Go to page of
Similar user manuals
-
Switch
SMC Networks SMC8748ML3
92 pages 2.81 mb -
Switch
SMC Networks EX9-AC020EN-PSRJ
19 pages 2.35 mb -
Switch
SMC Networks EZNET-24SW
2 pages 0.45 mb -
Switch
SMC Networks SMC8624T
80 pages 1.93 mb -
Switch
SMC Networks SMC8728L2
2 pages 0.2 mb -
Switch
SMC Networks SMC-EZ6508TX
2 pages 0.05 mb -
Switch
SMC Networks SMC6128PL2
2 pages 0.49 mb -
Switch
SMC Networks SMC6724L2GSSC
28 pages 0.28 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of SMC Networks 10/100/1000 SMCGS8P-Smart, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of SMC Networks 10/100/1000 SMCGS8P-Smart one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of SMC Networks 10/100/1000 SMCGS8P-Smart. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of SMC Networks 10/100/1000 SMCGS8P-Smart should contain:
- informations concerning technical data of SMC Networks 10/100/1000 SMCGS8P-Smart
- name of the manufacturer and a year of construction of the SMC Networks 10/100/1000 SMCGS8P-Smart item
- rules of operation, control and maintenance of the SMC Networks 10/100/1000 SMCGS8P-Smart item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of SMC Networks 10/100/1000 SMCGS8P-Smart alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of SMC Networks 10/100/1000 SMCGS8P-Smart, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the SMC Networks service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of SMC Networks 10/100/1000 SMCGS8P-Smart.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the SMC Networks 10/100/1000 SMCGS8P-Smart item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
T igerSwitch 10/100/1000 Gigabit Ether net Switch ◆ 12 auto-M DI/MDI-X 10/10 0/1000B ASE -T ports ◆ 4 ports shared with 4 SFP transcei ver s lots ◆ Non-blocking switching architecture ◆ Support for a redundant po wer unit ◆ Spanning T ree Protocol ◆ Up to six LA CP or static 4-port trunks ◆ Layer 2/3/4 C oS support through four priori[...]
-
Page 2
b_mgmt.book Page ii Tuesday, July 8, 2003 5:24 PM[...]
-
Page 3
38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-80 00 T igerSwitch 10/100/1000 Manag ement Guide From SM C’ s T iger line of feature-r ich work group LAN solutions July 2003 Pub. # 15 020003 4800A b_mgmt.book Page iii Tuesday, July 8, 2003 5:24 PM[...]
-
Page 4
Informati on furnished by SMC Networ ks, Inc. (SMC) is believed to be accu rate and r eliable. Ho wever , no resp onsibi lity is ass umed by SMC for its us e, nor fo r any inf ringem ents of pa tents or other rights of thi rd part ies whic h may r esult f rom its use. No licens e is gra nted by imp lication or othe rwise un der any patent or pat en[...]
-
Page 5
v L IMITED W ARRANTY Limite d W arranty St atement: SMC Netwo rks, Inc. (“SMC”) warrants its produc ts to be free from defe cts in wor kmanship and materials , under nor mal use and service, for the applicab le warranty term. Al l SMC products carr y a standard 90-day limited warran ty fr om the d ate of purcha se from SMC o r its Au thoriz ed [...]
-
Page 6
L IMITED W ARRAN TY vi FOREGO ING W ARRANTIE S AND R EMEDIES AR E EXCLUS IVE AND A RE IN LI EU OF ALL OTHER W ARRANTIES OR CON DITION S, EXPRE SS OR IMP LIED, E ITHER IN F ACT OR BY OPERA TION OF LA W , ST A TUTOR Y OR OTHER WISE, I NCLUDING W ARRANTIES OR CO NDITION S OF ME RCHANT ABIL ITY AN D FITNES S FOR A P ARTICULA R PURPOSE . SMC NEI THER AS[...]
-
Page 7
vii C ONTENTS 1 Switch Management 1-1 Connec ting to t he Switc h . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Configu ration Opt ions . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Required Conne ctions . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Remote Connectio ns . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 8
C ONTENTS viii Copyin g the R unning Co nfigurat ion to a F ile . . . . . . . 2-30 Displ aying Brid ge Exten sion Cap abilitie s . . . . . . . . . . 2-31 Displ aying Swit ch Hard ware/Sof tware V ersions . . . . . 2-34 Port Configurat ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-36 Displa ying Conne ction Stat us . . . . . . [...]
-
Page 9
C ONTENTS ix Statically Configu ring a Trunk . . . . . . . . . . . . . . . . . . 2 -104 Configu ring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 -106 Settin g Commun ity Ac cess Str ings . . . . . . . . . . . . . . 2-107 Specify ing Trap Man agers . . . . . . . . . . . . . . . . . . . . 2-109 SNMP IP Filterin g . . . . . . [...]
-
Page 10
C ONTENTS x disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 config ure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 show hi story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 end . . [...]
-
Page 11
C ONTENTS xi show us ers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53 show ve rsion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54 Authent ication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 authent ication login . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56 radius -serv[...]
-
Page 12
C ONTENTS xii parit y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89 stopbit s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 show li ne . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 I[...]
-
Page 13
C ONTENTS xiii spanni ng-tree p rotocol -migratio n . . . . . . . . . . . . . . . 3-126 spanni ng-tree l ink-t ype . . . . . . . . . . . . . . . . . . . . . . . 3-127 show s panning-t ree . . . . . . . . . . . . . . . . . . . . . . . . . 3-128 VLAN Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130 vlan dat abase . . . . [...]
-
Page 14
C ONTENTS xiv queue c os-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-163 show qu eue bandwi dth . . . . . . . . . . . . . . . . . . . . . . . 3-165 show qu eue cos-m ap . . . . . . . . . . . . . . . . . . . . . . . . 3-166 map ip p recedenc e (Global Configur ation) . . . . . . . . . 3-166 map ip p recedenc e (Interfac e Config [...]
-
Page 15
1-1 C HAPTER 1 S WITCH M ANAGEMENT Connecting to the Switch Configuration Options The Ti gerSwi tch 10 /100/10 00 incl udes a bu ilt-in n etwork managemen t agent. The agen t offers a variety of management option s, incl uding SNMP , RMO N and a W e b-ba sed inter fac e. A PC may also be c onnecte d directly to the switch f or configur ation and mo[...]
-
Page 16
S WIT CH M ANAGEMENT 1-2 The sw itch’s C LI confi guration p r ogram, W eb interface, and SNMP agent allo w you to perform th e followin g manageme nt func tions: • Set us er names and pass words for up to 1 6 users • Set an IP interface fo r a management VLAN • Confi gure SNMP parameter s • Enabl e/disabl e any port • Set th e speed/du[...]
-
Page 17
C ONNECTING TO THE S WIT CH 1-3 Required Connections The switc h provide s an RS-232 serial port that enables a connec tion t o a PC or termina l for monitor ing and config uring the switc h. A null-mo dem console ca ble is provi ded with the swi tch. Attach a VT100-c ompatible terminal, or a PC ru nning a term inal emula tion pr ogram to the switc[...]
-
Page 18
S WIT CH M ANAGEMENT 1-4 Note: When using Hype rTerminal with Micros oft ® Win dows ® 2000, m ake sure that yo u have Wind ows 2000 Service Pac k 2 or late r installed. Windows 200 0 Service Pack 2 fixes the probl em of arr ow keys not func tioning i n Hyper Terminal’ s VT100 emulati on. See www.micro soft.com for information on Wind ows 2000 s[...]
-
Page 19
B ASIC C ONFIGURATION 1-5 browse r (Int ernet Explor er 5.0 or above, or Netscap e Navigat or 6.2 or abov e), or fr om a networ k computer using ne twork management s oftware. Note: The onboard progr am only provid es acce ss to basic config uration functio ns. To access t he full range of SNMP mana gement function s, you mu st use SNM P-base d net[...]
-
Page 20
S WIT CH M ANAGEMENT 1-6 Setting Passwords Note: If this is your fi rst time to log int o the CLI pr ogram , you shoul d defin e new pass words fo r both def ault use r names using the “us ername” co mmand, r ecord them and put them in a safe place. Passwo rds can consi st of up to eigh t alphanum eric charac ters and are cas e sensit ive. T o [...]
-
Page 21
B ASIC C ONFIGURATION 1-7 Setting an IP Address Y ou must establ ish IP add ress in formatio n for the switch to ob tain managemen t access through the netw ork. This can be do ne in either o f the fol lowing ways : Manual — Y ou have to in put th e in form ation, incl uding IP address and subne t mask. If your manag ement stat ion is no t in the[...]
-
Page 22
S WIT CH M ANAGEMENT 1-8 Before yo u can assi gn an IP address t o the switch, yo u must obt ain the fol lowing informat ion fro m your network adm inistr ator: • IP ad dress f or the switch • Default gat eway for the networ k • Networ k mas k for this ne twork T o assign an IP address to the switch, comple te the followin g steps: 1. From th[...]
-
Page 23
B ASIC C ONFIGURATION 1-9 broad casti ng serv ice re quests . Requ ests wil l be se nt perio dicall y in an effort to obtai n IP config uration in formation. (BO OTP and DHCP valu es can inc lude th e IP addres s, subn et mask, an d default gateway.) If t he “boot p” or “dhcp” option is save d to th e start up-co nfig fi le, then t he swit [...]
-
Page 24
S WIT CH M ANAGEMENT 1-10 6. Then s ave your config uration changes by typin g “cop y runnin g-co nfig star tup-conf ig.” Ent er the st artup f ile name and pres s <Enter >. Enabling SNMP Management Access The s witch c an be co nfigur ed to acc ept man agement commands from Si mple Net work Manag ement Proto col (SNMP) ap plicatio ns. Y [...]
-
Page 25
B ASIC C ONFIGURATION 1-11 The de fault s tring s are: • public - wit h read- only acces s. Autho rized manag ement stati ons are onl y able to retriev e MIB o bjects. • private - w ith read -writ e acces s. Autho rized ma nageme nt stati ons are able to both re trieve and modif y MIB ob jects. Note: If you do n ot int end to u tilize SNMP, it [...]
-
Page 26
S WIT CH M ANAGEMENT 1-12 Trap Receiv ers Y ou can al so speci fy SNMP s tations that are to re ce ive tr aps from the swi tch. T o configure a trap recei ver , complet e the fo llowing steps: 1. From the Privileged Exec level gl obal conf iguration mo de prom pt, type “snmp-se rver hos t host-address community -string ,” wher e “hos t-addre [...]
-
Page 27
M ANAGING S YSTE M F ILES 1-13 2. Enter the name of the s tart-up fi le. Press <Enter >. Managing Sy stem Files The switc h’s f lash m emory s uppo rts th ree ty pes of syst em fil es th at can be manag ed by the CLI program , W eb interface, or SNMP . The switch’ s file system allows files to be uploaded and downlo aded, copied, deleted [...]
-
Page 28
S WIT CH M ANAGEMENT 1-14 Due to the s ize limit of the flash m emory, t he swit ch suppo rts only two op eration code fil es. Howev er , you can have as m any diagnos tic code files an d configur ation files as availab le flash memory s pace allows. In the sy stem flash m emory, on e file of each type must be se t as the s tart-up fi le. D uring a[...]
-
Page 29
S YSTE M D EFAULTS 1-15 Web Management HTTP Server Enabled HTTP Port Number 80 SNMP Community Strings “public” (read only) “private” (read/write) Authentication Failure Traps Enabled Link-up-Down Traps Enabled Security Privileged Exec Level Username “admin” Password “admin” Normal Exec Level Username “guest” Password “guest”[...]
-
Page 30
S WIT CH M ANAGEMENT 1-16 Port Status Admin Status Enabled Auto-negotiation Enabled Flow Control D isabled 10/100/1000 Mbps Port Capability 10 Mbps half duplex 10 Mbp s ful l dupl ex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled Link Aggregation Static Trunks none L[...]
-
Page 31
S YSTE M D EFAULTS 1-17 Class of Service Ingress Port Priority 0 Weighted Round Robin Class 0: 16 Class 1: 64 Class 2: 128 Class 3: 240 IP Precedence Priority Disabled IP DSCP Priority Disabled Multicast Filter ing IGMP Snooping Enabled Act as Querier Enabled Broadcast Storm Protection Status Enabled (all ports) Broadcast Limit Rate 256 packets per[...]
-
Page 32
S WIT CH M ANAGEMENT 1-18 b_mgmt.book Page 18 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 33
2-1 C HAPTER 2 C ONFIGUR ING THE S WI TCH Using the Web Interface This sw itch provi des an embe dded HTTP W eb agent. Usi ng a W eb browse r you can co nfigure the switc h and view statis tics to monit or networ k activit y. The W eb agent can be ac cessed by any compu ter on the n etwo rk using a sta ndar d W eb brows er (I nter net Explor er 5.0[...]
-
Page 34
C ONFIGURING THE S WIT CH 2-2 Notes: 1. You are allowed t hree att empts t o ente r the c orrect passwor d; on the thir d failed atte mpt the curre nt conne ction is ter minated . 2. If yo u log i nto the W eb inte rface as guest (N ormal Ex ec level), you ca n view p age inf ormati on but only change the gu est passwo rd. If you lo g in as “admi[...]
-
Page 35
N AVIGATI NG THE W EB B RO W SE R I NTER FACE 2-3 Home Page When yo ur W eb browser c onnect s with th e switc h’s W eb agent, the ho me page is displayed as shown below. Th e home page displ ays the Main Menu on the left si de of t he scree n and Syst em Informati on on the rig ht si de. The Main Menu links are used t o naviga te to other menus,[...]
-
Page 36
C ONFIGURING THE S WIT CH 2-4 new setting . The followin g table summariz es the W eb page conf igurati on button s. Notes: 1. To en sure p roper s creen refresh, be sure that Intern et Explor er 5. x is config ured as follow s: Unde r the men u “Tool s / Intern et Option s / Gene ral / Tempor ary Inter net Fil es / Se ttings,” the se tting for[...]
-
Page 37
M AIN M ENU 2-5 Main Menu Using the on board W eb agent , you can def ine sys tem pa ramete rs, manage and co ntrol th e switch, and all its ports, or monit or networ k condit ions. The followi ng tabl e briefly descr ibes t he selec tions avail able fr om this pr ogram. Menu Description Page Sys tem System Information Provides basic system descrip[...]
-
Page 38
C ONFIGURING THE S WIT CH 2-6 Trunk Configuration Configures trunk connection settings 2-38 Broadcast Storm Protect Configuration Sets the broadcast sto rm threshold for e ach port 2-41 Mirror Sets the source and target ports for mirro ring 2-42 Port Security Action Configures the port intrusion action globally for the switch 2-45 Port Security Sta[...]
-
Page 39
M AIN M ENU 2-7 VLAN Current Table Shows the current port members of each VLAN and whether or not the port supports VLAN tagging 2-75 VLAN Static List Used to create or remove VLAN groups 2 -77 VLAN Static Table Modifies the settings for an existing VLAN 2-79 VLAN Static Membership by Port Confi gur es me mbers hip ty pe fo r int erfac es including[...]
-
Page 40
C ONFIGURING THE S WIT CH 2-8 Basic Configuration Displaying System Information Y ou can e asily identify the sy stem b y providin g a des criptive name , locati on and c ontact information . SNMP SNMP Configuration Configures community strings and related trap functions. 2-106 SNMP IP Filtering Configures IP filteri ng for SNMP access. 2-110 IGMP [...]
-
Page 41
B ASIC C ONFIGURATION 2-9 Comma nd Attribut es • System Na me – Name assig ned to the swi tch system. • Object ID – MIB II object ID for switch’ s network man agement subsys tem. • Location – Specifie s the syst em locati on. • Contact – Admini stra tor resp onsi ble for th e system. • System Up Time – Length of time th e mana[...]
-
Page 42
C ONFIGURING THE S WIT CH 2-10 We b – Click Sys tem, Syst em Informatio n. Speci fy the sy stem n ame, location, and con tact information for the system administrator , then click Apply. (This page also i nclude s a T elnet button that allows you to access the Command Line Interface via Telnet.) b_mgmt.book Page 10 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 43
B ASIC C ONFIGURATION 2-11 CLI – Spec ify the hostnam e, locat ion and contact informati on. Setting the IP Address An IP addre ss may be used for manageme nt access to th e switch over y our net work. By default , the switch uses DH CP to as sign IP settin gs to VLAN 1 on the sw itch. If yo u wish to manual ly conf igure I P setting s, you need [...]
-
Page 44
C ONFIGURING THE S WIT CH 2-12 Y ou can m anually c onfigure a specif ic IP address, or direc t the device to obt ain an add ress from a BOOTP or DHCP s erver when it is powered on. V alid IP addre sses consis t of fo ur decim al number s, 0 t o 255 , separ ated by peri ods. An ything outsid e this for mat wi ll not be a ccepted by the C LI prog ra[...]
-
Page 45
B ASIC C ONFIGURATION 2-13 Manu al Conf igu ration We b – Click System, I P . Specify the management i nterface, IP address and defau lt gate way, then click Ap ply. CLI – Spec ify the m anagement int e rface, IP address and default gateway. Using DHCP/BOOTP If yo ur netwo rk provid es DHCP/ BOOTP servi ces, yo u can confi gure th e switc h to [...]
