Go to page of
Similar user manuals
-
Switch
SMC Networks SMC TigerCard 10G
86 pages 2.49 mb -
Switch
SMC Networks TigerSwitch
518 pages 5.03 mb -
Switch
SMC Networks SMCGS24
34 pages 2.51 mb -
Switch
SMC Networks 10G
86 pages 2.38 mb -
Switch
SMC Networks 100
90 pages 2.61 mb -
Switch
SMC Networks SMC8612XL3 F 1.0.1.3
846 pages 11.34 mb -
Switch
SMC Networks SMC8624/48T
556 pages 6.51 mb -
Switch
SMC Networks SMC8724M
592 pages 5.92 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of SMC Networks SMC7816VSW, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of SMC Networks SMC7816VSW one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of SMC Networks SMC7816VSW. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of SMC Networks SMC7816VSW should contain:
- informations concerning technical data of SMC Networks SMC7816VSW
- name of the manufacturer and a year of construction of the SMC Networks SMC7816VSW item
- rules of operation, control and maintenance of the SMC Networks SMC7816VSW item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of SMC Networks SMC7816VSW alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of SMC Networks SMC7816VSW, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the SMC Networks service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of SMC Networks SMC7816VSW.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the SMC Networks SMC7816VSW item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
T igerAccess ™ EE 6-Band VDSL2 Switch ◆ 16 VDSL Downlink Ports (1 RJ-21 Co nnector) ◆ 2 Gigabit Ethernet Com bination Ports (RJ-45/SFP) ◆ 1 Fast Ethernet Managemen t Port (RJ-45) ◆ Non-blocking switching architecture ◆ Spanning T ree Protocol, RSTP , and M STP ◆ Up to 12 LACP or static 8-port t runks ◆ Layer 2/3/4 C oS support th ro[...]
-
Page 2
[...]
-
Page 3
20 Maso n Irvine, CA 9261 8 Phone: (9 49) 67 9-8000 T igerAccess ™ EE Manag ement Guide From SMC’ s T i ger line of f eature-ri ch work group LA N solutio ns Janu ary 2 007 Pub. # 14 910001 2100H[...]
-
Page 4
Information fu rnished by SMC Netw orks , Inc. (SMC) i s believ ed to be acc urate a nd reliab le. How ever , no respon sibility is assumed by SMC for its use, nor for an y infring ements o f patents or ot her rights o f third par ties which may res ult fr om i ts use. No lice nse is g rant ed by i mplica tion or o therw ise un der an y pat ent or [...]
-
Page 5
v L IMITED W ARRANTY Limited W arranty Statement: SM C Networks, Inc. (“SMC” ) warran ts its pr oducts to b e free from defect s in w orkmanship and materials , under normal use and ser vice, for the applicable wa rr anty term. All SMC products carr y a standard 90-day limited warranty from the date of purc hase from SMC or it s Authorized R es[...]
-
Page 6
vi WARRA NTIES EXCLUSIV E: IF AN SMC PR ODUCT DOES NOT OPE RATE AS W ARRANTED ABO VE, CUSTOMER’ S SOLE REM ED Y SHALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT I N QUES TION , AT SMC’S OPTION . THE FOREGOING W ARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER W ARRANTIES OR CONDITIONS , EXPRESS OR IMPLIED , EITHER IN F ACT OR BY[...]
-
Page 7
vii T ABLE OF C ONTENTS Section I Getting Started 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Featu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descripti on of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Sys[...]
-
Page 8
T ABLE OF C ONTENTS viii Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 4 Basic Management Tasks . . . . . . . . . . . . . . . . . . . . . . 4-1 Displaying Sy stem Inform ation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Displaying Sy stem Healt h . . . . . . . . . . . . . .[...]
-
Page 9
T ABLE OF C ONTENTS ix Setting SNMP v3 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24 6 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Configuri ng User Account s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Configuri ng Local/Rem ote Logon A uthentication . . . . . .[...]
-
Page 10
T ABLE OF C ONTENTS x 9 Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Displaying C onnectio n Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Configuri ng Interface C onnections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 Creating Tru nk Groups . . . . . . . . . . . . .[...]
-
Page 11
T ABLE OF C ONTENTS xi Configuri ng Interface Settin gs for MSTP . . . . . . . . . . . . . . . . . . . . . . 12-27 13 VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Selecting th e VLAN Oper ation Mode . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 IEEE 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 12
T ABLE OF C ONTENTS xii 15 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Configuring Qu ality of Service P arameters . . . . . . . . . . . . . . . . . . . . . 15-2 Configuri ng a Class Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 Creating Qo S Policies . . . . . . . . . . . . . . . . . . . .[...]
-
Page 13
T ABLE OF C ONTENTS xiii Console C onnectio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1 Telnet Co nnection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2 Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3 Keywor ds and Argu ments . . . . . .[...]
-
Page 14
T ABLE OF C ONTENTS xiv show bme version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-10 show cp u utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11 show mem ory status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12 System Mo de Command s . . . . . . . . . . . . [...]
-
Page 15
T ABLE OF C ONTENTS xv SMTP Alert Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 logging se ndmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 logging se ndmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-49 logging se ndmail source -email . . . . .[...]
-
Page 16
T ABLE OF C ONTENTS xvi Authentic ation Sequen ce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authenti cation login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authenti cation ena ble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-7 RADIUS Client . . . . . . . . . .[...]
-
Page 17
T ABLE OF C ONTENTS xvii dot1x max- req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x port-c ontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x oper ation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-37 dot1x re-a uthenticat e . . . . . . . . . . [...]
-
Page 18
T ABLE OF C ONTENTS xviii 24 Access Control List Commands . . . . . . . . . . . . . . . . . 24-1 IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 access-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-3 permit , deny (Standard I P ACL) . . . .[...]
-
Page 19
T ABLE OF C ONTENTS xix show inte rfaces counte rs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14 show inte rfaces swit chport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-16 26 Link Aggregation Commands . . . . . . . . . . . . . . . . . . 26-1 channel -group . . . . . . . . . . . . . . . . . . .[...]
-
Page 20
T ABLE OF C ONTENTS xx lre interl eave-max-de lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-25 lre datarat e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-26 lre rate-se t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-27 lre noise-m gn target . . . . [...]
-
Page 21
T ABLE OF C ONTENTS xxi Displaying V DSL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-61 show lre ban d-plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-62 show lre op tion-band . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-63 show lre ham-b and . . . . . . . . . . . . . [...]
-
Page 22
T ABLE OF C ONTENTS xxii 31 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . 31-1 spanning-t ree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3 spanning-t ree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-4 spanning-t ree forward- time . . . . . [...]
-
Page 23
T ABLE OF C ONTENTS xxiii vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-8 Configuri ng VLAN Inte rfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-9 interfac e vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-9 switchpor t mode . .[...]
-
Page 24
T ABLE OF C ONTENTS xxiv show que ue bandwid th . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-9 show que ue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-10 Priority C ommands (Layer 3 and 4) . . . . . . . . . . . . . . . . . . . . . . . . . . 33-11 map ip port ( Global Config uration) . . . . . . .[...]
-
Page 25
T ABLE OF C ONTENTS xxv ip igmp snoo ping query-in terval . . . . . . . . . . . . . . . . . . . . . . . . 35-9 ip igmp snoo ping query-max-r esponse-time . . . . . . . . . . . . . . 35-10 ip igmp snoo ping router-po rt-expire-tim e . . . . . . . . . . . . . . . . 35-11 Static Multica st Routing Comm ands . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 26
T ABLE OF C ONTENTS xxvi 37 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 ip dhcp rest art client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 DHCP Relay . . . . . . . . . . . . . . . . . . [...]
-
Page 27
T ABLE OF C ONTENTS xxvi i Section IV Appendices A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -1 Managem ent Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -3 Standards[...]
-
Page 28
T ABLE OF C ONTENTS xxviii[...]
-
Page 29
xxix T ABLES Table 1-1 Key Fea tures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Table 3-1 Web Page Configuration Buttons . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2 Switch M ain Menu . . . . . . . . . . . . . . [...]
-
Page 30
T ABLES xxx Table 20-4 show bme ve rsion - display d escription . . . . . . . . . . . . . 20-11 Table 20-5 show cpu utilization - display description . . . . . . . . . . . 20-12 Table 20-7 System Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . 20-13 Table 20-6 show memory st atus - display de scription . . . . . . . . . . . 20-13 Tabl[...]
-
Page 31
T ABL ES xxxi Table 24-1 Access Cont rol List Com mands . . . . . . . . . . . . . . . . . . . . 24-1 Table 24-2 IP ACL Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 Table 24-3 MAC ACL Comman ds . . . . . . . . . . . . . . . . . . . . . . . . . . 24-16 Table 24-4 ACL Information Commands . . . . . . . . . . . . . . . . . .[...]
-
Page 32
T ABLES xxxii Table 32-5 Commands for Display ing VLAN Information . . . . . . 32-16 Table 32-6 Private VLAN Co mmands . . . . . . . . . . . . . . . . . . . . . . . 32-17 Table 32-7 Protocol-base d VLAN Comma nds . . . . . . . . . . . . . . . . 32-20 Table 32-8 IEEE 802.1Q Tunneling Comman ds . . . . . . . . . . . . . . 32-25 Table 32-9 V LAN Swapp[...]
-
Page 33
xxxiii F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Front Pane l Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 4-1 System Infor mation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Figure 4-2 System Health Informatio n . . . . . . .[...]
-
Page 34
F IGU RES xxxiv Figure 6-5 SSH Server Setting s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 Figure 6-6 802.1X Global Inform ation . . . . . . . . . . . . . . . . . . . . . . 6-21 Figure 6-7 802.1X Global Configuration . . . . . . . . . . . . . . . . . . . . . 6-22 Figure 6-8 802.1X Port Configuration . . . . . . . . . . . . . . .[...]
-
Page 35
F IGU R ES xxxv Figure 10-5 VDSL Perform ance Statistics . . . . . . . . . . . . . . . . . . . . 10-28 Figure 10-6 Alarm Profile Config uration . . . . . . . . . . . . . . . . . . . . . 10-35 Figure 10-7 CPE Informati on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-39 Figure 10-8 CPE Informati on . . . . . . . . . . . . . . . . . . [...]
-
Page 36
F IGU RES xxxvi Figure 14-10 IP Port Prior ity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 Figure 15-1 Configuri ng Class Maps . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Figure 15-2 Configuri ng Policy Map s . . . . . . . . . . . . . . . . . . . . . . . . 15-9 Figure 15-3 Service Po licy Settings . . . . . . . . [...]
-
Page 37
S ECTION I G ETTING S TARTED This secti on pro vid es an o v er view of t he swit ch , and i ntroduce s some bas ic concept s abo ut n etw ork swit che s . It also desc ribe s the b asic sett ings required t o access t he management interfac e. Introdu ction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 38
G ETTING S TAR TED[...]
-
Page 39
1-1 C HAPTER 1 I NTRODUCTION This sw itch provides a broad range of features for La yer 2 switc hing. It include s a managem ent agent that allo ws yo u to con figure the featu res listed in this man ual. T he default configuration can be used for most of the featu res pro vided by this switc h. How ever , there are m any optio ns tha t y ou should[...]
-
Page 40
K EY F EATURES 1-2 User Authentication Console, Tel net, web – Us er name / pass word, RADIUS, TACA CS+ Web – HTTP S Telnet – SSH SNMP v1/2c - Comm unity strings SNMP version 3 – MD5 or SHA password Port – IEEE 802.1X Client Security Private VLANs, I EEE 802.1X, MAC address fi ltering, IP/MAC address pair fil tering, NetBIOS filtering , D[...]
-
Page 41
I NTROD UCTION 1-3 Descri ption of Softwa re Featu res Th e switch provide s a wide rang e of a dvanced per for mance enhanc ing featu res . Flow co ntrol el imina tes the l oss of pack ets due to bo ttlenec ks caused by port saturation . Stor m suppression p revents broa dcast, mult icast and unkn own un icast tr affic storms from engul fing t he [...]
-
Page 42
D ESCRIPTION OF S OF TWAR E F EATURES 1-4 server to v erify the clien t’ s righ t to a ccess t he netw ork via an authen ticati on ser ver (i.e., RADIUS ser v e r). Other aut hentica tion opt ions inc lude HTT PS for secur e management access via the w eb , SSH fo r secure man agement access o ver a T elnet-equiv alent connec tion, SNM P V ersion[...]
-
Page 43
I NTROD UCTION 1-5 P or t T r unking – P or ts can be combi ned into an ag gregate connection . T r unks can be manually set up or dynamic ally configured using IEEE 802.3-2002 (for merly IEEE 802.3ad) Link Ag g regation Control Protocol (LA CP). The additional ports dramatically in crease the t hroughput a cross any con nection, and pro vide red[...]
-
Page 44
D ESCRIPTION OF S OF TWAR E F EATURES 1-6 Spanning T ree Algorithm – The switch suppo rts these span ning tree protoc ols: Spanning T ree Protocol (STP , IEEE 802.1D) – T his protocol provid es loop detect ion. When th ere are multiple physical paths be tween segments, this protoco l will choose a single path and disable all others to ensure th[...]
-
Page 45
I NTROD UCTION 1-7 • Simplif y networ k management for no de chang es/move s by remotely confi guring VLA N membershi p for any p ort, ra ther than havin g to manua lly cha nge the network connecti on. • P rovide data security by restricting all traffic to the originating VLAN . • Use private VLANs to restrict traffic to pa ss only bet ween d[...]
-
Page 46
D ESCRIPTION OF S OF TWAR E F EATURES 1-8 Multicast Filteri ng – Specific multicast traffic can be assigned to its own VLAN to ensure th at it does not in terfer e with normal netw ork tr affic and to guarantee real-time delivery by setting the required priority leve l for the desig nated V LAN . The swi tch u ses IGMP s nooping or query to ma na[...]
-
Page 47
I NTROD UCTION 1-9 System Defaults The swit c h’ s sys tem defaults are provided in the configuration file “Factor y_Default_ Config.cfg. ” To reset th e switch defaults, this file should be s et as the star t up conf iguration file (page 4-20). The following table lists some of the bas ic system defaults . Table 1-2 System Defaults Function [...]
-
Page 48
S YSTEM D EFAULTS 1-10 Web Managemen t HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Community St rings “public” (rea d only) “pri vate” (r ead/w rite) Traps Authenticat ion traps: enabl ed Link-up-down events : enabled SNMP V3 View: defaultview Group: public (r ead on[...]
-
Page 49
I NTROD UCTION 1-11 Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filterin g Disabled Switchport Mode (Egress Mo de) Hybrid: tagged /untagged fra mes GVRP (globa l) Disabled GVRP (port interface) Disabled QinQ Tunneling Disabled Traffic Prioritization Ingress Port Priority 0 Queue Mode WRR Weighted Round Robin Q ueue: 0 1 2 3[...]
-
Page 50
S YSTEM D EFAULTS 1-12 Multicast Filt ering IGMP Snooping Snooping: Enabled Querier: Disable d IGMP Filtering /Throttling Disabled Multicast VLAN Registration Disabled System Log Status Enabled Messages Logg ed Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Han dler Enabled (but no serve r defined) SNTP Clock Synchroni[...]
-
Page 51
2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Swi tch Configuration Opt ions The switc h includes a b uilt-in netw ork management agent. The agent offer s a variety of m anage ment opt ions, including SNM P , RM ON and a web-base d inter face. A PC may also b e conn ected direc tly to th e swit ch for config uration an d monitor ing v[...]
-
Page 52
C ONNECTING TO THE S WITCH 2-2 The swi tch’ s web interfac e, CLI confi gurati on pro gram, and SN MP agent allow you to perf or m the following manage ment func tions: • Set user n ames and pa ssword s • Set an IP int erfa ce for a manage ment VLAN • Con figu re SN MP pa ramet ers • Enable /disable any port • Set th e speed/d uplex mod[...]
-
Page 53
I NITIAL C ONFIGURATION 2-3 T o connect a terminal to th e con sole port, com plete the foll owi ng steps: 1. Connect t he cons ole cab le to the s erial port on a terminal, or a PC r unning ter minal em ulation software, and tighte n the captive retaining screw s on the D B-9 co nnect or . 2. Connect the other end of the ca ble to the RS-232 seria[...]
-
Page 54
B ASIC C ONFIGURATION 2-4 Remote Connections Prior to accessi ng the s witch ’ s onboard a gent via a net wo rk connect ion, you mu st first conf igure it with a valid IP address , subn et mask , and de fault g ateway using a con sole con nection, DH CP or BOO TP protoc ol. An IP address for this sw itch is obtained via DHCP by default. T o man u[...]
-
Page 55
I NITIAL C ONFIGURATION 2-5 Acces s to both CL I levels are co ntrolle d by user name s and pass w ords. The switch has a default user name and password for each lev el. T o log into the CLI at the Privileg ed Exec lev el using the default user nam e and passw ord, pe rform th ese steps: 1. T o initi ate y our conso le conn ection , press <Enter[...]
-
Page 56
B ASIC C ONFIGURATION 2-6 4. T ype “u ser name admi n password 0 passw ord , ” for the Privi leged Exec level, where passwo rd is yo ur new passw ord. Pres s <Ente r>. Setting an IP Address Y ou must est ablish IP address infor mation for the switch to obtain manageme nt access th rough t he net w ork. The switc h can be ma naged through [...]
-
Page 57
I NITIAL C ONFIGURATION 2-7 Using t he ded icated managemen t port pro vides a bac k ch annel for troub leshoot ing when t he switch c annot b e reached th rough t he data network. T o provide addition al secur ity ag ains t eavesdropping o n manag ement traffic, leave the IP address for the data ne tw o rk (i.e., the VLAN con tainin g ports 1- 18)[...]
-
Page 58
B ASIC C ONFIGURATION 2-8 9. Th en follow the ste ps indicated in t he next section t o assign an IP address to this VL AN using manual configuration or automati c config uration via DHCP o r BOOTP . Note: If you put the uplink ports (Ports 17 and 18) in a separate management VLAN, do not change their default VLAN ID. Nor should you remove these p [...]
-
Page 59
I NITIAL C ONFIGURATION 2-9 Before you can assig n an IP a ddress to th e switc h, you m ust obtain the following info r matio n from your ne twork administ rator : • IP address for the sw itch • Network mask for this network • Default gateway f o r the n etwork T o ass ign an IP add ress to the switch, comple te the following steps: 1. Fro m[...]
-
Page 60
B ASIC C ONFIGURATION 2-10 T o automati cally co nfigure the swit ch b y communica ting with BOOTP o r DHCP addr ess alloca tion ser vers on the network, complete the following step s: 1. Fro m the Glo bal Co nfigura tion mod e pro mpt, typ e “inter face vlan 1” to acce ss the interface-co nfigura tion mo de . Press <E nter>. 2. At the in[...]
-
Page 61
I NITIAL C ONFIGURATION 2-11 Enabling SNMP Management Access The swi tc h can be conf igured to accept managem ent com mands from Simple Ne twork Manage ment Prot ocol (SNMP ) application s such as HP OpenView . Y ou can c onfigur e the switc h to (1) respond to SNMP req uests or (2) generate SNMP traps . When SNM P mana gement st ation s send requ[...]
-
Page 62
B ASIC C ONFIGURATION 2-12 T o prev ent unauthoriz ed access to the switc h from SNM P v ersion 1 o r 2c clients, it is recommend ed that you ch ange th e default community strings. T o configure a comm unity string, co mplete th e follo wing s teps: 1. Fr om the Privi leged Ex ec lev el glob al confi guratio n mode prompt , type “s nmp-ser ver c[...]
-
Page 63
I NITIAL C ONFIGURATION 2-13 Then press <E nter>. F or a more det ailed de scription o f these parame ters , see “s nmp-server host” on page 21-6. The fol lo wing example create s a trap ho st for each ty pe of SNM P client . Configur ing Access for S NMP Version 3 Clients T o configure management acce ss for SNMPv3 clients , you need to [...]
-
Page 64
M ANAG ING S YSTEM F ILES 2-14 Managing System Files Th e switch’ s flash me mor y suppor ts three types of syste m files that can be managed b y the CLI pr ogram, web i nterfac e, or SNMP . The switc h ’ s file syste m allow s file s to be uploade d and do wnloade d, copied, dele ted, and set as a start-up file . Th e thre e types of files a r[...]
-
Page 65
I NITIAL C ONFIGURATION 2-15 In the s ystem flash memory , on e file of eac h type must be s et as the start-up file. Durin g a system boot, the diagnostic and o peration co de files set as the start-up file are run, and then the start-up configur ation file is loaded. Note that configuration files should be downloaded using a file name that reflec[...]
-
Page 66
M ANAG ING S YSTEM F ILES 2-16 T o sa ve the cu rrent configura t ion s etti ngs , enter the follo wing comman d: 1. Fro m the Privileg ed Exec mo de prom pt, type “c opy r unni ng-confi g startup- config ” and press <Enter >. 2. Enter th e name of the start-up fil e. Press <E nter>. Console#copy running-config startup-confi g 20-17[...]
-
Page 67
S ECTION II S WITCH M ANAGEMENT This secti on descr ibes the basi c swit ch fe atures , along w ith a d etail ed desc riptio n of ho w to con figure ea ch fe ature v ia a we b bro wser , and a brief exampl e for the Co mmand Li ne Inter face . Configuri ng the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Ba[...]
-
Page 68
S WITCH M ANAG EMENT[...]
-
Page 69
3-1 C HAPTER 3 C ONFIGU RING THE S WITCH Using the We b Interfac e Th is switch provides a n embed ded HTTP web ag ent. U sing a web browse r you c an con figure the swit ch and view st atis tics to monito r netw ork acti vity . T he w eb agent can be ac cesse d by a ny comp uter on t he netw ork using a st andard web br owser (Inte rne t Explore r[...]
-
Page 70
C ONFIGURING THE S WI TCH 3-2 Notes: 1. Yo u are allow ed three at tempts to enter the c orrect pas sword; on th e third fai led atte mpt the current connec tion is terminate d. 2. If you log into th e web interface as guest (Normal Exec level), you ca n view t he conf igura tion set ting s or chan ge the gues t password. If you log in as “admin?[...]
-
Page 71
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-3 Navigati ng the Web Br owser I nterface T o access the w eb-bro w ser inte rface yo u must first enter a us er name a nd passw ord. T he ad ministrator has R ead/W rite access to all configurat ion paramete rs and statis tics . T he defa ult user name a nd password “admin” is used for the adm i[...]
-
Page 72
C ONFIGURING THE S WI TCH 3-4 Configuration Opt ions Configur able parameters ha ve a dialog box o r a dro p-dow n list . Once a config uration cha nge has been made on a pag e, be sure to c lick on the Apply bu tton to con fir m the new setting. The fol lowing table summa rizes the w eb p age config uratio n butt ons . Notes: 1. To ensur e prope r[...]
-
Page 73
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-5 Main Menu Using t he onbo ard w eb agent, y ou can defin e syst em paramet ers , manage and control the switch, and all its por ts, or monitor network condition s . The following table briefly des cribes the selection s av ailab le from this prog ram . Table 3-2 Switch Main Men u Menu Des cription [...]
-
Page 74
C ONFIGURING THE S WI TCH 3-6 Reset Restarts the switch 4-36 SNTP 4-37 Configuration Configures SNTP client settings, including a s pecified list of servers 4-3 7 Clock Time Zone Sets the local time zone for the system clock 4-39 SNMP 5-1 Configura tion C onfigure s community strings and related trap functions 5-4 Agent Statu s Enables or disab les[...]
-
Page 75
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-7 802.1X Port au thentication 6-19 Information Displays gl obal configuration s ettings 6-21 Configura tion Configures glob al configurati on parameters 6-22 Port Configuration Sets the a uthentication mode for individual ports 6-23 Statistic s Displays protoc ol stat istics for the s elected port 6-[...]
-
Page 76
C ONFIGURING THE S WI TCH 3-8 Trunk Configu ration Configure s trunk connectio n settings 9-4 Trunk Membership Specifies po rts to group into static trunks 9-9 LACP 9-11 Configuration A llows ports to dynamically join trunks 9-11 Aggregat ion Port Configure s parameters for link agg regation group members 9-1 3 Port Counters Inform ation Displays s[...]
-
Page 77
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-9 VDSL 1 0-1 Global Confi guration Configures global VDSL vari ables which can be applied to all ports 10- 1 VDSL Port Configura tion Configure s communication parameters for VDSL ports 10- 7 Line Profile Configura tion Configure s a list of commu nication paramete rs which can be applied t o all VDS[...]
-
Page 78
C ONFIGURING THE S WI TCH 3-10 Spanning Tree 12-1 STA Information Displays STA values used for the bridg e 12-4 Configura tion Co nfigures glob al bridge set tings for STP, RST P and MSTP 12- 8 Port Information Displays individ ual port settings for STA 12-13 Trunk Information Displays individual trunk setting s for STA 12-13 Port Configuration Con[...]
-
Page 79
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-11 Static Membership by Port Configures membership type for interfaces, including tagged, un tagged or forbidden 13-14 Port Configuration S pecifies default PVID and VLAN attributes 13-15 Trunk Configuration Specif ies default trunk VID and VLAN attributes 13-15 Privat e VLAN 13-18 Status Ena bles or[...]
-
Page 80
C ONFIGURING THE S WI TCH 3-12 IPv6 Mapping Assigns IPv6 tr affic classes to one of the Class-of-S ervice values 14-15 IP Port Priority Status Globally enables or disables IP Port Priority 14-16 IP Port Priority Sets TCP/UDP port priority, defining the socket number and asso ciated class-of-s ervice value 14-11 QoS 15-1 DiffServ Configure QoS class[...]
-
Page 81
N AVIGATIN G THE W EB B RO W SE R I NTE RFA CE 3-13 IGM P Filter/ Thrott l in g Trunk Configuration Assigns IG MP filter profiles to tru nk interfaces and sets throttle mode 16-18 MVR 16-20 Configuration Globally ena bles MVR, sets the MVR VLAN, adds multicast st ream addresse s 16-21 Port Information Displays MVR interfa ce type, MVR operational a[...]
-
Page 82
C ONFIGURING THE S WI TCH 3-14[...]
-
Page 83
4-1 C HAPTER 4 B ASIC M ANAGEMENT T ASKS This c hapte r descr ibes t he ba sic func tions required to set up mana g ement access to the switc h, displa y or upg rade operati ng so ftw are, or reset the system . Display ing System Info rmation Y ou can easi ly iden tify t he syst em b y displa ying the devic e name , loca tion and conta ct informati[...]
-
Page 84
B ASIC M ANAG EMENT T ASKS 4-2 • Web Secure Serv er Port – Shows the TCP port used by the HTTPS interface. • Telnet Server – Shows if management access via Telne t is enabled. • Telnet Server Port – Shows the T CP port used b y the Telne t inter face. • Authentication Log in – S hows the us er lo gin au thenticati on se quence. • [...]
-
Page 85
D ISPLAY ING S YSTEM I NFOR MATION 4-3 CLI – Specify the h ostname, location and contact infor m ation. Console(config)#hostname R&D 5 20-2 Console(config)#snmp-server location WC 9 21-5 Console(config)#snmp-server contact Ted 21-5 Console(config)#exit Console#show system 20-8 System Description: TigerAccess(TM) SMC7816M/VSW System OID String[...]
-
Page 86
B ASIC M ANAG EMENT T ASKS 4-4 Display ing System Health Use the Sy stem Health Infor matio n page to display the status of the fa ns , internal temperature, main board, CPU , and system memory . Field Attribut es General Status • Fan Status – The fan’s fun ctioning status. • Fan Failed Times – The number of times the fan h as fail ed sin[...]
-
Page 87
D IS PLAYING S YSTEM H EALTH 4-5 • Free Amount – Amou nt of memo ry curr ently fr ee for u se. • Freed / Total – Percent age of free m emory com pared to total me mory. • Utiliza tion Raising Alarm Thre shold 1 – Rising thre shold f or memory utilization alarm. (Range: 1-100 %; Default: 90%) • Util izatio n Fal ling Ala rm Threshol d [...]
-
Page 88
B ASIC M ANAG EMENT T ASKS 4-6 CLI – Use the fo llo wing co mmands t o dis play the stat us of th e CPU and system mem or y . Console#show cpu utilization 20-11 CPU current utilization : 73% Max utilization in 10s: 73% Avg utilization in 10s: 73% peak utilization: 73% peak utilization begin : 02:33:50 01 /01/2001 peak utilization during: 10(s) ut[...]
-
Page 89
D ISPLAY IN G H ARDW AR E /S OFTWARE V ERSIONS 4-7 Displaying Hardware/Software Versions Use the Switch Infor matio n page to d isplay hardware/fir mware v ersion numbe rs for the main board an d management softwa re, as well as t he pow er status of th e system. Field Attribut es Main Bo ard • Serial Number – Serial number of main board. • N[...]
-
Page 90
B ASIC M ANAG EMENT T ASKS 4-8 These additi onal param eters are disp laye d for the CLI. • Unit ID – Unit number in st ack. • BME firmware version – Version num ber of Bu rst Mode Engine. We b – Click System, Switch Infor mation . Figure 4-3 Switch Information[...]
-
Page 91
D ISPLA YIN G B RIDGE E XTEN SIO N C APABILITIES 4-9 CLI – Use the followin g command to display version infor mation. Display ing Bridge Extens ion Capabil ities Th e Bridg e MIB includ es extens ions for ma naged devices th at suppor t Multicast Filtering , T raffic Classes, and V irtual LANs . Y ou can access t hese exten sions to disp lay def[...]
-
Page 92
B ASIC M ANAG EMENT T ASKS 4-10 • Configurable PVID Tagging – This sw itch allows you to o verride the def ault Port VLAN ID (P VID use d in f rame tags ) and egr ess stat us (VLAN- Tagged o r Unta gged) o n each p ort. ( Refer to “VLAN Configuration” on page 13-1.) • Local VLAN Capable – This sw itch does not supp ort multiple local br[...]
-
Page 93
S ETTING THE S WITCH ’ S IP A DDRESS 4-11 CLI – Enter the following command. Setting th e Switch’ s IP Address Th is section d escribe s how to config ure an IP interfa ce for m anage ment access ov er the netw ork. The IP addres s for t his switc h is obtained via DHCP b y default . T o manual ly co nfigure an addres s , yo u need to ch ange[...]
-
Page 94
B ASIC M ANAG EMENT T ASKS 4-12 will not func tion u ntil a re ply has been received from th e server. Requests will be broadc ast periodically by the switch for an IP addres s. (DHCP/BOOTP values can include the IP ad dress, subnet mask, and default ga teway.) • IP Address – Address of th e VLAN to whic h the manage ment stat ion is atta ched.[...]
-
Page 95
S ETTING THE S WITCH ’ S IP A DDRESS 4-13 CLI – Specify t he mana gement interface , IP ad dress an d default gatew ay . This examp le first sets up a dedica ted VLA N for ma nagement acces s . It adds P or t 19 (t he management port) to that VLAN and also remov es this port from th e VLAN 1, whic h is left for u se by the d ata netw ork. It th[...]
-
Page 96
B ASIC M ANAG EMENT T ASKS 4-14 Using DHCP/BOO TP If you r network p rovide s DHCP /BOO TP ser vices, you can conf igure the switc h to b e dynamic ally co nfigur ed by t hese se r vices . We b – Click System, IP Configuratio n. Specify the VLAN to whic h the manag ement st ation is attache d, set the IP Address Mode to DH CP or BOOTP . Click App[...]
-
Page 97
S ETTING THE S WITCH ’ S IP A DDRESS 4-15 This examp le first sets up a dedica ted VLA N for ma nagement acces s . It adds P or t 19 (t he management port) to that VLAN and also remov es this port from th e VLAN 1, whic h is left for u se by the d ata netw ork. It then specifies th e manag ement int erface , IP ad dress and de fault gat eway . F [...]
-
Page 98
B ASIC M ANAG EMENT T ASKS 4-16 Configu ring Suppo rt for Jumb o Frames The switc h pro vides more effic ient th roughput fo r large seq uential d ata transfer s by suppor ting jumb o frames up to 9216 bytes . Compar ed to standard Ethernet frames that r un only up to 1.5 KB , using jumbo frames signi ficant ly reduce s the p er -pac ket o v erhea [...]
-
Page 99
M ANAGIN G F IR MW ARE 4-17 Managing Firmwa re Y ou can uploa d/downloa d fir mware to or from a TF TP ser ver. By savi ng r untime code to a file on a TFTP ser v er, that file can later be downloaded to the sw itch to restor e opera tion. Y ou can a lso set th e switch to us e new fir mware without overwriting the previous version. Y ou must speci[...]
-
Page 100
B ASIC M ANAG EMENT T ASKS 4-18 Downloading System Software from a Server When do wnlo ading runtime code , yo u can s pecify t he dest inati on fi le name to replace the cu rrent image, or fi rst do wnload the fil e using a differe nt name from the c ur rent r unt ime code file , and the n set t he new file as the star tup file. We b – Click Sys[...]
-
Page 101
M ANAGIN G F IR MW ARE 4-19 If you download to a new destinatio n file, go to t he File Manageme nt, Set Start-Up me nu, mark the operation code file used at startup , and click Apply . T o start the new fi r mwa re, reboot th e system via the Sys tem/R eset menu. Figure 4-9 Setting the Startup Code T o delete a file select Syst em, File Management[...]
-
Page 102
B ASIC M ANAG EMENT T ASKS 4-20 T o start the new fir mwa re, en ter th e “reload” command or reb oot the system . Saving or Resto ring Conf iguratio n Settings Y ou can upload /downloa d configur ation sett ings to/fr om a TFTP s er ver , or copy files to and from switch units in a stack. The confi guration file can be later downlo aded to re [...]
-
Page 103
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-21 - run ning-c onfig to file – Copies the running configuration to a file. - runni ng-c onfi g to startup -conf ig – Copies th e runn ing co nfig to the startup c onfig. - run ning- conf ig to tftp – Copies the ru nning config urati on to a TFTP server. - startup-c onfig to file – C opies th[...]
-
Page 104
B ASIC M ANAG EMENT T ASKS 4-22 Downloading Configuration Setting s from a Server Y ou can do wnlo ad the co nfig uratio n fi le under a new f ile na me an d then set it as the s tartup file , or y ou can speci fy the c urrent startup configuration file as the desti nation file to directly re place it. Note t hat the file “Factor y_D efault_ Conf[...]
-
Page 105
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-23 If you downloa d to a new f ile name us ing “tftp to star tup-co nfig” or “tf tp to file, ” t he file is automatica lly set as the start-up c onfiguration file. T o use the ne w sett ings , reboot th e syst em via the System/R eset men u. Y ou can also select any configuration file as the [...]
-
Page 106
B ASIC M ANAG EMENT T ASKS 4-24 Console Port Settings Y ou can access the onboard configuration program by attaching a VT100 compa tible de vice to the swit ch’ s serial co nsole port. Managemen t acce ss throu gh the co nsole po rt is contro lled by various parame ters, includin g a password, time outs, and basic com munication se ttings. These [...]
-
Page 107
C ONSOLE P ORT S ETTINGS 4-25 device connected to the serial por t. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Au to; Default: Auto) • Stop Bits – Sets the numb er of the stop b its transmit ted per byte. ( R a n g e :1 - 2 ;D e f a u l t : 1 s t o p b i t ) • Password 2 – Specifi es a pas sw ord for th e line co nnection . When a c[...]
-
Page 108
B ASIC M ANAG EMENT T ASKS 4-26 CLI – Enter Li ne Confi guratio n mode for the c onsole , then specif y the connec tion p aramete rs as required. T o displa y the current conso le port settings, use th e show line command from the Nor mal Ex ec level. Telnet Settings Y ou can acce ss the onbo ard conf igur ation program ov er the ne tw ork using [...]
-
Page 109
T ELNET S ETTINGS 4-27 • Login Timeout – Sets th e interval that the sys tem wai ts for a user t o log into the CLI. If a login att empt i s n ot dete cted withi n the t imeou t inte rval, the connect ion is t erminat ed for th e sessi on. (Range: 0 - 300 second s; Default: 300 seconds) • Exec Timeout – Sets the int er val that the system w[...]
-
Page 110
B ASIC M ANAG EMENT T ASKS 4-28 We b – Click Sys tem, Line , T elnet. Speci fy the co nnection paramete rs for T elnet access , then c lick Appl y . Figure 4-14 Configuring the Telnet Interface CLI – Enter Line Conf iguration mode fo r a virtual ter minal, the n specify the co nnection p arameters as require d. T o disp lay the cur rent virtual[...]
-
Page 111
C ONFIGURING E VENT L OG GING 4-29 Conf igurin g Even t Logging The switch allows you to control the log ging of er ror messages, including the ty pe of ev ents that are record ed in sw itc h memory , log ging to a rem ote System Log (sys log) server , and di spla ys a list of re cent eve nt messages . System Log Configurat ion The syst em allo ws [...]
-
Page 112
B ASIC M ANAG EMENT T ASKS 4-30 • RAM Level – Limits l og messages saved to th e switch ’s tem pora ry RAM memory for all levels up to the specifi ed level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: The Flash Level mus t be equal to or less than th e RAM Le[...]
-
Page 113
C ONFIGURING E VENT L OG GING 4-31 CLI – Enable system log gin g and t hen spe cify th e lev el of mess ages to be logg ed to RAM and flash m emory . Use th e show lo gging command to disp la y the current s ett ings . Remote Log Configuration The Remote Logs pag e allows yo u to configure the log gin g of messages that are sent to sysl og ser ve[...]
-
Page 114
B ASIC M ANAG EMENT T ASKS 4-32 • Host IP Address – Specifie s a new se r ver IP add ress to add to the Hos t IP List. We b – Click System, Logs , Remo te Logs . T o add an IP add ress to the Hos t I P L i st , t y p e t h e n e w I P a d d r e s s i n t h e H o s t I P Ad dr e s s b ox , a n d t h e n c l i c k Add. T o delete an I P address[...]
-
Page 115
C ONFIGURING E VENT L OG GING 4-33 CLI – Enter the syslo g ser ver host IP address , choose the facility type and set the log ging trap . Displaying L og Messa ges Use the Log s page to scrol l throug h the logged system and ev ent messages . The switch can store up to 2048 log entries in temporar y random access memor y (RAM; i.e., memory f lush[...]
-
Page 116
B ASIC M ANAG EMENT T ASKS 4-34 CLI – This exampl e sho ws th e ev ent mes sage sto red in RAM. Sending Simple Mail Transfer Protocol Alerts T o alert syst em admini strato rs of problems , the switc h can us e SMTP (Simple Mail T r ansfer P rotocol ) to se nd email messag es when trig g ered by log ging ev ents of a specif ied lev el. The messag[...]
-
Page 117
C ONFIGURING E VENT L OG GING 4-35 We b – Clic k System, Log, SMTP . Enable SMTP , specify a source email address , and select the minimum sev erity leve l. T o add an IP address to the SMTP Ser v er List, typ e the new I P address in t he SMTP Server field and click Add. T o delete an I P address , click the entr y in the SMTP Ser ver List and c[...]
-
Page 118
B ASIC M ANAG EMENT T ASKS 4-36 CLI – Enter the IP addr ess of at least one SMTP s er v er, set the sysl og severity lev el to trig g er an email messag e, and specify the switch (source) and up to five recipie nt (desti nation) em ail address es . Enable SM TP with the logging sendmai l command to com plete th e con figuratio n. Use th e show lo[...]
-
Page 119
S ETTING THE S YSTEM C LOCK 4-37 CLI – Use th e rel oad co mmand to restart th e switch . Note: When restarting th e system, it will always run the Power-On Self-Test. Setting th e System Cl ock Simple Network Time Protocol (SNTP) allows the switch to set its int ernal cloc k based on periodic up dates fro m a tim e server (SNTP or NTP) . Maintai[...]
-
Page 120
B ASIC M ANAG EMENT T ASKS 4-38 • SNTP Ser ver – Sets the I P addres s for up to thr ee time s ervers. Th e switch att empts to up date the time from the first serv er, if this fails it attempts a n update fr om the next ser ver in the se quence. We b – Select SNTP , Conf iguration . Modify any of the re quired parameters , and click Apply . [...]
-
Page 121
S ETTING THE S YSTEM C LOCK 4-39 Setting the Time Zone SNTP uses Co ordinat ed Univ ersal Time (o r UTC , formerly Greenwic h Mean T ime , or GMT) bas ed on the ti me at the Ea rth’ s prime m eridi an, zero deg rees long itude. T o d isplay a time corr esponding to your local time, you mu st ind icat e the numb er of hours and minute s you r time[...]
-
Page 122
B ASIC M ANAG EMENT T ASKS 4-40[...]
-
Page 123
5-1 C HAPTER 5 S IMPLE N ETWORK M ANAGEME NT P ROTOCOL Simple Ne twork Manage ment Prot ocol (SNMP) is a communica tion protoc ol desig ned spec ifically f or managi ng device s on a network. Equipmen t commo nly managed with SNMP include s switc hes , routers and h ost compu ters. SNM P is typ ically use d to c onfi gure thes e de vices for prope [...]
-
Page 124
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-2 Access to the switch using from c lients using SNMPv3 provides additional securi ty featur es that co ver message in tegrity , auth entica tion, and encr yption; as well as controlling use r access to specific areas of th e MIB tree. Th e SNMP v3 secur ity str u cture c onsis ts of secu rity mod els, [...]
-
Page 125
5-3 Note: The predef ined defaul t grou ps and vi ew can be delete d from t he system . You ca n then def ine customized grou ps and views f or the SNMP clients that require access. v3 AuthNoPriv user defined user defined user defined user defined Prov id es user authenticati on via MD5 or SH A algori thms v3 AuthPriv user defined user defined user[...]
-
Page 126
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-4 Enabling t he SNMP Agen t Enables SNMPv3 ser vice for all m anageme nt clients ( i.e., v ersions 1, 2c , 3). Command Att ribut es SNMP Age nt Status – Enables SNMP on the switch. We b – Click SNMP , Ag ent Status . Enable the SNMP Agent by mar king the Enable d c heckbo x, and click App ly . Figur[...]
-
Page 127
S ETTING C OMMUNITY A CCESS S TRINGS 5-5 • Community String – A community s tring that ac ts like a password and permits access t o the SNM P proto col. Default str ings: “public ” (read-only a ccess), “p rivate” (rea d/write a ccess) Range: 1-32 cha racters, ca se sensitive • Acce ss Mode – Spec ifies t he acces s right s for the c[...]
