoco l 3-39 3 Access to the switch using f rom clients using SN MPv3 prov ides additiona l security features that cover mes sage integ rity , authen tication, and enc ryption; as we ll as cont rol lin g use r ac cess t o sp ecifi c ar eas of th e MIB tre e. The SNMP v3 secur ity structur e consists of secu rity mode ls[...]
-
Page 90
Configuri ng the Switch 3-40 3 • Community S tring – A commun it y stri ng that acts like a pa sswor d and pe rmi ts access t o the SNMP proto col. De faul t s trin gs: “public” (rea d-only), “pri vate” (read/w rite) Range: 1-32 characters, case sensitive • Access Mode - Read-Only – Specifies r ead-only a ccess. Author ized managem [...]
-
Page 91
Simple Networ k Management Protoco l 3-41 3 • Trap Version – Spe cifies wheth er to send notifications as SNMP v1, v2 c, or v3 traps. (Th e default is ve rsion 1.) • Trap Security Le vel – Specifies th e security level. • Enable Aut hentication Trap s – Issues a trap m essage wh enever an inv alid commu nit y st ring is s ubmi tted duri[...]
-
Page 92
Configuri ng the Switch 3-42 3 We b – Click SNMP , Agent S tatus. Figure 3-26 Ena bling SNM P Agent Statu s Configuring SNMPv3 Management Access T o config ure SNMP v3 man agem ent acce ss to t he swit ch, foll ow thes e step s: 1. If you wan t to change the de fault engine ID, it must be cha nged first befo re configur ing other param eters. 2. [...]
-
Page 93
Simple Networ k Management Protoco l 3-43 3 We b – Click SNMP , SNMPv3, Engine ID. Figure 3-2 7 Setting an Engin e ID Specifying a Remote Engin e ID T o send in form messa ges to an SNMPv 3 user on a rem ote device, yo u must first specify t he engine ident ifier for the SNM P agent on the r emote device where the user resid es. The remot e engin[...]
-
Page 94
Configuri ng the Switch 3-44 3 • Group Name – The name of the SNMP group to which th e user is assign ed. (Ran ge: 1- 32 cha rac ters ) • Model – Th e user secur ity model; SNM P v1, v2c or v3. • Level – The security level use d for the user: - noAuthNoPri v – There is no authe ntication or en cryption use d in SNMP comm unications. ([...]
-
Page 95
Simple Networ k Management Protoco l 3-45 3 We b – Click SNMP , SNM Pv3, Users. Click New to conf igure a user nam e. In the New Us er page, define a nam e and assign it to a gr oup, then cli ck Add to save the configur ation an d return t o the U ser Nam e list. T o delet e a u ser , check the box n ext to the user n ame, then click Delete. T o [...]
-
Page 96
Configuri ng the Switch 3-46 3 user res ides. The remot e engine ID is use d to compute th e security diges t for aut hent icat ing and en cry pting pa cket s sent t o a u ser on the remo te h ost. Command Attributes • User Name – The name of user c onnecting to the S NMP ag ent. (Ran ge: 1- 32 cha rac ters ) • Group Name – The name of the [...]
-
Page 97
Simple Networ k Management Protoco l 3-47 3 Command Attributes • Group Name – The name of the SNMP group to which th e user is assign ed. (Ran ge: 1- 32 cha rac ters ) • Model – Th e user secur ity model; SNM P v1, v2c or v3. • Level – The security level use d for the group: - noAuthNoPri v – There is no authe ntication or en cryption[...]
-
Page 98
Configuri ng the Switch 3-48 3 linkUp 1.3.6.1. 6.3.1.1.5. 4 A li nkUp trap signifies that the SNMP entity , acting in a n agent ro le, has de tected that th e ifOperSta tus object for one of its communic ation links left the do wn state and transitione d into som e other st ate (but not in to the notPre sent state ). This oth er state is indicated [...]
-
Page 99
Simple Networ k Management Protoco l 3-49 3 We b – Click SNMP , SNMPv3, Groups. Click New to configur e a new group. In th e New G roup page, define a na me, assi gn a secur ity model and lev el, and the n select read and write views. Click Add t o save the new group and return to the Groups list. T o delete a gr oup, check t he box next to the g[...]
-
Page 100
Configuri ng the Switch 3-50 3 • Type – Indica tes if the object identifier of a branc h within the MIB t ree is included or excluded from the SNMP view. We b – Click SNMP , SNMPv 3, V iews. Click New to configure a new view . In the New View page, defi ne a name an d specify O ID subtre es in the switc h MIB to be i ncluded or excluded in th[...]
-
Page 101
User Authenticati on 3-51 3 User Authentication Y o u can configur e this switch to au thentica te users loggi ng into the sys tem for manage ment acces s using local or remote authen tication met hods. Port-b ased authenti cation using IEE E 802.1X can al so be configur ed to control eithe r manage ment acces s to the uplink por ts or client acces[...]
-
Page 102
Configuri ng the Switch 3-52 3 We b – Click Sec urity , User Ac counts. T o configu re a new user acc ount, specify a user nam e, select the use r ’ s acc ess level, then e nter a password an d confirm i t. Click Add to save the new us er account and add it to the Acc ount List. T o change the password for a specific us er , ente r the user nam[...]
-
Page 103
User Authenticati on 3-53 3 Configuring Local/Remote Logon Authentication Use the Authent ication Setti ngs menu to res trict mana gement a ccess bas ed on specifie d user n ames and passwo rds. Y ou can manu ally configu re acc ess righ t s on the swit ch, or yo u ca n use a re mote acces s aut hent ica tion ser ver ba sed on RAD IUS or T A CACS+ [...]
-
Page 104
Configuri ng the Switch 3-54 3 Command Attributes • Authen tication – Sel ec t the aut hent icat ion, or a uthe nti cati on s equen ce requi red : - Local – User authenticatio n is performed only locally by the switch. - Radi us – Use r authentication is performed us ing a RADIUS server only . - TACACS – Use r authentication is performed [...]
-
Page 105
User Authenticati on 3-55 3 We b – Click Securit y , Authentication Settings. T o configure local or remo te authenti cation prefe rences, sp ecify the authen tication se quence (i.e. , one to three methods), fill in t he parameters f or RADIUS or T ACACS+ authentication if s elected, and click Ap ply . Figure 3- 34 Authen tication S ettings[...]
-
Page 106
Configuri ng the Switch 3-56 3 CLI – S pecify all th e required paramet ers to enable logon authen tication. Console(config)#authentication login radi us 4-92 Console(config)#radius-server auth-port 1 81 4-96 Console(config)#radius-server key green 4-96 Console(config)#radius-server retransmit 5 4-97 Console(config)#radius-server timeout 10 4-97 [...]
-
Page 107
User Authenticati on 3-57 3 Configuring Encry ption Keys The Enc ryption Key feat ure provides a c entral location f or the manage ment of all RADIUS and T ACACS+ server encryption keys. Command Attributes • RADIUS Settings - Global – Provides g lobally appl icable RADIU S encryption key settings. - ServerIndex – Speci fies one of five RADIUS[...]
-
Page 108
Configuri ng the Switch 3-58 3 AAA Authorization and Accounting The Auth enti cati on, aut hori zati on, a nd accou nti ng (A AA) feat ure provi des t he m ain framew ork for conf iguring acc ess control o n the switch. The three s ecurity funct ions can be sum marized as f ollows: • Authent ication — Iden tifies users t hat request acc ess to [...]
-
Page 109
User Authenticati on 3-59 3 Configuring AAA RADIUS Group Settings The AAA RAD IUS Group Set tings screen defi nes the config ured RADIUS servers to use for acco unting and au thorization . Command Attributes • Group Name - Defi nes a name for t he RADIUS ser ver group. (1- 255 character s) • Server Index - Spefie s the RADIUS server and seq uen[...]
-
Page 110
Configuri ng the Switch 3-60 3 We b – Click Secur ity , AAA , T ACAC S+ Group Settin gs. Enter the T ACA CS+ group name, followed by the n umber o f the s erver , then cl ick Add. Figure 3- 37 AAA T ACACS+ G roup Setti ngs CLI – S pecify the group name for a list of T ACAC S+ servers , and then speci fy the index numb er of a T AC ACS+ serve r [...]
-
Page 111
User Authenticati on 3-61 3 We b – Click Secur ity , AAA, Accounting, Settings. T o con figure a new acco unting metho d, specify a met hod name and a g roup name, th en click Add. Figure 3 -38 AAA A ccountin g Settings CLI – S pecify the accounting method requi red, followed by the chosen para meters. Console(config)#aaa accounting dot1x tps s[...]
-
Page 112
Configuri ng the Switch 3-62 3 AAA Accounting Up date This featu re sets the interval a t which accou nting updates are sent to acco unting serv ers. Command Attributes Periodic Updat e - Specifies the inter val at which th e local account ing service updates informa tion to the acc ounting serve r. (Rang e: 1-2147 483647 minutes; Def ault : Di sab[...]
-
Page 113
User Authenticati on 3-63 3 We b – Click Secur ity , AAA , Accounting, 802 .1X Port Settings. Enter the required account ing method an d click Apply . Figure 3-4 0 AAA Ac counting 802.1X P ort Settings CLI – S pecify the accounting method to apply t o the selected interface. AAA Accounting Exec Command Privileges This feat ure specifies a m eth[...]
-
Page 114
Configuri ng the Switch 3-64 3 We b – Click Secur ity , AAA , Accounting, C ommand Privi leges. Enter a defi ned metho d name for conso le and T elnet pr ivilege levels . Click Apply . Figure 3 -41 AAA Accountin g Exec Co mmand Priv ileges CLI – S pecify the accounting m ethod to use for console and T e lnet privilege l evels. Console(config)#l[...]
-
Page 115
User Authenticati on 3-65 3 AAA Accounting Exec Settings This featu re specifies a m ethod name to apply to cons ole and T elnet connections. Command Attributes Method Na me - Specifies a user defined met hod name to appl y to console and Telnet c onnection s. We b – Click Security , AAA, Accou nting, Exec Settings. Enter a defined method name fo[...]
-
Page 116
Configuri ng the Switch 3-66 3 We b – Click Security , AAA , Summary . Figur e 3- 43 AAA Accoun ting Summar y CLI – Use the foll owing comm and to displ ay the current ly applied acc ounting metho ds, and register ed users. Console#show accounting 4-110 Accounting Type : dot1x Method List : default Group List : radius Interface : Method List : [...]
-
Page 117
User Authenticati on 3-67 3 Authorization Settings AAA authoriza tion is a feature th at verifies a user has acc ess to specific services. Command Attributes • Method Na me – Specifies an authorization method for se rvice requests . The “ defa ult ” met hod is us ed for a re ques ted se rvi ce i f no ot her meth ods h ave be en defined. (Ra[...]
-
Page 118
Configuri ng the Switch 3-68 3 Authorization EXEC Settings This featu re specifies an au thorization method nam e to apply to con sole and T el net connect ions. Command Attributes Method Na me - Specifies a user -defined m ethod name to appl y to console and Telnet c onnection s. We b – Click Secur ity , AAA , Authorization, Exec Settings. Ente [...]
-
Page 119
User Authenticati on 3-69 3 We b – Click Secur ity , AAA , Authorization, Sum mary . Figure 3-46 AAA Authoriza tion Sum mary Configuring HTTPS Y ou ca n configur e the switch to e nable the Secur e Hypertext Transfer Proto col (HTTPS ) over the Secu re Socket Lay er (SSL), prov iding secure access (i.e., an encrypt ed connec tion) to the sw itch?[...]
-
Page 120
Configuri ng the Switch 3-70 3 • Change HTTPS Po rt Number – Specifies the UDP port number u sed for HTTPS connect ion to the switch ’s web inter face. (Defau lt: Port 443) We b – Click Security , H TTPS Setti ngs. Enable HTTPS and specify th e port numb er , then cli ck Apply. Figure 3-47 HTT PS Setting s CLI – This examp le enables the [...]
-
Page 121
User Authenticati on 3-71 3 • Source Certificate File Name – Speci fies the na me of ce rtificate fil e as stor ed on the TFTP serve r. • Source Private File Name – Specif ies the name of the private key f ile as stored on the TFTP ser ver. • Private Pas sword – The pa ssword for the pr ivate key file. We b – Click Security , HTTPS Se[...]
-
Page 122
Configuri ng the Switch 3-72 3 SSH-enabl ed manage ment station clien t s, and en sures that data traveling over t he net work ar riv es unal ter ed. Note: You need to install an SSH client on the management station to access the switch for management v ia the SSH protocol. Note: The switch supports both SSH Version 1.5 and 2.0 clients. Command Usa[...]
-
Page 123
User Authenticati on 3-73 3 4. Set the Optio nal Paramete rs – On the SSH Settings pa ge, configure the optional parameters, includ ing the authent ication timeou t, the number of retries, and the se rver key size. 5. Enable SSH Service – On the SSH Sett ings page, enabl e the SSH server on the switch . 6. Authen tication – One o f the follow[...]
-
Page 124
Configuri ng the Switch 3-74 3 Configuring the SSH Server The SSH se rver include s basic setti ngs for authent ication. Field Attributes • SSH Server Status – Allo ws you to enable/d isable the SSH server on the switch . (Def aul t: D isab led) • Version – The Secu re S hell vers ion number . Ve rsi on 2.0 is d isp laye d, b ut th e switch[...]
-
Page 125
User Authenticati on 3-75 3 CLI – This examp le enables SSH, sets the authen tication paramete rs, and displays the cur rent configu ration. It shows th at the ad ministrator h as made a connec tion via SHH, and then disables th is connection. Generatin g the Host Key Pa ir A host pub lic/private ke y pair is used to p rovide sec ure commun icati[...]
-
Page 126
Configuri ng the Switch 3-76 3 We b – Click Securit y , SSH, Host-Key Settings. Sel ect the host-key type f rom the drop-down b ox, select the option to save the host key f rom memory to fla sh (if required ) prior to generat ing the key , an d then click G enerate. Figure 3 -50 SSH Host-Key Settings CLI – Th is e xampl e ge nera tes a hos t-ke[...]
-
Page 127
User Authenticati on 3-77 3 not exist on the switch, SSH will revert to t he interactiv e password auth entication mechani sm to complete authen tication . Field Attributes • Public-Key of user – The RS A and DSA pub lic keys for the select ed user. - RSA: The first field indic ates the size of th e host key (e.g., 1024), the seco nd field is t[...]
-
Page 128
Configuri ng the Switch 3-78 3 We b – Click Securit y , SSH, SSH User Public-Key Settings. Se lect the user name and the pu blic-key type from the respective drop- down boxes, inp ut the TFTP se rver IP addres s and the publi c key source file na me, and the n click Copy P ublic Key . Figure 3-5 1 SSH U ser Public -Key Setting s[...]
-
Page 129
User Authenticati on 3-79 3 CLI – Th is ex ampl e im port s an SSH v2 DSA pub lic k ey fo r th e us er adm in and th en displays admin’s importe d public keys . Console#copy tftp public-key 4-85 TFTP server IP address: 192.168.1.254 Choose public key type: 1. RSA: 2. DSA: <1-2>: 2 Source file name: admin-ssh2-dsa-pub.key Username: admin T[...]
-
Page 130
Configuri ng the Switch 3-80 3 Configuring Port Security Port securit y is a feature that allows you to co nfigure a switch port with one or mor e device MA C addresse s that are autho rized to acc ess the netw ork through th at port. When por t security is ena bled on a port, the switch stops lear ning new MAC address es on the speci fied port whe[...]
-
Page 131
User Authenticati on 3-81 3 We b – Click Security , Po rt Security . Set the action to take when an invalid address is detected o n a port, mark t he checkbox i n the S tatus column to enable securi ty for a port, set the maxim um numb er of MAC a ddresses al lowed on a port, and click Apply . Figure 3- 52 Config uring Por t Security CLI – This[...]
-
Page 132
Configuri ng the Switch 3-82 3 This switch uses the Extensible Authentic ation Protocol over LANs (EA POL) to exchan ge authent ication protocol message s with t he client, an d a remot e RADIUS authenti cation se rver to verify user ide ntity a nd access rights . When a clie nt (i.e., Supplican t) connects to a swi tch p ort, th e swi tch (i.e., A[...]
-
Page 133
User Authenticati on 3-83 3 Displaying 802 .1X Global Settings The 802. 1X pro toc ol pr ovi des c lien t au then tica tio n. Command Attributes • 802.1X Sy stem Authenti cation Control – The global settin g fo r 80 2.1X. We b – C lick Security , 80 2.1X, Informatio n. Figure 3 -53 802. 1X Global Informati on CLI – Th is ex ampl e sh ows th[...]
-
Page 134
Configuri ng the Switch 3-84 3 We b – Select Secur ity , 80 2.1X, Conf iguration. En able 802.1X globally for the switch, and click Ap ply . Figur e 3- 54 802. 1X Gl obal C onfig ura tion CLI – Th is e xampl e en able s 802 .1X gl obally for t he s witc h. Configuring Port Se ttings for 802 .1X When 802 .1X is enabl ed, you need to con figure t[...]
-
Page 135
User Authenticati on 3-85 3 • Re-authent ication Period – Set s the time per iod after whi ch a c onn ecte d cli ent must be r e-aut hent ic ated. (Ran ge: 1-655 35 s econd s; De faul t: 3 600 seconds) • Tx Perio d – Sets the time period d uring an a uthenticatio n session tha t the sw itch waits before re-transmitting an EAP packet. ( Rang[...]
-
Page 136
Configuri ng the Switch 3-86 3 CLI – This examp le sets the 802.1X parameters on port 2. For a description of the addition al fields displa yed in this examp le, see “show dot1x” on page 4-1 18. Console(config)#interface ethernet 1/2 4-166 Console(config-if)#dot1x port-control aut o 4-114 Console(config-if)#dot1x re-authenticatio n 4-116 Cons[...]
-
Page 137
User Authenticati on 3-87 3 Display ing 802.1X Statistics Thi s swit ch c an di spl ay st ati sti cs fo r do t1x pr otoc ol e xch anges for any po rt. T able 3-7 802.1X St atistics Paramete r Descrip tion Rx EAPO L Start T he numbe r of EAPO L Start frames that have been rec eived by this A uthentica tor . Rx EAPO L Logoff T he numbe r of EAPOL L o[...]
-
Page 138
Configuri ng the Switch 3-88 3 We b – Sel ect Securit y , 802. 1X, S tatistics. Selec t the require d port and then cli ck Query . Click Refresh to upd ate the statis tics. Figure 3-5 6 Displa ying 802.1 X Port Statis tics CLI – This examp le displays the 8 02.1X statistics for port 4. Web Authenticatio n Web authenti cation allow s stations to[...]
-
Page 139
User Authenticati on 3-89 3 Notes: 1. MAC authent ication, web authentication, 802.1X, and port sec urity cannot be configured together on the same port. Only one security mechanism can be applied. 2. RADIUS authentication m ust be activa ted and configured properly for the web authentication feature to work pr operly. (S ee “Configuring Local/Re[...]
-
Page 140
Configuri ng the Switch 3-90 3 CLI – This examp le globally enables the syst em authen tication cont rol, configur es the sess ion timeout, quiet period and logi n attempts, and dis plays the co nfigured global par ameters. Configuring We b Authenticatio n for Ports W eb aut hen ticat ion is co nfi gured on a per- port bas is. The foll owin g p a[...]
-
Page 141
User Authenticati on 3-91 3 CLI – This examp le enables web authenticat ion for etherne t port 1/5 and display s a summ ary of web auth entication parame ters. Displaying Web Authentication Port Information This switc h can displa y web authent ication inform ation for all po rts and connected hosts. Command Attributes • Inter face – Indicate[...]
-
Page 142
Configuri ng the Switch 3-92 3 We b – C lick Security , Web Authent ication, Port Informa tion. Figure 3- 59 Web A uthentica tion Port I nformation CLI – This examp le displays we b authenticat ion parameters f or port 1/5. Re-authentic ating Web Authe nticated Ports The switc h allows an adm inistrator to m anually force re -authenticat ion of[...]
-
Page 143
User Authenticati on 3-93 3 CLI – This examp le forces the r e-authentica tion of all hosts conne cted to port 1/ 5. Network Access – MAC Address Authent ication Some dev ices connec ted to switch po rts may not be able to support 802 .1X authenti cation due to ha rdware or softwar e limitations. This is oft en true for devices such as net work[...]
-
Page 144
Configuri ng the Switch 3-94 3 Configuring the MAC Authentica tion Reauthentic ation Time MAC ad dress authe ntication is conf igured on a pe r-port basis, how ever there ar e two conf igurable paramet ers that appl y globally to all po rts on the switch. Command Attributes • Authen ticated Age – The se cure MAC ad dress table ag ing time. This[...]
-
Page 145
User Authenticati on 3-95 3 • Maximum MAC Count – Sets the max imum numb er of MAC addr esses that can be authen ticated on a port . The maximu m number of MA C addresses per port is 2048, and the maximu m number of se cure MAC a ddresses sup ported for th e switch system is 1024 . When the limi t is reached, al l new MAC add resses are tre ate[...]
-
Page 146
Configuri ng the Switch 3-96 3 CLI – This examp le configure s MAC authen tication for po rt 1. Configuring Port L ink Detection The Port Lin k Detection feature can sen d an SNMP trap and/or shut down a port when a lin k event occurs. Command Attributes • Port – Ind icates the port b eing confi gured. • Status – Co nfigures wh ether Link[...]
-
Page 147
User Authenticati on 3-97 3 We b – Click Security , Network Acces s, Port Link Det ection Config uration. Modif y the S tat us, Con dit ion an d Acti on. Cl ick Ap ply . Figure 3-6 3 Networ k Access Port Link De tection Co nfiguratio n CLI – This exa mple configu res Port L ink Detection to send an SNMP trap for all link events on por t 1. Disp[...]
-
Page 148
Configuri ng the Switch 3-98 3 • Attribute – Indicates a st atic or dynam ic address. • Remove – Click the Remov e button to remo ve selected MAC address es from the secure M AC addres s table. We b – Click Security , Network Access, MAC Address Information. Restrict the displaye d address es by port, MAC Ad dress, or att ribute, then sel[...]
-
Page 149
Acces s Con trol Li sts 3-99 3 • Status – Indicat es whet her MAC A uthenticat ion is enab led or di sabled for the port. See “Conf iguring MAC Au thentication for Por ts” on page 3-94 . The following parame ters are unava ilable for mod ification if MAC Authenticati on is not enable d for the port . • Max MAC Count – The ma ximum allow[...]
-
Page 150
Configuri ng the Switch 3-100 3 Configuring Access Contr ol Lists An ACL is a seq uential list of permi t or deny condi tions that apply to IP addresses , MAC ad dresses, or ot her more sp ecific criteria. This switch tes ts ingress or egr ess packet s against the c onditions in an ACL o ne by one. A pack et will be accepted as soon as i t matches [...]
-
Page 151
Acces s Con trol Li sts 3-101 3 Figure 3- 66 Select ing ACL T ype CLI – This examp le creates a stand ard IP ACL nam ed david. Configuring a Standard IP ACL Command Attributes • Action – An ACL can con tain any comb ination of perm it or deny rules . • Address Typ e – Specifies the sour ce IP addr ess. Use “ Any” to include a ll possi[...]
-
Page 152
Configuri ng the Switch 3-102 3 Figure 3 -67 Conf iguring St andard IP ACLs CLI – This examp le configure s one permit rul e for the specific address 10.1 .1.21 and anoth er rule for the add ress range 1 68.92.16.x – 16 8.92.31. x using a bitmas k. Configuring an Extended IP ACL Command Attributes • Action – An ACL can con tain any comb ina[...]
-
Page 153
Acces s Con trol Li sts 3-103 3 • Control Code – Decim al number (re presenting a bit str ing) that specif ies flag bits in b yte 14 of th e TCP h ead er. ( Range : 0- 63) • Control Code Bit Mask – De cimal number representin g the code bits t o match. The con trol bitm ask is a decima l number (for an e quivalent binary b it mask) that is [...]
-
Page 154
Configuri ng the Switch 3-104 3 We b – Specify the action ( i.e., Permit or D eny). S pecify the sou rce and/or destinat ion addresses . Select the ad dress type (Any , Host, or IP) . If you select “Host,” enter a specific address. I f you s elect “IP ,” e nter a s ubnet ad dress and the mask for an address rang e. Set any other required [...]
-
Page 155
Acces s Con trol Li sts 3-105 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any comb ination of perm it or deny rules . • Source/D estination Add ress Type – Use “Any” to include al l possible ad dresses, “Host” to ind icate a specif ic MAC addre ss, or “MAC” t o specify an addr ess range with the Add[...]