-
Page 46
C ONFIGURING THE S WIT CH 2-14 If you lose yo ur manag emen t conne ction, use a co nsole conne ction an d enter show ip inter face to determ ine the new switch add ress. CLI – Spec ify the management i nterface, and set the IP Address Mode t o DHCP o r BOOTP . Renewing DCHP – DHCP may leas e addres ses to c lients indef initely or fo r a speci[...]
-
Page 47
S ECURITY 2-15 admini strator passw ord as soon as possibl e, and stor e it in a safe place. (If for s ome re ason your p asswor d is lost , you c an reload the fact ory dea fults fil e to rest ore the d efault pass words as descri bed in “Tro uble shootin g Chart” on page A-1. ) The de fault g uest nam e is “g uest” with the p assword “g[...]
-
Page 48
C ONFIGURING THE S WIT CH 2-16 CLI – Assign a user name to access- level 15 (i.e., adm inistra tor), then spec ify the pass word. Configuring RADIUS/TACACS+ Logon Authentication Y ou can configu re this switch to authenti cate user s logging into the syst em for manage ment acce ss using loc al, RADIU S, or T ACAC S+ authenti cation meth ods. RAD[...]
-
Page 49
S ECURITY 2-17 • RADIUS us es UDP whil e TACACS + uses TCP. U DP only off ers best effort deliv ery, whi le TCP o ffers a c onnection -orient ed trans port. Al so, note th at RADIUS en crypt s only the pas sword in th e access-r eque st packe t from the c lient to the serv er, while TACACS+ encryp ts the e ntire b ody of the pac ket. • RADIUS a[...]
-
Page 50
C ONFIGURING THE S WIT CH 2-18 Comma nd Attribut es • Auth enti cation – Select the authent ication , or authenti cation sequen ce requ ired: - RADIUS – User authent ication is p erform ed usin g a RA DIUS serve r only. - TACACS – User aut hentica tion is perfor med us ing a TACACS+ se rver only. - Local – User au thenti cation i s perfor[...]
-
Page 51
S ECURITY 2-19 TACACS+ Set tings • Server IP Address – Address of t he TACACS+ serve r. (Def ault : 10. 1.0.1 ) • Server Port Number – Network ( TCP) port o f TACACS+ serve r used for auth entication messages. (Range: 1-65535 ; Default: 1812) • Secret Te xt String – Encr yption key used to auth enticat e logon access for cl ient. Do not[...]
-
Page 52
C ONFIGURING THE S WIT CH 2-20 We b – Click System, Authe nticati on Setting s. T o confi gure local or remote authentic ation pre ference s, specify the authen tication sequen ce (i.e., one to thre e methods ), fill in the p arameter s for RADIUS or T ACACS+ authen ticati on if s elected, and clic k Appl y. b_mgmt.book Page 20 Tuesday, July 8, 2[...]
-
Page 53
S ECURITY 2-21 CLI Co mmand s CLI – Sp ecify all the req uired param eters to enable logon authenti cation. Configuring HTTPS Y ou ca n config ure the swit ch to e nable th e Secu re Hype rtext T ransfer Protocol (H TTPS) over the Secure Socket Lay er (SSL), provi ding se cure access (i .e., an encry pted conn ection ) to the switch’s W eb inte[...]
-
Page 54
C ONFIGURING THE S WIT CH 2-22 The fol lowing W eb brows ers and op eratin g syst ems cur rently support HTTPS: * T o sp ecify a secure-site certificat e, see “Replacing the Default Secure-site Certificate” on page 2-23 When yo u start HTTP S, the clie nt and server establ ish a secu re encryp ted conn ectio n. A padloc k icon shou ld appea r i[...]
-
Page 55
S ECURITY 2-23 CLI Co mmand s CLI – Ente r the foll owing comman ds to spec ify the secu re port number and to enable HTTPS. Replacing the Default Secure-site Certificate When yo u log o nto the W eb interfac e using HTTPS (f or secur e access), a Secure Sockets Layer (SSL) certificate appears for the switch. By default, the cer tificate that Net[...]
-
Page 56
C ONFIGURING THE S WIT CH 2-24 Note: The switc h must be reset fo r the new ce rtificate to be activate d. To rese t the swit ch, type: Console#reload Configuring SSH The Secure Shel l ( SSH) server feature prov ides remote managem ent acce ss via e ncrypted paths between the swi tch and SSH-ena bled man agement statio n clien ts. Note: The re are [...]
-
Page 57
S ECURITY 2-25 We b – Click System, SSH Settings. Sele ct Enabled for the SSH Server Status, specify the auth enticat ion timeo ut and n umber of retrie s, then click Appl y. CLI Co mmand s CLI – Enter the followin g comman ds to c onfig ure the SSH serv ice. Console(config)#ip ssh server 3-38 Console(config)#ip ssh timeout 100 3-37 Console(con[...]
-
Page 58
C ONFIGURING THE S WIT CH 2-26 Managing Firmware Y ou can u pload/do wnload f irmware to or f rom a TF TP s erver . By saving runtime code to a file on a TFTP ser ver , that fi le can later be down loaded to the sw itch to re store operati on. Y ou can also set the swi tch to use ne w fir mwar e withou t overwri ting the pr eviou s versi on. Comma [...]
-
Page 59
M ANAGING F IR MWAR E 2-27 We b – Click System, Firm ware. Enter t he IP address of the TFT P serve r , enter the file name of the software to downlo ad, selec t a file on the s witch to over write or specif y a new fi le name, then click T ransfer from Server . When you do wnload a file using a different name from the current runti me code f ile[...]
-
Page 60
C ONFIGURING THE S WIT CH 2-28 CLI – Enter th e IP addre ss of the TFTP se rver , select confi g or opcode file typ e, then e nter th e source an d destin ation file nam es, set the n ew file to start u p the syste m, and then restart the sw itch. Saving or Restoring Configuration Settings Y ou can u pload/do wnload configur ation s ettings to/fr[...]
-
Page 61
M ANAGING F IR MWAR E 2-29 Y ou can save the co nfiguratio n file under a new file name and then se t it as the startu p file, or you can sp ecify the cu rrent st artup config uration file as t he destin ation fil e to dir ectly replace it . Note that the fi le “Facto ry_De fault_C onfig.c fg” can be co pied to the TFTP server , but cannot be u[...]
-
Page 62
C ONFIGURING THE S WIT CH 2-30 CLI – E nter the IP add ress of the TF TP s erver , specify th e sour ce file on th e server , and set the star tup file name on the switch. If you down load the startup c onfigur ation f ile under a new fil e name, yo u can set this file as the startu p file at a later time , and then re start the swi tch. Copying [...]
-
Page 63
M ANAGING F IR MWAR E 2-31 CLI – I f you co py the running config uration to a fi le, you can set this file as th e startup file at a later time, and th en restart th e switch. Displaying Bridge Extension Capabilities The B ridge MI B includ es ext ensions for man aged d evices that suppo rt Mult icas t Filter ing, T r affi c Clas ses, and Virt u[...]
-
Page 64
C ONFIGURING THE S WIT CH 2-32 • Configurable PVID Tagging – This swit ch all ows y ou to override the de fault Port VLAN ID (PVI D used in fr ame tags ) and egress status (VLAN -Tagged or Un tagged) on each po rt. (Refer to “VLAN Co nfiguration ” on page 2-70.) • Local VLAN Capable – This s witch d oes no t supp ort mu ltiple local bri[...]
-
Page 65
M ANAGING F IR MWAR E 2-33 We b – Click System, Bridg e Extensio n. CLI – Ent er the followi ng command. Console#show bridge-ext 3-147 Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: N o Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traff[...]
-
Page 66
C ONFIGURING THE S WIT CH 2-34 Displaying Switch Hardware/Software Versions Comma nd Attribut es Main Bo ard • Serial Number – The ser ial numb er of t he switc h. • Service Tag * – Not imp lemente d. • Number of Ports – Number o f buil t-in RJ -45 ports • Hardware Version – Hard ware ver sion of t he main board. • Internal Power [...]
-
Page 67
M ANAGING F IR MWAR E 2-35 We b – Click System, Switch Infor mation. CLI – Us e the follo wing comma nd to dis play versi on information. Console#show version 3-54 Unit1 Serial number :A217056372 Service tag :[NONE] Hardware version :R0C Number of ports :12 Main power status :up Redundant power status :not present Agent(master) Unit id :1 Loade[...]
-
Page 68
C ONFIGURING THE S WIT CH 2-36 Port Configuration Displaying Connection Status Y ou can u se the Port Inf ormation or T runk In formation p ages t o displ ay the c urrent conn ection status, includin g link s tate, sp eed/ duple x mode , flow co ntrol , and au to-neg otiat ion. Comma nd Attribut es • Name – Interface labe l. • Type – Indica[...]
-
Page 69
P ORT C ONFIGURATION 2-37 We b – Click Port, Port Information or T runk Information. Mod ify the re quired i nterfac e setting s, and cli ck Apply . CLI – Thi s exam ple sho ws the c onnect ion st atus for Port 13. Console#show interfaces status ethernet 1/13 3-103 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-00-1[...]
-
Page 70
C ONFIGURING THE S WIT CH 2-38 Configuring Interface Connections Y ou can u se the Tr unk Conf iguratio n or Po rt Confi guratio n page to enable/disable an interface, manually fi x the speed and d uplex mode, set f low cont rol, s et auto-neg otia tion, and set t he inte rface capabili ties to adve rtise. Comma nd Attribut es • Name – Allows y[...]
-
Page 71
P ORT C ONFIGURATION 2-39 - Sym (Gigab it only) – Chec k this item to trans mit and rece ive pause frames, or clear it to au to-neg otiate the sender an d recei ver for asymmetr ic paus e frames. (The c urrent s witch chip onl y support s symmetr ic pause frames .) - FC - Supp orts flow contro l. Fl ow control can elim inate fr ame loss by “b l[...]
-
Page 72
C ONFIGURING THE S WIT CH 2-40 We b – Click Port, Port Configurat ion or T runk Config uration . Modif y the requ ired i nterface set tings , and cl ick Apply . CLI – Select the i nter face, and then enter th e requir ed settin gs. Console(config)#interface ethernet 1/13 3-92 Console(config-if)#description RD SW#13 3-93 Console(config-if)#shutd[...]
-
Page 73
P ORT C ONFIGURATION 2-41 Setting Broadcast Storm Thresholds Broadcas t storms may occ ur when a device on your network is malfu nctioning , or if applicatio n progr ams are n ot well designed or pro perly co nfig ured. If ther e is too mu ch broa dcast traff ic on your n etwork, p erformance can be sev erely deg raded o r everyt hing c an co me to[...]
-
Page 74
C ONFIGURING THE S WIT CH 2-42 We b – Cli ck Port, Port B roadcast C ontrol. Set th e thres hold for all ports, and th en click A pply. CLI – Specify the requi red interfac e, and then enter the t hreshol d. The foll owing sets b roadcast su ppressio n at 128 packets per second on port 1. Configuring Port Mirroring Y ou can m irror t raffic fro[...]
-
Page 75
P ORT C ONFIGURATION 2-43 Command Usage • The mi rror p ort and mo nito r port speeds mus t match, other wise traff ic may b e drop ped from the mon itor p ort. • The swi tch support s only one po rt mirror sess ion. We b – Click Port, M irror . Specify the sourc e port, th e traffic type to be mirr ored, and the tar get po rt, then cl ick Ad[...]
-
Page 76
C ONFIGURING THE S WIT CH 2-44 CLI – Use the i nterf ace com mand to select the target port, then use the port monitor com mand to spe cify the s ource port. No te that defa ult mi rrorin g un der the CLI is fo r bo th rece ived and transmit ted packets . Configuring Port Security Port security is a feature that al lo ws you t o config ure a sw i[...]
-
Page 77
P ORT C ONFIGURATION 2-45 • It can be c onfigur ed as an LACP tr unk port, but t he swit ch does not allo w the LACP tr unk to be enab led. Note: A port that is already configured as an LACP or st atic trunk port c annot be enable d as a se cure p ort. Port Security Action The switc h allows yo u to set th e security action to be taken when a por[...]
-
Page 78
C ONFIGURING THE S WIT CH 2-46 Port Security Configuration On the Port/Po rt Security Status page, you can enab le/disable securi ty for any switch port. For each port num ber listed in the “Port” column, yo u can configur e the following paramet er: • Security S tatus — Enable s or di sables port s ecurit y on t he port. (Defau lt: disa bl[...]
-
Page 79
A DDR ESS T ABLE S ETTINGS 2-47 Address Table Settings Switche s store th e addresse s for all known devi ces. This informati on is used to r oute t raffic di rectly between the inb ound and out bound ports. All the address es learned by moni toring traffic ar e store d in th e dynamic a ddress table. Y ou can al so manually confi gure stat ic addr[...]
-
Page 80
C ONFIGURING THE S WIT CH 2-48 We b – Click Addres s able, Static Addresses. Specify the in terface, the MAC address and VLA N, then click Add St atic Addr ess. CLI – This example adds an add ress to the static add ress table, but sets it to be delete d when the switch is rese t. Console(config)#mac-address-table address 00-e0-29-94-34-de ether[...]
-
Page 81
A DDR ESS T ABLE S ETTINGS 2-49 Displaying the Address Table The Dy namic Add ress T able c ontains t he MAC addresses learned by moni torin g the source addre ss for traf fic ente ring the sw itch. When t he destin ation address for inbound traffic is foun d in the datab ase, the pack ets inten ded fo r that address is forwar ded direct ly to the [...]
-
Page 82
C ONFIGURING THE S WIT CH 2-50 We b – Click A ddress T able, Dynamic Addr esses. Sp ecify th e search type (i.e., Inter face, MAC Address, or VLAN), the m ethod of so rting the dis playe d addre sses, th en click Query. For exampl e, the foll owing sc reen sh ows the dy namic addre sses for po rt 5. CLI – Thi s exampl e displ ays the address t [...]
-
Page 83
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-51 Changing the Aging Time Y ou can set the aging time for entri es in the dy namic addr ess tabl e. Command Usage The r ange for the agi ng time i s 17 - 2184 secon ds. ( The default is 300 se conds.) We b – Cli ck Addres s Table, Add ress Agi ng. Spec ify th e new agin g time, th en click A pply. [...]
-
Page 84
C ONFIGURING THE S WIT CH 2-52 The Sp anning T ree Protoc ols support ed by t he swit ch incl ude the following stand ards: • STP – Spanni ng Tree Protocol (IEEE 802.1D). • RSTP – Rapi d Span ning Tree Proto col (IEEE 802.1w). STP us es a dist ributed algorithm to sele ct a br idging de vice (STP-co mpliant s witch, bridge or route r) that [...]
-
Page 85
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-53 STP Information The Spanning Tree , STP Information page c ontains inform ation on the c urrent stat us of t he Spanni ng T ree. Comma nd Attribut es • Spanning Tree Sta te — Indicates if the Spanning Tree Prot ocol is curren tly en abled o n the swi tch. • Bridge ID — Id entifi es a u niqu[...]
-
Page 86
C ONFIGURING THE S WIT CH 2-54 • Designated Root — Identifies the prio rity and MAC addr ess of the dev ice in th e Spann ing Tree that the sw itch ha s accepted as the r oot devi ce. - Root Port — Specifies th e port nu mber on t he switch th at is closes t to the roo t. The swi tch commun icates w ith the roo t devi ce throug h this port . [...]
-
Page 87
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-55 • Root Hold Time * – The int erval (in sec onds) dur ing which no mor e than t wo brid ge conf igur ation pr otocol data uni ts shall b e transmi tted b y this nod e. • Configuration Changes — Specifie s the nu mber of ti mes th e Spanning T ree has been rec onfigured. • Last Topology Cha[...]
-
Page 88
C ONFIGURING THE S WIT CH 2-56 CLI – Thi s exam ple sho ws the c urrent Spannin g T ree set tings. Console#show spanning-tree 3-128 Spanning-tree information ----------------------------------------------------- ---------- Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) :2 Bridge Max Age (sec[...]
-
Page 89
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-57 STP Configuration Global se ttings apply to the entire switch. Command Usage RSTP suppo rts connec tions to ei ther STP or RSTP nodes b y monit oring the incoming protoc ol mes sages and d ynamical ly adjust ing the ty pe of protocol message s th e RSTP n ode tr ansmits, as desc ribed below: • ST[...]
-
Page 90
C ONFIGURING THE S WIT CH 2-58 • Priority — Bridg e prior ity is used i n sele cting t he root device, root po rt, and desi gnate d port. The devi ce with th e highest prior ity bec omes th e STP ro ot de vice. H owever, i f all d evice s have the sam e prior ity, the d evice with the lowest MAC addr ess will th en become the ro ot device. - De[...]
-
Page 91
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-59 • Forwar d Dela y — The maximum time (in seconds) th e switch will wait before changi ng state s (i.e., discardi ng to le arning to forwar ding). Thi s del ay is re quired b ecaus e every device mu st recei ve inform ation ab out topol ogy change s before i t starts to forwar d frames. In addit[...]
-
Page 92
C ONFIGURING THE S WIT CH 2-60 We b – Click Spanning Tr ee, STP Configur ation. M odify the requir ed attribu tes, t hen cli ck Apply. CLI – This examp le enables Spanning T ree Protocol , and then sets the in dicated attribut es. Console(config)#spanning-tree mode rstp 3-115 Console(config)#spanning-tree 3-114 Console(config)#spanning-tree for[...]