-
Page 128
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-6 Specifyi ng T rap Man agers a nd Tra p Types T rap s indicatin g status chang es are iss ued by the switch to specifie d trap managers . Y ou m ust speci fy trap managers so th at k ey ev ents are r epor ted by this switch to your man ageme nt station (u sing network manag ement platforms such as HP O[...]
-
Page 129
S PECIFYING T RAP M ANAG ERS AND T RAP T YPES 5-7 To se nd an in form to a SNMPv3 host , comp lete thes e steps : 1. Enable the SN MP ag ent (pag e 5-4). 2. E nable trap inf or ms as desc ribed in the following p ages. 3. Cr eate a view with the requ ired notific ation messages (page 5-24 ). 4. Cr eate a group that includes the req uired not ify vi[...]
-
Page 130
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-8 • Trap Inform – Notific ations are se nt as inform mes sages. N ote that th is option is only available for v ersion 2c and 3 hosts . (Default: traps are used) - Timeout – The number of seconds to wai t for an acknowl edgment before resending an inform message. (Range: 0-2147483647 centiseconds;[...]
-
Page 131
S PECIFYING T RAP M ANAG ERS AND T RAP T YPES 5-9 We b – Click SNMP , Con figuration. En ter the IP addres s and co mmuni ty string for each manage ment station t hat will receiv e trap messag es , specify the UDP port , SNMP trap ve rsion, trap security level (for v3 clients), trap infor m settin gs (for v2c/v3 clients), and then click Add. Sele[...]
-
Page 132
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-10 Configu ring SN MPv3 Manage ment Acc ess T o configure SNMPv3 man agement a ccess to t he swi tch, fo llow these step s: 1. I f you want to chang e the defau lt engine ID , do so be fore co nfigurin g other SNMP p arameters . 2. Specify re ad and write a ccess views for the switc h MIB tree . 3. Conf[...]
-
Page 133
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-11 We b – Click SNMP , SNMPv3 , Engine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Sav e. Figure 5-4 Setting the SNMPv3 Engine ID CLI – This example sets an SNMPv3 engine ID . Specifying a Remote Engine ID T o send inform messages to an SNMPv3 user on a remote device , yo u [...]
-
Page 134
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-12 We b – Click SNMP , SNMPv3, Remote En gine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Sav e. Figure 5-5 Setting an Engine ID CLI – This example sp ecifies a r emote SNMPv3 eng ine ID . Configuring SNM Pv3 Users Each S NMPv3 user is define d by a unique name. User s must [...]
-
Page 135
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-13 - AuthP riv – SNMP c ommunicat ions use bo th authenti cation a nd encrypt ion (on ly availa ble for the SNM Pv3 security m odel). • Authentication Proto col – Th e method u sed for user a uthentic ation. (Options: MD5, SHA; Default: MD5) • Authentication Password – A mi nimum of eight pla [...]
-
Page 136
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-14 We b – Click SNMP , SNMPv3, Use rs . Click New to configure a user name. In the New Use r page, define a name and assi gn it to a group , then clic k Add to save the configuration and retur n to the User Nam e list. T o delete a user , check t he bo x next to th e user name , then clic k Delete . T[...]
-
Page 137
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-15 CLI – Use the snm p-ser ver use r command to co nfigur e a new user name and assi gn it to a group . Configuring Remote SN MPv3 Users Each S NMPv3 user is define d by a unique name. User s must be conf igure d with a specific security level and assigned to a g roup . The SNMPv3 g roup restrict s us[...]
-
Page 138
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-16 • Security Model – The user securi ty model; SNMP v1, v2c or v3. (Default: v1) • Security Level – The secu rity l evel used fo r the use r: - noAuthNoPri v – There is no authenti cation or encryption us ed in SNMP communic ations. (This is the de fault for SNMPv3.) - AuthNoP riv – S NMP c[...]
-
Page 139
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-17 We b – Click SNMP , SNM Pv3, Re mote User s . Click New to config ure a user name . In the New User page, define a name and a ssign it to a group , then click Add to save the c onfiguration and retur n to t he User Name lis t. T o d elete a user, check the b ox next to the u ser nam e, then click D[...]
-
Page 140
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-18 CLI – Use the snm p-ser ver use r command to c onfigur e a new user name and assi gn it to a g r oup. Configuri ng SNMPv3 Groups An SNMPv3 g roup set s the access po licy f or its as signed us ers, re stricting them to spec ific read, w rite, a nd not ify views . Y ou ca n use the pr e-def ined def[...]
-
Page 141
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-19 • Notify View – The confi gured view f or noti ficatio ns. (Rang e: 1-64 charact ers) Table 5-2 Supported Notification Messages Object La bel Object ID Description RFC 1493 Traps newRoot 1.3.6.1.2. 1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning [...]
-
Page 142
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-20 linkDown * 1.3.6. 1.6.3.1.1.5.3 A linkDown trap signifi es that the SNMP entity, acting in an agent role, has detected that the ifOperStatus object for o ne of its communication links is about to enter the down state from some other state (b ut not from the notPresent state). This other s tate is ind[...]
-
Page 143
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-21 RMON Ev ents (V2) ris ing Alar m 1.3. 6.1. 2.1 .16 .0.1 The SNM P tra p that i s g ener ated when an alarm entry crosses its rising threshold and generates an event that is configu red for sending SNM P traps. fallingAlarm 1.3.6.1.2. 1.16.0.2 The SNMP trap that is generated when an alarm entry crosse[...]
-
Page 144
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-22 swThermalRising Notification 1.3.6.1.4. 1.202.40.2.6. 2.1.0.58 Th is trap is sent when the temperature exceed s the switchThermalAction RisingThre shold. swThermalFalling Notification 1.3.6.1.4. 1.202.40.2.6. 2.1.0.59 Th is trap is sent when the temperature falls belo w the switchThermalAction Fallin[...]
-
Page 145
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-23 We b – Click SNMP , SNM Pv3, Groups. Clic k New to configure a new g roup . In the Ne w Group pag e, define a na me, assign a security model and level, and then select read, write, and notify views. Clic k Add to save the new group a nd ret urn to the Gr oups list. T o dele te a group , chec k the [...]
-
Page 146
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-24 CLI – Use th e snm p-se r ver g ro up command to c onfigu re a new group , specif ying th e securi ty mode l and lev el, and rest rictin g MIB a ccess t o defi ned r ead an d wri te vi ews . Setting SNMPv3 Views SNMPv3 views are us ed to restr ict user acces s to speci fied portions of th e MIB tre[...]
-
Page 147
C ONFIGURING SNMP V 3 M ANAG EMENT A CCES S 5-25 We b – Click SNMP , SNMPv3, Views . Click New to configure a new view . In the N ew Vie w page, define a nam e and sp ecify OID subtr ees in th e switc h MIB to b e includ ed or ex cluded in the vi ew . Clic k Bac k to sa v e the new view a nd return to th e SNMPv3 Vi ews list. F or a sp ecific vi [...]
-
Page 148
S IMPL E N ETWORK M ANAGEME NT P RO T OC OL 5-26 CLI – Us e the snmp-ser ver view comma nd to co nfigur e a new view . Th is exampl e view inc ludes the MIB-2 int erfaces t able , and t he wildca rd mask selects all inde x entries . Console(config)#snmp-server view ifEntry.a 1.3.6.1.2. 1.2.2.1.1.* included 21-13 Console(config)#exit Console#show [...]
-
Page 149
6-1 C HAPTER 6 U SER A UTHE NTICA TION Y ou can co nfigur e thi s swi tch to authentic ate u sers l og ging into the s ystem for manag ement a ccess using local or remote authentica tion met hods . P ort-based authentication using IEEE 802.1X can also be configured to control either m anagement acc ess to th e upli nk ports or cl ient acces s 5 to [...]
-
Page 150
U SER A UTH ENTIC ATION 6-2 The default gue st name is “gue st” with the passw ord “guest. ” The default administ rator name is “a dmin” wit h the password “adm in. ” Command Att ribut es • Account List – D isplays the curr ent lis t of use r accounts and asso ciated access levels . (Defaul ts: admi n, and guest) • New Account[...]
-
Page 151
C ONFIGURING L OCAL /R EMOT E L OGON A UTHENTICATION 6-3 CLI – Assign a user name to acc ess-level 15 ( i.e ., ad ministra tor), then speci fy the p assw ord . Conf igurin g Local/ Remote Logon Authen ticat ion Use the Authen tication Settings men u to restrict managem ent access based o n specifi ed user names an d passwords. Y ou can manually c[...]
-
Page 152
U SER A UTH ENTIC ATION 6-4 Command Usage • By default, manage ment acces s is alw ays checke d against the authen tication d ataba se stor ed on the lo cal swit ch. If a remote authen ticati on ser ver is us ed, you m ust sp ecify t he authent ication sequenc e and the corresp onding paramet ers for the remot e authen tication pro toco l. Local [...]
-
Page 153
C ONFIGURING L OCAL /R EMOT E L OGON A UTHENTICATION 6-5 - ServerIndex – Spe cifies one o f five R ADIUS server s tha t may be conf igured. The s witch att empts authentica tion u sing the li ste d sequenc e of servers . The proces s ends when a server eith er appro ves or de nies ac cess to a user . - Server IP Address – A ddres s of au then t[...]
-
Page 154
U SER A UTH ENTIC ATION 6-6 We b – Click Se curity , Authen tication S ettings . T o configure loc al or remot e authen tica tion p referen ces , specify the au thenti catio n seq uence (i.e., one to thr ee methods), fill in the parame ters for RAD IUS or T A CA CS+ authen tication if sel ected, and clic k Apply . Figure 6-2 Authentication Server[...]
-
Page 155
C ONFIGURING HT TPS 6-7 Conf igurin g HTTPS Y ou can con figure the switc h to en able the Secure Hyp ertext T ransfer Proto col (HTT PS) over the Sec ure Socket Laye r (SSL), providing se cure access (i.e ., an encrypted connect ion) t o the s witc h’ s web in terface . Command Usage • Both the HTTP and HT TPS service can be enabled i ndepend [...]
-
Page 156
U SER A UTH ENTIC ATION 6-8 • The follow ing web bro wsers an d operating s ystems c urrent ly suppor t HTTPS: • To specify a secure-s ite certif icate, see “Replacing the Defau l t Secure-s ite Cer tif ica te” on pa ge 6 -9. Command Att ribut es • HTTPS St atus – Allows you to enable/disable the HTTPS server featu re on th e swit ch. ([...]
-
Page 157
C ONFIGURING HT TPS 6-9 Replacing the Default Secure-site Certificate When you log onto the web interface using HTT PS (for secure access) , a Secure Soc kets La yer (SSL) certificate a ppears for t he switc h . By d efault, the cer tificate that Netscape and In ternet Explorer display will be associa ted with a warning t hat the s ite is n ot reco[...]
-
Page 158
U SER A UTH ENTIC ATION 6-10 Conf iguring th e Secu re Shell The Berkley-stan dard includes remote access tools originally design ed for Unix sys tems . Some of thes e tools have also been imp lemente d for Micros oft Windows a nd other environm ents . The se tool s , inclu ding comma nds suc h as rl ogin (r emote log in), rsh (remote shell ), and [...]
-
Page 159
C ONFIGURING THE S ECURE S HELL 6-11 T o u se the SS H ser ver, comple te thes e ste ps: 1. Generate a Host Key P air – On the SSH Ho st K ey Settin gs page, create a host pu blic/pr iva te key pa ir . 2. Pr ovide Host Public Key to Clients – Many SSH client prog rams automatically impo rt the host public key during the initial conn ection setu[...]
-
Page 160
U SER A UTH ENTIC ATION 6-12 6. Authentication – One of the following a uthentic ation method s is emplo yed: P asswo rd Authe ntication (for SS H v1.5 or V2 Clients) a. Th e client se nds its pa ssword to the ser ver . b . T he swi tch compa res th e clie nt's pa ssword to tho se stor ed in memo r y . c . If a match is found, the c onnectio[...]
-
Page 161
C ONFIGURING THE S ECURE S HELL 6-13 Authenticating SS H v2 Clients a. The client first querie s the switch to deter mine if DSA pub lic key authe ntication u sing a pref err ed alg orithm is acce ptable. b . If the s pecified a lgo rithm is su ppor ted by the switch, it not ifies the client to procee d with the a uthentic ation pro cess . Otherw i[...]
-
Page 162
U SER A UTH ENTIC ATION 6-14 • Host-Key Type – The key type used to gene rate the ho st key pair (i.e., public and p rivate keys). (Rang e: RSA, DSA, Both: Defa ult: Both) The SSH server us es RSA or DSA for key exchange wh en the client first establ ishe s a conn ection with th e switch , and t hen neg otiates with t he client to select eit he[...]
-
Page 163
C ONFIGURING THE S ECURE S HELL 6-15 We b – Click Security , SSH, Host-Key Settings . Select the host-key type from th e drop-down box, select the option t o save the ho st key from memor y to flash (i f required) prio r to generating the k ey , and then click Generate. Figure 6-4 SSH Host-Key Settings[...]
-
Page 164
U SER A UTH ENTIC ATION 6-16 CLI – This example gen erates a h ost-k ey pair using both t he RSA a nd DSA algor ithms , stores the keys to flash memor y , and then displays the host’ s p ublic keys . Configuring th e SSH Server The SSH server inc ludes b asic se ttings for auth enticatio n. Field Attribut es • SSH Se rver S tatus – A llows [...]
-
Page 165
C ONFIGURING THE S ECURE S HELL 6-17 • SSH Authentication Retri es – Spec ifies the number of auth entic ation attempts that a clie nt is allowed before authenticat ion fails and the client has to res tart the auth enticatio n process. (Ra nge: 1-5 times; Default: 3) • SSH Server-Key Size – Sp ecifies t he SSH se rver key si ze. (Ran ge: 51[...]
-
Page 166
U SER A UTH ENTIC ATION 6-18 CLI – T his examp le enable s SSH, set s the auth enticatio n paramete rs , and disp lays the cur rent configur ation. It sh ows th at the adminis trator has made a c onnecti on via SHH, and t hen di sables this co nnecti on. Console(config)#ip ssh server 22-25 Console(config)#ip ssh timeout 100 22-26 Console(config)#[...]
-
Page 167
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-19 Configuri ng 802.1X Port Authent ication Netw ork swit ches can pro vide o pen and e asy access to net w ork resour ces by simply attaching a client PC. Althoug h this automatic configuratio n and access is a desirable feature , it also allows unauthorized personnel to easily intr ude and poss ibly ga [...]
-
Page 168
U SER A UTH ENTIC ATION 6-20 releases . The clien t responds to the approp riate method with its credent ials , such as a p assw ord or certificate . T he RADIUS s er v er v erifies the cli ent cred entials and r esponds with an accept or reject pa cket. If authen tica tion is success ful, t he switc h allow s the cli ent to access t he netw ork. O[...]
-
Page 169
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-21 Displaying 802.1X Global Settings The 802.1X protocol provides port authenticatio n. Command Att ribut es 802.1X System Authentication Control – The global s etting for 802.1X. We b – Click Security , 802. 1X, Infor mation. Figure 6-6 802.1X Global Information CLI – This example shows the default[...]
-
Page 170
U SER A UTH ENTIC ATION 6-22 Configuring 802.1X Global Settin gs The 802.1X protocol provides port authentication. T he 802.1X protocol mus t be ena b led global ly for t he swi tch s ystem be fore po rt setting s are activ e. Command Att ribut es 802.1X System Authentication Control – Sets th e global setting for 802.1X. (Default: Disabled) We b[...]
-
Page 171
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-23 Configuring P ort Settings for 802.1X When 802.1X is enabled, you need to configure the p arameters for the authen tication pr ocess that runs betw een the cl ient and the switc h (i. e., authen tica tor), as well as th e clie nt ident ity l ookup pro cess th at runs betwee n the switch and auth entica[...]
-
Page 172
U SER A UTH ENTIC ATION 6-24 • Re-authentication Period – S ets t he ti me per iod after w hich a connected clien t must be re-authenticated. (Range: 1-65535 seconds; Default: 3600 secon ds) • TX Period – Sets the time perio d during an a uthen tic ation s essi on tha t the s witch waits before re-transm itting an EAP packet. (Range: 1-6553[...]
-
Page 173
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-25 CLI – This example sets the 802.1X parameters on port 2. For a description of th e additional fields disp layed in this example, see “show dot1x” on page 22-41. Console(config)#interface ethernet 1/2 25-2 Console(config-if)#dot1x port-control aut o 22-36 Console(config-if)#dot1x re-authenticatio [...]
-
Page 174
U SER A UTH ENTIC ATION 6-26 Displaying 802.1X Statistics This sw itch can display statistics for dot1x proto col ex changes for any por t. Reauthentication State Machine State Initialize . . . . 802.1X is disabled on port 1/19 Console# Table 6-2 802.1X Statistics Parameter Description Rx EAPOL Start The number of EA POL Start frames that have bee [...]
-
Page 175
C ONFIGURING 802.1X P ORT A UTHENTICATION 6-27 We b – Sele ct Security , 802.1X, Statistics . Select the require d port and then click Query . Click R efresh to update the statist ics . Figure 6-9 802.1X Port Statistics CLI – This example displays the dot1x statistics for por t 4. Tx EAP Req/Id The number of EA P Req/Id frames tha t have been t[...]
-
Page 176
U SER A UTH ENTIC ATION 6-28 Filteri ng IP Addresses for Manageme nt Access Y ou can create a list of up to 16 IP addres ses or IP addr ess g roups that are allowed management access to t he switch through the web interface, SNMP , or T elnet. Command Usage • The management in terfaces are open t o all IP ad dresses by default. Onc e you add an e[...]
-
Page 177
F ILTERING IP A DDR ES SES FOR M ANAG EMENT A CCES S 6-29 We b – Clic k Security , IP Filter . Enter the IP addresses or rang e of addresses t hat are allo wed mana gement access to an int erface, an d clic k Add IP Fil tering Entr y . Figure 6-10 IP Filter CLI – T his examp le rest ricts mana gem ent acce ss for T e lnet client s. Console(conf[...]
-
Page 178
U SER A UTH ENTIC ATION 6-30[...]
-
Page 179
7-1 C HAPTER 7 C LIEN T S ECURITY This sw itch suppor ts many method s of seg regatin g traffic for clients attached to each of the d ata por ts, and for ensur ing that only autho rized clie nts gain a ccess to the netw ork. Pri vate VL ANs and port-bas ed authentication using IEEE 802.1X are commonly used for these p urposes . In additio n to thes[...]
-
Page 180
C LIENT S ECURITY 7-2 This sw itch provides client security usi ng the following optio ns: • Private VLANs – Provi de port -based s ecurity and iso lation betw een ports w ithin th e assigne d VLAN. (S ee “Configu ring Pr ivate VLAN s” on page 13-18.) • 802.1X – Use IEEE 802.1X por t authen tication to control acce ss to specific ports.[...]
-
Page 181
C ONFIGURING P ORT S ECUR ITY 7-3 T o use port se curity , specify a max imum num ber of addresse s to al low o n the po rt and then let the s witc h dynam icall y learn the < source M A C addr ess, VLAN> pair for fram es rece ived on the po rt. N ote tha t you can also man ually add secure ad dresses to the po r t using the Stat ic Address T[...]
-
Page 182
C LIENT S ECURITY 7-4 • Max MA C Coun t – The maximum number of MAC addresses th at can be learned on a port. (Range: 0 - 1024, where 0 means disabled) • Trunk – Trunk number if port is a member (page 9-9 and 9-11). We b – Click Se curity , Port Se curity . Se t the actio n to take when an invalid addr ess is de tected on a por t, ma rk t[...]
-
Page 183
C ONFIGURING IP S OUR CE G UARD 7-5 Configu ring IP So urce Guard IP Source Guard is a securit y feature that fil ters IP traffic o n unsecure network inter faces ba sed on s tatic en tries conf igured in the IP Source Guard tabl e, or dynamic e ntries in the DHC P Snooping table. Command Usage • Source guar d is used to filte r traffic on an uns[...]
-
Page 184
C LIENT S ECURITY 7-6 • If the IP so urce gu ard is e nabled, an i nbound packet’ s IP addre ss (sip option) or bo th its I P addr ess an d cor respond ing MAC addre ss (sip- mac opti on) will be chec ked agai nst the bi ndin g table. If no mat ching entry is found, the packet will be dropped. • Filter ing rules are implemented as follows: - [...]
-
Page 185
C ONFIGURING IP S OUR CE G UARD 7-7 IP Source Guard Filter • Port – Port for which to filter static entries. • Source IP – Filter s traffic b ased on IP addre sses store d in the b inding table. • Source IP and MAC – Filt ers traf fic based on IP ad dresses and cor respo nding M A C a ddresse s stored in the bind ing table. We b – Cli[...]
-
Page 186
C LIENT S ECURITY 7-8 CLI – T his example configures a static source-guard binding on por t 1. Configu ring DHCP Snoopi ng The addres ses a ssign ed to D HCP clien ts on unsecu re ports ca n be carefully controlled usi ng the dy namic bi ndings register ed with DHCP Snoopi ng (o r usin g the sta t ic binding s confi gured w ith IP Source Gu ard).[...]
-
Page 187
C ONFIGURING DHCP S NOOPING 7-9 • Wh en DHCP s noopi ng is enable d, DHCP messages enterin g an untrusted interface are filtered based upon d ynamic entries learned via DHCP snoo ping. • Filter ing rules are implemented as follows: - If the DHCP snoo ping is disab led glo bally, all DHCP packe ts are forwarde d. - If DHCP snoopi ng is enab led [...]
-
Page 188
C LIENT S ECURITY 7-10 • Additional considerations when the s witch itself is a DHCP client – The p ort(s ) through which the sw itch submits a client request to the DHCP server must be configured as trusted. No te that the switch w ill not add a dynamic entry for itself to the binding table when it receives an ACK messa ge from a DHCP ser ver.[...]
-
Page 189
C ONFIGURING DHCP S NOOPING 7-11 • DHCP Snooping Service Provider Mode – Once an IP add ress is assi gned to the hos t by a D HCP server , the sw itc h sets thi s entry to st atic mode in the MAC address ta ble, and re gisters the host as a valid en try in the D HCP snoo ping tabl e. (Def ault: Disab led) - This function app lies to all VDSL po[...]
-
Page 190
C LIENT S ECURITY 7-12 We b – Click DHCP Snooping, DHCP Sno oping Configuration. Enable DHCP snooping st atus globally , enable it for the required VLANs, select whethe r or not to verify the clie nt’ s MAC addre ss , conf igure thos e por ts that will receive messages only from wi thin the local network as tr usted, and then click Apply . Figu[...]
-
Page 191
D IS PLAYING DHCP S NOOPING I NFOR MATION 7-13 Displaying DHCP Sn oopi ng Informa tion The con figuration settings and binding table entries can b e displayed on the DHC P Snoopin g Infor mat ion pag e. Command Att ribut es DHCP Snoop ing Conf igura tion Se tting s • DHCP Snooping Status – DHC P snoopi ng globa l configur ation status . • DHC[...]
-
Page 192
C LIENT S ECURITY 7-14 We b – Click DHCP Snoo ping, DH CP Snoopin g Information. Figure 7-4 DHCP Snooping Information[...]
-
Page 193
C ONFIGURING P ACKET F ILTE RING 7-15 CLI – T hese e xamples show the DHCP snooping config uration se ttings and bi nding table entr ies . Configu ring Packet Filteri ng P acket filteri ng prov ides security b arriers be tween the cus tomer and the ser v ice pr ovider, as well as between d iffere nt cust omers a ttached to the same local switch, [...]
-
Page 194
C LIENT S ECURITY 7-16 • Blocking NetB IOS traffic commonly used for resource sharing in a peer-to -peer en vironmen t to en sure tha t no priv ileged client dat a is passe d to othe r data po rts. Command Att ribut es • DHCP Request – Blocks DHC P re ques t packet s . (Def ault: Di sabled ) - In cases where the IP addres s for a client attac[...]
-
Page 195
C ONFIGURING P ACKET F ILTE RING 7-17 • NetBIOS – Block s NetB IOS packet s . (D efau lt: Disa bled) - NetBIOS is commonly used in loca l area networks to facilitate sharing resourc es such as printe rs or file s between com puters . Howe ver, when p roviding networ k services over the Intern et to d ifferent customers, all information abo ut l[...]
-
Page 196
C LIENT S ECURITY 7-18 We b – Click Security , Pac ket Filter , Base Filter Configuration. Sele ct the type of ser vic e packets to filter , and click Apply . Figure 7-5 Packet Filtering – Base Filter CLI – This exampl e bloc ks DHCP ser vice r equests, DHCP reply pac kets , and a ll NetB IOS pa ck ets on port 1. Filtering IP/MA C Address Pai[...]
-
Page 197
C ONFIGURING P ACKET F ILTE RING 7-19 • Thi s switch provid es a total of 7 masks for filtering functions, including IP-MAC address packet filte ring, NetBIOS packet filtering, DH CP packet fil tering, a nd ACLs. On e mask is allocate d to IP-MAC p acket filtering if any entries are defined. Th is mask will be release d for use by other filt erin[...]
-
Page 198
C LIENT S ECURITY 7-20[...]
-
Page 199
8-1 C HAPTER 8 A CCESS C ONTROL L ISTS Access Contro l Lists ( A CL) provi de pac ket filterin g for I P frames (based on addres s , protocol , Layer 4 prot ocol po rt numb er or TCP control cod e), or any fr ames (b ased on MA C address or E t hernet type) . To filter incomin g packe ts, first create an access l ist, ad d the req uired rules , sp [...]
-
Page 200
A CCESS C ONTR OL L ISTS 8-2 The following filtering modes are supp orted: • Standar d IP ACL m ode (S TD-ACL) filte rs pac kets bas ed on th e source IP addr ess. • Extended I P ACL m ode (EXT-A CL) filters packets based on sou rce or desti natio n IP addr ess, as well as prot ocol t ype and p roto col po rt number . If the T CP proto col is s[...]
-
Page 201
C ONFIGURING A CCES S C ONTROL L ISTS 8-3 • Eg ress MA C ACLs only wor k for dest ination -mac-k nown pack ets, no t for multica st, broadcas t, or destin ation-mac- unknown pa ckets. The order in wh ich acti ve A CLs are check ed is as follows: 1. User -defined rules in the E gress M AC ACL for eg ress ports . 2. User-d efined r ules in the E gr[...]
-
Page 202
A CCESS C ONTR OL L ISTS 8-4 We b – Clic k Security , A CL, Configuration. Ent er an A CL name in the Name field , select th e list type (I P Standa rd, IP Extend ed, or MAC), and click Add to open the config uration page for the new list. Figure 8-1 Selecting ACL Type CLI – This example creates a standard IP A CL named bill. Configuring a Stan[...]
-
Page 203
C ONFIGURING A CCES S C ONTROL L ISTS 8-5 We b – Specify t he acti on (i. e., P er mit or Deny ). Sele ct the address t ype (Any , Host, or I P). If y ou select “ Host, ” enter a s pecific a ddress . If y ou select “IP ,” enter a subn et addre ss and th e mask fo r an add ress ran ge. T hen click Add. Figure 8-2 ACL Configuration - Standa[...]
-
Page 204
A CCESS C ONTR OL L ISTS 8-6 • Source/Destination Subnet Mask – Sub net mask fo r source or desti natio n addr ess. (S ee the d escript ion f or SubM ask on page 8-4.) • Service Type – Packet priority se ttings based on the following c riteria: - Precedence – IP precede nce level. (Range: 0-7) - TOS – Type of S ervice level. (Rang e: 0-[...]
-
Page 205
C ONFIGURING A CCES S C ONTROL L ISTS 8-7 We b – Specify the action (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti nation addresses . Select t he addres s type ( Any , Host, or I P). If y ou selec t “Host, ” enter a spec ific ad dress . If you select “IP , ” enter a subn et address an d the mask for an address r ange. Set any[...]
-
Page 206
A CCESS C ONTR OL L ISTS 8-8 3. Pe r mit all TCP packets from class C addre sses 192.168.1.0 w ith the TCP contro l code s et to “SYN .” Configuring a M AC ACL Command Att ribut es • Action – An ACL ca n cont ain any combi natio n of permit or d eny ru les. • Source/Destination A ddress T ype – Use “Any” t o include all po ssible ad[...]
-
Page 207
C ONFIGURING A CCES S C ONTROL L ISTS 8-9 Command Usage Egress MA C ACL s only w ork for destina t ion- mac-kn own pa ck ets, not for multicast, br oadcast, or destina tion-mac- unknown packets. We b – Specify the action (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti natio n addres ses . Select the add ress typ e (Any , Host , or MA [...]
-
Page 208
A CCESS C ONTR OL L ISTS 8-10 Configuri ng ACL Masks Y ou must spec ify masks that control the orde r in which A CL r ules are chec ked. A CL r ule s matc hing t he first entr y in the mask are c heck ed first. R ules ma tch ing sub sequent e ntries i n the ma sk are t hen ch ec ked in the specified o rder . The switc h includes tw o system default[...]
-
Page 209
C ONFIGURING A CCES S C ONTROL L ISTS 8-11 We b – Clic k Security , A CL, Mask Configuration. Click Edit for one of the bas ic mask types to op en th e conf igurati on page. Figure 8-5 Selecting ACL Mask Types CLI – This exam ple crea tes a n IP ing ress mask, and th en adds two r ules. Each rul e is c hecked in order of precedenc e to lo ok fo[...]
-
Page 210
A CCESS C ONTR OL L ISTS 8-12 • Source/Destination Subnet Mask – Source or de stina tion addr ess of rule must match this bi tmask. (See the d escriptio n for Su bMask on page 8-4.) • Protocol Mask – Ch eck the pr otocol fiel d. • Service Type Mask – Check the rule for the specified priority type. (Optio ns: Prece dence, TO S, DSCP; D e[...]
-
Page 211
C ONFIGURING A CCES S C ONTROL L ISTS 8-13 We b – Configure the mask t o match the required r ules in the I P ing ress o r egress A CLs . Set th e mask t o chec k for any source or dest ination address , a specif ic host add ress, or an address ran ge. Incl ude oth er crit eria to se arch for in th e r ul es , suc h as a protocol ty pe or on e of[...]
-
Page 212
A CCESS C ONTR OL L ISTS 8-14 CLI – This sho ws th at the e n tri es in th e mask ov er ride th e prece dence in which th e r ules ar e ente red int o the A CL. I n the fo llowing exa mple, pac ke ts with the so urce add ress 10. 1.1.1 are dropp ed bec ause the “deny 10.1.1.1 255.255.255.255” r ule has the higher precedence accordin g to the [...]
-
Page 213
C ONFIGURING A CCES S C ONTROL L ISTS 8-15 We b – Conf igure the mask to match the required r ules in the MAC ingr ess or egress A CLs . Set the mask to chec k for a ny source or dest ination address , a host addre ss , or a n address ran ge. Use a bitmask to searc h for specific VL AN ID(s) or E thern et type(s). Or check for rules where a pack [...]
-
Page 214
A CCESS C ONTR OL L ISTS 8-16 CLI – T his examp le shows how to crea te an Ing res s MA C AC L and bind it to a po rt. You can then see that th e order of the rules have b een chang ed by the ma sk. Binding a Por t to an Access Contro l List After configuring th e Access Control Lists (A CL), you should bin d them to the por ts th at ne ed to fil[...]
-
Page 215
B IND ING A P ORT TO AN A CCESS C ONTR OL L IST 8-17 • When an AC L is bound to a n inte rface as an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The swit ch does not sup port t he expli cit “den y any any” rule fo r the egress IP ACL or the eg ress MAC ACLs . If these rules are in clu[...]
-
Page 216
A CCESS C ONTR OL L ISTS 8-18 CLI – This examples assign s an IP and M A C ing ress A CL to port 1, and an IP ing ress ACL to por t 2. Console(config)#interface ethernet 1/1 25-2 Console(config-if)#ip access-group tom in 24-14 Console(config-if)#mac access-group jerry in 24-25 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console[...]
-
Page 217
9-1 C HAPTER 9 P ORT C ONFIGURATI ON Displayi ng Co nnection Status Y ou can us e the P or t Info r mation or T r un k Infor m ation pag es to display the current c onne ction st atus , includin g lin k state , speed/dupl ex mode , flow co ntrol, and auto-negotiat ion. Field Attribut es (W eb) • Name – Inter face labe l . • Type – Indicates[...]
-
Page 218
P ORT C ONFIGURATION 9-2 We b – Click P ort, Port Infor mation or T r unk Infor matio n. Figure 9-1 Port - Port Information Field Attribut es (CLI) Basic infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE -T, SFP) • MAC address – The ph ysical layer addr ess for this po rt. (To ac cess th is item o n the we b, see [...]
-
Page 219
D ISPLA YIN G C ONNECTION S TATUS 9-3 “Confi guring Int erfac e Connec tions” on page 3-48 .) The follo wing capabilities are supported. - 10half - Supports 10 Mbps half -duplex op eration - 10full - Supports 1 0 Mbps full-du plex operat ion - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex opera tion[...]
-
Page 220
P ORT C ONFIGURATION 9-4 CLI – This example s how s the conn ection s tatus fo r P or t 5. Conf igurin g Interfa ce Conn ectio ns Y ou can use the Port Configuration o r T r u nk Configuration pag e to enable/disable an int erface , set auto -ne g oti atio n and the i nte rface capabilities to ad v ert ise, or man ually fix the speed and duplex m[...]
-
Page 221
C ONFIGURING I NTE RFA CE C ONNECTIONS 9-5 required operation modes mus t be specified in th e capabilities list fo r an interface. • Au to-nego tiation m ust be d isabled before you can configur e or for ce the inte rface to us e the Sp eed/Duple x Mode or Flow Control opti ons. Command Att ribut es • Name – Allows you to label an interface.[...]
-
Page 222
P ORT C ONFIGURATION 9-6 and IEEE 802.3x for full-duplex operat ion. (Avoid usin g flow control on a po rt conn ected to a hub un less it is actually required to solve a proble m. Otherw ise back pre ssure jammin g signals ma y degrad e overall perform ance for the segment att ached to the hub.) (Defaul t: Au tone gotia tion i s perm anentl y disab[...]
-
Page 223
C ONFIGURING I NTE RFA CE C ONNECTIONS 9-7 We b – Click P or t, P ort Config uration or T r unk Configuration. Modify the required interface settings, and c lick Apply . Figure 9-2 Port - Port Configur ation CLI – Sele ct the in terface, and t hen enter th e require d settings. Console(config)#interface ethernet 1/19 25-2 Console(config-if)#des[...]
-
Page 224
P ORT C ONFIGURATION 9-8 Creating Trun k Groups Y ou can create m ultiple links b etween d evices that w ork as one vi rtual, ag g regate link. A port trunk offers a dramatic in crease in b andwidth fo r network segments wher e bottlenecks exist , as well as providing a fault-tole rant lin k betw een tw o de vices . Y ou can cre ate up to 12 trunks[...]
-
Page 225
C RE AT IN G T RUN K G RO U P S 9-9 • The ports at both ends o f a trunk must be c onfigured in a n identical manner , inclu ding co mmunica tion mo de (i. e., sp eed, dup lex mod e and flow co ntrol), V LAN assi gnmen ts, and Co S settin gs. • Any of the Gi gabit ports on the front pane l can be tr unked t ogethe r, includi ng po rts of d iffe[...]
-
Page 226
P ORT C ONFIGURATION 9-10 We b – Click P or t, T r unk Membership . Enter a trunk ID of 1-12 in the T r unk fiel d, select any of the sw itch ports from the scro ll-do wn port list, and cl ick Add. After y ou hav e completed ad ding ports t o the me mber list , click Apply . Figure 9-3 Static Trunk Configuration[...]
-
Page 227
C RE AT IN G T RUN K G RO U P S 9-11 CLI – This example creates tr unk 1 with por ts 9 and 10. J us t connect these ports to tw o static trunk po r ts on anot her swit ch to form a tr unk. Enabling LACP on Selected Ports Command Usage • To avoid c reating a loop in the net work, be sure you enabl e LACP befor e conne cting the port s, and a lso[...]
-
Page 228
P ORT C ONFIGURATION 9-12 • A trunk formed wit h another switch using LACP will automatic ally be assign ed th e next avai lable t runk ID. • If more than eight po rts attache d to the sa me target sw itch have LAC P enabled, the addit ional ports will be placed in st andby mode, and will only be enabled if one of the active links fails. • Al[...]
-
Page 229
C RE AT IN G T RUN K G RO U P S 9-13 CLI – T he foll owing e xamp le ena bles LA CP fo r por ts 1 to 6. Just co nnect these ports to LA CP-enabled tr unk ports on an other s witch to form a tr unk. Configuring L ACP Parameters Dynamically Creating a Port Channel – P orts ass igned to a commo n por t channel must meet the foll owing criteria: ?[...]
-
Page 230
P ORT C ONFIGURATION 9-14 Note: If the po rt chann el admin key (la cp admin key, page 26-8) is not set (through the CL I) when a channe l group is formed (i.e ., it has a null value of 0), this key is s et to the same value as the port a dmin ke y used by the in terface s that j oined th e grou p (lacp adm in key, as desc ribed in this section and[...]
-
Page 231
C RE AT IN G T RUN K G RO U P S 9-15 We b – Click P or t, LA CP , Ag greg ation P o rt. Set the Sys tem Priority , Admin Key , and P or t Priority for the P ort Actor . Y ou can op tionally configure these se ttings for the Port Partner. (Be a ware that thes e settings only affect the adminis trative state of the par tner, and will not take effec[...]
-
Page 232
P ORT C ONFIGURATION 9-16 CLI – The followin g exampl e confi gures LA CP parameters for ports 1-10. P or ts 1-8 are used as active membe rs of t he LA G , ports 9 and 10 are set to backup mo de. Console(config)#interface ethernet 1/1 25-2 Console(config-if)#lacp actor system-prio rity 3 26-6 Console(config-if)#lacp actor admin-key 1 20 26-7 Cons[...]
-
Page 233
C RE AT IN G T RUN K G RO U P S 9-17 Displaying LACP Port Count ers Y ou can dis play stati stics for L A C P prot ocol mes sage s . We b – Click P ort, LACP , P or t Counters Infor matio n. Select a member port to dis pla y the co rresponding information. Figure 9-6 LACP - Port Counters Information Table 9-1 LACP Port Counters Parameter Descript[...]
-
Page 234
P ORT C ONFIGURATION 9-18 CLI – The follow ing examp le displ ays LACP co unters for po rt channel 1. Displaying LACP Setti ngs and Status for the Lo cal Side Y ou can dis play configuration settings and th e operational state for th e local side of an link ag greg ation. Console#show lacp 1 counters 26-10 Port channel: 1 ------------------------[...]
-
Page 235
C RE AT IN G T RUN K G RO U P S 9-19 LACPDUs Inter nal Number of seconds before inva lidating received LACPDU information. Adm in Sta te, Oper S tate Administrative or opera tional values of the actor’s state parameters: • Expired – The a ctor’s receive mach ine is in the expi red state; • Defaulted – The ac tor’s receive machine is u[...]
-
Page 236
P ORT C ONFIGURATION 9-20 We b – Click P ort, LACP , P o rt Inter nal Infor mation. Sele ct a port channel to disp lay th e correspondin g information. Figure 9-7 LACP - Po rt Internal Informatio n CLI – The follow ing examp le displ ays the LA CP confi guration setting s and op erational state for the l ocal s ide of port chan nel 1. Console#s[...]
-
Page 237
C RE AT IN G T RUN K G RO U P S 9-21 Displaying LACP Settings and Status for the Remote Side Y ou can dis play configuration settings and th e operational state for th e remote side of an link agg reg ation. Table 9-3 LACP Neighbor Configurati on Information Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the user. [...]
-
Page 238
P ORT C ONFIGURATION 9-22 We b – Click P ort, LACP , P o rt Neighbor s Infor mation. Selec t a port channel to display the cor respondin g infor mation. Figure 9-8 LACP - Po rt Neighbors Informatio n CLI – The follow ing examp le displ ays the LA CP confi guration setting s and op erational state for the r emote side of port chan nel 1. Console[...]
-
Page 239
S ETTING B RO A D CA ST S TORM T HR ESHOLDS 9-23 Setting Broad cast Storm Thresholds Broadc ast storms may o ccur when a device on your n etw ork is malfunctioning, o r if application prog rams are not well design ed or proper ly confi gured. I f ther e is to o mu ch broadcas t tra ffic on y our network, per for mance can be severel y deg raded or [...]
-
Page 240
P ORT C ONFIGURATION 9-24 We b – C l i ck Po r t, Po r t B r o a d c a s t C o n t r ol or T r unk Br oadcast Con trol. Check the Enab led bo x for any interfac e, set the t hresho ld, and cli ck Apply . Figure 9-9 Port B roadcast Control CLI – Sp ecify a ny inter face, and then en ter the th reshol d. T he followi ng disab les br oadcast stor [...]
-
Page 241
C ONFIGURING P ORT M IR R ORING 9-25 Configu ring Po rt Mirrori ng Y ou can mirror tra ffic from an y source por t to a ta rge t por t for re al-time analysis . Y ou can then attach a logic analyzer o r RMON pr obe to the target port and stud y the traffic crossing the source po rt in a complet ely unobtrusiv e manner . Command Usage • Monitor po[...]
-
Page 242
P ORT C ONFIGURATION 9-26 We b – Click P ort, Mir ror Po r t Configuration. Specify the source por t, the traffi c type to be mirr ored, and th e monitor port , then click Ad d. Figure 9-10 Mirror Port C onfiguration CLI – U se th e int erfac e comm and to select the monito r por t, t hen us e the por t monitor command t o specify the s ource p[...]
-
Page 243
C ONFIGURING R ATE L IMITS 9-27 Note: You can also set an SNMP tra p if traffi c exceeds t he confi gured rate limit using the CLI (s ee the “rate-limit trap-input” command on page 28-3). Command Att r ibut e Rate Limit – Set s the i npu t or o utput rate limit for an Ethernet interface, or the inp ut rate limit for a V LAN port member, in in[...]
-
Page 244
P ORT C ONFIGURATION 9-28 CLI - This example sets the rat e limit for input and outp ut traffic passing through por t 1 to 64 Kbps. Configuring the Rate Limit for a VL AN Port Member We b - Clic k P o rt, Rat e Limit, Input VLAN Con figuration. Select the port, and the VL AN to which th e por t belongs. Set the input r ate limit for th e selected i[...]