-
Page 156
Configuri ng the Switch 3-106 3 We b – Specify the action ( i.e., Permit or D eny). S pecify the sou rce and/or destinat ion addres ses. Select the ad dress type (A ny , Host, or MAC ). If you select “Host,” enter a s pecific ad dress (e.g. , 1 1-22- 33-44-55- 66). If y ou select “ MAC,” en ter a base addr ess and a hex adecimal bit mask [...]
-
Page 157
Acces s Con trol Li sts 3-107 3 Command Attributes • Port – Fix ed port or SFP mod ule. (Range: 1-2 8) • IP – Specifies the IP ACL to bi nd to a port. • MAC – Specifies t he MAC ACL to bind t o a port. • IN – ACL f or ingr ess packe ts. We b – Click Secur ity , ACL, Port Binding. Clic k Edit to open the c onfiguration page for the[...]
-
Page 158
Configuri ng the Switch 3-108 3 an entry to a filter list, access to that interfa ce is restricted to the specified address es. • If anyone t ries to access a manageme nt interface on t he switch from an invalid address , the switch wi ll reject the conne ction, enter an e vent messa ge in the system lo g, and send a trap message to the trap mana[...]
-
Page 159
Acces s Con trol Li sts 3-109 3 We b – C lick Security , I P Filter . Enter the IP ad dresses or ran ge of address es that are allowe d managem ent access to an i nterface, and cl ick Add Web IP Filtering Entry to upd ate the filter list. Figure 3 -71 Creat ing an IP Filter List CLI – This examp le allows SNM P access for a sp ecific client. Co[...]
-
Page 160
Configuri ng the Switch 3-110 3 Port Configuration Displaying Connect ion Status Y o u can use the Port Information or T runk Inform ation pages to di splay the curr ent connect ion status, including link state, s peed/du plex mode , flow control, a nd auto-n egotiation. Field Attributes (Web) • Name – Inte rface labe l. • Type – Indi cates[...]
-
Page 161
Port Conf igur at ion 3-111 3 Field Attributes (CLI) Bas ic Info rma tion : • Port type – Indicate s the port type. (100BASE-FX , 1000BASE-T, or SFP) • MAC address – The physi cal layer add ress for this por t. (To access t his item on the web, see “Setting the Swi tch’s IP Address ” on page 3-16.) Conf igur at ion: • Name – Inte [...]
-
Page 162
Configuri ng the Switch 3-112 3 CLI – This exam ple shows the co nnection st atu s for Port 5. Configuring I nterface Connections Y ou can use the Port C onfigurati on or Trunk Conf iguration page to ena ble/disable an interface, set auto-negot iation and the in terface capabilitie s to advertise, or manually fix the spe ed, duplex mod e, and flo[...]
-
Page 163
Port Conf igur at ion 3-113 3 (Default : Autonegotiati on enabled; Adve rtised capab ilities for 100BAS E-FX – 100full; 1000BA SE-T – 10half, 10full, 100half, 100full, 1000full; 1000BASE- SX/ LX/ LH – 1000 full ) • Media Type – M edia type used for the c ombo p orts. (Opti ons: Copp per-Force d, SFP-Forced , or SFP-Preferred-Auto; Default[...]
-
Page 164
Configuri ng the Switch 3-114 3 Creating Tr unk Groups Y o u can create mu ltiple links bet ween devices that work as o ne virtual, aggr egate link. A por t trunk offers a drama tic increase in bandwidth for net work segmen ts where b ottlenec ks exist, a s well a s prov iding a f ault-tolerant link bet ween tw o devices . Y ou can c reate up to ei[...]
-
Page 165
Port Conf igur at ion 3-115 3 Statically Configuring a Trunk Command Usage • When co nfiguring static trunk s, you m ay not be able to link sw itches of dif ferent types , dependi ng on the man ufacturer’s implemen tation. H owever, note th at the static trunks on th is switch are Cisc o EtherChann el compatible. • To avoid cr eating a loop i[...]
-
Page 166
Configuri ng the Switch 3-116 3 CLI – This exampl e crea tes tru nk 2 wi th port s 1 and 2. Just connec t thes e port s to two static trun k ports on anothe r switch to form a trunk. Enabling LACP o n Selected Ports Command Usage • To avoid cr eating a loop in the network, be s ure you enabl e LACP befor e connecting the ports, and also d iscon[...]
-
Page 167
Port Conf igur at ion 3-117 3 Command Attributes • Member Li st ( Current ) – Shows con figured trunks (Port). • New – Inc ludes entry fie lds for creating ne w trunks. - Port – Port i dentifier. (Rang e: 1-28) We b – Click Port, L ACP , C onfiguration . Select any of the sw itch ports from the scroll-dow n port list and c lick Add . Af[...]
-
Page 168
Configuri ng the Switch 3-118 3 CLI – The follo wing examp le enables LA CP for ports 1 to 6. Ju st connect these ports to LACP -enabled trunk po rts on another sw itch to form a trunk . Configuring LACP Pa rameters Dynami cally Creating a Por t Channel – Ports assigne d to a common po rt channel must meet the f ollowing crit eria: • Ports mu[...]
-
Page 169
Port Conf igur at ion 3-119 3 - Sys tem priority is com bined with t he switch’s M AC address to form the LAG ide ntif ier . Th is id enti fie r is used to i ndic ate a spec if ic LAG duri ng L ACP negotiat ions with othe r systems. • Admin Key – The LACP admini str ation key mus t be set to t he same va lue f or port s that belon g to the sa[...]
-
Page 170
Configuri ng the Switch 3-120 3 CLI – The followi ng example co nfigures LAC P parameters for ports 1-4. Ports 1-4 are used as active mem bers of the LAG . Displaying LACP Port Co unters Y o u can display stati stics for LACP protocol mes sages. Console(config)#interface ethernet 1/1 4-166 Console(config-if)#lacp actor system-prio rity 3 4-183 Co[...]
-
Page 171
Port Conf igur at ion 3-121 3 We b – Click Port, L ACP , Port Coun ters Informatio n. Select a member po rt to display the corres ponding info rmation. Figure 3-7 7 LACP - Port Cou nters Informa tion CLI – The followi ng example di splays LAC P counters . Mark er Unk now n Pkts Number of fr ames recei ved t hat ei ther (1) Ca rry t he S low Pr [...]
-
Page 172
Configuri ng the Switch 3-122 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can display co nfiguration s ettings and th e operationa l state for the loca l side of an link aggreg ation. T ab le 3-9 LA CP Intern al Configurat ion Inform ation Field Descr iption Oper Key Curren t operational value of th e key for the aggregati on po[...]
-
Page 173
Port Conf igur at ion 3-123 3 We b – Click Port, LACP , Port Internal In formation. Sele ct a port c hannel to displa y the corres ponding info rmation. Figure 3 -78 LACP - Port Inte rnal Infor mation CLI – The followi ng example di splays the LAC P configura tion settings and operat ional state for the local side of port chan nel 1. Console#sh[...]
-
Page 174
Configuri ng the Switch 3-124 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can display co nfiguration s ettings and th e operationa l state for the remot e side of an link ag gregation. We b – Click Port , LACP , P ort Neighbors Info rmation. Select a port channel to display t he correspo nding informa tion. Figure 3-7 9 LACP [...]
-
Page 175
Port Conf igur at ion 3-125 3 CLI – The followi ng example di splays the LAC P configura tion settings and operat ional state for the rem ote side of port ch annel 1. Setting Broadcast Storm Thresholds Broadca st storms m ay occur whe n a device on yo ur network is m alfunctioni ng, or if applicat ion program s are not well des igned or prope rly[...]
-
Page 176
Configuri ng the Switch 3-126 3 We b – Click Port, Port/T runk Broadcast Control. Set the threshol d, mark the Enabled field for the des ired interfac e and c lick Apply . Figure 3- 80 Port B roadcast Control CLI – S pecify any i nterface, an d then enter th e threshold. The f ollowing disab les broadca st storm contr ol for port 1, and t hen s[...]
-
Page 177
Port Conf igur at ion 3-127 3 Configuring Port Mirroring Y o u can mirror traffic fro m any source port to a target port for re al-time anal ysis. Y ou can then attach a logic an alyzer or RM ON probe to the target port and s tudy the traffic cros sing the source port in a com pletely u nobtrusive manner . Command Usage • Monitor port speed shou [...]
-
Page 178
Configuri ng the Switch 3-128 3 Configuring Rat e Limits This funct ion allows the net work manag er to control th e maximum rat e for traffic received on a port or transm itted from a port. Rate limiti ng is configured on ports at the edge o f a network to lim it traffic coming in and o ut of the networ k. Packets that exceed th e acceptable am ou[...]
-
Page 179
Port Conf igur at ion 3-129 3 Showing Port Statistics Y o u can display stan dard statistics on ne twork traffic from the Interfaces Group and Ethernet- like MIBs, as we ll as a detailed breakd own of traffic based on the RMON MIB. Inter faces and Et hernet-like statist ics display err ors on the traffic passing throug h each port. This i nformatio[...]
-
Page 180
Configuri ng the Switch 3-130 3 Transmit D iscarded Pac kets The number o f outbou nd packets which w ere cho sen to be discarded even though no errors ha d been de tected to pre vent their b eing trans mitted. One poss ible reaso n for disca rding such a p acket cou ld be to fr ee up buffer spa ce. Transmit Errors The nu mber of outb ound pack ets[...]
-
Page 181
Port Conf igur at ion 3-131 3 Received Frames Th e total num ber of fra mes (bad, bro adcast an d multicas t) received. Broadcas t Frames The to tal number of good fram es receive d that were d irected to the broadcas t address. Note that this does not include mu lticast pac kets. Multicast Frames Th e total num ber of go od frames rec eived that w[...]
-
Page 182
Configuri ng the Switch 3-132 3 We b – Click Port , Port S t atis tics. Select the requ ired interfac e, and click Query . Y ou can also use the Refres h button at the bot tom of the page to upd ate the scre en. Figure 3-8 3 Port St atistics[...]
-
Page 183
Address T abl e Settings 3-133 3 CLI – Th is ex ampl e sh ows s tat isti cs f or po rt 13. Address Table Settings Switche s store the addre sses for all know n devices. This informat ion is used to pass traffic directly betw een the inboun d and outbo und ports. All the addr esses learn ed by monito ring traffic are stored in the dynamic addr ess[...]
-
Page 184
Configuri ng the Switch 3-134 3 We b – Click Add ress T able, Static Addresses. S p ecify the interf ace, the MAC addr ess and V LAN, t hen clic k Add S tatic Addr ess . Figure 3- 84 Config uring a S tatic Addr ess Table CLI – This exam ple adds an a ddress to the static add ress table, but sets it to be deleted when t he switch is re set. Disp[...]
-
Page 185
Address T abl e Settings 3-135 3 We b – Clic k Address T a ble, Dynami c Addresse s. S pecify the s earch type (i.e., m ark the Inte rfac e, M AC Add res s, or VLAN chec kbox) , s elec t th e meth od of sort in g th e displaye d address es, and then click Query . Figur e 3- 85 Conf igur ing a D ynami c Ad dress Table CLI – This exam ple also di[...]
-
Page 186
Configuri ng the Switch 3-136 3 Changing the Aging Time Y o u can set the agi ng time for entri es in the dynam ic address table . Command Attributes • Aging Status – Enable s/disables the fu nction. • Aging Time – The time after which a learned entr y is discarded . (Range: 10-630 se conds; Default: 300 seconds) We b – Cli ck A ddr ess T[...]
-
Page 187
Spanning Tree Algorithm Configu ration 3-137 3 ports, and disab les all other ports. Network packe ts are therefore on ly forwarded between r oot ports and de signated ports, eli minating any po ssible netw ork loops. Once a stable network top ology has bee n established, all br idges listen fo r Hello BPDUs (Bri dge Protocol Da t a Units) transm i[...]
-
Page 188
Configuri ng the Switch 3-138 3 MSTP the n builds a Intern al S panni ng T ree (IST) for the Region containing al l comm only configu red MSTP bridge s. An MST Re gion consists of a gr oup of interconn ected bridges that have th e same MST Con figuration Iden tifiers (inclu ding the Regio n Name, Rev ision Level and Configu ration Diges t – see ?[...]
-
Page 189
Spanning Tree Algorithm Configu ration 3-139 3 • Bri dge ID – A unique identifier for this bridg e, consisting of the bridge priority and MAC ad dress (wher e the address is tak en from the swi tch system) . • Max Age – Th e max imum t ime (in secon ds) a dev ice c an wa it w itho ut r ecei ving a configur ation messa ge before atte mpting [...]
-
Page 190
Configuri ng the Switch 3-140 3 configur ation mes sage), a new r oot port is selecte d from am ong the device ports attached to the network. (R eferences to “por ts” in this sec tion means “i nterfaces,” which in cludes both por ts and trunks. ) • Root Forward Delay – The maximum time (in seconds) this device will wa it before changin [...]
-
Page 191
Spanning Tree Algorithm Configu ration 3-141 3 Note: The current root por t and current root cost display as zero when this device is not connected to the network. Configuring Globa l Settings Global s ettings apply t o the entire swit ch. Command Usage • Spannin g Tree Protocol 9 Uses RSTP for the internal st ate machine, b ut sends only 802 .1D[...]
-
Page 192
Configuri ng the Switch 3-142 3 • Priority – Bridge pr iority is used in se lecting the root device, root port, and designa ted port. The device with the highest prior ity becomes th e STA root device. However, if all devices have the same priority, the device with the lowest MAC addr ess will then bec ome t he roo t de vice . (N ote t hat lowe[...]
-
Page 193
Spanning Tree Algorithm Configu ration 3-143 3 • Transmission Lim it – The max imum transmissio n rate for BPDUs is specified by set ting the mini mum i nter val betwe en t he t ransm issi on of cons ecu tive prot ocol messag es. (Range: 1-10; Default: 3) Conf igur at ion Se tti ngs f or MST P • Max In stanc e Numbers – The max imum numb er[...]
-
Page 194
Configuri ng the Switch 3-144 3 CLI – Th is e xampl e en able s S panni ng T ree Prot ocol , se ts the mode t o RS TP , and then configu res the ST A an d RSTP paramete rs. Displaying Int erface Settings The S T A Port Inform ation and ST A Trunk Info rmation pag es display the curre nt status of ports and tru nks in the Sp anning T ree. Field At[...]
-
Page 195
Spanning Tree Algorithm Configu ration 3-145 3 by auto-de tection, as desc ribed for Admin L ink Type in ST A Port Configurati on on page 3-14 7. • Oper Edge Port – This parameter is initialized to th e setting for Admin Edge Port in STA Po rt Configurati on on page 3-147 (i.e., true or false), b ut will be set to false if a BPD U is rec eived,[...]
-
Page 196
Configuri ng the Switch 3-146 3 Algorithm is detecting net work loops. W here more tha n one port is assign ed the highest pr iority, the po rt with the lowest num eric ident ifier will be enab led. • Designat ed root – The priority and MA C address o f the device in the Spanning Tree tha t this switch has a ccepted as th e root device. • Fas[...]
-
Page 197
Spanning Tree Algorithm Configu ration 3-147 3 CLI – This examp le shows the ST A attributes for port 5. Configuring I nterface Settings Y ou ca n configur e RSTP and MST P attribute s for specific int erfaces, includi ng port priority , path cost, link typ e, and edge por t. Y ou may use a different prio rity or path cost for por ts of the same [...]
-
Page 198
Configuri ng the Switch 3-148 3 Protoco l is detecting ne twork loops. Where more t han one port is as signed the highest pr iority, the po rt with lowest num eric identifier will be enable d. • Default: 128 • Range: 0- 240, in steps of 16 • Path Cost – Th is parameter is us ed by the STP to de termine the bes t path between d evices. T her[...]
-
Page 199
Spanning Tree Algorithm Configu ration 3-149 3 We b – Click S panning T ree, ST A , Port Confi guration or Tr unk Configuration. Modify the required attributes, the n click Apply . Figure 3- 90 Config uring Spa nning Tre e per Port CLI – This examp le sets ST A attributes for por t 7. Configuring Mult iple Spanning Trees MSTP gene rates a uniq [...]
-
Page 200
Configuri ng the Switch 3-150 3 Command Attributes • MST Instan ce – Ins tance identifie r of this spannin g tree. (Defau lt: 0) • Priority – T he prior ity of a spanning tree ins tance. (R ange: 0- 61440 in steps o f 4096; Opt ions: 0, 409 6, 8192, 12 288, 16384, 20 480, 245 76, 28672, 32 768, 3686 4, 40960, 45056, 4 9152, 532 48, 57 344, [...]
-
Page 201
Spanning Tree Algorithm Configu ration 3-151 3 CLI – This example sets ST A at tributes for p ort 1, follo wed by settings fo r each port. Displaying Int erface Settings for MSTP The MSTP Po rt Information and MSTP T run k Information pages display the cu rrent status of por t s and tru nks in the sele cted MST instanc e. Command Attributes • M[...]
-
Page 202
Configuri ng the Switch 3-152 3 We b – Click Sp anning T r ee, MSTP , Port or Trunk Informati on. Select the req uired MST in st ance to di splay the cu rren t sp anni ng tre e valu es. Figure 3- 92 Displa ying MST P Interfac e Settings[...]
-
Page 203
Spanning Tree Algorithm Configu ration 3-153 3 CLI – This displays ST A settings for ins tance 0, follo wed by settings for each port. The settings for inst ance 0 are gl obal settings t hat apply to th e IST , the sett ings for other instan ces only apply to the local spannin g tree. Configuring I nterface Settings for MSTP Y ou ca n configure t[...]
-
Page 204
Configuri ng the Switch 3-154 3 - Disca rding – Port recei ves STA configurati on messa ges, but d oes not forward packe ts. - Lear ni ng – Port has trans mitted confi guration mess ages for an in terval set by the Forward Delay parameter with out receiving co ntradictory info rmation. Port address table is cleared , and the port be gins learni[...]
-
Page 205
VLAN Configu ration 3-155 3 We b – Click Spanning T ree, MSTP , Po rt Configur ation or Trunk Configura tion. Enter the priority an d path cost for an int erface, and cli ck Apply . Figure 3- 93 Displa ying MST P Interfac e Settings CLI – Th is ex ampl e se ts the M STP a ttri but es f or por t 4 . VLAN Configuration IEEE 802.1Q VLANs In large [...]
-
Page 206
Configuri ng the Switch 3-156 3 Thi s swi tch s upp ort s th e fo llow ing VLAN f eat ures : • Up to 255 VLAN s based on the IEEE 802.1Q sta ndard • Distribut ed VLAN learning across multiple swit ches using explicit or imp licit tagging and GVR P protocol • Port overla pping, allowing a port to partic ipate in multiple VLANs • End s tation[...]
-
Page 207
VLAN Configu ration 3-157 3 Untagged VLANs – Untagged (or static) VLA Ns are typica lly used to red uce broadca st traffic and to increa se securit y . A grou p of netwo rk users assign ed to a VLAN for m a broadc ast doma in that is separ ate from o ther VLANs c onfigured o n the swi tch. Pack et s are for warde d onl y bet wee n port s that are[...]
-
Page 208
Configuri ng the Switch 3-158 3 Forwarding T agged/Unt agged Frames If you wan t to create a small port-based VLAN for devices attache d directly to a single sw itch, you can ass ign ports to the sam e untagged VLAN . However , to participate in a VLAN gr oup that cross es several sw itches, you sh ould create a VLAN for th at group and enab le tag[...]
-
Page 209
VLAN Configu ration 3-159 3 Disp layin g Basi c VLAN I nform ation The VLAN Basic Informa tion page displays basic informa tion on the VLAN type support ed by the switch . Field Attributes • VLAN Versio n Number 10 – The VLAN ver sion used by this sw itch as speci fied in the IEEE 802.1Q standa rd. • Maximu m VLAN ID – Maximum VL AN ID reco[...]
-
Page 210
Configuri ng the Switch 3-160 3 • Status – Show s how this VLA N was added to the switch. - Dynamic GVRP : Automati cally learned via G VRP. - Permanen t : A dded as a static e ntry. • Egress Ports – S hows all the V LAN port member s. • Untagged Ports – Shows the untagged VLAN port members . We b – Click VLAN, 802.1Q VLAN, Current T [...]
-
Page 211
VLAN Configu ration 3-161 3 CLI – Current VLAN information c an be displayed with the followi ng command. Creating VLANs Use the VLAN S tatic List to create or remo ve VLAN groups. T o pro p agate informat ion about VL AN groups us ed on this s witch to ex ternal netw ork devic es, you must spec ify a VLAN ID for eac h of these groups. Command At[...]
-
Page 212
Configuri ng the Switch 3-162 3 We b – Click VLA N, 802.1Q VLAN, S tatic Lis t. T o c reate a new VLAN, en ter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then cli ck Add. Figure 3-9 7 Config uring a VL AN Static Lis t CLI – Th is e xampl e cr eates a ne w VLAN . Adding Static Members to VLANs (VLAN In dex) Use[...]
-
Page 213
VLAN Configu ration 3-163 3 Command Attributes • VLAN – ID of config ured VLAN (1-4 093). • Name – Name of t he VLAN (1 to 32 characters). • Status – Enabl es or disables the sp ecified VLAN. - Enable : VLAN is oper ational. - Disable : VLAN is suspe nded; i.e., doe s not pass pack ets. • Port – Port i dentifier. • Memb ership Typ[...]
-
Page 214
Configuri ng the Switch 3-164 3 Figure 3- 98 Config uring a V LAN Static Table CLI – The followin g example ad ds tagged and untag ged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Mem bership by Por t menu to assign VL AN groups to the selected interface as a tag ged membe r . Command Attributes • Inte rfac[...]
-
Page 215
VLAN Configu ration 3-165 3 Configuring VLAN Be havior for Interfac es Y ou can confi gur e VLAN beh avi or fo r spec ifi c inte rfac es, i ncl udin g the de fau lt VLA N identifier ( PVID), accept ed frame type s, ingress filtering , GVRP status , and GARP time rs. Command Usage • GVRP – GA RP VLAN Regi stration Protoc ol defines a way f or sw[...]
-
Page 216
Configuri ng the Switch 3-166 3 or LeaveA ll message ha s been issu ed, the applican ts can rejoin before the port actually leaves the grou p. (Range: 60- 3000 centisec onds; Defaul t: 60) • GARP LeaveAll Timer 9 – The inte rval bet wee n send ing out a Leav eAl l que ry messag e for VLAN group pa rticipants and the port leaving the group . Thi[...]
-
Page 217
VLAN Configu ration 3-167 3 CLI – Th is example sets port 3 to accept o nly tagged fr ames, as signs PVI D 3 as the nati ve V LAN ID, ena bles GVR P , sets t he G AR P tim ers, and then sets the swi tchp ort mode to hybri d. Configuring I EEE 802.1Q Tunneling IEEE 802. 1Q T unneling ( QinQ) is design ed for service pro viders carrying t raffic fo[...]
-
Page 218
Configuri ng the Switch 3-168 3 process ing. When the packet exits anothe r trunk port on the same core sw itch, the same SPVLAN tag is ag ain added to the packet. When a packe t enters the trun k port on the se rvice provider ’s egre ss switch, th e outer tag is agai n stripped for packe t processing . However , the SPVLAN tag is not added wh en[...]
-
Page 219
VLAN Configu ration 3-169 3 5. If the egress port is an unta gged member of the SPVLAN, th e outer t ag will be stripped. If it is a tagged member , the outgoing p ackets will have two tags. Layer 2 Flow for Packets Coming into a T unnel U plink Port An uplink po rt receives on e of the following packe ts: • Untagge d • One tag (CVL AN or SPVL [...]
-
Page 220
Configuri ng the Switch 3-170 3 Configu ration Limitation s for QinQ • The native VLAN of uplink por ts should not be used as the SPVL AN. If the SPVLAN is the uplink port's native VLA N, the uplink po rt must be an un tagged memb er of the SPVLAN. Then the outer SP VLAN tag will be strip ped when the pac kets are sent out. An other reason i[...]
-
Page 221
VLAN Configu ration 3-171 3 Ide ntif ier (TPID) valu e of the tu nnel port i f the at tach ed cli ent is usin g a nonst an dard 2-byte eth ertype to ide ntify 802.1Q tagged frames. Command Usage • Use the TPI D field to set a cust om 802.1Q e thertype val ue on the select ed interface . This feature allows the switc h to interoperate with third-p[...]
-
Page 222
Configuri ng the Switch 3-172 3 CLI – Th is e xampl e set s t he sw itch to operat e i n Qin Q mode . Adding an In terface to a Q inQ Tunnel Follow the guideline s in the prec eding sect ion to set up a QinQ tunnel on th e switch. Use the VLAN Port Configurat ion or VLAN Tr unk Configuration s creen to set the access po rt on the edge swi tch to [...]