-
Page 93
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-61 STP Port and Trunk Information The Spanni ng T ree, STP Port Informati on and Span ning T ree, STP T r unk I nformation display the curre nt status o f ports an d trunks i n the Spanni ng T ree. Comma nd Attribut es • STP Status — Disp lays curr ent stat e of this po rt within the Spanning Tree[...]
-
Page 94
C ONFIGURING THE S WIT CH 2-62 • Designated Bridge — The p riority and MAC ad dress of the devi ce thro ugh whic h this p ort mu st com municat e to re ach the root of the Spann ing Tree. • Desi gnat ed P ort — The p riorit y and num ber of the po rt on t he desig nated brid ging devic e throug h which this swit ch must communi cate wit h t[...]
-
Page 95
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-63 These addit ional param eters are only disp layed for the CLI: • Admin status – Shows i f STA has been en abled on this interf ace. • Path Cost – This parame ter is used b y the STA to det ermine the best path betwe en devices . Theref ore, lower values should be ass igned to p orts atta ch[...]
-
Page 96
C ONFIGURING THE S WIT CH 2-64 • Admin Edge Port – Yo u can ena ble thi s opti on if an interfa ce is attache d to a LAN segm ent that is at the en d of a bridg ed LAN or to an end no de. Si nce end nodes ca nnot caus e for warding loops , they c an pa ss dire ctly thr ough t o the s panning t ree forwardi ng state . Specify ing Edge Ports prov[...]
-
Page 97
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-65 CLI – Thi s exampl e displ ys the current Spannin g T ree st atus o f a port. STP Port and Trunk Configuration Y ou can config ure RSTP attribut es for spec ific interfac es, inclu ding port priori ty, path cost , link type , and edge port. Y ou may use a diff erent prio rity or pa th co st fo r [...]
-
Page 98
C ONFIGURING THE S WIT CH 2-66 Comma nd Attribut es • STP State — D isplays curr ent state o f this port within th e Spanning Tree: - Disc ardi ng — P ort recei ves STP c onfigur ation mes sages, but does no t forward packets. - Learning — Por t has transm itted conf igurati on messag es for an interval set b y the Forward Delay parameter w[...]
-
Page 99
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-67 • Path Cost — Thi s paramet er is u sed by the STP to det ermine the best path betwe en devices . Theref ore, lower values should be ass igned to p orts atta ched to faster me dia, and hi gher val ues assigned to ports with slow er media. (P ath cost takes prec edence o ver po rt pr iority. ) -[...]
-
Page 100
C ONFIGURING THE S WIT CH 2-68 • Admin Edge Port — You c an enable thi s option if an in terface is attache d to a LAN segm ent that is at the en d of a bridg ed LAN or to an end no de. Si nce end nodes ca nnot caus e for warding loops, they can pa ss dire ctly th rough to the Span ning Tre e forwardi ng state . Specify ing Edge Ports provide s[...]
-
Page 101
S PANN ING T RE E P RO TO CO L C ONFIGURATION 2-69 We b – Click Spanning T ree, STP Port Conf iguratio n or STP T runk Configu ration. Mo dify the required attributes , then clic k Apply. CLI – Thi s exampl e sets ST P attribu tes for por t 5. Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 128 3-123 Consol[...]
-
Page 102
C ONFIGURING THE S WIT CH 2-70 VLAN Configuration In con vention al networks with r outers, broadcast traffic is split up into se parate do mains. Switche s do not inh erent ly suppo rt broad cast domai ns. Thi s can lead to br oadcast sto rms i n la rge netw orks that ha ndle traffi c such as IP X or NetB EUI. By usin g IEEE 802. 1Q-complia nt VLA[...]
-
Page 103
VLAN C ONFIGURATION 2-71 • End statio ns can be long to mult iple VLANs • Passing traffic between VLAN -aware and VLAN-una ware devi ces • Priority tagging Assigning Ports to VLANs Before enabling VLANs fo r the switch, you must first assi gn each port to the VLAN group (s) in w hich it will part icip ate. By defaul t all ports are assigned t[...]
-
Page 104
C ONFIGURING THE S WIT CH 2-72 Port Overlapping – Port overlapping can be used to allo w access to co mmonly shared n etwork r esourc es amon g differe nt VLA N groups , such as file server s or print ers. Not e that if you implem ent VLANs wh ich do not over lap, but stil l need t o communi cate, y ou can co nnect t hem by using a Layer- 3 route[...]
-
Page 105
VLAN C ONFIGURATION 2-73 hosts, and co re swit ches in the netw ork, en able GVRP o n the li nks between these devices . Y ou should also de termine sec urity boundar ies in t he net work and di sable GV RP on po rts to p revent advert isements being propagate d, or forb id port s from j oining restri cted VLANs. Note: If you have host devi ces th [...]
-
Page 106
C ONFIGURING THE S WIT CH 2-74 Displaying Basic VLAN Information Comma nd Attribut es • VLAN Version Number – The V LAN ve rsion u sed by this switc h as specified in t he IEEE 802. 1Q standard. (We b interfac e only.) • Maximu m VLAN I D – M aximu m VLAN ID r ecog nized by thi s switch. • Maximum Number of Supported V LANs – Maxi mum n[...]
-
Page 107
VLAN C ONFIGURATION 2-75 Displaying Current VLANs The V LAN C urrent T able s hows the cu rren t port memb ers of e ach VLAN and whet her or not th e port suppo rts VL AN taggin g. Port s assig ned to a lar ge VLAN gro up that c rosses several swit ches should use VLAN tagging . However , if you jus t want to create a small port -based VLAN for one[...]
-
Page 108
C ONFIGURING THE S WIT CH 2-76 We b – Cli ck VL AN, VL AN Cu rrent T able. Selec t any ID fr om the scro ll-down li st. Command Attributes for CL I Interface • VLAN – ID of con figured VLAN (1-40 94, no le ading z eroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatic ally learn ed vi a GVRP. - Static : Added [...]
-
Page 109
VLAN C ONFIGURATION 2-77 • Status – Shows if thi s VLAN is enabled or disable d. - Active : VLA N is oper atio nal. - Suspend : VLAN is suspen ded; i.e ., does not pas s packe ts. • Ports / Channel groups – Shows the VLAN int erface members. CLI – Cur rent V LAN inform ation can be dis played wit h the follo wing command . Creating VLANs [...]
-
Page 110
C ONFIGURING THE S WIT CH 2-78 • Status – Shows if t his VLAN is enabled or dis abled (Web ). - Enable : VLAN is oper ational . - Disable : VLAN is suspend ed; i.e., does n ot pass packet s. • State – Shows if thi s VLAN is e nabled or d isabled (C LI). - Active : VLAN is oper ationa l. - Suspend : VLAN is suspen ded; i.e ., does not pas s [...]
-
Page 111
VLAN C ONFIGURATION 2-79 Adding Interfaces Based on Membership Type Use the VLA N Static Table to mod ify the settin gs for an exis ting VLAN. Y ou can add or delet e port membe rs for a VLA N, disab le or enable VLAN tagging for any port , or preve nt a port f rom b eing automat icall y added t o a VLAN via th e GVRP pr otocol . (Note that VLAN 1 [...]
-
Page 112
C ONFIGURING THE S WIT CH 2-80 • Member ship Type – Sele ct VLAN membership for eac h inter face by mar king the ap propri ate radio bu tton for a po rt or trunk: - Tagged : Interf ace is a mem ber of the VLAN. Al l packets transmit ted by the port w ill be tagg ed, that i s, carry a tag and there fore car ry VLAN or CoS inf ormation. - Untagge[...]
-
Page 113
VLAN C ONFIGURATION 2-81 We b – Click VL AN, VLA N Stati c T abl e. Select a VLAN ID from the scro ll-down li st. Mo dify the VLAN name and stat us if r equired. Select the members hip type by marki ng the approp riate ra dio button in the l ist of ports or trunk s. Clic k Apply. CLI – The foll owin g example shows ho w to add tagged an d unta [...]
-
Page 114
C ONFIGURING THE S WIT CH 2-82 Adding Interfaces Based on Static Membership Use the VLAN S tatic M embership by Por t menu t o assig n VLAN groups to the selec ted inte rface add an inter face to th e selecte d VLAN as a tagged member . Comma nd Attribut es • Interface – Port or tru nk identi fier. • Member – VLAN s for which the sele cted [...]
-
Page 115
VLAN C ONFIGURATION 2-83 CLI – Thi s exampl e adds Po rt 3 t o VLAN 1 as a tagge d port, and remove s Po rt 3 f rom VL AN 2. Configuring VLAN Behavior for Interfaces Y o u can conf igur e VLAN behavi or for sp ecifi c inter faces , inc luding the de fault VLAN id entifier (PVID), accepted frame types , ingress filter ing, GV RP statu s, and GA RP[...]
-
Page 116
C ONFIGURING THE S WIT CH 2-84 • Acceptable F rame Type – Sets the interfac e to accept all frame types , inclu ding ta gged or u ntagge d frames , or onl y tagg ed frames. W hen set t o rece ive all fr ame types, any re ceived frames that ar e untag ged are assign ed to the default VLAN. (Option: Al l, Tagged; Default: All) • Ingress Fi lter[...]
-
Page 117
VLAN C ONFIGURATION 2-85 • GARP Leave Timer * – The interval a port wa its before leaving a V LA N gr ou p . T hi s t i me sh o ul d b e se t t o m o re th an t wi ce t he join ti me. Thi s ensure s that af ter a Leave or LeaveAl l message has be en issu ed, the applic ants can re join b efore th e port actuall y leaves the grou p. (Rang e: 60-[...]
-
Page 118
C ONFIGURING THE S WIT CH 2-86 We b – Click VLAN, VLA N Port Con figurati on or VLAN T runk Configu ration. Fill in t he requi red setti ngs for e ach in terface, c lick Apply. CLI – Thi s exampl e sets port 1 t o acce pt only t agged fr ames, assigns PVID 3 as the nat ive VLAN ID, enable s GVR P , sets t he GARP tim ers, and th en sets t he sw[...]
-
Page 119
C LASS OF S ERVICE C ONFIGURATION 2-87 Class of Servi ce Configuration Class of Service (CoS) allows yo u to speci fy whic h dat a packe ts have g reater p receden ce when tra ffic is buffered in the swit ch due to co ngesti on. Thi s swi tch su pports CoS with four pr iori ty queue s for each port . Data p ackets i n a por t’s high -prior ity qu[...]
-
Page 120
C ONFIGURING THE S WIT CH 2-88 Comma nd Attribut es • Default Priority – The pr iority that is assigne d to untagge d frames re ceive d on the spe cified p ort. (Range : 0 - 7, Defaul t: 0) • Number of Egre ss Traffic Classe s – The number of que ue buffers provided for each port. We b – Click Prio rity, De fault Por t Prior ity or Def au[...]
-
Page 121
C LASS OF S ERVICE C ONFIGURATION 2-89 Mapping CoS Values to Egress Queues This swi tch proces ses Class of Service (CoS) prio rity tagged traffic by usi ng fo ur prior ity qu eues f or each port , with se rvice s chedul es base d on W eighted Round R obin (WR R). Up to eigh t sep arate traffic p riorit ies are defined i n IEEE 802.1p . The de faul[...]
-
Page 122
C ONFIGURING THE S WIT CH 2-90 • Priority – CoS value. (Range: 0 to 7, wher e 7 is the highest priority ) • Traffic Class – Out put queu e buffe r. (Ran ge: 0 - 3, wh ere 3 is the hi ghes t CoS p riorit y queu e) Priority Level Traffic Type 1 Background 2 (Spare) 0 (default) Best Effort 3 Excellent Effort 4 Controlled Load 5 Video, less tha[...]
-
Page 123
C LASS OF S ERVICE C ONFIGURATION 2-91 We b – Click Pri ority, Traffic Classes . Assign prio rities to the output queues , then cl ick Apply. CLI – The following example shows how t o map CoS values 0, 1 and 2 t o CoS pr iority queue 0, value 3 to Co S priorit y queue 1, value s 4 and 5 to CoS prio rity que ue 2, and values 6 and 7 to CoS prior[...]
-
Page 124
C ONFIGURING THE S WIT CH 2-92 Setting the Service Weight for Traffic Classes This switch uses t he W eighted R ound Ro bin (WRR ) algo rith m to determine the frequ ency at which it serv ices each priori ty queu e. As de scribe d in “Map ping CoS V alues t o Egress Queues” on page 2-89, t he traffic c lasses are mapp ed to one of th e four egr[...]
-
Page 125
C LASS OF S ERVICE C ONFIGURATION 2-93 CLI – The followin g example sho ws how to assign WRR weights of 1, 4, 16 and 64 to the CoS p riori ty queue s 0, 1, 2 and 3. Mapping Layer 3/4 Priorities to CoS Values This switch suppo rts a com mon met hod of priori tizing layer 3 /4 traffic to me et appl icatio n requi reme nts. T raffic pr ioriti es ca [...]
-
Page 126
C ONFIGURING THE S WIT CH 2-94 Selecting IP Precedence/DSCP Priority The s witch al lows you to choo se b etween u sing IP P recede nce or DSCP priori ty. Sele ct one of the methods or dis able thi s feat ure. Command Attributes • IP Precedence/DSCP Priority S tatus – Sele cts IP Pr ecedenc e, DSCP, or dis ables bo th pri ority s ervic es. We b[...]
-
Page 127
C LASS OF S ERVICE C ONFIGURATION 2-95 networ k contr ol, and t he othe r bits for var ious app licatio n type s. T oS bits are defined in the foll owing table. Command Attributes • IP Precedence Priority Table – Shows the IP Preced ence to CoS map. • Class of Servic e Value – Maps a CoS value to the selected IP Prece ndence v alue. Note t [...]
-
Page 128
C ONFIGURING THE S WIT CH 2-96 We b – Cli ck Priori ty, I P Preceden ce Prio rity . Select an IP Preced ence val ue from the IP P receden ce Prio rity T able by clicki ng on i t with yo ur curs or , ente r a value in the Class of Servi ce V alue fi eld, and t hen clic k Apply. B e sure to also select IP Preced ence from the IP Precede nce/DSCP Pr[...]
-
Page 129
C LASS OF S ERVICE C ONFIGURATION 2-97 CLI – The follow ing example glob ally enable s IP Pr ecedence servic e on the switch, maps IP Preced ence val ue 1 to CoS value 0 on por t 5, and then di splays all the IP Prec edence set tings f or that port. (N ote that th e settin g is global an d applies to all por ts on the switch.) Mapping DSCP Priori[...]
-
Page 130
C ONFIGURING THE S WIT CH 2-98 that all the DSCP values that ar e not spec ified a re mapp ed to CoS valu e 0. Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS m ap. • Class of Service Valu e – Maps a CoS val ue to t he sele cted DSCP Pri ority va lue. Note that “0” repr esents low prio rity and “7” re prese[...]
-
Page 131
C LASS OF S ERVICE C ONFIGURATION 2-99 We b – Cli ck Priori ty, I P DSCP Pr iority . Select a DSCP p riority v alue from t he DSCP P riority T able by c licking on it wi th your c ursor , enter a value i n the Clas s of Serv ice V al ue fiel d, and th en click Apply. Be sure t o also sel ect IP DSC P from the IP Preced ence/ DSCP Prior ity Statu [...]
-
Page 132
C ONFIGURING THE S WIT CH 2-100 CLI – The following example globally enables DSCP P riority servi ce on t he swit ch, map s DSCP v alue 1 to CoS va lue 0 on port 5, and t hen dis plays all t he DSCP Priority settin gs for t hat port. (Note that the se tting is global an d applies to all ports on the switch.) Port Trunk Configuration Ports can be [...]
-
Page 133
P ORT T RUNK C ONFIGURATION 2-101 another device are also config ur ed as LACP , the switch an d the other de vice wil l negotiat e a trun k link bet ween the m. If an LACP trunk consis ts of m ore than f our por ts, all other ports wil l be placed in a st andby mo de. Sh ould one link in the t runk fail , one o f the stand by ports wil l automatic[...]
-
Page 134
C ONFIGURING THE S WIT CH 2-102 • All t he port s in a tr unk have t o be t reated as a whole when moved from/to, added or deleted from a VLA N. • STP, VLAN, and IGMP s ettin gs can only be made for the en tire trunk. Dynamically Configuring a Trunk with LACP Command Usage • To avoi d creatin g a loop in the ne twork, be sure you enable LACP [...]
-
Page 135
P ORT T RUNK C ONFIGURATION 2-103 We b – Click T runk, LACP Configu rat ion. Sele ct any of the s witch port s from the sc roll-dow n port list an d clic k Add. A fter you have comple ted adding ports to th e member list, clic k Apply. b_mgmt.book Page 103 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 136
C ONFIGURING THE S WIT CH 2-104 CLI – The fo llowin g exampl e enab les LA CP for p orts 10 and 11. Just connect thes e port s to t wo LACP-e nabled tr unk por ts on another switch to form a trunk. Statically Configuring a Trunk Command Usage • When c onfiguri ng stati c trun ks, yo u may no t be abl e to lin k switc hes of differ ent types, de[...]