-
Page 245
S HOWING P ORT S TATI STI CS 9-29 Showing Port Statistics Y ou can disp lay s tandard statist ics on n etw ork traffic from th e Inter faces Group and Ether net-like MIBs , as well as a detailed breakdown of traffic based o n the RMON MIB . Interfaces an d Ethernet-lik e stat istics dis play errors on th e traf fic pass ing thr ough eac h port. Thi[...]
-
Page 246
P ORT C ONFIGURATION 9-30 Received Unknown Packets The number of packets rece ived via the interface which were discarde d because of an unknown or unsupported protocol. Received Errors The number of inbou nd packets tha t contained e rrors preventing them from being delivera ble to a higher-laye r protocol. Transmit Octets The total number of oct [...]
-
Page 247
S HOWING P ORT S TATI STI CS 9-31 FCS Errors A count of frames received on a particular interface that are an integra l number of octets in length but do not pass the FCS check. This count does not include frames receive d with frame-too-long or frame-too-s hort error. Excessive Coll isions A count of frames for which transmission on a particular i[...]
-
Page 248
P ORT C ONFIGURATION 9-32 RMON St atistics Drop Events The total number of events in which packets were dropped due to lack of resources. Jabbers The total num ber of frames received that were long er than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error. Received Bytes Total number of bytes o[...]
-
Page 249
S HOWING P ORT S TATI STI CS 9-33 64 Bytes Frames The total number of frame s (including ba d packets) received and trans mitted that were 64 octets in length (excluding framing bi ts bu t including FCS octets). 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames The total numb[...]
-
Page 250
P ORT C ONFIGURATION 9-34 We b – Click P or t, P ort Statis tics . Select the required interface, and click Quer y . Y ou ca n also u se the Refres h button at the b ottom of the pag e to update th e screen. Fig ure 9 -1 3 Por t Stati stics[...]
-
Page 251
S HOWING P ORT S TATI STI CS 9-35 CLI – This example show s statistics for port 12. Console#show interfaces counters ethernet 1/12 25-14 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, Q[...]
-
Page 252
P ORT C ONFIGURATION 9-36[...]
-
Page 253
10-1 C HAPTER 10 VDSL C ONFIGURATI ON VDSL com muni catio n para meters can be set f or indi vid ual ports , or multiple parameters can be defined in a profile and applied glob ally to the switc h or to a group of ports . Alar m thr eshold s can b e defi ned in a profi le and then applied globally t o the sw itch or to s elected por ts . T he switc[...]
-
Page 254
VDSL C ONFIGURATION 10-2 - Power Value – A power level for each of th e PSD bre akpoint s . (Range: An in teger from 0 t o 255, which is used to calculate a power level in terms of -140 + ( pow er-valu e ) * 0.5 dBm/Hz; Default: 255, which is equivalent to -12.5 dBm/Hz) Break points , whic h are de fine d by a si gnal frequenc y and correspon din[...]
-
Page 255
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR TS 10-3 the optimal t ransmission rate for the c urre nt condition s , se tting the rate with in th e boun ds de fined by the Da ta Rate . When rate adaptation is enabled and the signal q uality deterior ates on any line or the link is re- established after being dro pped, that por t will automat ically [...]
-
Page 256
VDSL C ONFIGURATION 10-4 Upstre am po wer b ack-off ( UPBO) is us ed to m itigate far -end crosstal k caused by upstrea m transmiss ions fr om shor ter to long er lo ops . The boundin g po wer l ev els sp ecified in this table a re used t o reshap e the PSD , en suring that the sign als on sh ort to long loop s are com patible. The transc ei ver wi[...]
-
Page 257
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR TS 10-5 We b – Click VDSL, Global Configuratio n. Configure the required items , and click Ap ply . ( Note tha t the para me ters in the followin g screen are all set to thei r default values.)[...]
-
Page 258
VDSL C ONFIGURATION 10-6 Figure 10-1 VDSL Gl obal Configuration CLI – T his example displays sample settings for so me of the VDSL global config uration co mmands . Console(config)#lre psd-breakpoint 5 29-12 Console(config)#lre psd-frequencies 1 3750 29-13 Console(config)#lre psd-value 1 240 29-15 Console(config)#lre psd-mask-level 5 29-16 Consol[...]
-
Page 259
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-7 Configu ring Interface Se ttings for V DSL Ports This se ction describes how to configure communication paramet ers for VDSL ports s uch as speci fying d ata ba nd usage plan s , setting n otch es with in the fre quency ban ds to a void in terfere n ce wi th ham r adio signal s , setting a m[...]
-
Page 260
VDSL C ONFIGURATION 10-8 Configur ation Table s • Channel Mode – Sets th e channel mod e to fast or interleaved . (Default: In terleav ed) Inter leaving pr otect s data ag ains t burst s of er ror s by using the R eed-Sol omon error co r recti on al g orit hm to spread the errors ov er a num ber of co de w ords . A greater degree of in terlea v[...]
-
Page 261
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-9 • Region Ham Band – Sets th e ham rad io band that w ill be block ed to VDSL sig nals base d on defin ed usage ty pes. (Opti ons: See Table 2 9-5, “HAM Band Not ches f or Usage Types, ” on page 2 9-10. Defaul t: non e) Using a HAM ban d mask p rev ents i nterferen ce wit h other syst[...]
-
Page 262
VDSL C ONFIGURATION 10-10 • PSD Break points – See “Configuring Global Se ttings for VDSL Ports” o n page 10-1. • PSD Ma sk Level – See “Configuring Global Se ttings for VDSL Ports” o n page 10-1. • UPBO – See “Configuring Global Se ttings for VDSL Ports” o n page 10-1. • Tone – Disabl es downst ream or upstrea m VDSL si[...]
-
Page 263
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-11 This m inimum margin ind icates the amoun t of increase in impulse noi se that the syst em can tolerate under operational c onditions while stil l ensuring require d transmissio n quality . This paramet er is used to set the time span of impulse no ise protectio n, as see n at the i nput t [...]
-
Page 264
VDSL C ONFIGURATION 10-12 We b – Click VDSL, VDSL P ort Con figuration. Select one of the VDSL ports from the scroll-down list, set th e required parameters , and click Apply . ( Note t hat the par ameters in th e following sc reen are al l set to their defau lt values .)[...]
-
Page 265
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-13[...]
-
Page 266
VDSL C ONFIGURATION 10-14[...]
-
Page 267
C ONFIGURING I NTE RFA CE S ETTINGS FOR VDSL P OR TS 10-15 Figure 10-2 VDSL Port Configuration[...]
-
Page 268
VDSL C ONFIGURATION 10-16 CLI – This exa mple d ispla ys sample setti ngs for some of the V DSL p ort config uration co mmands . Conf igurin g Line Prof ile s This se ction describe s how to configure a list o f communication parame ters su c h as da ta rate s and acce ptab le noise margins which can be applie d to all VDSL ports or to a sele cte[...]
-
Page 269
C ONFIGURING L INE P RO F I LE S 10-17 We b – Click VDSL, Line Profile Configuration . Select a line profile from the dr op-down li st above the Line P rofile table of connec tion para meters, configure the required it ems in this table, and then click the Appl y button beneat h the tab le to store the profil e setti ngs . Now sel ect the require[...]
-
Page 270
VDSL C ONFIGURATION 10-18[...]
-
Page 271
C ONFIGURING L INE P RO F I LE S 10-19[...]
-
Page 272
VDSL C ONFIGURATION 10-20 Figure 10-3 Line Profile Configuration CLI – T his example displays sample settings for a line profile. Console(config)#line-profile southport 29-36 Console(config-line-profile)#channel interleave 29-45 Console(config-line-profile)#ham-band 11 29-40 Console(config-line-profile)#region-ham-band 34 29-41 Console(config-lin[...]
-
Page 273
D ISPLA YIN G VDSL S TATUS I NFOR MATION 10-21 Displaying VDSL Status Information This se ction describes th e infor mation disp layed for VDSL configuration settings , signal status , and communicat ion statistics . Field Attribut es LRE Status – Communication status of the VDSL line Table 10-1 LRE Sta tus Parameter Description Port Status The c[...]
-
Page 274
VDSL C ONFIGURATION 10-22 LRE Rate Information – Data Rates for the VD SL line Avg SNR Margin Average signal -to-noise margin ab ove the SNR. Avg SNR Avera ge si gnal- to-no ise ratio. Table 10-2 R ate Sta tus Parameter Description Port Stat us Indicates if the po rt is administratively enabled or disa bled. Line Rate The downstream an d upsteam [...]
-
Page 275
D ISPLA YIN G VDSL S TATUS I NFOR MATION 10-23 We b – Click VDSL, VDSL Statu s Infor mation. Selec t a VDSL port from the dr op-down list, an d click Qu er y . Figur e 10-4 VDSL St atus In formati on[...]
-
Page 276
VDSL C ONFIGURATION 10-24 CLI – This exampl e displ ays connecti on st atus and data ra tes for t he sele cted VD SL por t . Console#show lre 1/1 29-79 port 1 status : port enable(provisioned) port 1 status : port activating Downstream Training Margin: 8.0 d B Upstream Training Margin: 9.1 d B Downstream Line Protection (Slow Path): 0.0 D MT Symb[...]
-
Page 277
D IS PLAYING VDSL P ERFORMANCE S TATI STI CS 10-25 Displaying VDSL Pe rformance Sta tistics This se ction describes th e perfor mance infor matio n displayed for VDSL lines, including common er ror conditions over predefine d inter vals . Field Attribut es E rror St at is t i c s Ether net Receive Performance Counters Table 10-3 Error St atistics P[...]
-
Page 278
VDSL C ONFIGURATION 10-26 Ether net Transmit Perfor mance Counter s Alignment Errors Number of alignment errors (missynchronized data packets) . Oversize Number of frames received that were longer than 1518 octets (excluding framin g bits, but including FCS octets) and were otherwise well formed. Undersize Number of frames received tha t were less [...]
-
Page 279
D IS PLAYING VDSL P ERFORMANCE S TATI STI CS 10-27 High-Le vel Data-Link Contr ol (H .D .L.C.) Performanc e Counters Table 10-6 H.D.L.C. Performance Counters Parameter Description CRC Errors Number of CRC errors (FCS or alignment errors). Invalid Frames Number of frames not prope rly bounded by fla gs, not containing an int egral number of oc tets [...]
-
Page 280
VDSL C ONFIGURATION 10-28 We b – Click VDSL, VDSL P erfor mance Stat istics . Select a VDSL po rt from the drop-down list, and click Quer y . Figure 10-5 VDSL Performance Statistics[...]
-
Page 281
D IS PLAYING VDSL P ERFORMANCE S TATI STI CS 10-29 CLI – This example d ispl ays p erformance infor mati on for the select ed VDSL por t. Console#show lre perf 1/1 29-82 port 1 performance counters since last reset : Loss of frame : 0 Loss of signal : 0 Loss of power : 0 Errored seconds : 17 Severely error seconds: 0 Unavaliable seconds : 0 port [...]
-
Page 282
VDSL C ONFIGURATION 10-30 Conf igurin g an Alar m Profile This s ection desc ribes how to con figur e a lis t of threshold v alues for er ror state s whic h can be appl ied to a s elected group of ports . Command Att ribut es • Alarm Profile – Name of the profile. (Range: 1-31 alphanumeric cha rac te rs) The default profile inc ludes the defaul[...]
-
Page 283
C ONFIGURING AN A LAR M P RO F I LE 10-31 This parameter sets the threshold fo r the n umber of sev erely errored second s wi thin any 15 minut e coll ectio n in terval for perfor mance data. If the number o f sev erely er rore d second s in a particul ar 15-minu te collect ion in terval reac hes or ex ceeds t his v alue, a vdslP erfSESsT hreshNoti[...]
-
Page 284
VDSL C ONFIGURATION 10-32 inte r val r eaches or ex ceeds th is v alue , a v dslP erfLossThres hNotificat ion notification will be generated. (Refer to RFC 3728 fo r infor mation on this notifica tion messag e .) No more than on e notification will be sent per inte r val. • thresh-15min- uass – Threshold for Unav ailable Seconds (U ASs) that ca[...]
-
Page 285
C ONFIGURING AN A LAR M P RO F I LE 10-33 • init -fai lure – T hreshold for initialization failures that can occur wi thin any giv en 15 minutes . (Rang e: 0-900 seconds , where 0 disabl es the threshold; D efault: 1) Th ere are ma ny fact ors which c an cause an i nitialization failure, including loss OfFraming, lossOfSignal, lo ssOfP ower , l[...]
-
Page 286
VDSL C ONFIGURATION 10-34 We b – Click VDSL, Alar m Profile Config uration. Select a profile from the drop-do wn list abo ve the A lar m Pro file tab le of t hresh olds , config ure the require d items in this table , and then cli ck the Appl y butto n beneat h the table to sto re the pr ofile settings. Now select the r equired al ar m profile fr[...]
-
Page 287
C ONFIGURING AN A LAR M P RO F I LE 10-35 Figure 10-6 Alarm Profile Configura tion CLI – T his example displays sample settings for an alarm pro file. Console(config)#alarm-profile southport 2 9-52 Console(config-alarm-profile)#thresh-15min-ess 25 29-54 Console(config-alarm-profile)#thresh-15min-sess 15 29-59 Console(config-alarm-profile)#thresh-[...]
-
Page 288
VDSL C ONFIGURATION 10-36 Displaying CP E Info rmation This se ction describes th e infor mation displayed for an attached CPE, including fir mware module vers ions , and per for mance counter s . Field Attribut es CPE Firmware Versio ns CO Firmware Buffer Info rmation Table 10-7 CPE Firmware Versions Parameter Description Protocol Manufactu rer ID[...]
-
Page 289
D ISPLA YIN G CPE I NFOR MATION 10-37 CPE Performance Counters Table 10-9 CPE Performance Co unters Parameter Description cpe perf ermance counters FeFEC_F Fa r end Forward Error Correction on fast path FeCRC_F Far end CRC e rrors on f ast path FeFEC_S Far end Forward Error Correction on slow path FeCRC_S Far end CRC errors on slow path FeFLOS Far [...]
-
Page 290
VDSL C ONFIGURATION 10-38 We b – Click VDSL, CPE Infor matio n. Select a VDSL port from th e drop-down list, and click Quer y .[...]
-
Page 291
D ISPLA YIN G CPE I NFOR MATION 10-39 Figure 10-7 CPE Information[...]
-
Page 292
VDSL C ONFIGURATION 10-40 CLI – T his example displays infor mation about the CPE att ached to the sele cted VD SL por t . Console#show cpe-info 1/1 Protocol ID: Ikanos EOC Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff (HEX), -1 (DECIMAL) Host Application Version: 7.2.5r7IK104012 BME Firmware Versi[...]
-
Page 293
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW ARE 10-41 Conf iguring O AM Function s and Upgradin g CPE Firmware Th is section d escribes op eration a nd mainte nance (O A M) funct ions for remote cu stomer premi ses equi pment ( CPE), su ch as clearing counters , enabling loop bac k testing, and upg rading fir mware. Command Usage Upgrad[...]
-
Page 294
VDSL C ONFIGURATION 10-42 CPE, and v erifyi ng th at the sig nal is re turned f rom the CP E with out any errors . Upgrading CPE Firmware • Upgrade Firmware – Transfers firmwar e from reserved buffer s pace in the switc h to a remo te CPE. • Firmware A ctive – Activates t he alter nate ( inactive) BME fir mware version on th e CPE. (BM E in[...]
-
Page 295
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW ARE 10-43 We b – Click VDSL, VDSL O AM. Select a VDSL port from the drop-down lis t, and per for m any of th e local or re mote O AM functions liste d under the Act ion fie ld . Befor e upgr ading fir mw are on an atta ched CPE, fir st download it to the re ser ved buffer spa ce on the switc[...]
-
Page 296
VDSL C ONFIGURATION 10-44 CLI – T his exam ple shows how t o perfor m c ommon O AM func tions, and how t o download f i rm w are to a CPE. Console(config)#interface ethernet 1/1 25-13 Console(config-if)#oam local clear counter 29-86 port 1 : success to clear perfermance counters ! Console(config-if)#exit Console#copy tftp firmware 29-87 TFTP serv[...]
-
Page 297
11-1 C HAPTER 11 A DDRESS T ABLE S ETTINGS Switches sto re the addresse s for all known devices. This infor mation is used to pass traffi c direct ly bet wee n the inb ound and outb ound ports . All the add resses learned by monito ring tra ffic ar e stored i n the dy namic address t able . Y ou can also ma nual ly configure static addr esses that [...]
-
Page 298
A DDR ES S T ABL E S ETTINGS 11-2 We b – Click Address T able, Static Addresses. Specify the interface, the MA C address and V LAN , then click Ad d Static Addr ess . Figure 11-1 Static Addr esses CLI – This example adds an address to t he static addre ss table , but set s it to be deleted w hen the switch is reset. Display ing the A ddress Tab[...]
-
Page 299
D ISPLA YIN G THE A DDRESS T ABLE 11-3 Command Att ribut es • Interface – Indic ates a port o r trunk. • MAC Address – Physical add ress associat ed with this inte rface. • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort the inf o rmation displa yed based on MAC a ddress, VLAN or interf ace (p ort or t[...]
-
Page 300
A DDR ES S T ABL E S ETTINGS 11-4 CLI – This example a lso display s the ad dress ta ble entri es for p ort 1. Changing the Aging Time Y ou can set the a ging time fo r entries i n the dynamic address ta ble. Command Att ribut es • Aging Status – Enable s/disable s the aging f unction . • Aging Time – The time af ter which a lea rned en t[...]
-
Page 301
12-1 C HAPTER 12 S PANNING T REE A LGORI THM Th e Span ning T r ee Alg o rithm (STA) ca n be used to detec t and d isable network loops, and to provide backup links be tween switche s , bridg es or routers . Th is allows the s witch to int eract with other bridging devices (that is , an ST A-comp liant switc h, bridge or router) in your net w ork t[...]
-
Page 302
S PANNING T RE E A LGORITHM 12-2 Once a stab le network topolog y ha s been es tablished, all brid ges list en for Hello BPDUs (Brid ge Protocol Data Unit s) transmitted from the Root Bridge. If a bridge does not g et a Hello BPDU after a predefined inter v al (Maximum Age) , the bridge ass umes that the link to th e R o ot Bridge is down. This b r[...]
-
Page 303
12-3 mainta i n co nnecti vity am ong eac h of the assig ned VLA N groups . MSTP then bu ilds a Inte rnal S pannin g T re e (IST) fo r the Region conta ining all common ly configure d MSTP bridges . An MST Region co nsists of a g roup of inte rconne cted brid ges that have the sam e MST Config uratio n Identif iers (includ ing the Region Na me, Re [...]
-
Page 304
S PANNING T RE E A LGORITHM 12-4 MSTP con nects al l bri dges and LAN segmen ts wit h a sing le Commo n and Internal Spanni ng T ree (CIST). The CI ST is formed as a result of the r unning spanning tr ee alg orith m between switches th at suppor t the S TP , RSTP , MSTP protoc ols . Display ing Global Sett ings Y ou can di spla y a su mmary of the [...]
-
Page 305
D ISPLA YIN G G LOBAL S ETTINGS 12-5 make it return to a discardin g state; o therwise, tempor ary data loops might result. • Designated Root – The priorit y an d MAC addre ss of the devic e in th e Spannin g Tree tha t thi s switch ha s accepted as th e root de vice. - Root Port – The numb er of the po rt on thi s switch that is cl osest t o[...]
-
Page 306
S PANNING T RE E A LGORITHM 12-6 configurat ion messages at regular intervals . If the ro ot port ages out STA information (provided in the last conf igurat ion mes sage), a new ro ot port is sel ected fro m among th e device p orts att ached to the net work. (Refer ences to “ports” i n this sec tion mean s “int erfaces ,” which includ es b[...]
-
Page 307
D ISPLA YIN G G LOBAL S ETTINGS 12-7 CLI – This command displays globa l ST A settings , follo wed b y settings for each port . Note: The current root po rt and cu rrent ro ot cost displ ay as zero when this de vice is n ot conn ected to the ne twork. Console#show spanning-tree 31-25 Spanning-tree information -------------------------------------[...]
-
Page 308
S PANNING T RE E A LGORITHM 12-8 Conf igurin g Global Settings Global sett ings apply to the enti re switch. Command Usage • Spanni ng Tre e Protocol 13 Uses RSTP fo r the internal state mach ine, but se nds only 802.1D BPDUs. Thi s create s one spann ing tree instanc e for the enti re network. If mult iple VLA Ns are i mplement ed on a n etwork,[...]
-
Page 309
C ONFIGURING G LOBAL S ETTINGS 12-9 - Be ca reful when s witch ing be tween span ning tr ee mode s. Ch anging modes st ops all span ning-tree instance s for the prev ious mode and restarts th e system in the new mode, temporarily dis rupting u ser traffi c. Command Att ribut es Basi c Conf igurati on of Gl obal Se tting s • Spanning Tree State ?[...]
-
Page 310
S PANNING T RE E A LGORITHM 12-10 reconfi gure. All de vice ports ( except for designat ed ports) should receive configurat ion messages at regular intervals. Any port that ages out STA information (pro vided in the last conf igurat ion mess age) be comes t he design ated port for the at tached LAN. If it is a root port, a new root port is sel ecte[...]
-
Page 311
C ONFIGURING G LOBAL S ETTINGS 12-11 Config uration Se ttings for MST P • Max Instance Numbe rs – T he maxi mum numb er of MST P instan ces to whic h this s witch can b e assign ed. (Defaul t: 33) • Configuration Digest – An MD 5 signa ture key th at cont ains th e VLAN ID to MST ID ma pping table . In ot her word s, this key is a mapping o[...]
-
Page 312
S PANNING T RE E A LGORITHM 12-12 We b – Click Spanning T ree, STA, Configuration. Modify the required attributes , and click Apply . Figure 12-2 STA Global Configuration[...]
-
Page 313
D ISPLAY IN G I NTERFACE S ETTINGS 12-13 CLI – T his ex ample enable s Span ning T ree P rotocol , sets th e mode t o MST , and th en config ures th e ST A and MS TP paramet ers . Display ing Interfa ce Settings The ST A P ort Infor mation and ST A T r unk Infor mation pages displa y the cur rent s tatus of por ts an d tr unks in the Spannin g T [...]
-
Page 314
S PANNING T RE E A LGORITHM 12-14 - If two ports of a switch are conne cted to the same segm ent and there is no other ST A device a t tach ed to t his s egment, the po rt with the smaller I D forwards packe ts and the ot her is discar ding. - A ll port s are di scardin g when the s witch i s boot ed, th en som e of them chan ge sta te to lear ning[...]
-
Page 315
D ISPLAY IN G I NTERFACE S ETTINGS 12-15 • Trunk Member – Indicates if a port is a member of a t runk. (STA Port Information o nly) These additio nal parameter s are only displa yed for the CLI: • Admin status – Shows if this inte rface is enabled. • External path cost – Th e path cost for the IST. Th is parameter is used by th e STA to[...]
-
Page 316
S PANNING T RE E A LGORITHM 12-16 loop s. Wher e more t han one po rt is a ssigned the highest pr iority, the port with th e lowest nume ric id entifi er wil l be en abled. • Designated root – The priority and MAC ad dress o f the device in the Spannin g Tree tha t thi s switch ha s accepted as th e root de vice. • Fast forwarding – This fi[...]
-
Page 317
D ISPLAY IN G I NTERFACE S ETTINGS 12-17 CLI – This example s how s the ST A attributes for port 5. Console#show spanning-tree ethernet 1/5 3 1-25 Eth 1/ 5 information ----------------------------------------------------- --------- Admin Status: Enabled Role: Disabled State: Discarding External Admin Path Cost: 100000 Internal Admin Path Cost: 10[...]
-
Page 318
S PANNING T RE E A LGORITHM 12-18 Configurin g Interfa ce Settings Y ou can con figure RSTP a nd MSTP a t trib utes for specific interfa ces , including por t priority , path cost, link ty pe, and edge por t. Y o u may use a differe nt priority or path c ost for ports of th e same med ia type to indi cate the pref er red path, link ty pe to indi ca[...]
-
Page 319
C ONFIGURING I NTERFACE S ETTINGS 12-19 loop s. Wher e more t han one po rt is a ssigned the highest pr iority, the port with lowe st numeric identifier will be enabled. - Default: 128 - Range: 0-240, in steps of 16 • Admin Path Co st – This para meter i s used by the STA to dete rmine the best pa th betw een devi ces. Ther efore, lower valu es[...]
-
Page 320
S PANNING T RE E A LGORITHM 12-20 • Admin Link Type – The link type a ttached to th is interface . - Point-to -Point – A co nnecti on to exac tly one othe r bridge. - Shared – A conn ection to two or mo re bri dges. - Auto – The switch automatically determines if the int erface is attached to a point- to-point lin k or to shared media. (T[...]
-
Page 321
C ONFIGURING I NTERFACE S ETTINGS 12-21 We b – Click S panning T ree, STA, P ort C onfigura tion or T r unk Configuration. Modify the requir ed attri butes , th en clic k Apply . Figu re 12 -4 STA Port Con figu rati on CLI – T his example sets STA attributes for por t 7. Console(config)#interface ethernet 1/7 25-2 Console(config-if)#no spanning[...]
-
Page 322
S PANNING T RE E A LGORITHM 12-22 Configu ring Mul tiple Span ning Trees MSTP generat es a uni que spann ing tree for eac h instance . T his pro vides multiple pathways across the n etwork, thereby balanc ing the traf fic load, prev enting wide -scale di sruption when a bridge n ode in a singl e instan ce fails , and allowing for faster c onve rgen[...]
-
Page 323
C ONFIGURING M ULTIPLE S PANNING T REES 12-23 • VLANs in MST Instance – VLANs assig ned th is inst ance. • MST ID – Instance identifier to configure. (Range: 0-4094; Default: 0) • VLAN ID – VLA N to assign to this selected MST in stance. (Range: 1-4093) The other glo bal attribut es are d escribed u nder “Displa y ing Glob al Setting [...]
-
Page 324
S PANNING T RE E A LGORITHM 12-24 CLI – T his displays ST A s ettings for instance 1, followed by settings for eac h port. Console#show spanning-tree mst 1 31-25 Spanning-tree information ----------------------------------------------------- ---------- Spanning Tree Mode: MSTP Spanning Tree Enabled/Disabled: Enabled Instance: 1 VLANs Configuratio[...]
-
Page 325
D ISPLA YIN G I NTERFACE S ETTINGS FOR MSTP 12-25 CLI – This example s ets the p riorit y for MSTI 1, and adds VLANs 1-5 to this MSTI. Displayin g Inter face Settings for MSTP The MSTP Port Infor mation and MSTP T r unk In for mation pages display the current s tatus of ports and trunks in the sel ected M ST inst ance . Field Attribut es MST Inst[...]
-
Page 326
S PANNING T RE E A LGORITHM 12-26 CLI – T his displays ST A s ettings for instance 0, followed by settings for each por t. T he se ttings for inst ance 0 ar e glob al setti ngs that a pply t o the IST (p age 12-4), the s ettings for oth er insta nces onl y apply t o the lo cal spanning tr ee. Console#show spanning-tree mst 0 31-25 Spanning-tree i[...]
-
Page 327
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-27 Configurin g Inte rface Setti ngs for MST P Y ou can con figure the ST A interfa ce sett ings for an MST I nstance us ing the MSTP P ort Con figuration and MSTP T r unk Configuratio n pages . Field Attribut es The followin g attributes are read-on ly and cann ot be c hanged: • STA St ate – Displa[...]
-
Page 328
S PANNING T RE E A LGORITHM 12-28 • Admin MST Path Cost – This pa rameter is used by the MS TP to determ ine the best path between device s. Therefor e, lowe r values shoul d be ass igned to port s atta ched to faster media, and hig her va lues as signed to ports wi th slower media. (Path co st takes precedence over port priority.) (Range: 0 fo[...]
-
Page 329
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-29 We b – Click Spanning T r ee, MSTP , Port Configuration or T r unk Configuration. Enter the priority and pa th cost for an interface, and click Apply . Figure 12-7 MSTP Port Configuration CLI – This example sets the MSTP att ributes for port 4. Console(config)#interface ethernet 1/4 25-2 Console([...]
-
Page 330
S PANNING T RE E A LGORITHM 12-30[...]
-
Page 331
13-1 C HAPTER 13 VLAN C ONFIGURATI ON Selecti ng the VLA N Operati on Mode The system can b e confi gured to op erate in normal mode or one of the tunneli ng modes used for pass ing Lay er 2 traffic acro ss a service provide r’ s metropolitan area netw ork, including IEEE 802.1Q tunneling (QinQ) or sta tic VL AN tag sw appi ng (VLAN Swa p). Comma[...]
-
Page 332
VLAN C ONFIGURATION 13-2 We b – Click V LAN , System Mo de. Select the requi red mo de, c lick Ap ply . Figure 13-1 Selecting the System Mode CLI – This example sets the switc h to operate in QinQ mode . IEEE 80 2.1Q V LANs In la rge netw orks , routers a re used to isola t e bro adcast t raffic fo r eac h subnet into se parate domains . This s[...]
-
Page 333
IEEE 80 2.1Q VLAN S 13-3 VLANs p rov ide greater net wo rk effici ency b y reducin g broad cast tra ffic, and a llo w yo u to mak e netw ork changes witho ut ha ving to upda te IP addres ses or IP subn ets. VLANs inherently provide a high level of network securi ty since t raffic m ust pass t hrough a con figured Laye r 3 link to reac h a dif feren[...]
-
Page 334
VLAN C ONFIGURATION 13-4 VLAN Cla ssification – When the switc h receiv es a frame, it classif ies the frame in one of tw o wa ys . If th e frame i s untagg ed, t he swit ch as signs t he frame to a n associa ted VLA N (based on t he defaul t VLAN ID of the recei ving po rt). But if the frame is tagg ed, t he switc h uses the ta g ged VLAN ID to [...]
-
Page 335
IEEE 80 2.1Q VLAN S 13-5 forw ard the messa ge to all other ports . When the message arriv es at another switch that supp orts G VRP , it will als o place the receiving por t in the sp ecif ied VLANs , and pa ss the mess age on to all ot her p orts . VL AN require ments are pro pagated in t his wa y throughout the net w ork. This allows GVRP-compli[...]
-
Page 336
VLAN C ONFIGURATION 13-6 switch es , yo u should crea te a VLAN for that group and e nable tagg ing on all por ts . P or ts ca n be assi gned to m ultiple tagg ed or untagg ed VLANs . Eac h port on the s witch is theref ore capab le of pas sing tagg ed or u ntag ged frames . When forw arding a fra me from this sw itch along a path that co ntains an[...]
-
Page 337
IEEE 80 2.1Q VLAN S 13-7 CLI – T his example enables GVRP for the switch. Displaying Ba sic VLAN Info rmation The VLAN B asic I nfor mati on page di spla ys basi c info r mation on the VLAN typ e suppor te d by the switch. Field Attribut es • VLAN Vers ion Number 18 – Th e V L A N v e r s i o n u s e d b y t h i s s w i t c h a s specified in[...]
-
Page 338
VLAN C ONFIGURATION 13-8 CLI – Enter the following command. Displaying Current VLANs The VLAN Curren t T able sho ws the current port m embers o f eac h VLAN and whether or n ot the port supports VLA N tagging . P orts assi gned to a lar ge VLAN group tha t cross es sev eral swit ches should use VLAN tag ging. Ho wever , if you just want to creat[...]
-
Page 339
IEEE 80 2.1Q VLAN S 13-9 We b – Click VLAN , 802.1Q VLAN, Current T able. Select any I D from the scr oll-down list. Figure 13-4 VLA N Current Table Command Att ribut es (CLI) • VLAN – ID of co nfigured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLA N was a dded to the s witch. - Dynamic : Au tomaticall y learned via GV RP.[...]
-
Page 340
VLAN C ONFIGURATION 13-10 CLI – Cur rent VLAN infor mation can be displayed with th e following command. Creati ng VLANs Use th e VLAN Stat ic List to creat e or rem ov e VLAN g roup s . T o propagate information about VLAN groups used on this s witch to external netw ork devices , you m ust specify a VLAN ID for eac h of these gro ups . Command [...]
-
Page 341
IEEE 80 2.1Q VLAN S 13-11 • Remove – Removes a VLAN group from the curr ent list. If any port is assigned to th is group as un tagged, it will be reassigned t o VLAN group 1 as untagged. We b – Click VLAN , 802. 1Q VLAN , Static List. T o create a new VLAN , enter the VLAN ID and VL AN name, mark the Enable checkbox to activate the VLA N , an[...]
-
Page 342
VLAN C ONFIGURATION 13-12 Adding Stat ic Members t o VLANs (VLAN Index) Use the V LAN Stati c T able to con figure p ort members for t he select ed VLAN index. Assign por ts as tag ged if they are connected to 802.1Q VLAN com pliant devices , or unt ag ged they a re not c onnecte d to any VLAN-a ware devices . Or conf igure a po rt as forbidden to [...]
-
Page 343
IEEE 80 2.1Q VLAN S 13-13 - Forbidden : Interface is forbid den from automatically joining the VLAN via GVRP . For more informat ion, see “Automa tic VLAN Regist ration ” on page 13 -4. - None : Interface is not a member of t he VLAN. Pa ckets ass ociated with this VLA N will not be transmitted by the int erface. • Trunk Member – Indicates [...]
-
Page 344
VLAN C ONFIGURATION 13-14 Adding Stat ic Members t o VLANs (Port I ndex) Use the VLAN S tatic Membership b y P or t men u to assign VLAN g roups to the select ed int erfa ce as a tag g ed m ember. Command Att ribut es • Interface – Po rt or trunk iden tifier . • Member – VLANs for wh ich the s elected interface i s a ta gged memb er. • No[...]
-
Page 345
IEEE 80 2.1Q VLAN S 13-15 Configuring V LAN Behavior for Interfaces Y ou can config ure VLAN behavior for specific interfaces, including the default V LAN identi fier (PVI D), accepted fr ame types , ingress filteri ng, GVRP status , and GARP timers . Command Usage • GVRP – GARP VL AN Reg istration Pr otocol d efines a wa y for switch es to exc[...]
-
Page 346
VLAN C ONFIGURATION 13-16 - If ingress fil tering is disab led and a port r eceives fr ames ta gged for VLANs for which it is not a member, th ese frames will be flooded to all o ther po rts (except for t hose V L ANs explicitly forb idden on this port ). - If ingress filtering is enabled and a port receive s frames tagged for VLANs for which it is[...]
-
Page 347
IEEE 80 2.1Q VLAN S 13-17 belongin g to the port’s de fault VLAN (i .e., associ ated with the PVI D) are also transmitted as tagged frames . - Hybrid – Specifies a hy brid VLAN interface. The po rt may transmit tagged or untag ged frames . • Trunk Member – Indicates if a port is a member of a t runk. To add a trunk to the se lected VLAN, us[...]
-
Page 348
VLAN C ONFIGURATION 13-18 Conf iguring Pri vate VLA Ns Pri vat e VLANs p ro vide po rt-based securi ty and isolat ion be tween ports withi n the assi gned V LAN . Data t raffic on dow nlink po rts can only b e forw arded to , and from, uplink p orts. (Note t hat pri vat e VLANs and nor mal VLANs can exist simultane ously within the sam e switch.) E[...]
-
Page 349
C ONFIGURING P RI VATE VLAN S 13-19 Configuring Uplink and Downlink Ports Use the Pri v ate VLAN Link Status page to set ports as downlin k or uplink ports . P orts designa t ed as down link po rts can not commun icate w ith any other ports o n the swit ch ex cept for the u plink por ts. Uplink por ts can communic at e with any othe r ports on the [...]
-
Page 350
VLAN C ONFIGURATION 13-20 Configuri ng Protocol-Bas ed VLANs The ne tw ork devices r equired to support m ulti ple pr otoc ols can not be easily g rouped into a common VLAN . Th is may require non-standard devices to pass traffic betw een diff erent VL ANs in order to enco mpass all the devices par ticipating in a specific protocol. This kind of c [...]
-
Page 351
C ONFIGURING P RO T OC OL -B ASED VLAN S 13-21 Configuring P rotocol Groups Create a protoco l group for o ne or more pr otocol s . Command Att ribut es • Protocol G roup ID – Group identifier of this protocol group. (Range: 1 -21474 83647) • Frame Type 20 – Frame typ e used by this prot ocol. (O ptions: Et hernet, RFC_1042, LLC_other) • [...]
-
Page 352
VLAN C ONFIGURATION 13-22 Mapping Protocols to VLANs Map a protocol g roup to a VLAN for ea ch interface that will par ticipate in the g rou p . Command Usage • When creat ing a pr otocol -base d VLAN, onl y assi gn interf aces usi ng this confi guration screen. If you as sign in terfaces using an y of th e other VLAN men us such as the VLAN Stat[...]
-
Page 353
C ONFIGURING P RO T OC OL -B ASED VLAN S 13-23 We b – Click VLAN, Protocol VLAN , Port Configuration . Select a a port or trunk, ent er a prot ocol group I D , the correspondin g VLAN ID , and click Apply . Figure 13-12 Protocol VLAN Port C onfiguration CLI – T he fo llo wing maps the t raffic enteri ng P ort 1 whic h matc hes the protoc ol typ[...]
-
Page 354
VLAN C ONFIGURATION 13-24 Conf igur ing IEE E 802. 1Q Tunnel ing IEEE 802.1Q T unneling (QinQ) is designed for serv ice provider s car r ying traffic for multiple customers ac ross their networks . QinQ tunneling is used to maintai n cust omer -speci fic VLAN and Lay er 2 pro tocol configur ations e ven w hen diffe rent custom ers use the same i nt[...]
-
Page 355
C ONFIGURING IEE E 802. 1Q T UNNELING 13-25 be added to this SPVL AN . The up link port can be added to multiple SPVLANs t o carr y inboun d tra ffic for di fferent cus tomer s onto th e service prov ider’ s netw ork. When a do uble-ta g ged pac ket en ters an other t runk port in an intermediate or core s witch in the ser vice provider ’ s net[...]
-
Page 356
VLAN C ONFIGURATION 13-26 The ing ress p rocess does s ource and destination lo okups . If b oth lookups are succe ssful, the ingress process writes t he pa ck et to me mory . Then the egress proc ess tran smit s the p ack et. P ackets enterin g a Qi nQ tunn el port are pr ocessed in th e follo wing manner: 1. New SPVLAN tags ar e added to all inco[...]
-
Page 357
C ONFIGURING IEE E 802. 1Q T UNNELING 13-27 The ing ress process does source and dest ination lookups. If both lookups are succe ssful, the ingress process writes t he pa ck et to me mory . T hen the eg ress pr oces s trans mits the packet. Packets ente ring a QinQ u plink po rt are pr ocessed in th e follo wing manner: 1. If incomin g pac ket s ar[...]
-
Page 358
VLAN C ONFIGURATION 13-28 8. If the egress po r t is an untagged member of t he SPVLAN , the outer tag will be stripp ed. If it is a tag ged me mber, the outgo ing pack et will ha ve tw o tags . Configur ation Limitations for QinQ • The native VLAN of upli nk por ts should no t be used as the SP VLAN. If the SPVLAN is the uplink port's nati [...]
-
Page 359
C ONFIGURING IEE E 802. 1Q T UNNELING 13-29 4. Set the T ag Protocol Identifi er (TPI D) v alue of the tun nel po rt. This step is required is the attached client is using a nonstand ard 2-b yte ethertype to id entify 802.1Q tagg ed fram es . T he st andard et hertype value is 0x8100. (See “ Adding an Interface to a QinQ T unnel” on page 13-30.[...]
-
Page 360
VLAN C ONFIGURATION 13-30 Adding an Interf ace to a QinQ Tunnel F ollow t he gui delines in the preced ing sect ion to s et up a Qi nQ tun nel on the swi tch. Set th e ing ress po rt on the ser vice provider ’ s net work to dot1Q tunnel mode. Set the T ag Proto col Identifier (TPID) value of the t unnel port if th e attached client is using a non[...]
-
Page 361
C ONFIGURING IEE E 802. 1Q T UNNELING 13-31 necess ary to s uppor t real-t ime servi ces acros s the b ackbone n etwork, then yo u may have to enable prio rity bit mapp ing from the inner to o uter VLAN tag to ensure tim ely service. We b – Click VLAN , 802.1 Q T unneling . Set the mode for the tunnel por t to Dot1q-Tunnel, se t the TPID if the c[...]
-
Page 362
VLAN C ONFIGURATION 13-32 CLI – This exampl e confi gures t he switc h to copy th e prior ity bit s from the inner to ou ter VLA N tag, it th en s ets p ort 2 to t unnel mo de, a nd indicates that the TPID used fo r 802.1Q tag ged frames will be 9100 hexadecimal. Console(config)#qinq priority map 32-26 Console(config)#interface ethernet 1/2 25-2 [...]
-
Page 363
C ONFIGURING VLAN S WAPP IN G 13-33 Configu ring VLAN Swapping QinQ t unnel ing uses double tagging to pre s erve t he custo mer’s VL AN tags on traffi c cross ing the service p rovider’ s netw ork. However, i f any switch in the p ath cr ossin g the ser v ice p rovider’ s netw ork doe s not suppo rt this feature , then th e local s witch es [...]
-
Page 364
VLAN C ONFIGURATION 13-34 Field Attribut es • Entry Counts – The numb er of ent ries i n the VLA N swapp ing tabl e. • VLAN Swa p Table – Contains e ach entry in the V LAN s wapping tabl e. • InPort – Port through w hich traffic is enter ing the switc h. (Range: 1-18) • OutPort – Port through which traffic is leaving t he switch. (R[...]
-
Page 365
C ONFIGURING VLAN S WAPP IN G 13-35 CLI – This example configures V LAN swapp ing for up stream traffic between port 1 and port 18, exc hanging VLAN ID 1 for VLAN ID 3. It then sets VLAN swapp ing for do w nstre am traffic to ex change VLAN ID 3 for VLAN ID 1. Console(config)#system mode vlan-swap 20-13 Console(config)#interface ethernet 1/1 25-2[...]
-
Page 366
VLAN C ONFIGURATION 13-36[...]
-
Page 367
14-1 C HAPTER 14 C LASS OF S ERVICE Class of Ser vice (CoS) allows you to sp ecify which data packets ha ve greater pr ecedence w hen traf fic is buf fered in the swi tch due to cong estion . Th is switch suppo rts CoS with e ight priorit y queue s for ea ch port. Data pack ets in a port’ s high-prior ity queue will be transmitted before those i [...]