-
Page 223
VLAN Configu ration 3-173 3 We b – Click VLAN , 802.1Q VLAN, 802.1Q T unne l Configuration o r T unnel Trunk Configu ration. Set the mode fo r a tunnel a ccess p ort to 802.1Q T unnel and a tunne l uplink por t to 802.1Q Tunnel Uplink. C lick Apply . Figure 3-1 02 Tunn el Port Co nfiguration CLI – This examp le sets port 1 to tunn el access mod[...]
-
Page 224
Configuri ng the Switch 3-174 3 cont ai ns prom isc uous po rt s that ca n commu nica te wit h all ot her po rt s in th e priva te VLAN gro up, while a seco ndary (or commu nity) VLAN contains community por t s that can on ly commu nicate with other hosts within t he second ary VLAN and w ith any of the prom iscuous ports in the ass ociated pri mar[...]
-
Page 225
VLAN Configu ration 3-175 3 We b – Click VLAN , Private VLAN, Inf ormation. Selec t the desired port from the VLAN ID drop-d own menu. Figure 3 -103 Priv ate VLAN Informati on CLI – Th is ex ampl e sh ows th e s witc h conf igur ed w ith p rim ary VL AN 5 and secondar y VLAN 6 . Port 3 has been co nfigured as a prom iscuous port and m apped to [...]
-
Page 226
Configuri ng the Switch 3-176 3 We b – Click VL AN, Private VLAN, Configu ration. Enter the VLAN ID number , select Primary , Is olated or Com munity type, the n click Add. T o remov e a private VLAN from the swi tch, highlig ht an entry in the Cur rent list box and then c lick Rem ove. Note that all member ports must be remove d from the VLAN be[...]
-
Page 227
VLAN Configu ration 3-177 3 CLI – This examp le associa tes communit y VLANs 6 and 7 wi th primary VLAN 5. Display ing Private VLA N Interfac e Information Use the Priv ate VLAN Port Inf ormation and Pr ivate VLAN Trunk Informatio n menus to d isp lay t he in ter fac es as soci ated wit h pri vate VLAN s. Command Attributes • Port/T runk – Th[...]
-
Page 228
Configuri ng the Switch 3-178 3 CLI – This examp le shows the sw itch configu red with prima ry VLAN 5 and comm unity VLAN 6. Port 3 has been co nfigured as a promiscu ous port a nd mapped to VLAN 5, wh ile ports 4 and 5 have been configur ed as host ports and as sociated with VLAN 6. This means th at traffic for port 4 and 5 can on ly pass throu[...]
-
Page 229
VLAN Configu ration 3-179 3 We b – Click VL AN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port th at will join a private VLA N. Assign prom iscuous ports to a primary VLAN. As sign host p orts to a comm unity VLAN. Afte r all the ports have be en conf igured, c lick Apply. Figure 3 -107 Priv ate VLA[...]
-
Page 230
Configuri ng the Switch 3-180 3 • Frame Type – Choose either Eth ernet, RFC 1042, or L LC Other as the fram e type used by thi s prot ocol . • Protocol Type – Speci fies the protoc ol type to match . The available op tions are IP, ARP, and R ARP. If LLC Oth er is chosen for the Fr ame Type, the on ly available Protocol T ype is IPX Raw Note[...]
-
Page 231
Link Layer D iscovery Protoco l 3-181 3 We b – Click VLAN , Protocol VLAN, Sy stem Configur ation. Figure 3 -109 Prot ocol VLAN System Configuration CLI – Th is ex ampl e show s th e swi tch conf igur ed wi th Pr otoc ol G roup 2 map ped t o VLAN 2 . Link Layer Discovery P rotocol Link L ayer Discov ery Protoco l (LLDP) is used t o discov er ba[...]
-
Page 232
Configuri ng the Switch 3-182 3 Command Attributes • LLDP – Enables LLDP globally on the switch. (Def ault: Enabled) • Transm ission Interval – Configure s the periodic tran smit interva l for LLDP advert isements. (Ran ge: 5-32768 seconds; Default: 30 se conds) This attri bute must comply with the following rule: (transm ission-inte rval *[...]
-
Page 233
Link Layer D iscovery Protoco l 3-183 3 critical to th e timely startup of LLD P, and theref ore integral to the ra pid availability of Emerge ncy Call Service. We b – Click LLDP , Configu ration. Enab le LLDP , modify a ny of the timi ng parameters as re quir ed, an d click Appl y . Figur e 3- 110 LL DP Conf igur ati on CLI – This exam ple set[...]
-
Page 234
Configuri ng the Switch 3-184 3 Command Attributes • Admin Status – En ables LLDP me ssage tran smit and rece ive modes for LLD P Protocol Data Unit s. (Options: Tx only, Rx only, TxRx, Disabled; Def ault: TxRx) • SNMP Notific ation – Enables t he transmissi on of SNMP trap n otification s about LLDP and LLDP -MED chan ges. (Def ault: Ena b[...]
-
Page 235
Link Layer D iscovery Protoco l 3-185 3 configur e the system n ame, see “D isplaying Sy stem Inform ation” on page 3-12. - System Capabilities – The sy stem capabilit ies identifies the pr imary func tion(s) of the syst em and whethe r or not these pr imary func tions are enabled . The informat ion advertised by th is TL V i s described in I[...]
-
Page 236
Configuri ng the Switch 3-186 3 CLI – Th is example se ts the interfa ce to both t ransmit and receive LLDP mes sages, enables SNMP trap mess ages, ena bles ME D notific ation, and specifies the TL V , MED-TL V , dot1-TL V and dot3-TL V parameter s to advertis e. Displaying LLDP Local Device Information Use t he LLD P Local D evic e Infor mat ion[...]
-
Page 237
Link Layer D iscovery Protoco l 3-187 3 CLI – This example displays LLDP informati on for the local switch. This example dis plays detail ed informati on for a specif ic port on the local switch. Displaying LLDP Remote Port Information Use the LLDP Remote Port/T runk Information screen to display in formation abou t devi ces c onn ected dir ectl [...]
-
Page 238
Configuri ng the Switch 3-188 3 CLI – This exam ple displays LL DP inform ation for remo te devices attached to this switch which are adve rtising inform ation through LL DP . Displaying LLDP Remote Infor mation Detail s Use the LLDP Remote Information Details screen to di splay deta iled informatio n about an L LDP-enabled device conne cted to a[...]
-
Page 239
Link Layer D iscovery Protoco l 3-189 3 CLI – Th is ex ampl e dis pla ys LLD P in forma ti on for an L LDP- enabl ed re mot e dev ice attached to a sp ecific port on t his switch. Displaying Devic e Statistics Use the LLDP Device S tatist ics scr een to d isplay aggr egate stati stics abou t all LLDP-e nabled devic e connect ed to this switch . W[...]
-
Page 240
Configuri ng the Switch 3-190 3 CLI – This exa mple displa ys LLDP statistics received fro m all LLDP-en abled rem ote devices connected di rectly to this sw itch. Displaying Detai led Device Statistics Use the LLDP Device S tatist ics Details screen to display statistics based o n traffic received t hrough all at t ache d LLDP-ena bled interfac [...]
-
Page 241
Class of Ser vice Configuration 3-191 3 CLI – Th is ex ampl e dis pla ys det ailed L LDP s ta tist ics for an LL DP-en able d rem ote dev ice attac hed to a spe cific por t on this sw itch . Class of Service Config uration Class of Service (CoS) al lows you to sp ecify which data packets ha ve greater precede nce when traffic is bu f fered in the[...]
-
Page 242
Configuri ng the Switch 3-192 3 Command Attributes • Default Prio rity 12 – The priority that is assigned to unt agged frames received on the specif ied interface . (Range: 0-7; Default: 0) • Number of E gres s Traf fic Cl asse s – The nu mber of queue bu ffers provided for each port . We b – Click Priority , Default Port Priority or Defa[...]
-
Page 243
Class of Ser vice Configuration 3-193 3 Round Ro bin (WRR). U p to eight separate tra f fic prio rities are define d in IEEE 802.1p. The default prio rity levels are as signed accor ding to recom mendation s in the IEEE 802.1p standard as shown in the following t able. The priorit y levels recomm ended in the IE EE 802.1p standa rd for various netw[...]
-
Page 244
Configuri ng the Switch 3-194 3 We b – Click Pri ority , T raf fic Classes. The current mapping of CoS values to output queues is displayed. As sign prioritie s to the traffic classes ( i.e., output queu es), then cli ck Apply. Figure 3- 118 Traffi c Classes CLI – Th e fo llow ing e xamp le s hows ho w to chan ge t he Co S assi gnme nt s. * Map[...]
-
Page 245
Class of Ser vice Configuration 3-195 3 We b – Click Priorit y , T r af fic Clas ses S tatus. Figure 3-1 19 Enab le Traffic C lasses Selecting th e Queue M ode Y o u can set the sw itch to service the queues bas ed on a strict ru le that requires al l traffic in a higher pr iority queue to be processed b efore lower priority queue s are serviced,[...]
-
Page 246
Configuri ng the Switch 3-196 3 V alue s to Egress Queu es” on page 3-192 , the traffic classe s are mapped to one of the eight e gress queues provided for ea ch port. Y ou ca n assign a weight to each of these que ues (and the reby to the corres ponding traffic prior ities). This we ight sets the frequency a t which each que ue will be polled fo[...]
-
Page 247
Class of Ser vice Configuration 3-197 3 a Class o f Service va lue by the sw itch, and the traffic then se nt to the corr esponding output q ueue. Beca use d if fer ent prio rit y inf ormat ion m ay b e cont ained in th e tra f fic, thi s swi tch maps priorit y values to the ou tput queues in the following m anner: • The prece dence for priorit y[...]
-
Page 248
Configuri ng the Switch 3-198 3 Mapping DSCP Priority The DSCP is six bits wide, allowi ng coding for u p to 64 different forwar ding behavio rs. The DSC P retains bac kward co mpatibility with the three p recedenc e bits so that non-DSCP comp liant will not con flict with the DSCP mapping. Based on net work poli cies, di f feren t ki nds of tr af [...]
-
Page 249
Quality of Service 3-199 3 CLI – The followi ng example gl obally enables DSCP Priorit y service on the switch, maps DSC P value 0 to CoS valu e 1 (on port 1 ), and the n displays t he DSCP P riority settings . * Mapping specific values f or IP DSCP is implemented as an inter face configuration command, but any changes will appl y to the all inte[...]
-
Page 250
Configuri ng the Switch 3-200 3 2. You should create a Class Map before cr eating a Policy Map. Otherwise, you will not be able to selec t a Class Map from the P olicy Rule Settings screen (see page 3-205). Configuring Quality of Service Par ameters T o creat e a service policy for a specific c ategory or ingress traffic, follow th ese steps: 1. Us[...]
-
Page 251
Quality of Service 3-201 3 • Add Class – Opens the “Class Conf ig urat ion” page. Ent er a clas s name and descript ion on this page , and click Add t o open the “Mat ch Class Setting s” page. Enter the c riteria used to classify ingre ss traffic on this page. • Remo ve Class – Remo ves the sele cted class. Class Configuratio n • [...]
-
Page 252
Configuri ng the Switch 3-202 3 We b – Click QoS, DiffServ , then click Ad d Class to c reate a new class, or Edit Rules to change the rules of an ex isting class. Figure 3-1 24 Configuring Cla ss Maps CLI - This exampl e creates a class map cal l “rd_clas s,” and sets it to ma tch packets marked for DSCP service value 3. Console(config)#clas[...]
-
Page 253
Quality of Service 3-203 3 Creating QoS Policies This funct ion creates a po licy map tha t can be attached to mu ltiple interf aces. Command Usage • To configur e a Policy Map , follow these steps : - Cre ate a Class Map as described on page 3-200. - Ope n the Policy Map pa ge, and click Ad d Policy. - When the Policy Configu ration page opens, [...]
-
Page 254
Configuri ng the Switch 3-204 3 Policy Rule Settings - Class Setting s - • Class N ame – N ame of class map. • Action – Show s the service provided t o ingress traffic by setting a C oS, DSC P , or IP Prece dence value in a matching pack et (as spec ified in Match C lass Set tings on page 3-200) . • Meter – The maxim um throughpu t and [...]
-
Page 255
Quality of Service 3-205 3 We b – Click QoS, Dif fSe rv , Policy Map to disp lay the list o f existing policy maps. T o add a new policy map click Add Policy . T o configure t he policy rule se ttings click Ed it Classes. Figure 3- 125 Conf iguring Po licy Maps[...]
-
Page 256
Configuri ng the Switch 3-206 3 CLI – This examp le creates a poli cy map called “r d-policy ,” s ets the av erage bandwidth the 1 Mbps, the burst rate to 1522 bps, and th e response to reduce the DSCP value for violati ng packets to 0. Attaching a Policy Map to Ingress Qu eues This funct ion binds a pol icy map to the ing ress queue of a par[...]
-
Page 257
V oIP T ra ffi c C onf igur at ion 3-207 3 VoIP Traffic Conf iguration When IP t elephony is dep loyed in an en terprise netwo rk, it is recom mended to isolate the V oice over IP (V oIP) ne twork traffic fr om other d ata traffic. Traff ic isol ation helps preve nt excessive pack et delays, packet loss, and jitter, which results in higher voice qu[...]
-
Page 258
Configuri ng the Switch 3-208 3 We b – Click QoS, V o IP T raffic Setting, Co nfiguration. Enable Auto Detection, specify t he V oice VL AN ID, the set the Voice VLAN Aging Time. Click Apply . Figure 3 -127 Conf iguring Vo IP Traffic CLI – Th is e xampl e en able s V oIP t raf fic dete cti on an d spe cif ies the V oic e VL AN ID as 1234, the n[...]
-
Page 259
V oIP T ra ffi c C onf igur at ion 3-209 3 address OUI num bers mu st be conf igured in the Teleph ony OU I list so th at the switch recognizes the traf fic as be ing from a VoIP d evice. • 802.1ab – Uses LLDP to discov er VoIP devices a ttached to the port. LLD P checks t hat the “telepho ne bit” in the syste m capability TLV is turned on.[...]
-
Page 260
Configuri ng the Switch 3-210 3 CLI – This exam ple configu res V o IP traffic settings fo r port 2 and displa ys the current Voice VLAN status. Configuring Tel ephony OUI V oI P devices at tached to the sw itch can be iden tified by the man ufacturer ’s Organ izational Uniq ue Identifier (OUI) in the sour ce MAC add ress of receiv ed packets. [...]
-
Page 261
V oIP T ra ffi c C onf igur at ion 3-211 3 • Telephon y OUI – Specifies a MAC a ddress ra nge to add to the list. Enter the MAC address in format 01-23-4 5-67-89-AB. • Mask – Identifies a rang e of MAC add resses. Selec ting a mask of FF-FF-FF-00-00-00 identifi es all devices with the same OUI (the first th ree octets). Other mask s restric[...]
-
Page 262
Configuri ng the Switch 3-212 3 Multicast Filtering Multicast ing is u sed to s upport r eal-time applicat ions suc h as videoc onferenci ng or streaming audio. A m ulticast server does not ha ve to establish a se parate connect ion with each client. It merely broa dcasts it s service to the network , and any hosts that want to receiv e the multica[...]
-
Page 263
Multicas t Filter ing 3-213 3 the se so urce s are all pla ced i n the Incl ude lis t, an d tr af fic i s f orwar ded t o t he hos ts from each of these sour ces. IGMPv3 ho sts may also requ est that se rvice be forwar ded from all sour ces except for those speci fied. In this ca se, traffic is filtered from sour ces in the Excl ude list, and forw [...]
-
Page 264
Configuri ng the Switch 3-214 3 the multicast filtering table is already ful l, the switch will continue flooding the traffic into the VLAN. • IGM P Q ueri er – A router, or multicas t-enabled sw itch, can pe riodically ask th eir hosts if they wa nt to rec eive mult icast traffi c. If there is more than one router/swi tch on the LAN performing[...]
-
Page 265
Multicas t Filter ing 3-215 3 We b – Click IGMP Snoopin g, IGMP Configuration. Adjust the IGMP settings as required , and then click App ly . (The def ault settings are shown belo w .) Figure 3-1 30 IGMP Configura tion CLI – Th is exampl e modifies t he settin gs for mul ticast filterin g, and th en displays the current status . Enabling IG MP [...]
-
Page 266
Configuri ng the Switch 3-216 3 is determi ned by the IGMP Q uery Report Del ay (see “Configur ing IGMP Snoop ing and Query Pa rameters” on page 3-213) . • If immedia te leave is ena bled, the sw itch assume s that only one host is connec ted to the inter face. Therefor e, immediat e leave sho uld only be enab led on an inte rface if it is co[...]
-
Page 267
Multicas t Filter ing 3-217 3 supp ort IP m ulti casti ng acros s th e Int ern et. T hese rout ers ma y be dyna mical ly discove red by the swit ch or statically assi gned to an inter face on the sw itch. Y ou ca n use the Mul ticast Router Po rt Informat ion page to display the po rts on this swi tch at ta ched t o a neighb ori ng mul ticas t ro u[...]
-
Page 268
Configuri ng the Switch 3-218 3 • Port or Trunk – Specifies the in terface at tached t o a mult icast route r. We b – Click IGMP Snooping, St atic Multicast Router Port Configuratio n. S pecify the interfaces attached to a multicast r outer , indicate th e VLAN which will forwa rd all the corres ponding multi cast traffic, and then cl ick Add[...]
-
Page 269
Multicas t Filter ing 3-219 3 We b – Click IGMP Snooping, IP Mu lticast Registrat ion T a ble. Select a VL AN ID and the IP add ress for a multic ast service fr om the scroll-do wn lists. The sw itch will display al l the interfaces that are propagat ing this multic ast service. Figur e 3 -134 IP Mu ltic ast R egis trat ion Tabl e CLI – This ex[...]
-
Page 270
Configuri ng the Switch 3-220 3 • Multicast IP – T he IP addr ess f or a spec ifi c mul tic ast se rvi ce • Port or Trunk – Specifi es the in terface attached t o a mul ticast rout er/switch . We b – Click IGM P Snooping, IGM P Member Por t T a ble. S p ecify the interfac e attached to a mul ticast servi ce (via an IGMP-en abled swit ch o[...]
-
Page 271
Multicas t Filter ing 3-221 3 IGMP th rottling sets a maxi mum numbe r of multicast groups that a port can join at the sam e time. When th e maximum number of grou ps is reached on a port , the switch can take one of two act ions; either “d eny” or “replace ”. If the action is set to deny , any new IGMP join reports will be droppe d. If the[...]
-
Page 272
Configuri ng the Switch 3-222 3 CLI – This examp le enables IGMP filtering an d creates a profi le number . It then displays the current status and the existi ng profile numb ers. Configuring IG MP Filter Profile s When you have created an IGMP profile number , you can th en configure t he multicast groups to filter and s et the access m ode. Com[...]
-
Page 273
Multicas t Filter ing 3-223 3 We b – Click IGM P Snooping, IGMP Fi lter Profile Configu ration. Select the pr ofile number you want to con figure; then cl ick Query to displ ay the current settings. S pecify the access mode for the profile and then add multic ast groups to the pr ofile li st. Cl ick Apply . Figure 3 -137 IGM P Profile C onfigurat[...]
-
Page 274
Configuri ng the Switch 3-224 3 • An IGMP pro file or throttling set ting can also be applied to a trunk inte rface. When ports are co nfigured as t runk member s, the trunk us es the setting s applied to the first port me mber in the trun k. • IGMP throt tling sets a max imum number of multicast group s that a port can join at the sam e time. [...]
-
Page 275
Multicast VLAN Regi stration 3-225 3 CLI – This exam ple assigns IGMP profile numb er 19 to port 1, a nd then sets the throttling n umber and a ction. The cu rrent IGMP fi ltering and thrott ling setting s for the interface ar e then disp layed. Multicast VLAN Registrati on Multicast VL AN Registrat ion (MVR) is a pro tocol that cont rols access [...]
-
Page 276
Configuri ng the Switch 3-226 3 Gener al Configur ation Gu idelines fo r MVR 1. Enable MVR globally on the switch, select the MVR VLAN, an d add the multicas t groups th at will stre am traf fic to att ached host s (see “Conf iguring Global MVR Settings” on page 3-22 6). 2. Set the inter faces that will jo in the MVR as s ource ports or recei v[...]
-
Page 277
Multicast VLAN Regi stration 3-227 3 • MVR Running Status – Indic ates whether or not all nece ssary conditio ns in the MVR environmen t are s atisfied. • MVR VLAN – Identi fier of the VLAN that s erves as the chan nel for stream ing multicast services usi ng MVR. (Ran ge: 1-4093; Default: 1) • MVR Group IP – IP address for an MVR multi[...]
-
Page 278
Configuri ng the Switch 3-228 3 • MVR Status – Shows t he MVR stat us. MVR sta tus for so urce ports i s “ACTIVE ” if MVR is glob ally enabled on the switch. MVR status fo r receiver po rts is “ACTIVE” onl y if t her e are su bsc riber s rec eivi ng mul tic ast t raff ic fr om one of t he MVR groups , or a m ulticast group has been s ta[...]
-
Page 279
Multicast VLAN Regi stration 3-229 3 We b – Click MVR, Gr oup IP Informati on. Figure 3-1 41 MVR Group IP I nformation CLI – Thi s exampl e fo llow ing s hows in form atio n abou t the i nte rfac es asso ciat ed wi th multicast gr oups assigned to the MVR VLAN. Configuring MVR Interface Status Each int erf ace th at p artici pat es in the MVR V[...]
-
Page 280
Configuri ng the Switch 3-230 3 • Immedi ate leave appl ies only to receive r ports. When enabled, the recei ver port is immediat ely removed from the mult icast group iden tified in the leav e message. When imm ediate leav e is disabled, th e switch follow s the standar d rules by sending a group-spec ific query to the re ceiver port a nd waitin[...]
-
Page 281
Multicast VLAN Regi stration 3-231 3 CLI – Th is ex ampl e conf ig ures a n MVR sour ce po rt an d re ceiv er por t, and t hen enables immediat e leave on the r eceiver po rt. Assigning St atic Multicast Groups to Inter faces For multicast streams that will run for a long ter m and be associated with a stable set of hosts, you ca n statically bin[...]
-
Page 282
Configuri ng the Switch 3-232 3 CLI – This examp le statically assi gns a multicast group to a recei ver port. DHCP Snooping DHCP snooping allo ws a switch to pro tect a network fr om rogue DHCP servers or other devices wh ich send port-rela ted information to a DHCP server . This inform ation can be usef ul in tracking an IP address ba ck to a p[...]
-
Page 283
DHCP Snooping 3-233 3 If the DHCP snoop ing is globally disabled, all d ynamic bindings are r emoved from the bindin g table. Additional considerations when the switch it self is a DHCP c lient – The port(s) through which the switch submits a client r equest to the DHCP server must be configured as trusted. Note th at the switch will not add a dy[...]
-
Page 284
Configuri ng the Switch 3-234 3 We b – Click DHCP Snooping, VLAN Configurat ion. Figure 3-1 45 DHCP Snooping VLAN Co nfiguration CLI – This example fir st enables DHCP Snooping for VL AN 1. DHCP Snooping Information Opti on Configuration DHCP provides a rel ay mechanism for s ending information a bout the switch and its DHCP client s to the DHC[...]
-
Page 285
DHCP Snooping 3-235 3 We b – Click DHCP Snooping , Information Op tion Configuration . Figure 3 -146 DHC P Snoopi ng Informa tion Option C onfigurat ion CLI – This example enables DHCP Snooping Information Option, and sets the policy as re plac e . DHCP Snooping Port Configurati on Configu res switch por t s as tru sted or untrus ted. An untrus[...]
-
Page 286
Configuri ng the Switch 3-236 3 CLI – This example shows how to enable the DHCP S nooping T rust S tatus for ports . DHCP Snooping Binding Informati on Displays t he DHCP sno oping bindin g information. Command Attributes • No. – Entry nu mber for DHCP snooping bi nding informatio n. • Unit – Stack unit. • Port – Port num ber. • VLA[...]
-
Page 287
IP Source Guard 3-237 3 IP Source Guard IP Source Guard is a secur ity feature th at filters IP traffic on n etwork inter faces based on m anually conf igured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping” on page 3-23 2). IP sou rce guard c an be used to prevent [...]
-
Page 288
Configuri ng the Switch 3-238 3 CLI – This exam ple shows ho w to enable IP s ource guard on port 5 . Static IP Source Guard Bindi ng Configuration Adds a static addr esses to the sour ce-guard binding tab le. Table entries inc lude a MAC address, IP address, lease time, entr y type (Static, Dynamic), VLAN identi fier, and port ident ifier. All s[...]