-
Page 137
P ORT T RUNK C ONFIGURATION 2-105 We b – Clic k T runk, T runk Con figuration . Enter a trunk ID of 1 -6 in the T runk field , select any of the s witch por ts from the scroll -down port li st, and click A dd. Aft er you have complet ed addin g ports to the member list, click Apply. b_mgmt.book Page 105 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 138
C ONFIGURING THE S WIT CH 2-106 CLI – This exa mple cr eates trunk 1 w ith por ts 11 and 12 . Just connec t these ports t o two s tatic tr unk ports on anot her swi tch to form a trunk. Configuring SNMP The s witch in cludes an onboar d agent that c ontinuo usly monit ors the status of its hardwar e, as well as the tr affic pa ssing thro ugh its [...]
-
Page 139
C ONFIGURING SNMP 2-107 submi t a valid c ommunity string f or authent ication . The op tions for conf iguring c ommunit y stri ngs and related trap fu nctions are descr ibed in the foll owing se ctions . Setting Community Access Strings Y ou may c onfigure up to fiv e commun ity st rings authori zed fo r managem ent acce ss. For se curity reasons,[...]
-
Page 140
C ONFIGURING THE S WIT CH 2-108 We b – Click SNMP , SNMP Configuration. E nter a new string in the Commu nity Strin g box an d selec t the ac cess ri ghts f rom the Access Mode drop -down list , then clic k Add. CLI – The follow ing example adds th e stri ng “spide rman” with read/wri te access. Console(config)#snmp-server community spiderm[...]
-
Page 141
C ONFIGURING SNMP 2-109 Specifying Trap Managers Y ou can s pecify up to fi ve manag ement st ations th at will receive authent icat ion fai lure mes sages and othe r trap message s fro m the switch. Command Usage • If you do not e nter a trap manag er host IP address , no noti ficati ons are s ent. In or der to c onfig ure the sw itch to send SN[...]
-
Page 142
C ONFIGURING THE S WIT CH 2-110 We b – Click SNMP , SNMP Configurati on. Fill in the Tr ap Manager IP Addr ess box a nd the Trap Manag er Comm unity S tring bo x, mark En able Authe nticati on T raps if required, and then click Add. CLI – This example adds a trap manager and enabl es authenti cation traps. SNMP IP Filtering T h e s w i t c h a [...]
-
Page 143
C ONFIGURING SNMP 2-111 IP address 192.168.1 .1 and mask 255.25 5.255.25 5 — Sp ecifies a valid IP address of 192.1 68.1.1 o nly. Note: IP f ilter ing doe s not af fect manage ment ac cess to the switch usin g the We b interfa ce or T elne t. Comma nd Attribut es • IP Filter List — Disp lays a list of the IP addre ss/subne t mask entrie s cur[...]
-
Page 144
C ONFIGURING THE S WIT CH 2-112 We b – Click SNMP , SNMP IP Filtering. T o add an IP address, type the ne w IP addre ss in the IP Add ress box, type the appro priate subnet mask in the Subnet Mask box, and then clic k “Add IP Filter ing E ntry.” To delete an IP add ress, cl ick the entry i n the IP Filt er List , and th en clic k “Remo ve I[...]
-
Page 145
M ULTI CAST C ONFIGURATION 2-113 Multicast Configuration Multic asting is used to supp ort re al-time applicati ons such as video confe rencing or st reaming audio. A multi cast serv er doe s not h ave to es tablish a separa te connec tion wit h each c lient. It merely broadcas ts its serv ice to the n etwork , and any host s that want to recei ve [...]
-
Page 146
C ONFIGURING THE S WIT CH 2-114 Command Usage • IGMP Snooping – T his swi tch ca n passi vely sno op on I GMP Query and Re port packets transferred b etween IP multicast router s/swit ches and I P mult icast ho st groups to ide ntify the IP multicast gr oup members. It simply moni tors the IGM P packets passing through it, picks out th e group [...]
-
Page 147
M ULTI CAST C ONFIGURATION 2-115 • IGMP Query Count — Sets the maxi mum numbe r of queri es issu ed for wh ich ther e has be en no res ponse be fore the switch takes act ion to drop a client from the m ulticast gr oup. (Default : 2, Rang e: 2 - 1 0) • IGMP Query Interval — Sets the frequenc y (in se conds) at which t he switc h sends IG MP [...]
-
Page 148
C ONFIGURING THE S WIT CH 2-116 We b – Click IGMP , IGMP Con figurati on. Adjust the IGMP settin gs as requi red, and t hen click App ly. (The def ault set tings are sho wn below .) CLI – Thi s exam ple mo difies the se ttings for mul ticast filt ering, a nd then di splays th e current status. Console(config)#ip igmp snooping 3-149 Console(conf[...]
-
Page 149
M ULTI CAST C ONFIGURATION 2-117 Interfaces Attached to a Multicast Router Multic ast rout ers use the inf ormation obt ained from IGMP Query, along wi th a mul ticast r outing protoc ol such as DVMRP , to su pport IP multi casting acr oss the Interne t. These ro uters may be dynamic ally di scovered by the switch or stati cally assign ed to an int[...]
-
Page 150
C ONFIGURING THE S WIT CH 2-118 CLI – This exampl e shows th at Po rt 1 1 has been stat ically configured as a port attach ed to a multicast router . Specify ing Int erfaces A ttached to a Mul ticast Router Depend ing on y our net work conn ections, IGMP sno oping ma y not always be able to locate the I GMP quer ier . Therefor e, if th e IGMP que[...]
-
Page 151
M ULTI CAST C ONFIGURATION 2-119 We b – C lic k IGM P , S tat ic Mu ltic as t Router P ort Co nfiguration . Specify th e inter faces attached to a multicast ro uter , indicate the VLAN which wil l forward all th e correspo nding multi cast traffic, and then c lick Add. After you have completed adding int erfaces to the li st, cl ick Ap ply. CLI ?[...]
-
Page 152
C ONFIGURING THE S WIT CH 2-120 • Multicast Group Port List – Po rts propagating a multicast servi ce; i.e. , ports that belon g to t he indic ated VLA N group. We b – Cl ick IG MP , IP Multic ast R egistra tion T able . Selec t the VLAN ID and mult icast IP addr ess. The switch will d isplay a ll the po rts that are propagating th is mu ltic[...]
-
Page 153
M ULTI CAST C ONFIGURATION 2-121 Adding Multicast Addresses to VLANs Multic ast filter ing c an be dynam ically configur ed usin g IGMP Snoo ping a nd IG MP Qu ery me ssag es as descri bed in “Con figuri ng IGMP P arameters” on page 2-113 . For certain application that requir e tighter c ontrol , you ma y need to s tatica lly confi gure a mult [...]
-
Page 154
C ONFIGURING THE S WIT CH 2-122 We b – Click IGMP , IGMP Member Por t Ta ble. Specify t he interface attached to a multicast service (v ia an IGMP-enab led switc h or multic ast router ), indicate th e VLAN that wil l propagate th e multi cast servic e, spec ify the mul ticast IP addre ss, and t hen clic k Add. A fter yo u have c ompleted adding [...]
-
Page 155
S HOWIN G D EVICE S TATI STIC S 2-123 each port. This information can be u sed to id entify pot ential probl ems with t he swit ch (suc h as a f aulty p ort or unusuall y heavy load ing) . RMO N stat istic s pro vid e acc ess to a broad r ange of stati stics, inc luding a tot al count of dif ferent fram e types and siz es passi ng through eac h por[...]
-
Page 156
C ONFIGURING THE S WIT CH 2-124 Received Errors The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. Transmit Octets The total number of octets transmitted out of the interface, including framing characters. Transmit Unicast Packets The total number of packets that higher-level proto[...]
-
Page 157
S HOWIN G D EVICE S TATI STIC S 2-125 FCS Errors A count of frames received on a particular interface that are an i ntegral number of octets in length but do not pass the FCS check. This count does not include frames received with frame-too-long or frame-too-short error. Excessive Collisions A count of frames for which transmission on a particular [...]
-
Page 158
C ONFIGURING THE S WIT CH 2-126 RMON Stati stics Drop Events The total number of events in which packets were dropped due to lack of resources. Jabbers The total number of frames received that were longer than 1518 octets (excludi ng framing bits, but including FCS octets), and had either an FCS or alignment error. Received Bytes Total number of by[...]
-
Page 159
S HOWIN G D EVICE S TATI STIC S 2-127 64 Bytes Frames The total number of frames (including bad packets) received and transmitted that were 64 octets in length (excluding framing bits but including FCS octets). 65-127 Byte Frames 128-2 55 Byte F rames 256-5 11 Byte F rames 512-1023 Byte Frames 1024- 1518 By te Frames 1519- 1536 By te Frames The tot[...]
-
Page 160
C ONFIGURING THE S WIT CH 2-128 We b – Click Statist ics, Por t Statist ics. Se lect the required interface , and the n click Query. Y ou can also use th e Refres h butt on at the bottom of the page to update the scre en. b_mgmt.book Page 128 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 161
801.1X P ORT A UTHENTIC ATION 2-129 CLI – This exampl e shows stat istic s for port 13. 801.1X Port Authen ticati on Netwo rk switch es can pr ovide op en and easy access to netwo rk resour ces by simply att aching a c lient PC. Althoug h this au tomati c configuration and access is a de si rable feature, it also allows unautho rized p ersonnel t[...]
-
Page 162
C ONFIGURING THE S WIT CH 2-130 The IE EE 802.1 x (dot1x ) standard define s a port- based acce ss contro l pr ocedu re that preve nts un author ized access to a network by requ iring users to fir st ent er a us er ID an d pass word for authenti cation. Acce ss to all switch ports in a network can be central ly contro lled from a ser v er , which m[...]
-
Page 163
801.1X P ORT A UTHENTIC ATION 2-131 and the passwo rd, as we ll as se lecting MD5 as t he authen tication meth od. • An acces sible and func tioning RADIUS se rver. 802.1x Port Configuration The 80 2.1x pr otocol includ es param eters that con trol t he clie nt authent icat ion proces s that r uns bet ween the c lient and t he swi tch (i.e., au t[...]
-
Page 164
C ONFIGURING THE S WIT CH 2-132 plugge d into a switch p ort. (Def ault : Dis abled) • Max Re q — Sets the m aximu m numbe r of t imes t he swi tch po rt will retransm it an EA P reque st pac ket to the cli ent bef ore it times out the authenti cation s ession. (Ran ge: 1-10 ; Default 2) • Quiet/Period — Sets the ti me tha t a sw it ch port[...]
-
Page 165
801.1X P ORT A UTHENTIC ATION 2-133 • Trunk — Ind icates if the port is config ured as a t runk por t. T o save any ch anges yo u make in t his page, click Apply Changes . If yo u don’t want to save th e change s, cli ck Refresh . CLI – Thi s exampl e shows configu rable feat ures for p ort 13. Console(config)#interface ethernet 1/13 Consol[...]
-
Page 166
C ONFIGURING THE S WIT CH 2-134 802.1x Statistics The 80 2.1x pr otocol i ncludes statist ics for 8 02.1x pro tocol exchanges for any port. Statistical Values Parameter Description Rx EXPOL Start The number of EAPOL Start frames that hav e been received by this Authenticator. Rx EAPOL Logoff T he number of EAPOL Logoff frames that have been receive[...]
-
Page 167
801.1X P ORT A UTHENTIC ATION 2-135 b_mgmt.book Page 135 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 168
C ONFIGURING THE S WIT CH 2-136 b_mgmt.book Page 136 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 169
3-1 C HAPTER 3 C OMMAND L INE I NTERFACE This chapter d escri bes how t o use the Comman d Line In terface (CLI). Using the Command Line Interface Accessing the CLI When ac cessin g the manageme nt interface for th e switc h over a direc t connec tion to the serv er’s cons ole p ort, or via a T elnet connec tion, the swit ch can be manag ed by en[...]
-
Page 170
C OMMAND L INE I NTER FACE 3-2 3. Wh en finish ed, exit th e session with the “ quit” or “exi t” command. Aft er conn ecting to the syst em throug h th e conso le port , the lo gin screen display s: Telnet Connection T elnet operates over the IP t ransport p rotocol. I n this envir onment, your ma nagement station an d any net work devi ce [...]
-
Page 171
U SING THE C OMMAND L INE I NTER FACE 3-3 After you confi gure the s witch wit h an IP addr ess, yo u can ope n a T elne t session b y perfo rmin g these st eps. 1. From the remot e host , enter the T elnet c ommand and the IP addr ess of th e device you want to acc ess. 2. At th e prompt, ente r the user name and system password. The CLI wi ll dis[...]
-
Page 172
C OMMAND L INE I NTER FACE 3-4 Entering Commands This s ecti on de scribes how to en ter CLI com mands . Keywords and Arguments A CLI comm and is a seri es of keywor ds and arg uments. Ke ywords identi fy a command, and ar guments specify co nfigurat ion para meters . For exampl e, in the command “sho w interfaces status ethernet 1/ 5,” show in[...]
-
Page 173
E NTER ING C OMMANDS 3-5 Command Completion If you ter minate input with a Tab key, the CLI wil l print the remaini ng characte rs of a p artial keyword up t o the po int of ambigu ity. In the “c onfigure” examp le, typing con followed by a tab will res ult in pr inting the co mmand up t o “ config ur e .” Getting Help on Commands Y ou can [...]
-
Page 174
C OMMAND L INE I NTER FACE 3-6 keywords for a s pecific c ommand. For example, the comman d “ show ? ” displ ays a lis t of poss ible s how command s: The comm and “ show inter f aces ? ” will dis play th e following info rma tio n: Partial Keyword Lookup If yo u terminate a partia l keyword with a qu estion mark, alternatives that mat ch t[...]
-
Page 175
E NTER ING C OMMANDS 3-7 not to leave a space b etween the command and q uestion mark.) For exampl e “ s? ” shows all the keywords s tarting w ith “s. ” Negating the Effect of Commands For ma ny confi gurati on co mmands yo u can enter th e pref ix keyword “ no ” to cancel the effec t of a command or re set the confi gurat ion to th e d[...]
-
Page 176
C OMMAND L INE I NTER FACE 3-8 the commands available for th e current mode. The command classes and asso ciated mod es are display ed in the foll owing table: Exec Commands When yo u open a new consol e sess ion on s witch w ith the user name “g uest,” the syste m enters Nor mal Exec c omman d mode (or guest m ode). Onl y a limited number o f [...]
-
Page 177
E NTER ING C OMMANDS 3-9 Configuration Commands Confi guration c ommands are pri vileged level co mmands us ed to modi fy swit ch settin gs. Th ese comm ands modify the runn ing config uration o nly and are not saved whe n the switch is reboote d. T o store the runnin g confi guration i n nonvolati le storag e, use the copy running-config startup-c[...]
-
Page 178
C OMMAND L INE I NTER FACE 3-10 T o enter th e Glob al Confi gurati on mode, ente r the command confi gur e in Privil eged Ex ec mod e. The sy stem p rompt wi ll change to “Con sole(config )#” whic h gives yo u acces s privil ege to all Glob al Conf igurati on comman ds. T o enter Int erface, Line Confi guration, or VLA N mode, you mu st enter [...]
-
Page 179
E NTER ING C OMMANDS 3-11 charac ter to displ ay a list of po ssible m atches. Y ou can also use the follo wing editin g keyst rokes fo r comm and-line process ing: Keystroke Function Ctrl-A Shifts cursor to start of command line . Ctrl-B Shifts cursor to the left one character . Ctrl-E Shi fts cursor to end of command line. Ctrl-F Shifts cursor to[...]
-
Page 180
C OMMAND L INE I NTER FACE 3-12 Command Groups The s ystem co mmands c an be bro ken down i nto the functi onal groups shown be low . Command Group Description Page General Basic commands for entering privileged access mode, restarting the system, or quitting the CLI 3-14 Flash/File Manages code image or switch configuration files 3-20 System Manag[...]
-
Page 181
C OMMAND G RO U P S 3-13 Note that th e access mode s hown in t he followi ng tabl es is indic ated by th ese abbr eviati ons: NE (Normal Exec) PE (Pri vilege d Exec ) GC (Global Conf iguration ) IC (Interface Con figurati on) LC (Line Configurat ion) VC (VLAN Database Con figuration ) IGMP Snooping Configures IGMP multicast filtering, querier elig[...]
-
Page 182
C OMMAND L INE I NTER FACE 3-14 General Commands enable Use thi s command to activ ate Priv ileged Exec mode. In privile ged mode, addition al commands ar e av ailable , and certain commands displa y additional information. See “Unde rstanding Command Modes” on pa ge 3-7. Syntax enable [ level ] leve l - Pri vilege l evel to l og into the devic[...]
-
Page 183
G ENERAL C OMMANDS 3-15 Command Mode Norm al Exec Command Usage • “supe r” is the defaul t password re quired to chan ge the command m ode from Nor mal Exec to Privil eged Exec . (To set this p asswor d, see t he enable password comman d on p age 3-31. ) • The “#” characte r is appended to the end of the promp t to indicat e that th e s[...]
-
Page 184
C OMMAND L INE I NTER FACE 3-16 Command Mode Privil eged Exe c Command Usage The “> ” character i s appended to the en d of the prompt to indic ate that the s ystem i s in nor mal access mo de. Example Related Commands enable (3- 14) configure Use t his co mmand to activ ate Glob al Confi guratio n mode. Y ou must ent er this mode to modify [...]