-
Page 368
C LASS OF S ER VICE 14-2 Command Att ribut es • Default Priority 21 – The priority that is assigne d to unta gged frames received on the specifie d interface. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffe rs provided for each port. We b – Click Prior ity , Default Port Prior ity or Default T r u[...]
-
Page 369
L AYER 2 Q UEUE S ETTINGS 14-3 CLI – T his example as signs a default prio rity of 5 to por t 3. Mappin g CoS Values to Egre ss Queues This sw itch processes Class of Ser v ice (CoS) priority tag ge d traffic by using e ight priori ty queues for ea ch po rt, with service sc hedule s based on strict or W eighte d R ound Robin (WRR). Up to e ight s[...]
-
Page 370
C LASS OF S ER VICE 14-4 The priority levels recommended in the IEE E 802.1p standard for various network applications are shown in th e follow ing tabl e. How ever , you can map the priority levels to the switch’ s out put queues in any way that benefi ts app licatio n traf fic for y our own netw ork. Command Att ribut es • Priority – CoS va[...]
-
Page 371
L AYER 2 Q UEUE S ETTINGS 14-5 We b – Click Prior ity , T raffic C lasses. Assign priorit ies to th e traffic c lasses (i.e. , output que ues), then click Appl y . Figure 14-2 Traffic Classes CLI – The follo wing ex ample s hows how to c hange th e CoS assig nment s to a on e-to-o ne mapp ing . * Mappin g specific values for CoS priorities is i[...]
-
Page 372
C LASS OF S ER VICE 14-6 Selecting the Queue Mode Y ou can set th e switch to ser vice the queu es based o n a strict r u le that require s all traffic i n a high er prio rity qu eue to be proce ssed bef ore lo wer priori ty queues are serviced, W eighted R ound-R obin (WRR) queuing tha t specifies a relativ e weight of each queue , or a combinati [...]
-
Page 373
L AYER 2 Q UEUE S ETTINGS 14-7 We b – Click Priority , Queue Mode . Select Strict or WRR, then click Apply . Figure 14-3 Queue Mode CLI – The follow ing set s the que ue mode to strict p riori ty service mode . Setting the Service Weight for Traffic Classes Th is switch uses the W ei ghted Round Robin (WR R) al gor ithm to deter mine the freque[...]
-
Page 374
C LASS OF S ER VICE 14-8 Command Att ribut es • WRR Setting Table 23 – D ispla ys a list o f weights fo r each tr affic class (i.e., queue ). • Weigh t Value – Set a n ew weigh t for the s elected t raffic clas s. (Range: 0-15) Use queue weights 1-15 for queues allocated service time bas ed on WRR. Queue we ights m ust be co nfigured in asc[...]
-
Page 375
L AY ER 3/4 P RIORI TY S ETTINGS 14-9 CLI – The follow ing exam ple s hows ho w to assig n WRR w eight s to prior ity queu es 0- 5, a nd stri ct p rior ity to queu es 6 an d 7. Layer 3/ 4 Priori ty Settings Mapp ing Laye r 3/ 4 Prio rit ies to Co S Val ues This sw itch suppor ts several common method s of prioritizin g la yer 3/4 traffic to meet [...]
-
Page 376
C LASS OF S ER VICE 14-10 Selecting IP Precedence/DSCP Priority The swi tch all ows you to choo se be tween us ing IP Prec edence or DSCP priorit y. Select one of the methods or disable th is feature . Command Att ribut es • Disabled – Disable s both priority services . (This is the de fault sett ing.) • IP Precedence – Maps layer 3/4 p rio[...]
-
Page 377
L AY ER 3/4 P RIORI TY S ETTINGS 14-11 Mapping IP Precedence The T ype of Service (T oS) oct et in th e IPv4 heade r includes thr ee preceden ce bit s defi ning ei ght d ifferent p riori ty lev els rangi ng from h ighest prior ity f or ne tw ork co ntro l pac ket s to l ow est pri orit y for ro utine traffi c. The default IP Prece dence v alues ar [...]
-
Page 378
C LASS OF S ER VICE 14-12 We b – Click Pri ority , IP Preceden ce Priori ty . Select an entry from th e IP Preceden ce Priorit y T able, en ter a v alue in the Class o f Ser vice V alue field, and then click Apply . Figure 14-6 IP Precedence Priority CLI – The follow ing exam ple glob ally en ables IP Pr ecedence ser vice on the sw itch, maps I[...]
-
Page 379
L AY ER 3/4 P RIORI TY S ETTINGS 14-13 Mapping DSCP Priority The DSCP is six bits wide, allo w ing cod ing for up to 64 d ifferent forwardi ng behaviors. The DS CP re places th e T oS bits , but it r etains backward compatibility with the three precedence bits so that non-DSCP compliant, T oS-enable d devices, will not con flict w ith the D SCP map[...]
-
Page 380
C LASS OF S ER VICE 14-14 We b – Click Priority , IP DSCP Priority . Selec t an entr y from the DSCP table , ente r a v alue i n the Class o f Service V alue field, then click A pply . Figure 14-7 IP DSCP Priority CLI – T he following example globally e nables DSCP Priority ser vice on the switch , maps DSCP value 0 to CoS value 1 (on por t 1),[...]
-
Page 381
L AY ER 3/4 P RIORI TY S ETTINGS 14-15 Mapping IPv6 Traffic Classes The Tr affic C lass field i n the IP v6 head er may be used by orig inati ng nodes and/or f orward ing ro uters to id entify a nd distin guish betw een different classes or prio rities for IPv6 packets. (See RFC 2460.) Command Usage Nodes th at suppor t a sp ecific us e of some o r[...]
-
Page 382
C LASS OF S ER VICE 14-16 CLI – The follow ing examp le maps t he T raffic Clas s v alue of 1 to CoS va lu e 0. Map ping IP Port Prio rity Y ou can also ma p network applica tions to Cla ss of Ser v ice values based on the IP port number (i.e., TCP/UDP por t number ) in the frame hea der . Some of the more common T CP ser vice ports inclu de: HTT[...]
-
Page 383
L AY ER 3/4 P RIORI TY S ETTINGS 14-17 Click Priority , IP P ort Priority . Enter the por t number for a network application in the IP Port Number bo x and the new CoS value in t he Class of Service bo x, and th en clic k Apply . Figure 14-10 IP Port Priority CLI – T he following example globally enables IP P or t Priority ser vice on the switch [...]
-
Page 384
C LASS OF S ER VICE 14-18[...]
-
Page 385
15-1 C HAPTER 15 Q UALITY OF S ERVICE The command s described in this section are used to configure Quality of Servi ce ( QoS) cla ssificat ion criter ia and ser vice po licies . Differentia ted Ser vices (DiffSer v) provides polic y-based manageme nt mechanisms used for prio ritiz ing net wo rk resource s to meet the requir ements of specifi c tra[...]
-
Page 386
Q UALITY OF S ER VI CE 15-2 Notes: 1. You can config ure up to 16 rules per C lass Map. Y ou can also include multiple classe s in a Policy Map. 2. You sh ould cre ate a Clas s Map b efore cr eating a Policy M ap. Othe rwise, yo u will not be a ble to select a Class Map from th e Policy Ru le Setti ngs scr een (see page 15-9). Configu ring Q uality[...]
-
Page 387
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-3 Configuring a Class Map A class map is us ed for matc hing pack ets to a speci fied cl ass . Command Usage • To config ure a Clas s Map, follow t hese s teps: - Open the Class Map pa ge, and click A dd Class. - When the Class Conf iguration page opens, fill in the “Class Name” fiel d, and c[...]
-
Page 388
Q UALITY OF S ER VI CE 15-4 Setti ngs” pag e. Enter t he cr iteria us ed to cl assify i ngress t raffic on this web page. • Remove Class – Removes the se lected class. Class Configuration • Class Name – Name of the class map. (Range: 1-16 chara c ters) • Type – Only o ne mat ch comm and is permitt ed per class map, s o the match -any [...]
-
Page 389
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-5 We b – Cl ick QoS, Diff Ser v , then cl ick Add Class to crea te a new class, or Edit Rules to change the r ules of an exis ting class . Figure 15-1 Configuring Class Maps CLI - T his exam ple creat es a class map ca ll “rd-class , ” and set s it to matc h packet s marked f or DS CP ser vic[...]
-
Page 390
Q UALITY OF S ER VI CE 15-6 Creating QoS Policies This fun ction creat es a pol icy ma p that can be attached t o mul tiple interfaces . Command Usage • To confi gure a Po licy Map, follow these steps: - Create a Class Map as described on page 15-3. - Open the Policy Map pag e, and click Add Policy. - When the Po licy Configuration page opens, fi[...]
-
Page 391
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-7 Command Att ribut es Pol ic y M ap • Modify Name and Description – Co nfigures t he na me and a b rief descr iption of a policy map. (Rang e: 1-16 ch aracte rs for the name; 1-8 0 charact ers for the description) • Edit Classes – Opens the “Policy Rule Settings” page for the se lected[...]
-
Page 392
Q UALITY OF S ER VI CE 15-8 • Remove Class – Deletes a class. - Poli c y Op tion s - • Class Name – Name of class map. • Action – Configures the se r vice provided to ing ress traffic by setting a CoS , DSCP , or IP Preced ence v alue in a matc hing pac ket (as sp ecified i n Match Class Setting s on pag e 15-3) . (Range - CoS: 0-7, DSC[...]
-
Page 393
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-9 We b – Click QoS , DiffSer v , P olicy Map to disp la y the list of existin g policy maps . T o add a new policy map click Add P olicy . T o configure the poli cy r ule settings click Edit Classes. Figure 15-2 Configuring Policy Maps[...]
-
Page 394
Q UALITY OF S ER VI CE 15-10 CLI – T his example create s a policy map called “rd- policy ,” sets the av erage bandwidth the 1 Mbps, the burst rate to 1522 bps , and the respo nse to re duce the DSC P value for violati ng packet s to 0. Attaching a Policy Map to Ingress Queues This functio n binds a policy map to the ing ress queue of a par t[...]
-
Page 395
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETERS 15-11 We b – Click QoS , DiffSer v , Se r vice P olicy Set tings . Check Enabled and choose a P olicy Map for a por t from the sc roll-down box, then click App ly . Figure 15-3 Serv ice Po licy Set tings CLI - Th is example applies a ser vice policy to an ingress in terface. Console(config)#interfac[...]
-
Page 396
Q UALITY OF S ER VI CE 15-12[...]
-
Page 397
16-1 C HAPTER 16 M ULTICAST F ILTERING Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio . A multicast ser ver does no t have to establish a separate conne ction wit h each client . It merely broadc asts its ser vice to the network, and any host s that want to recei ve the multicast register with [...]
-
Page 398
M ULTICAST F ILTERING 16-2 those p orts only . It then pro pagates th e ser vice request up to any neighboring mult icast switch/router to ensu re that it will continue to receiv e the multicast ser vic e. The pu rpose of IP multicast filt ering is to optimize a switched network’ s perfor mance, so multicast p ack ets will only be forward ed to t[...]
-
Page 399
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-3 is forwarde d to the host s from each of th ese sour ces . IGMPv 3 hosts may also requ est tha t ser vic e be forw arded from all s ources ex cept for those specified. In this case, traffic is filtered from so urces in the Ex clude list, and forw arded from a ll othe r avai lable so urces . Notes: 1. When[...]
-
Page 400
M ULTICAST F ILTERING 16-4 Configuring I GMP Snooping and Query P arameters Y ou can config ure the switch to forward multicast traffic intellig ently . Based on the IGMP query and report mes sages , the s witc h forw ards traffic only to the por ts that request multicast traffic. T his prevents the switch from broadc asting the traffic to all port[...]
-
Page 401
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-5 Command Att ribut es • IGMP Status — Wh en ena bled, the swi tch wi ll mon itor n etwo rk traf fic to determine wh ich hosts want to receive multicast traffic. This is also referred t o as IGMP Sn ooping. ( Default: Enab led) • Act as I GMP Quer ier — When enab led, t he switc h can ser ve as the [...]
-
Page 402
M ULTICAST F ILTERING 16-6 We b – Click IGMP Sn ooping , IGMP Co nfiguration. Adjust the I GMP settings as required , and then click Apply . (T he default settings ar e shown below .) Figure 16-1 IGMP Configuration CLI – T his example modifies the settin gs for multicast filtering, and then disp lays the current sta tus . Console(config)#ip igm[...]
-
Page 403
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-7 Displaying Interfaces At tached to a Multicast Router Multi cast rout ers th at are attac h ed t o ports on the swit ch us e information obtained from IGM P , along with a m ulticast routing pro tocol such as D VMRP or PIM, to suppor t IP multica sting ac ross the In ter net. T hese routers may be dynamic[...]
-
Page 404
M ULTICAST F ILTERING 16-8 CLI – T his example shows that P ort 11 h as been statically config ured as a port attached to a multicast r o uter . Specifying Static Interfaces for a Multicast Router Depe nding on your network connect ions , I GMP snoop ing may n ot always be able t o loca te the I GMP querie r . Therefore, if the IG MP querier is a[...]
-
Page 405
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-9 CLI – T his example configures port 11 as a m ulticast router por t within VLAN 1. Displaying Port Members of Mult icast Services Y ou can disp la y the port members associat ed wit h a spec ified VLA N and multicast ser vice. Command Att ribut es • VLAN I D – Selects the VLA N for which to display [...]
-
Page 406
M ULTICAST F ILTERING 16-10 We b – Click IGMP Snooping, IP Multicast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists . The swit c h will display all the interfaces that are propag ating this multicast ser vice. Figure 16-4 IP Multicast Registration Table CLI – T his example displays a[...]
-
Page 407
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-11 Assi gning Port s to Mu ltic ast Ser vices Multicast filte ring can be dynamic ally configured using IGM P Snooping and IG MP Quer y messag es a s descri bed in “Configu ring IGM P Snoop ing and Quer y P arameters” on page 16-4. For certain app lications that require tighter control, you may need to [...]
-
Page 408
M ULTICAST F ILTERING 16-12 We b – Click I GMP Snoo ping, I GMP Me m ber P or t T able . Spec ify the interface atta ched to a m ulticast ser v ice (via an IGMP-enabled switch or multicast rout er), ind icate the VLAN that wil l propag ate the multicast ser vice, specify the multicast IP address, and click Add. After you hav e completed adding po[...]
-
Page 409
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-13 Configuring I mmediate Leave from Multicast Gr oups Th e swit ch can be conf igur ed t o imme diate ly de lete a memb er por t of a multicast ser vice if a leave pack et is re ceiv ed at that po rt and the immediate-leave function is enabled for the parent VLAN . Command Usage • If immediate leave is n[...]
-
Page 410
M ULTICAST F ILTERING 16-14 We b – Click I GMP Snoopi ng, I GMP Imm ediate Leav e T able. Sel ect the VLAN interface to con figure, set the status for immediate leave , and click Apply . Figure 16-6 IGMP Immediate Leave Table CLI – This example enables i mmediate l eav e on VLAN 1. IGMP Filter ing and Th rottling In certain switch applications [...]
-
Page 411
IGMP F ILTERING AND T HROTTLING 16-15 IGMP thro ttling sets a maximum number of multicast grou ps that a por t can join at the same time. Wh en the maximum number of gr oups is reach ed on a port, the swit ch can take o ne of tw o acti ons; eit her “deny” or “replace. ” If the action is set to deny , any new IGMP join re por ts will be drop[...]
-
Page 412
M ULTICAST F ILTERING 16-16 CLI – T his example enables IGMP filter ing and creates a profile number . It th en displ ay s the cu rrent status and the existing p rofi le n umbers . Configuring I GMP Filter Pr ofiles When y ou ha v e created an IGMP profile num ber , you can t hen con figure the multica st g roups to filter and set th e access mo [...]
-
Page 413
IGMP F ILTERING AND T HROTTLING 16-17 • Current Multicast Address Range List – Lists multicast groups currently included in the profile. Select an entry and click th e Remove but ton to delete i t fr om th e lis t. We b – Click IGMP Sn ooping, IGM P Profile Group Configuration . Select the pr ofile number y ou want to config ure; th en clic k[...]
-
Page 414
M ULTICAST F ILTERING 16-18 Configuring I GMP Filtering and Thr ottling for Interfaces Once y ou ha v e conf igured IGMP pr ofiles , you can assig n them to interf aces on the switch. Also , you can set th e IGMP thr ottlin g number to lim it the n umber of multicast groups an interface can join at the same time. Command Usage • Only one profil e[...]
-
Page 415
IGMP F ILTERING AND T HROTTLING 16-19 We b – Click IGMP Snooping, IG MP Filt er/Th rottling Port Configuration or IGMP Filter/T hrottlin g T r unk Co nfig uration. Select a profile to assign to an inter face, then set th e throttlin g number and action . Click Apply . Figure 16-9 IGMP Filter and Throttling Port Configuration CLI – This exampl e[...]
-
Page 416
M ULTICAST F ILTERING 16-20 Multicas t VLAN Registrati on Multicast VLAN R egistration (MVR) is a protocol that controls acce ss to a single ne twork-wide VL AN most co mmonly use d for tran smitting multicas t traffic (such as television c hannels or video-on-demand ) across a ser vice provider’ s netw ork. Any multicast traffic entering an MVR [...]
-
Page 417
M ULTICAST VLAN R EGISTRATION 16-21 General Configuration Guidelines for MVR 1. Enable MVR globally on the s witch, select the MVR VLAN, and add the multicas t gro ups that wi ll stream traffic to attached hosts (s ee “Configu ring G lobal M VR Set tings ” on p age 16-21) . 2. Set the inte rfaces that will join the MVR as so urce ports o r rece[...]
-
Page 418
M ULTICAST F ILTERING 16-22 Field Attribut es •M V R D o m a i n – An independent m ulticast domain . (Range: 1-3; Default: 1) • MVR Status – When MVR is enabled on both the s witch , any mul ticast data associat ed an MV R group is sent from all design ated source p orts, and to all receiver ports that have register ed to rec eive da ta fr[...]
-
Page 419
M ULTICAST VLAN R EGISTRATION 16-23 We b – Click MVR, Configuration . Select the MVR domain, enable MVR glob ally on the switch , select the MVR VLAN , add the m ultica st groups that will stream traffic to attached hosts, and then clic k Apply . Figure 16-10 MVR Global Configuration CLI – This example first enables IGMP snoo ping, enables MVR [...]
-
Page 420
M ULTICAST F ILTERING 16-24 Displaying MVR Interface Status You can display informat ion about the i nterfaces at tache d to th e MVR VLAN. Field Attribut es •M V R D o m a i n – An independent m ulticast domain . • Type – Shows th e MVR port ty pe. • Oper Status – Show s th e lin k stat us. • MVR Status – Shows th e MVR stat us. MV[...]
-
Page 421
M ULTICAST VLAN R EGISTRATION 16-25 CLI – This example sh ows in formati on abo ut interf aces attached to the MVR VL AN . Console#show mvr interface 35-29 ========================================= ============== MVR domain : 1 Port Type Status I mmediate Leave ------- -------- ------------- - -------------- eth1/1 RECEIVER ACTIVE/UP Disable eth1[...]
-
Page 422
M ULTICAST F ILTERING 16-26 Configuring M VR Interfaces Each interface that particip ates in the MVR VLAN m ust be config ured as an MVR source po rt or receiver po rt . If only o ne subs criber attached to an interface is receiving multicast ser vices, y ou can enable the immediate leave funct ion. Command Usage • MVR source p orts and recei ver[...]
-
Page 423
M ULTICAST VLAN R EGISTRATION 16-27 - Using immedia te leave can spee d up lea ve laten cy, but s hould on ly be enabled o n a port attached t o one mu lticast subscri ber to avoi d disrup ting servic es to oth er group mem bers atta ched to the same interface. - Immediat e leave doe s not appl y to mult icast groups which have been statically assi[...]
-
Page 424
M ULTICAST F ILTERING 16-28 We b – Click MVR, Po rt Configuration or T r unk Con figuration. Figure 16-12 MVR Port Configur ation CLI – This examp le config ures an MVR s ource port and rec eiv er port, and then e nables im mediate lea ve on t he rece iv er po r t. Displaying Port Members of Mu lticast Groups You can display th e mul ticast g r[...]
-
Page 425
M ULTICAST VLAN R EGISTRATION 16-29 We b – Click MVR, Group IP Infor mation. Figure 16-13 MVR Group IP Information CLI – This examp le following shows information about the interfaces associa t ed wi th m ultic ast groups assi gned t o the M VR VLAN . Console#show mvr members 35-29 MVR Group IP Status Members ---------------- -------- ------- 2[...]
-
Page 426
M ULTICAST F ILTERING 16-30 Assigning Stat ic Multicas t Groups to Interfaces F or mult icast streams that will r un for a lo ng ter m and be associate d with a stable set of host s , you can st atically b ind the multi cast g rou p to the part icipating interfaces. Command Usage • Any multicast group s that use the MVR VLAN must be static ally a[...]
-
Page 427
M ULTICAST VLAN R EGISTRATION 16-31 We b – Click MVR, Group Member Config uration. Select a port or trunk from t he “Int erface” fie ld, and click Qu ery to di splay t he assi gned multicast groups . Select a multicast address from the disp layed lists, and click the Add or Remo ve button to modify the Member list. Figure 16-14 MVR Group Memb[...]
-
Page 428
M ULTICAST F ILTERING 16-32[...]
-
Page 429
17-1 C HAPTER 17 D OMAIN N AME S ERVICE The Domain Naming System (DNS) s er vice on this sw itch allo ws host names t o be mapped to IP addres ses using s tatic table entries o r by redirec tion to ot her name ser vers on the network. W hen a client d evice designates this switch as a DNS ser ver , the client will attemp t to resolve host na mes in[...]
-
Page 430
D OMAIN N AME S ER VICE 17-2 • When mo re than one n ame serve r is sp ecified , the s ervers are queri ed in the sp ecifie d sequenc e until a respo nse is re ceived, or the en d of t he list is reache d with no resp onse. • If all name servers are deleted, DN S will automatically be disab led. This is done by disabling the domain lookup statu[...]
-
Page 431
C ONFIGURING G ENERAL DNS S ER VICE P ARAM ETERS 17-3 We b – Select DNS , Ge neral Configuration. Set the default domain na me or lis t of doma in name s , specify one or more name s er v ers to use t o use for addre ss resolution, e n able doma in lookup status , and click Apply . Figure 17-1 DNS General Configuration[...]
-
Page 432
D OMAIN N AME S ER VICE 17-4 CLI - T his example sets a default domain name and a domain list. Howev er, r emember that if a domain list is specified, the default domain name is not u sed. Configu ring Static DNS Host to Addres s Entri es Y ou can manually configure static entrie s in the DNS table that are used to map domain names to IP addr esses[...]
-
Page 433
C ONFIGURING S TATI C DNS H OST TO A DDR ESS E NTRIES 17-5 Field Attribut es • Host Name – Name of a ho st devic e that is mapp ed to one or more IP addresses . (Range: 1-127 characters) • IP Address – I nternet ad dress(es) as sociated wit h a host n ame. (Range: 1-8 add resses) • Alias – Displays the host names tha t are map ped to th[...]
-
Page 434
D OMAIN N AME S ER VICE 17-6 CLI - T his ex ample ma ps tw o address to a host nam e, and then config ures an alias ho st name for the same addr esses. Displaying the DNS Cache Y ou can disp lay e n tries in th e DNS cac he that hav e been learned via t he desi gnated name ser v e rs . Field Attribut es • No – The entr y number for each r esour[...]
-
Page 435
D ISPLAY IN G THE DNS C ACHE 17-7 We b – Se le c t D NS, C ach e. Figure 17-3 DNS Cache CLI - T his e xample d ispla ys all t he resou rce record s learned fro m the designated name servers . Console#show dns cache 36-9 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.134.222 51 www.micros oft.akadns.net 1 4 CNAME 207.46.134.190 51 www.micros oft.akad[...]
-
Page 436
D OMAIN N AME S ER VICE 17-8[...]
-
Page 437
S ECTION III C OMMAND L INE I NTERF ACE This se ction provides a detailed descriptio n of the Command Line Interface , along wi th examples for all of the c ommands . Overview of th e Command Li ne Interfa ce . . . . . . . . . . . . . . . . . . . . . . 18-1 General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 438
C OMMAND L IN E I NTE RFA CE IP Inter face Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38-1[...]
-
Page 439
18-1 C HAPTER 18 O VERVIE W OF THE C OMMAND L INE I NTERFA CE This ch apter de scribes how to use the Com mand Li ne Int erface (CLI ). Using the Com mand Line Inte rface Accessing the CLI When acces sing the mana gement inte rface for the sw itch o ver a d irect connec tion to the server’ s console po rt, or via a T elnet co nnectio n, the switc[...]
-
Page 440
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-2 After c o nnec ting to the syst em thr ough th e conso le port, th e login screen displ ays: Telnet Connection T elnet operates o ver the I P trans port protocol. In thi s enviro nment, your management stati on and any ne tw ork devi ce you w ant to manage ov er the network must hav e a valid IP a[...]
-
Page 441
E NTERING C OMMANDS 18-3 2. At the prompt , enter the user name and system password. The CL I will disp lay t he “Vty- n #” pr ompt fo r the ad minist rator to sho w that you are using privileg ed access mode (i.e., Privileged Exec), or “Vty - n >” f or the guest to s how th at you are using normal access mode (i. e. , Nor mal Ex ec), w [...]
-
Page 442
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-4 • To enter multiple commands, e nter each c ommand in the required orde r. For examp le, to enable Pri vileged Exec command mod e, and di splay the startup con figuration, enter: Console> enable Console# show startup-config • To enter co mmands that r equire parameters, en ter the requ ired[...]
-
Page 443
E NTERING C OMMANDS 18-5 Sho wing C omm ands If you enter a “?” at the command prompt , the system will display the first lev el of key wo rds for t he current com mand clas s (No r mal Ex ec or Pri vileged Ex ec) or configur ation class ( Global, A CL, Interface , Lin e, or VLAN Database, or MSTP ). Y ou can also disp lay a list of v a lid key[...]
-
Page 444
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-6 The co mmand “ show i nterfaces ? ” will disp la y the following infor mation: Partial Keyword Lookup If yo u ter minate a partial ke yw ord with a que stion mark, alternativ es that match the initial letters are provided. ( R emember not to leave a space betw een the co mmand and que stion ma[...]
-
Page 445
E NTERING C OMMANDS 18-7 Using Co mmand History The CLI maint ains a history of comma nds tha t hav e been ente red. Y ou can sc roll bac k through t he his tory of comman ds by press ing t he up arro w ke y . Any co mmand di spla yed in the hi story list c an be ex ecuted again, or first m odified a nd th en exe cuted. Using the show his tor y com[...]
-
Page 446
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-8 Exec Commands When y ou ope n a new co nsol e sessi on on th e swit ch wi th th e user nam e and pas sw ord “g uest, ” the sy stem en ters the Nor mal Ex ec command mode ( or gues t mo de), dis pla ying the “ Conso le>” c ommand promp t. Only a limited number of the comman ds are av ail[...]
-
Page 447
E NTERING C OMMANDS 18-9 The conf igurati on comm ands a re organized into differen t modes : • Global Con figuration - These commands modify the system level config urati on, and in clude commands such a s hostname and snmp-server community . • Access Co ntrol Lis t Confi guration - T hese comma nds are used for packet filt ering. • Class Ma[...]
-
Page 448
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-10 T o enter t he othe r modes, at the config uratio n prom pt type one of t he follo wing co mmands . Use the exi t or end co mmand to re tur n to the Pri vileged Ex ec mode. Tabl e 18-2 C onfigu ratio n Comm and M odes Mode Comm and Prompt P age Line l ine {console | vty} Console (config-line)# 20[...]
-
Page 449
E NTERING C OMMANDS 18-11 For exa mple, yo u can use the fol lowing co mmands t o enter interfa ce configuration m ode, and then return to Privileged Exec mode Command Line Pr ocessing Commands are not case sen siti v e . Y ou can abbrevi ate com mands and para meters as lon g as they cont ain eno ugh lett ers to diff erent iate t hem from an y oth[...]
-
Page 450
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-12 Comman d Groups The syst em comma nds can b e bro ken do wn into th e functi onal groups shown below . Esc-F Move s the cursor forward one word. Del ete ke y or bac ks pac e key Eras es a mis ta ke w hen ent eri ng a comma nd. Table 18-4 Command G roup I ndex Command Group Description Page Genera[...]
-
Page 451
C OMMAND G RO U P S 18-13 Interface Co nfigures the conne ction parameters for a ll Eth ern et p ort s, a ggr egat ed link s, a nd V LANs 25-1 Link Aggrega tion Statically groups multipl e ports into a single logical trunk; configures Link Aggregat ion Control Protocol f or port trunks 26-1 Mirror Port Mirrors d ata to an other port for analys is w[...]
-
Page 452
O VER VI EW OF THE C OMMAND L INE I NTE RFA CE 18-14 The access m ode sho w n in the fol lowi ng tab les is in dicated b y thes e abbr eviati ons: ACL (Access Cont rol Li st Conf igurat ion) CM (Class Map Config uration) NE (Nor mal Exec) GC (Global Con figuration) IC (Inter face C onfig uratio n) IPC (IGMP Profile Conf iguraiton) LC (Line Configur[...]
-
Page 453
19-1 C HAPTER 19 G ENERAL C OMMANDS These comm ands are used to control the co mmand access m ode, config uration m ode, and othe r basic f unctions. Table 1 9-1 Ge neral Commands Command Funct ion Mode Page enable Activates priv ileged mode NE 19-2 disable Returns to normal mode from privi leged mode PE 19-3 configure Activates globa l configurati[...]
-
Page 454
G ENERA L C OMMANDS 19-2 enable This c ommand activates Pri vilege d Ex ec mode. In privileged mo de, addition al commands are a vailable , and certain commands display additiona l infor matio n. See “Und erstanding Command Mod es” on pag e 18-7. Syntax enab le [ level ] leve l - Privil ege level to log into the device . The device has two pred[...]
-
Page 455
DIS ABLE 19-3 disable This comm and returns to Nor mal Exec mode from privileged mod e . In nor mal access mode , yo u can onl y dis play basic in formation on th e switch's configuration or Ethe rnet stat istics . T o gain access to all comma nds, you must us e the privi lege d mod e. See “Und ersta nding Command Modes” on page 18-7. Defa[...]
-
Page 456
G ENERA L C OMMANDS 19-4 Example Related Commands end (19-6) show h ist ory This comma nd sho ws the cont ents of the co mmand hi story buffer . Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage The history buffer si ze is fix ed at 10 Ex ecutio n command s and 10 Configur ation c ommands . Example In this exam ple, th[...]
-
Page 457
RE L O AD 19-5 The ! com mand repeat s comma nds from the Ex ecution command hi story buffer wh en y ou are i n Normal Exec or Pri vileged E xec Mode , and command s from the Con figurat ion comma nd history buffer when y ou are in any of the config uration modes . In this example, the !2 command repeats t he secon d comm and in the Ex ecution his [...]
-
Page 458
G ENERA L C OMMANDS 19-6 prompt This comma nd custom izes the CLI pr ompt. Us e the no for m to re sto re the def ault prompt . Syntax prompt string no prompt string - Any a lpha num eric st ring t o use fo r the C LI pr ompt. (Maximum length: 255 characters) Default Setting Consol e Command Mode Global Configura t ion Example end This command retu[...]
-
Page 459
EXIT 19-7 exit This comm and returns to the previous configuration mo de or exits the config uration pr ogr am. Default Setting None Command Mode Any Example This examp le sho ws ho w to return to t he Pri vileged Ex ec mode from t he Global Conf igur ation mode , and then qui t the CLI se ssion : quit This c ommand exits the conf iguration prog ra[...]
-
Page 460
G ENERA L C OMMANDS 19-8 Example This e xample sh ows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username:[...]
-
Page 461
20-1 C HAPTER 20 S YSTEM M ANAGEMENT C OMMANDS These comman ds are used to control system l ogs , passw ords, user names , manageme nt opt ions , and displ ay o r confi gure a v ariety of o ther system infor mation. Table 20-1 System Management Commands Command G roup Fun ction Page Device Designat ion Configures i nformation that unique ly identif[...]
-
Page 462
S YSTEM M ANAGEM ENT C OMMANDS 20-2 Device Design ati on Com mands This se ction describe s commands used to config ure infor mation th at unique ly ident ifies th e switc h. hostname This command s pecifies or modifi es the hos t name for t his device . Use the no for m to res tore the d efault h ost name. Syntax hostname name no hostname name - T[...]
-
Page 463
S YSTEM S TATUS C OMMANDS 20-3 System Status Commands This secti on descr ibes co mmands u s ed t o disp lay s ystem i nfor mation . show startup- config This c ommand displays the configuration file store d in non-volatile memor y tha t is used to s tart up the syst em. Command Mode Pri vileged Ex ec Command Usage Use this command in conjunction w[...]
-
Page 464
S YSTEM M ANAGEM ENT C OMMANDS 20-4 This com mand dis plays set tings for key command m odes. Each mode group is separate d by “!” symb ols, and includes the config uration mode command, and correspondin g commands. This command displays the following info rmation: - MAC addres s for the switch - SNTP serv er setting s - SNMP community strings [...]
-
Page 465
S YSTEM S TATUS C OMMANDS 20-5 Example Related Commands show r unning-config (20-6) Console#show startup-config building startup-config, please wait..... !<stackingDB>00</stackingDB> !<stackingMac>01_00-20-1a-df-9c-a0_00</st ackingMac> ! phymap 00-20-1a-df-9c-a0 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 ! snmp-server community p[...]
-
Page 466
S YSTEM M ANAGEM ENT C OMMANDS 20-6 show runnin g-config This comma nd displ ays t he confi gur ation infor mation curren tly in use. Command Mode Pri vileged Ex ec Command Usage Use this command in conjunction with th e show startup-config command to compare the informatio n in running memory to t he infor matio n store d in no n-volatile memory. [...]
-
Page 467
S YSTEM S TATUS C OMMANDS 20-7 Example Console#show running-config building running-config, please wait..... !<stackingDB>00</stackingDB> !<stackingMac>01_00-30-f1-d4-73-a0_00</st ackingMac> ! phymap 00-30-f1-d4-73-a0 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 ! snmp-server community private rw snmp-server community public ro ! u[...]
-
Page 468
S YSTEM M ANAGEM ENT C OMMANDS 20-8 Related Commands show star tup-config (20-3) show system This c ommand displays system infor m ation. Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage • For a descr ipti on of th e items show n by th is command, refer t o “Displaying Sy stem Information ” on page 4-1. • The [...]
-
Page 469
S YSTEM S TATUS C OMMANDS 20-9 show u ser s Shows all activ e console and T elnet session s , inc luding user name, idle time, and IP address of T e lnet client. Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage The session us ed to ex ecute this co mmand is in dicated by a “*” symbol next to t he Line (i.e., sessi[...]
-
Page 470
S YSTEM M ANAGEM ENT C OMMANDS 20-10 show ve rsion This co mmand displays hardware and software version in for mation for the system . Command Mode Nor mal Exec, Pri v ileged Exec Command Usage See “Displaying Hardware/Software V ersion s” on page 4-7 for detailed infor mation on the items d isplayed by this comman d. Example show b me v ersio [...]
-
Page 471
S YSTEM S TATUS C OMMANDS 20-11 Example show cpu utilization This command shows the CPU utilizati on parameters . Command Mode Nor mal Exec, Pri v ileged Exec Example Console#show bme version Firmware Firmware-VTU-O:1.0.5r 11IK004010 Time May 19 2006 18:16:42, RTOS Nucleus BME R:96 AFE<num, ver> <0:b10> <1:b10> IFE<num:Dev.Rev&[...]
-
Page 472
S YSTEM M ANAGEM ENT C OMMANDS 20-12 show me mory status This c ommand shows memor y utilization parameters . Command Mode Nor mal Exec, Pri v ileged Exec Example Table 20-5 show cpu util ization - displa y descriptio n Field Description current utilization Current percentage of CPU utilizat ion max utilization Maximum statistical utilization ove r[...]
-
Page 473
S YSTEM M ODE C OMMANDS 20-13 System Mode Commands This secti on des cribes command used t o config ure the switc h to operat e in normal mo de or Qi nQ mode . system mode This comman d sets t he switc h to operate in QinQ mode . Use th e no for m to restor e the defau lt setting of nor mal oper ating mode. Syntax system mode { nor mal | qi nq | vl[...]
-
Page 474
S YSTEM M ANAGEM ENT C OMMANDS 20-14 Default Setting Nor mal ope rating mode Command Mode Global Configura t ion Command Usage Make sure that no dot1q-tunnel port is config ured before exiting QinQ mode (s ee “ switchpor t mo de dot 1q- tunnel ” on pa g e 32-27 ). If t here a re any dot 1q-tunn el ports se t on th e swit ch, t he no sys tem mod[...]
-
Page 475
F RAME S IZE C OMMANDS 20-15 Frame Size Commands This secti on descr ibes commands u sed to configu re the Et hernet fra me size on th e switch. jumbo frame This comm and enables suppor t for jumbo frames for Gig abit Ether net ports . Use th e no for m to disable it. Syntax [ no ] jumbo f rame Default Setting Disabled Command Mode Global Configura[...]
-
Page 476
S YSTEM M ANAGEM ENT C OMMANDS 20-16 Example File Manage ment Comm ands Managing Fir mw are Fir mware can be uploaded an d downloade d to or from a TFTP ser ver . By saving ru ntime code to a file on a TFTP ser ver, that file can later be dow nloaded to the s witch to re store o peration. The switc h can also b e set to use n ew fir mware with out [...]
-
Page 477
F ILE M ANAGEME NT C OMMANDS 20-17 copy Th is comman d moves (upload/ download) a code imag e or c onfigura tion file b etwee n the sw itc h’ s flash memory and a TFTP server . W hen y o u sa ve the sys tem code o r configura tion setti ngs to a file on a TF TP ser ver, that file can later be downloaded to th e switch to resto re system operation[...]
-
Page 478
S YSTEM M ANAGEM ENT C OMMANDS 20-18 settings will be set to default values whe n the system is reboot ed using this file. • fir mware - Keyword that all ows you t o copy BME fi rmware used for upgradin g CPEs to reserved bu ffer sp ace in the sw itch. (BME indicat es the Burst M ode Eng ine us ed for di gital s ignal p roces sing.) Default Setti[...]
-
Page 479
F ILE M ANAGEME NT C OMMANDS 20-19 •U s e t h e partial-running-config keyword to copy basic setting s for the IP config uration, SNMP community strings, and CL I user names and pa sswords t o a star tup con figurati on fil e. The sy stem can then be reset u sing the pa rameters c opied fr om the partial-running-co nfig, and default se ttings for[...]
-
Page 480
S YSTEM M ANAGEM ENT C OMMANDS 20-20 Th e following exa mple sh ows how to copy the r unning co nfigur ation to a star tup file . Th e following example shows how to download a configur ation file: This examp le sho ws ho w to co py a s ecure-site certificate from an TFTP ser ver. It then rebo ots the switch t o activate the ce rti ficate: Console#[...]
-
Page 481
F ILE M ANAGEME NT C OMMANDS 20-21 This exampl e shows ho w to copy a public-key used b y SSH fro m an TFT P server . Note that publ ic k ey au then ticati on vi a SS H is o nly su pported for users configured locally on the switch. This examp le sho ws ho w to co py BME fir mwar e for CPEs to a r eserved buffer on th e switch, copy th is fir mware[...]
-
Page 482
S YSTEM M ANAGEM ENT C OMMANDS 20-22 delete This comm and deletes a file or image. Syntax delete filename filename - Name of configuration file or code image. Default Setting None Command Mode Pri vileged Ex ec Command Usage • If the file type is used for system startup, then this file cannot be delete d. • “Fact ory_Def ault_Con fig.cfg” c[...]
-
Page 483
F ILE M ANAGEME NT C OMMANDS 20-23 dir This comm and displays a list of files in flash memor y . Syntax dir {{ boot-r om: | config: | opcode: } [ fil ename ]} The ty pe of file or image t o display includes: • boot-rom - Boot RO M (or diagnostic) image file. • config - Switch configuratio n file. • opcode - Run -time operation code image file[...]
-
Page 484
S YSTEM M ANAGEM ENT C OMMANDS 20-24 Example The following example shows how to display all file infor mation: whichboot This command displa ys whi ch files were bo oted when th e system po wered up . Default Setting None Command Mode Pri vileged Ex ec Example This examp le sho ws the information displ aye d by t he whichboot comma nd. See t he tab[...]
-
Page 485
F ILE M ANAGEME NT C OMMANDS 20-25 boot system This comma nd specifi es the fi le or im age used to start up the s ystem. Syntax boot system { boot-rom | config | opcode }: filename The ty pe of file or imag e to set as a de fault includes : • boot-rom * - Boot RO M. • config * - Configuration file. • opcode * - Run-t ime operatio n code. •[...]
-
Page 486
S YSTEM M ANAGEM ENT C OMMANDS 20-26 Line Co mmand s Y ou can access the onboard configuration program by attaching a VT100 compa tible devic e to th e ser v er’ s serial p ort. These comman ds are us ed to set com municat ion pa rameter s for th e serial port or T elnet ( i.e. , a virtual ter minal) . Table 20- 11 Line Comm ands Command Function[...]
-
Page 487
L INE C OMMANDS 20-27 line This comma nd identifi es a sp ecific line for configurat ion, an d to pro cess subse quent line co nfigu ration com mands . Syntax line { console | vty } • console - Consol e termi nal line. • vty - Virtual terminal fo r remote cons ole access (i.e., Telnet) . Default Setting There is n o default line. Command Mode G[...]
-
Page 488
S YSTEM M ANAGEM ENT C OMMANDS 20-28 login This command enables passw ord chec king at login. Use the no for m to disable password checking and allow con nection s witho ut a pass w ord. Syntax login [ local ] no login local - Selec ts local password checking . Authent ication is based on the user name sp ecified with the user name command. Default[...]
-
Page 489
L INE C OMMANDS 20-29 Example Related Commands username ( 22-2) password (20-29) password This comma nd specifi es the pa ssword for a line . Use the no for m to remove the password . Syntax password { 0 | 7 } password no passw ord •{ 0 | 7 } - 0 m eans p lain pa sswo rd, 7 me ans en cryp ted p asswo rd • password - Char acter stri ng that spec[...]