-
Page 289
IP Source Guard 3-239 3 We b – Click IP Sou rce Guard, St atic Co nfiguration. Figure 3 -150 Stat ic IP Sour ce Guard Binding C onfigurat ion CLI – This exampl e shows how to con figur e a st ati c sour ce-gu ard bi ndin g on por t 5 . Dynamic IP Sour ce Guard Binding Information Displa ys the source-g uard binding tab le for a selected interfa[...]
-
Page 290
Configuri ng the Switch 3-240 3 We b – Click IP Source Guard, Dynamic In formation. Figure 3-151 Dy namic IP Source Gu ard Binding Informatio n CLI – This exampl e shows how to con figur e a st ati c source -gu ard bi ndin g on por t 5 . IP Clustering IP Clust eri ng is a me thod o f gr oupi ng s witc hes t oget her t o en able cent ral ized ma[...]
-
Page 291
IP Clustering 3-241 3 switch es only become c luster M embers wh en ma nually sel ected by the adminis trator throug h the manage ment station. After the Comma nder and Mem bers have been configure d, any switch in the cl uster can be man aged from the web agent by choosing the de sired Mem ber ID from the Cluster dr op down me nu. From the Com man[...]
-
Page 292
Configuri ng the Switch 3-242 3 We b – Click Cluster , Configuration. Figure 3-1 53 Cluster Configur ation CLI – This example first enables c lustering on th e switch, set s the switch as the cluster Co mmander, and then configu res the cluster IP pool. Cluster Member Configuration Adds Cand idat e swi tch es to the c lus ter a s Memb ers . Com[...]
-
Page 293
IP Clustering 3-243 3 CLI – Th is ex ampl e cr eate s a ne w clus ter Member by speci fyi ng th e Can did ate switch MAC address an d setting a Me mber ID. Cluster Member Information Displays c urrent cl uster Member s witch informa tion. Command Attributes • Member ID – The ID number of the Membe r switch. (Ran ge: 1-36) • Role – Indicat[...]
-
Page 294
Configuri ng the Switch 3-244 3 We b – Click Clust er , Candidate Information . Figure 3-1 56 Cluste r Candida te Informatio n CLI – This exam ple shows inf ormation ab out cluster Ca ndidate swit ches. Vty-0#s how clu ster ca ndidate s 4-328 Cluster Candid ates: Role Mac Des criptio n ------- ------- - ------- ------- --- -------- ------- ----[...]
-
Page 295
UPnP 3-245 3 UPnP Universal Plug and Play (UPn P) is a set of protocol s that allows dev ices to connect seamless ly and sim plifies the dep loyment of ho me and office networ ks. UPnP achieve s this by issuing UPnP device control protoc ols designe d upon open , Internet -based comm unication s t anda rds. The firs t step in UPnP networking is dis[...]
-
Page 296
Configuri ng the Switch 3-246 3 CLI – This examp le enables UPnP , sets the device advertis e duration to 20 0 seconds , the device TTL to 6, and displ ays inform ation about ba sic UPnP configur ation. Console(config)#upnp device 4-215 Console(config)#upnp device advertise dur ation 200 4-216 Console(config)#upnp device ttl 6 4-216 Console(confi[...]
-
Page 297
4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Command Line Interface (CL I). Using the Command Line Interface Accessing the CLI When acc essing the managemen t interface fo r the switch ove r a direct conne ction to the serve r’s con sole port, or via a T e lnet connec tion, the switc h can be manag ed by enter ing[...]
-
Page 298
Command Line Interface 4-2 4 Telnet Connect ion T elnet ope rates over the IP transpor t protocol. In this en vironme nt, your manage ment station and an y network device you wan t to manage ove r the network must have a valid IP addres s. V alid IP ad dresses con sist of four num bers, 0 to 255, separated by pe riods. Each add ress consi sts of a [...]
-
Page 299
Entering C ommands 4-3 4 Entering Commands Thi s sect ion desc ri bes how t o ente r CLI com mands. Keywords and Argument s A CLI comma nd is a series of key words and argu ments. Keywo rds identify a comm and, and argum ents specify con figuration parame ters. For examp le, in the comma nd “show inte rfac es s ta tus ether net 1 /5, ” show int[...]
-
Page 300
Command Line Interface 4-4 4 Showing Commands If you ente r a “?” at the comm and prompt , the system will display the f irst level of keywords for the curren t command cl ass (Norm al Exec or Privilege d Exec) or configur ation class (G lobal, ACL, Inter face, Line or VL AN Database). Y ou can al so[...]
-
Page 301
Entering C ommands 4-5 4 display a l ist of valid keyw ords for a spe cific comma nd. For exampl e, the comm and “ show ? ” disp lays a list of poss ible show co mmands: Console#show ? access-group Access groups access-list Access lists accounting Uses an accounting l ist with this name banner Banner info bridge-ext Bridge extension inf ormatio[...]
-
Page 302
Command Line Interface 4-6 4 The comman d “ show interface s ? ” will display the following informa tion: Partial Keyword Lookup If you termi nate a partial keyw ord with a ques tion mark, alte rnatives that m atch the initial lette rs are provide d. (Remembe r not to leave a space between the c ommand and quest ion mark.) F or example “ s? ?[...]
-
Page 303
Entering C ommands 4-7 4 current m ode. The com mand clas ses and associ ated mode s are displaye d in the following table : Exec Commands When you open a new cons ole sessio n on the switch w ith the user nam e and pas swor d “gu est ,” t he sy stem ente rs th e Nor mal E xec co mmand mode (or gues t mode), di splaying th e “Console>” c[...]
-
Page 304
Command Line Interface 4-8 4 Configurati on Commands Configu ration comma nds are priv ileged level co mmands us ed to modify s witch settings . These comman ds modify the run ning configurat ion only and are not sav ed when the sw itch is reboot ed. T o store th e running co nfiguration in no n-volatile storag e, use the copy running-con fig st ar[...]
-
Page 305
Entering C ommands 4-9 4 For exam ple, you can use the followin g command s to enter interfac e configurat ion mode, and th en return to Priv ileged Exec mode Console(config)#interface ethernet 1/5 . . . Console(config-if)#exit Console(config)#[...]
-
Page 306
Command Line Interface 4-10 4 Command Line Processi ng Comma nds are not ca se sensitive . Y ou can ab breviate com mands and parameters as long as they contain enoug h letters to differenti ate them from a ny other curre ntly availabl e comman ds or parameters . Y ou can use the T ab key t o complete parti al comm ands, or en ter a partial com man[...]
-
Page 307
Command Group s 4-11 4 Command Groups The syst em comma nds can b e broken down into the functiona l groups shown below . T a ble 4-4 C ommand G roups Comman d Group Descripti on Page Line Se ts communica tion param eters for t he serial port and T elne t, including bau d rate and console time -out 4-12 General Basic com mands fo r entering privile[...]
-
Page 308
Command Line Interface 4-12 4 The access mode sho wn in the followi ng tables is indicate d by these abbr eviations: ACL (Access Control List Configuration ) MST ( Multiple S panning Tree) CM (Class M ap Configurat ion) NE (Normal Exec) GC (Global Configur ation) PE (Pr ivil eged Exec) IC ( Interface Configurat ion) PM (Policy M ap Configurat ion) [...]
-
Page 309
Line Command s 4-13 4 line This comm and ident ifies a spe cific line for con figuration , and to proce ss subseque nt line conf iguration co mmands. Syntax line { console | vty } • console - Console ter minal line. • vty - Vi rtua l ter min al fo r re mote c ons ole ac ces s (i. e., Tel net) . Default Sett ing Ther e is no defaul t li ne. Comm[...]
-
Page 310
Command Line Interface 4-14 4 - log in sele cts authenticat ion by a single global passw ord as specified by the password li ne configurati on comman d. When using t his method, the management inte rface starts in Normal Exec ( NE) mode. - login local se lects authenti cation via the us er name a nd password specifi ed by the username command (i.e.[...]
-
Page 311
Line Command s 4-15 4 during sys tem boot up or when dow nloading t he configur ation file from a TFTP server . There is no need for you to ma nually conf igure enc rypted passw ords. Example Related Commands login (4-13) passw ord-th resh (4 -16) timeout log in response This comm and sets the inte rval that the sys tem waits for a user to log into[...]
-
Page 312
Command Line Interface 4-16 4 Syntax exec-tim eout [ seco nds ] no exec-time out seconds - Integer that specifies the number of seconds. (Range: 0-65535 seconds; 0: no timeout) Default Sett ing CLI: No timeout T elnet: 10 minutes Command Mode Line Co nfiguration Command Usage • If user input is detected wi thin the timeout interval, the ses sion [...]
-
Page 313
Line Command s 4-17 4 Command Usage • When th e logon attem pt threshold i s reached, th e system int erface becom es silent for a specified amou nt of time befor e allowing the nex t logon attemp t. (Use the silent-time com man d to se t this inte rval .) Wh en th is thr esh old is reached for Telnet, the Te lnet logon interfac e shuts do wn. ?[...]
-
Page 314
Command Line Interface 4-18 4 Syntax da tab its { 7 | 8 } no databit s • 7 - Seven data b its per charac ter. • 8 - Eig ht data bits pe r character. Default Sett ing 8 data bits per charac ter Command Mode Line Co nfiguration Command Usage The d a tab its co mmand ca n be us ed to mas k the hi gh bit on inp ut fro m devices that gene rate 7 d a[...]
-
Page 315
Line Command s 4-19 4 Example T o specify no parity , enter this command: speed This comm and sets the termi nal line’s baud rate. This comman d sets both the transmi t (to terminal ) and receive (fr om termina l) speeds. Use t he no form to re store the defaul t setting. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 960[...]
-
Page 316
Command Line Interface 4-20 4 Example T o speci fy 2 stop bits, enter this command : disco nnect Thi s com mand t ermi nate s an S SH, T elne t, o r co nsol e conn ect ion. Syntax disconnect sess ion -id sessio n-id – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecify[...]
-
Page 317
General Command s 4-21 4 Example T o show all lines, enter thi s command : General Commands enab le Thi s com mand a cti vates Priv il eged E xec m ode. In pr ivi leg ed mode , ad dit ional comm ands are av ailable, a nd certain comm ands disp lay additi onal informa tion. See “Unders t andin g Comma nd Modes” on page 4-6. Syntax enable [ level[...]
-
Page 318
Command Line Interface 4-22 4 The device has two predefined privilege levels: 0: Normal Exec, 15: Pri vileged Exec. Enter l evel 15 to access Privileged Exec mode. Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “super ” is the defau lt passwor d required to chan ge the comm and mode from Normal Exec to Pr ivileged Exec. (T[...]
-
Page 319
General Command s 4-23 4 configure This c ommand activates Global C onfiguration mode. Y ou must e nter this m ode to modify an y settings on t he switch. Y ou m ust also enter Global Config uration mod e prior to en abling some o f the other configu ration mode s, including Interface Configura tion, Line Con figuration, and VLAN Database Con figur[...]
-
Page 320
Command Line Interface 4-24 4 The ! comman d re peat s co mmand s fro m the Exec utio n com mand hi st ory bu ff er when yo u are in Normal Exec or Privileged Exe c Mode, and commands fr om the Configu ration comma nd history buff er wh en you are in an y of the config uration mode s. In t his ex ample , the !2 comman d repeats the se cond comm and[...]
-
Page 321
General Command s 4-25 4 Default Sett ing None Command Mode Privileged Exec Example This examp le shows ho w to cancel a co nfigured del ayed reset of the sw itch: show relo ad This comm and displ ays the remaini ng time until a pend ing delaye d reset will take place. Syntax show r eload Default Sett ing None Command Mode Privileged Exec Example T[...]
-
Page 322
Command Line Interface 4-26 4 exit This comm and returns t o the previous configuration mode or exit the co nfiguration program. Default Sett ing None Command Mode Any Example This examp le shows ho w to return to the Pri vileged Exec mod e from the Glob al Configu ration mode , and then quit the CLI session: quit Thi s comma nd exi ts th e conf ig[...]
-
Page 323
System Management C ommands 4-27 4 System Management Co mmands Thes e co mmands a re u sed t o con trol sys tem l ogs, pa sswor ds, u ser names, brow ser configur ation option s, and display or configure a va riety of other sy stem inform ation. Device Designation Commands prompt This comm and custom izes the CLI pr ompt. Use the no form to rest or[...]
-
Page 324
Command Line Interface 4-28 4 Command Mode Global Co nfiguration Example hostname This comm and specif ies or modifi es the host na me for this devi ce. Use the no form to restor e the default host name. Syntax hostnam e name no hostname name - The name of this host. (Maxim um length: 255 characters) Default Sett ing None Command Mode Global Co nfi[...]
-
Page 325
System Management C ommands 4-29 4 banner con figure This c ommand allows the admini strator to interac tively sp ecify adm inistrative inform ation for this de vice. Syntax banner configur e Default Sett ing None Command Mode Global Co nfiguration Command Usage The adm inistrator c an batch-inp ut all details for the s witch with on e comman d. Wh[...]
-
Page 326
Command Line Interface 4-30 4 Example banner con figure company This c ommand allows the administ rator to configure the company informa tion displaye d in the banner. Use the no form to remove the company name information from t he banner display . Syntax banner conf igure company name no banner con figure company name - The name of the company . [...]
-
Page 327
System Management C ommands 4-31 4 Command Usage The us er-e nter ed da ta can not co nt ain sp ace s. The ban ner configure company comma nd interprets space s as data input bound aries. The use of undersc ores ( _ ) or other unob trusive non- letter charact ers is sugge sted for situation s where whites pace is necessa ry for clarity . Example ba[...]
-
Page 328
Command Line Interface 4-32 4 Syntax banner conf igure department dept - name no banner con figure company dept-name - The name of the department. (Maximum length: 32 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usage The use r-entered data cannot contain spaces . The banner configur e dep art ment comm and interp re[...]
-
Page 329
System Management C ommands 4-33 4 Command Usage The us er-e nter ed da ta can not co nt ain sp ace s. The ban ner configure eq uipme nt- inf o comm and interp rets spaces as data input b oundaries . The use of unde rscores ( _ ) or other unobtrusive non-letter characters is suggest ed for s ituations w here w hitespace is necessar y for c larity .[...]
-
Page 330
Command Line Interface 4-34 4 ip-m ask - The IP address and s ubnet mask of the de vice. (Maximum length: 32 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usage The use r-entered data cannot contain spaces . The banner configur e ip-lan comm and interprets spaces as data input boundar ies. The use of und erscores ( _ [...]
-
Page 331
System Management C ommands 4-35 4 banner con figure manage r-info This c ommand allows the administ rator to configure the ma nager con t act inform ation disp layed in t he bann er . Us e the no form to r emove the man ager contact inform ation from the bann er display . Syntax banner conf igure manager-info name mgr1-n ame phon e-number mgr1-nu [...]
-
Page 332
Command Line Interface 4-36 4 no banner con figure mux muxinf o - The ci rcuit and PVC to which t he switch is connected. (Maximum length: 3 2 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usage The use r-entered data cannot contain spaces . The banner configur e mux comm and interprets spaces as data input boundar ie[...]
-
Page 333
System Management C ommands 4-37 4 Example show ba nner This comm and displays all banner infor mation. Syntax sh ow ban ner Default Sett ing None Command Mode Normal Exec, Privileged Exec Example Console(config)#banner configure note !!!!!ROUTINE_MAINTENANCE_firmware- upgrade_0100-0500_GMT-0500_20071022!!!!!_ 20min_network_impact_expected Console([...]
-
Page 334
Command Line Interface 4-38 4 User Access Commands The bas ic comm ands re quired for managem ent acc ess are listed in this sect ion. This switc h also include s other option s for password ch ecking via th e console or a T elnet con nection (page 4-1 2), user authe ntication via a re mote authenti cation server (p age 4-91 ), and host ac cess aut[...]
-
Page 335
System Management C ommands 4-39 4 Command Usage The encry pted password i s required for com patibility with leg acy password settings (i.e., pl ain text or encryp ted) when reading the conf iguration file duri ng system bo otup or w hen download ing the con figuration file from a TFTP ser ver . There is no nee d for you to manu ally configu re en[...]
-
Page 336
Command Line Interface 4-40 4 Related Commands enable (4- 21) aut hent icat ion en able (4-93 ) IP Filt er Commands managem ent This comm and specif ies the client IP addresses that are allowed m anagemen t access t o the switch thr ough various pr otocols. U se the no form to res tore the default se tting. Syntax [ no ] management { all-client | h[...]
-
Page 337
System Management C ommands 4-41 4 • You can delete an add ress range just by specifying t he start addre ss, or by specifyi ng both the sta rt address a nd end address . Example Thi s exam ple res tri cts m anage ment ac cess to the in dica ted ad dres ses. show ma nagement This comm and displ ays the client IP a ddresses th at are allowed manag[...]
-
Page 338
Command Line Interface 4-42 4 Web Server Commands ip http port This comm and specif ies the TCP port number used by the web browse r interface . Use t he no form to us e the default port. Syntax ip http port port-num ber no ip http port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 80 Command Mod[...]
-
Page 339
System Management C ommands 4-43 4 Example Related Commands ip htt p port (4 -42) ip http sec ure-server This comm and enable s the secure hype rtext transfe r protocol (HTT PS) over the Secure Socket Lay er (SSL), p roviding sec ure access (i.e., an encrypted connec tion) to the swit ch’s web interface. Use the no form to disable th is function.[...]
-
Page 340
Command Line Interface 4-44 4 Example Related Commands ip http secu re-port (4-44) copy tftp https-certif icate (4-85) ip http sec ure-port Thi s com mand s peci fies the UDP po rt number use d fo r HTTPS conn ect ion t o th e switch’ s web interface. Us e the no f orm to re store the def ault port. Syntax ip http secure-por t port_num ber no ip [...]
-
Page 341
System Management C ommands 4-45 4 Telnet Ser ver Commands ip telnet po rt This co mmand s pecifies the TCP port n umber us ed by the T elnet int erface. Use the no form to use th e default port. Syntax ip telnet port port -number no ip telnet port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 23[...]
-
Page 342
Command Line Interface 4-46 4 Related Commands ip tel net port (4-45) Secure Shell Command s The Berkl ey-standard in cludes remote ac cess too ls originally des igned for Un ix systems. Some of these tools have also been imple mented for Mi crosoft Window s and other environmen t s. Thes e tools, includ ing comm ands such as rl ogin (re mot e logi[...]
-
Page 343
System Management C ommands 4-47 4 The SSH se rver on this sw itch suppor t s both p ass word and pub lic key authenti cation. If passwor d authentica tion is specifie d by the SSH client, then the password can be authenti cated either locally or via a RAD IUS or T AC ACS+ rem ote authenti cation serve r , as spec ified by the au thentication lo gi[...]
-
Page 344
Command Line Interface 4-48 4 corres ponding to the p ublic keys sto red on the switc h can gain acce ss. The followi ng exchanges take place during this process: a. T he cl ien t send s it s p ubli c ke y to t he sw itch . b. The switc h compares the cli ent's public key to those stored in memory . c. If a ma tch is fo und, the swit ch us es [...]
-
Page 345
System Management C ommands 4-49 4 ip ssh tim eout This comm and confi gures the time out for the SSH server . Use the no fo rm to restore the defaul t setting. Syntax ip s sh timeout secon ds no ip ssh time out seconds – The timeout for client response during SSH negotiation. (Range: 1- 120) Default Sett ing 10 seco nds Command Mode Global Co nf[...]
-
Page 346
Command Line Interface 4-50 4 Example Related Commands show ip ss h (4-52) ip ssh se rver-key s ize This comm and sets the SSH serv er key size. Use the no form to rest ore the defaul t setting. Syntax ip ssh serv er-key siz e ke y-si ze no ip ssh ser ver-key size key-size – The size of server key . (Range: 512-896 bits) Default Sett ing 768 bits[...]
-
Page 347
System Management C ommands 4-51 4 Example ip ssh cr ypto host-k ey generate This comm and generat es the host key pai r (i.e., public and pr ivate). Syntax ip ssh cryp to host-key gener ate [ dsa | rsa ] • dsa – DSA (V ersion 2) key type . • rsa – RSA ( Version 1) key t ype. Default Sett ing Generat es both the DSA and R SA key pairs. Comm[...]
-
Page 348
Command Line Interface 4-52 4 Command Mode Privileged Exec Command Usage • This comm and clears the host key from volatile mem ory (RAM). Use the no ip ssh save h ost-key comm and to clea r the host key from flash memo ry. • The SSH se rver must be disa bled befor e you can execu te this comman d. Example Related Commands ip ssh cryp to host-ke[...]
-
Page 349
System Management C ommands 4-53 4 Example show ss h This comm and displays the current SSH server connec tions. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentica tion retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Use rname Encrypti[...]
-
Page 350
Command Line Interface 4-54 4 show pub lic-key Thi s com mand s hows the publ ic ke y for the s pec ifi ed use r or for the host . Syntax show p ublic-key [ user [ userna me ]| host ] username – Name of an SSH u ser . (Range : 1-8 characters) Default Sett ing Shows all public keys. Command Mode Privileged Exec Command Usage • If no para mete rs[...]
-
Page 351
System Management C ommands 4-55 4 Event Logging Commands logging on This comm and contro ls logging of error messages, sending deb ug or error messag es to sw itch me mory . T he no form dis ables the lo ggin g proc ess. Syntax [ no ] logging on Default Sett ing None Command Mode Global Co nfiguration Command Usage The logging process co ntrols er[...]
-
Page 352
Command Line Interface 4-56 4 logging his tory This com mand limits sy slog messa ges saved to s witch memor y based on s everity . The no form re turns the logging of syslo g messages to t he default le vel. Syntax logging history { flas h | ra m } level no logging history { fla sh | ram } • flas h - Event histor y stored in flas h memory (i.e .[...]
-
Page 353
System Management C ommands 4-57 4 logging hos t This comm and adds a syslog server ho st IP addres s that will receiv e logging messag es. Use the no form to remove a syslog se rver host. Syntax [ no ] logging host host_ip_ address host_ip_address - The IP address of a syslog server . Default Sett ing None Command Mode Global Co nfiguration Comman[...]
-
Page 354
Command Line Interface 4-58 4 logging trap This comm and enable s the logging of system mess ages to a rem ote server , or limits the sysl og message s saved to a remote serve r based on se verity . Use th is comm and without a spe cified leve l to enable remot e logging. Us e the no form to disable re mote logging. Syntax logging trap [ level ] no[...]
-
Page 355
System Management C ommands 4-59 4 Related Commands show logg ing (4-59) show log ging This comm and displays the config uration settings for logging mes sages to loc al switch memory , to an SMTP event han dler , or to a remote sysl og server . Syntax sh ow logg ing { flash | ram | sendmail | tr ap } • flas h - Displays settings for st oring eve[...]
-
Page 356
Command Line Interface 4-60 4 The follow ing example di splays sett ings for the trap fu nction. Related Commands show logg ing sendma il (4-64) show log This c ommand displays the sys tem and event message s stored in mem ory . Syntax show log { flash | ram } [ login ] [ tai l ] • flas h - Event histor y stored in flas h memory (i.e ., permanen [...]
-
Page 357
System Management C ommands 4-61 4 Example The fo llowing ex ample sh ows sam ple me ssages st ored in RAM. SMTP Alert Commands These com mands con figure SMTP ev ent handling, an d forwarding of alert messag es to the specifi ed SMTP serv ers and email rec ipients. logging sendmail h ost This co mmand sp ecifies SMTP servers t hat will be s ent al[...]
-
Page 358
Command Line Interface 4-62 4 Command Mode Global Co nfiguration Command Usage • You can spec if y up to thr ee SMTP se rve rs for ev ent ha ndin g. How ever, you must en ter a separate command to sp ecify each s erver. • To se nd email a lerts, the s witch firs t opens a connection, sends a ll the emai l alerts wai ting in the queue one by one[...]
-
Page 359
System Management C ommands 4-63 4 logging se ndmail sourc e-email This comm and sets the emai l address used for the “From ” field in alert mes sages. Use t he no form to de lete the sourc e email addr ess. Syntax [no] logging sen dmail source-email ema il-address email- address - The source email address use d in alert messages. (Range: 0-41 [...]
-
Page 360
Command Line Interface 4-64 4 logging se ndmail This comm and enable s SMTP event hand ling. Use the no form to disable this func tion . Syntax [ no ] log ging sendmail Default Sett ing Enab led Command Mode Global Co nfiguration Example show log ging sendma il This command displays the settings for the SMTP event handler . Command Mode Normal Exec[...]