-
Page 185
G ENERAL C OMMANDS 3-17 show history Use t his co mmand t o show t he con tents of the c ommand history buf fer . Default Setti ng None Command Mode Normal Ex ec, Pri vileged Exec Command Usage The his tory bu ffer size i s fixe d at 20 comm ands. Example In this exampl e, the sh ow hist ory comm and li sts the co ntents of the c ommand hist ory bu[...]
-
Page 186
C OMMAND L INE I NTER FACE 3-18 reload Use th is com mand to restar t the sy stem. Note: When the sy stem is restart ed, it w ill alway s run the Power-On Self-Test. It will also retain all co nfiguratio n infor mation store d in nonv olatile m emory by the copy running-config startup-config command . Default Setti ng None Command Mode Privil eged [...]
-
Page 187
G ENERAL C OMMANDS 3-19 Example This example s hows how to ret urn to the P rivileg ed Exec mode from t he Inte rface Conf iguration mode: exit Use this com mand t o return to the previo us con figurat ion mode or exit the confi gurati on prog ram. Default Setti ng None Command Mode Any Example This example s hows how to ret urn to the P rivileg ed[...]
-
Page 188
C OMMAND L INE I NTER FACE 3-20 Command Mode Normal Ex ec, Pri vileged Exec Command Usage The qui t and exi t commands c an both ex it the con figurat ion program. Example This ex ample show s how to quit a CLI sessio n: Flash/Fil e Commands These co mmand s are us ed to mana ge system code and config uration f iles. Console#quit Press ENTER to sta[...]
-
Page 189
F LASH /F ILE C OMMANDS 3-21 copy Use thi s co mmand to move (up load/down load) a c ode im age or conf igurati on fil e between the sw itch ’s Flash memo ry and a TFTP serve r . When you sa ve the sys tem code or confi gura tion sett ings to a file on a TF TP ser ver , that fi le can lat er be down loaded to the switch t o rest ore sy stem op er[...]
-
Page 190
C OMMAND L INE I NTER FACE 3-22 Command Usage • The syste m prom pts fo r data requir ed to comple te th e copy command . • The file n ames are case sensi tive. T he destin ation file name should not con tain slashe s ( or /), the leadin g lett er of the file name shou ld not be a period (.), and the maxi mum lengt h for file na mes on t he TF[...]
-
Page 191
F LASH /F ILE C OMMANDS 3-23 The f ollowing example shows ho w to co py the runn ing configuration to a startup file. The fol lowing e xample shows how to download a co nfigurat ion file: This exam ple sh ows how to copy a secure-s ite cert ificat e from an TFTP serve r . It then rebo ots the swi tch to activat e the certifi cate: delete Use this c[...]
-
Page 192
C OMMAND L INE I NTER FACE 3-24 Command Mode Privil eged Exe c Command Usage • If the file type is used for system startup, then this file cannot be delet ed. • “Factory_D efault_ Config .cfg” ca nnot be delete d. Example This example shows how to delete the te st2.cf g con figurat ion fil e from F lash memory . Related Commands dir (3- 24)[...]
-
Page 193
F LASH /F ILE C OMMANDS 3-25 Command Mode Privil eged Exe c Command Usage • If you enter the co mmand dir without any parame ters, the system di splays all file s. • File informati on is s hown below: Example The fol lowing e xample sh ows how t o display all fil e informa tion: whichboot Use thi s co mmand to display which fil es boot ed. Defa[...]
-
Page 194
C OMMAND L INE I NTER FACE 3-26 Command Mode Privil eged Exe c Example This ex ample show s the informa tion di splayed by the whichboot comma nd. See t he table on the previou s page f or a desc riptio n of the fil e information dis played by th is command. boot system Use t his comma nd to spec ify the fi le or image used to star t up th e system[...]
-
Page 195
S YSTEM M ANA GEM ENT C OMMANDS 3-27 Command Usage • A colon (:) i s requi red afte r the sp ecified fi le typ e. • If the file contain s an error , it ca nnot be s et as the default file. Example Related Commands dir (3- 24) whichbo ot (3-25) System Management Commands These commands are used to control system logs , passwords , user name, bro[...]
-
Page 196
C OMMAND L INE I NTER FACE 3-28 ip http server Allows the switch to be monitored or configured from a browser GC 3-34 ip http secure- serv er Enables the HTTPS server on the switch GC 3-35 ip http secure- port Specifies the UDP port number used for HTTPS connection to the switch’s Web interface GC 3-36 Secu re She ll Com mands ip ssh server Enabl[...]
-
Page 197
S YSTEM M ANA GEM ENT C OMMANDS 3-29 hostname Use t his co mmand to specify or mo dify t he host nam e for this devi ce. Use t he no form to restore th e defaul t host na me. Syntax hostname name no hostname name - The name of th is host. ( Maxim um length : 255 characters) Default Setti ng None Command Mode Global Co nfiguratio n Example System St[...]
-
Page 198
C OMMAND L INE I NTER FACE 3-30 username Use thi s command to req uire user name aut hentic ation at logi n. Use the no for m to remove a user na me. Syntax userna me name { access-level level | nopassword | passwor d { 0 | 7 } passwor d } no userna me name • name - The name of the us er. Up to 8 charact ers, case se nsitive. Maxi mum numb er of [...]
-
Page 199
S YSTEM M ANA GEM ENT C OMMANDS 3-31 Command Usage The enc rypted p assword is requi red for co mpatib lity with legacy passwor d setting s (i.e., pl ain text or encr ypted) when reading the con figurati on file during s ystem bo otup or when down load ing the config urati on file from a TFTP se rver . The re is no nee d for yo u to m anual ly conf[...]
-
Page 200
C OMMAND L INE I NTER FACE 3-32 Default Setti ng This d efault p asswor d is “super ” Command Mode Global Co nfiguratio n Command Usage The enc rypted p assword is requi red for c ompatiblit y with legacy passwor d setting s (i.e., pl ain text or encr ypted) when reading the con figurati on file during s ystem bo otup or when down load ing the [...]
-
Page 201
S YSTEM M ANA GEM ENT C OMMANDS 3-33 Command Usage • This switch pr ovide s more ef ficien t throug hput fo r large sequen tial data tran sfers by support ing jumb o frames up to 9000 byte s. Comp ared to standar d Ether net frames th at run only up to 1.5 KB, us ing jumbo frames sig nificantly reduces t he per-p acket ov erhead r equired to pr o[...]
-
Page 202
C OMMAND L INE I NTER FACE 3-34 Command Mode Global Co nfiguratio n Example Related Commands ip htt p serv er (3-34) ip http server Use this command to allow th is device to be mon itore d or config ured from a browser . Use the no f orm to disab le this func tion. Syntax ip http server no ip http server Default Setti ng Enab led Command Mode Globa[...]
-
Page 203
S YSTEM M ANA GEM ENT C OMMANDS 3-35 ip http secure-server Use th is command to enable th e secure hypert ext trans fer prot ocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i .e., an e ncrypted conne ction) to the switch’s W eb interface . Use the no form to disable t his functi on. Syntax ip http secur e-server no ip ht[...]
-
Page 204
C OMMAND L INE I NTER FACE 3-36 • The following Web browser s and operati ng system s curren tly suppor t HTTPS: * T o spec ify a s ecure -site c ertific ate, se e“Replac ing th e Def ault Sec ure-si te Cert ificate” on pag e -23. Also r efer to the c opy command on p age 3-21. Example Related Commands ip htt p secu re-por t (3-36 ) ip http s[...]
-
Page 205
S YSTEM M ANA GEM ENT C OMMANDS 3-37 Command Usage • You cannot conf igure th e HTTP an d HTTPS ser vers to use the same port. • If you ch ange the HTT PS port numbe r, client s attempting to connec t to t he HTTPS s erver must sp ecify t he por t numbe r in the URL, i n this format: https:// device : port_number Example Related Commands ip htt[...]
-
Page 206
C OMMAND L INE I NTER FACE 3-38 Command Usage The timeout speci fies the i nterval th e switch will wait for a respons e from the c lient du ring the SSH negotiatio n phase. Once an SSH ses sion has be en establ ished , the time out for use r input is cont rolled b y the exec-timeout command for vt y sessions . Example Related Commands show ip ssh [...]
-
Page 207
S YSTEM M ANA GEM ENT C OMMANDS 3-39 • T h e S S H s e r v e r u s e s R S A f o r k e y e x c h a n g e w h e n t h e c l i e n t f i r s t establi shes a connect ion wit h the s witch, an d then negotiat es with th e client to se lect ei ther DES (5 6-bit) or 3DES (168 -bit) for data e ncrypti on. Example Related Commands show s sh (3-4 0) disc[...]
-
Page 208
C OMMAND L INE I NTER FACE 3-40 show ssh Use this command to display th e current Secure Shell (SSH ) server conne ctions . Command Mode Privil eged Exe c Command Usage This com mand sh ows the f ollowing information: • Session – The sessi on numb er. (Range: 0-3) • Username – The user name of the cli ent. • Version – The Secure She ll [...]
-
Page 209
S YSTEM M ANA GEM ENT C OMMANDS 3-41 Example Related Commands ip ssh (3 -37) logging on Use th is comm and to con trol lo ggin g of error me ssage s. This comma nd send s debug or error mess ages to a logging proces s. The no form disable s the logging proces s. Syntax logging on no logging on Default Setti ng None Command Mode Global Co nfiguratio[...]
-
Page 210
C OMMAND L INE I NTER FACE 3-42 Example Related Commands logg ing hi story (3-42) logg ing t rap ( 3-45 ) clear logg ing (3 -47) logging history Use this command to limit syslog me ssages sav ed to switch memory bas ed on severi ty. The no for m retur ns the l ogging of syslog message s to t he de fault le vel. Syntax logging history { flash | ram [...]
-
Page 211
S YSTEM M ANA GEM ENT C OMMANDS 3-43 * There are only Level 2, 5 and 6 error messages for the current firmware release. Default Setti ng Flash: errors (level 3 - 0) RAM: warni ngs (level 7 - 0) Command Mode Global Co nfiguratio n Command Usage The m essage le vel spe cified fo r Flash memory must b e a high er priorit y (i.e., nu merically lower) t[...]
-
Page 212
C OMMAND L INE I NTER FACE 3-44 logging host Use t his co mmand to add a sys log se rver ho st I P address that will receiv e logg ing mes sages. Use t he no form to re move a syslo g serve r host. Syntax logging host host_ip_addre ss no logging host host_ip_addr ess host_ip_address - The IP address of a sysl og server. Default Setti ng None Comman[...]
-
Page 213
S YSTEM M ANA GEM ENT C OMMANDS 3-45 logging facility Use this command to set the facility type for remo te loggin g of syslog messages . Use t he no for m to re turn the type t o the de fault. Syntax loggi ng fac ility type no logging facilit y typ e type - A numbe r that ind icates the facility used by th e syslog server to d ispatch log messages[...]
-
Page 214
C OMMAND L INE I NTER FACE 3-46 Message s sent incl ude the sel ected le vel up th rough lev el 0. Default Setti ng Level 3 - 0 Command Mode Global Co nfiguratio n Example Level Argument Level Description Syslog Definition emergencies 0 System unusable LOG_EMERG alerts 1 Immediate action needed LOG_ALERT critical 2 Critical conditions (e.g ., me mo[...]
-
Page 215
S YSTEM M ANA GEM ENT C OMMANDS 3-47 clear logging Use this co mmand to clear message s from th e log buf fer . Syntax clear logging [ flash | ram ] • flash - Event his tory sto red in Flash m emory (i.e., p ermanent memory). • ram - Event histor y stored in tem porary RAM (i.e., memory flus hed on p ower re set). Default Setti ng None Command [...]
-
Page 216
C OMMAND L INE I NTER FACE 3-48 Default Setti ng None Command Mode Privil eged Exe c Example show startup-config Use thi s command to dis play the co nfigurat ion file stor ed in nonvo latile mem ory that is us ed to start u p the system. Default Setti ng None Console#show logging flash Syslog logging: Disable History logging in FLASH: level errors[...]
-
Page 217
S YSTEM M ANA GEM ENT C OMMANDS 3-49 Command Mode Privil eged Exe c Command Usage • Use this command in conj uncti on with t he show running-config command to compare th e information in running memo ry t o the in formati on stor ed in non-vol atile memory. • This command disp lays sett ings for key c ommand mod es. Each mode gr oup is separ at[...]
-
Page 218
C OMMAND L INE I NTER FACE 3-50 Example Related Commands show ru nning-c onfig (3-5 1) Console#show startup-config building startup-config, please wait..... ! ! snmp-server community private rw snmp-server community public ro ! username admin access-level 15 username admin password 7 21232f297a57a5a 743894a0e4a801fc3 username guest access-level 0 u[...]
-
Page 219
S YSTEM M ANA GEM ENT C OMMANDS 3-51 show running-config Use this co mmand to display th e configur ation informatio n current ly in use. Default Setti ng None Command Mode Privil eged Exe c Command Usage • Use this command in conj uncti on with t he show startup-confi g command to compar e the information in running memo ry t o the in formati on[...]
-
Page 220
C OMMAND L INE I NTER FACE 3-52 Example Related Commands show s tartup-c onfig (3-48) show system Use this co mmand to display sy stem infor matio n. Default Setti ng None Command Mode Normal Ex ec, Pri vileged Exec Console#show running-config building running-config, please wait..... ! ! snmp-server community private rw snmp-server community publi[...]
-
Page 221
S YSTEM M ANA GEM ENT C OMMANDS 3-53 Command Usage • For a desc riptio n of t he items shown by this c ommand , refe r to “Displaying System Info r mation” on page 2-8 • The PO ST result s should all di splay “PASS.” If any POST test indicate s “FAIL,” co ntact your di stributo r for assistance . Example show users Shows all active [...]
-
Page 222
C OMMAND L INE I NTER FACE 3-54 Command Usage The se ssion us ed to ex ecute thi s comma nd is ind icated by a “*” symbol ne xt to t he Line (i.e ., sessio n) index numb er . Example show version Use thi s comman d to dis play hardwar e and sof tware versi on information fo r the system. Default Setti ng None Command Mode Normal Ex ec, Pri vile[...]
-
Page 223
A UTHE NTIC ATIO N C OMMANDS 3-55 Example Authentication Commands Y ou can co nfigure t he swi tch to authenti cate us ers log ging in to the system for manag ement acces s using lo cal or aut henticat ion-ser ver methods. Remot e Auth enti catio n Dial- i n User Service (RADIUS) and T erm inal Access Control ler Access C ontrol Sy stem Plus (T A C[...]
-
Page 224
C OMMAND L INE I NTER FACE 3-56 authentication login Use t his co mmand to define the l ogin aut hentic ation m ethod and prece dence. Us e the no for m t o rest ore t he de fault. Syntax authen tication lo gin {[ local ] [ radius ] [ taca cs ]} no authe ntication l ogin • local - Use lo cal auth enticat ion. • radius - Use RADIUS server au the[...]
-
Page 225
A UTHE NTIC ATIO N C OMMANDS 3-57 Command Mode Global Co nfiguratio n Command Usage • RADIUS use s UDP wh ile T ACACS+ uses TCP . UDP only offers best e ffort deliv ery, whi le TC P offers a con nectio n-orient ed trans port. Also, note that RAD IUS encry pts only the passw ord in the access -reques t pack et from t he clien t to t he ser ver. ?[...]
-
Page 226
C OMMAND L INE I NTER FACE 3-58 radius-server host Use th is command to specify t he RADIU S server . Use the no form to res tore t he defa ult. Syntax radius-serve r host host_ip_addr ess no radius-server host host_ip_address - IP addr ess of a RADI US server . Default Setti ng 10.1.0. 1 Command Mode Global Co nfiguratio n Example radius-server po[...]
-
Page 227
A UTHE NTIC ATIO N C OMMANDS 3-59 Example radius-server key Use thi s command to se t the RADI US encrypti on key. Us e the no form to restore the de fault. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to auth enticate logon access for cl ient. Do not use bla nk spaces in the string. (Maximu m lengt h: 2[...]
-
Page 228
C OMMAND L INE I NTER FACE 3-60 radius-server retransmit Use th is comma nd to set th e numb er of retri es. Us e the no form to restor e the de fault. Syntax radius-serve r retransmi t numb er_of _retries no radius-server r etransmit number_of_retries - Num ber of times the s witch will try to authenticate logon access via the RADIU S server . (Ra[...]
-
Page 229
A UTHE NTIC ATIO N C OMMANDS 3-61 Command Mode Global Co nfiguratio n Example show radius-server Use thi s command to dis play the cu rrent sett ings for th e RADIUS server. Default Setti ng None Command Mode Privil eged Exe c Example tacacs-server host Use this command to s pecify the T ACACS+ serve r . Use the no for m to res tore t he defa ult. [...]
-
Page 230
C OMMAND L INE I NTER FACE 3-62 Default Setti ng 10.11 .12. 13 Command Mode Global Co nfiguratio n Example tacacs-server port Use thi s co mmand to specify t he T ACACS+ se rver n etwork por t. Use the no form to re store t he def ault. Syntax tacacs -server p ort port_number no tacacs -server p ort port_number - T ACACS+ se rver TCP por t used for[...]