-
Page 490
S YSTEM M ANAGEM ENT C OMMANDS 20-30 configuration file from a TFTP server. Th ere is no need for you to manual ly con figure e n cr ypted p asswo rds. Example Related Commands login (20-28) password-thresh (20-32) timeout login re sponse This c ommand sets t he inter val that the syst em waits for a user to lo g into the CL I. Use t he no for m to[...]
-
Page 491
L INE C OMMANDS 20-31 Example T o set the timeou t to tw o minu tes , ent er th is c omman d: exec-timeout This c ommand sets the inter v al that the system waits until user input is detected. Use th e no for m to res tore t he defa ult. Syntax exec-timeout [ second s ] no exec-timeout seconds - In teger that sp ecifies the timeou t inter val. (Ran[...]
-
Page 492
S YSTEM M ANAGEM ENT C OMMANDS 20-32 password-thr esh This c ommand sets the password intr usion threshold which lim its the number of failed lo go n attempts. Use the no for m to remove the thresh old val u e. Syntax passw ord-thresh [ thr esh old ] no passw ord-thr esh thr eshold - The num ber of all ow ed passw ord at tempts . (Range: 1-120; 0: [...]
-
Page 493
L INE C OMMANDS 20-33 silen t-time This c ommand se ts the amount of time the man ageme nt console is inacce ssible after the n umber of unsucc essful logon attempt s ex ceeds the threshold set by the pa ssw ord-thresh command . Use the no for m to remov e the silent ti me value . Syntax silent-tim e [ second s ] no silent-time seconds - T he numbe[...]
-
Page 494
S YSTEM M ANAGEM ENT C OMMANDS 20-34 Default Setting 8 data bits per c haracter Command Mode Line Configuration Command Usage The databits co mmand can be u sed to m ask th e high bit on i nput from dev ices that g ene rate 7 da ta bits with parity . I f parity is being generated, speci fy 7 data bits per char acter . If no parit y is requi red, sp[...]
-
Page 495
L INE C OMMANDS 20-35 Command Usage Communic ation pr otocol s provided by de vices s uch as ter minals and modems o ften req uire a spec ific parity b it setting. Example T o specif y no parit y , ente r this co mmand: spee d This command s ets the ter minal line’ s baud rate. This co mmand sets both the tr ansmit (t o te r minal) an d recei v e[...]
-
Page 496
S YSTEM M ANAGEM ENT C OMMANDS 20-36 Example T o specify 57600 bps , enter this command: stopbit s This c ommand se ts the number of th e stop bit s transmitte d per byte. Use the no for m to resto re the defa ult setting. Syntax stopbits { 1 | 2 } • 1 - On e stop bit • 2 - Tw o stop bits Default Setting 1 stop bit Command Mode Line Configurati[...]
-
Page 497
L INE C OMMANDS 20-37 Command Usage Specifying s ession identifier “0” will disconn ect the consol e connecti on. Specifying an y other identifiers for an act iv e session will disco nnect an SSH or T elnet connect ion. Example Related Commands show ssh (22-31 ) show users (20-9) show li ne This comm and displays the ter minal line’ s paramet[...]
-
Page 498
S YSTEM M ANAGEM ENT C OMMANDS 20-38 Example T o show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: auto Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 times Interactive timeout: [...]
-
Page 499
E VENT L OG GING C OMMANDS 20-39 Event Loggin g Commands This sect ion de scribes comma nds used to c onfigu re ev ent l og ging on the switch. logging on This c ommand controls lo g ging of er ror messag es, sending debug or er ror messag es to a log ging proces s . T he no for m disables the log ging process . Syntax [ no ] lo ggi ng on Default S[...]
-
Page 500
S YSTEM M ANAGEM ENT C OMMANDS 20-40 comma nd to co ntrol the typ e of error messages that are stored i n memor y . Y ou can use the logging trap comma nd to con trol th e type of er ror messag es that a re sent to specifie d syslog se r vers . Example Related Commands log ging histo ry (20-40) log ging trap ( 20-43) clear log (20-44) logging histo[...]
-
Page 501
E VENT L OG GING C OMMANDS 20-41 Default Setting Flash: errors (lev el 3 - 0) RAM: warnings ( level 7 - 0) Command Mode Global Configura t ion Command Usage The message lev el specified for flash memor y must be a hi gher priority (i.e. , n umerically low er) than that sp ecified for RA M. Example logging host This comm and adds a syslog ser ver ho[...]
-
Page 502
S YSTEM M ANAGEM ENT C OMMANDS 20-42 Command Mode Global Configura t ion Command Usage • Use this c ommand more than o nce to build u p a list of host IP addres ses. • The maximum number of ho st IP addresses allowed is five . Example logging facility This c ommand sets the facility type for remote log ging of syslog mess ages. Use the no form [...]
-
Page 503
E VENT L OG GING C OMMANDS 20-43 logging trap This command en ables t he logging of system me ssages to a remote server , or li mits the sy slog mess ages sa ved to a r emot e server based on se ve rity . Use this comm and without a specified level to enable remote log gi ng . Use the no for m to disable remote log ging. Syntax loggin g tr ap [ le [...]
-
Page 504
S YSTEM M ANAGEM ENT C OMMANDS 20-44 clear log This command clears mes sages from t he log bu ffer . Syntax clear lo g [ fl as h | ram ] • flash - Even t history st ored in fla sh memory (i.e., per manent memory). • ram - Even t hist ory sto red in te m porary RAM (i.e., memory flushed on powe r reset) . Default Setting Flash and RAM Command Mo[...]
-
Page 505
E VENT L OG GING C OMMANDS 20-45 show logging This command displays the co nfiguration settings for log ging messages to local switch memor y , to an SMTP ev ent handler, or to a remote syslog ser ver. Syntax show log ging { fl as h | ram | sendmail | trap } • flash - Disp lays settings for storing event messages in flash memory (i.e., perm anent[...]
-
Page 506
S YSTEM M ANAGEM ENT C OMMANDS 20-46 Example The following example shows that syste m log ging is enable d, the messag e level for flash m emory is “err ors” (i.e., default level 3 - 0), and the messag e level for RAM is “debug ging” (i.e., default level 7 - 0). The follo wing example displa ys set tings fo r the t rap funct ion. Console#sh[...]
-
Page 507
E VENT L OG GING C OMMANDS 20-47 Related Commands show log ging se ndmail (20-52) show l og This comma nd displ ays t he log mes sages stored in local memory . Syntax show log { fl as h | ram } • flash - Even t history stored in flash memo ry (i.e. , permane nt memory). • ram - Even t hist ory sto red in te m porary RAM (i.e., memory flushed on[...]
-
Page 508
S YSTEM M ANAGEM ENT C OMMANDS 20-48 SMTP Alert Commands These commands con figure SMTP ev ent handling, and forwa rding of alert messa ges to the s pecifie d SMTP s er v ers and e mail reci pien ts . logging sendmail hos t This c ommand specifies SMTP ser v ers that will be sent alert messag es . Use the no form to remov e an SMTP server . Syntax [...]
-
Page 509
SMTP A LERT C OMMANDS 20-49 • To s end em ail ale rts, th e switch fir st opens a c onnecti on, sen ds all the email alerts wait ing in the queue on e by one , and fi nally cl oses the conn ection . • To op en a con nectio n, the switch f irst selects t he se rver that successfully sent mail during the la st co nnecti on, or the f irst ser ver [...]
-
Page 510
S YSTEM M ANAGEM ENT C OMMANDS 20-50 logging sendmail so urce-email This command sets t he email add ress used for t he “F rom” field in alert messag es . Syntax lo gging sendmail source-email e mail-address email-address - The sour ce email a ddress used in alert mes sages . (Range: 1-41 characters) Default Setting None Command Mode Global Con[...]
-
Page 511
SMTP A LERT C OMMANDS 20-51 Command Usage Y ou can spec ify up to fiv e recipients for alert mess ages . How ev er , you mus t enter a separate command t o specify e ach recipien t. Example logging sendmail This comma nd enabl es SMTP ev ent handl ing . Use the no form to disable this functio n. Syntax [ no ] logging sendmail Default Setting Enabl [...]
-
Page 512
S YSTEM M ANAGEM ENT C OMMANDS 20-52 show logging se ndmail Th is comm and display s the set ting s for th e SMTP event han dler. Command Mode Nor mal Exec, Pri v ileged Exec Example Console#show logging sendmail SMTP servers ----------------------------------------- ------ 192.168.1.19 SMTP minimum severity level: 7 SMTP destination email addresse[...]
-
Page 513
T IME C OMMANDS 20-53 Time Co mmands The sys tem clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Main taining an acc urate time o n the switch enables the sys tem log to reco rd meanin gful dat es and t imes for ev ent entries . If the clock is no t set, the s witch will only record the time from the factor [...]
-
Page 514
S YSTEM M ANAGEM ENT C OMMANDS 20-54 Command Usage • The t ime acqui red from time ser vers is used to record accu rate dates and times fo r log e vents . Wit hout SN TP, th e switch only record s the time s tarti ng fro m the f actory defaul t set at th e last bootup (i.e ., 00:00:00, Jan. 1, 2001). • Th is com mand en ables cl ient t ime re q[...]
-
Page 515
T IME C OMMANDS 20-55 Command Mode Global Configura t ion Command Usage This c ommand specifie s time ser vers from which the switch will poll for time update s when set to SNTP c lient mode. T he client will poll the time ser vers in the order specified until a resp onse is received. It issues time sy nc hroniz ation requ ests based on the in terv[...]
-
Page 516
S YSTEM M ANAGEM ENT C OMMANDS 20-56 Related Commands sntp client (20-53) show s ntp This comman d displa ys the current time and configurat ion s ettings for the SNTP client, and i ndicate s whe ther or not t he lo cal time has been p roperly updated . Command Mode Nor mal Exec, Pri v ileged Exec Command Usage This comman d disp lays the cu rrent [...]
-
Page 517
T IME C OMMANDS 20-57 clock timezone This command sets t he time z one for th e switc h’ s inte rnal clock. Syntax clock timezone name hour ho urs minute minu tes { bef ore-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 charact ers) • hours - Number of hours bef ore/afte r UTC. (Ran ge: 0-13 ho urs) • minutes [...]
-
Page 518
S YSTEM M ANAGEM ENT C OMMANDS 20-58 calendar set This comma nd sets t he syst em cloc k. It ma y be used if t here i s no time ser ver on your network, or if you have not config ured th e switch to rece ive signals f rom a time s er ver . Syntax calendar set hour min se c { day month ye ar | month da y year } • hour - Hour in 24-hour format. (Ra[...]
-
Page 519
T IME C OMMANDS 20-59 Example Console#show calendar 15:12:34 February 1 2002 Console#[...]
-
Page 520
S YSTEM M ANAGEM ENT C OMMANDS 20-60[...]
-
Page 521
21-1 C HAPTER 21 SNMP C OMMANDS Controls access to this switch from manage ment stations using t he Simple Netw ork Managemen t Protoc ol (SNMP), as wel l as the error typ es sent t o trap manag ers. SNMP V e rsion 3 also pro vides security fea t ures that co ve r message integ rity , authen tication, and encr yptio n; as well as controlling user a[...]
-
Page 522
SNMP C OMMANDS 21-2 snmp-se rver This comm and enables the SNMPv3 engin e and ser vices for all manag ement clien ts (i.e., v ersions 1, 2c , 3). Use the no for m to disable th e ser ver. Syntax [ no ] snmp-server Default Setting Enabl ed Command Mode Global Configura t ion Example snmp-server engine-id Sets the SNMP engine ID GC 21-10 show snmp en[...]
-
Page 523
SHOW SNMP 21-3 show s nmp Th is co mmand c an be u sed to check th e statu s of S NMP communic atio ns . Default Setting None Command Mode Nor mal Exec, Pri v ileged Exec Command Usage This c ommand provides infor mation on the community access strings, count er infor ma tion for S NMP inp ut and outp ut protoc ol data u nits, and wh ether or not S[...]
-
Page 524
SNMP C OMMANDS 21-4 snmp-serv er community This command defines the SNMP v1 an d v2c co mmuni ty acces s string . Use the no form to remo ve the sp ecified commun ity str ing . Syntax snmp-ser ver community str in g [ ro | rw ] no snmp-ser ver community string • string - Co mmunity st ring that acts like a pas sword and perm its access to th e SN[...]
-
Page 525
SNMP - SER VER CONT ACT 21-5 snmp-serve r contact This comma nd sets the sys tem co ntact s tring . Use the no for m to remo v e the syst em con t ac t in formation. Syntax snmp-ser ver contact st rin g no snmp-ser ver contact string - String that describes the system conta ct infor mation. (Maximum length: 255 characters) Default Setting None Comm[...]
-
Page 526
SNMP C OMMANDS 21-6 Command Mode Global Configura t ion Example Related Commands snmp-ser ver cont act (21-5) snmp-serv er host This co mmand specifi es the recipi ent of a Sim ple Ne tw ork Management Protoc ol not ificati on oper ation . Use th e no form t o re mov e the specified host. Syntax snmp-server host host -addr [ infor m [ retr y re tr [...]
-
Page 527
SNMP - SER VER HOST 21-7 community com mand prior to using the snm p-ser ver host command. (Maximum leng th: 32 charact ers) • version - Specif ies whet her to send n otificat ions as SNMP V ersion 1, 2c or 3 traps. (Range: 1, 2c, 3; Default: 1) - auth | noauth | priv - This grou p uses SNMP v3 with auth entica tion, no a uthentic atio n, or w it[...]
-
Page 528
SNMP C OMMANDS 21-8 • Notification s are issued by the switc h as trap messages by default. The recip ient o f a tra p message does no t sen d a resp onse to the switch. Traps ar e therefore not as relia ble as i nform m essages, w hich in clude a req uest for a cknowle dgement o f receip t. Informs can be us ed to ensure that cri tical informati[...]
-
Page 529
SNM P - SER VER ENAB LE TRAPS 21-9 user comma nd. Oth erwise, t he authent icatio n password and/or privacy password will not e xist, and the switc h will not authorize SNMP a ccess fo r the hos t. H owever, if you sp ecify a V 3 host with t he “noau th” op tion, an SNMP us er acco unt will be genera ted, an d the switch will authorize SNMP acc[...]
-
Page 530
SNMP C OMMANDS 21-10 notifi catio ns are en abled. If you enter the command w ith a ke yword, only the not ification type relate d to that keyword is e nabled. •T h e snmp-server enabl e traps comma nd is used in conju ncti on with the snmp-server host com mand. Use th e snm p-se rver hos t command to s pecify which host or ho sts r eceive SN MP [...]
-
Page 531
SNMP - SER VER ENGINE - ID 21-11 Command Mode Global Configura t ion Command Usage • An SN MP engine is an independen t SNMP agent t hat resi des ei ther on this switch or on a r emote de vice. Th is engine protects ag ainst message repla y , del ay , and redirec tion. The engine I D is also used in combina tion with use r passwords to g enerate [...]
-
Page 532
SNMP C OMMANDS 21-12 show snmp engine-id This comma nd sh ows the SNM P engin e ID . Command Mode Pri vileged Ex ec Example This examp le sho ws the default e ngine ID . Console #show s nmp e ngine-i d Local S NMP eng ineID : 80000 02a8000 000000e 8666672 Local S NMP eng ineBo ots: 1 Remote SNMP en gineI D IP addr ess 8000000 0030004 e2b31 6c54321 [...]
-
Page 533
SNMP - SER VER VIEW 21-13 snmp-serv er view This com man d adds an SNMP view wh ich co ntr ols us er acce ss to t he MIB . Use t he no for m to r emove an SN MP v iew . Syntax snmp-ser ver vi ew view -name o id-tr ee { included | excluded } no snmp-ser ver view view-na me •v i e w - n a m e - Name o f an SNMP view. (Range: 1-64 characters) • oi[...]
-
Page 534
SNMP C OMMANDS 21-14 This view incl udes t he MIB-2 interfaces table , and the mas k selects all index entries. show s nmp v iew This comma nd sho ws in formation on th e SNMP view s . Command Mode Pri vileged Ex ec Example Console(config)#snmp-server view ifEntry. a 1.3.6.1.2.1.2.2.1.1.* included Console(config)# Console#show snmp view View Name: [...]
-
Page 535
SNMP - SER VER GR OUP 21-15 snmp-serv er group This command adds an SNM P group , mapping SNMP users to SNMP views . Use the no for m to remo v e an SNMP group . Syntax snmp-server group gr oupname { v1 | v2c | v3 { aut h | noauth | pri v }} [ read re adview ] [ write writevie w ] [ notify notifyview ] no snmp-ser ver group gr oupname •g r o u p [...]
-
Page 536
SNMP C OMMANDS 21-16 • For addit ional inform ation on the no tificatio n messages supported b y this s witch, see Table 5-2, “Supported Notifi cation M essages, ” on page 5-19. Al so, note that th e authentica tion, link-up an d link-down mess ages are l ega cy traps and must therefo re be enabled in conju nction with th e snmp-server enable[...]
-
Page 537
SHOW SNMP GR OUP 21-17 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v2c Re[...]
-
Page 538
SNMP C OMMANDS 21-18 snmp-serv er user This command adds a user to an SNMP group , restricting the us er to a specific S N MP R ead, W rite, or Notify Vi ew . Use the no form to remo ve a user f rom an SNMP g rou p . Syntax snmp-server user user n ame groupname [ remote ip-addres s ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sha } auth-pas swor[...]
-
Page 539
SNMP - SER VER USER 21-19 Command Usage • The SNMP e ngine I D is used to co mpute the authentic ation/pr ivacy dige sts fr om th e pass word. You should therefo re co nfigure t he e ngine ID with the snmp-server engine-id command before using this configuration c ommand. • Before you confi gure a remote user, use th e snmp-server engi ne-id co[...]
-
Page 540
SNMP C OMMANDS 21-20 show sn mp user This command shows infor mation o n SNMP us ers . Command Mode Pri vileged Ex ec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP remote user EngineId: 80000000030004e2b316c5[...]
-
Page 541
22-1 C HAPTER 22 U SER A UTHE NTICA TION C OMMANDS Y ou can co nfigur e thi s swi tch to authentic ate u sers l og ging into the s ystem for manag ement a ccess using local or remote authentica tion met hods . P ort-based authentication using IEEE 802.1X can also be configured to control either m anagement acc ess to th e upli nk ports or cl ient a[...]
-
Page 542
U SER A UTH ENTIC ATION C OMMANDS 22-2 User Acco unt Co mmands The basic c ommand s requir ed for management a ccess are listed in this section. T his switch also includes other options for password chec king via the cons ole or a T elnet c onnectio n (page 20-26), user authentic ation vi a a rem ote au then ticati on se r v er (p age 22- 1), an d [...]
-
Page 543
U SER A CCOUNT C OMMANDS 22-3 • password password - The authent icatio n passwor d for the user. (Maximum length: 8 characters plain text, 32 encryp ted, case sensitive ) Default Setting The default access level is Normal Exec. The fac tory defau lts for t he user n ames and pass words ar e: Command Mode Global Configura t ion Command Usage The e[...]
-
Page 544
U SER A UTH ENTIC ATION C OMMANDS 22-4 enable password After initially log g ing onto the system, you should set th e Privileged Exec password. R eme mber to record it in a safe place. This command controls access t o the Pr iv ileged Ex ec lev el from the Normal Ex ec lev el. Us e the no form to re set the de fault pass w ord. Syntax enable pas sw[...]
-
Page 545
A UTHENTICATION S EQUENC E 22-5 Related Commands enable (19-2) auth entica tion enab le (2 2-7) Authen ticat ion Seque nce Three auth entica tion method s can be sp ecified t o auth entic ate us ers log ging int o the system for manag ement access. The commands in this section can be us ed to d efine t he authent ication method an d sequenc e. auth[...]
-
Page 546
U SER A UTH ENTIC ATION C OMMANDS 22-6 Command Usage • R A D I U S u s e s U D P w h i l e TA C A C S + u s e s T C P . U D P o n l y o f f e r s b e s t effort delivery , wh ile TCP offers a connection-oriented transport . Also, note tha t RADIUS enc rypts only th e passw ord in th e access -request p acket fr om the cli ent to t he server, whil[...]
-
Page 547
A UTHENTICATION S EQUENC E 22-7 authentication enable This comma nd defin es the a uthenticat ion meth od an d prec edence to use when c hanging from Exe c command mode to Pri vileged Ex ec command mode with th e ena ble command (s ee page 19-2). Us e the no form to restore the default. Syntax authentication enable {[ local ] [ radius ] [ tacacs ]}[...]
-
Page 548
U SER A UTH ENTIC ATION C OMMANDS 22-8 Example Related Commands enabl e passw ord - sets the pa ssw ord for cha nging co mmand m odes (22-4) RADIUS Client Re mote Authen tication Dial-in User Ser vice (RA DIUS) is a logon authent icati on protoc ol that use s software r unning on a centra l ser ver to control ac cess to RADIUS-a ware d evices on th[...]
-
Page 549
RADIU S C LIENT 22-9 radius-server h ost This command specifies primary and backu p RADIUS servers an d authen tica tion para m ete rs that apply t o eac h server . Use the no fo r m to restore the default values. Syntax [ no ] radius-ser ver index host { host _ip_addr ess | host_alias } [ auth-por t auth _po rt ] [ timeout timeout ] [ re tra ns mi[...]
-
Page 550
U SER A UTH ENTIC ATION C OMMANDS 22-10 radius-serve r port This command set s the RA DIUS ser v er netw ork port. Use the no form to restore the default. Syntax radius-ser ve r por t port_number no radius-server por t por t_nu mber - RADIUS ser ver UDP por t used for authe ntication messages . (Range: 1-65535) Default Setting 1812 Command Mode Glo[...]
-
Page 551
RADIU S C LIENT 22-11 Example radius-server re transmit This comma nd sets the n umber of retr ies . Use the no fo r m to restore t he defau lt. Syntax radius-server retransmit number_of _retries no radius-server retransmit number_ of_r etries - Number of times the switch w ill try to authentica te logon a ccess via the RADIUS ser ver . (Rang e: 1 [...]
-
Page 552
U SER A UTH ENTIC ATION C OMMANDS 22-12 Command Mode Global Configura t ion Example show radius-s erver This comma nd disp lays the current s etting s for the RADIUS s er v er . Default Setting None Command Mode Pri vileged Ex ec Example Console(config)#radius-server timeout 10 Console(config)# Console#show radius-server Remote RADIUS server config[...]
-
Page 553
TACACS+ C LIENT 22-13 TACACS+ Clie nt T er minal Access Controller Access Co ntrol System (T A CACS+) is a logon authent icati on protoc ol that use s software r unning on a centra l ser ver to control access t o T ACA CS-aw are d evices o n the netw ork. An authen tica tion server co ntains a da tabas e of mult iple user name/ passw ord pairs with[...]
-
Page 554
U SER A UTH ENTIC ATION C OMMANDS 22-14 tacacs-server port This comma nd specifi es the T A CACS + ser v er netwo rk port. Use the no for m to res tore the defau lt. Syntax tacacs-ser ver port port_number no tacacs-ser ver port por t_nu mber - TA CACS+ ser ver TCP p ort u sed for a uthentica tion messages . (Range: 1-65535) Default Setting 49 Comma[...]
-
Page 555
W EB S ER V ER C OMMANDS 22-15 Example show t acac s-se rver This comma nd disp lays the curren t setti ngs for the T A CA CS+ ser v er . Default Setting None Command Mode Pri vileged Ex ec Example Web Server Commands This sect ion descr ibes command s used t o conf igure w eb browser manag ement access to the switch. Console(config)#tacacs-server [...]
-
Page 556
U SER A UTH ENTIC ATION C OMMANDS 22-16 ip http port This command specifies the TCP p ort number u sed b y the w eb bro w ser interface. Use the no form to use the default port. Syntax ip http por t port-number no ip http por t por t-nu mber - Th e T C P p or t t o be u s ed b y t h e b r o w s e r i n t e r f a c e . (Range: 1-65535) Default Setti[...]
-
Page 557
W EB S ER V ER C OMMANDS 22-17 Example Related Commands ip http por t (22-16) ip http secure-server This comma nd ena bles the secure hyp ertext tran sfer pr otocol (HTTPS) over the Sec ure So cket Laye r (SSL), providing secu re acc ess (i. e., an encrypted con nectio n) to th e switc h’ s web in terface . Use the no for m to disable th is funct[...]
-
Page 558
U SER A UTH ENTIC ATION C OMMANDS 22-18 • The cl ient an d serve r establ ish a secure encrypt ed connec tion. A padloc k icon sh ould appe ar in the st atus bar f or Intern et Explo rer 5.x and Netscape Navigator 6.2 or later versions. • The f oll owing web brow sers a nd op erating s yste ms curren tly support HTTPS: • To sp ecify a s ecure[...]
-
Page 559
W EB S ER V ER C OMMANDS 22-19 Default Setting 443 Command Mode Global Configura t ion Command Usage • You cannot con figure the HT TP and HT TPS server s to us e the s ame port . • If you cha nge the HTTPS port number, clients attemp ting to c onnect to the HTTPS se rver mus t specify the por t number in the URL , in this for mat: https:// de [...]
-
Page 560
U SER A UTH ENTIC ATION C OMMANDS 22-20 Telnet Server Comm ands This sect ion de scribes command s used to con figure T elnet management access to the switc h. ip telnet server This comm and allows this device to be monitored or configured from T eln et. I t also spec ifies the T CP po rt number u sed by the T elne t inte rface. Use the no for m wi[...]
-
Page 561
S ECURE S HELL C OMMANDS 22-21 Secure Shell Commands This secti on descr ibes t he comman ds used to config ure the SSH server . Note that you also need to install a SSH client on the manage ment station when us ing thi s prot ocol to co nfigure the sw itch . Note: The switch supports both SSH Version 1.5 and 2.0 clients. Table 22-10 Secur e Shell [...]
-
Page 562
U SER A UTH ENTIC ATION C OMMANDS 22-22 Configur ation Guide lines The SSH se r ver on this swit ch su pports both passw ord and pub lic k ey authen ticati on. I f passw ord authenti cation i s speci fied b y the SSH client, then the password can be au thentica ted eithe r locally or via a RADIUS or TA CA CS+ remo te authentic ation ser ver, as spe[...]
-
Page 563
S ECURE S HELL C OMMANDS 22-23 1024 35 1341081 68560989392 1040944 9201554253 47631641921 8729589211 43173880 0555361616 31051775940 8386863 1109291232 22682851925 43746031009 3718772119 96963178 1366277414 16898513204 9117204 8303392543 24101637997 59237144901 1938006090 25394840 8482717819 43722884025 3311595 2134861022 90297898272 13532671316 29[...]
-
Page 564
U SER A UTH ENTIC ATION C OMMANDS 22-24 c. If a matc h is found, th e switc h uses its secre t key t o generate a random 256-bit string as a challenge, encryp ts this string with the user’ s publ ic key , and se nds it to th e client. d. The clien t uses it s pri v ate k ey to d ecrypt the c halle nge string , comp utes th e MD5 checks um, a nd s[...]
-
Page 565
S ECURE S HELL C OMMANDS 22-25 ip ssh server This comma nd enables the Secu re Shell ( SSH) server on this switc h. Use the no f o rm to di s ab l e th i s s e rvi c e . Syntax [ no ] ip ssh server Default Setting Disabled Command Mode Global Configura t ion Command Usage • The SS H server sup ports up to four client sessions. Th e maximum number[...]
-
Page 566
U SER A UTH ENTIC ATION C OMMANDS 22-26 ip ssh timeout This comma nd config ures the timeout for the SSH server . Use the no for m to res tore the defau lt setting. Syntax ip ssh timeout seconds no ip ssh tim eout seconds – T he timeo ut for client respon se during SSH neg otiation. (Range: 1-120) Default Setting 10 seconds Command Mode Global Co[...]
-
Page 567
S ECURE S HELL C OMMANDS 22-27 ip ssh authentication-retries This command c o nfi gures the numb er of ti mes th e SSH server attem pts to reauth enticate a user. Use the no for m to re store t he default se tting . Syntax ip ssh a uthentication-retries count no ip ssh authentication-retries count – T he number of authentication attempts pe rm it[...]
-
Page 568
U SER A UTH ENTIC ATION C OMMANDS 22-28 Command Usage The se rver key is a pr ivate ke y that is never s hared o utside th e switch . The host key is shared with the SSH client, and is fixed at 1024 bits. Example delete public-key This command deletes the speci fied user’ s public key . Syntax delete public-key username [ dsa | rsa ] •u s e r n[...]
-
Page 569
S ECURE S HELL C OMMANDS 22-29 Default Setting Generat es both the DSA an d RSA key p airs. Command Mode Pri vileged Ex ec Command Usage • The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients. • This c ommand stores th e host key pa ir in memory (i.e., R AM). Use the ip ssh save ho st-key comma nd to sa ve [...]
-
Page 570
U SER A UTH ENTIC ATION C OMMANDS 22-30 Command Mode Pri vileged Ex ec Command Usage • This co mmand clears the host key fr om volatil e memory ( RAM). Use the no ip ss h save host- key command to cl ear the host key from fla sh memory. • The SSH s erver must be d isabled before you can exe cute this command. Example Related Commands ip ssh cry[...]
-
Page 571
S ECURE S HELL C OMMANDS 22-31 show i p ssh This comma nd disp lays the co nnection settin gs used when aut henti cating client access t o the SS H ser v er . Command Mode Pri vileged Ex ec Example show ssh This comma nd disp lays the curren t SSH server connect ions . Command Mode Pri vileged Ex ec Example Console#show ip ssh SSH Enabled - version[...]
-
Page 572
U SER A UTH ENTIC ATION C OMMANDS 22-32 show public-key This comma nd sho ws the publi c k ey for th e spe cified user or fo r the ho st. Syntax show public-k ey [ user [ u ser name ]| host ] user name – Name of an SSH user . (Range: 1-8 c haracters) Default Setting Shows all public keys. Username The user name of the clien t. Encryption The encr[...]
-
Page 573
S ECURE S HELL C OMMANDS 22-33 Command Mode Pri vileged Ex ec Command Usage • If no p arameters are entered, al l keys are displayed. If the us er keyword is ent ered, but no user name is specified , then the publ ic keys for a ll user s are displayed . • When an RSA key is disp layed, the fir st field indicat es the s ize of t he host key (e.g[...]
-
Page 574
U SER A UTH ENTIC ATION C OMMANDS 22-34 802.1X Port Authentica tion The switch suppor ts IEEE 802.1X (dot1x) port -based access co ntrol that prev ents unauthori zed acces s to t he netw ork by requ i ring users t o first submit crede ntials for authen ticati on. Cl ient au thenti catio n is cont roll ed central ly by a RADIUS ser ver u s ing E A P[...]
-
Page 575
802.1X P ORT A UTHENTICATION 22-35 dot1x system-auth- control This command enables IEEE 802.1X por t authentication globally on the switch. Us e the no for m to res tore the defau lt. Syntax [ no ] dot1x system-auth-control Default Setting Disabled Command Mode Global Configura t ion Example dot1x default This command sets al l configurab le dot1x [...]
-
Page 576
U SER A UTH ENTIC ATION C OMMANDS 22-36 dot1x max-req This c ommand se ts the maximum number of times the sw itch por t will retransmit an EAP request/identity pack et to the client b efore it times out the au thentica tion session . Use the no for m to rest ore the default. Syntax dot1x max- req cou nt no dot1x max-req count – The maximum number[...]
-
Page 577
802.1X P ORT A UTHENTICATION 22-37 Default forc e-auth orized Command Mode Interf ace Configur ation Example dot1x operation-mo de This c ommand allows single or multiple h osts (clients) t o connect to an 802.1X-authorized port. Us e the no form with no k eyw ords to re stor e the default to single host. Us e the no for m wi th the multi-host max-[...]
-
Page 578
U SER A UTH ENTIC ATION C OMMANDS 22-38 • In “mult i-host” mode, only one ho st conne cted to a port needs to pass auth entic atio n for all oth er hos ts to be gr anted networ k access. Simil arly , a port c an become unauth orized for all hosts if one att ached host fails re-authent ication or sends an E APOL logoff message. Example dot1x r[...]
-
Page 579
802.1X P ORT A UTHENTICATION 22-39 dot1x re-authentication This c ommand enables periodic re -authentication for a specified po rt. Use the no for m to di sable re -authe nticat ion. Syntax [ no ] dot1x re-authentication Command Mode Interf ace Configur ation Command Usage • The re-a uthentic ation pro cess ve rifies the conne cted clie nt’s us[...]
-
Page 580
U SER A UTH ENTIC ATION C OMMANDS 22-40 Default 60 seconds Command Mode Interf ace Configur ation Example dot1x timeout re-au thperiod This com mand s ets th e tim e pe riod afte r whi ch a co nnected clien t mus t be re-authe nticated. Use the no for m of this co mmand to res et the default. Syntax dot1x timeout re-authperiod second s no dot1x tim[...]
-
Page 581
802.1X P ORT A UTHENTICATION 22-41 dot1x timeout tx-p eriod This c ommand sets the time that an inter face on the switch waits during an authen ticati on sess ion bef ore re-tran smitti ng an EAP p acket. Use the no form to rese t to the defaul t v alue . Syntax dot1x timeout tx-period se conds no dot1x timeout tx-period second s - The number of se[...]
-
Page 582
U SER A UTH ENTIC ATION C OMMANDS 22-42 Command Usage This c ommand displays the followin g infor mation: • Global 802.1X Parameters – Shows whether or not 802.1X port authentication is glo bally enabled on the switc h. • 802.1X Port Summary – Display s the port ac cess con trol para meters for each interface th at has enabled 802.1X, inclu[...]
-
Page 583
802.1X P ORT A UTHENTICATION 22-43 - Port-con trol – Shows the dot1x mod e on a por t as auto, force-aut horized, or force-un authoriz ed (page 22-3 6). - Supplicant – MAC address of authorized client . - Current Id entifier – The integer (0-255) used by the Authentic ator to iden tify the cu rrent auth entica tion ses sion. • Authenticator[...]
-
Page 584
U SER A UTH ENTIC ATION C OMMANDS 22-44 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 disabled Single-Host ForceAuthorized n/a . . . 1/17 disabled Single-Host ForceAuthorized yes 1/18 enabled Single-[...]
-
Page 585
M ANAGEM ENT IP F ILTE R C OMMANDS 22-45 Manageme nt IP Fil ter Comman ds This secti on descr ibes commands u sed to configu re IP man agement access to the switc h. management This comma nd specifi es the cl ient IP a ddress es that a re allo wed manageme nt acc ess to the swit ch throug h v arious proto cols . Use t he no for m to res tore the de[...]
-
Page 586
U SER A UTH ENTIC ATION C OMMANDS 22-46 Command Usage • If anyo ne tr ies to access a managem ent int erface on the swit ch from an invalid address, the switc h will reject the connection, en ter an event message in the system log, and sen d a trap mess age to the trap manager. • IP addre s s can be conf igured f or SNMP, web and Telnet ac cess[...]
-
Page 587
M ANAGEM ENT IP F ILTE R C OMMANDS 22-47 Command Mode Pri vileged Ex ec Example Console#show management all-client Management Ip Filter HTTP-Client: Start IP address End IP address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address -----------------[...]
-
Page 588
U SER A UTH ENTIC ATION C OMMANDS 22-48[...]
-
Page 589
23-1 C HAPTER 23 C LIEN T S ECURITY C OMMANDS This sw itch suppor ts many method s of seg regatin g traffic for clients attached to each of the d ata por ts, and for ensur ing that only autho rized clie nts gain a ccess to the netw ork. Pri vate VL ANs and port-bas ed authentication using IEEE 802.1X ar e commonly used for these purposes . In addit[...]
-
Page 590
C LIENT S ECURITY C OMMANDS 23-2 Port Security Commands These comman ds can be used to enable port security on a port. When using po rt s ecurity , th e switch sto ps lear ning ne w MA C add resses on th e specified por t when it has reached a configured maximum number . On ly incomi ng tr affic with source ad dresses already stored i n the dynamic[...]
-
Page 591
P ORT S ECURITY C OMMANDS 23-3 port security This comma nd enables or co nfigures port security . Use th e no for m with out a ny k eyw ords to dis able po rt securit y . Use the no fo r m with the approp riate k eywor d to re stor e the defa ult setting s for a respon se to securit y violatio n or for th e maximum number of allowed addres ses . Sy[...]
-
Page 592
C LIENT S ECURITY C OMMANDS 23-4 Command Usage • If you enable po rt secur ity, the switch st ops learni ng new MA C addres ses on the specified port wh en it has r eache d a config ured maxim um number . Only i ncomin g traffi c with source a ddres ses already stored in the dynamic or static address table will be accepted. • First use th e por[...]
-
Page 593
P ACKET F ILTERING C OMMANDS 23-5 Packet Filt ering Co mmand s This secti on descr ibes co mmands u sed to c onfigu re pack et filteri ng for inbound traffic . Note: Packet Filtering occupies valuable h ardwar e resource s. Using Private VLANs provi des a more effi cient alter n ative fo r separa ting the traffi c sent to each subscriber (see “ C[...]
-
Page 594
C LIENT S ECURITY C OMMANDS 23-6 Default Setting Disabled Command Mode Global Configura t ion Command Usage • Both the spe cified sou rce MAC address an d sourc e IP address for an entry m ust be match ed to satisfy th e filterin g rule. Any pac ket match ing a sp ecified entry i s dropp ed at t he inpu t port. • To de lete an entry fo r a MAC [...]
-
Page 595
P ACKET F ILTERING C OMMANDS 23-7 filter netbios This command filt ers NetBIO S 30 p ack ets enterin g the spec ified i nput por t. Syntax filter netbios { add | del } interface • add - Enable s NetBIOS filtering . • del - Disables NetB IOS filtering . •i n t e r f a c e - unit - Stack uni t. (Ran ge: 1) - port-list - Si ngle port nu mber or [...]
-
Page 596
C LIENT S ECURITY C OMMANDS 23-8 • This switc h provides a total of 7 masks for filtering functions, including IP-MA C address packet filt ering, NetBIOS packet filtering, DHCP packet filteri ng, and ACLs. T hree ma sks are al locate d to NetBIOS packet fi ltering if enabled on any inte rface. These masks will be rel eased for use by ot her filt [...]
-
Page 597
P ACKET F ILTERING C OMMANDS 23-9 packet filtering if enabled on any in terface. This mask w ill be released for use by ot her filtering functio ns if DHCP pa cket filtering is disabled on all in terfaces. Example filter dhcp This comma nd filter s DHCP r eply pac kets . Syntax filter dhcp { add | del } interface • add - Enables DHCP reply filter[...]
-
Page 598
C LIENT S ECURITY C OMMANDS 23-10 for use by ot her filtering functio ns if DHCP packe t filtering is disabled on all in terfaces. Example show f ilte r This comma nd disp lays the pa ck et filt er setti ngs . Command Mode Pri vileged Ex ec Example Console(config)#filter dhcp add 1/1 Console(config)# Console#sh filter PORT DHCP[request] DHCP[reply][...]
-
Page 599
IP S OURCE G UARD C OMMANDS 23-11 IP Source Gua rd Commands IP Source Guard is a security f eature that filte rs IP traffic o n netwo rk interfaces based on manually configur ed entries in th e IP Source Guard tabl e, or stati c and dyn amic entr ies in the DHC P Snoopi ng tab le when enabled ( see “DH CP Snoopin g Command s” on p age 23-17). I[...]
-
Page 600
C LIENT S ECURITY C OMMANDS 23-12 Default Setting Disabled Command Mode Interf ace Configurati on (E thernet) Command Usage • Sourc e guard i s used to filter traffic on an un secure port whi ch receives mess ages f rom out side t he netw ork or firewall, and ther efore m ay be subject to traf fic attacks caus ed by a host trying to use the IP ad[...]
-
Page 601
IP S OURCE G UARD C OMMANDS 23-13 found in the bind ing tab le and th e entr y type is static I P source guard binding, the packe t will be forwarded. - If the DHCP sn ooping is enabl ed, IP sour ce guar d will che ck the VLAN ID , source IP addre ss, port nu mber, and sou rce MAC addre ss (for the sip-mac option). If a ma tchin g entr y is fo und [...]
-
Page 602
C LIENT S ECURITY C OMMANDS 23-14 ip source-guard bin ding This comman d adds a static add ress to the source -guard b inding table . Use the no for m to remo ve a static entry . Syntax ip source-guard binding mac- address vlan vlan- id ip- addr ess interface ether net unit/port no ip source-guard binding mac-address vlan vlan-id • mac-address - [...]
-
Page 603
IP S OURCE G UARD C OMMANDS 23-15 - If there i s an entry with s ame VLAN ID and M AC addr ess, and the type o f entr y is stat ic IP s ource gu ard bi nding, then th e new en try will rep lace th e old one. - If there i s an entry with s ame VLAN ID and M AC addr ess, and the type of the entry is dynam ic DHCP sn oopin g bind ing, th en the ne w e[...]
-
Page 604
C LIENT S ECURITY C OMMANDS 23-16 show ip sou rce-guard binding This com mand sh ows the s ource gua rd binding t able . Command Mode Pri vileged Ex ec Example Console #show i p sou rce-gua rd bind ing MacAddr ess I pAddres s Lease( sec) Ty pe VL AN Interfa ce ------- ------- --- - ------- ------- ------ ---- -- ------- ------- ---- -- -- ---- ----[...]
-
Page 605
DHCP S NOOPING C OMMANDS 23-17 DHCP Snoopi ng Commands DHCP snoo ping allows a sw itch to prot ect a network fr om rogue DH CP ser v ers or other devi ces whic h send port-related in form ation t o a DHCP ser v er . Th is inf or mation ca n be usefu l in trac king an IP address bac k to a ph ysical port. This sect ion d escribe s comm ands used to [...]
-
Page 606
C LIENT S ECURITY C OMMANDS 23-18 ip dhcp snooping This c ommand enables DHCP snoo ping globally . Use the no for m to restore the default s etting . Syntax [ no ] ip dhcp snooping Default Setting Disabled Command Mode Global Configura t ion Command Usage • Network t raffic may be disr upted when malicious DHCP mes sages are receive d from an out[...]
-
Page 607
DHCP S NOOPING C OMMANDS 23-19 forwarde d for a trus ted port. If the re ceive d pack et is a DHC P ACK message , a dynam ic DHCP s nooping e n try is also added to the bind ing table. - If DHCP snoopi ng is enab led glob ally, an d also en abled on t he VLAN wher e the DHCP packe t is received , but the po rt is not t rusted , it is processe d as [...]