-
Page 361
System Management C ommands 4-65 4 Time Commands The syste m clock can be dy namically set by polling a set of specified time servers (NTP or SNTP) . Mai nt ain ing a n ac cura te ti me on the swi tch enabl es t he sy stem log to record meaningful d ates and times f or event ent ries. If the clock is not set, the switch will only record th e time f[...]
-
Page 362
Command Line Interface 4-66 4 Command Usage • The time ac quired from time servers is us ed to record accurate dates and times for lo g events. Without SNTP, the switch only rec ords the time starting from the factory default se t at the last boot up (i.e., 00:00 :00, Jan. 1, 2001) . • This com mand enable s client time requ ests to tim e serve[...]
-
Page 363
System Management C ommands 4-67 4 Example Related Commands sntp cl ient (4-65) sntp poll (4-67 ) show sn tp (4-67) sntp poll This comm and sets the inte rval between se nding time requests when the sw itch is set to SNTP client mode. Use th e no for m to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time [...]
-
Page 364
Command Line Interface 4-68 4 Example ntp cli ent This comm and ena bles NTP clie nt requests for ti me synchron ization from NTP time serv ers specifie d with the ntp s ervers command. Use the no form to disable NTP client reque sts. Syntax [ no ] nt p c lie nt Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • The SNTP[...]
-
Page 365
System Management C ommands 4-69 4 ntp se rver Thi s com mand s et s the IP ad dres ses o f t he ser vers to w hich NTP ti me reques ts are issued. U se the no form of the com mand to c lear a sp ecific time server or all serve rs from the current list. Syntax ntp server i p-addre ss [ ve rsion number ] [ key ke y-numb er ] no ntp server [ ip-a ddr[...]
-
Page 366
Command Line Interface 4-70 4 ntp pol l This comm and sets the inte rval between se nding time requests when the sw itch is set to NTP clie nt mode. Use the no form to rest ore to the defaul t. Syntax ntp poll seconds no ntp poll seconds - Interval between time requests. (Range: 16- 16384 seconds) Default Sett ing 16 seco nds Command Mode Global Co[...]
-
Page 367
System Management C ommands 4-71 4 Example Related Commands ntp authent ication-key (4-71) ntp au thentication-k ey This comm and config ures authe ntication keys and key numbe rs to use whe n NTP authenti cation is enabled. Use the no f orm of the command to clear a spe cific authenticat ion key or all ke ys from the curr ent list. Syntax ntp auth[...]
-
Page 368
Command Line Interface 4-72 4 show ntp This comm and displays the current tim e and configur ation setting s for the NTP client, and indicates w hether or not the loc al time has bee n properly upd ated. Command Mode Normal Exec, Priv ileged Exec Command Usage This c ommand displays t he curre nt time, t he poll i nterval u sed for sending time syn[...]
-
Page 369
System Management C ommands 4-73 4 Command Usage This c ommand sets the loc al time zone relat ive to the Coord inated U niversal T ime (UTC, former ly Gre enwi ch Mea n T ime or GMT), ba sed on the ear th’ s prime m eridian, z ero de grees longi tude. T o display a time co rrespondi ng to your l ocal time, you must indicate the num ber of ho urs[...]
-
Page 370
Command Line Interface 4-74 4 cloc k summ er-tim e (da te) Thi s com mand a llo ws th e user to manua lly conf igur e t he st art , end , an d of fs et ti mes of summe r-time (dayl ight savings time) for the sw itch on a one-tim e basis. Us e the no form to dis able summer -time. Syntax cloc k summer-t ime name date b-mont h b- day b-yea r b- hour [...]
-
Page 371
System Management C ommands 4-75 4 Example Related Commands show sn tp (4-67) clock sum mer-time (pred efined) This comm and config ures the summ er time (dayl ight savings time) status and settings for the switch using prede fined configur ations for se veral major reg ions of the world. Use the no f orm to disable summer time. Syntax clock s umme[...]
-
Page 372
Command Line Interface 4-76 4 Related Commands show sn tp (4-67) cloc k summ er-tim e (re currin g) Thi s com mand a llo ws th e user to manua lly conf igur e t he st art , end , an d of fs et ti mes of summe r-time (da ylight savings time) for the sw itch on a recurr ing basis. Use the no form to dis able summer -time. Syntax cloc k summer-t ime n[...]
-
Page 373
System Management C ommands 4-77 4 Example Related Commands show sn tp (4-67) cale ndar set This comm and sets the sys tem clock. It ma y be used if ther e is no time serve r on your net work, or if y ou have n ot configur ed the swi tch to recei ve signals from a time serv er . Syntax calenda r set hour min se c { day m onth y ear | mont h day yea[...]
-
Page 374
Command Line Interface 4-78 4 System Status Commands show sta rtup-config This command dis plays the configur ation file sto red in non-volati le memory that is used to start up the system. Default Sett ing None Command Mode Privileged Exec Command Usage • Use this command in conjunct ion with the s how running-config command to compar e the info[...]
-
Page 375
System Management C ommands 4-79 4 Example Related Commands show runni ng-config ( 4-79) show runn ing-config This comm and displays the config uration inform ation currentl y in use. Default Sett ing None Command Mode Privileged Exec Command Usage • Use this comma nd in conj unct ion wi th t he show startup-co nfig command to compar e the inform[...]
-
Page 376
Command Line Interface 4-80 4 is s epar ated by “ !” sy mbol s, an d in clud es t he con fi gurat ion mode c omman d, and corr esponding co mmands. This comman d displays th e following inf orm atio n: - MAC address for ea ch switch in the stack - SNTP server settings - Lo cal time zone - SNMP communi ty strin gs - Use rs (na mes, ac cess lev e[...]
-
Page 377
System Management C ommands 4-81 4 Example Related Commands show startu p-config (4-78 ) Console#show running-config building startup-config, please wait..... ! phymap 00-12-cf-ce-2a-20 00-00-00-00-00-0 0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00 -00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.[...]
-
Page 378
Command Line Interface 4-82 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage • For a descr iption of the ite ms shown by this command, refer to “Displ aying System In formation” o n page 3-12. • The POST result s sh ould a ll displ ay “P ASS.” If a ny[...]
-
Page 379
System Management C ommands 4-83 4 Command Usage The sess ion use d to exec ute this co mmand is indicated by a “* ” symbol n ext to the Line (i.e ., session) ind ex number . Example show ve rsion This c ommand displays h ardware and s oftware version informa tion fo r the sy stem. Default Sett ing None Command Mode Normal Exec, Privileged Exec[...]
-
Page 380
Command Line Interface 4-84 4 Example Frame Size Commands jumbo frame This comm and enable s support for jum bo frames. Use t he no form t o disa ble it . Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • This swi tch provides m ore efficient t hroughput for large seque ntial data transfer s by[...]
-
Page 381
Flash/File C ommands 4-85 4 • Enabling j umbo frame s will limit the ma ximum thres hold for broad cast storm contro l to 64 packe ts per sec ond. (See t he switchport broa dcast comm and on pag e 4-17 2.) • The cur rent s etti ng for jumb o frame s ca n be di splaye d wit h the show sy stem comm and (page 4-82) . Example Flash/File Commands Th[...]
-
Page 382
Command Line Interface 4-86 4 • htt ps-ce rtifi cate - Copi es an H TTPS ce rti ficat e fr om an TFT P ser ver t o the switch . • public-ke y - Keywor d th at a llo ws yo u to copy a SSH k ey f rom a TFTP server. ( “Secure Shell Com mands” on pa ge 4-46) • unit - Keyword th at allows you t o copy to/from a u nit. Default Sett ing None Com[...]
-
Page 383
Flash/File C ommands 4-87 4 Example The follow ing example sh ows how to up load the configu ration sett ings to a file on the TFTP serve r: The follow ing example sh ows how to co py the running c onfigurati on to a startup file. The follow ing example sh ows how to do wnload a co nfiguration file: This examp le shows ho w to copy a secur e-site c[...]
-
Page 384
Command Line Interface 4-88 4 This examp le shows how to copy a public-key used by SSH from a TFT P server . Note that pu blic key authe ntication v ia SSH is only supp orted for user s configured locally on the switch : delete This comm and delete s a file or image. Syntax delete [ un it :] file name filename - Name of the configurati on file or i[...]
-
Page 385
Flash/File C ommands 4-89 4 dir This command dis plays a list of files in fl ash memory . Syntax dir [ unit :] {{ boot-rom: | config: | opc ode: } [: fi lenam e ]} The type of fil e or image to displa y includes: • boot-rom - Boot R OM (or diagnostic) ima ge file. • config - Swi tch c onfi gur ation fi le. • opcode - Run -time opera tion code[...]
-
Page 386
Command Line Interface 4-90 4 whichboo t This c ommand displays w hich fi les were booted wh en the system p owered up. Syntax whichboot [ unit ] unit - S tack uni t. (Range: 1) Default Sett ing None Command Mode Privileged Exec Example This examp le shows the i nformation d isplayed by th e whichboot comma nd. See the table un der the dir com mand[...]
-
Page 387
Authentication C ommands 4-91 4 Example Related Commands dir (4-89) whi chboo t (4- 90) Authentication Commands Y o u can configur e this switch to au thentica te users loggi ng into the sys tem for manage ment acces s using local or RADIUS au thenticatio n methods. Y ou ca n also enable po rt-based aut hentication for network clien t access using [...]
-
Page 388
Command Line Interface 4-92 4 authentica tion login This co mmand d efines the login authe ntication m ethod and precedenc e. Use the no form to rest ore the defaul t. Syntax aut henti cation l ogi n {[ local ] [ radius ] [ t acac s ]} no authenticat ion login • loc al - Use local p assword. • radius - Use RADIUS server passwor d. • t aca cs [...]
-
Page 389
Authentication C ommands 4-93 4 authentica tion enable This comm and define s the authentica tion metho d and preceden ce to use whe n changin g from Exec comm and mode to Priv ileged Exec com mand mode w ith the enable co mmand (see page 4 -21). Use th e no form to restore the default. Syntax authenti cation enabl e {[ lo cal ] [ radius ] [ tacacs[...]
-
Page 390
Command Line Interface 4-94 4 RADIUS Client Remote Authenticati on Dial-in User Ser vice (RADIUS ) is a logon authent ication protoc ol that uses softwar e running on a central serve r to control acce ss to RADIUS- aware dev ices on the netwo rk. An authenti cation server con tains a database of m ultiple user na me/passwo rd pairs with associ ated[...]
-
Page 391
Authentication C ommands 4-95 4 radius- server hos t This comm and specif ies primary an d backup RAD IUS server s and authent ication par amet ers that ap ply to ea ch ser ver . Us e the no form to re store the defaul t values. Syntax [ no ] radius -se rver in de x host { host_i p_add ress | host_alias } [ auth-por t auth_por t ] [ timeout ti meo [...]
-
Page 392
Command Line Interface 4-96 4 Command Mode Global Co nfiguration Example radius- server aut h-port This comm and sets the RAD IUS server network port fo r authenticat ion messages . Use t he no form to re store the def ault. Syntax radi us-s erver au th- port port_numbe r no radius-server auth-p ort port_number - RADIUS server UDP port used for aut[...]
-
Page 393
Authentication C ommands 4-97 4 radius- server r etransmit This c ommand sets the num ber of retries. U se the no form to rest ore the defaul t. Syntax radi us-s erver re trans mit numb er_o f_re tri es no radius-server retransmit number_of_retries - Numbe r of times the switch will try to authenticate logon access via t he RADIUS server . (Range: [...]
-
Page 394
Command Line Interface 4-98 4 Example TACACS+ Client T erminal Access Co ntroller Access Control System (T ACA CS+) is a logon authenti cation proto col that uses softw are running on a ce ntral server to control access t o T ACACS -aware devi ces on the net work. An authent ication ser ver contains a d atabase o f multiple us er name/ password pai[...]
-
Page 395
Authentication C ommands 4-99 4 • timeout - Number of seconds the switch waits for a reply before rese nding a request. (Range: 1-540 seconds) • retr ansmi t - Number o f times the switch will resen d an authentica tion request to the TACACS+ se rver. (Ran ge: 1-30) • key - Encryption key used to authenticate logon access for client. Do not u[...]
-
Page 396
Command Line Interface 4-100 4 Syntax t aca cs-serv er key key_s tring no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 2 0 characters) Default Sett ing None Command Mode Global Co nfiguration Example tacacs-se rver retr ansmit This c ommand s[...]
-
Page 397
Authentication C ommands 4-101 4 Default Sett ing 5 second s Command Mode Global Co nfiguration Example show tacac s-ser ver This comm and displays the current set tings for the T ACACS + server . Default Sett ing None Command Mode Privileged Exec Example Console(config)#tacacs-server timeout 10 Console(config)# Console#show tacacs-server Remote TA[...]
-
Page 398
Command Line Interface 4-102 4 AAA Commands The Auth enti cati on, aut hori zati on, a nd accou nti ng (A AA) feat ure provi des t he m ain fra mewo rk fo r conf ig urin g acce ss c ont rol o n th e swit ch. T he AA A f unct ions r equi re the use of con figured RAD IUS or T AC ACS+ serv ers in the netwo rk. aaa gr oup server Use this command to na[...]
-
Page 399
Authentication C ommands 4-103 4 Example serv er This comman d adds a security se rver to an AAA server group . Use the no form to remov e the associat ed server from th e group. Syntax [ no ] server { index | ip-address } • index - Specifies the serve r index. (Range: RADIUS 1-5, TACACS+ 1) • ip-a ddress - Specifies the host IP addre ss of a s[...]
-
Page 400
Command Line Interface 4-104 4 - radius - Spec ifies all RADI US hosts conf igure with th e r adius-serv er host comm and descri bed on page 4-95 . - tacacs+ - Specifies all TAC ACS+ hosts co nfigure with th e tacacs- server host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he aaa g[...]
-
Page 401
Authentication C ommands 4-105 4 - radius - Spec ifies all RADI US hosts conf igure with th e r adius-serv er host comm and descri bed on page 4-95 . - tacacs+ - Spec ifies all TAC ACS+ ho sts co nfigure wi th the tacacs-ser ver host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he a[...]
-
Page 402
Command Line Interface 4-106 4 - tacacs+ - Specifies all TAC ACS+ hosts co nfigure with th e tacacs- server host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he aaa gro up server com mand desc ribed on 4-102. (Range: 1-2 55 charact ers) Default Sett ing Account ing is not enabled No[...]
-
Page 403
Authentication C ommands 4-107 4 Example accounting dot1x This comm and applies an accountin g method for 80 2.1X service r equests on an int erf ace. Use the no form to disabl e accounting on the interfa ce. Syntax accounting dot1x { de fau lt | lis t-name } no account ing dot1x • default - Speci fie s the defa ult m ethod li st cr eate d wit h [...]
-
Page 404
Command Line Interface 4-108 4 Example accounting comma nds This comm and applies an accountin g method to ent ered CLI com mands. Use the no form to dis able accoun ting for ente red command s. Syntax accounting command s leve l { default | list-name } no account ing commands l evel • level - The privilege level for execut ing comman ds. (Rang e[...]
-
Page 405
Authentication C ommands 4-109 4 - tacacs+ - Spec ifies all TAC ACS+ ho sts co nfigure wi th the tacacs-ser ver host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he aaa gro up server com mand desc ribed on 4-102. (Range: 1-2 55 charact ers) Default Sett ing Authoriz ation is not ena[...]
-
Page 406
Command Line Interface 4-110 4 Example show ac counting Thi s com mand d ispl ays the c urre nt a ccoun ting set tings pe r fun ctio n and per port . Syntax show a ccounting [ commands [ leve l ]] | [[ dot1x [ statistics [ user name user - name | interfac e interface ]] | ex ec [ st atis tics ] | statistics [ us ername user - name | inte rface ]] ?[...]
-
Page 407
Authentication C ommands 4-111 4 Port Security Commands These com mands can be used to ena ble port securi ty on a port. When us ing port securi ty , the swit ch stops lea rning new M AC addr esses on th e specified port when i t has r eache d a conf igur ed max imum num ber . Only i ncomi ng tra f fic wit h sour ce address es already s tored in th[...]
-
Page 408
Command Line Interface 4-112 4 Command Usage • If you e nable p ort securi ty, the swi tch sto ps learning n ew MAC a ddresse s on the spec ified port when it has reached a configured m aximum num ber. Only incomin g traffic wit h source add resses al ready stored i n the dyna mic or static address table will be acce pted. • First use the po rt[...]
-
Page 409
Authentication C ommands 4-113 4 dot1x system -auth-contro l This comm and enable s 802.1X port authe ntication g lobally on the swi tch. Use the no form to restore the default. Syntax [ no ] do tx sy stem- aut h-con trol Default Sett ing Disabled Command Mode Global Co nfiguration Example dot1x default This c ommand sets all co nfigurable d ot1x g[...]
-
Page 410
Command Line Interface 4-114 4 dot1x max- req This co mmand se t s the maximum number of times th e switch p ort will retra nsmit an EAP request/identity packet to the client before it times out the authentication session . Use the no for m to res tore th e default. Syntax dot1x ma x-req count no dot1x max- req count – The m aximum number of requ[...]
-
Page 411
Authentication C ommands 4-115 4 dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho rize d port . Use th e no form with no keyw ords to rest ore the defaul t to single h ost. Use the no form with the multi-host max -count keywords to re store the default max imum cou nt. Syntax dot1x o pera[...]
-
Page 412
Command Line Interface 4-116 4 Command Mode Privileged Exec Example dot1x re-aut hentication This comm and enable s periodic re-au thentication globally for all por t s. Us e the no form to disa ble re-authe ntication. Syntax [ no ] dot1x re-a uthen tica tion Command Mode Interface C onfigurat ion Example dot1x timeout quiet- period This command se[...]
-
Page 413
Authentication C ommands 4-117 4 dot1x timeout re-auth period This comm and sets th e time period af ter which a conne cted client must be re-authe nticated. Syntax dot1x ti meout re-authper iod secon ds no dot1x timeou t re-authperiod secon ds - The n umber of seconds. (Range: 1- 65535) Default 3600 seco nds Command Mode Interface C onfigurat ion [...]
-
Page 414
Command Line Interface 4-118 4 dot1x intrusion-a ction This comm and sets the port ’ s respon se to a failed au thenticat ion, either to bloc k all traf fic, or t o assign all traffic for the port to a guest VLAN. Use the no form to reset the defaul t. Syntax dot1x intrusion-action { block -traffic | g uest-vlan } no dot1x intrusion-ac tion Defau[...]
-
Page 415
Authentication C ommands 4-119 4 - Status – Admini strative stat e for port ac cess control. - Ope ration Mode – Dot1x port control operation m ode (page 4-115) . - Mod e – Dot1x por t control mode (page 4-114) . - Autho rized – Au thorization st atus (yes or n/a - n ot authorize d). • 802.1X Port Details – D isplays th e port a ccess c[...]
-
Page 416
Command Line Interface 4-120 4 - Ide ntif ier (Ser ver) – Id ent ifie r carr ied i n the mos t rece nt EA P Succe ss, Failure or R equest pack et received from the Authenticatio n Server. • Reauthe ntication State Mac hine - Stat e – Curr ent state (includ ing initialize , reauthentica te). Example Console#show dot1x Global 802.1X Parameters [...]
-
Page 417
Authentication C ommands 4-121 4 Network Access – MAC Address Authent ication The Netw ork Access feat ure control s host access to the network by authenticat ing its MAC a ddress on t he connect ed switch port. Traffic received from a spec ific MAC address is forwarded by the switch on ly if the source MA C address is successfull y authenti cate[...]
-
Page 418
Command Line Interface 4-122 4 Default Sett ing Disabled Command Mode Interface C onfigurat ion Command Usage • When ena bled on a port inte rface, the authe ntication process sends a Password Authenticatio n Protocol (PAP) r equest to a config ured RADIUS server . The username and passwor d are both equ al to the MAC addr ess being auth enticate[...]
-
Page 419
Authentication C ommands 4-123 4 count - The maximum number of authenticated MAC addresses allowed. (Range: 1 to 2048; 0 for unlimited) Default Sett ing 2048 Command Mode Interface C onfigurat ion Command Usage The max imum num ber of MAC addresse s per port is 20 48, and the maximum number of secure MA C addresse s supported for th e switch system[...]
-
Page 420
Command Line Interface 4-124 4 Default Sett ing 1024 Command Mode Interface C onfig Example network-ac cess dyna mic-qos Use this com mand to ena ble the dynam ic QoS feature for an authentica ted port. Use t he no form to re store the def ault. Syntax [ no ] ne two rk- acces s dyn amic- qos Default Sett ing Disabled Command Mode Interface C onfigu[...]
-
Page 421
Authentication C ommands 4-125 4 • The VLAN settings spec ified by the first authe nticated M AC address are implem ented for a p ort. Other au thenticate d MAC add resses on t he port must have sam e VLAN config uration, or they ar e treated as authe ntication fai lure. • If dynamic VLAN assignm ent is enabled on a port and the RA DIUS server [...]
-
Page 422
Command Line Interface 4-126 4 Default Sett ing Disabled Command Mode Interface C onfigurat ion Example network-ac cess link-d etection link -down Use this command to con figure the lin k detection feat ure to detect and link down events. When a link down eve nt is detecte d, the feature can shut down the port, send an S NMP trap, or bo th. Use the[...]
-
Page 423
Authentication C ommands 4-127 4 Command Mode Interface C onfigurat ion Example network-ac cess link-d etection link-up-down Use this command to con figure the lin k detection feat ure to detect link-up and link-down events. When either a link-up or link-down ev ent is detected, the feature can shut d own the port, se nd an SNMP trap, or both. Us e[...]
-
Page 424
Command Line Interface 4-128 4 Command Usage • The reaut hentication t ime is a global set ting and applies to all ports. • When th e reauthenti cation time ex pires for a secu re MAC add ress it is reauth enticated wit h the RADIU S server. D uring the re authentica tion process traffic thro ugh the port remains unaf fected. Example clear netw[...]
-
Page 425
Authentication C ommands 4-129 4 Default Sett ing Displa ys the settings fo r all interfaces . Command Mode Privileged Exec Example show ne twork-ac cess mac-a ddress-table Use this command to di splay secur e MAC addres s table entries . Syntax show n etwork-acc ess mac- address-table [ static | dyn ami c ] [ addres s mac-address [ mask ]] [ inter[...]
-
Page 426
Command Line Interface 4-130 4 Command Usage When usi ng a bit mask to filter di splayed M AC addresse s, a 1 means "ca re" and a 0 mean s "don't care". Fo r example, a MAC of 00-00-01- 02-03-04 an d mask FF-FF- FF-00-00-00 w ould result in all MAC s in the range 00-00-01- 00-00-00 to 00-00 -01-FF-FF-FF t o be displayed. Al[...]
-
Page 427
Authentication C ommands 4-131 4 web-auth logi n-attempts This comm and defin es the limit for failed web authen tication login a ttempts. After the limit is r eached, the switch r efuses fu rther login attempts unt il the quiet t ime exp ires. Use t he no form to re store the def ault. Syntax web-aut h login-attem pts count no we b-auth log in-att[...]
-
Page 428
Command Line Interface 4-132 4 fail-u rl - The URL to w hich a host is directed after a failed web authentication attempt. Default Sett ing None Command Mode Global Co nfiguration Command Usage This comm and is not suppo rted in the curren t release of th e firmware. Example web-auth login-page-url This comm and define s the external aut henticatio[...]
-
Page 429
Authentication C ommands 4-133 4 success-url - The URL to which a host is di rected after a successful web authentication login. Default Sett ing None Command Mode Global Co nfiguration Command Usage This comm and is not suppo rted in the curren t release of th e firmware. Example web-auth quie t-period This comm and define s the amount of tim e a [...]
-
Page 430
Command Line Interface 4-134 4 timeout - The amount of t ime that an authenticated session remains valid. (Range: 300-3600 seconds) Default Sett ing 3600 seco nds Command Mode Global Co nfiguration Example web-auth sys tem-auth-contro l This comm and globall y enables web au thenticat ion for the switc h. Use the no form to restor e the default. Sy[...]
-
Page 431
Authentication C ommands 4-135 4 Command Usage Both we b-au th sys tem-a uth -cont rol for the switch and web-a uth for an interface m ust be enabl ed for the web aut hentication fe ature to be activ e. Example show web-a uth This comm and displays global web aut hentication parameters. Syntax show web- auth Default Sett ing None Command Mode Privi[...]
-
Page 432
Command Line Interface 4-136 4 Command Mode Privileged Exec Example web-auth re-au thenticate (Port) This comm and ends a ll web authent ication sess ions connecte d to the port and forces t he use rs to re- authenticate . Syntax web-auth r e-authenticate i nterface in terface • int erfa ce - Specifies a port interfac e. • etherne t unit / port[...]