-
Page 231
A UTHE NTIC ATIO N C OMMANDS 3-63 tacacs-server key Use this command to set the T A CACS+ encryptio n key. Use th e no form to restore the de fault. Syntax tacacs -server ke y key_string no tacacs -server key key_string - Encryption key used to auth enticate logon acce ss for the client . Do not use blank spaces in the stri ng. (Maximu m lengt h: 2[...]
-
Page 232
C OMMAND L INE I NTER FACE 3-64 Example SNMP Commands Contr ols access to this switch from SNMP manag ement stations, as well as the er ror types sent to trap man agers. Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with radius server: Server port number: 49 Console# Command Function[...]
-
Page 233
SNMP C OMMANDS 3-65 snmp-server community Use thi s comman d to define the co mmunit y access str ing for the Simpl e Network Manage ment Pr otoc ol. Use th e no form to remo ve the sp ecifie d comm unity st ring. Syntax snmp-server c ommunity string [ ro | rw ] no snmp-server c ommunity string • string - Co mmunit y string that act s like a pass[...]
-
Page 234
C OMMAND L INE I NTER FACE 3-66 snmp-server contact Use t his co mmand to set th e syst em con tact stri ng. Us e the no form to remove the system co ntact in formati on. Syntax snmp-server c ontact string no snmp-server c ontact string - St ring th at des cribes the system contact in formation. (Maximu m length : 255 charac ters) Default Setti ng [...]
-
Page 235
SNMP C OMMANDS 3-67 Default Setti ng None Command Mode Global Co nfiguratio n Example Related Commands snmp-s erver contac t (3-66) snmp-server host Use this command to specify the recipien t of a Simple Netw ork Managem ent Proto col notif ication o perati on. Use t he no form to remo ve the sp ecifie d host. Syntax snmp-server host {host-addr com[...]
-
Page 236
C OMMAND L INE I NTER FACE 3-68 Default Setti ng Host Ad dress: None SNMP V ersion: 1 Command Mode Global Co nfiguratio n Command Usage • If yo u do not e nter an snmp-server host com mand, no noti ficat ions are sent. In orde r to c onfigu re the switch to sen d SNMP no tifica tions, you must ente r at least on e snmp-se rver host command. In or[...]
-
Page 237
SNMP C OMMANDS 3-69 snmp-server enable traps Use this command to enable this devic e to send Simp le Netw ork Manage ment Pr otoc ol traps ( SNMP not ificat ions). Use the no for m to disable SNMP notificati ons. Syntax snmp-server ena ble tra ps [ authen tication | link-up-down ] no snmp-serve r enable tra ps [ authenticati on | link-up-down ] •[...]
-
Page 238
C OMMAND L INE I NTER FACE 3-70 Example Related Commands snmp-s erver hos t (3-67) snmp ip filter Sets t he IP add resses of client s that are all owed management acces s to the swit ch via SNMP . Use the no form of this c ommand to r emove an IP add ress. Syntax snmp ip filter ip_addr ess subnet_mas k no snmp ip filter ip_addr ess subnet_mas k •[...]
-
Page 239
SNMP C OMMANDS 3-71 • If the IP is the addr ess of a singl e manageme nt statio n, the bitmas k should be set t o 255.25 5.255.255 . Otherw ise, the I P addr ess gro up is spec ifie d by the b itmask . • The default s etting i s null, which all ows all IP groups SN MP access to the switch. If one I P addres s is c onfigur ed, the IP filteri ng [...]
-
Page 240
C OMMAND L INE I NTER FACE 3-72 Command Usage This c ommand provide s inform ation on t he comm unity ac cess stri ngs, co unter i nformati on for SN MP inpu t and outp ut prot ocol data uni ts, and whet her or no t SNMP loggi ng has be en enabl ed wi th the snmp-server enable traps comman d. Example Console#show snmp SNMP traps: Authentication: en[...]
-
Page 241
IP C OMMANDS 3-73 IP Commands An IP addre ss may be used for manageme nt access to th e switch over y our net work. By default , the switch uses DH CP to as sign IP settin gs to VLAN 1 on the sw itch. If yo u wish to manual ly conf igure I P setting s, you need to change the sw itch’s user-s pecified defaults (IP address 0. 0.0.0 and netmas k 255[...]
-
Page 242
C OMMAND L INE I NTER FACE 3-74 ip address Use thi s command to set the IP addres s for this d evice. Us e the no form to restore the de fault I P address. Syntax ip addr ess { ip-addr es s netmask | bootp | dhcp } no ip address • ip-address - IP address • netmask - Network mask fo r the associated IP subnet. This mask identifi es the host addr[...]
-
Page 243
IP C OMMANDS 3-75 • You can start broadc asting BOOTP or DHCP reque sts by enteri ng an ip dhcp resta rt co mmand, o r by r ebooting the switch . Note: Only one VLAN interface can be as signed an IP addr ess (the de fault i s VLAN 1). Thi s defi nes th e managem ent VLAN, the onl y VLAN t hrough which yo u can gai n management access to the sw it[...]
-
Page 244
C OMMAND L INE I NTER FACE 3-76 • If the BOOTP or DHCP server has been mov ed to a differe nt domain, the net work port ion of the addres s provi ded to t he client will be based on this new dom ain. Example In the followi ng example, the dev ice is reassig ned th e same address. Related Commands ip add res s (3-74) ip default-gateway Use this co[...]
-
Page 245
IP C OMMANDS 3-77 Command Usage A gateway must be define d if the managemen t station i s locat ed in a di fferent IP se gment. Example The fol lowing e xample defi nes a def ault gateway for thi s device: Related Commands show ip r edirect s (3-78 ) show ip interface Use thi s command to disp lay the sett ings of an IP inte rface. Default Setti ng[...]
-
Page 246
C OMMAND L INE I NTER FACE 3-78 show ip redirects Use th is command t o show the def ault gat eway confi gured for thi s device . Default Setti ng None Command Mode Privil eged Exe c Example Related Commands ip defaul t-gatew ay (3-76) ping Use thi s comman d to send ICMP ec ho request packets to another node on the ne twork. Syntax ping host [ cou[...]
-
Page 247
IP C OMMANDS 3-79 Command Mode Normal Ex ec, Pri vileged Exec Command Usage • Use the ping command to s ee if another site on the netwo rk can be reac hed. • Following ar e some result s of th e ping comman d: - Normal r esponse -T he nor mal resp onse o ccurs i n one to ten secon ds, dependin g on network traf fic. - Destination does not re sp[...]
-
Page 248
C OMMAND L INE I NTER FACE 3-80 Line Commands Y ou can access the onb oard config uration program by attac hing a VT100 compati ble devic e to t he ser ver’s se rial por t. Th ese comma nds are used t o set com municatio n paramet ers for th e seri al port o r a virtua l ter minal. N ote th at T elne t is con sider ed a virtu al terminal connec t[...]
-
Page 249
L INE C OMMANDS 3-81 line Use th is command to ide ntify a specifi c line for co nfiguratio n, and to pr ocess s ubseque nt line config uration c ommands. Syntax line { console | vt y } • cons ole - Conso le termin al line. • vty - Virt ual term inal f or remot e console access . Default Setti ng Ther e is no defau lt lin e. Command Mode Global[...]
-
Page 250
C OMMAND L INE I NTER FACE 3-82 login Use this co mmand to enab le password ch ecking at login . Use the no form to disab le passwor d checking and allo w connecti ons without a pass word. Syntax logi n [ local ] no login loca l - Selects local password checkin g. Authenticati on is based on the user nam e spec ified wi th the username comman d. De[...]
-
Page 251
L INE C OMMANDS 3-83 • This command controls login authenti cation via the switch itself . To config ure user names and pass words fo r remote authen tication serv ers, you mu st use the RA DIUS softw are insta lled on thos e serv ers. Example Related Commands user na me (3 -30 ) password (3- 83) password Use thi s command to spec ify the pass wo[...]
-
Page 252
C OMMAND L INE I NTER FACE 3-84 Command Usage • When a connect ion is s tarted o n a line wi th pas sword protec tion, th e system pro mpts for the password. If you ente r the cor rect pas sword, t he syst em shows a prompt. You can use the p assword-thresh command to set the nu mber of time s a user c an ente r an i ncorre ct pass word b efore t[...]
-
Page 253
L INE C OMMANDS 3-85 Default Setti ng CLI: No timeout Te l n e t : 10 mi n u t e s Command Mode Line Conf iguration Command Usage • If input is det ected , the sy stem resu mes the current connect ion; or if no conne ctions ex ist, it return s the ter minal to the idl e state and di sconne cts the incomi ng ses sion. • This command applies to b[...]
-
Page 254
C OMMAND L INE I NTER FACE 3-86 Command Mode Line Conf iguration Command Usage • When the l ogon attemp t thresh old i s reach ed, t he syste m interf ace bec omes silent for a speci fied amo unt of time before allowi ng the next lo gon att empt. (U se the s ilent-time comm and to set this in terval.) When this thr eshold i s reac hed for Tel net[...]
-
Page 255
L INE C OMMANDS 3-87 Default Setti ng The defau lt value i s no silent-t ime. Command Mode Line Conf iguration Command Usage If th e pass word thresh old wa s not set wi th th e passwor d-thres h command , silent -time beg ins after th e defaul t value of thr ee failed logo n attemp ts. Example T o set the silen t time to 60 seco nds, enter thi s c[...]
-
Page 256
C OMMAND L INE I NTER FACE 3-88 Command Mode Line Conf iguration Command Usage The databits com mand c an be use d to ma sk the hi gh bit on input fr om dev ices that ge nerate 7 data bi ts with par ity. If pari ty is bei ng gene rate d, spec ify 7 data bi ts pe r charac ter . If no pari ty is requ ired, spec ify 8 da ta bits per c haracte r . Exam[...]
-
Page 257
L INE C OMMANDS 3-89 Command Usage Comm unicati on prot ocol s provi ded by d evice s such as term inals an d mode ms ofte n requi re a speci fic pa rity bit setting. Example T o speci fy no parity, enter this co mmand: speed Use this command to set the te rmin al line's b aud rate. This comma nd sets both the trans mit (to t erminal) and rece[...]
-
Page 258
C OMMAND L INE I NTER FACE 3-90 Example T o specify 5 7600 bps, enter t his com mand: stopbits Use this command to set the nu mber of the stop bits transm itted per byt e. Use th e no fo rm to re store the default setti ng. Syntax stopbits { 1 | 2 } • 1 - One stop bit • 2 - Two st op bits Default Setti ng 1 stop bit Command Mode Line Conf igura[...]
-
Page 259
I NTER FACE C OMMANDS 3-91 Default Setti ng Shows all l ines Command Mode Normal Ex ec, Pri vileged Exec Example T o show all lines, e nter this c ommand: Interface Commands These commands ar e used to display or set communi cation para meters for an Et hernet po rt, agg regate d link , or V LAN. Console#show line Console configuration: Password th[...]
-
Page 260
C OMMAND L INE I NTER FACE 3-92 interface Use th is com mand to confi gure an inter face ty pe and e nter interf ace con figurati on mo de. Use t he no form to rem ove a trunk. Syntax int er face inter face no i nterfac e por t-ch annel channe l-id inter face • ethernet unit / port - unit - This is devic e 1. - port - Por t numb er. • port-chan[...]
-
Page 261
I NTER FACE C OMMANDS 3-93 Default Setti ng None Command Mode Globa l Config uration Example T o spe cify the E ther net port, ent er the followi ng com mand: description Use this command to add a description to an interface. Use the no form to remove the desc ription. Syntax descript ion string no description string - Co mment o r a des crip tion [...]
-
Page 262
C OMMAND L INE I NTER FACE 3-94 speed-duplex Use thi s comman d to co nfigure the speed and d uplex mod e of a given int erface when auto negotiat ion is disa bled. Use t he no form to res tore t he defa ult. Syntax speed-duplex { 1000full | 10 0full | 100half | 10full | 10hal f } no speed-duplex • 1000full - Forc es 1000 Mbps full- dupl ex opera[...]
-
Page 263
I NTER FACE C OMMANDS 3-95 Example The foll owing exam ple config ures port 5 to 100 Mb ps, half-d uplex oper ation . Related Commands negoti ation ( 3-95) capabili ties (3-9 6) negotiation Use this command to e nable autonego tiation for a given interface. Use the no form to disab le aut onegoti ation. Syntax negotiation no negotiation Default Set[...]
-
Page 264
C OMMAND L INE I NTER FACE 3-96 Example The fol lowing e xample co nfigures port 11 to use au tonegot iation. Related Commands capabil ities (3-9 6) speed-du plex (3 -94) capabilities Use thi s command to adve rtise th e port capa bilities of a given inter face during au tonegoti ation. U se the no for m with parame ters to remov e an advertised ca[...]
-
Page 265
I NTER FACE C OMMANDS 3-97 Default Setti ng • 100BASE-TX: 1 0half, 10full, 10 0half, 100 full • 1000BASE- T: 10half , 10full, 100half , 100full, 1000full • 1000BASE- SX/LX/ LH: 1000full Command Mode Interf ace Config uration (Ethernet, Port Cha nnel) Command Usage When aut o-negotiat ion is en abled with the negotiation command, the sw itch w[...]
-
Page 266
C OMMAND L INE I NTER FACE 3-98 Command Mode Interf ace Config uration (Ethernet, Por t Channe l) Command Usage • Flow control can elimin ate frame l oss by “blocking ” traffic from end st ations o r segment s conn ected d irectl y to the switch when its bu ffers fill. When enabl ed, back pressur e is used for half-du plex operat ion and IEEE[...]
-
Page 267
I NTER FACE C OMMANDS 3-99 shutdown Use this command to disable an i nterface. T o restart a disable d inter face, use the no form. Syntax shutdown no shutdown Default Setti ng All interfaces are enable d. Command Mode Interf ace Config uration (Ethernet, Port Cha nnel) Command Usage This com mand allo ws you to dis able a por t due to abno rmal be[...]
-
Page 268
C OMMAND L INE I NTER FACE 3-100 switchport broadcast Use t his co mmand to config ure br oadcast st orm cont rol. Use the no form to disab le broadcast storm control . Syntax switchport broadcast packet-rate rate no switchport broadcast rate - Th reshold level as a rate; i.e ., packets pe r second. (Range : 16, 64 , 128, 25 6) Default Setti ng Ena[...]
-
Page 269
I NTER FACE C OMMANDS 3-101 port security Use thi s command to enab le and config ure port security on a port. Use the no for m to di sable port se curity or re set the in trusion action to th e default. Syntax port securi ty [ action trap-and-shutdown ] no port securi ty [ action ] action - Indicates the security action to be taken w hen a port se[...]
-
Page 270
C OMMAND L INE I NTER FACE 3-102 • A secu re port has the foll owing restrict ions: - Cannot be conn ected to a net work int erconnect ion dev ice. - C annot be a member of a static trunk. - It can be con figured as an LAC P trun k port, bu t the switch does not allow t he LACP t runk t o be enabl ed. • A port that is already configured as an L[...]
-
Page 271
I NTER FACE C OMMANDS 3-103 Command Mode Privil eged Exe c Command Usage Statisti cs are on ly initial ized for a power rese t. This command sets the base v alue for display ed stat istics to zero f or the curre nt managemen t session. Howe ver , if you log out and back into th e managem ent inte rface, t he statisti cs displa yed will show t he ab[...]
-
Page 272
C OMMAND L INE I NTER FACE 3-104 Command Usage • If no interface is specified , information on all interfaces is display ed. • For a descri ption of t he item s displ ayed by thi s command , see “Displ aying Conne ction Status ” on page 2-36. Example show interfaces counters Use th is com mand to display statistics for an inter face. Syntax[...]
-
Page 273
I NTER FACE C OMMANDS 3-105 Default Setti ng Shows the counters for all in terfaces. Command Mode Normal Ex ec, Pri vileged Exec Command Usage • If no interface is specified , information on all interfaces is display ed. • For a descri ption of t he item s displ ayed by thi s command , see “Sho wing Dev ice Stati stics” on page 2-1 22. Exam[...]
-
Page 274
C OMMAND L INE I NTER FACE 3-106 show interfaces switchport Use this co mmand to disp lay the administ rati ve and operation al statu s of the sp ecified i nterfaces.. Syntax show inter faces switchport [ inter f ace ] inter face • ethernet unit / port - unit - This is devic e 1. - port - Por t numb er. • port-channel chan nel-i d (Range: 1-6) [...]
-
Page 275
A DDR ESS T ABLE C OMMANDS 3-107 • Priority for untagged traffic – Indicat es the de fault pri ority for unt agged fram es (page 3-16 0). • Gvrp status – Shows if GA RP VLAN Re gistrati on Prot ocol is enabled or disa bled (pag e 3-142). • Allowed Vlan – Shows the VLANs thi s interface has joined, where “( u)” indicat es untagged an[...]
-
Page 276
C OMMAND L INE I NTER FACE 3-108 mac-address-table static Use this command to map a static address to a port in a VLA N. Use the no for m to remove an address. Syntax mac-addr ess-table s tatic mac- addre ss interface inter fac e vlan vlan-id [ action ] no mac-addr ess-table stat ic mac-addr ess vlan vl an- id • mac-address - MAC addr ess. • in[...]