-
Page 608
C LIENT S ECURITY C OMMANDS 23-20 from a DHCP ser ver, any p ackets rec eived from u n trust ed ports are droppe d. Example This example enables DHCP snoopin g globally for the switch. Related Commands ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23- 24) ip dhcp snooping vlan This comma nd enables DHCP sno oping on the sp ecified V LAN . [...]
-
Page 609
DHCP S NOOPING C OMMANDS 23-21 • When D HCP sn ooping i s glob ally en abled, c onfigur ation cha nges fo r specifi c VLANs have th e followi ng effect s: - If DHCP snoo ping is dis abled on a VL AN, all dynamic bindings learned for this VLAN are removed from the bindin g table. Example This example en ables D HCP snoopi ng for VLA N 1. Related C[...]
-
Page 610
C LIENT S ECURITY C OMMANDS 23-22 Related Commands ip dhcp snooping (23-18) ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23- 24) ip dhcp snooping database write This c ommand writes all dynamicall y learned snoo ping entries to f lash memor y . Command Mode Global Configura t ion Command Usage This comman d can be us ed to st ore the c ur[...]
-
Page 611
DHCP S NOOPING C OMMANDS 23-23 Command Usage • This command applie s to all VDSL ports. When set, it will autom atically c o nvert an addres s assi gned to a n attach ed CPE by a DHCP server to a sta tic entr y in the M AC add ress ta ble. T he MAC addr ess, IP address, lease time, V LAN iden tifier, and por t ident ifier are st ored in the DHCP [...]
-
Page 612
C LIENT S ECURITY C OMMANDS 23-24 acknowledg emen t packets sent by the DHCP ser ver in re sponse t o host requests will be blo c ked by the switch. Example This e xample sets the client lim it to its maximum value on port 5. ip dhcp snooping tr ust This comma nd confi gures the specifie d inte rface as tr uste d. Use t he no for m to res tore the [...]
-
Page 613
DHCP S NOOPING C OMMANDS 23-25 • Additional considerations when the switch itself is a DHCP client – The port(s ) throug h which i t submits a client reques t to the D HCP serv er must be confi gure d as tru sted. Example This e xample sets port 5 to untr usted . Related Commands ip dhcp snooping (23-18) ip dhcp snooping vlan (23-20) show ip dh[...]
-
Page 614
C LIENT S ECURITY C OMMANDS 23-26 show ip dhcp snooping binding Th is command shows the DHCP snoopin g binding table en tries . Command Mode Pri vileged Ex ec Example Console #show ip dhc p snoop ing bindi ng MacAddr ess I pAddres s Lease( sec) Ty pe VL AN Inte rface ------- ------- --- - ------- ------- ------ ---- -- ------- ------- ---- -- -- --[...]
-
Page 615
24-1 C HAPTER 24 A CCESS C ONTROL L IST C OMMANDS Access Contro l Lists ( A CL) provi de pac ket filterin g for I P frames (based on addres s , protocol , Layer 4 prot ocol po rt numb er or TCP control cod e), or any fra mes (based on MA C addr ess or Ethe rnet type). To filte r packets, first cre ate an acc ess list, add th e required r ules , spe[...]
-
Page 616
A CCESS C ONTR OL L IST C OMMANDS 24-2 IP ACLs The com mands in this sect ion configure ACLs based on IP addresse s , TCP/UDP port num ber , pr otocol t ype , and TCP c ontrol code . T o confi gure IP A CLs , first cre ate an acce ss list containi ng the req uired permit or deny r ule s , set a prece dence mas k to con trol th e filter s equence , [...]
-
Page 617
IP AC L S 24-3 access-list ip This command adds an IP access list and enters configuration mode for stand ard or extende d IP A CLs . Use the no for m to remove the specified AC L . Syntax [ no ] access-lis t ip { standard | extended } acl_name • standard – Specifies an A CL that filter s packets bas ed on the source IP addr ess. • extended ?[...]
-
Page 618
A CCESS C ONTR OL L IST C OMMANDS 24-4 permit , deny (Standar d IP ACL) This command adds a r ule to a Standa rd IP A CL. The r ule sets a filter condi tion for packets emanating from the s pecifi ed source . Use the no f orm to r em o v e a ru le . Syntax [ no ] { per mit | deny } { an y | source bitmask | host source } • any – Any source IP a[...]
-
Page 619
IP AC L S 24-5 permit , deny (Extended IP ACL) This command adds a r ule to an Exten ded IP A CL. The r ule sets a filter condition for pack ets with sp ecific source or dest ination IP address es , pro tocol type s, sou rce or de stin ation pr otoc ol ports , or TCP control codes . Use the no f orm t o r e m o ve a ru le . Syntax [ no ] { per mit [...]
-
Page 620
A CCESS C ONTR OL L IST C OMMANDS 24-6 • control-fla gs – Decima l number ( represen ting a bi t strin g) that sp ecifies flag bits in byte 14 of the TCP head er. (Range: 0-63) • flag-bitmask – Decimal n umber rep resenti ng the c o de b its to ma tch. Default Setting None Command Mode Exte nded IP ACL Command Usage • All new rules are a [...]
-
Page 621
IP AC L S 24-7 Example This exampl e accepts any i ncomin g pack ets i f the s ource addre ss is wi thin subnet 10.7.1.x. Fo r example, if the rule is matched; i.e., the r ule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0 ), the p acket passe s throu gh. This allows TCP packets fro m cl ass C addresses 192.1[...]
-
Page 622
A CCESS C ONTR OL L IST C OMMANDS 24-8 Example Related Commands per mit, deny 24 -4 ip access -g roup ( 24-14) access-list ip mask-preceden ce This comma nd cha n ges to the IP M ask mod e used to config ure acce ss control m asks . Use the no form to de lete the ma sk table . Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ing[...]
-
Page 623
IP AC L S 24-9 Example Related Commands mask (IP A C L) (24-9) ip access -g roup ( 24-14) mask (IP ACL) This command defines a mask fo r IP A CLs. T his mask defines the fields to chec k in the IP header . Use the no form to remov e a mask. Syntax [ no ] mask [ prot ocol ] { any | host | source- bitmask } { any | host | dest inat ion- bitm ask } [ [...]
-
Page 624
A CCESS C ONTR OL L IST C OMMANDS 24-10 Default Setting None Command Mode IP Mas k Command Usage • Packets crossing a port are checked ag ainst all the r ules in th e ACL until a matc h is fou nd. Th e orde r in wh ich th ese pa ckets are ch ecked is determined by the mask, and no t the order in which the ACL rules were en tered. • First creat [...]
-
Page 625
IP AC L S 24-11 This sho ws that t he entr ies in the mask o verride the pre cedence in whi ch the rules are ente red into the A CL. In the fol lowin g exampl e, pac kets wit h the source address 10.1.1.1 are dr opped be cause th e “deny 10.1. 1.1 255.255.255.255” r ule has the higher precedence according the “mask host any” ent r y . This [...]
-
Page 626
A CCESS C ONTR OL L IST C OMMANDS 24-12 This sho ws ho w to cr eate an ex tended A CL with an egress mask to drop packe ts leaving netw ork 171.69.198.0 when the Layer 4 source port is 23. Console(config)#access-list ip extended A 3 Console(config-ext-acl)#deny host 171.69. 198.5 any Console(config-ext-acl)#deny 171.69.198.0 255.255.255.0 any sourc[...]
-
Page 627
IP AC L S 24-13 This is a mor e compre hensi ve example . It denie s any TCP pac kets i n which the S YN bit is ON, and per mi ts all othe r packets . It then s ets the ing ress mask to check the de ny r ule firs t, and fina lly bind s port 1 to this A CL. Note that once the A CL is bou nd to an int erf ace (i. e ., th e A CL is acti v e), th e ord[...]
-
Page 628
A CCESS C ONTR OL L IST C OMMANDS 24-14 show access-list ip mask-precedence This c ommand shows the ing res s or eg ress r ule masks for IP ACLs . Syntax show access-li st ip mask-precedence [ in | out ] • in – Ingr ess mas k preced ence for i ngr ess ACLs . • out – Egress ma sk prece dence for egress ACLs. Command Mode Pri vileged Ex ec Ex[...]
-
Page 629
IP AC L S 24-15 Command Usage • A por t ca n only be bo und to one AC L. • If a po rt is alread y bound to an ACL and you bind it to a d ifferent ACL, the switc h will replace the old bindin g with the new one. • You must co nfigure a mask fo r an A CL rule be fore yo u can bin d it to a por t. Example Related Commands show ip access-list (24[...]
-
Page 630
A CCESS C ONTR OL L IST C OMMANDS 24-16 MAC AC Ls The com mands in this section configure ACLs based on hardware addr esses, packet fo r mat, a nd Ethe r net type. T o con figure MA C AC Ls, first create an acce ss list con taining the requir ed permit or deny rules, set a preceden ce mask t o cont rol th e filter sequen ce, an d then bind the acce[...]
-
Page 631
MAC ACL S 24-17 access-list m ac This command adds a MA C access lis t and enters MA C ACL conf iguration mode. Use the no form to remov e the spec ified A CL. Syntax [ no ] access-list mac ac l_n ame acl_n ame – Name of th e A CL . (Maximum length: 16 charac ters) Default Setting None Command Mode Global Configura t ion Command Usage • When y [...]
-
Page 632
A CCESS C ONTR OL L IST C OMMANDS 24-18 permit , deny (MAC ACL) This comm and adds a rule to a MA C A C L. The r ule filters packets matching a specified MAC source or destination address ( i.e., ph ysical layer addres s), or Ether net pr otocol ty pe. Use the no for m to remo ve a ru le . Syntax [ no ] { per mit | deny } { any | host sour ce | sou[...]
-
Page 633
MAC ACL S 24-19 • source – Source MAC add ress. • destination – Destinat ion MAC address r ange wi th bi tmask. • address- bitmask 33 – Bitmask for MAC a ddress (in hex ideci mal format). • vid – VLAN ID. (Range: 1-4093) • vid-bitmas k 33 – VLAN bitmask. (Range: 1-4093) • protoc ol – A specific Ethernet protocol number. (Ran[...]
-
Page 634
A CCESS C ONTR OL L IST C OMMANDS 24-20 show mac access -list This comm and displays the rules for configured MAC ACLs . Syntax show mac access-lis t [ acl_name ] acl_n ame – Name of th e A CL . (Maximum length: 16 charac ters) Command Mode Pri vileged Ex ec Example Related Commands per mit, deny 24-18 mac access-group (24-25) access-list mac mas[...]
-
Page 635
MAC ACL S 24-21 Command Usage • You must co nfigure a mask fo r an A CL rule be fore yo u can bin d it to a port or s et the qu eue or frame prio ritie s associa ted with the rule. • A mask ca n only be us ed by all ing ress ACLs or all egress ACL s. • The pr ecedence of the ACL rules app lied to a p acket is not determin ed by ord er of t he[...]
-
Page 636
A CCESS C ONTR OL L IST C OMMANDS 24-22 • ether type – Check t he Ethern et type field. • ether type-bi tmask – Ethern et type of rule mus t matc h this bitm ask. Default Setting None Command Mode MA C Mask Command Usage • Up t o seve n mask s can be ass igned to an i ngr ess or e g ress ACL. • Packets crossing a port are checked ag ain[...]
-
Page 637
MAC ACL S 24-23 Example This examp le sho ws ho w to create an Ingress MA C A CL and bin d it to a port. You can then see t hat th e orde r of the rules ha ve been ch anged by the mas k. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3 Co[...]
-
Page 638
A CCESS C ONTR OL L IST C OMMANDS 24-24 This exampl e creates an Egress MA C A CL. show access-list mac mask-precedence This c ommand shows the ing ress or eg ress r ule masks for MA C A CLs . Syntax show access-li st mac mask-precedence [ in | out ] • in – Ingr ess mas k preced ence for i ngr ess ACLs . • out – Egress ma sk prece dence for[...]
-
Page 639
MAC ACL S 24-25 mac access- group Th is comman d binds a port to a MAC A CL . Use the no for m to remo ve the po rt. Syntax mac access-group ac l_na me in • acl_na me – Name of th e ACL. (Ma ximum length : 16 character s) • in – Indicate s that this list applie s to ingress packets . Default Setting None Command Mode Inter face Confi gurati[...]
-
Page 640
A CCESS C ONTR OL L IST C OMMANDS 24-26 show mac access -group This com mand sh ows the p orts assign ed to MA C AC Ls. Command Mode Pri vileged Ex ec Example Related Commands mac access-group (24-25) ACL Informatio n This se ction describe s commands used to dis play A CL infor matio n. show access-list This comm and shows all IP A CLs and associa[...]
-
Page 641
ACL I NFOR MATION 24-27 Example show access-group Th is comman d shows the po rt assignment s of IP ACLs . Command Mode Pri vileged Ex ecutive Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255.255.15.0 IP extended access-list bob: permit 10.7.1.1 255.255.255.0 any permit 192.168.1.0 255.255.[...]
-
Page 642
A CCESS C ONTR OL L IST C OMMANDS 24-28[...]
-
Page 643
25-1 C HAPTER 25 I NTERFACE C OMMANDS These comman ds are used to displa y or set comm unication paramet ers for an Ethernet port, a g greg ated link, or VLAN . Table 25-1 Interface Commands Command Function Mode Page interface Configures an interface type and enters interface configuration mode GC 25-2 descriptio n Adds a de scription to an interf[...]
-
Page 644
I NTE RFA CE C OMMANDS 25-2 interface This comma nd confi gures an i nterface type and ente r inter face config uration m ode. Use the no for m to remove a tr unk. Syntax interf ace interface no interface port-channel ch annel -id • interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • por[...]
-
Page 645
DESC RIPT ION 25-3 description This command adds a des criptio n to an interf ace. Use the no for m to remove the desc riptio n. Syntax description stri ng no description string - Comment or a description t o help you rememb er what is attached to this int erface. (Range: 1-64 character s) Default Setting None Command Mode Interfac e Confi guration[...]
-
Page 646
I NTE RFA CE C OMMANDS 25-4 Default Setting • Auto-negotiation is pe rmanently disabled on Ports 1-16, and enabled by default on Ports 17-19. • When auto-nego tia tion is di sabled , the defau lt speed - dup lex sett ing is: - Fast Ethe rnet po rts – 100full (100 Mbps full-duplex) - Gig abit Ethernet ports – 1000full (1 Gbps full-duplex) Co[...]
-
Page 647
NEGOTIATION 25-5 negotiation This comm and enables autoneg otiation for a given interface. Use the no form to di sable a utonegotiati on. Syntax [ no ] negotiation Default Setting P orts 1-16: Perm anently disabled P orts 17-19: Enabled Command Mode Interface Configurat ion (Ether net - Ports 17-19, Port Cha nnel) Command Usage • 1000BASE-T does [...]
-
Page 648
I NTE RFA CE C OMMANDS 25-6 capabilities This comm and adv er tises the po rt capabi lities of a giv en interface during auto negotia tion. Use the no for m with parameters to remove an advertise d capability , or the no for m with out paramete rs to restore the default values . Syntax [ no ] capabi lities { 1000full | 100f ull | 100half | 10full |[...]
-
Page 649
FLOWCONTR OL 25-7 manually specify the link attributes with the speed-duplex and flowc on tro l commands. Example The following examp le configures Ether net por t 5 capabilities to inc lude 100half and 100full. Related Commands nego tiation (25-5) speed-duplex (25-3) flowcontro l (25-7) flowcontrol This command enables flow cont rol. Use t he no f[...]
-
Page 650
I NTE RFA CE C OMMANDS 25-8 • To force f low co ntrol on or of f (with the flowcontrol or no flowc on tro l c ommand ), u se the no negotiati on command to di sable auto-negot iation on the selected i nterfac e. • When usi ng th e negotiation command to enable au to-neg otiation , the optimal se ttings will be d etermined by th e capabilities c[...]
-
Page 651
SWITCHPOR T MDIX 25-9 • copper-forced - Always uses the bu ilt-in RJ-45 port. • sfp-forced - Alw ays uses the SFP port (even if modul e not installed). • sfp-preferred-auto - Uses SFP port if both comb ination types are functioning and the SFP port has a valid link. Default Setting sfp-pref erred-auto Command Mode Interface Configurat ion (Et[...]
-
Page 652
I NTE RFA CE C OMMANDS 25-10 Command Mode Interf ace Configurati on (E thernet - P ort 17-18) Command Usage Auto-nego tiation must be enabled to use the “auto” opt ion for this comma nd. It must be disabled to force th e pinout set ting to one o f the fixed modes of “no rmal” (MDI) or “cross over” (MDI-X). One si de of a li nk must be c[...]
-
Page 653
SW ITCH PORT PACK ET - RATE 25-11 Example The follo wing exampl e disables port 5. switchport pack et-rate This comma nd config ures broa dcast and multicas t and unkno wn unicast storm control. Use the no form to restore the default sett ing . Syntax switchport { broadcast | mul ticas t | unknown-unicast } packet-rate rate no switchpor t { broadca[...]
-
Page 654
I NTE RFA CE C OMMANDS 25-12 Example The following shows ho w to configure broadcast storm control at 600 packets pe r sec ond: clear counters This comma nd clears s tatist ics on an interfa ce . Syntax clear counters interf ace interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-chan[...]
-
Page 655
SHO W IN TER FA CE S STATUS 25-13 show i nterfaces status This comm and displays the status for an interface. Syntax show i nterfaces status [ interfac e ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) • vlan vlan-id (Range: 1-4093) Default Se[...]
-
Page 656
I NTE RFA CE C OMMANDS 25-14 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) Default Setting Shows the counters for all in[...]
-
Page 657
SHOW IN TER FA CE S COUNT ERS 25-15 Command Mode Nor mal Exec, Pri v ileged Exec Command Usage If no interface is specified, infor matio n on all interfaces is d isplayed. F or a descriptio n of the it ems dis play ed by t his comman d, see “Showing Port Sta tistics” on pag e 9- 29. Example Console#show interfaces counters ethernet 1/17 Etherne[...]
-
Page 658
I NTE RFA CE C OMMANDS 25-16 show i nterface s swit chport This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: [...]
-
Page 659
SHOW INTERFACES SWITCHPORT 25-17 Table 25-2 show interfaces switchport - display description Field Description Broadcast threshold Shows if broadcast st orm suppression is enabled or disabled; if enabl ed it also shows the threshold level (page 25-11). LACP status Shows if Link Aggregation Control Protocol has been enab led or disab led (p age 26- [...]
-
Page 660
I NTE RFA CE C OMMANDS 25-18[...]
-
Page 661
26-1 C HAPTER 26 L INK A GGREGATI ON C OMMANDS P orts can be statically g rouped into an ag g reg ate link (i.e., tr unk) to incre ase the band widt h of a network con nection or to ensu re faul t recover y . Or you ca n use the Li nk Ag g reg ation C ontrol Prot ocol (LACP) to automatic ally neg otiate a tr unk link between this switch and another[...]
-
Page 662
L IN K A GG RE G A T I O N C OMMANDS 26-2 Guidelines for Creating Trunks General Guidelines – • Finish conf i gur ing port trunks before you connect the co rrespon ding network c ables betwe en swit ches to avoi d creat ing a loop. • A trunk can have up to 8 ports. • T he po rts at bo th ends of a conn ection mus t be co nfigure d as trun k[...]
-
Page 663
CHANNEL - GR OUP 26-3 • If the port channel admin key (lac p admin key - Port Channel ) is not set whe n a channel grou p is formed (i.e., it has the null v alue of 0), this key is set to the sam e value a s the port admin key (lacp admin key - Etherne t Inter face) used by the in terfac es that j oined the gro up. • However, if the po rt chann[...]
-
Page 664
L IN K A GG RE G A T I O N C OMMANDS 26-4 Example The follo wing example creates t runk 1 and then add s port 11: lacp This command enables 802.3ad Link Ag g regation Control Protocol (LA CP) for th e cur rent int erface. Use the no fo rm to disab le it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interf ace Configurati on (E thernet) [...]
-
Page 665
LACP 26-5 Example Th e following shows LA CP e nabled on por ts 10-1 2. Becaus e LACP has also bee n enab led on the ports at the oth er end o f the li nks , the show interfaces status por t-channel 1 command sh ows that T r un k1 has been established. Console(config)#interface ethernet 1/10 Console(config-if)#lacp Console(config-if)#exit Console(c[...]
-
Page 666
L IN K A GG RE G A T I O N C OMMANDS 26-6 lacp system-priority This comman d configure s a port's LA CP system prio rity . Use the no for m to rest ore t he defau lt sett ing . Syntax lacp { actor | partner } system-priorit y priority no lacp { actor | par tner } system-priori ty • actor - The local side an a ggregate lin k. • partner - Th[...]
-
Page 667
LACP ADMI N - KE Y (E THER NET I NTERFACE ) 26-7 lacp admin-key (Ethernet In terfa ce) Th is command configur es a por t's LACP administ ration key . Us e the no for m to res tore the defau lt setting. Syntax lacp { actor | partner } admin-key ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The local side an a ggregate lin k. • [...]
-
Page 668
L IN K A GG RE G A T I O N C OMMANDS 26-8 lacp admin-key (Port Channel) This command config ures a port ch annel's L A CP administrat ion k ey stri ng . Use the no for m to r estore the d efault s etting . Syntax lacp admin-k ey ke y [ no ] lacp admin-key key - The por t channe l admin key i s used to ident ify a speci fic link aggr egation gr[...]
-
Page 669
LACP PORT - PRIO RITY 26-9 lacp port-priority This command c o nfi gures LA CP port priority . Use the no for m to res tor e the de fault settin g . Syntax lacp { actor | partner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The local side an a ggregate lin k. • partner - The remote s ide of an aggreg ate link.[...]
-
Page 670
L IN K A GG RE G A T I O N C OMMANDS 26-10 show l acp This c ommand displays LA CP infor mation. Syntax show lacp [ port-channel ] { counters | inter nal | neighbors | sys-id } • port-channe l - Local identifier for a link aggregation group. (Range: 1-12) • counters - Sta tistics for L ACP protocol me ssages. • inter nal - Configu ration set [...]
-
Page 671
SHOW LACP 26-11 Table 26-2 show lacp counters - display descriptio n Field Description LACPDUs Sent Number of valid LACP DUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received on this channe l group. Marker S ent Nu mber of vali d Marke r PDUs tran smitted from this channel grou p. Marker Received Number of va li[...]
-
Page 672
L IN K A GG RE G A T I O N C OMMANDS 26-12 LACPDUs Inter nal Number of seconds before inva lidating received LACPDU information. LACP System Priority LACP system pr iority assigned to this port chan nel. LACP Port Priority LACP port priority assigned to this interface within the channel group. Adm in Sta te, Oper S tate Administrative or opera tion[...]
-
Page 673
SHOW LACP 26-13 Console#show lacp 1 neighbors Port channel 1 neighbors ---------------------------------------------------------- --------- Eth 1/1 ---------------------------------------------------------- --------- Partner Admin System ID: 32768, 00-00-00-00-00-00 Partner Oper System ID: 32768, 00-01-F4-78-AE-C0 Partner Admin Port Number: 2 Partn[...]
-
Page 674
L IN K A GG RE G A T I O N C OMMANDS 26-14 Console#show lacp sysid Port Channel System Priority Syste m MAC Address ----------------------------------------- -------------------------- 1 32768 00-3 0-F1-8F-2C-A7 2 32768 00-3 0-F1-8F-2C-A7 3 32768 00-3 0-F1-8F-2C-A7 4 32768 00-3 0-F1-8F-2C-A7 5 32768 00-3 0-F1-8F-2C-A7 6 32768 00-3 0-F1-8F-2C-A7 7 3[...]
-
Page 675
27-1 C HAPTER 27 M IRROR P ORT C OMMANDS Th is section d escrib es how to mir ror tr affic f rom a sourc e por t to a tar get por t. port monitor This command con figures a mir ror sess ion. Use th e no for m to clear a mir ror sess ion. Syntax por t monitor interface [ rx | tx | both ] no por t monitor interface • interface - ethernet unit / por[...]
-
Page 676
M IR R OR P ORT C OMMANDS 27-2 Command Usage • You can mirror traffic from any so urce port to a destination po rt for real-time analysis. Y ou can then attach a logi c analyzer or RMON prob e to the des tination port and s tudy the tr affic crossin g the sou rce port in a completely unobtrusive manner. • T he dest ination p ort is se t by spec[...]
-
Page 677
SHOW PORT MONITOR 27-3 Command Usage This comman d disp lays the currently configure d sourc e port, destinat ion por t, and m ir ror mode (i.e., RX, TX , RX/TX). Example The foll owi ng sh ows m irroring co nfigured from port 6 to po rt 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end [...]
-
Page 678
M IR R OR P ORT C OMMANDS 27-4[...]
-
Page 679
28-1 C HAPTER 28 R ATE L IMIT C OMMANDS This f unction allows t he network manag er to co ntrol the ma ximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is config ured on inte rfaces at the edg e of a network to limit traffic into or out of the network. T raffic that falls within the rat e limit is transmitted, while pa[...]
-
Page 680
R ATE L IMIT C OMMANDS 28-2 rate-limit This c ommand defines the rate limit for a specific interface. Use this command withou t speci fying a rate to res tore th e default rate . Use the no for m to res tore the d efault statu s of disabled . Syntax rate-limit { input | output | vlan vlan-i d } [ rate ] no rate-l imit { input | output | vlan [ vlan[...]
-
Page 681
RATE - LIMIT TRAP - INPUT 28-3 rate-limit trap-in put This comma nd sets an SNMP trap if traffic e xc eeds the config ured r ate limit. Use the no for m to restore th e default se tting . Syntax rate-limit snmp-trap-i nput [ up up per-discard-b oundary down lower-dis card-boundary ] no snmp-rate-limit trap- input • upper-discard- boundary – Th [...]
-
Page 682
R ATE L IMIT C OMMANDS 28-4 • For fu rther in formatio n on t he type of no tificatio n message s that can be sent by the system, refer to the information about trap and inform messages desc ribed un der the snmp-server ho st comm and on page 21-6. Example This example sets an upper discard boundary of 500 pack ets / 10 seconds , and a l ow er di[...]
-
Page 683
29-1 C HAPTER 29 VDSL C OMMANDS VDSL com muni catio n para meters can be set f or indi vid ual ports , or multiple parameters can be defined in a profile and applied glob ally to the switc h or to a group of ports . Alar m thr eshold s can b e defi ned in a profi le and then applied globally t o the sw itch or to s elected por ts . T he switch also[...]
-
Page 684
VDSL C OMMANDS 29-2 Long-Reach Ethernet Commands This se ction describes how to configure communication paramet ers for VDSL ports s uch as speci fying d ata ba nd usage plan s , setting n otch es with in the fre quency ban ds to a void in terfere n ce wi th ham r adio signal s , setting a mask for power s pectral de nsity t o meet reg ional or loc[...]
-
Page 685
L ONG -R EACH E THER NET C OMMANDS 29-3 lre max-power Sets the maximum aggreg ate downstream or upstream power GC/IC 2 9-22 lre min-protection Configure s the minimum level of impulse noise protectio n for all bearer channels IC 29-23 lre channel Sets the channel mode to fast or interleaved IC 29-24 lre int erl eave -max -de lay Sets the max imum i[...]
-
Page 686
VDSL C OMMANDS 29-4 lre band-plan This command s ets the frequency ba nds used for VDSL si gnals b ased o n a set of predef i ned plans . Use th e no for m to restor e the default s tatus . Syntax lre band-plan value no lre band-plan val ue – In dex fo r a predef ined b and plan. (See T able 29-3, “VDSL2 Band Plans , ” on page 29-5.) Default [...]
-
Page 687
L ONG -R EACH E THER NET C OMMANDS 29-5 Example This example sets th e band plan to 998-640-30000. Related Commands show lre (29-79) Ta ble 29- 3 VD SL2 Band Pl ans Index Desig nator Number of Bands Reference Docu ment 3 998-138-8500 Long Reach 3 4 998-138-12000 High Data Rate 4 5 998-640-30000 100/100 6 (US1-3, DS1- 3) G.993.2, Annex C 6 997-138-8[...]
-
Page 688
VDSL C OMMANDS 29-6 lre option-band This comma nd sets the frequ encies to be us ed for the opt ional Up stream Band 0 (US0). Us e the no for m to rest ore the d efault status. Syntax lre opti on-band va lu e no lre op tion -ban d val ue – Index of pr edefin ed frequ ency bo unds for US0. No te th at eac h op tio n incl udes a range for th e lo w[...]
-
Page 689
L ONG -R EACH E THER NET C OMMANDS 29-7 lre ham-band This c ommand sets t he Handheld Amateur Radio ( HAM) band th at will be blocked to VD SL sign als based on define d freq uencies. Use the no form to restore th e default status . Syntax lre ham-band va lu e no lre ham-band val ue – HAM ba nd mas k. (See T able 29-4, “HAM Band Notches , ” o[...]
-
Page 690
VDSL C OMMANDS 29-8 4 RFI-BAND04 3.500 - 3.575 MHz ANNEX F 5 RFI-BAND05 3.500 - 3.800 MHz ETSI 6 RFI-BAND06 3.500 - 4.000 MHz T1E1 7 RFI-BAND07 3.747 - 3.754 MHz ANNEX F 8 RFI-BAND08 3.791 - 3.805 MHz ANNEX F 9 RFI-BAND09 7.000 - 7.100 MHz ANNEX F , ETSI 10 RFI-BAND10 7.000 - 7.300 MHz T1E1 11 RFI-BAND11 10.100 - 10.1 50 MHz ANNEX F, ETSI, T1E1 12 [...]
-
Page 691
L ONG -R EACH E THER NET C OMMANDS 29-9 Example This exam ple s ets a HA M band notc h in the tra nsmitt ed po we r spectrum in the 10.000 - 10.150 MHz transmission band (also called the 30 meter band) . Related Commands show lre h am-band (29-64 ) lre region-ham-band (29-9) lre region-ham-band This c ommand sets the ham radio band that will be bl [...]
-
Page 692
VDSL C OMMANDS 29-10 • Using a HAM band ma sk preve nts interfe rence with oth er syst ems (e.g., am ateur r adio) that use narrow band tra nsmission in the VDS L frequency band. The selecte d frequency range will not be used to transmit data on the VDSL line. Y ou may need to specify a mask if required by local regulations or if specific inciden[...]
-
Page 693
L ONG -R EACH E THER NET C OMMANDS 29-11 18 RFI-BAND18 10.0 05 - 10.100 MHz Aeronautic al Communications 19 RFI- BAND19 10.1 00 - 10.150 MHz Amateur Radio 20 RFI-BAND20 11.1 75 - 11.400 MHz Aeronautic al Communications 21 RFI-BAND21 11.6 00 - 12.100 MHz DRM Radio 22 RFI- BAND22 12.5 70 - 12.585 MHz GMDSS 23 RFI-BAND23 13.2 00 - 13.360 MHz Aeronauti[...]
-
Page 694
VDSL C OMMANDS 29-12 Example This exam ple s ets a HA M band notc h in the tra nsmitt ed po we r spectrum to a vo id inte rference with CB radios . Related Commands show lre region-ham-band (29-65) lre ham-band (29-7) lre psd-breakpoints This command sets t he numb er of fr equency bre akpoints in the PSD mask. Use t he no for m to res tore the def[...]
-
Page 695
L ONG -R EACH E THER NET C OMMANDS 29-13 PSD Mask required for compliance wit h local regulatio ns, or set mask limit s for ups tream pow er backoff. The meth ods used to cal culate these various PSD masks, and loc al regulations governing the power spectrum used on VDSL lines are all described in I TU-T G.993.2. • Breakpo ints can be applied to [...]
-
Page 696
VDSL C OMMANDS 29-14 Command Mode Global Configura t ion Interf ace Conf igur ation (V DSL P ort) Command Usage • Enter this comman d in gl oba l configurat ion mo de to co nfigure freque ncy break points for all V DSL ports , or in in terfac e mode to configure them for a specific VDSL port. • The n umber of breakpo ints us ed in the PSD m ask[...]
-
Page 697
L ONG -R EACH E THER NET C OMMANDS 29-15 lre psd-value This comm and defi nes a po wer lev el for eac h of the PSD brea kpoints . Use the no for m to restor e the default se tting . Syntax lre psd-v alue breakpoint psd-v alue no lre psd-v alue breakpoint • br eakpoi nt – Freque ncy b reakpo int within the power spect ral den sity (PSD) as de fi[...]
-
Page 698
VDSL C OMMANDS 29-16 Example The foll owi ng set s a PSD v alue for th e freque ncy band bo unded by breakpoints 1 and 2 to -20 dBm/Hz on VDSL port 1. Related Commands lre psd-breakpoints (29-12) lre psd-frequencies (29-13) show lre psd (29-67) lre p sd-ma sk-l evel (29- 16) lre psd-mask- level This command sets a pred efined PSD ma sk. Use t he no[...]
-
Page 699
L ONG -R EACH E THER NET C OMMANDS 29-17 • The fo llowi ng table lists the pred efined b and p lans. Example The followi ng specifi es a predefined ma sk based on Anne x F of ITU-T G . 993.1 for use on VDSL port 1. Related Commands show lre psd-mask-leve l (29-68) lre psd-breakpoints (29-12) lre psd-frequencies (29-13) lre psd-v alue (29-15) Tabl[...]
-
Page 700
VDSL C OMMANDS 29-18 lre pbo-config Th is command se ts a mask to red uce the p ower spectral d ensity (PSD ) of transm itte d signa ls a t specif ied fr equency breakp oints for upstream power backoff. Us e t he no for m to restore th e default sta tus . Syntax lre pbo-config K1[0] Rx_PSD 1 K1[1] R x_PSD 2 K1[2] Rx_PSD3 K1[3] Rx_PSD 4 K1[4] Rx_PSD[...]
-
Page 701
L ONG -R EACH E THER NET C OMMANDS 29-19 • The transceiver will adjust its transmitted signal to con form to the power limitations se t by the lre pbo-config command. • If ups tream po wer backof f is enabled wit h the lre upbo command (page 29-19), the transceive r will auto matically reduce the PSD at each frequ ency bre akpoint se t the by t[...]
-
Page 702
VDSL C OMMANDS 29-20 Command Usage • Enter this command in global con figuration mode to enable upstream power backo ff for all VDSL ports, o r in interface mo de to enable i t for a VD SL po rt. • Upstr eam power backo ff (UPBO) sho uld be config ured when ther e are VDSL conne ctions of differ ent len gths att ached to this swi tch. UPBO is r[...]
-
Page 703
L ONG -R EACH E THER NET C OMMANDS 29-21 lre tone This c ommand dis ables VDSL sig nals at fre quencies less than or eq ual to 640 KHz, 1.1 MHz or 2.2 MHz. Use the no for m to res tore th e default setting. Syntax lre tone { tx | rx } va lu e no lre tone { tx | rx } • tx – Do wnstre am band plan. • rx – Ups tream band plan . • value – I[...]
-
Page 704
VDSL C OMMANDS 29-22 Example Th e following disable s all tone be neath 640 kHz on th e upstr eam band plan. Related Commands show lre tone (29-71) lre max-power This command sets the maximum aggreg ate dow nstream o r upstream pow er . Use the no for m to restore th e default s etting . Syntax lr e max -power { down | up } val u e no lre max-power[...]
-
Page 705
L ONG -R EACH E THER NET C OMMANDS 29-23 Example The following sets the maximum downstream power on port 1 to 14.5 dBm. lre min-protection This command config ures the minim um level of impulse noise pro tection for all b earer c h ann els . Use the no f orm to rest ore t he def ault sett ing . Syntax lre min-protect ion { down | up } value no lre [...]
-
Page 706
VDSL C OMMANDS 29-24 • Note that this p arameter only applies to interleaved channe ls. Refer to ITU-T G.993.2 for a full descrip tion of the methods used to calculate the m inimum leve l of i mpul se no ise pr otecti on. Example lre channel This comma nd sets t he cha nnel mod e to fa st or in terlea v ed. Use t he no for m to res tore the defau[...]
-
Page 707
L ONG -R EACH E THER NET C OMMANDS 29-25 Related Commands lre interleav e-max-delay (29-25) lre interleave-max-delay This comma nd sets t he maxim um in terlea v e dela y . Use th e no for m to restore the default s tatus. Syntax lre inter leav e-max-delay { do wn | up } va lu e no lre inter leav e-max-delay { down | up } • down – Down stream b[...]
-
Page 708
VDSL C OMMANDS 29-26 Related Commands lre channel (29-24) show lre interleav e-m ax-delay (29-72) lre datarate This comm and specifies the minimum and maximum data rate for dow nstream and ups tream fast or slow (i nterleav ed) channe ls . Use t he no for m to res tore the defau lt setting. Syntax lre datarate { down | up } { slow | fa st } { max |[...]
-
Page 709
L ONG -R EACH E THER NET C OMMANDS 29-27 Example The fo llowing sets the minimum and maximum data rates for the downstre am fast cha nnel on por t 1. Related Commands show lre rate-adaption (29-75) show lre datarate (29-73) lre rate-set (29-27) lre rate-set This c ommand se ts the maximum inp ut and output data rates for the VDSL po rts. Use the no[...]
-
Page 710
VDSL C OMMANDS 29-28 Related Commands lre datarate (29-26) lre noise-mgn target This comma nd confi gures the targeted s ignal-to -nois e margin t hat VDSL ports must achieve to successfully c omplete initializ ation. Use the no for m to rest ore t he defau lt sett ing . Syntax lre noise-mgn target { down | up } value no lre noise-mgn target { down[...]
-
Page 711
L ONG -R EACH E THER NET C OMMANDS 29-29 lre noise-mgn min This comm and con figures the mi nimum acceptab le sign al-to-n oise mar gin. Use the no for m to re store the defa ult setting. Syntax lre noise-mgn min { down | up } value no lre noise-mgn min { down | up } • down – Down stream ba nds. • up – Upstre am bands . • val ue – Signa[...]
-
Page 712
VDSL C OMMANDS 29-30 lre shutdown Th is comma nd shut s down a V DSL por t. Us e the no f o r m t o r e- e na b le d a por t. Syntax [ no ] lre shutdown Default Setting All VDSL por ts are op erational Command Mode Interf ace Conf igur ation (V DSL P ort) Command Usage Use this co mmand to disabl e the VD SL chipset transm itter of a VD SL p o rt t[...]
-
Page 713
L ONG -R EACH E THER NET C OMMANDS 29-31 Command Mode Interf ace Conf igur ation (V DSL P ort) Command Usage Use th is command to trouble shoot V DSL conn ection o r perf or mance problems. Example lre auto-retraining This c ommand initiates automatic retrain ing to find the opt imal transmission rate when the switch re-establishe s the link to a p[...]
-
Page 714
VDSL C OMMANDS 29-32 Related Commands lre datarate (29-26) lre retraining This c ommand manually initiates the rate adaptatio n method to find the optimal transmiss ion rate based on e xisting line cond itions . Use the no for m to dis able this fea ture. Default Disabled Command Mode Interf ace Conf igur ation (V DSL P ort) Command Usage • This [...]
-
Page 715
L ONG -R EACH E THER NET C OMMANDS 29-33 lre rate-adaption This com mand ena bles aut omati c line r ate adaptati on, wh ich can se t the optimal transmis sion rate based on ex isting line conditio ns . Use the no for m to dis able this fea ture. Syntax [ no ] lre rate-adaption Default Setting Enabl ed Command Mode Global Configura t ion Interf ace[...]
-
Page 716
VDSL C OMMANDS 29-34 Related Commands lre datarate (29-26) show lre rate-adaption (29-75) lre apply This c ommand applies all glo bal VDSL settin gs to each VDSL por t on t he switch or to a specified por t, ove rwriting any previo us settings config ured for specific interfaces . Use the no form to restore the defau lt settin g . Command Mode Glob[...]
-
Page 717
L INE P RO F I LE C OMMANDS 29-35 Line Profile Commands This se ction describe s how to configure a list o f communication parame ters su c h as da ta rate s and acce ptab le noise margins which can be applie d to all VDSL ports or to a sele cted group of ports . Table 29-7 Line Profile Commands Command Function Mode Page line-profile Enters VDSL L[...]
-
Page 718
VDSL C OMMANDS 29-36 line-profile This comm and enters VDSL Line Profile configuration mode. Syntax line -pr ofil e profile-name pr ofile-na me – Name of the profile. (Rang e: 1-31 alphanumeric cha rac te rs) Command Mode Global Configura t ion Command Usage All commands entered in this m ode are stored under t he named profile, and take effect o[...]
-
Page 719
L INE P RO F I LE C OMMANDS 29-37 Example Th e following creates a VDSL line profile name d sout hpor t. Related Commands show lre line-profile (29- 77) lre line-profile This comm and applies a line profile to selected VDSL por ts . Use the no form to restore t he defaul t setti ngs fo r the se lected ports . Syntax [ no ] lre line-profil e pr ofil[...]
-
Page 720
VDSL C OMMANDS 29-38 Example The following applies the line profile n amed southpor t to all VDSL por ts . band-plan This command s ets the frequency ba nds used for VDSL si gnals b ased o n a set of predef i ned plans . Use th e no for m to restor e the default s tatus . Syntax band-plan va lu e no band-plan val ue – In dex fo r a predef ined b [...]
-
Page 721
L INE P RO F I LE C OMMANDS 29-39 option-band This comma nd sets the frequ encies to be used for optio nal Ups tream Band 0 (US0). Us e the no for m to rest ore the d efault status. Syntax option-band valu e no option-band val ue – Index of pr edefin ed frequ e ncy bound s for US0. (Options: 0 - No optional band 1 - ITU-T G993.2, Annex A, 6-32, 2[...]
-
Page 722
VDSL C OMMANDS 29-40 ham -ba nd This c ommand sets t he Handheld Amateur Radio ( HAM) band th at will be blocked to VD SL sign als based on define d freq uencies. Use the no form to restore th e default status . Syntax ham-band valu e no ham-band val ue – HAM ba nd mas k. (See T able 29-4, “HAM Band Notches , ” on p age 29-7.) Default Setting[...]
-
Page 723
L INE P RO F I LE C OMMANDS 29-41 region-ham-band This c ommand sets the ham radio band that will be bl ocke d to VDSL sign als ba sed on d efine d usage type s . Use the no fo r m to restor e the default status . Syntax region-ham-band va lu e no r egi on-h am -band val ue – HAM band mask f or des ignat ed usage t ype . (See T able 29-5 , “HAM[...]