-
Page 433
Authentication C ommands 4-137 4 Default Sett ing None Command Mode Privileged Exec Example show web-a uth summary This c ommand displays a summa ry of we b auth entication p ort paramet ers and statistics. Syntax show web- auth sum mary Default Sett ing None Command Mode Privileged Exec Console#web-auth re-authenticate interfac e ethernet 1/2 192.[...]
-
Page 434
Command Line Interface 4-138 4 Example Console#show web-auth summary Global Web-Auth Parameters System Auth Control : Enabled Port Status Authenticated H ost Count ---- ------ --------------- --------- 1/ 1 Disabled 0 1/ 2 Enabled 0 1/ 3 Disabled 0 1/ 4 Disabled 0 1/ 5 Disabled 0 1/ 6 Disabled 0 1/ 7 Disabled 0 1/ 8 Disabled 0 1/ 9 Disabled 0 1/10 [...]
-
Page 435
Access Control List Commands 4-139 4 Access Control List Com mands Access C ontrol Lists (ACL) prov ide packet filte ring for IP frames ( based on ad dress, protocol , or Laye r 4 protocol port nu mber) or a ny frames (based o n MAC a ddress or Etherne t type). To filter packe ts, first creat e an acce ss list, add the requ ired rules and then b in[...]
-
Page 436
Command Line Interface 4-140 4 IP ACLs access-l ist ip This co mmand ad ds an IP a ccess lis t and ent ers configu ration mo de for standar d or extende d IP ACLs. Us e the no form to re move the speci fied ACL. Syntax [ no ] access-list ip { st andar d | ex tende d } acl_ name • standar d – Specifies an AC L that filters pac kets based on the [...]
-
Page 437
Access Control List Commands 4-141 4 Related Commands permit , deny 4-141 ip ac cess-g roup (4 -143) show ip acc ess-list (4-1 43) permit , deny (Standard ACL ) This comm and adds a rule to a S t anda rd IP ACL. The r ule sets a filter conditi on for packets eman ating from the spe cified sourc e. Use the no for m to remove a r ule. Syntax [ no ] {[...]
-
Page 438
Command Line Interface 4-142 4 Syntax [ no ] { permit | deny } [ protocol - number | ud p ] { any | sour ce addres s-bitmask | host sou rce } { any | d estination address- bitmask | host destination } [ source -port sport [ end ]] [ desti nation-port dpo rt [ end ]] [ no ] { permit | deny } tcp { any | sour ce addres s-bitmask | host sou rce } { an[...]
-
Page 439
Access Control List Commands 4-143 4 This allow s TCP packets from class C addresses 192.168.1.0 to any destinati on address when set for destin ation TCP port 80 (i. e., HTTP). Related Commands access- list ip (4-140) show ip access-list This comm and displays the rules for co nfigured IP ACL s. Syntax show ip access- list { standard | exte nded }[...]
-
Page 440
Command Line Interface 4-144 4 Command Mode Interface C onfigurat ion (Ethernet) Command Usage • A port can onl y be bound to one ACL. • If a port is alre ady bound to an ACL and you bind it to a di fferent ACL, the switch will replace the old binding with the new one. • You must configure a m ask for an ACL ru le before you ca n bind it to a[...]
-
Page 441
Access Control List Commands 4-145 4 access-l ist mac This comm and adds a MAC access list and enters MAC ACL configura tion mode. Use t he no form to re move the speci fied ACL. Syntax [ no ] access-list mac acl _name acl_name – Name of the ACL. (Maximum length: 16 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usag[...]
-
Page 442
Command Line Interface 4-146 4 permit , deny (MAC ACL) This comm and adds a rule t o a MAC ACL. The ru le filters packets matching a specifie d MAC sour ce or destinati on address (i. e., physical la yer address ), or Ethernet p rotocol type. Us e the no form to re move a rule. Syntax [ no ] { perm it | deny } { any | host source | source addres s-[...]
-
Page 443
Access Control List Commands 4-147 4 Default Sett ing None Command Mode MAC ACL Command Usage • New rules are added to th e end of the list. •T h e ether ty pe option can only be used to filter Ethern et II formatted pac kets. • A detaile d listing of Eth ernet protoc ol types can b e found in RFC 1060. A few of the mor e common type s includ[...]
-
Page 444
Command Line Interface 4-148 4 mac access -group This comm and binds a po rt to a MAC ACL. Use the no form to r emove the port. Syntax mac acce ss-group acl_ name in • acl_name – Name of the ACL . (Maximum le ngth: 16 charac ters) • in – Indicate s that t his list applies to ingress packets . Default Sett ing None Command Mode Interface C o[...]
-
Page 445
Access Control List Commands 4-149 4 ACL I nform ation show ac cess-list This co mmand s hows all ACLs and associated rules, as w ell as all the user -defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n inter face (i.e., the ACL is active), the order in which th e rules are disp layed is determ ined by the ass oci[...]
-
Page 446
Command Line Interface 4-150 4 SNMP Command s Controls a ccess to this switch fr om management st ations using the Simple Netwo rk Manage ment Protoc ol (SNMP), as wel l as the error ty pes sent to trap ma nagers. SNMP V ersi on 3 also provid es security feat ures that cove r message int egrity , authenti cation, and en cryption; as well as control[...]
-
Page 447
SNMP Commands 4-151 4 snmp-server This comm and enables the SN MPv3 engi ne and services fo r all managemen t clients (i.e., versions 1, 2c, 3). Use the no form to disable the server . Syntax [ no ] sn mp-ser ver Default Sett ing Enabled Command Mode Global Co nfiguration Example show snmp This comm and can be used to check t he status of SNMP co m[...]
-
Page 448
Command Line Interface 4-152 4 Example snmp-server communit y This comm and defines t he SNMP v1 an d v2c commu nity access strin g. Use the no form to rem ove the speci fied comm unity string. Syntax snmp-s erver commun ity string [ ro | rw ] no snmp-s erver comm unity string • strin g - Communi ty string that acts l ike a passwor d and permits [...]
-
Page 449
SNMP Commands 4-153 4 • private - Read/wri te access. Authorize d manag ement stat ions are abl e to both ret rieve and modify MIB obje cts. Command Mode Global Co nfiguration Example snmp-server cont act This comm and sets the sys tem contact string . Use the no form to remov e the system cont act informa tion. Syntax snmp-s erver contact strin [...]
-
Page 450
Command Line Interface 4-154 4 Command Mode Global Co nfiguration Example Related Commands snmp- server contact (4-1 53) snmp-server host Thi s com mand s pec ifie s th e reci pi ent o f a Si mple Net work Mana gement Pro toco l notificat ion operation. Use the no form to remov e the specifi ed host. Syntax snmp-s erver host host -addr [ inform [ r[...]
-
Page 451
SNMP Commands 4-155 4 • SNMP Version: 1 • UDP Port: 162 Command Mode Global Co nfiguration Command Usage • If you do not en ter an snmp- server host co mmand, no not ifications ar e sent. In ord er to co nfigure the switch to send S NMP not ifications, you must enter a t least one snm p-server hos t comma nd. In or der to en able multip le ho[...]
-
Page 452
Command Line Interface 4-156 4 support s. If the snmp-s erver hos t comman d does not sp ecify the SN MP version, the default is to sen d SNMP vers ion 1 notification s. • If you spe cify an SNMP Ve rsio n 3 host , then t he com munit y stri ng is interpret ed as an SNMP user name . If you use the V3 “a uth” or “priv” options, the user na[...]
-
Page 453
SNMP Commands 4-157 4 conjunc tion with the corre sponding entr ies in the Notify Vie w assigned by the snmp-s erver group command (page 4-160). Example Related Commands snmp- server ho st (4-154) snmp-server engi ne-id This comm and config ures an identif ication string for the SNMPv 3 engine. Use the no form to restore the default. Syntax snmp-s [...]
-
Page 454
Command Line Interface 4-158 4 • A local eng ine ID is au tomatically ge nerated that is unique to the switch. Th is is referred to as the defaul t engine ID. If the lo cal engine ID is del eted or changed, all SNMP users will be clear ed. You will need to re configure all existin g users (page 4 -163). Example Related Commands snmp-se rver host [...]
-
Page 455
SNMP Commands 4-159 4 snmp-server vi ew This command adds an SNMP view which controls user access to the MIB. Use the no for m to re move an SNMP view. Syntax snmp-s erver view view -name oid- tree { includ ed | excluded } no snmp-s erver view view-name • view-name - Name of an SN MP view . (Range : 1-64 cha racters) • oid-tre e - Obje ct i den[...]
-
Page 456
Command Line Interface 4-160 4 show snmp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp-server gr oup This comm and adds an SN MP group, ma pping SNMP us ers to SNMP view s. Use the no form to remove an SNMP group. Syntax snmp-s erver group groupnam e { v1 | v2c | v3 { auth | noa uth | priv }} [ r[...]
-
Page 457
SNMP Commands 4-161 4 Default Sett ing • Default gr oups: public 19 (rea d only ), pr ivat e 20 (r ead/write) • readvi ew - Every o bject belongin g to the In ternet OID space (1.3.6.1). • writevie w - Nothing is defi ned. • notifyvie w - Noth ing is de fi ned. Command Mode Global Co nfiguration Command Usage • A group set s the access po[...]
-
Page 458
Command Line Interface 4-162 4 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model[...]
-
Page 459
SNMP Commands 4-163 4 snmp-server use r Thi s com mand a dds a use r to an SN MP grou p, r estr ic ting the user t o a s pec ifi c SNMP Re ad, Write, or Notify View . Use the no form to remove a us er from an S NMP group. Syntax snmp-s erver user us ername g roupname [ re mote ip-address ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sha } auth-pa[...]
-
Page 460
Command Line Interface 4-164 4 Default Sett ing None Command Mode Global Co nfiguration Command Usage • The SNM P engine ID is use d to compute t he authentica tion/privac y digests from the password. You should therefor e configure t he engine ID wi th the snmp-s erver engine- id comman d before usi ng this conf iguration com mand. • Before y [...]
-
Page 461
SNMP Commands 4-165 4 show snmp user This c ommand shows infor mation o n SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP remote user EngineId: 80000000030004e2b316c5432[...]
-
Page 462
Command Line Interface 4-166 4 Interface Commands Thes e comma nds ar e used t o displ ay or set commun ica tion p ara mete rs for an Ethernet p ort, aggregated link , or VLAN. interface This co mmand c onfigures a n interface type an d enters in terface co nfiguration mode. Use t he no form to r emove a trunk. Syntax inte rfac e inte rfac e no int[...]
-
Page 463
Interface C ommands 4-167 4 Example T o spec ify por t 24, ent er the fo llowing com mand: descri ption This comm and adds a description to an interface. Use the no f orm to remov e the descri ption. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface. (Range: 1-64 chara[...]
-
Page 464
Command Line Interface 4-168 4 • When aut o-negotiat ion is disabled , the default spe ed-duplex setting for both 100BAS E-FX and Gigabit Ethernet ports is 10 0full. Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • To force operation to the speed and duplex mod e specified in a speed-dup lex comm and, use the no [...]
-
Page 465
Interface C ommands 4-169 4 Example The fo llowing ex ample co nfigures p ort 1 1 to use autonegoti ation. Related Commands capabili ties (4-1 69) speed-d uplex (4-1 67) capabiliti es This c ommand advertises the port capabilities o f a giv en interfa ce during autoneg otiation. U se the no form wit h pa ramet ers to remove an adver tis ed cap abi [...]
-
Page 466
Command Line Interface 4-170 4 Example The follow ing example co nfigures Eth ernet port 25 c apabilities to 100ha lf, 100full and flow control. Related Commands negotiat ion (4-168) speed-d uplex (4-1 67) flo wcont rol (4-1 70) flowcontrol This comm and enable s flow control. Us e the no form to disabl e flow control. Syntax [ no ] flowcontrol Def[...]
-
Page 467
Interface C ommands 4-171 4 Example The follow ing example en ables flow con trol on port 5. Related Commands negotiat ion (4-168) capa bilities (f lowcontrol, sy mmetric) (4-1 69) shutdown This comm and disables an interface. T o restart a disabled interface, use t he no form . Syntax [ no ] shut down Default Sett ing All interface s are enabled. [...]
-
Page 468
Command Line Interface 4-172 4 switchpo rt packet- rate This comm and config ures broadcas t and multic ast and unkno wn unicast stor m cont rol . Us e th e no form to restore t he default sett ing. Syntax switchpo rt broadc ast p acket -rate rate no switchport broadc ast • broadcas t - Spec ifies storm control for broad cast tr affic. • rate -[...]
-
Page 469
Interface C ommands 4-173 4 Command Mode Privileged Exec Command Usage S t atistics are only initializ ed for a power r eset. This comman d sets the base value fo r displayed stati stics to zero for the current manageme nt session . How ever , if you log out and ba ck in to t he ma nageme nt i nter fac e, th e st ati stics displayed will show the a[...]
-
Page 470
Command Line Interface 4-174 4 Example show inte rfaces counter s This c ommand displays i nterface statistics. Syntax show i nterface s counters [ interfac e ] interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default Sett ing Shows the co unters fo[...]
-
Page 471
Interface C ommands 4-175 4 Example show inte rfaces swi tchport This comm and displays the adminis trative and op erational status of the specified int erfa ces . Syntax show i nterfaces switchpo rt [ interfac e ] inte rface • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-i[...]
-
Page 472
Command Line Interface 4-176 4 Example This examp le shows the c onfiguration setting for port 24. Console#show interfaces switchport ethern et 1/24 Broadcast threshold: Enabled, 64 Kbits/second LACP status: Enabled Ingress Rate Limit: Disabled, 100000 Kbits per second Egress Rate Limit: Disabled, 100000 Kbits per second VLAN membership mode: Hybri[...]
-
Page 473
Mirror Port Command s 4-177 4 Mirror Port Commands This secti on describes ho w to mirror tra ffi c from a source por t to a target port. port monitor This c ommand configures a mirro r sessio n. Use t he no form to clear a mirror session . Syntax port mo nitor interface [ rx | tx ] no port monitor in terf ace • interface - ethern et unit / port [...]
-
Page 474
Command Line Interface 4-178 4 Example The follow ing example co nfigures th e switch to mirr or received packe t s from port 6 to 1 1: show port monitor This command displays mirror informa tion. Syntax sh ow port moni tor [ in terfa ce ] interfa ce - ethernet unit / port ( source port) • unit - Stack un it. (Range: 1) • port - Port num ber. ([...]
-
Page 475
Rate Limit Commands 4-179 4 Rate Limit Commands This funct ion allows the net work manag er to control th e maximum rat e for traffic received on an interface . Rate limiting is configured on i nterfaces at the edge of a network to limit traf fic into the network. Packets that exceed the accepta ble amount of traffic are dro pped. Rate limit ing ca[...]
-
Page 476
Command Line Interface 4-180 4 Link Aggregation Comma nds Ports can be statica lly grouped int o an aggregat e link (i.e., trunk ) to increase the bandwidth of a network co nnection or to ens ure fault rec overy . Or you c an use the Link Aggreg ation Cont rol Protocol (LA CP) to automati cally negotiate a t runk link between this swi tch and a not[...]
-
Page 477
Link Aggregati on Commands 4-181 4 Guidelines for Creati ng Trunks General Guidelines – • Finish co nfiguring p ort trunks before you connect t he corres ponding net work cabl es be twe en sw itch es to avoi d creati ng a loop . • A trunk ca n have up to eig ht ports. • The port s at both ends o f a connection must be config ured as trunk p[...]
-
Page 478
Command Line Interface 4-182 4 Example The follow ing example cr eates trunk 1 and then add s port 1 1: lacp Thi s com mand e nab les 8 02. 3ad Li nk A ggr egati on Co ntro l Pr ot ocol (LAC P) f or th e cur ren t inte rf ace. U se t he no form to disabl e it. Syntax [ no ] la cp Default Sett ing Disabled Command Mode Interface C onfigurat ion (Eth[...]
-
Page 479
Link Aggregati on Commands 4-183 4 Example The follow ing shows L ACP enabled on ports 1 1 -13. Becaus e LACP has also been enabled on the ports at the oth er end of the links, the s how interfac es status port-chann el 1 com mand s hows th at T runk 1 has b een establ ished. lacp system- priority This c ommand configures a port's LACP sys tem[...]
-
Page 480
Command Line Interface 4-184 4 Command Mode Interface C onfigurat ion (Ethernet) Command Usage • Port must be configured with the same sy stem prior ity to join the sam e LAG. • System priority is comb ined with the s witch’s MAC ad dress to form the LAG ide ntif ier . Th is id enti fie r is used to i ndic ate a spec if ic LAG duri ng L ACP n[...]
-
Page 481
Link Aggregati on Commands 4-185 4 • Once the re mote side of a link has been est ablished, LA CP operatio nal settings are already in use o n that side. Con figuring LACP settings for the partne r only applies to its administrati ve state, not its operationa l state, and will only tak e effect the ne xt time an aggre gate link is esta blished wi[...]
-
Page 482
Command Line Interface 4-186 4 lacp port-priority This comm and config ures LACP po rt priority . Use t he no form to res tore the defaul t setting. Syntax lacp { ac tor | par tn e r } port-priority priority no lacp { actor | pa r tn e r } p ort-p rior ity • actor - Th e local side an aggr egate link. • partner - The remote side o f an aggregat[...]
-
Page 483
Link Aggregati on Commands 4-187 4 Default Sett ing Port Ch annel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 ----------------------------------------- -------------------------------- Eth 1/ 1 ----------------------------------------- -------------------------------- LACPDUs Sent : 21 LACPDUs Received : [...]
-
Page 484
Command Line Interface 4-188 4 T ab le 4-53 s how lacp in ternal - dis play descr iption Field Descr iption Oper Key Current oper ational val ue of the k ey for the aggregation port. Admin Ke y Current admi nistrative v alue of th e key for the a ggregatio n port. LACPDUs Internal Number of se conds be fore invalidatin g received LACPDU information[...]
-
Page 485
Link Aggregati on Commands 4-189 4 T ab le 4-54 s how lacp n eighbors - display d escription Field Desc ription Partner A dmin Syste m ID LAG partne r’s sys tem ID ass igned by t he user. Partner O per System ID LAG partner ’s system ID assigned by the LAC P protoco l. Partner A dmin Port Num ber Current administra tive value of the por t numbe[...]
-
Page 486
Command Line Interface 4-190 4 Address Table Command s Thes e comma nds ar e used t o confi gur e the addr ess tabl e for filte ring spec ifi ed addr esse s, dis play ing cu rren t entr ies , clea ring the t able , or set tin g the agi ng tim e. mac-addr ess-table stati c This comm and maps a static addr ess to a destina tion port in a VLAN. U se t[...]
-
Page 487
Address T abl e Commands 4-191 4 Command Usage The static add ress for a host de vice can be assi gned to a spec ific port within a specifi c VLAN. Use this com mand to add static addr esses to the MA C Address T abl e. S tatic addresse s have the follow ing characte ristics: • Static a ddresses will n ot be removed from the address tab le when a[...]
-
Page 488
Command Line Interface 4-192 4 • sort - Sort by add ress, vlan or int erface. Default Sett ing None Command Mode Privileged Exec Command Usage • The MAC Address Tabl e contains the MAC address es associat ed with each interface. Note that the Ty pe field may incl ude the follow ing types: - Lear ned - Dyna mic a ddr ess en tri es - Perm anent -[...]
-
Page 489
LLDP Commands 4-193 4 Example show ma c-address-tab le aging-time Thi s comma nd show s the agi ng tim e for en trie s in th e addres s ta ble. Default Sett ing None Command Mode Privileged Exec Example LLDP Commands Link L ayer Discov ery Protoco l (LLDP) is used t o discov er basic in formation a bout neighbo ring devices on the local broadca st [...]
-
Page 490
Command Line Interface 4-194 4 lldp reinit- delay Configure s the dela y before attem pting to r e-initialize after LLDP por ts are disa bled or the link goes down GC 4-198 lldp tx-del ay Config ures a de lay between th e succes sive transm ission of advertisem ents initia ted by a c hange in local LLDP MI B variab les GC 4-198 lldp admin -status E[...]
-
Page 491
LLDP Commands 4-195 4 lldp This comm and enable s LLDP globally on the switch. Us e the no form to dis able LLDP . Syntax [ no ] lld p Default Sett ing Enabled Command Mode Global Co nfiguration Example lldp holdtim e-multiplier This co mmand c onfigures the time-to-l ive (TTL) va lue sen t in LLDP advertisem ents. Use t he no form to res tore the [...]
-
Page 492
Command Line Interface 4-196 4 Command Mode Global Co nfiguration Command Usage The time- to-live tells the rece iving LLDP ag ent how long to retain all inform ation pertaining to the sending LLD P agent if it does not tran smit updates in a ti mely mann er . Example lldp medFa stStartCount This command specifies th e amount of MED Fast S tart LLD[...]
-
Page 493
LLDP Commands 4-197 4 Default Sett ing 5 second s Command Mode Global Co nfiguration Command Usage • This param eter only appli es to SNMP app lications whic h use data store d in the LLDP MIB for netwo rk monitoring or manageme nt. • Inform ation about cha nges in LLDP nei ghbors tha t occur between SNMP notificat ions is not trans mitted. Onl[...]
-
Page 494
Command Line Interface 4-198 4 lldp reinit-de lay This command configures the delay before attemp ting to re-initialize after LLDP ports are disa bled or the link g oes down. Us e the no form to rest ore th e defa ult setting. Syntax lld p reinit-del ay se conds no lldp reinit-delay seconds - S pecifies the delay before attempting to re-initialize [...]
-
Page 495
LLDP Commands 4-199 4 • This attr ibute must com ply with the fol lowing rule: (4 * tx-d elay ) ≤ refres h-interval Example lldp admin -status This comm and enab les LLDP tr ansmit, rece ive, or transm it and receive mode on the specifie d port. Use the no form to disab le this featur e. Syntax lldp admin-status { r x-only | tx-only | tx-rx } n[...]
-
Page 496
Command Line Interface 4-200 4 the LLDP MIB (IEEE 802.1AB), or organi zation-speci fic LLDP-EXT-DOT1 and LLDP-EXT-DOT3 MIBs. • SNMP trap desti nati ons ar e defi ned us ing t he snmp- ser ver hos t command (page 4- 154). • Inform ation about addit ional changes in LLDP neighbo rs that occur bet ween SNMP n otifications is no t transmitt ed. Onl[...]
-
Page 497
LLDP Commands 4-201 4 Example lldp basic -tlv manage ment-ip-addres s This comm and config ures an LLDP-e nabled por t to advertise the m anagemen t address for this device. U se the no form to disa ble this featur e. Syntax [ no ] lldp basic-tlv man agement-ip-address Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t[...]
-
Page 498
Command Line Interface 4-202 4 Syntax [ no ] lldp basic-tlv port-de scription Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage The port descr iption is ta ken from the ifDescr object in RFC 28 63, which includes information about the manuf acturer , the prod uct name, and the version of the i n[...]
-
Page 499
LLDP Commands 4-203 4 Syntax [ no ] l ld p basic- tlv system-des cription Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage The syst em descript ion is taken from the sysDe scr object in R FC 3418, wh ich includes the full na me and ver sion identifi cation of the s ystem's hardware t ype, [...]
-
Page 500
Command Line Interface 4-204 4 Syntax [ no ] lldp dot1-tlv proto-ident Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Thi s opti on adv erti ses th e prot oco ls that are acc ess ible t hroug h thi s inte rfac e. Example lldp dot1-tlv proto-vid This comm and configur es an LLDP-e nabled por t[...]
-
Page 501
LLDP Commands 4-205 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage The port’s default VLAN identifier (PVID) indicate s the VLAN with which untagged or prior ity-tagged frame s are associa ted (see “switch port native vlan ” on page 4 -247). Example lldp dot1-tlv vlan-name This comm a[...]
-
Page 502
Command Line Interface 4-206 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage This optio n advertises link aggregat ion capabilities, aggr egation statu s of the link, and the 802.3 agg regated po rt identifier if this interface is currentl y a link aggr egat ion m ember . Example lldp dot3-t[...]
-
Page 503
LLDP Commands 4-207 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Refer to “Frame Siz e Comman ds” on pag e 4-84 for inf ormation on configur ing the maxi mum frame size f or this switc h. Example lldp dot3-tlv poe This comm and config ures an LLDP-e nabled por t to advertise its Power[...]
-
Page 504
Command Line Interface 4-208 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Thi s opti on adv erti ses ex tende d Powe r-ov er-E ther net ca pab ili ty det ail s, s uch as power ava ilability fro m the switch, and power state of the swi tch, includin g whether the switch is opera ting from [...]