-
Page 277
A DDR ESS T ABLE C OMMANDS 3-109 Command Mode Global Co nfiguratio n Command Usage The st atic address for a host device can b e assigned to a specific port within a specif ic VLAN. Use th is comm and to add static addresses to the MAC Ad dress Table. St atic addres ses have the followi ng characteristics: • Static add resses will not be re moved[...]
-
Page 278
C OMMAND L INE I NTER FACE 3-110 • interface • ethernet unit / port - unit - This is devic e 1. - port - Por t numb er. • port-channel chan nel-i d (Range: 1-4) • vlan-id - VLAN ID (Range: 1-4094) • sort - Sort b y addres s, vlan or inte rface . Default Setti ng None Command Mode Privil eged Exe c Command Usage • The MAC Addres s Table [...]
-
Page 279
A DDR ESS T ABLE C OMMANDS 3-111 Example clear mac-address-table dynamic Use this command to remove any learn ed entrie s from the forwardi ng data base and to cle ar the transmit and receive counts for any stat ic or system configur ed entries. Default Setti ng None Command Mode Privil eged Exe c Example mac-address-table aging-time Use this comma[...]
-
Page 280
C OMMAND L INE I NTER FACE 3-112 Command Mode Global Co nfiguratio n Command Usage The agi ng time is used to age ou t dynamic ally le arned forwardi ng information . Example show mac-address-table aging-time Use this command to show th e aging tim e for entrie s in the address table. Default Setti ng None Command Mode Privil eged Exe c Example Con[...]
-
Page 281
S PANNING T RE E C OMMANDS 3-113 Spanning Tree Commands This sectio n inclu des com mands th at co nfigure the Spann ing T ree Prot ocol (S TP) for th e overa ll swit ch, and comman ds that config ure STP for the se lected interface. Command Function Mode Page spanning-tree Enables the spanning tree protocol GC 3-1 14 spanning-tree mode Configures [...]
-
Page 282
C OMMAND L INE I NTER FACE 3-114 spanning-tree Use thi s command to enab le the Spannin g T ree Protocol global ly for this switch. Us e the no form t o disable it. Syntax spanning-tre e no spanning-tre e Default Setti ng Spanning T ree is enab led. Command Mode Global Co nfiguratio n Command Usage The Sp anning T ree Protoc ol can be u sed to de t[...]
-
Page 283
S PANNING T RE E C OMMANDS 3-115 spanning-tree mode Use thi s co mmand to select the Sp anning T ree mode f or this switc h. Use the no form to d isable it . Syntax spanning-tre e mode { st p | rstp } no spanning-tre e mode • stp - Spanning Tree Pr otocol (IE EE 802 .1D) • rstp - Rapi d Spanning T ree Pr otocol (IE EE 80 2.1w) Default Setti ng [...]
-
Page 284
C OMMAND L INE I NTER FACE 3-116 Example The fol lowing example configur es the switch to use R apid Spanning T r ee: spanning-tree forward-time Use t his co mmand to config ure th e SpanningT ree brid ge for ward time glob ally f or this sw itch. Use the no for m to re store the defa ult. Syntax spanning-tre e forward-time seconds no spanning-tre [...]
-
Page 285
S PANNING T RE E C OMMANDS 3-117 Example spanning-tree hello-time Use t his co mmand to config ure th e Spanning T r ee b ridge h ello time glob ally f or this sw itch. Use the no for m to re store the defa ult. Syntax spanning-tr ee hello-time time no spanning-tre e hello-ti me time - Time in secon ds. (Range: 1-10 secon ds) The ma ximum valu e is[...]
-
Page 286
C OMMAND L INE I NTER FACE 3-118 spanning-tree max-age Use t his co mmand to config ure th e Spanning T ree b ridge maximum age glob ally for this switch. Us e the no form to rest ore the de fault. Syntax spanning-tre e max-age seco nds no spanning-tre e max-age second s - Time i n seconds. (Rang e: 6-40 seco nds) The m inimu m valu e is th e high [...]
-
Page 287
S PANNING T RE E C OMMANDS 3-119 spanning-tree priority Use th is command to configu re the Spanning T ree prior ity global ly for this switch. Us e the no for m t o rest ore t he default. Syntax spanning-tr ee priority priority no spanning-tre e priority priority - Priority of th e bridge. (Range – 0-61 440, i n steps o f 4096 ; Opti ons: 0, 409[...]
-
Page 288
C OMMAND L INE I NTER FACE 3-120 spanning-tree pathcost method Use th is command to config ure the p ath cost method used for t he Rapid Spann ing T ree. Us e the no form to res tore t he defa ult. Syntax span nin g-tree pathc ost meth od { lo ng | short } no spanning-tre e pathcost method • long - Speci fies 32- bit base d valu es that r ange fr[...]
-
Page 289
S PANNING T RE E C OMMANDS 3-121 spanning-tree transmission-limit Use th is comm and to con figure the minim um inte rval betw een the transm ission of consec utiv e RSTP BP DUs. Use the no form to restor e the de fault. Syntax spanni ng-tree transm ission-limit count no spanning-tre e transmission-limit count - The tran smission l imit in seconds.[...]
-
Page 290
C OMMAND L INE I NTER FACE 3-122 spanning-tree cost Use this command t o confi gure the Span ning T ree path co st for t he specifie d interface. Us e the no form to restore the defau lt. Syntax spanning-tre e cost cost no spanning-tre e cost cost - Th e path cost f or the inter face. (Range – 1-200, 000,00 0) The recomm ended ra nge is - - Ether[...]
-
Page 291
S PANNING T RE E C OMMANDS 3-123 Example Related Commands spanni ng-tree p ort-prio rity (3- 123) spanning-tree port-priority Use this command to configu re the prio rity for the sp ecifi ed interface . Use the no form to restor e t he de fault. Syntax spanning-tr ee port-pri ority priority no spanning-tre e port-priority priority - The priority fo[...]
-
Page 292
C OMMAND L INE I NTER FACE 3-124 Example Related Commands spanni ng-tree c ost (3-122) spanning-tree portfast Use th is com mand to set an inter face to fast forwar ding. Use the no form to disable fast forwarding. Syntax spanning-tre e portfast no spanning-tre e portfast Default Setti ng Disab led Command Mode Interf ace Config uration (Ethernet, [...]
-
Page 293
S PANNING T RE E C OMMANDS 3-125 • This comma nd is th e same as spanning-tree edge-port , and is only inc luded for backwa rd compat ibility wi th earlie r produ cts. Note that this command may be removed for fu ture softw are versio ns. Example Related Commands spanni ng-tre e edge-p ort (3-1 25) spanning-tree edge-port Use th is comman d to sp[...]
-
Page 294
C OMMAND L INE I NTER FACE 3-126 cause t he Spann ing Tree to init iate re configu ration when the interface changes state, and al so ove rcomes ot her STP -relat ed timeou t proble ms. Howeve r, remember that Edge Port should only be enable d for port s connec ted to an end-n ode device. • This command has the same e ffect as the spanning-tree p[...]
-
Page 295
S PANNING T RE E C OMMANDS 3-127 STP-c ompa tible mode. Howe ver , you c an also use t he spanning-tre e protocol-migration co mmand at any time to manually re-chec k the app ropriate BPDU format t o send on the select ed int erfa ces ( i.e., RSTP o r STP- compat ible) . Example spanning-tree link-type Use thi s comman d to config ure the link ty p[...]
-
Page 296
C OMMAND L INE I NTER FACE 3-128 • RSTP only wo rks on poin t-to-p oint li nks bet ween tw o brid ges. If you d esignate a port as a sh ared lin k, RSTP is forbidden. Example show spanning-tree Use thi s co mmand to show the config uration for the Sp anning Tr e e . Syntax show spanning-tree [ in ter face ] • interface • ethernet unit / port-[...]
-
Page 297
S PANNING T RE E C OMMANDS 3-129 • For a desc riptio n of the items display ed under “Span ning-tr ee informati on,” see “STP Con figuration ” on pag e 2-57. For a descr iption of the i tems dis played fo r spec ific in terfaces, see “STP Port and Tr unk Informatio n” on page 2-61. Example Console#show spanning-tree Spanning-tree info[...]
-
Page 298
C OMMAND L INE I NTER FACE 3-130 VLAN Commands A VLA N is a gr oup of p orts th at can be loc ated anywhe re in the netwo rk, but commu nicate as though th ey belong to the same physi cal segm ent. T his secti on desc ribes c ommands us ed to cr eate VLAN gr oups, add p ort memb ers, spec ify how VLAN ta gging is used, and enable auto matic VLAN re[...]
-
Page 299
VLAN C OMMANDS 3-131 vlan database Use t his comma nd to ent er VLAN d atabase mode. A ll command s in this m ode w ill take effe ct im mediatel y. Default Setti ng None Command Mode Global Co nfiguratio n Command Usage • Use the VLAN datab ase com mand mode to add, change, and delete VLANs . After f inishi ng confi guration c hanges, y ou can di[...]
-
Page 300
C OMMAND L INE I NTER FACE 3-132 Related Commands show vlan (3-140) vlan Use thi s command to co nfigure a VLAN. Us e the no form to restor e the defaul t settin gs or delet e a VLAN. Syntax vlan vla n-id [ name vlan-name ] medi a ether net [ sta te { active | susp end }] no vlan vlan-id [ name | state ] • vlan-id - ID o f config ured VLAN. (Rang[...]
-
Page 301
VLAN C OMMANDS 3-133 • VLAN 1 cann ot be s uspended, but any other VLAN c an be suspen ded. • You can co nfigure up to 2 55 VL ANs on t he sw itch. Example The fol lowing e xample adds a VL AN, using vlan-id 105 an d name RD5. T he VLAN is acti vated by default . Related Commands show vlan (3-140) interface vlan Use this command to enter inte r[...]
-
Page 302
C OMMAND L INE I NTER FACE 3-134 Example The f ollowing example shows ho w to se t the i nterfac e config uration mode to VLAN 1, an d then assign an IP address to the VLAN: Related Commands show vlan (3-140) switchport mode Use t his comma nd to co nfigure t he VLAN me mbers hip mode f or a port. Use the no form to r estore the default . Syntax sw[...]
-
Page 303
VLAN C OMMANDS 3-135 Example The fo llowing shows how to set t he configu ration mo de to por t 1, and then set the swi tchport m ode to hybr id: Related Commands switchport acceptable-f rame-types switchport acceptable-frame-types Use thi s comman d to configur e th e acceptable fr ame types for a port. Use the no form to r estore the default . Sy[...]
-
Page 304
C OMMAND L INE I NTER FACE 3-136 Example The follo wing exam ple shows how to restri ct the traff ic passed on port 1 to ta gged fram es: Related Commands switchpo rt mode (3-134) switchport ingress-filtering Use this co mmand to enable ingr ess filterin g for an interface . Use the no form to rest ore the defaul t. Syntax switchp ort ingress- filt[...]
-
Page 305
VLAN C OMMANDS 3-137 • Ing ress filteri ng doe s not affec t VLAN inde pende nt BPDU fram es, such as GVR P or STP. Howeve r, they do affe ct VLAN depende nt BPD U frames, such as G MRP. Example The f ollowing exampl e shows how to set th e inte rface to port 1 and th en enab le ingr ess filt ering : switchport native vlan Use th is com mand to c[...]
-
Page 306
C OMMAND L INE I NTER FACE 3-138 • If acceptabl e frame types i s set to all o r sw i t c h p o r t m o d e is se t to hybrid , the P VID will be inse rted in to all u ntagged frames ente ring t he ingr ess p ort. Example The f ollowing example shows ho w to se t th e PVID for por t 1 to VLAN 3: switchport allowed vlan Use thi s comman d to confi[...]
-
Page 307
VLAN C OMMANDS 3-139 Command Usage • If switchport mode is set to trunk , then yo u can o nly assi gn an interface to VLAN groups as a tagge d member. • Fra mes are a lways tagged wi thin th e switch. The tagg ed/ untagg ed paramet er used whe n ad ding a VLAN to an interface tells the switch wh ether to keep or remove the tag from a frame on e[...]
-
Page 308
C OMMAND L INE I NTER FACE 3-140 • vlan-list - Separate nonconse cutive VLA N identi fiers with a comma and no spaces; us e a hyphen to designate a r ange of IDs. D o not en ter le ading ze ros. (Range: 1-4094) Default Setti ng No VLA Ns are incl uded in the forb idden l ist. Command Mode Interf ace Config uration (Ethernet, Por t Channe l) Comma[...]
-
Page 309
GVRP AND B RIDG E E XTENSION C OMMANDS 3-141 Default Setti ng Shows all VLANs . Command Mode Normal Ex ec, Pri vileged Exec Example The fol lowing e xample sh ows how to display information fo r VLAN 1: GVRP and Bridge E xtension Commands GARP V LAN Registr ation Pr otoc ol define s a way for switche s to exchan ge VLAN information in order to auto[...]
-
Page 310
C OMMAND L INE I NTER FACE 3-142 switchport gvrp Use this c ommand to enable GVRP for a port. Use the no for m to disab le it. Syntax switchport gvrp no switchport gvrp Default Setti ng Disab led Command Mode Interf ace Config uration (Ethernet, Por t Channe l) Example show garp timer Shows the GARP timer for the selected function NE, PE 3-145 Glo [...]
-
Page 311
GVRP AND B RIDG E E XTENSION C OMMANDS 3-143 show gvrp configuration Use t his co mmand to show i f GVRP is enable d. Syntax show gvrp configuration [ inte r f ace ] inter face • ethernet unit / port - unit - This is devic e 1. - port - Por t numb er. • port-channel channe l-id (Ran ge: 1-6) Default Setti ng Shows bot h global and i nterface-s [...]
-
Page 312
C OMMAND L INE I NTER FACE 3-144 garp timer Use this command to s et the val ues for the j oin, leave and leaveall timers. Use the no form to restor e the timer s’ defau lt value s. Syntax garp timer { join | leave | leaveall } timer_valu e no garp timer { join | leave | leaveall } •{ join | leave | lea veall } - Wh ich time r to set. • time [...]
-
Page 313
GVRP AND B RIDG E E XTENSION C OMMANDS 3-145 Note: Set GVRP timers on all Layer 2 d evices connected in the same ne twork to the sam e valu es. Oth erwis e, GVRP w ill not ope rate successfu lly. Example Related Commands show g arp timer (3- 145) show garp timer Use this command to show th e GARP tim ers for the selected inter fac e. Syntax show ga[...]
-
Page 314
C OMMAND L INE I NTER FACE 3-146 Example Related Commands garp time r (3-144) bridge-ext gvrp Use thi s comman d to enab le GVR P . Use t he no fo rm to disabl e it. Syntax bridge-ext gvrp no bridge-ext gvrp Default Setti ng Disab led Command Mode Global Co nfiguratio n Command Usage GVRP de fines a way for switche s to exch ange VLAN inform ation [...]
-
Page 315
GVRP AND B RIDG E E XTENSION C OMMANDS 3-147 show bridge-ext Use thi s co mmand to show th e config uration for bri dge ex tension commands. Default Setti ng None Command Mode Privil eged Exe c Command Usage See “Displayin g Basic VLAN Information” on page 2-74 and “Disp laying Bri dge Ext ension Capab iliti es” on page 2-31 for a descrip t[...]
-
Page 316
C OMMAND L INE I NTER FACE 3-148 IGMP Snooping Commands This switch us es IGMP (Internet Gr oup Manag ement Pr otocol ) to query for any attached host s that want to recei ve a specific multi cast servi ce. It identif ies the por ts cont aining hos ts reque sting a service and se nds dat a out to t hose por ts onl y. It then propagat es the s ervic[...]
-
Page 317
IGMP S NOOPING C OMMANDS 3-149 ip igmp snooping Use thi s command to enable IGM P snoopin g on this swit ch. Use the no form to disabl e it. Syntax ip igm p snoo ping no ip igmp sn oopi ng Default Setti ng Enab led Command Mode Global Co nfiguratio n Example The follo wing exampl e enable s IGMP snoo ping. Mulitcas t Router Commands ip igmp snoopin[...]
-
Page 318
C OMMAND L INE I NTER FACE 3-150 ip igmp snooping vlan static Use this co mmand to add a port to a mult icast group . Use the no form to remove the port. Syntax ip igm p snoo ping vl an vlan-id stati c ip-addr ess inter face no ip igmp snooping vlan vlan-id static ip-addr ess inter face • vlan-id - VLAN ID (Range: 1-4094) • ip-address - IP addr[...]
-
Page 319
IGMP S NOOPING C OMMANDS 3-151 ip igmp snooping version Use t his co mmand t o config ure th e IGMP snoopi ng versi on. Use the no form to rest ore the de fault. Syntax ip igm p snoo ping versi on { 1 | 2 } no ip igmp sn oopi ng ver sion • 1 - IGMP V ersion 1 • 2 - IGMP V ersion 2 Default Setti ng IGMP V ersi on 2 Command Mode Global Co nfigura[...]
-
Page 320
C OMMAND L INE I NTER FACE 3-152 show ip igmp snooping Use t his co mmand t o show t he IGMP snoopi ng con figurati on. Default Setti ng None Command Mode Privil eged Exe c Command Usage See “ Config urin g IGMP Pa rame ters” on page 2 -113 fo r a descrip tion of t he displaye d items . Example The f ollowing show s the c urrent I GMP snoo ping[...]