-
Page 724
VDSL C OMMANDS 29-42 tone This c ommand dis ables VDSL sig nals at fre quencies less than or eq ual to 640 KHz, 1.1 MHz or 2.2 MHz. Use the no for m to res tore th e default setting. Syntax lre tone { tx | rx } va lu e no lre tone { tx | rx } • tx – Do wnstre am band plan. • rx – Ups tream band plan . • value – Index of low -end fre que[...]
-
Page 725
L INE P RO F I LE C OMMANDS 29-43 Example Th e following disable s all tone be neath 640 kHz on th e upstr eam band plan. Related Commands lre tone (29-21) max-power This command sets the maximum aggreg ate dow nstream o r upstream pow er . Use the no for m to restore th e default s etting . Syntax max-power { down | up } va lu e no max-pow er { do[...]
-
Page 726
VDSL C OMMANDS 29-44 min-protect ion This command config ures the minim um level of impulse noise pro tection for all bearer c hannels . Use the no f orm to rest ore t he def ault sett ing . Syntax min-protection { dow n | up } va l ue no max-pow er { down | up } • down – Down stream ba nds. • up – Upstre am bands . • val ue – The numbe[...]
-
Page 727
L INE P RO F I LE C OMMANDS 29-45 Related Commands lre min- protect io n (29- 23) channel This comma nd sets t he cha nnel mod e to fa st or in terlea v ed. Use t he no for m to res tore the defau lt status. Syntax channel mode no channel mode – Chan nel mode (Opti ons: fas t, i nterl ea v e) Default Setting interleaved Command Mode VDSL Line Pro[...]
-
Page 728
VDSL C OMMANDS 29-46 down/up-max-inter-delay These comm ands se t the maxim um interle av e delay o n a do wnstream/ upstream c hannel. Use t he no for m to resto re the de fault setti ngs to the profil e. Syntax { down | up } - max-inter-delay val u e no { down | up } -m ax-i nte r-del ay • down – Down stream ba nds. • up – Upstre am bands[...]
-
Page 729
L INE P RO F I LE C OMMANDS 29-47 Related Commands lre interleav e-max-delay (29-25) down/up-fast/s low-max/min-datarate These commands set the maximum/minimum data rate on a fast/slow downs tream/upstream c hannel. Us e the no for m to re store the default settings to the profile. Syntax { down | up }-{ fas t | slow }-{ max | mi n } -da tarate val[...]
-
Page 730
VDSL C OMMANDS 29-48 Example The fo llowing sets the minimum and maximum data rates for the downstre am fast cha nnel on por t 1. Related Commands lre datarate (29-26) down/up-target-nois e-mgn These comma nds set t he targeted s ignal-to -noi se margi n that VDS L ports must achiev e to successfully co mplete initialization on a downstream/ upstre[...]
-
Page 731
L INE P RO F I LE C OMMANDS 29-49 Example The following sets an SNR o f 12 dB for the downstream c hannels and 18 dB for the upstream chann els . Related Commands lre noise-mgn targ et (29-28) down/up-min-nois e-mgn These comm ands se t the mini mum acceptable sign al-to-no ise m argin o n a downs tream/upstream c hannel. Us e the no for m to re st[...]
-
Page 732
VDSL C OMMANDS 29-50 • When ra te adaptation is enabled (see Command Usage, page 29-32), the signal-to -noise ra tio (SNR) is an ind icator of link quality. The switch itself has n o internal functions t o ensure link quality. To ens ure a stable link, you should add a margin to the theoretica l minimum signal-to -noise rat io (SNR) . Example The[...]
-
Page 733
A LARM P RO F I LE C OMMANDS 29-51 Alarm Profile Co mmands This s ection desc ribes how to con figur e a lis t of threshold v alues for er ror states which c an be applied all VDS L por ts or to a selected g roup of por ts. Table 29-8 Alarm Profile Commands Command Func tion Mode Page alarm-profi le Enters VDSL Line Alarm configuration mode GC 29-5[...]
-
Page 734
VDSL C OMMANDS 29-52 alarm-profile This comm and enters VDSL Alar m Profile configuration mode. Use the no for m to delete an alarm profile. Syntax [ no ] alar m-profile profile-name pr ofile-na me – Name of the profile. (Rang e: 1-31 alphanumeric cha rac te rs) Command Mode Global Configura t ion Command Usage All commands entered in this m ode [...]
-
Page 735
A LARM P RO F I LE C OMMANDS 29-53 Command Usage First create a profile of VD SL alar m thresholds u sing the other commands described in t his section, then ent er Global Configuration mode to apply th e profile t o all VDSL por ts on the sw itch using the lr e alar m-profile comm and. Or use t he interf ace c o m m a nd t o s e l e c t a specific[...]
-
Page 736
VDSL C OMMANDS 29-54 the sta tus of remo te tr ansceivers is obtai ned vi a the embed ded operation channe l (EOC), this information may be unavailable for units that are unreachable via the EOC durin g a line error c ondition. There fore, no t all conditi ons ma y always be included in its curren t status . • This command sets the threshold for [...]
-
Page 737
A LARM P RO F I LE C OMMANDS 29-55 Command Usage • An Er rored S econd is a one-seco nd inter val cont aining on e or mor e CRC a nomalies, or one or more L oss of Si gnal (L OS) or Lo ss of Framing (LOF) d efects. • This co mmand se ts the thre shol d for the n umber of errored s econd s within any 15 minute collect ion interval for performanc[...]
-
Page 738
VDSL C OMMANDS 29-56 Command Usage This command s ets th e thresh old for th e n umber of s econds d uring which there is l oss of framing within any 15 minute collecti on inter val for perf or mance d ata. If loss of fram ing in a par ticula r 15-minute collect ion in ter v al reac hes or e xceeds th is v alue, a vdslP erfLofsThresh Notification n[...]
-
Page 739
A LARM P RO F I LE C OMMANDS 29-57 notification will be g enerated. (R efer to RFC 3728 for infor mation on this notifica tion messag e.) No more th an one no tification wi ll be sent per int er val. Example The fo llowing sets the LOLs threshold to 15. thresh-15min-los s This command sets t he thres hold for L oss of Sig nal seco nds (LOSs) that c[...]
-
Page 740
VDSL C OMMANDS 29-58 Example The fo llowing sets the LOSs thresh old to 15. thresh-15mi n-lprs This comma nd sets the thres hold fo r Loss of P ower Seconds (LPRs) that can occu r within any gi v en 15 min utes . Use the no for m to rest ore the default se tting . Syntax thresh-15min-lprs va lu e val ue – Thre shold for Loss o f P ower Seco nds .[...]
-
Page 741
A LARM P RO F I LE C OMMANDS 29-59 thresh-15min-sess This command sets the thresho ld for S everely E rrored Seconds (SESs) that can occur w ithin any gi ven 15 min utes. Use th e no for m to restore the default se tting . Syntax thresh-15min-sess val u e val ue – Threshold for Severely Er rored Seconds . (Range: 0-900 seconds; 0 disables the thr[...]
-
Page 742
VDSL C OMMANDS 29-60 thresh-15min-uas s This comman d sets the thre shold for Unav ailable Sec onds (U AS s) that can occur wi thin an y gi ve n 15 min utes . Use the no for m to restor e the default setting. Syntax thresh-15min- uass val ue val ue – Thre shold for Unav ailable S econds . (Range: 0-900 seconds; 0 disables the threshold) Default S[...]
-
Page 743
D ISPLA YIN G VDSL I NFOR MATION 29-61 Displaying VDSL Inform ation This se ction desc ribes the command s used to display infor matio n on VDSL configuration settin gs , signal status , and communication st atistics . Table 29-9 Commands for Displaying VDSL Information Comm and Functi on Mode P age Displaying Configuration Settings show lre band-p[...]
-
Page 744
VDSL C OMMANDS 29-62 show lre band-pl an This command displa ys the frequency b ands us ed for VDSL s ignals . Syntax show lre band-plan [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec show lre noise-mgn Displa ys the targete d signal-to- noise margin that VDSL p orts must [...]
-
Page 745
D ISPLA YIN G VDSL I NFOR MATION 29-63 Command Usage • Use t his comm and with out the i nterface pa rameter to displ ay the ba nd plans use d for all VDSL po rts on the s witch, or wi th an inte rface to disp lay the b and plan used for a speci fic port. • The ban d plan o ptions prov ided by this switch are desc ribed by ITU-T Standards G.997[...]
-
Page 746
VDSL C OMMANDS 29-64 Command Usage • Use this command w ithout the in terface parameter to display the optiona l US0 ba nd used for all VDSL ports on the sw itch, or with an interfac e to di splay th e option al band used for a specific port. • Re fer to th e lre option -band command on pag e 29-6 for a list of the frequ ency bou nds for th e o[...]
-
Page 747
D ISPLA YIN G VDSL I NFOR MATION 29-65 Example This example shows that the HAM band in the 1.810 - 1.825 MHz range is bloc ked to VDSL si gna ls for P ort 1. Related Commands lre ham-band (29-7) show lre region-ham-band This c ommand displays the HAM radio band th at is blocked to VDSL sign als ba sed on define d usage ty pes . Syntax show lre re g[...]
-
Page 748
VDSL C OMMANDS 29-66 Command Usage • Use this command w ithout the in terface parameter to display the HAM band usage filter used for al l VDSL port s on the switc h, or with an interface to display the filter used for a specific po rt. •R e f e r t o Table 29-5, “HAM Band No tches for Usage Types,” on page 29-10 fo r a list of the stop ban[...]
-
Page 749
D ISPLA YIN G VDSL I NFOR MATION 29-67 Related Commands lre region-ham-band (29-9) show lr e psd This comm and displays the pow er level set for each of the PSD break points. Syntax show lre psd [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Command Usage • Use th is com[...]
-
Page 750
VDSL C OMMANDS 29-68 Related Commands lre psd-breakpoints (29-12) lre psd-frequencies (29-13) lre psd-v alue (29-15) show lre psd-mask-level This command displa ys the prede fined PSD mas k config ured for an interface. Syntax show lre psd-mask-lev el [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Comma[...]
-
Page 751
D ISPLA YIN G VDSL I NFOR MATION 29-69 Command Usage • Use this command w ithout the in terface parameter to display the predefi ned PSD mask use d for a ll VDSL ports on the switc h, or w ith an interface to display it used for a specific port. •R e f e r t o Table 29-6, “PSD Mask Options,” on page 29-17 for a list of the PS D mask opt ion[...]
-
Page 752
VDSL C OMMANDS 29-70 Example This example shows that t he UPBO mask used for all u pstream traffic . Related Commands lre pbo-config (29-18) show lre upbo This co mmand sh ow s if upstream p o wer bac koff is enabl ed or disabl ed. Syntax show lre upbo [ uni t / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Com[...]
-
Page 753
D ISPLA YIN G VDSL I NFOR MATION 29-71 transceiver will automatically control upstre am power backoff based on def aul t va lues se t by the DSP engi ne. Example This example sho ws that UPBO has bee n enabled on P or t 1. Related Commands lre upbo (29-19) show lr e tone This co mmand sho ws if VDSL sig nals a re ena bled o r di sabl ed at frequenc[...]
-
Page 754
VDSL C OMMANDS 29-72 Related Commands lre tone (29-21) show lre interleave-max-delay This comm and d ispla ys th e maxim um interlea ve-dela y that can be use d for downs tream and upstr eam channels . Syntax show lre interleave-max- delay [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri [...]
-
Page 755
D ISPLA YIN G VDSL I NFOR MATION 29-73 show lre datarate This comm and displays the minimum and maximum data rate for dow nstream and ups tream fast or slow (in terleav ed) channe ls . Syntax show lre interleave-delay [ unit / por t ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Command[...]
-
Page 756
VDSL C OMMANDS 29-74 show lre noise-mgn This comm and displays the targeted signal-to- noise margin that VDSL ports must achiev e to successfully complete initialization. Syntax show lre noise-mgn [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Command Usage • Use th is c[...]
-
Page 757
D ISPLA YIN G VDSL I NFOR MATION 29-75 show lre rate-adaption This c ommand shows if line rate adap tation which sets the optim al transmission rate based on existing line condi tions is enabled or disabled. Syntax show lre rate-ad aption [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri v[...]
-
Page 758
VDSL C OMMANDS 29-76 show lre config This comma nd sh ows the VD SL config uratio n sett ings for an interface . Syntax show lre config [ unit / po rt ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Command Usage Use this comma nd withou t the interfac e paramete r to show the VDSL setti[...]
-
Page 759
D ISPLA YIN G VDSL I NFOR MATION 29-77 Related Commands lre apply (29-34) show lre line-profile This comm and displays a specified line profile which may be applied sele cted VD SL por t s . Syntax show lre li ne-profile [ profile-name ] pr ofile-na me – Name of the profile. (Rang e: 1-31 alphanumeric cha rac te rs) Command Mode Pri vileged Ex ec[...]
-
Page 760
VDSL C OMMANDS 29-78 Related Commands line-profile (29-36) lre line-profile (29-37) show lre alarm-profile This comm and displays a specified alar m profile which may be applied sele cted VD SL por t s . Syntax show lre alarm-profile [ pro fil e-na me ] pr ofile-na me – Name of the profile. (Rang e: 1-31 alphanumeric cha rac te rs) Command Mode P[...]
-
Page 761
D ISPLA YIN G VDSL I NFOR MATION 29-79 show l re This comm and displays the communication status of th e VDSL line. Syntax show lre un it / port • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Example Console#show lre 1/1 port 1 status : port enable(provisioned) port 1 status : port activa[...]
-
Page 762
VDSL C OMMANDS 29-80 show lre phys-info This comm and displays ph ysical layer infor mation about the VDSL line. Syntax show lre phys- info unit / port • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Line Protection ( Slow Path) The minimum level of impulse noise protection for all bearer [...]
-
Page 763
D ISPLA YIN G VDSL I NFOR MATION 29-81 Example show lr e rate-in fo This comm and displays rate infor mation for the VDSL line. Syntax show lre rate-inf o [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Console#show lre phys-info 1/1 port 1/1 Phys info: Phys current line ra[...]
-
Page 764
VDSL C OMMANDS 29-82 Example show lr e perf Th is command displays pe rfor man c e infor mation inc luding common error condit ions o ver pr edefined intervals for the V DSL line . Syntax show lre perf [ unit / port ] • unit - Stack un it. (Range: 1) • port - Po rt nu mber. (R ange : 1-16) Command Mode Pri vileged Ex ec Console#show lre rate-in[...]
-
Page 765
D ISPLA YIN G VDSL I NFOR MATION 29-83 Command Usage Use this com mand wit hout the in terface par ameter to s how perfor mance infor m ation for a ll VDSL po rt s on the sw itch, or wi th an interface to display this infor mation for a specific port. F or a description of the di splayed items , refer to the “ Alar m Profile Commands” on page 2[...]
-
Page 766
VDSL C OMMANDS 29-84 Loss of power Number of s econds during which there was loss of power Errored seconds Number of seconds during which there was one or more CRC anom alies, o r one or more Loss of Signal (LOS) or Loss of Framing (LOF) defects Severely errored seconds Number of seconds con taining 18 or more CRC-8 anomalies, one or mo re Loss of [...]
-
Page 767
D ISPLA YIN G VDSL I NFOR MATION 29-85 Ethernet Tr ansmit Performa nce Counters Frames Number of frames (unicast, broadcast and multicast) transmitted. Bytes Number of bytes of data tr ansmitted onto the net work. This statist ic can be used as a reasonabl e indicat ion of E thernet utilization. Pause Frames Number of MAC Contro l frames transmitte[...]
-
Page 768
VDSL C OMMANDS 29-86 CPE Co nfig urat ion This sec tion de scri bes operat ion and maint enance (O AM) functi ons for rem ote customer premises equipment (CPE), in cluding upg rading fir mware. oam local clear counter Th is comma nd clea rs stat istical da ta (in VDSL chip) for a specified VDSL por t. Command Mode Interf ace Configur ation Command [...]
-
Page 769
CPE C ONFIGURATION 29-87 Example efm remo te e epr om-w rite This command enables fi r mw are upgrade on the CPE. Syntax efm remote eepro m-write { ena ble | disable } Default Setting Disabled Command Mode Interf ace Configur ation Example copy tftp firmware This command copies BME fir mwar e used for upgrading CPEs fro m a TFTP server to reser v e[...]
-
Page 770
VDSL C OMMANDS 29-88 Example This examp le sho ws ho w to co py BME fir mwar e for CPEs to a r eserved buffer on th e switch, copy th is fir mware to a rem ote CPE, and then activate the new fir mw are. Console#show cpe-info 1/16 Protocol ID: Ikanos EO C Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff [...]
-
Page 771
CPE C ONFIGURATION 29-89 Console#configure Console(config)#interface ethernet 1/16 Console(config-if)#oam remote upgrade firmware Console(config)#end Console#show cpe-info 1/16 Protocol ID: Ikanos EO C Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff (HEX), -1 (DECIMAL) Host Application Version: 7.2.5r7[...]
-
Page 772
VDSL C OMMANDS 29-90 Related Commands oam remote upgrade fir mware (page 29-90) oam remote firmware active (page 2 9-90) oam remote upgrade firm ware This comma nd copies BME firmware to the CPE. Command Mode Interf ace Configur ation Command Usage • BME in dicates the B urst Mo de Eng ine used for digital si gnal proce ssing. • Two firmware fi[...]
-
Page 773
CPE C ONFIGURATION 29-91 Command Usage • BME in dicates the B urst Mo de Eng ine used for digital si gnal proce ssing. • This command activates th e firmware version currently in inactive state. It can ther efore be us ed to activate t he firmware vers ion copi ed to the CP E by the o am remote upgrade firmware command (page 29-90). • After u[...]
-
Page 774
VDSL C OMMANDS 29-92 Example Console#show c pe-info 1/1 Protocol ID: Ikanos EOC P rotocol Protocol Versi on - Major: 01 Protocol Versi on - Minor: 01 Vendor ID (Val ue): ffff ffff (HEX) , -1 (DECIMAL) Host Applicati on Version: 7.2.5r7I K104012 BME Firmware V ersion: Firmwa re-VTU-R:7.2.5r 7 Time May 19 2006, RTOS Nucleus AFE Hardware V ersion: AFE[...]
-
Page 775
30-1 C HAPTER 30 A DDRESS T ABLE C OMMANDS These comma nds are used to config ure the ad dress t able for filter ing speci fied add resse s , display ing current entrie s, clear ing the ta ble, or set ting the agin g time. Table 30-1 Address Table Commands Command Fun ction Mode Page mac-addr ess-table static Maps a static ad dress to a port in a V[...]
-
Page 776
A DDR ES S T ABL E C OMMANDS 30-2 mac-add ress-ta ble static This c ommand maps a static address to a destination port in a VLAN . Use the no for m to remov e an address . Syntax mac-address-tabl e static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table sta tic mac-address vlan vlan-id • mac-address - MAC a ddress . ?[...]
-
Page 777
CLEAR MAC - ADDR E SS - TAB LE DYNAMI C 30-3 • A stat ic addres s cann ot be le arned on anot her por t until th e addr ess is removed with the no form o f this command. Example clear mac-address-table dynamic This c ommand remov es any lear ned entries from th e forwarding database and cl ears the tra nsmit and re ceive coun ts for any stat ic o[...]
-
Page 778
A DDR ES S T ABL E C OMMANDS 30-4 show mac-address -table This c ommand shows classes of e ntries in the bridg e-forwarding database. Syntax show mac-address-ta ble [ addr ess mac-address [ mask ]] [ interf ace interface ] [ vlan vl an-i d ] [ sort { addr ess | vl an | interfa ce }] • mac-address - MAC a ddress . • mask - Bits to match in the a[...]
-
Page 779
MAC - ADDRESS - TABL E AGING - TIME 30-5 • T he maximum number of addr ess entries is 8191. Example mac -ad dres s-ta ble agin g-ti me This co mmand sets the aging time for en tries in the add ress table. Use the no for m to res tore the d efault aging tim e. Syntax mac-address-tabl e aging -time seconds no mac-address-ta ble aging-time seconds -[...]
-
Page 780
A DDR ES S T ABL E C OMMANDS 30-6 show mac-address -table aging-time This c ommand shows the aging time for en tries in the address table. Default Setting None Command Mode Pri vileged Ex ec Example Console#show mac-address-table aging-time Aging time: 300 sec. Console#[...]
-
Page 781
31-1 C HAPTER 31 S PANNING T REE C OMMANDS This secti on inc ludes com mands t hat con figure the Spann ing T ree Alg orithm (STA) globa lly for the switch, and comm ands that co nfigure ST A for the selected i nterface . Table 31-1 Spanning Tree Commands Command Function Mode Page spanning-tre e En ables the spanning tree protocol GC 31- 3 spannin[...]
-
Page 782
S PANNING T RE E C OMMANDS 31-2 revision C onfigures the revis ion number for the multiple spanning tree MST 31-14 max-hops C onfigures the m aximum number of hops al lowed in t he region before a BPDU is discarded MST 31-14 spanning-tre e spanning-d isabled Disables spa nning tree for an interf ace IC 31- 15 spanning-tre e cost Configures the span[...]
-
Page 783
S PANNING - TR EE 31-3 spanning- tree This comma nd ena bles the Spanning T ree Algorith m globa lly fo r the switch. U se the no form to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configura t ion Command Usage The Spann ing T ree Algorithm (ST A) can be used to dete ct and disab le network[...]
-
Page 784
S PANNING T RE E C OMMANDS 31-4 spanning- tree mode This comma nd sele cts th e spannin g tree m ode f or this s witch . Use t he no for m to res tore the defau lt. Syntax spanning-tree mode { stp | rst p | mstp } no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rap id Spanni ng Tre e Protocol (IEEE 802.1w) • mstp -[...]
-
Page 785
S PANNING - TREE FO RW AR D - TIME 31-5 restarts th e migration de lay timer and begins using RSTP BPDUs on th at port . • M ultipl e Spannin g Tree Pr otocol - To allow multiple s panning trees to operate over the n etwork, you must configure a related s et of bridges with the same MSTP configuration, allow ing them to participate in a specific [...]
-
Page 786
S PANNING T RE E C OMMANDS 31-6 Command Usa ge This c ommand sets the maximum time (in second s) the root device will wai t befo re cha n ging states (i.e ., discard ing to l earning to forw ardin g). This dela y is requir e d becau se ev er y devi ce m ust recei v e information about to pology changes before it s tarts to forwa rd frames . In addi[...]
-
Page 787
S PANNING - TR EE MAX - AGE 31-7 Related Commands spanni ng-tree forward-time (31-5) spanning-tree max-age (31-7) spanning-tree max-age This comman d confi gures t he spanni ng tree bridge maxim um age globally for this switch. Use the no for m to res tore the defau lt. Syntax spanning-tree max-age seconds no spanning-tree max-a ge seconds - Time i[...]
-
Page 788
S PANNING T RE E C OMMANDS 31-8 Related Commands spanni ng-tree forward-time (31-5) spanni ng-tree hello-time (31 -6) spanning- tree priority This comm and configures the spanning tree priority globally for this switch. U se the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priori ty of [...]
-
Page 789
S PANNING - TR EE PATHCOST METHOD 31-9 spanning-tree pathcos t method This command config ures the pat h cost method u sed for Rapi d Spanning T ree and Multip le Spanning T re e . Use the no for m to restore the default. Syntax spanning-tree pathcost method { long | short } no spanning-tree pathcost method • lon g - Specifies 32-bit based values[...]
-
Page 790
S PANNING T RE E C OMMANDS 31-10 spanning-tree transm ission-limit This comman d configur es the m inim um interval bet ween the tran smissi on of cons ecuti v e RSTP/MSTP BP DUs . Use the no for m to rest ore the defau lt. Syntax spanning-tree transmi ssion-limit count no spanning-tree transmission-limit count - T he transmission limit in seconds.[...]
-
Page 791
MST VLAN 31-11 Related Commands mst vlan (31-11) mst priority ( 31-12) name (31-13) revision (31-14) max-hops (31-14) mst vlan This command a dds VLANs to a sp anning t ree ins tance . Use t he no for m to remove the sp ecified VLANs. Using the no for m with out any VLA N paramete rs to remove all VLANs . Syntax [ no ] mst instance_id vlan vlan -ra[...]
-
Page 792
S PANNING T RE E C OMMANDS 31-12 instan ce (on eac h bridge) with the s ame set of VLA Ns. Also, n ote that RSTP treat s each MSTI re gion as a si ngle node, connect ing a ll regi ons to the Common Span ning Tree. Example mst priorit y This comma nd config ures the p riori ty of a s panning tree i nstance . Use the no for m to r estore th e default[...]
-
Page 793
NAME 31-13 Example name This comm and configures the name for the multiple spann ing tree region in which this switch is loca ted. Use the no form to clear t he name . Syntax name name name - Name of the spann ing tree. Default Setting Switc h ’ s MA C addr ess Command Mode MST Configuration Command Usage The MST regio n name and re vision n umbe[...]
-
Page 794
S PANNING T RE E C OMMANDS 31-14 revision This comm and configures the revision number for this m ultiple spann ing tree configuration of th is switch. Use the no for m to rest ore the d efault. Syntax revision number number - R evision number o f the spanning tree. (Range: 0-65535) Default Setting 0 Command Mode MST Configuration Command Usage Th [...]
-
Page 795
SP AN N IN G - TR EE S PANNING - DISAB LED 31-15 Default Setting 20 Command Mode MST Configuration Command Usage A n M S T I r e g i o n i s t re a te d a s a si n g le n o d e b y t h e ST P an d R S T P protoc ols . Th erefore, the messag e ag e for BP DUs inside an MSTI region is nev er changed. Ho wev er , eac h spanning tree instance w ithin a[...]
-
Page 796
S PANNING T RE E C OMMANDS 31-16 Example Th is example d isables the spa nning tre e alg orith m for por t 5. spanning-tree cos t This comma nd config ures the spannin g tree p ath cos t for th e specifi ed interface. Use the no form to res tore the defaul t auto -configur ati on mo de . Syntax spanning-tree cost cost no spanning-tree cost cost - T[...]
-
Page 797
S PANNING - TR EE COST 31-17 Default Setting By defa ult, the sy stem aut omati cally dete cts th e speed and d uplex mode used o n eac h port, and configures th e path cost ac cording to the v alues s h o w n b e l o w . P a t h c o st “ 0 ” i s u s e d t o i n di c a t e a u t o - c o n f i g u r a t i o n mode. W hen th e shor t pa th cost m[...]
-
Page 798
S PANNING T RE E C OMMANDS 31-18 spanning- tree port-priority This command configures the pr iority for t he spec ified int erface. Use th e no for m to r estore th e default. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority prior ity - The priority for a port. (Rang e: 0-240, in steps of 16) Default Setting 128 Command [...]
-
Page 799
SP AN N IN G - TR EE PORTFAST 31-19 Default Setting Disabled Command Mode Interfac e Confi guration (E thern et, P or t Channel) Command Usage • You can enable t his option if an int erface is at tached to a LAN segment t hat is at the en d of a brid ged LA N or to an en d node. Si nce end node s cannot ca use fo rwardin g loops, they c an pass d[...]
-
Page 800
S PANNING T RE E C OMMANDS 31-20 Command Mode Interf ace Conf igur ation (E thernet, P ort Channel) Command Usage • This command is used to en able/dis able the fast sp anning-t ree mode for the sele cted port. In this mo de, ports skip th e Discarding and Learnin g states, and pro ceed st raight t o Forward ing. • Since end-no des c annot c au[...]
-
Page 801
S PANNING - TR EE LINK - TYPE 31-21 spanning-tree link- type This command configures the link t ype for Rapi d Spannin g T ree and Multiple Spanning T ree. Use the no for m to res tore th e default . Syntax spanning-tree link-type { auto | point-to-point | shar ed } no spanning-tree link-type • auto - Automatica lly derived fr om the duplex mod e[...]
-
Page 802
S PANNING T RE E C OMMANDS 31-22 spanning- tree mst cost This comma nd confi gures the path co st on a spanni ng inst ance in t he Multiple Spanning T ree. Use the no for m to res tore th e default auto-con figuration mode. Syntax spanning-tree mst instance_id cost cost no spanning-tree mst instance_id cost • instance_id - Instance iden tifier of[...]
-
Page 803
S PANNING - TR EE MST PORT - PRIO RITY 31-23 should be assig ned to interfa ces atta ched to faster m edia, and h igher values assi gned to interfa ces with slower m edia. •U s e t h e no spanning-tre e mst cost command to specify auto -configu ration mode. • Path cost take s prec edence ove r inter face prio rity. Example Related Commands span[...]
-
Page 804
S PANNING T RE E C OMMANDS 31-24 Where m ore than one i nterface i s assig ned the high est prio rity, the interface with lowes t numeric identifier will be enabled . Example Related Commands spanning-tree mst cost (31-22) spanning-tree protocol-m igration This com mand re-c hecks the appropr iate BPDU format to send on the sele cted in terfa ce. S[...]
-
Page 805
SHOW S PANNING - TR EE 31-25 Example show spa nning-t ree This com mand sh ows the co nfigur ation for th e comm on span ning tr ee (CST) or for an instance with in the multiple spanning t ree (MST). Syntax show spanning-tree [ interfac e | mst instance_id ] • interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu m[...]
-
Page 806
S PANNING T RE E C OMMANDS 31-26 descripti on of the items displayed for sp ecific interfaces, see “Dis playin g Int erface Set tings” o n page 1 2-13. Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode: MSTP Spanning tree enable/disable: enabl e Insta[...]
-
Page 807
SHOW S PANNING - TR EE MST CONFIGURATION 31-27 show spanning-t ree mst configuration This comm and shows the configuration of the multiple spanning tree. Command Mode Pri vileged Ex ec Example Console#show spanning-tree mst configurat ion Mstp Configuration Information ----------------------------------------- --------------------- Configuration na[...]
-
Page 808
S PANNING T RE E C OMMANDS 31-28[...]
-
Page 809
32-1 C HAPTER 32 VLAN C OMMANDS A VLAN is a g roup of port s that ca n be locate d anywhe re in the network, but co mmuni cate as th ough th ey belo ng to the sam e ph ysical s egment. This secti on descr ibes co mmands u s ed t o create V LAN groups , add port members , specify h ow V LAN tagging is use d, and enab le auto matic VLAN reg istrati o[...]
-
Page 810
VLAN C OMMANDS 32-2 GVRP and Bridge Extens ion Commands GARP VLA N Registration P rotocol d efines a wa y for swit ches to exc h ange VLAN info rm ation in order to automat ically register VLAN members on in terface s across the net w ork. This secti on descr ibes how t o enable GVRP for individual interfaces and globally for the switch, as well as[...]
-
Page 811
GVRP AND B RIDGE E XTENSION C OMMANDS 32-3 Command Usage GVRP defines a way for switches to exchange VLAN infor mation in order to register VL AN membe rs on por ts ac ross the n etwork. This function sh ould be enab led to per mit automatic VLA N registra tion, and to suppor t VLAN s which exten d beyond the local s witch. Example show bridge-ext [...]
-
Page 812
VLAN C OMMANDS 32-4 swit chport gvrp This command enables G VRP for a p ort. Use the no form to disab le it. Syntax [ no ] s w i t ch po rt gv rp Default Setting Disabled Command Mode Interf ace Conf igur ation (E thernet, P ort Channel) Example show gvrp configuration This comm and shows if GVRP is enabled. Syntax show gvr p configuration [ interf[...]
-
Page 813
GVRP AND B RIDGE E XTENSION C OMMANDS 32-5 garp timer This comm and sets the values for the join, leave and leav e all timers . Us e the no for m to restore th e timers’ defau lt values . Syntax gar p timer { jo in | leave | le aveall } timer_value no gar p timer { join | leav e | lea vea ll } •{ join | leave | lea veal l } - Timer to se t. •[...]
-
Page 814
VLAN C OMMANDS 32-6 Example Related Commands show gar p timer (32-6) show garp timer This comma nd sho ws the GARP ti mers f or th e selec ted inter face . Syntax show garp timer [ inte rfa ce ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) Defa[...]
-
Page 815
E DIT ING VLAN G RO U P S 32-7 Editing VLAN Groups vlan database This c ommand enters VLAN d atabase mode. All commands in this mode will take effect immediately . Default Setting None Command Mode Global Configura t ion Command Usage • Use the VLA N databa se command m ode to add, change, an d delet e VLANs. Afte r finishing configuration c hang[...]
-
Page 816
VLAN C OMMANDS 32-8 vlan This command configures a VLAN . Use the no for m to restore the default settings or de lete a VLAN . Syntax vlan vlan-id [ name vlan-name ] media ether net [ state { act ive | susp end }] no vlan vla n-id [ name | state ] • vlan -id - ID of co nfigured VLAN. (Range: 1-4093, no leading zeroe s) • name - Keyword to be fo[...]
-
Page 817
C ONFIGURING VLAN I NTERFACES 32-9 Related Commands show vlan (32-16) Configuring V LAN Interfaces interface vlan This comma nd enter s interfac e config uration mode for VLANs, which is used to confi gure VLAN paramete rs for a ph ysical in terface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN . (Range: 1-4093, no leading ze[...]
-
Page 818
VLAN C OMMANDS 32-10 Default Setting None Command Mode Global Configura t ion Example Th e following exa mple shows how to set the in terfac e configur ation mode to VLAN 1, an d then a ssign an IP address to the VLAN: Related Commands shutdown (25-10) switchport mode This comma nd confi gures the VLAN m embership mode fo r a port. Use the no for m[...]
-
Page 819
C ONFIGURING VLAN I NTERFACES 32-11 Example Th e following shows how to se t the con figurat ion mode t o port 1, and then se t the swit chport mo de to hybrid: Related Commands switchport accept able-frame-types (32-11) switch port acceptable-frame- types This comma nd confi gures the acceptabl e frame ty pes fo r a port. Use t he no for m to r es[...]
-
Page 820
VLAN C OMMANDS 32-12 Related Commands switchpor t mode (32-10) switchport ingres s-filtering This c ommand enables in gress filt ering for an i nterface . Use the no form to restore th e default. Syntax [ no ] sw itchpor t ingress-filtering Default Setting Disabled Command Mode Interf ace Conf igur ation (E thernet, P ort Channel) Command Usage •[...]
-
Page 821
C ONFIGURING VLAN I NTERFACES 32-13 switchport native vlan This c ommand configu res the PV ID (i.e., default V LAN ID) for a p ort. Use the no for m to restore the default. Syntax swi tchpor t nativ e vlan vlan- id no switchpor t nativ e vlan vlan-id - Default VLAN ID fo r a port. (Range: 1-4093, no leading zero es) Default Setting VLAN 1 Command [...]
-
Page 822
VLAN C OMMANDS 32-14 switchport allowed vlan This comma nd config ures VLA N g roup s on the s electe d inter face . Use the no for m to resto re the default . Syntax swi tchpor t allo wed vlan { add vl an- list [ tagged | untagged ] | rem o ve vlan- list } no switchpor t allo wed vlan • add vlan-lis t - Li st of VLAN identifier s to add. • rem[...]
-
Page 823
C ONFIGURING VLAN I NTERFACES 32-15 • If a VLAN on the forbidden list for an interface is manually added to that inte rface, the VL AN is autom atically removed from the forbidden list for that int erface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tagg ed VLA Ns for port 1: switchport forbid den vl[...]
-
Page 824
VLAN C OMMANDS 32-16 Example Th e following example shows how to pr event por t 1 fro m being ad ded to VLAN 3: Displaying VLAN Inform ation This se ction describe s commands used to dis play VLAN infor mation. show v lan This command s hows VLAN infor mation. Syntax show v lan [ id vlan- id | name vlan- name ] • id - Keyw ord to be f ollowed by [...]
-
Page 825
C ONFIGURING P RI VATE VLAN S 32-17 Example Th e following example shows how to di splay infor mation fo r VLAN 1 : Configuring P rivate VLANs Pri vat e VLANs p rov ide po rt-based securit y and isolati on betw een ports with in the as sign ed VLAN . This section descr ibes co mmands u sed to config ure private V lANs. pvlan This comman d enables o[...]
-
Page 826
VLAN C OMMANDS 32-18 Default Setting No priv ate VLANs are defin ed. No default g roup exists. Command Mode Global Configura t ion Command Usage • A private VLA N provide s por t-based s ecurity an d is olatio n betw een ports wit hin the VLAN. Data traffic on the d ownlin k port s can only be forw arded to , and f rom, t he upli nk po rt. Dat a [...]
-
Page 827
C ONFIGURING P RI VATE VLAN S 32-19 show p vlan This comma nd disp lays the co nfigure d pri va t e VL AN . Command Mode Pri vileged Ex ec Example This exampl e sho ws the info r matio n displ aye d when no group i s defined. This exampl e sho ws the in for matio n disp laye d a group is defin ed. Console(config)#pvlan Console(config)#pvlan up-link[...]
-
Page 828
VLAN C OMMANDS 32-20 Configuring Protocol-based VLANs The ne tw ork devices r equired to support m ulti ple pr otoc ols can not be easily g rouped into a common VLAN . Th is may require non-standard devices to pass traffic betw een diff erent VL ANs in order to enco mpass all the devices par ticipating in a specific protocol. This kind of c onfigur[...]
-
Page 829
C ONFIGURING P RO T OC OL - BASE D VLAN S 32-21 3. Then map the protoco l for eac h interface to the appr opriate V LAN using th e protocol-vlan protocol-gr oup comma nd (Int erface Configuration m ode). protocol-vlan protocol-gr oup (Configuring Groups) This com mand crea tes a protoco l group , or to add speci fic pro tocol s to a gro up . Us e t[...]
-
Page 830
VLAN C OMMANDS 32-22 protocol-vlan protocol-gr oup (Configuring Interfac es) Th is comman d maps a pr otoco l gr oup to a VL AN for the c ur rent interface. Use the no for m to re mov e the prot ocol mappin g for this interface. Syntax protocol-vla n protocol-g roup gr oup-id vlan vl an-id no protoc ol-vlan protocol-group group-id vlan • group-id[...]
-
Page 831
C ONFIGURING P RO T OC OL - BASE D VLAN S 32-23 Example Th e following exam ple maps the tr affic ente ring Port 1 which matche s the protoc ol type specif ied in proto col g roup 1 to VLAN 2. show protocol-vlan protocol-group Th is comman d shows t he fram e and pro tocol type as sociat ed with protoc ol g r oups. Syntax sho w proto col- vlan pr o[...]
-
Page 832
VLAN C OMMANDS 32-24 show interfaces protoc ol-vlan protocol-gro up Th is comman d shows the ma pping fro m protoc ol g roups to VL ANs for the se lected interfaces . Syntax sho w int erfaces protoc ol-v lan prot ocol -group [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) •[...]
-
Page 833
C ONFIGURING IEE E 802. 1Q T UNNELING 32-25 Configuring I EEE 802.1Q Tunneling QinQ tunneling uses a single Se rv ice Pro vider VLAN (SPVLAN) for custom ers w ho hav e mult iple VLA Ns . Customer VL AN IDs are p reserved and tra ffic from different customers is se g regated with in th e ser vice pro vider’ s net wo rk ev en when t hey use th e sa[...]
-
Page 834
VLAN C OMMANDS 32-26 5. Configur e the QinQ tunn el port to j oin the SPVLAN a s an unta g ged member ( switchport allowed vlan , page 32-14). 6. Configu re the SPVLA N ID as the na tive VID on th e QinQ tun nel por t ( switchport native vlan , pag e 32-13). 7. Configu re the QinQ u plink po rt to jo in the SPV LAN as a ta g ged member ( switchport[...]
-
Page 835
C ONFIGURING IEE E 802. 1Q T UNNELING 32-27 • T he packe t must have a standard ethertype value of 0x8100 for this command to take effect. Otherwi se, the priority bits in the ou ter tag are s et to z ero. • Us ing a fixed priority level for all customer traffic allows the service provider to more easily calculate the resources required to main[...]
-
Page 836
VLAN C OMMANDS 32-28 to the servi ce pr ovider ’s out er ta g. The T ag Prot ocol I dentif ier ( TPID) of the tu nnel por t is us ed for the o uter tag . Th e default is for the standard ethertype v alue 0x8100, but ma y be chan ged to a non-s tandard v alue using the s witchpor t dot1q-etherty pe comma nd (pag e 32-29). The tunnel por t’s nati[...]
-
Page 837
C ONFIGURING IEE E 802. 1Q T UNNELING 32-29 switchport dot1q-ethertype This command sets t he T ag Protocol Identifi er (TPID ) val ue of a t unnel port. U se the no for m to res tore the d efault set ting . Syntax swi tchpor t dot1q-ether type tpi d no switchpor t dot1q-etherty pe tpi d – Set s the et hertype v alue for 802. 1Q enca psulat ion. [...]
-
Page 838
VLAN C OMMANDS 32-30 Example Related Commands show int erfaces switchpor t (page 25-16) Configuring V LAN Swapping QinQ t unnel ing uses double tagging to pre s erve t he custo mer’s VL AN tags on traffi c cross ing the service p rovider’ s netw ork. However, i f any switch in the p ath cr ossin g the ser v ice p rovider’ s netw ork doe s not[...]
-
Page 839
C ONFIGURING VLAN S WAPP IN G 32-31 uplink po rt (us ing the comma nd paramete rs – input VLA N ID , output VLAN ID , and uplink interface). 3. Enter I nterface C onfiguratio n mode for th e uplink port, and m ap the ser vice prov ider’ s VLAN ID to the custo mer’ s VLAN I D for t raffic forwarded to the downlink por t (usin g the comma nd pa[...]
-
Page 840
VLAN C OMMANDS 32-32 • VLAN swappi ng on ly supp orts one-to -one mapping of VLA N IDs between a V DSL port and a n uplink port. • V LAN IDs must be ma pped for both the u pstre am and do wnst ream directio n. • T he maximum number of VLAN swap e ntries is 64 per port groups 1-8, 9-16, 17, and 18. However, note that configuring a large number[...]
-
Page 841
C ONFIGURING VLAN S WAPP IN G 32-33 Example Console#show vlan swap vlan-swap enable ethernet 1/1 invlan outvlan outport 1 100 1/18 ethernet 1/18 invlan outvlan outport 100 1 1/1 Console#[...]
-
Page 842
VLAN C OMMANDS 32-34[...]
-
Page 843
33-1 C HAPTER 33 C LASS OF S ERVICE C OMMANDS The com mands described in this se ction allow you to specify which data pack ets hav e greater precede n ce wh en traffic is buffer ed in the switc h due to co nges tion. T his s witch supp orts CoS w ith eig ht pr iority q ueues for each port. Data packets in a port’ s high-priority queue will b e t[...]