-
Page 505
LLDP Commands 4-209 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage This o ption adver tises loc ation iden tification d etails. Example lldp medtlv med-cap This comm and config ures an LLDP-M ED-ena bled port to adver tise its Media Endpoint De vice capabilities. U se the no form to disable[...]
-
Page 506
Command Line Interface 4-210 4 Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Thi s opt ion adve rti ses ne twor k pol ic y conf igur ati on i nfor mati on, aidi ng in the dis cov ery an d di agnos is o f VL AN co nfig urat ion m isma tche s on a por t. Imprope r network pol icy configurat ions frequen tly result in [...]
-
Page 507
LLDP Commands 4-211 4 Example Console#show lldp config LLDP Global Configuation LLDP Enable : Yes LLDP Transmit interval : 30 LLDP Hold Time Multiplier : 4 LLDP Delay Interval : 2 LLDP Reinit Delay : 2 LLDP Notification Interval : 5 LLDP MED fast start counts : 4 LLDP Port Configuration Interface |AdminStatus NotificationEnab led --------- + ------[...]
-
Page 508
Command Line Interface 4-212 4 show lld p info local-de vice This comm and shows LLDP global an d interface- specific con figuration se ttings for this devi ce. Syntax show lldp info local-device [ det ail interface ] • detail - Sh ows d etai led info rmat ion. • int erfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Po[...]
-
Page 509
LLDP Commands 4-213 4 show lld p info remote-de vice This comm and shows LLDP global an d interface- specific con figuration se ttings for remote de vices attach ed to an LLDP-en abled port . Syntax show lld p info remote-device [ detail inte rfa ce ] • detail - Sh ows d etai led info rmat ion. • interface • etherne t unit / port - unit - Sta[...]
-
Page 510
Command Line Interface 4-214 4 • detail - Sh ows d etai led info rmat ion. • int erfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Command Mode Privileged Exec Example switch#show lldp info statistics LLDP Device Statistics Neighbor Entries List Las[...]
-
Page 511
UPnP Commands 4-215 4 UPnP Command s Universal Plug and Play (UPn P) is a set of protocol s that allows dev ices to connect seamless ly and sim plifies the dep loyment of ho me and office networ ks. UPnP achieve s this by issuing UPnP device control protoc ols designe d upon open , Internet -based comm unication s t anda rds. upnp devic e This comm[...]
-
Page 512
Command Line Interface 4-216 4 upnp devic e ttl This co mmand s ets the time-to -live (TTL) v alue for se nding of U PnP mes sages from the device . Syntax upnp device ttl { va lue } • value - Th e number of rou ter hops a UPnP pa cket can trave l before it is discarded . (Ran ge:1-255) Default Sett ing 4 Command Mode Global Co nfiguration Comman[...]
-
Page 513
Spanning Tree Commands 4-217 4 Related Commands upnp devi ce ttl (4-216) show upn p This c ommand displays t he UPnP manag ement s t atus and time out set tings. Command Mode Privileged Exec Example Spanning Tree Command s This secti on includes co mmands that configure th e S panni ng T ree Algorit hm (ST A) globally fo r the switch, and co mmands[...]
-
Page 514
Command Line Interface 4-218 4 span ning -tree This comm and ena bles the S panning Tree Algor ithm globa lly for the swit ch. Use the no form to d isable it. Syntax [ no ] sp anning-tree Default Sett ing S panning tree is ena bled. Command Mode Global Co nfiguration Command Usage The S panning Tree Algorithm (ST A ) can be used to det ect and disa[...]
-
Page 515
Spanning Tree Commands 4-219 4 an ST A- compliant sw itch, brid ge or router ) in your netw ork to en sure that on ly one rout e exists between an y two stations on the network, an d provide ba ckup links wh ich automatic ally take over when a primary link go es down. Example This examp le shows ho w to enable the Sp anning T ree Algorithm for the [...]
-
Page 516
Command Line Interface 4-220 4 • Multiple S panning Tree Pr otocol - To a llow multiple sp anning tre es to operate ov er the network, you must configur e a related set of bridges with th e same MSTP co nfiguration , allowing them to participa te in a specific s et of s panning t ree insta nces. - A sp anning tree in stance can ex ist only on bri[...]
-
Page 517
Spanning Tree Commands 4-221 4 spanning-tre e hello-time This comm and config ures the spannin g tree bridge hello t ime globally fo r this switch. Use t he no form to re store the def ault. Syntax spanning-tree hello-time ti me no spanning-tree hello-tim e time - T ime in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(ma[...]
-
Page 518
Command Line Interface 4-222 4 ports (except for designat ed ports) should rece ive configur ation me ssages at reg ular inter val s. Any po rt th at age s out ST A inf orma tion (p rovi ded i n the la st configur ation message ) becomes the design ated port for the attached LAN . If it is a root port, a new root port is sel ected from amo ng the d[...]
-
Page 519
Spanning Tree Commands 4-223 4 no spanning-tree pathcost m ethod • lon g - Specifies 32-bit base d values that rang e from 1-20 0,000,000. This me thod is based on th e IEEE 8 02.1w Ra pid Spann ing Tree Protocol. • short - Speci fies 16-bit bas ed values that ra nge from 1-655 35. This meth od is based on the IEEE 802.1 Spanni ng Tree Protoco [...]
-
Page 520
Command Line Interface 4-224 4 • No VLANs ar e mapped to any MST instance. • The regi on name is set t he switch’s M AC address . Command Mode Global Co nfiguration Example Related Commands mst vlan ( 4-224) mst priori ty (4-2 25) nam e (4-22 5) revisi on (4-22 6) max-ho ps (4-2 26) mst vl an Thi s com mand adds VLAN s to a sp anni ng tr ee i[...]
-
Page 521
Spanning Tree Commands 4-225 4 Example mst priority This c ommand configures the prio rity of a spanning tree instance. Use the no form to restor e the default. Syntax mst instance_id prior ity priority no mst instance_ id pri ori ty • instance _id - Instance identifier of th e spanning tree . (Range: 0- 4094) • priority - Priority o f the a sp[...]
-
Page 522
Command Line Interface 4-226 4 MST Conf iguration Command Usage The MST re gion name an d revision numbe r (page 4-226) are us ed to designa te a unique MST region. A brid ge (i.e., spanning- tree complia nt device suc h as th is sw itch ) can only belo ng to one MST regi on. A nd all bri dges in th e same re gion must be con figured with th e same[...]
-
Page 523
Spanning Tree Commands 4-227 4 hop-number - M aximum hop number for m ultiple spanning tree. (Range: 1-40) Default Sett ing 20 Command Mode MST Conf iguration Command Usage An MSTI re gion is treated as a si ngle node by the STP and RSTP pr otocols. Ther efor e, th e mess age age for BPD Us insi de an MSTI reg ion i s never changed. Howeve r , each[...]
-
Page 524
Command Line Interface 4-228 4 cost - T he path cost for the p ort. (Range: 0 for auto-configuration, or 1-200,000,000) The recommended r ange is: • Etherne t: 200,000-2 0,000,000 • Fast Eth ernet: 20, 000-2,000,0 00 • Gigabit Ethe rnet: 2,000- 200,000 • 10 Gigab it Et hern et: 20 0-20 ,00 0 Default Sett ing By default , the system au tomat[...]
-
Page 525
Spanning Tree Commands 4-229 4 Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • This comm and defines t he priority for the us e of a port in the Span ning Tree Alg orith m. I f the p ath co st fo r all port s on a sw itch are th e sa me, the port with the highest priority (that is, lowe st value) will be con figured as an acti[...]
-
Page 526
Command Line Interface 4-230 4 Related Commands spanning-tr ee portfast (4-230) spanning-tre e portfast This command set s an interf ace to fas t forwarding. Us e the no form to d isable fast forwar ding. Syntax [ no ] sp anning-tree portfast Default Sett ing Disabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage ?[...]
-
Page 527
Spanning Tree Commands 4-231 4 spanning-tre e link-type This c ommand configures the link type for Rapid Spanning Tree and Multiple S panning Tree. Use the no form to restor e the default . Syntax spanning-tree link -type { auto | point-to -point | shared } no spanning-tree lin k-type • auto - Auto matically de rived from the duplex mod e setting[...]
-
Page 528
Command Line Interface 4-232 4 9.3.4 (Note 1). • Port Loopback Detection will not be active if Spanning Tree is disabled on the switch . Example spanning-tre e loopback-d etection relea se-mode This c ommand configures the rele ase mo de for a port tha t was pl aced in the discardi ng state because a l oopback BPD U was received . Use the no form[...]
-
Page 529
Spanning Tree Commands 4-233 4 spanning-tre e loopback-d etection trap This comm and enable s SNMP trap notif ication for S panning Tree loopback BPD U detectio ns. Use the no form to restor e the default. Syntax spanning-tree lo opback-det ection trap no spanning-tree loopb ack-detection trap Default Sett ing Disabled Command Mode Interface C onfi[...]
-
Page 530
Command Line Interface 4-234 4 • Each sp anning-tree in stance is assoc iated with a un ique set of VLAN I Ds. • This comm and is used by the multiple span ning-tree al gorithm to dete rmine the best pat h between dev ices. Theref ore, lower value s should be ass igned to inte rfaces a ttached to faster m edia, and highe r values a ssigned to i[...]
-
Page 531
Spanning Tree Commands 4-235 4 spanning-tr ee mst c ost (4-2 33) spanning-tre e protocol-migra tion This comm and re-che cks the appropr iate BPDU form at to send on the s elected int erfa ce. Syntax spanning-tree protocol-migra tion interf ace inte rface • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28[...]
-
Page 532
Command Line Interface 4-236 4 Command Mode Privileged Exec Command Usage •U s e t h e show span ning-tree comman d with no pa rameters to di splay the spannin g tree configur ation for the switc h for the Comm on Spanning Tree (CST) a nd for e very inte rface in the tree . • Use the show sp anning-tree interface command to display t he span ni[...]
-
Page 533
Spanning Tree Commands 4-237 4 show sp anning-tree ms t configuration This c ommand shows the configu ration of t he mul tiple spanning tree. Command Mode Privileged Exec Example ----------------------------------------- ---------------------- Eth 1/ 1 information ----------------------------------------- ---------------------- Admin status: enable[...]
-
Page 534
Command Line Interface 4-238 4 VLAN Commands A VLAN is a gro up of ports that can be l ocated anyw here in the netwo rk, but comm unicate as tho ugh they belo ng to the same ph ysical seg ment. This sect ion describes commands used to creat e VLAN groups, add port members, specify ho w VLAN taggi ng is u sed, and enable a utomatic VL AN registr ati[...]
-
Page 535
VLAN Commands 4-239 4 bridge-ext g vrp This comm and enable s GVRP global ly for the switch. Use the no for m to disable i t. Syntax [ no ] bridg e-ex t gvrp Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage GVRP defines a way for sw itches to excha nge VLAN infor mation in orde r to register VLAN mem bers on po rts across [...]
-
Page 536
Command Line Interface 4-240 4 switchpo rt gvrp This command enab les GVRP for a port . Use the no form to disabl e it. Syntax [ no ] s witchport gvrp Default Sett ing Disabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Example show gv rp configuration This c ommand shows if GVRP is enabled . Syntax show g vrp configuration [ [...]
-
Page 537
VLAN Commands 4-241 4 garp timer This comm and sets the valu es for the join, lea ve and leavea ll timers. Use th e no form to r estore the time rs’ default v alues. Syntax garp t imer { join | leave | leaveal l } ti mer_va lue no garp timer { join | leave | leavea ll } •{ join | leave | leaveall } - Which timer to set. • time r_value - Value[...]
-
Page 538
Command Line Interface 4-242 4 Syntax sh ow garp time r [ interface ] interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default Sett ing Shows all GARP timers. Command Mode Normal Exec, Priv ileged Exec Example Related Commands garp time r (4-24 1) E[...]
-
Page 539
VLAN Commands 4-243 4 Command Usage • Use the VLAN da tabase co mmand m ode to add, chan ge, and delete VL ANs. After finishi ng configura tion chang es, you can displ ay the VLAN settings by entering the show vlan command. •U s e t h e in terfac e vlan command mode to defin e the port membership mo de and add or r emove ports fro m a VLAN. The[...]
-
Page 540
Command Line Interface 4-244 4 Example The follow ing example ad ds a VLAN, us ing VLAN ID 10 5 and name R D5. The VLA N is activa ted by default. Related Commands show vlan (4-250) Configuring VLAN Inte rfaces interfac e vlan This comm and enters inte rface configur ation mode for VL ANs, which is use d to configur e VLAN parame ters for a physica[...]
-
Page 541
VLAN Commands 4-245 4 Example The follow ing example sh ows how to se t the interface configuratio n mode to VLAN 1, and t hen assign an IP address to the VLAN : Related Commands shutdown (4 -171) switchpo rt mode This comm and configur es the VLAN me mbership mo de for a port. Use th e no form to restor e the default. Syntax switchport mode { trun[...]
-
Page 542
Command Line Interface 4-246 4 switchpo rt accepta ble-frame-type s This co mmand co nfigures the a cceptable fra me types for a port. U se the no form to restore t he default. Syntax switchpo rt acceptable-fra me-types { all | ta gg ed } no switchp ort acceptable-fr ame-types • all - The por t accepts all fram es, tagged or un tagged. • tagged[...]
-
Page 543
VLAN Commands 4-247 4 Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • Ingres s filtering only affec ts tagged f rames. • With ingr ess filtering enabled, a port will discard received frames t agged for VLANs for it which it is n ot a member. • Ingress filt ering does not aff ect VLAN indepen dent BPDU fram es,[...]
-
Page 544
Command Line Interface 4-248 4 switchpo rt allowed v lan This c ommand configures VLAN gr oups on th e selected interfac e. Use t he no form to restor e the default. Note: Each port can only ha ve one unta gged VLAN . If a secon d VLAN is defi ned for a port as u ntagged, the other VLAN that ha d untagged status will automatically b e changed to ta[...]
-
Page 545
VLAN Commands 4-249 4 Example The follow ing example sh ows how to ad d VLANs 1, 2, 5 and 6 to the allowed lis t as tagged VLANs for port 1: switchpo rt forbidden vlan This c ommand co nfigures f orbidden V LANs. Us e the no form to re move the lis t of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-li st | re move vlan-list } no swi[...]
-
Page 546
Command Line Interface 4-250 4 Displaying VLAN Infor mation show vl an This comma nd shows VLAN information . Syntax show v lan [ id vla n-id | name vlan-name | pr ivat e-v lan private- vlan-type ] • id - Key word to be followe d by the VLAN ID. - vlan-i d - ID of t he co nfi gured VLAN . (Ra nge: 1-4092 , no l eadi ng ze roes ) • name - Keyw o[...]
-
Page 547
VLAN Commands 4-251 4 Configuring I EEE 802.1Q Tunneling IEEE 802.1Q tunneling (Q inQ tunneling) uses a single Ser vice Provider VLAN (SPV LAN) for cust omer s wh o have mult iple VL ANs. Cust omer VLAN I Ds are pre serve d an d tr af fic f rom di ffer ent custom ers i s se greg ated wit hin the se rvi ce provider ’s net work even when t hey use [...]
-
Page 548
Command Line Interface 4-252 4 Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage QinQ tunn el mode mus t be enabled on th e switch for Qin Q interface sett ings to be functional. Example Related Commands show dot1 q-tunnel (4-2 53) show interf aces switc hport (4-175 ) switchpo rt dot1q-tunnel m ode This comm and config ure[...]
-
Page 549
VLAN Commands 4-253 4 switchpo rt dot1q-tunnel tp id This comm and se t s the T ag Prot ocol Identif ier (TPID) v alue of a tun nel port. Us e the no form to restore the default setting. Syntax switchport dot1q-tu nnel tpid tpid no switchport dot1q-t unnel tpid tpi d – Sets the ethertype value for 802.1Q encapsulation. This identifier is used to [...]
-
Page 550
Command Line Interface 4-254 4 Example Related Commands switch port dot1q- tunnel m ode (4-25 2) Configuring Pri vate VLANs Private VLA Ns provide po rt-based secu rity and isolati on between por ts within the assign ed VLAN. This swit ch supports two types of private VLAN s: primary/ secondar y associat ed groups, and stand-al one isolated VLA Ns.[...]
-
Page 551
VLAN Commands 4-255 4 T o conf igure p rimary/seco ndary a ssociate d groups, follow the se steps: 1. U se th e priv ate- vlan command to design ate one or mo re commu nity VLANs and the pri mary VLAN that will channe l traffi c outsid e of the community groups. 2. Use the private-vl an association comm and to map t he comm unity VLA N(s) to the pr[...]
-
Page 552
Command Line Interface 4-256 4 private -vlan Use thi s comman d to create a primary , commu nity , or isolated p rivate VLA N. Use the no form to remove the s pecif ied private VLAN. Syntax private- vlan vlan -id { community | primary | isol ated } no private- vlan vlan-i d • vlan-i d - ID of privat e VLAN. (Ran ge: 1-4092, no leading zeroes ). ?[...]
-
Page 553
VLAN Commands 4-257 4 no private- vlan prim ary-vlan -id assoc iation • primary -vlan-id - ID of primary VL AN. (Range: 1-4092, no leading zeroes). • seco ndar y-vl an-id - ID of secondary (i. e, community) VLAN. (Range: 1-4092, no leading zeroes). Default Sett ing None Command Mode VLAN C onfiguration Command Usage Secondar y VLANs provid e se[...]
-
Page 554
Command Line Interface 4-258 4 • To assign a promiscuou s port or host por t to an isolated VLAN, use the switchport private-vlan isola ted command. Example switchpo rt private-v lan host-ass ociation Use this com mand to ass ociate an inter face with a seco ndary VLAN. U se the no form to r emove this associ ation. Syntax swit chp ort pr ivat e-[...]
-
Page 555
VLAN Commands 4-259 4 Default Sett ing None Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Host ports assign ed to a isolate d VLAN cannot pass traffic bet ween group memb ers, and must c ommunicat e with resourc es outside of the grou p via a promisc uous port. Example switchpo rt private-v lan mapping Use this com [...]
-
Page 556
Command Line Interface 4-260 4 Syntax show v lan privat e-vlan [ community | isol ated | pr ima ry ] • communit y – Display s all community VLANs, along wi th their associ ated primary VLAN and assign ed host interfa ces. • isolated – Displays an isolated VLA N, along with the as signed promisc uous interface and host interfac es. The Prima[...]
-
Page 557
VLAN Commands 4-261 4 Configuring Prot ocol-based VLANs The net work dev ices required to sup port multipl e protoco ls cannot b e easily grouped into a common VLAN. This may require non-standard devices to pass traf fic between d iff ere nt VLANs in order to encompass all th e devices participating i n a specific protocol. This kind of configur at[...]
-
Page 558
Command Line Interface 4-262 4 • group-id - Group identifi er of this protocol group. (Ran ge: 1-21474836 47) • fram e 1 - Frame type used by t his protocol. (O ptions: ether net, rfc_104 2, llc_othe r) • protocol - Protocol type. T he only option for th e llc_other fram e type is ipx_raw . The options for all other frames t ypes include: ip,[...]
-
Page 559
VLAN Commands 4-263 4 applied t o tagged fram es. - If the f rame is untagge d and the prot ocol type match es, the fram e is forwarded to the appropriate VLAN. - If the f rame is untagg ed but the pr otocol type do es not match, t he frame is forwarded to the default VLAN fo r the interf ace. Example The follow ing example m aps traffic matching t[...]
-
Page 560
Command Line Interface 4-264 4 This shows that t raffic matching the spe cifications for protocol group 2 will be mapped to VLAN 2: Priority Commands The comm ands descr ibed in this se ction allow yo u to specify whi ch data packets have grea ter preced ence when traffic is buffered in the switch du e to congestio n. This switch su pports CoS with[...]
-
Page 561
Priority Commands 4-265 4 queue mod e This comm and sets the que ue mode to stric t priority or Weighted Round-Rob in (WR R) for the c lass of se rvic e (C oS) pr ior ity q ueues . Us e the no fo rm to res tore th e default va lue. Syntax queue mod e { strict | wrr } no queue mode • strict - Se rvices the egr ess queues in sequential orde r, tran[...]
-
Page 562
Command Line Interface 4-266 4 Default Sett ing The priorit y is not set, and the de fault value for untagged frames recei ved on the inter face is zero. Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • The prece dence for pr iority mapping i s IP DSCP, and default swit chport priority . • The defau lt priority a[...]
-
Page 563
Priority Commands 4-267 4 Command Mode Global Co nfiguration Command Usage WRR co ntro ls ban dwid th sh arin g at the eg res s port by defi nin g sched ulin g weights. Example Thi s exa mple s hows how t o as sign WRR we ight s to pri orit y qu eues 0 - 2 : Related Commands show que ue bandwidth (4 -268) queue cos -map This comm and assign s class[...]
-
Page 564
Command Line Interface 4-268 4 Command Usage • CoS value s assigned at the ingress por t are also used at the egress por t. • This comm and sets the C oS priority for all inter faces. Example The follow ing example sh ows how to ch ange the CoS ass ignments: Related Commands show queue c os-map (4- 269) show que ue mode This c ommand shows the [...]
-
Page 565
Priority Commands 4-269 4 Example show que ue cos-map This co mmand sho ws the cla ss of se rvice pr iori ty map. Syntax show q ueue cos -map [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default Sett ing None Command Mode Privilege[...]
-
Page 566
Command Line Interface 4-270 4 Syntax [ no ] m ap ip dscp Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • The prece dence for pr iority mapping i s IP DSCP, and default swit chport priority . Example The follow ing example sh ows how to en able IP DSCP mapping globa lly: map ip ds cp (Int erface Confi gurati on) This [...]
-
Page 567
Priority Commands 4-271 4 Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • The prece dence for pr iority mapping i s IP DSCP, and default swit chport priority . • DSCP pr iority valu es are mapp ed to d efault Class of Service v alues acc ording to recomme ndations in the IEEE 802.1p st andard, and then subse que[...]
-
Page 568
Command Line Interface 4-272 4 Example Related Commands map ip dscp ( Global Conf iguration) (4-26 9) map ip d scp (I nt erfa ce Co nfigu rati on) (4-2 70) Quality of Service Comm ands The comm ands descr ibed in this sect ion are used to c onfigure Differen tiated Services ( DiffServ) class ification criter ia and serv ice policies. Y ou can class[...]
-
Page 569
Quality of Service C ommands 4-273 4 T o crea te a serv ice policy for a sp ecific categ ory of i ngress traffic , follow the se steps: 1. Use the cl ass-map comman d to design ate a class nam e for a speci fic category of traffic, and enter the Class M ap configurati on mode. 2. U se th e match comman d to se lect a spec ify typ e of traffic b ase[...]
-
Page 570
Command Line Interface 4-274 4 • The class map is used wit h a policy map ( page 4-275) to cr eate a service policy (pa ge 4-278) fo r a specific inter face that def ines packet cl assificatio n, service tagging, and band width policing. Example This examp le creates a class map cal l “rd_class,” and s ets it to match packets marked for DSCP [...]
-
Page 571
Quality of Service C ommands 4-275 4 This examp le creates a class map cal l “rd_class# 2,” and sets it to matc h p ack ets mark ed f or IP Prec edenc e se rvic e val ue 5: This examp le creates a class map cal l “rd_class# 3,” and sets it to matc h p ack ets marked for VLAN 1: policy- map This c ommand creates a p olicy map that c an be a [...]
-
Page 572
Command Line Interface 4-276 4 class This comm and defi nes a traffic classi fication upon which a po licy can act, an d enters Policy Ma p Class config uration mod e. Use the no form to delete a class m ap and ret urn to P olicy Map con figur at ion mod e. Syntax [ no ] class cl ass- map- name class-map-name - Name of t he c lass map. (Ran ge: 1-1[...]
-
Page 573
Quality of Service C ommands 4-277 4 set This comm and services IP traf fic by setti ng a CoS, DSCP , or IP Preced ence value in a matc hing pack et (a s specif ie d by the match com mand on page 4- 274). Use the no form to remo ve the traf fic class ification. Syntax [ no ] set { cos new-co s | ip ds cp new-d scp | ip prec edence new-pr eceden ce [...]
-
Page 574
Command Line Interface 4-278 4 Policy M ap Class Configur ation Command Usage • You ca n configure up to 64 policer s (i.e., mete rs or class maps) for ea ch of the following ac cess list types : MAC ACL, IP ACL (including Stan dard ACL and Extende d ACL), IPv6 Standa rd ACL, and IPv6 Exte nded ACL. This limitat ion applies t o each switch chip ([...]