-
Page 321
IGMP S NOOPING C OMMANDS 3-153 Default Setti ng None Command Mode Privil eged Exe c Command Usage Member types dis played in clude IGM P or USER , dependi ng on selec ted opti ons. Example The fo llow ing show s the m ultic ast entr ies lea rne d thr ough IG MP sno oping for VLAN 1 : ip igmp snooping querier Use this co mmand to enable th e switch [...]
-
Page 322
C OMMAND L INE I NTER FACE 3-154 Command Usage If enab led, the switch wi ll serve as querier if electe d. The querie r is res ponsible f or aski ng hosts i f they want to recei ve mult icast t raf fic. Example ip igmp snooping query-count Use t his co mmand to configur e the q uery co unt. Use t he no form to res tore t he defa ult. Syntax ip igmp[...]
-
Page 323
IGMP S NOOPING C OMMANDS 3-155 Example The f ollowing shows how to c onfig ure the query cou nt to 1 0: ip igmp snooping query-interval Use t his co mmand t o conf igure th e sno oping q uery in terval. Use the no form to rest ore the de fault. Syntax ip igmp snooping query-interval secon ds no ip igmp snooping query-interval second s - The freq ue[...]
-
Page 324
C OMMAND L INE I NTER FACE 3-156 ip igmp snooping query-max-response-time Use t his com mand to config ure the snoopi ng rep ort delay. Use t he no form of this co mmand to res tore the default. Syntax ip igmp snooping query-max-re sponse-time seconds no ip igmp snooping query-max-r esponse-time second s - The repor t delay ad vertised in IGMP q ue[...]
-
Page 325
IGMP S NOOPING C OMMANDS 3-157 Related Commands ip ig mp sno opin g versi on (3 -151 ) ip igmp snooping router-port-expire-time Use t his co mmand t o conf igure the sno oping q uery t imeout. Use the no for m of thi s command to re store the default. Syntax ip igmp snooping r outer-port-expire-t ime seconds no ip igmp snooping router-p ort-expire-[...]
-
Page 326
C OMMAND L INE I NTER FACE 3-158 ip igmp snooping vlan mrouter Use thi s comman d to st atically c onfigure a mult icast rou ter port . Use the no for m to remove the con figuration . Syntax ip igm p snoo ping vl an vlan-id mr outer inter face no ip igmp sn oopin g vlan vlan- id mrouter in ter fac e • vlan-id - VLAN ID (Range: 1-4094) • interfa[...]
-
Page 327
IGMP S NOOPING C OMMANDS 3-159 show ip igmp snooping mrouter Use thi s comman d to disp lay information on stati cally co nfigured and dynam ically learned mul ticast rout er port s. Syntax show ip igmp snooping mrout er [ vlan vlan-id ] vlan-id - VLAN ID (Range: 1-4094) Default Setti ng Displ ays multic ast route r ports fo r all con figured VL AN[...]
-
Page 328
C OMMAND L INE I NTER FACE 3-160 Priority Commands The com mands des cribed in this s ection all ow you t o specify which d ata packe ts have greater preceden ce when traffic is buffered in the switch due to con gestio n. This s witch s upports CoS with fou r prio rit y queu es fo r ea ch por t. D ata pa cke ts i n a po rt’s high-p riority queue [...]
-
Page 329
P RIORI TY C OMMANDS 3-161 switchport priority default Use this command to set a priority for incomin g untagged fram es, or th e prior ity of frames rec eived by the dev ice co nnected to the specifie d interface. Us e the no form to restore the defau lt value. Syntax switchport pri ority default default-priority-id no switchport prio rity default[...]
-
Page 330
C OMMAND L INE I NTER FACE 3-162 • This swi tch prov ides four pr iori ty queue s for each p ort. It is confi gured to use Wei ghted Rou nd Robin, whic h can be viewed with the queue bandwidth command . Inb ound fram es that do not have VLAN tags are t agged with the in put p ort’s de fault ingres s user priorit y, and then pl ac ed in the appr[...]
-
Page 331
P RIORI TY C OMMANDS 3-163 Command Mode Global Co nfiguratio n Command Usage WRR al lows b andwi dth sha ring at t he eg ress po rt by de finin g sched uling wei ghts. Example The follo wing exampl e shows ho w to assig n WRR weight s of 1, 3, 5 and 7 to the CoS pri ority queu es 0, 1 , 2 and 3: Related Commands show que ue bandwidt h (3-165) queue[...]
-
Page 332
C OMMAND L INE I NTER FACE 3-164 Default Setti ng This sw itch suppo rts Class o f Service by using four priori ty queues , with W eighted Rou nd Robin for each p ort. Ei ght separate t raffic cl asses are de fined in IEEE 802. 1p. The default priority levels are assigned a ccording to re commendat ions in the IE EE 802 .1p sta ndard a s show n in [...]
-
Page 333
P RIORI TY C OMMANDS 3-165 Example The fol lowing exam ple shows how to map CoS valu es 0, 1 and 2 to CoS priori ty queu e 0, v alue 3 t o CoS prior ity que ue 1, values 4 and 5 to CoS prior ity que ue 2, a nd valu es 6 and 7 to CoS pr iorit y queue 3 : Related Commands show que ue cos- map (3- 166) show queue bandwidth Use thi s command to dis pla[...]
-
Page 334
C OMMAND L INE I NTER FACE 3-166 show queue cos-map Use this command to show the cl ass of service priority map . Syntax show queue cos-map [ inter face ] inter face • ethernet unit / port - unit - This is devic e 1. - port - Por t numb er. • port-channel chan nel-i d (Range: 1-6) Default Setti ng None Command Mode Privil eged Exe c Example map[...]
-
Page 335
P RIORI TY C OMMANDS 3-167 Default Setti ng Disab led Command Mode Global Co nfiguratio n Command Usage • The preceden ce for p riorit y mappin g is IP Prece dence or IP DSCP, and default sw itchport priority. • IP Preceden ce and IP DSCP cann ot bot h be enabl ed. Enabli ng one of thes e priori ty types wil l automatical ly disable th e other [...]
-
Page 336
C OMMAND L INE I NTER FACE 3-168 Default Setti ng The li st below shows th e defaul t priority mapping . Command Mode Interf ace Config uration (Ethernet, Por t Channe l) Command Usage • The preceden ce for p riorit y mappin g is IP Prece dence or IP DSCP, and default switchpor t prior ity. • IP Preceden ce values are ma pped to d efault Class [...]
-
Page 337
P RIORI TY C OMMANDS 3-169 map ip dscp (Global Configuration) U se t hi s c o m m a n d t o e na b l e I P D S C P m a p pi n g ( i . e . , D i f f e r e n ti a t e d Servic es Code Point m apping) . Use th e no form to disable IP DSCP m apping. Syntax map ip dscp no map ip dscp Default Setti ng Disa bled Command Mode Global Co nfiguratio n Command[...]
-
Page 338
C OMMAND L INE I NTER FACE 3-170 map ip dscp (Interface Configuration) Use this co mmand to set IP DSCP priority (i.e ., Differentiat ed Servic es Code Point pr iority). Use the no for m to resto re the defa ult tab le. Syntax map ip dscp dscp- value cos cos-val ue no map ip dscp • dscp-value - 8-b it DSC P valu e. (Ran ge: 0-2 55) • cos-va lue[...]
-
Page 339
P RIORI TY C OMMANDS 3-171 Command Usage • The precede nce for priority mappin g is IP Por t, IP Prec edenc e or IP D SCP, an d defaul t sw itchpo rt pr iority. • DSCP priori ty values are ma pped to d efault Cl ass of Service values a ccordi ng to recom mendation s in th e IEEE 8 02.1p standard, and then mappe d to th e queue d efaults. • Th[...]
-
Page 340
C OMMAND L INE I NTER FACE 3-172 Example Related Commands map ip prec edence (Glob al Configu ration) (3-16 6) map ip pr ecedence (I nterface Co nfiguratio n) (3-167) show map ip dscp Use this command to show the I P DSCP prior ity map. Syntax show map ip dscp [ in ter face ] inter face • ethernet unit / port - unit - This is devic e 1. - port - [...]
-
Page 341
P RIORI TY C OMMANDS 3-173 Example Related Commands map ip ds cp (Glob al Configurat ion) (3-169 ) map ip dscp (Int erface Con figurat ion) (3-170) Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . . Eth 1/ 1 62 0 Eth 1/ 1 63 0 Console# b_mgmt[...]
-
Page 342
C OMMAND L INE I NTER FACE 3-174 Mirror Port Commands Thi s sect ion des cribes how t o conf igure port m irror sess ions. port monitor Use t his co mmand t o conf igure a m irror sessi on. Use the no fo rm to clear a mirro r session. Syntax port monitor inter face [ rx | tx | both ] no port monitor inter face • interface - ethernet unit / port ([...]
-
Page 343
M IRR OR P ORT C OMMANDS 3-175 Command Usage • You can mir ror traf fic fr om any sour ce port to a de stinati on port for real-time analy sis. You can th en attach a logic analyzer or RMON pr obe to t he dest ination p ort and study the traf fic cros sing the sou rce port in a compl etely un obtrus ive m anner. • The destinati on port is se t [...]
-
Page 344
C OMMAND L INE I NTER FACE 3-176 Default Setti ng Shows all sessions. Command Mode Privil eged Exe c Command Usage This c ommand displays t he current ly co nfigured source port, destinat ion port, and mirror mode (i .e., RX , TX, RX/TX). Example The f ollowi ng sho ws mirr oring config ured f rom por t 6 to port 11: Related Commands port mon itor [...]
-
Page 345
P ORT T RUNKI NG C OMMANDS 3-177 Port Trunking Commands Ports c an be staticall y grouped into an aggregate link to increase the ban dwidth of a network c onnection or to ensure fa ult recove ry. Or you can u se the Link Agg regati on Control Protoc ol (LACP) , also kn own as 80 2.1ad, to automati cally negoti ate a trunk link between t his swit ch[...]
-
Page 346
C OMMAND L INE I NTER FACE 3-178 • All ports in a trun k must consist of the same me dia type (i.e., twiste d-pai r or fiber). • All ports in a trunk must be configur ed in an identic al manner, incl uding comm unicati on mode (i.e. , spee d, duplex mode and flow co ntrol), VLAN assi gnments , and CoS se ttings. • All the po rts in a t runk h[...]
-
Page 347
P ORT T RUNKI NG C OMMANDS 3-179 • The maximum numbe r of po rts that ca n be combine d as a stati c trunk is fou r 10/100 Mbps por ts, and two 1000 Mbps ports. • All links in a t runk must operate at the same data r ate and dupl ex mode. Example The fol lowing e xample creat es trunk 1 and the n adds por t 11: lacp Use this co mmand to enable [...]
-
Page 348
C OMMAND L INE I NTER FACE 3-180 • If the targ et swit ch has al so enabl ed LACP o n the c onnected ports , th e trun k will be ac tiva ted au tomati call y. • If more th an four po rts attached to the same target s witch have LACP enabled, the additio nal po rts will be placed in stand by mode, and will only be e nabled if one o f the activ e[...]
-
Page 349
A-1 A PPENDIX A T ROUBLESHOOTING Troubleshooting Chart Troubleshooting Chart Symptom Action Cannot connect using Telnet, Web browser, or SNMP software • Be sur e to have configured the agent with a valid IP address, subnet mask and default gateway. • Be sure that y our management station has management VLAN access to the switch (defaul t is VLA[...]
-
Page 350
T R OUBLESHOOTI NG A-2 Cannot access the on-board configuration program via a serial port connection • Be sur e to have set the terminal e mulator program to VT100 compatible, 8 data bits, 1 stop bit, no p arity and 9600 bps. • Check that the null-modem serial cable conforms to the pin-out connections provided in Appendix B. Forgot or lost the [...]
-
Page 351
B-1 A PPENDIX B U PGRADING F IRMWARE VIA THE S ERIAL P ORT The s witch c ontains t hree fi rmware compone nts th at can b e upgrad ed; the di agno stics (or Bo ot-ROM) code, ru ntime op eratio n code, and the l oader c ode. The runtime code c an be upg raded vi a the s witch’s RS-232 serial console port, v ia a netw ork co nnectio n to a TFTP se [...]
-
Page 352
U PGRA DING F IR MWAR E VIA THE S ERIAL P ORT B-2 4. When t he switch initiali zation sc reen appear s, enter firmware-do wnload mo de by press ing <Ctrl ><u> imme diately after p ower on. Screen text s imilar to that s hown bel ow disp lays: 5. Press <C> to change the ba ud rate of th e switc h’s ser ial conne ction. 6. Press &[...]
-
Page 353
B-3 Y ou can s tore a m aximum o f only two run time and t wo diagnos tic code files i n the s witch’ s flash mem ory. Us e the [D]e lete File command to rem ove a run time or diagnost ic file. 9. Press <X > to s tart to downloa d the new c ode fi le. If us ing W indows HyperT erminal, c lick the “T rans fer” but ton, and the n click ?[...]
-
Page 354
U PGRA DING F IR MWAR E VIA THE S ERIAL P ORT B-4 For exa mple, the f ollow ing scre en text sh ows the do wnloa d procedu re for a runtime c ode file : 12. T o set t he new downlo aded file as the st artup fil e, use th e [S]et Startup F ile menu op tion. 13. When you have finis hed downlo ading code files , use the [C]han ge Baudrat e menu option[...]
-
Page 355
Glossary-1 G LOSSARY 10BAS E-T IEEE 802.3 specification for 10 Mbps Ethe rnet over two pairs of Category 3, 4, or 5 U TP cabl e. 100BASE-TX IEEE 802.3u specification for 100 Mbps F ast Ethernet over two pairs of Category 5 UTP cable. 1000BAS E-T IEEE 802.3ab specification for Gigabit Ethernet over two pairs of Category 5, 5e, or 6 100-ohm UTP cable[...]
-
Page 356
G LOSSA RY Glossary-2 Collision Dom ain Single CSMA/CD LAN segment. CSMA/CD Carrier Sense Multiple Access/Collision De tect is the communication method employed by Ethernet and Fast Ethernet. Dynamic Host Control Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the B ootstrap [...]
-
Page 357
G LOSSAR Y Glossary-3 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports alo ng the Spanning T ree so that VLANs defined in each switch can w ork automatically over a Spanning T r ee network. Generic Attribute Registration Protocol (GARP) GARP is a prot[...]
-
Page 358
G LOSSA RY Glossary-4 IEEE 802.1p An IEEE standard for providing quality of se rvice (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit pac kets based on the tagged prior ity valu e. IEEE 802.3 Defines carrier sense multiple access with c ollision detection (CSMA/CD) acc[...]
-
Page 359
G LOSSAR Y Glossary-5 Internet Control Message Protocol (ICMP) Commonly used to send echo messages (i .e., Ping) for monitoring purposes. Internet Group Mana gement Prot ocol (IGMP) A protocol through which hosts can register with the ir local router for multicast services. If there is more than one multicast r outer on a given subnetwork, one of t[...]
-
Page 360
G LOSSA RY Glossary-6 Media Access Control (MAC ) A portion of the networking protocol that gov erns access to the transmission medium, facilitating the exchange of data between network nodes. Management Infor mation Base (MIB ) An acronym for Management Information Base. It is a set of database objects that contains information about a specific de[...]
-
Page 361
G LOSSAR Y Glossary-7 Spanning Tree Protocol (STP) A technology that checks your network f or any loops. A loop can often occur in complicated or backup linked n etwork systems. Spanning T ree detects and directs data along the shortest avai lable path, maximizing the performance and efficiency of the network. Telnet Defines a remote communication [...]
-
Page 362
G LOSSA RY Glossary-8 b_mgmt.book Page 8 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 363
Index-1 Numerics 802.1x configure 2-131 , 2-134 A address table 2 -47 B BOOTP 2-13 broadcast storm, threshold 2-41 C Class of Service configuring 2-87 queue mapping 2 -87 community string 2-107 configuration settings, saving or restoring 2-28 D default priority, ingress port 2-87 default settings 1-14 DHCP 2-1 3 downloading software 2-26 dynamic ad[...]
-
Page 364
I NDEX Index-2 P passwords administrator setting 2-14 path cost, method 3-120 path cost, STP 3 -120 , 3-122 port pri orit y configuring 2-87 default ingress 2 -87 port s ecurity , config uring 2-44 ports, configuring 2-36 priority, default port ingress 2-87 priority, STP 3 -119 problems, troubleshooting A-1 protocol migration 3-126 R RADIUS 2- 16 ,[...]
-
Page 365
b_mgmt.book Page 1 Tuesday, July 8, 2003 5:24 PM[...]
-
Page 366
38 T esla Irvine, C A 9261 8 Phone: (949 ) 679-8000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hou rs a day , 7 da ys a w ee k) (800) SMC-4-YOU; (94 9) 679 -8000; Fax: (949 ) 679- 1481 From E urope (8:00 AM - 5: 30 PM UK Time) 44 (0) 118 974 870 0; Fax: 44 (0) 118 974 87 01 INTERNET E-mail a ddresses: techsupp ort@smc.c om europea [...]