-
Page 844
C LASS OF S ER VICE C OMMANDS 33-2 priority bits This command sets the priority bi ts in the VLAN tag of pack ets sent by the CPU . Use the no for m to restore th e default v alue . Syntax [ no ] priority bits Default Setting Disabled Command Mode Global Configura t ion Command Usage When prior ity bit s are us ed in p ack ets sen t from t he CP U,[...]
-
Page 845
P RIORITY C OMMANDS (L AYER 2) 33-3 Levels,” on page 33-8 for information on how CoS values are mapped to the ou t put queues. Example queue mode This c ommand sets th e queue mod e to strict prior ity , W eight ed R ound- R obin (WR R), or a combin ation of bo th for t he clas s of service (CoS) pr iority qu eues . Use the no for m to restore th[...]
-
Page 846
C LASS OF S ER VICE C OMMANDS 33-4 • Weighted Round-Ro bin (WRR) specifies a relat ive weight of each queue that de termines the pe rcentag e of servi ce time t he swit ch services each queue before moving on to the next que ue. This prevents the head -of-line b locking that can o ccur wit h strict p riority queuing. • Hybrid mode uses s trict [...]
-
Page 847
P RIORITY C OMMANDS (L AYER 2) 33-5 Related Commands priority bits (33-2) priority ipv6 (33-17) show q ueue mode This comma nd sho ws the current queu e mode . Default Setting None Command Mode Pri vileged Ex ec Example switchport prior ity default This comma nd sets a prior ity for incomi ng untagged frames . Use the no for m to res tore the defau[...]
-
Page 848
C LASS OF S ER VICE C OMMANDS 33-6 Command Usage • The precedence fo r priorit y mapping i s IP Port, IP Prece dence or IP DSCP , and def ault swit chport priorit y. • T he defaul t priority a pplies for an untagged frame rec eived on a port set to ac cept all frame ty pes (i.e, r eceives both untagged a nd tagged frames). This priority does no[...]
-
Page 849
P RIORITY C OMMANDS (L AYER 2) 33-7 queue bandwidth This c ommand as signs weight ed round-r obin (WRR) weight s to the e ight class of service (CoS) priori ty queues , or spe cifies a h igh-pr iorit y queue when the queue m ode is se t to hyb rid. Use t he no fo r m to restore the defau lt weights. Syntax queue bandwidth weigh t1. ..we igh t8 no q[...]
-
Page 850
C LASS OF S ER VICE C OMMANDS 33-8 Example This exampl e assig n WRR w eights to pri ority queues 0-5, and s trict p riority to queues 6 and 7: Related Commands queue mode (33-3) sho w queue bandwid th (33- 9) queue cos-map This c ommand assign s class of ser vice (Co S) values to the prio rity queu es (i.e., hardware output q ueues 0 - 7). Use the[...]
-
Page 851
P RIORITY C OMMANDS (L AYER 2) 33-9 Command Mode Interfac e Confi guration (E thern et, P or t Channel) Command Usage CoS values as signed at the ingre ss port are al so used at the egress p ort. This comman d sets the Co S priority for all interfaces. Example Th e following example shows how to chan ge th e CoS as signment s to a one- to-one mapp [...]
-
Page 852
C LASS OF S ER VICE C OMMANDS 33-10 Example show queue cos-map This com mand sh ows the class of service prior ity map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) Default Setting None Command Mode Pri [...]
-
Page 853
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-11 Priority Commands (Layer 3 and 4) This section descr ibes com mands u sed to con figure L ayer 3 and La yer 4 traffi c priority on the switch. Table 33-4 Priority Commands (Layer 3 and 4) Command Fun ction Mode Page map ip port Enables TCP/UDP class of service mapping GC 33 -12 map ip port Maps TCP/UDP s[...]
-
Page 854
C LASS OF S ER VICE C OMMANDS 33-12 map ip port (Global Configuration) This comman d enables IP port mapp ing (i.e., class of ser vice mapping for TCP/UDP so ck ets). Use t he no f o rm to di sa b le IP po rt m ap pi n g . Syntax [ no ] m ap ip por t Default Setting Disabled Command Mode Global Configura t ion Command Usage Th e prec eden ce fo r p[...]
-
Page 855
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-13 Command Mode Interfac e Confi guration (E thern et, P or t Channel) Command Usage • The precedence fo r priorit y mapping i s IP Port, IP Prece dence or IP DSCP , and def ault swit chport priorit y. • Up to 8 entr ies can be speci fied fo r IP Port priorit y mappin g. • T his command sets the IP p [...]
-
Page 856
C LASS OF S ER VICE C OMMANDS 33-14 Example The follo wing example sho ws ho w to enable I P prec edence ma pping globally: map ip precedence (Interface Configuration) This command sets IP precedenc e priority (i.e., IP T ype of Ser vice prio rity ). Use the no for m to restore the default table . Syntax map ip precedence ip-pr ecedence-value cos c[...]
-
Page 857
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-15 Example Th e following example shows how to map IP prec edence v alue 1 to CoS va lu e 0: map ip dscp (Global Configuration) This comm and enables IP DSCP mapping (i.e., Differentiated Ser vic es Code Point mapping). Us e the no for m to disable IP DSCP mapping . Syntax [ no ] m ap ip dscp Default Settin[...]
-
Page 858
C LASS OF S ER VICE C OMMANDS 33-16 map ip dscp (Interface Configuration) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Code P o int priority). Use the no form to re stor e the def aul t tab le . Syntax map ip dscp dscp-v alue cos cos-value no map ip dscp • dscp-va lue - DSCP value. (Range: 0-63) • cos-va lue - Class -of-S[...]
-
Page 859
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-17 Example The follo wing example show s ho w to ma p IP DSCP v alue 1 to Co S v alue 0: priority ipv6 This command assigns IPv6 traffic classes t o one of the Class -of-Service v alues . Use the no for m to restor e the defa ult setting. Syntax prio rity ip v6 interfac e traffic-class cos-v alue no queue m[...]
-
Page 860
C LASS OF S ER VICE C OMMANDS 33-18 Example The follo wing ex ample map s the T raffic Class v alue of 1 to CoS v alue 0: show map ip por t Th is command shows the IP p ort priority ma p . Syntax show map ip port [ in terface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-chann[...]
-
Page 861
P RIORI TY C OMMANDS (L AY ER 3 AND 4) 33-19 show map ip precedence This comma nd sho ws the IP pr ecedence prio rity map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) Default Setting None Command Mo[...]
-
Page 862
C LASS OF S ER VICE C OMMANDS 33-20 show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ inte rface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) Default Setting None Command Mode Pri vileged Ex ec Example [...]
-
Page 863
34-1 C HAPTER 34 Q UALITY OF S ERVICE C OMMANDS The com mands described in this section are used to configure Different iated Services (DiffServ) classification criter ia and service policie s . Y ou can c lassify t raffic b ased on a ccess lists , IP Precedence or DSCP value s , or VLANs . Using access lists allows you select traffic based on La y[...]
-
Page 864
Q UALITY OF S ER VI CE C OMMANDS 34-2 T o create a s er vice po licy for a specifi c categor y of ingress traffic , follow thes e ste ps: 1. Use the class-map comman d to desi gnat e a cl ass n ame fo r a sp ecif ic cate g ory of traffic , and ent er the C l ass Map con figurat ion mod e . 2. Use the match command to select a s pecify t ype of t ra[...]
-
Page 865
CLASS - MAP 34-3 Notes: 1. You can config ure up to 16 rules per C lass Map. Y ou can also include multiple classe s in a Policy Map. 2. You should create a Class Map (page 34-3) befo re creatin g a Policy Map (page 34-6). Ot herwise, you will no t be able to speci fy a Clas s Map with th e class command (page 34-7) after entering Policy- Map Confi[...]
-
Page 866
Q UALITY OF S ER VI CE C OMMANDS 34-4 • The class map is used wit h a policy ma p (page 34-6) to create a service policy ( page 34-10) for a specific interf ace that defines pa cket class ificati on, servic e tagging , and bandw idth po licing. Example This examp le creat es a clas s map c all “rd_ class, ” and sets it to ma tch packet s mark[...]
-
Page 867
MATC H 34-5 comman d to speci fy the fiel ds wit hin ingr ess pa ckets tha t must ma tch to qualify fo r this class map. • O nly one match comman d can be entered per cl ass map. • The class ma p uses the Acce ss Cont rol Lis t filter ing engine, s o you must also set an ACL mask to enable filtering fo r the criteria specified in the match comm[...]
-
Page 868
Q UALITY OF S ER VI CE C OMMANDS 34-6 policy-map This comma nd crea tes a po licy map that ca n be attach ed to m ultiple inte rfaces , and enters P olicy Map co nfigur ation mod e . Use the no for m to delete a policy map an d return to Global conf i guration m ode . Syntax [ no ] policy-map polic y-map-name policy-map -name - Name of the policy m[...]
-
Page 869
CLASS 34-7 class This command defines a traffic classifi ca tion upo n whic h a policy c an act, and ent ers P olicy Map Class con figurat ion mod e. Use th e no for m to delete a class map and re turn to P o licy Map co nfigur ation mode . Syntax [ no ] class class-map-name class-map- name - N ame of th e class map . (Range: 1-16 characters) Defau[...]
-
Page 870
Q UALITY OF S ER VI CE C OMMANDS 34-8 Example This examp le creat es a pol icy call ed “r d_polic y , ” uses the class com mand to sp ecify th e previous ly defi ned “rd_ class , ” use s the set c ommand to classify the ser vic e that incoming packets will receive , and then uses th e police command to limit the av erage bandwidth to 100,00[...]
-
Page 871
POLICE 34-9 police command to limit the av erage bandwidth to 100,000 Kbps, the burst rate to 15 22 bytes, and conf igure the respo nse to drop any vi olating packet s . police Th is command defi nes an po licer fo r clas sified traffi c . Use the no for m to remove a policer. Syntax [ no ] polic e rate-kbps bur st-byte [ exceed-action { drop | set[...]
-
Page 872
Q UALITY OF S ER VI CE C OMMANDS 34-10 Example This examp le creat es a pol icy call ed “r d_polic y , ” uses the class com mand to sp ecify th e previous ly defi ned “rd_ class , ” use s the set c ommand to classify the ser vic e that incoming packets will receive , and then uses th e police command to limit the av erage bandwidth to 100,0[...]
-
Page 873
SHOW CLASS - MAP 34-11 Example This e xample applies a ser vic e policy to an ingr ess interface. show class-map This comman d displays the QoS class maps which define matching crite ria used for classify ing traffic . Syntax show class-map [ class-map- name ] class-map- name - N ame of th e class map . (Range: 1-16 characters) Default Setting Disp[...]
-
Page 874
Q UALITY OF S ER VI CE C OMMANDS 34-12 show p olicy -map This c ommand displays the QoS policy maps which define classification criteria for incoming traffic , and may include policers for bandw idth limitations. Syntax show policy-map [ polic y-map-name [ class class -map-name ]] • policy-map-name - Na me of the p olicy map. (Ran ge: 1-1 6 char [...]
-
Page 875
SHOW POLIC Y - MAP IN TER FA CE 34-13 Command Mode Pri vileged Ex ec Example Console#show policy-map interface etherne t 1/5 Service-policy rd_policy input Console#[...]
-
Page 876
Q UALITY OF S ER VI CE C OMMANDS 34-14[...]
-
Page 877
35-1 C HAPTER 35 M ULTICAST F ILTERING C OMMANDS Th is switch uses IGMP ( Inter net Gro up Manag ement P rotocol) to que ry for any a ttac hed host s that w ant to recei ve a speci fic mul ticast ser vic e. I t ident ifies t he ports con tainin g host s reques ting a service and sends data out to those ports only . It then propa gates the s er vice[...]
-
Page 878
M ULTICAST F ILTERING C OMMANDS 35-2 IGMP Snooping Commands This sect ion descr ibes command s used t o conf igure I GMP sn ooping o n the s witch. ip igmp snooping This c ommand enables IG MP snoopin g on this switch. Use th e no fo r m to dis able it. Syntax [ no ] ip igmp snooping Default Setting Enabl ed Command Mode Global Configura t ion Tabl[...]
-
Page 879
IGMP S NOOPING C OMMANDS 35-3 Example The follo wing example enable s IGMP s noopi ng . ip igmp snooping vlan static This comm and adds a port to a multicast g roup . Use th e no for m t o remov e the port. Syntax [ no ] ip igmp snooping vlan vlan-id static ip-ad dre ss interface • vlan -id - VLAN ID (Range: 1-4093) • ip-address - IP address fo[...]
-
Page 880
M ULTICAST F ILTERING C OMMANDS 35-4 ip igmp snooping version This comma nd confi gures the IGMP s nooping ve rsion. U se the no fo r m to restore th e default. Syntax ip igm p snoo ping v er sio n { 1 | 2 | 3 } no ip igmp snooping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 • 3 - IGMP Version 3 Default Setting IGMP V ers ion 2 Command [...]
-
Page 881
IGMP S NOOPING C OMMANDS 35-5 ip igmp snooping immediate- leave This command immediately deletes a member por t of a m ulticast ser v ice if a leav e packet is receiv ed at that por t and immediate-leave is enabled for the pare nt VLAN . Use the no for m to restore the defa ult. Syntax ip igmp snoopin g immedi ate-lea v e no ip igmp snooping immedi[...]
-
Page 882
M ULTICAST F ILTERING C OMMANDS 35-6 show ip igmp snooping Th is comman d shows the IG MP snoop ing config uratio n. Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Conf iguring IGMP Sn oopin g and Que ry Parame ters ” on pag e 16-4 fo r a desc ription o f the d isplayed ite ms . Example Th e following shows the cur re nt[...]
-
Page 883
IGMP Q UER Y C OMMANDS 35-7 Command Mode Pri vileged Ex ec Command Usage Membe r type s displa yed inc l ud e IGMP o r USE R, depend ing on selec ted op tion s . Example The following shows the multicast entries lear ned throug h IGMP snoopin g for VLAN 1: IGMP Query Co mmands This secti on descr ibes co mmands u sed to c onfigu re La yer 2 IGMP qu[...]
-
Page 884
M ULTICAST F ILTERING C OMMANDS 35-8 ip igmp snooping querier This command enables the sw itch as an IGMP qu erier . Use th e no form to disa ble it. Syntax [ no ] ip igmp snooping querier Default Setting Enabl ed Command Mode Global Configura t ion Command Usa ge If enabled, the switch will ser v e as querier if elected. T he querier is respon sib[...]
-
Page 885
IGMP Q UER Y C OMMANDS 35-9 Command Usage Th e quer y co unt def ines how lon g the q uerier waits f or a resp onse from a multicast clie nt bef ore tak ing ac tion. If a q ueri er has se nt a nu mber of querie s defined b y this comma nd, bu t a client h as not respond ed, a countd own timer is sta rte d using the time defined by ip igmp snooping [...]
-
Page 886
M ULTICAST F ILTERING C OMMANDS 35-10 ip igmp snooping query-max- response-time This comma nd config ures the query repor t dela y . Use the no form to restore the default. Syntax ip igmp snooping quer y-max-response-time seco nds no ip igmp snooping quer y-max-response-time seconds - Th e repo rt delay a dvertis ed in IGMP qu eries . (Ran ge: 5-25[...]
-
Page 887
IGMP Q UER Y C OMMANDS 35-11 ip i gmp s noopi ng ro uter- por t-exp ire-t ime This comma nd conf igures t he query timeout . Use th e no form to restore the de fault. Syntax ip igm p sno oping router -port-exp ire-t ime seconds no ip igmp snooping router-por t-expire-time seconds - T he time the switch waits af ter the previo us querier stops befor[...]
-
Page 888
M ULTICAST F ILTERING C OMMANDS 35-12 Static Multicast Routing Commands This se ction describes c ommands used to configure stat ic multicast routing on the sw itch. ip igmp snooping vlan mrouter This comm and statically configures a multicast router por t. Use the no for m to remove the c onfiguration . Syntax [ no ] ip igmp snooping vlan vlan-id [...]
-
Page 889
S TATI C M ULTICAST R OUTING C OMMANDS 35-13 Example Th e fol lowing shows how to co nfig ure p or t 11 a s a multic ast r oute r por t withi n VLAN 1: show ip igmp snooping mr outer This comm and displays infor mation on statically configured and dynamically lear ned multicast router por ts . Syntax show ip igmp snoo ping mrouter [ vlan vlan-id ] [...]
-
Page 890
M ULTICAST F ILTERING C OMMANDS 35-14 IGMP Filtering and Throt tling Commands In certain switch applications , the administrat or may w ant to control th e multicas t ser vices that are av ailable to end users . F or example, an IP/TV ser vice base d on a specific subscription plan. T he IGMP filtering feature fulfill s this requirem ent b y rest r[...]
-
Page 891
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-15 ip igmp filter (Global Configuration) This c ommand globally en ables IGMP filtering and throttling on the switch. U se the no for m to disable the feature. Syntax [ no ] ip igmp fi lter Default Setting Disabled Command Mode Global Configura t ion Command Usage • I GMP filtering enables you to ass[...]
-
Page 892
M ULTICAST F ILTERING C OMMANDS 35-16 ip igmp profile This command create s an IGMP fi lter pro file n umber and enters IGMP profile configuration mode. Use the no for m to delete a profile number . Syntax [ no ] ip igmp prof ile profil e-number pr ofile- number - An I GMP filter profile n umber . (Range: 1-4294967295) Default Setting Disabled Comm[...]
-
Page 893
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-17 Command Usage • Each prof ile ha s only one ac cess mode; e ither permit or de ny. • W hen the a ccess mod e is set to pe rmit, IGMP jo in report s are processe d when a multicast group fa lls wit hin the controlled rang e. When the acc ess mode is s et to deny , IGMP join rep orts are o nly pro[...]
-
Page 894
M ULTICAST F ILTERING C OMMANDS 35-18 ip igmp filter (Interface Configuration) This c ommand assigns an IGMP filter ing profile to an interface on the switch. U se the no form to remov e a profile fr om an inter face. Syntax [ no ] ip igmp fi lter pr ofile- number pr ofile- number - An I GMP filter profile n umber . (Range: 1-4294967295) Default Se[...]
-
Page 895
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-19 Default Setting 64 Command Mode Interf ace Configur ation Command Usage • I GMP throttling sets a maximum nu mb er o f multicast group s that a p o r t c a n j o i n a t t h e s a m e t i m e . W h en the maxim um numb er of grou ps is rea ched on a port, th e switch can ta ke one of two actio ns;[...]
-
Page 896
M ULTICAST F ILTERING C OMMANDS 35-20 Command Usage When the maximum number of g roups is reached on a port , the switch can ta ke on e of tw o actions; eithe r “deny ” or “repla ce. ” If th e actio n is set to den y , any new IGMP join re por ts will be drop ped. If the action is set to r eplac e, the switch r andomly re mov es an exist in[...]
-
Page 897
IGMP F ILTERING AND T HR OTTL ING C OMMANDS 35-21 Example show ip igmp profile This comma nd disp lays IGMP f ilter ing profi les cr eated on the sw itc h. Syntax show ip igmp pr ofile [ pr ofile-n umber ] pr ofile- number - An e xisting IGMP filter profile number . (Range: 1-4294967295) Default Setting None Command Mode Pri vileged Ex ec Example C[...]
-
Page 898
M ULTICAST F ILTERING C OMMANDS 35-22 show ip igmp throttle inter face This c ommand displays th e interface se ttings for IGMP th rottling . Syntax show ip igmp throttle interface [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - Po rt nu mber. (R ange : 1-19) • port-channel chann el-id (Range: 1-12) Defa[...]
-
Page 899
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-23 Multi cast VL AN Reg istra tion Com mands This se ction describe s commands used to config ure Multicast VLAN Registrati on (MVR). A single network-w ide VLAN c an be used t o transmit multicast traffic (such as television c hannels) acros s a ser vice provider’ s network. Any multicast tr affic enter[...]
-
Page 900
M ULTICAST F ILTERING C OMMANDS 35-24 mvr (Global Configuration) This c ommand enables Multicas t VLAN R egistration (M VR) globally on the switch, enables a sp ecific MVR domain using the domain ke yword , statically configures MVR multicast g roup IP address(e s) using the gro up ke ywo rd, or s pecifi es the MV R VLAN id entifi er usi ng the vl [...]
-
Page 901
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-25 •U s e t h e mvr group command to statically config ure all multicast group addre sses that will join an MV R VLAN. Any multicast data associated with an MVR group is sent from all source po rts, and to all receiver p orts t hat have regi stered to rece ive d ata from that multicast group . The IP add[...]
-
Page 902
M ULTICAST F ILTERING C OMMANDS 35-26 mvr (Interface Configuration) This command configures an interf ace as a s tatic member of an MVR domain using the group ke ywo rd, or con figures an i nterface a s an MVR recei v er or source po rt using t he type k eyw ord. Us e the no for m to restor e the de fault settin gs . Syntax [ no ] mvr { domain do m[...]
-
Page 903
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-27 groups within an MVR V LAN. Multicast groups can also be statically assigned to a rece iver por t usin g the group keyword. However, if a receiver port is statically configured as a member of an MVR VLAN, its status will be inactive. Also, note that VLAN membership for MVR receiver ports cannot be set t[...]
-
Page 904
M ULTICAST F ILTERING C OMMANDS 35-28 mvr immediate This command causes the s witch to immediate ly removes an interface from a multicast stream as soon as it receives a lea ve message for that group . Use the no f or m to restore the default se ttings. Syntax [ no ] mvr immediate Default Setting Disabled. Command Mode Interf ace Conf igur ation (E[...]
-
Page 905
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-29 show m vr This command show s information about the global M VR configuratio n settin gs when en tered wit hout a ny keyw ords , th e interfac es atta che d to the MVR VLAN usin g the interface k eyw ord, or the multi cast groups assi gned to the MV R VLAN u sing the members keyw ord. Syntax show mvr [ [...]
-
Page 906
M ULTICAST F ILTERING C OMMANDS 35-30 Example Th e following shows the global MV R settin gs: Console#show mvr ================================ MVR domain : 1 MVR Status:enable MVR running status:TRUE MVR multicast vlan:1 MVR Max Multicast Groups:255 MVR Current multicast groups:1 ================================ MVR domain : 2 MVR Status:disable M[...]
-
Page 907
M ULTICAST VLAN R EGISTRATION C OMMANDS 35-31 The following dis plays information ab out t he in terfaces a t tach ed to t he MVR VL AN: Console#show mvr interface ========================================= ============== MVR domain : 1 Port Type Status I mmediate Leave ------- -------- ------------- - -------------- eth1/1 SOURCE ACTIVE/UP Disable [...]
-
Page 908
M ULTICAST F ILTERING C OMMANDS 35-32 The following shows info rmation about the interfaces associated with multicast g roups assigned to th e MVR VLAN: Console#show mvr members =================================== MVR domain : 1 MVR Group IP Status Members ---------------- -------- ------- 225.0.0.1 ACTIVE eth1/1(d), et h1/2(s) 225.0.0.2 INACTIVE N[...]
-
Page 909
36-1 C HAPTER 36 D OMAIN N AME S ERVICE C OMMANDS These commands are used to configure Do main Naming Syst em (DNS) ser vices. Y ou can manually configure entries in the DNS domain nam e to IP ad dress m apping table, co nfigure default domain names, or s pecify one or more name s er v ers to use for domain name to ad dress tran slation. Note that [...]
-
Page 910
D OMAIN N AME S ER VICE C OMMANDS 36-2 ip host This comma nd crea tes a static en try in the DN S table that m aps a ho st name to an I P address . Use the no for m to remo ve a n entry . Syntax [ no ] ip ho st name addr ess1 [ addr ess2 … addr ess8 ] •n a m e - Name of the host. (Range: 1-127 character s) • address1 - Correspo nding IP addre[...]
-
Page 911
CLEA R HOST 36-3 Example This example maps tw o address to a ho st name . clear host This c ommand deletes e ntries from the DNS table. Syntax clear host { name | * } •n a m e - Name of the host. (Range: 1-127 character s) • * - Rem oves a ll entri es. Default Setting None Command Mode Pri vileged Ex ec Example This exampl e clears all stati c [...]
-
Page 912
D OMAIN N AME S ER VICE C OMMANDS 36-4 ip domain-name This command defines the defau lt domain name app ended t o incomp lete host na mes (i.e., host na mes passe d from a clie nt that are no t for mat ted with dott ed notatio n). Use the no form to remo ve the current domain name. Syntax ip doma in-name name no ip doma in-name name - Name of th e [...]
-
Page 913
IP DOMA IN - LIST 36-5 ip domain-list Th is comman d define s a list of do main name s that can be append ed to incomple te host na mes (i.e., host na mes passe d from a clie nt that are n ot for ma tted wi th dott ed not ation ). Use th e no for m to remo ve a name f rom this list. Syntax [ no ] ip domain- list name name - Name of th e host. Do no[...]
-
Page 914
D OMAIN N AME S ER VICE C OMMANDS 36-6 Example Th is example adds two domain names to the cu rr ent list an d then d isplays the list. Related Commands ip domain-name (36-4) ip name-server This comman d specifies the add ress of on e or more domai n name s er ve rs to us e for n ame- to-a ddre ss res olut ion. U se t he no for m to r emove a nam e [...]
-
Page 915
IP DOMA IN - LOOKUP 36-7 Example This examp le adds tw o doma in-name servers to the li st and then dis pla ys the list. Related Commands ip domain-name (36-4) ip domain-lookup (36-7) ip domain-lookup This command enables DNS host name-t o-address tr anslation. Use the no for m to disable DNS . Syntax [ no ] ip domain- lookup Default Setting Disabl[...]
-
Page 916
D OMAIN N AME S ER VICE C OMMANDS 36-8 Example This examp le enable s DNS an d then displa ys the configura t io n. Related Commands ip domain-name (36-4) ip name-ser ver (36-6) show h ost s This c ommand displays the static host n ame-to-address mapp ing table. Command Mode Pri vileged Ex ec Example Note that a host na me will be displayed as an a[...]
-
Page 917
SHOW DNS 36-9 show d ns This comm and displays the configuration of the DN S serv ice. Command Mode Pri vileged Ex ec Example show d ns ca che This comma nd disp lays entri es in th e DNS cac he. Command Mode Pri vileged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp [...]
-
Page 918
D OMAIN N AME S ER VICE C OMMANDS 36-10 clear dns cache This comm and clears all entries in the DNS cache. Command Mode Pri vileged Ex ec Example Table 36-2 show dns cache - display description Field Description NO The entry number for each resource record. FLAG Th e flag is always “4” ind icating a cache entry and therefore unreliable. TYPE Th[...]
-
Page 919
37-1 C HAPTER 37 DHCP C OMMANDS These commands are used to configure Dynam ic Host Config uration Protoc ol (DHCP) clien t and rel ay functio ns . Y ou can confi gure any V LAN interface to be au tomatically assigned a n IP address via DHCP . T his switch can a lso be co nfigured t o rela y DHCP cl ient con figuratio n request s to a DHCP ser v e r[...]
-
Page 920
DHCP C OMMANDS 37-2 Command Usage • This comm and iss ues a BOO TP or DH CP cl ient r equest f or an y IP interface th at has been set to BOOTP or DHC P mode via the ip address command. • DHCP r equires t he server to reas sign th e client ’s last address if available. • If th e BOOT P or DHC P serv er has be en move d to a dif fere nt doma[...]
-
Page 921
DHCP R ELAY 37-3 ip dhcp relay server This command enables DHCP rela y ser vice, a nd speci fies the address of the ser v er to us e. Use the no for m to clear a server addre ss . Syntax ip dhcp relay ser ver address no ip dhcp relay ser ver address - IP address of a DHC P ser ver . Default Setting None Command Mode Global Configura t ion Usage Gui[...]
-
Page 922
DHCP C OMMANDS 37-4 Example ip dhcp information opt ion This c ommand enables DHCP Op tion 82 infor mation relay , and sp ecifies the frame for mat to use whe n Option 82 infor mation is gene rated by the switch. U se the no form of this command to disable this feature . Syntax ip dhcp infor mation opt ion { circuit-id | remote-id } no ip d hcp inf[...]
-
Page 923
DHCP R ELAY 37-5 • If Option 82 is enabl ed on the sw itch, clien t information will be include d in any re l ayed request p acket recei ved thr ough th e management interface according to this criteria. • DHCP request p ackets are floo ded ont o all attac hed VLANs other than the inbound VLAN under the following situations: - Neither DH CP sno[...]
-
Page 924
DHCP C OMMANDS 37-6 the rep ly packet w as recei ved. If t he DHCP packe t’s br oadcast flag is off, th e switch uses the Option 82 informatio n to identify the inte rface conn ected to t he reques ting clien t and unica sts the reply pac ket to the client. • DHCP re ply packe ts are flo oded onto all atta ched VLANs other than the inbound mana[...]
-
Page 925
DHCP R ELAY 37-7 address (when DHCP snoop ing or relay is e nabled), and unicast the packet to the DHCP s erver. Default Setting replace Command Mode Global Configura t ion Usage Guidelines • Refer t o the Usag e Guidel ines under the ip dhcp infor mation option command (page 37-4) for information on when Option 82 information is processed by the[...]
-
Page 926
DHCP C OMMANDS 37-8 Example Related Commands ip dhcp r elay s er ver ( 37-3) Console#show ip dhcp relay server Ip Dhcp Relay Status: Enable Ip Dhcp Relay Server: 192.168.10.19 DHCP Information Option Circuitid Statu s: disable DHCP Information Option Remoteid Status : disable DHCP Information Policy: replace Console#[...]
-
Page 927
38-1 C HAPTER 38 IP I NTERFACE C OMMANDS An IP address may be used for management access t o the switc h o ve r y our network. An IP addre ss is obtai ned via DH CP by defaul t for VLA N 1. Y ou can man ually config ure a spec ific IP addres s , or di rect th e switc h to ob t ai n a n ad dr e ss f ro m a B OO TP o r D H CP se r ver wh e n i t i s [...]
-
Page 928
IP I NTERFACE C OMMANDS 38-2 ip address This comma nd sets t he IP a ddress for t he currently select ed VLAN interface. Use the no form to res tore the defau lt IP address . Syntax ip address { ip-address netmask | bootp | dhcp } no ip address • ip-address - IP address • netm ask - Network ma sk for the associated I P subnet. This mask ident i[...]
-
Page 929
B ASI C IP C ONFIGURATION 38-3 Notes: 1. Only one VLAN int erface can be as signe d an IP add ress (the defa ult i s VL AN 1) . This defines t he ma nagem ent VL AN, the only VL AN through w hich you ca n gain man agement ac cess to the switc h. If you assign an IP address to any other VLAN, the new IP a ddress overrid es the o riginal IP a ddress [...]
-
Page 930
IP I NTERFACE C OMMANDS 38-4 Example The follo wing ex ample defin es a defaul t gatewa y for th is device: Related Commands show ip redirects (38-4) show ip interface This comm and displays the settings of an IP interface. Command Mode Pri vileged Ex ec Example Related Commands show ip redirects (38-4) show ip redirects This comma nd sho ws th e I[...]
-
Page 931
B ASI C IP C ONFIGURATION 38-5 ping Th is comman d send s ICMP echo reques t packets to a nother node on the network. Syntax ping host [ count coun t ][ size size ] • host - IP address o r IP alias of th e host. • coun t - Number of packets to send. (Range: 1-16, default: 5) • size - Number of bytes in a packet. (Range: 32-512, default: 32) T[...]
-
Page 932
IP I NTERFACE C OMMANDS 38-6 Example Related Commands interface (25-2) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload IC MP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 pack[...]
-
Page 933
S ECTION IV A PPENDICES This se ction provides addition al infor mation on the following topic s . Software Spec ifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troubles hooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B -1 Glossary Index[...]
-
Page 934
A PPENDICES[...]
-
Page 935
A-1 A PPENDIX A S OFTWARE S PECIFI CATIO NS Software Features Authentication Local, RADIUS , T A CACS+, P or t (802.1X), HTTPS , SSH, P or t Security Acc ess Con tro l Lists IP , MA C F ast Et her net por ts - 173 r ules, 7 mask s shared by 8-por t g roups Gigabit Eth ernet port s - 52 r ules , 7 masks DHCP Client, Relay BOOTP Client DNS Proxy Port[...]
-
Page 936
S OFTWARE S PECIFICATIONS A-2 Rate Limits Input/out put limit Range (c onfigured per po rt) P or t T r unking Static tr u nks (Cis co Ethe rChanne l complian t) Dynam ic trunks (Link Ag gregation Con trol Pr otocol ) Spanning T ree Algorithm Spanning T ree Protocol (STP , IEEE 802.1D) Rapid Spanning T ree Protocol (RSTP , IEEE 802.1w) Multiple Span[...]
-
Page 937
M ANAGEM ENT F EAT UR ES A-3 3 O AM channels (IB , eoc, V OC) between VTU-C and VTU-R HDLC or 802.3ah EFM framing Upstre am pow er bac k off CPE firmware-upgrade via eoc c hannel Remote CPE m anage ment, res et, auto-c onfigur ation and perfor ma nce monitoring Additional F eatures BOOTP client SNTP (Simp le Network Time Prot ocol) SNMP ( Simple N [...]
-
Page 938
S OFTWARE S PECIFICATIONS A-4 IEEE 802.1Q VLAN IEEE 802.1v Protocol-based VLANs IEEE 802.1s Multiple Spanning T r ee Proto col IEEE 802.1w Rapid Span ning T ree Protocol IEEE 802.1X P ort Authentication IEEE 802.3-2002 Ether net , F a st Ethe rn et, Gig abit Et hern et Link A g gregation Contr ol Prot ocol ( LA CP) Full-duplex flow cont rol (ISO/IE[...]
-
Page 939
M ANAG EMENT I NFORMATI ON B ASES A-5 Entity MIB (RFC 2737) Ether-lik e MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) F orw arding T able MIB (RFC 2096) IGMP MIB ( RFC 2933) Interface Group MIB (RFC 2233) Interfaces Ev olution MIB (RFC 2863) IP MIB (RFC 2011) IP Multicasting related MIBs MA U MI B (RFC 3636) MI[...]
-
Page 940
S OFTWARE S PECIFICATIONS A-6[...]
-
Page 941
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubl eshooting Chart Symptom Action Cannot con nect using Telnet, web browse r, or SNMP software • Be sure th e switc h is pow e red up. • Chec k network cabling between the manage ment station and t he switc h. • Chec k that you have a valid net work con[...]
-
Page 942
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • If you cannot connect using SSH, you may have exce eded the maximu m number of concurrent Telnet/ SSH sessions permitte d. Try connecting ag ain at a later tim e. • Be sure the control parameters for the SSH server are properly configured on the switch, and that the SSH client software [...]
-
Page 943
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installa tion Guide to e nsure that the probl em you en count ered is actual ly cau sed by the switch. If the pro blem appea rs to be ca used by the switch, follow these s teps : 1. Enable log gin g . 2. Set th e error messages reported to include a ll categories . 3. D[...]
-
Page 944
T R OUBLESHOOTING B-4[...]
-
Page 945
Glossary-1 G LOSSA RY Acc ess Con trol L ist (AC L) A CLs can lim it netw ork tr affic and restrict access to certain users or devices b y chec king eac h pack et for certain IP o r MA C (i.e ., La yer 2) infor mation. Boot Proto col (BOOTP) BOOTP is used to pro vide bootup information f or netw ork devices , including IP address infor mation, th e[...]
-
Page 946
G LOSSAR Y Glossary-2 marke d for differe nt kinds of forw arding . The DSCP bits are mapp ed to the Clas s of Se r vice cate g ories , and then i nto th e output qu eues . Domain Name Service (DNS) A syste m used for transl ating host n ames for network node s into IP addresses . Dynamic Ho st Control Protocol (DHC P) Prov ides a framew ork for pa[...]
-
Page 947
G LOSSAR Y Glossary-3 Gener ic Mu ltica st Reg istra tion Protocol (GMRP) GMRP al lows netw ork device s to reg i ster end st ations with m ulticast g roups. GMRP requi res that a ny par ticipatin g network dev ices or en d stations comply with the IEEE 802.1p standard. Group Attribute Regi stration Proto col (GARP ) See Ge neri c Attribu te Regist[...]
-
Page 948
G LOSSAR Y Glossary-4 IEEE 802.3ac Defines frame extensions for VLAN tag ging . IEEE 802.3x Defin es Et hernet fram e st art/sto p reques ts and timers use d for flo w control on full -duplex links . IGMP Snooping Liste ning to IG MP Qu er y and IG MP Repor t packe ts trans fer red b etween IP Multicast Routers and I P Multicast ho st gr oups to id[...]
-
Page 949
G LOSSAR Y Glossary-5 IP Precedence The T ype of Service (T oS) oct et in th e IPv4 heade r includes thr ee preceden ce bit s defi ning ei ght d ifferent p riori ty lev els rangi ng from h ighest prior ity f or ne tw ork co ntro l pac ket s to l ow est pri orit y for ro utine traffi c. The eight v alues are mapp ed one -to-one to the Clas s of Serv[...]
-
Page 950
G LOSSAR Y Glossary-6 Multicas t Switchin g A proc ess wher eb y the sw itch fi lters i ncomin g m ulticast frames for ser vices fo r which no attached host has registered, o r forwards them to all por ts cont ained w ithin the designate d multicas t VLAN g roup. Network Time Proto col (NTP) NTP provide s the mechanism s to synchr onize ti me acros[...]
-
Page 951
G LOSSAR Y Glossary-7 Private Branch Exchange (PBX ) A tele phone e x chang e local to a par ticular orga nizatio n who us e, rather than pr ovide, tele phone s er vices. Private VLANs Pri vat e VLANs p rov ide po rt-based securit y and isolati on betw een ports withi n the assi gned V LAN . Data t raffic on dow nlink po rts can only b e forw arded[...]
-
Page 952
G LOSSAR Y Glossary-8 Secure Shell (SSH) A secur e replacement for rem ote acces s functi ons , including T elnet. SSH can a uthenti cate users wit h a cryptographic k ey , and encrypt data conne ctions be tween manag emen t clients and the sw itch. Simple Mail Transfer Proto col (SMTP) A standa rd host-to-ho st mail transp ort protoc ol th at oper[...]
-
Page 953
G LOSSAR Y Glossary-9 Terminal Access Controller Access Control System Plus (TACACS+) T A CA CS+ is a logon authenti cation p rotocol that uses so ftwa re running on a central ser v er to contro l access to T ACA CS-compliant devices on the network. Transmission Control Protocol/Internet Protocol (TCP/IP ) Proto col suite t hat inc ludes TCP as the[...]
-
Page 954
G LOSSAR Y Glossary-10 Very high data ra te Digital Subscriber Line 2 (VDSL2) VDSL2 as defined in ITU-T R ecommendation G .993.2 is an enhancement to the first VDSL standard (G .993.1). It supports transmission at a bi-direct ional net d ata rate (the sum o f upstrea m and down stream rat es) of up to 200 Mbps on twisted pair cables using a band wi[...]
-
Page 955
Index-1 Numerics 802.1Q tunnel 1 3-24 , 32- 25 description 13-2 4 interface configu ration 13-30 , 32-27 – 32-2 9 mode selectio n 13-3 0 , 32-10 , 32-27 TPID 13-30 , 32-29 802.1X, port authen tication 6-19 , 22-3 4 A acceptab le frame type 13-15 , 32 -11 Access Control List See ACL ACL Extended IP 8- 2 , 8-3 , 8-5 , 24-2 , 24-5 MAC 8-2 , 8-3 , 24[...]
-
Page 956
I NDE X Index-2 verifying M AC address es 7-10 , 23-21 VLAN configu ration 7-10 , 23-20 Differentiated Code Point Service See DSCP Differentiated Serv ices See Diff Serv DiffServ 15-2 , 34-1 binding p olicy to inte rface 15-10 , 34-10 class map 15 -3 , 34-3 , 34-7 policy map 15-6 , 34-6 service policy 15- 10 , 34-10 DNS default domain name 17-1 , 3[...]
-
Page 957
I NDEX Index-3 Layer 2 16 -2 , 35-2 query 16-2 , 35-8 query, Layer 2 16-4 , 35-7 snooping 16-2 , 35-2 snooping, con figuring 16- 4 , 35-2 snooping, se tting immedia te leave 16-13 , 35-5 ingress fi ltering 13-15 , 32-12 internal temperature status 4-4 , 20-8 IP addre ss BOOTP/DHCP 4-1 4 , 37-1 , 37- 4 , 38-2 setting 2-6 , 38-2 IP port priority enab[...]
-
Page 958
I NDE X Index-4 MVR assigning static multic ast groups 16-30 , 35-26 setting interface type 16-26 , 35-26 , 35-28 setting multicast groups 16- 21 , 35-24 specifying a VLAN 16-21 , 35-24 using immediate leave 16-26 , 35- 26 , 35-28 P packet filtering 7- 15 , 23-5 DHCP repl ies 7-16 , 23-9 DHCP requests 7-16 , 23-8 IP/M AC addre ss pai rs 7-18 , 23-5[...]
-
Page 959
I NDEX Index-5 groups 5-18 , 21-15 user configuratio n 5-12 , 5-1 5 , 21-18 views 5-24 , 21-13 software displaying version 4 -7 , 20-10 downloading 4-18 , 20- 17 Spanning Tre e Protocol See STA specifications , software A-1 SSH 6-10 , 22-21 STA 12-1 , 31-1 edge port 12-16 , 12- 20 , 31-18 global se ttings , configuri ng 12-8 , 31-3 – 31-10 global[...]
-
Page 960
I NDE X Index-6 ham band notch 10 -8 , 29-7 ham band region/ usage notch 10- 9 , 29-9 impulse noise prot ection 10-10 , 29- 23 interface settin gs 10-7 , 29-2 line profiles 10-16 , 29-35 maximum data rate 10-10 , 29-27 maximum power 10-10 , 29-2 2 OAM functions 10- 41 option b and 10-9 , 29 -6 PSD breakpoints 10-1 , 29-12 PSD frequencies at bre akp[...]
-
Page 961
[...]
-
Page 962
20 Mason Irvine, CA 92618 Phone: (9 49) 679-8000 Model Numbers: SMC7800A/VCP Pub. Number: 149 100012100 H E01200 7/ST -R 01 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hours a day , 7 da ys a week) (800) SMC-4-YOU; (94 9) 679-8000; F ax: (949 ) 679-1481 Fro m Euro pe: Cont act deta ils can be fo und on www .smc-europ e.com o r www .[...]