-
Page 575
Quality of Service C ommands 4-279 4 Example This examp le applies a se rvice policy to an ingr ess interfa ce. show cl ass-map Thi s com mand dis play s th e QoS clas s ma ps whic h def ine matc hing cri ter ia u sed f or classifyin g traf fic. Syntax show c lass-ma p [ class- map-nam e ] class-map-name - Name of t he c lass map. (Ran ge: 1-16 cha[...]
-
Page 576
Command Line Interface 4-280 4 Example show pol icy-map inte rface Thi s comma nd dis play s the ser vic e polic y ass igned t o the sp ecif ied int erf ace. Syntax show po licy-map in terface interface input interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Ran[...]
-
Page 577
V oice VLAN Commands 4-281 4 voic e vlan This comm and enable s V oIP t raffi c detec tion and defi nes the V oice VLAN ID. Use the no form to di sabl e the V oic e VLAN . Syntax voice vlan voice-vlan -id no voice vlan voice-vlan-id - S pecifies the voice VLAN ID. (Range: 1-4094) Default Sett ing Disabled Command Mode Global Co nfiguration Command [...]
-
Page 578
Command Line Interface 4-282 4 voic e vlan aging This command set s the V oice VLAN ID time out. Use t he no form to restore the default. Syntax voice vlan ag ing minutes no voice vlan minutes - S pecifies the port V oice VLAN membership time out. (Range: 5-43200 mi nutes) Default Sett ing 1440 minut es Command Mode Global Co nfiguration Command Us[...]
-
Page 579
V oice VLAN Commands 4-283 4 Command Usage • VoIP devi ces attached to the switch can be identified by the manufact urer’s Organ izational Uniq ue Identifier (O UI) in the source MAC addres s of received packets . OUI numb ers are assi gned to m anufacturer s and form t he first thre e octets of device MA C addres ses. The MA C OUI n umbers for[...]
-
Page 580
Command Line Interface 4-284 4 switchpo rt voice v lan rule This co mmand se lects a meth od for det ecting VoIP traffic on a port. Use the no form to disabl e the detection m ethod on the port. Syntax [ no ] s witchport vo ice vlan rule { oui | lld p } • oui - Traffic from VoIP devices is detected by the O rganizationall y Unique Identifie r (OU[...]
-
Page 581
V oice VLAN Commands 4-285 4 Command Usage • Securi ty filtering dis cards any n on-V o IP packets rece ived on the po rt that are tagged with voi ce VLAN ID. VoIP traff ic is iden tified by sourc e MAC addresse s configur ed in the T eleph ony OUI list, or t hrough LLDP th at discovers V oIP devices attached to th e switch. P ackets rec eived fr[...]
-
Page 582
Command Line Interface 4-286 4 show vo ice vlan This command display s the Voice VLAN settings o n the switch and t he OUI Telepho ny list. Syntax show voic e vlan { oui | st atus } • oui - Di spl ays th e OUI Tel ephon y li st. • status - Displays the gl obal and port Vo ice VLAN settings . Default Sett ing None Command Mode Privileged Exec Ex[...]
-
Page 583
Multicas t Filtering Command s 4-287 4 Multicast Filtering Comma nds This switc h uses IGMP (Inter net Group M anagement Protocol) to que ry for any attached ho sts that wa nt to re ceive a s pecific mul ticast se rvice. It ide ntifies t he ports containing hosts reques ting a serv ice and sen ds data out to those ports only . It then propagate s t[...]
-
Page 584
Command Line Interface 4-288 4 ip igmp sn ooping This comm and ena bles IGMP sn ooping on t his switch. Use the no form to di sable i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfiguration Example The follow ing example en ables IGM P snooping. ip igmp sn ooping vlan static This comm and adds a po rt to a mul[...]
-
Page 585
Multicas t Filtering Command s 4-289 4 ip igmp sn ooping versio n This c ommand configures the IGMP snooping version . Use th e no form to re store the defaul t. Syntax ip igmp s nooping ver sion { 1 | 2 | 3 } no ip igmp snooping ve rsion • 1 - IGMP Version 1 • 2 - IGMP Version 2 • 3 - IGMP Version 3 Default Sett ing IGMP V ersion 2 Command M[...]
-
Page 586
Command Line Interface 4-290 4 Command Usage • The IGMP snooping lea ve-proxy fea ture suppre sses all unnec essary IGM P leave mes sages so that the non-que rier switch forw ards an IGMP leave packet o nly when the last dynamic mem ber port lea ves a multicast group. • The leave -proxy featur e does not function when a switch is set as the que[...]
-
Page 587
Multicas t Filtering Command s 4-291 4 show ip igmp snoopin g This c ommand shows the IGMP s nooping c onfiguration . Default Sett ing None Command Mode Privileged Exec Command Usage See “Con figuring IGM P Snoopin g and Que ry Parameter s” on page 3-213 for a descrip tion of the disp layed items. Example The fo llowing sh ows the current IG MP[...]
-
Page 588
Command Line Interface 4-292 4 Example The follow ing shows the multicast entrie s learned thro ugh IGMP snoo ping for VLAN 1: IGMP Query Commands (Layer 2) This secti on describes c ommands u sed to configu re Layer 2 IGM P query on the switch. ip igmp sn ooping qu erier This co mmand e nables the s witch as an IGM P querier . Use the no form to d[...]
-
Page 589
Multicas t Filtering Command s 4-293 4 Example ip igmp sn ooping query-c ount This c ommand configures the que ry count . Use th e no form to re store the default. Syntax ip igmp s nooping quer y-count count no ip igmp snooping que ry-count count - The maximum n umber of queries issued for which there has be en no response before the switch t akes [...]
-
Page 590
Command Line Interface 4-294 4 Default Sett ing 125 secon ds Command Mode Global Co nfiguration Example The fo llowing sh ows how to con figure th e query i nterval to 100 se conds: ip igmp sn ooping qu ery-max-respo nse-time This c ommand configures the que ry repor t delay . U se the no form to rest ore the default. Syntax ip igmp s nooping quer [...]
-
Page 591
Multicas t Filtering Command s 4-295 4 ip igmp sn ooping router-port-e xpire-time This c ommand configures the que ry timeou t. Use the no form to res tore the defa ult. Syntax ip igmp s nooping router-por t-expire-time seconds no ip igmp snooping router-po rt-expire-time seconds - The tim e the switch waits af ter the previous querier stops before[...]
-
Page 592
Command Line Interface 4-296 4 ip igmp sn ooping vlan mrouter This comm and statically c onfigures a mul ticast router por t. Use the no form to remov e the configurat ion. Syntax [ no ] ip igm p snooping vlan vlan-id mrouter in terface • vlan-i d - VLAN ID (Ra nge: 1-4092 ) • int erfa ce • etherne t unit / port - unit - Stack un it. (Range: [...]
-
Page 593
Multicas t Filtering Command s 4-297 4 Command Usage Multicas t router port typ es displaye d include St atic. Example The fol lowi ng sho ws t hat port 1 1 in VL AN 1 is at ta ched to a m ult icas t r outer : IGMP Filterin g and Throttling Commands In certain swit ch application s, the adm inistrator may want to control the multicast services t ha[...]
-
Page 594
Command Line Interface 4-298 4 ip igmp filt er (Global Configu ration) This comm and globall y enables IGMP f iltering and throt tling on the switch . Use the no form to disable the feature. Syntax [ no ] ip igmp filter Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • IGMP fi lter in g enab les you to ass ign a prof il[...]
-
Page 595
Multicas t Filtering Command s 4-299 4 Command Usage A prof ile defines the mu lticast gro up s tha t a s ubscriber is permitted or den ied to join. The sam e profile can be applied to man y interfaces, bu t only one profile can be assigned to one i nterface. Each pr ofile has only on e access mode ; eit her per mit or deny . Example permit, den y [...]
-
Page 596
Command Line Interface 4-300 4 Command Mode IGMP Prof ile Confi gur ation Command Usage Enter this command multiple t imes to s pecify mor e than one multicast address or addres s range for a profi le. Example ip igmp filt er (Interfa ce Configu ration) This comm and assign s an IGMP filterin g profile to an inte rface on the swi tch. Use the no fo[...]
-
Page 597
Multicas t Filtering Command s 4-301 4 number - The m aximum number of m ulticast groups an interface can join at the same time. (Range: 0-64) Default Sett ing 64 Command Mode Interface C onfigurat ion Command Usage • IGMP thro ttling sets a ma ximum num ber of multicast groups that a po rt can join at the same time. When the maxim um num ber of [...]
-
Page 598
Command Line Interface 4-302 4 Example show ip igmp filter This command displays the global and interface setti ngs for IGMP filtering. Syntax show ip igmp filt er [ in terf ace in terf ace ] interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1 ) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default[...]
-
Page 599
Multicas t Filtering Command s 4-303 4 Example show ip igmp throttle int erface This comm and displays the interface se ttings for IGM P throttling. Syntax show ip igmp throttl e interface [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range: 1 ) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1[...]
-
Page 600
Command Line Interface 4-304 4 Multicast VLAN Registrati on Commands Thi s sec tio n desc ribe s co mmand s use d to conf igur e Mul tic ast VL AN R egis trat ion (MVR). A si ngle network-w ide VLAN can be used to transm it multicast traffic (such as telev ision c hannels) ac ross a service p rovider ’s netw ork. Any multicast traffic entering an[...]
-
Page 601
Multicast VLAN Regi stration Commands 4-305 4 Command Usage •U s e t h e mvr group comma nd to statica lly configure a ll multicast group addresses that will join the MVR VLAN. Any multicast data asso ciated an MVR grou p is sent from all source ports , and to all recei ver ports that hav e register ed to receive da ta from that mul ticast group.[...]
-
Page 602
Command Line Interface 4-306 4 Command Usage • A port whi ch is not configur ed as an MVR receiver or so urce port can use IGMP snoop ing to join or leav e mult icas t grou ps usi ng the st anda rd rul es for multicas t filtering. • MVR rec eiver ports c annot be mem bers of a tru nk. Receiv er ports can b elong to differen t VLANs, but shou ld[...]
-
Page 603
Multicast VLAN Regi stration Commands 4-307 4 show mv r This comm and sh ows informa tion abou t the global M VR config uration set tings when entered w ithout any key words, the inter faces attached to the MVR VLAN us ing the inte rfac e keyword, or the multicast gr oups assigned to th e MVR VLAN us ing the member s keywor d. Syntax show m vr [ in[...]
-
Page 604
Command Line Interface 4-308 4 The fo llowing disp lays infor mation a bout the interfaces attached to the M VR V LAN: The follow ing shows inf ormation a bout the interface s associat ed with multic ast groups assign ed to the MVR VL AN: Console#show mvr interface Port Type Status I mmediate Leave ------- -------- ------------- - -------------- et[...]
-
Page 605
IP Interface Command s 4-309 4 IP Interface Commands An IP addre sses may be us ed for mana gement acces s to the switch o ver your network . The IP address f or this switch i s obtained via DHC P by default. Y ou can manuall y configure a sp ecific IP add ress, or direct the device to obtain a n address from a BOOTP or DHCP server when it is power[...]
-
Page 606
Command Line Interface 4-310 4 • If you select th e bootp or dhcp option, IP is e nabled but will not f unction unt il a BOOTP or DH CP reply has been received. Requests wi ll be broadcast periodic ally by this devi ce in an effort to le arn its IP address . (BOOTP and DHCP values can include the IP address, de fault gateway, and subnet mask). ?[...]
-
Page 607
IP Interface Command s 4-311 4 ip dhcp res tart This command submit s a BOOTP or DHCP client re quest. Default Sett ing None Command Mode Privileged Exec Command Usage • This comma nd issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode vi a the ip address command . • DHCP requires t he server to re[...]
-
Page 608
Command Line Interface 4-312 4 show ip redirects Thi s comm and s hows the defaul t g atewa y con figur ed f or t his d evic e. Default Sett ing None Command Mode Privileged Exec Example Related Commands ip default- gateway (4- 310) ping This comm and sends ICMP echo re quest packets to anothe r node on the net work. Syntax ping host [ size size ] [...]
-
Page 609
IP Source Guard Command s 4-313 4 Example Related Commands interface ( 4-166) IP Source Guard Comma nds IP Source Guard is a secur ity feature th at filters IP traffic on n etwork inter faces based on m anually conf igured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snoopi[...]
-
Page 610
Command Line Interface 4-314 4 • sip-mac - Filters traffic based on IP addresse s and corresp onding MAC address es stored in th e binding table. Default Sett ing Disabled Command Mode Interface C onfigurat ion (Ethernet) Command Usage • Source gu ard is used to fil ter traffic on an un secure port w hich receives messag es from ou tside the ne[...]
-
Page 611
IP Source Guard Command s 4-315 4 yet confi gured, the sw itch will drop all IP traffic on that por t, except for DHCP packets. Example This e xample ena bles IP source guard on port 5 . Related Commands ip so urce -guar d bind ing ( 4-315 ) ip dhcp sno oping (4-317) ip d hcp s noo ping vla n (4- 319) ip source- guard bind ing This comm and adds a [...]
-
Page 612
Command Line Interface 4-316 4 - If ther e is no entry with sa me VLAN ID an d MAC addr ess, a new entry i s added to b inding table usi ng the type of stat ic IP source gua rd binding. - If ther e is an entry with sa me VLAN ID an d MAC addres s, and the typ e of entry is stat ic IP source gua rd binding , then the new ent ry will replace the old [...]
-
Page 613
DHCP Snooping C ommands 4-317 4 Example DHCP Snooping Command s DHCP snooping allo ws a switch to pro tect a network fr om rogue DHCP servers or other devices wh ich send port-rela ted information to a DHCP server . This inform ation can be usef ul in tracking an IP address ba ck to a physical port. This section desc ribes commands used to configur[...]
-
Page 614
Command Line Interface 4-318 4 messag es recei ved on an unsecu re interf ace from outside the net work or firewall. When D HCP sno oping is e nabled globally by this c ommand, and enabled on a VLAN interface by the ip dhcp snooping vlan comm and (page 4-31 9), DHCP messages re ceived on an un trusted int erface (as specifi ed by the no ip d hcp sn[...]
-
Page 615
DHCP Snooping C ommands 4-319 4 switch will not add a dynamic entry for itself to the binding table when it receives an ACK message f rom a DHCP server. Also, when th e switch sends out DH CP client pa ckets for itself, no filtering ta kes place. H owever, when the switch receives any message s from a DHC P server, an y packets received from unt ru[...]
-
Page 616
Command Line Interface 4-320 4 Related Commands ip dhcp sno oping (4-317) ip dhcp sno oping trust (4- 320) ip dhcp snoop ing tr ust This c ommand configures the spe cified inte rface as t rusted. U se the no form to restore t he default sett ing. Syntax [ no ] ip dhcp snooping tru st Default Sett ing All interface s are untrusted Command Mode Inter[...]
-
Page 617
DHCP Snooping C ommands 4-321 4 ip dhcp snoop ing verify mac-address This command verifi es the client ’s hardware address stored in t he DHCP packet against t he source M AC address in the Ethernet header . Use the no form to disa ble thi s func tion . Syntax [ no ] ip dhcp snooping v erify mac-address Default Sett ing Enabled Command Mode Globa[...]
-
Page 618
Command Line Interface 4-322 4 • When the DHCP Snoopi ng Information Optio n is enabled, clients can be ide ntif ied by the swi tch p ort t o whi ch the y ar e conn ecte d ra ther than just thei r MAC ad dress. DHC P client-serve r exchange m essages a re then forward ed directly be tween the ser ver and client without having t o flood them to th[...]
-
Page 619
DHCP Snooping C ommands 4-323 4 ip dhcp snoop ing data base flash This comm and writes al l dynamically le arned snoop ing entries to flas h memory . Command Mode Global Co nfiguration Command Usage This comm and can be us ed to store the cu rrently learned dy namic DH CP snoopin g entries to flash m emory . The se entries w ill be restored to the [...]
-
Page 620
Command Line Interface 4-324 4 show ip dhcp snooping binding This comm and shows the DHCP sn ooping bindin g table entries. Command Mode Privileged Exec Example IP Cluster Commands IP Clust eri ng is a me thod o f gr oupi ng s witc hes t oget her t o en able cent ral ized manage ment throug h a single unit. A swi tch cluster has a “Command er” [...]
-
Page 621
IP Cluster C ommands 4-325 4 Command Usage • To creat e a switch cluster, firs t be sure th at cluste ring is enab led on the switch (the defau lt is enabled), th en set the switch as a Cluster Com mander. Set a Cluste r IP Pool that doe s not confli ct with any ot her IP subne ts in the netw ork. Cluste r IP addr esses are assigne d to sw itches[...]
-
Page 622
Command Line Interface 4-326 4 cluster ip- pool This comm and sets the clus ter IP address p ool. Use the no fo rm to reset t o the default ad dress. Syntax cluster ip -pool < ip-a ddre ss > no cluster ip-pool ip-address - The base IP address for IP addresses assigned to cl uster Members. The IP address must start 10.x.x.x. Default Sett ing 1[...]
-
Page 623
IP Cluster C ommands 4-327 4 Command Usage • The maxi mum numbe r of cluster Me mbers is 36. • The maxim um numbe r of switch Ca ndidates is 10 0 . Example rcommand This comm and provid es access to a c luster Membe r CLI for configur ation. Syntax rcommand id < member- id > member-id - The ID number of the Member switch. (Range: 1-36) Co[...]
-
Page 624
Command Line Interface 4-328 4 show cluster members This comma nd shows the curren t switch cluster membe rs. Command Mode Privileged Exec Example show cluster candidat es This c ommand shows the disco vered Cand idate s witches in the n etwork. Command Mode Privileged Exec Example Console#show cluster members Cluster Members: ID: 1 Role: Active me[...]
-
Page 625
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802.1X, MAC Authenticatio n, Web Authentication), HTTPS, SSH, Port Securi ty Acce ss Cont rol L ist s IP , MAC; 1000 r ules per system DHCP Client Port Co nfiguration 100 BASE- FX: 10 0 Mbp s full dupl ex 1000BASE- T : 10/10 0 Mbps at half/full du[...]
-
Page 626
Software Specifi cations A-2 A Multicast VLAN Registr ation Quality of Se rvice DiffServ supp orts class maps, polic y maps, and servi ce policies Addi tio nal Fe atur es BOOTP client SNTP (Simpl e Network Time Protocol) SNMP (Si mple Network Manageme nt Protocol) RMON (R emote Mon itoring, groups 1,2 ,3,9) SMTP Ema il Alerts DHCP Snooping IP Sour [...]
-
Page 627
Management Inf ormation Bases A-3 A RADIUS+ (RFC 2 618) RMON (R FC 1757 grou ps 1,2,3,9) SNMP (RFC 1 157) SNMPv2 (R FC 2571) SNMP v3 ( RFC DRA FT 34 14, 3410, 227 3, 34 1 1, 3415 ) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350 ) Management Information Bases Bridge MIB (R FC 1493) Diffe rentiated Services MIB (RFC 3289) Entity MI B (RFC 2737) Et[...]
-
Page 628
Software Specifi cations A-4 A[...]
-
Page 629
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T a ble B-1 Troublesho oting Chart Sympt om Act io n Cannot co nnect usin g T e lnet, web brow ser , or SN MP software • Be su re the switch i s powered up. • Check network cabl ing betwee n the man agement station and th e switch. • Check that you have a valid ne [...]
-
Page 630
T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer to the I nstallati on Guide to ens ure that the problem you encount ered is actual ly caused by the switch. If the pr oblem app ears to be caused by th e swit ch, fol low t hese st ep s: 1. Enable logg ing. 2. Set the erro r messages reported to includ e all categor ies. 3. De[...]
-
Page 631
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it netw ork traf fi c and rest ric t acce ss to cer tai n users or dev ices by checkin g each packet fo r certain IP or MAC (i .e., Layer 2) in formation. Boot Protocol (BOOTP) BOOTP is use d to provide boo tup inform ation for netw ork device s, including IP address information, the ad[...]
-
Page 632
Glossar y Glossar y-2 GARP VLAN Registration Protoco l (GVRP) Defines a way for switche s to exchange VLAN informat ion in order to re gister necessa ry VLAN me mbers on po rts along the S panning Tree so that VLAN s defined in each swi tch can work automatica lly over a S panning Tree network. Generic Att ribute Registration Protocol (GARP) GARP i[...]
-
Page 633
Glos sary -3 Glossar y IGMP Snoo ping Listenin g to IGMP Query and I GMP Report packets trans ferred betwee n IP Multicast Routers and IP Multicas t host groups to id entify IP Multi cast group me mbers. IGMP Query On eac h subne twork, one I GMP-capable d evice w ill act as the querier — that is, the device tha t asks all hosts to re port on the[...]
-
Page 634
Glossar y Glossar y-4 Multicas t Switching A proce ss wher eby the switch fi lters incom ing mu lticast fram es for se rvices for which n o attached host has registere d, or for wards the m to all ports con t ained within the design ated multicas t VLAN group. Network Time Prot ocol (NTP) NTP prov ides the mech anisms to syn chronize ti me across t[...]
-
Page 635
Glos sary -5 Glossar y Secure Shell (SSH) A secure r eplacement for remote acces s functions, including T eln et. SSH can authenti cate users with a cryptograph ic key , an d encrypt da t a con nections betw een manage ment clients and t he switch. Simple Netw ork Managemen t Protocol (SNMP) The ap pli cati on pro tocol in the I nte rnet suite of p[...]
-
Page 636
Glossar y Glossar y-6 Vir tual LAN (VLAN) A Virtual LAN is a colle ction of netwo rk nodes that sh are the same co llision doma in regardle ss of their physi cal location or conn ection point in the network. A VL AN serves as a logical work group with no physical barri ers, and allow s users to share informat ion and resou rces as though l ocated o[...]
-
Page 637
Index-1 Numerics 802.1Q tu nnel 3-167, 4 -251 configur ation, guidel ines 3-170 configur ation, limitat ions 3-170 desc rip tion 3- 167 ethern et type 3-171 interface c onfiguration 3-172, 4-252–4 -253 mode sel ection 3-17 2 status, c onfiguring 3-1 70 TPID 4-253 uplink 3-172 802.1X, po rt authenticatio n 3-81, 3-99 802.1X, por t authenticat ion [...]
-
Page 638
Index-2 Index defa ult s etti ngs, syste m 1- 6 DHCP 3-18, 4-215, 4-216, 4-309 client 3-16 dynamic c onfiguration 2-5 DHCP snooping glo bal co nfig urat ion 4-317 , 4-324 , 4-325 specifyi ng truste d interfac es 4-320 verifying M AC addres ses 4-321, 4-322 VLAN conf igur ati on 4-319 Different iated Code Point Service See DSCP Different iated Servi[...]
-
Page 639
Index-3 Index param eters 3-213 snoo ping , co nfi guri ng 3-213, 4-287 import ing user public ke ys 3-76 ingress fil tering 3-165, 4-246 IP ad dress BOOTP /DHCP 3-18, 4 -215, 4-216, 4-309, 4-311 set ting 2-4, 3-1 6, 4-21 5, 4-2 16, 4-309 IP pr ecede nce enabling 3 -197 IP so urce gu ard configur ing static entr ies 4-315 setting fi lter criteria 4[...]
-
Page 640
Index-4 Index MSTP 4- 219 configur ing 3-149 global s ettings 4 -217 global s ettings, configuring 3 -141 global s ettings, displaying 3- 138 int erf ace s etti ngs 4-218 interface s ettings, c onfiguring 3-1 47, 3-153 int erf ace s etti ngs, dis play ing 3-151 multicast filtering 3-21 2, 3-225, 3-240, 4-287 multicast groups 3 -218, 4-291 displayi [...]
-
Page 641
Index-5 Index R RADIUS , logon auth entication 4-94 RADIUS, settings 3-54 rate limits, setting 3-128, 4-179 rem ote lo ggin g 4-5 8 restartin g the system 3- 33, 4-24, 4 -25 RSA encryp tion 3-75, 3-76 RSTP 3-136 , 4-219 glo bal co nfig urat ion 4-219 global s ettings, configuring 3 -141 global s ettings, displaying 3- 138 int erf ace se tti ngs, co[...]
-
Page 642
Index-6 Index Type Lengt h Value See also LLDP-ME D TLV U upgrading softwar e 3- 20 UPnP 3- 245 configur ation 3-245 user pas swor d 3-51, 3- 59, 3-60 , 3-6 2, 3-65, 4-38, 4-39 V VLANs 3-1 55–3-191, 4 -238 802.1Q tu nnel mode 3-1 72 adding sta tic member s 3 -162, 3-164, 4-248 creating 3-161, 4-2 43 descript ion 3 -155, 3-191 displayi ng basic in[...]
-
Page 643
[...]
-
Page 644
ES3528M- SFP E1220 07-DG-R01 149100 035500A[...]